def test_in_node_descendants_check(db: Session, normal_user: User) -> None:
node = create_random_node(db, created_by_id=normal_user.id, node_type="parent")
node_create_permission = crud.node.get_permission(
db, id=node.id, permission_type=PermissionTypeEnum.create
)
node2 = create_random_node(
db, created_by_id=normal_user.id, node_type="child", parent_id=node.id
)
node2_read_permission = crud.node.get_permission(
db, id=node2.id, permission_type=PermissionTypeEnum.read
)
node3 = create_random_node(
db, created_by_id=normal_user.id, node_type="child", parent_id=node2.id
)
node3_update_permission = crud.node.get_permission(
db, id=node3.id, permission_type=PermissionTypeEnum.update
)
pass1 = crud.permission.in_node_descendants(
db, node_id=node.id, permission=node_create_permission
)
pass2 = crud.permission.in_node_descendants(
db, node_id=node.id, permission=node2_read_permission
)
pass3 = crud.permission.in_node_descendants(
db, node_id=node2.id, permission=node3_update_permission
)
fail = crud.permission.in_node_descendants(
db, node_id=node3.id, permission=node_create_permission
)
assert pass1
assert pass2
assert pass3
assert not fail
def node_children_setup(
db: Session,
) -> Dict[str, Union[models.Node, models.Interface, models.UserGroup]]:
"""
Setup: Create a parent_node, create a user group with the parent
node as the parent, create a child node with the parent node as the
parent, create an interface, associate the interface with the parent
node.
Returns a dictionary of the format: {
"parent_node": Node,
"child_node": Node,
"user_group": UserGroup,
"interface": Interface
}
"""
parent_node = create_random_node(db)
user_group = create_random_user_group(db, node_id=parent_node.id)
child_node = create_random_node(db, parent_id=parent_node.id)
interface = create_random_form_input_interface(db)
crud.node.add_interface(db, node=parent_node, interface=interface)
return {
"parent_node": parent_node,
"child_node": child_node,
"user_group": user_group,
"interface": interface,
}
def test_remove_interface_from_node(db: Session, superuser: User) -> None:
node = create_random_node(db)
interface = create_random_form_input_interface(db)
crud.node.add_interface(db, node=node, interface=interface)
result = crud.node.remove_interface(db, node=node, interface=interface)
assert result is node
assert interface not in node.interfaces
def test_create_form_input_entry(client: TestClient,
superuser_token_headers: dict,
db: Session) -> None:
"""Successful form input entry creation"""
node = create_random_node(db)
data = {
"name": random_lower_string(),
"date_created":
str(date(1985, 1, 1) + timedelta(days=randint(0, 9999))),
"an_integer": randint(0, 10000),
"node_id": node.id,
}
form_input = crud.form_input.get_by_template_table_name(
db, table_name="form_input_test_table")
response = client.post(
f"{settings.API_V1_STR}/interfaces/form-inputs/{form_input.id}/entries/",
headers=superuser_token_headers,
json=data,
)
content = response.json()
assert response.status_code == 200
assert content["id"]
assert content["name"] == data["name"]
assert content["date_created"] == data["date_created"]
assert content["an_integer"] == data["an_integer"]
assert content["node_id"] == data["node_id"]
def test_create_node_fail_permission_missing(client: TestClient,
superuser_token_headers: dict,
db: Session) -> None:
"""
Node creation fails when user does not have a permission associate
with the resource
"""
# Setup: Create the parent node, create a user. Importantly, no permission setup
# for the user and the parent node
parent_node = create_random_node(db, created_by_id=1, node_type="network")
user = create_random_user(db)
user_token_headers = authentication_token_from_email(client=client,
email=user.email,
db=db)
data = {
"node_type": "test_create_node",
"name": random_lower_string(),
"is_active": True,
"parent_id": parent_node.id,
}
response = client.post(
f"{settings.API_V1_STR}/nodes/",
headers=user_token_headers,
json=data,
)
assert response.status_code == 403
content = response.json()
assert content[
"detail"] == "User does not have permission to create this node"
def test_create_form_input_entry_normal_user(client: TestClient,
db: Session) -> None:
"""Successful form input entry creation by normal user"""
setup = form_input_permission_setup(
db, permission_type=PermissionTypeEnum.create)
user = setup["user"]
form_input = setup["form_input"]
node = create_random_node(db)
data = {
"name": random_lower_string(),
"date_created":
str(date(1985, 1, 1) + timedelta(days=randint(0, 9999))),
"an_integer": randint(0, 10000),
"node_id": node.id,
}
form_input = crud.form_input.get_by_template_table_name(
db, table_name="form_input_test_table")
user_token_headers = authentication_token_from_email(client=client,
email=user.email,
db=db)
response = client.post(
f"{settings.API_V1_STR}/interfaces/form-inputs/{form_input.id}/entries/",
headers=user_token_headers,
json=data,
)
content = response.json()
assert response.status_code == 200
assert content["id"]
assert content["name"] == data["name"]
assert content["date_created"] == data["date_created"]
assert content["an_integer"] == data["an_integer"]
assert content["node_id"] == data["node_id"]
def test_update_node(client: TestClient, superuser_token_headers: dict,
db: Session) -> None:
"""Successfully update a node"""
node = create_random_node(db,
created_by_id=1,
node_type="test_update_node")
data = {
"node_type": "updated_test_node",
"name": random_lower_string(),
}
response = client.put(
f"{settings.API_V1_STR}/nodes/{node.id}",
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 200
content = response.json()
assert content["node_type"] == data["node_type"]
assert content["name"] == data["name"]
assert content["is_active"] == node.is_active
assert content["parent_id"] == node.parent_id
assert content["depth"] == 0
assert "id" in content
assert "created_at" in content
assert "updated_at" in content
assert "created_by_id" in content
assert "updated_by_id" in content
def test_get_all_permissions_for_user_group(db: Session,
normal_user: User) -> None:
nodes = [
create_random_node(
db,
created_by_id=normal_user.id,
node_type="test_get_all_permissions_for_user_group",
) for n in range(10)
]
name = random_lower_string()
user_group_in = UserGroupCreate(name=name, node_id=random.choice(nodes).id)
user_group = crud.user_group.create(db=db,
obj_in=user_group_in,
created_by_id=normal_user.id)
permissions = chain(
*[crud.node.get_permissions(db, id=node.id) for node in nodes])
for permission in permissions:
crud.permission.grant(db,
user_group_id=user_group.id,
permission_id=permission.id)
stored_permissions = crud.user_group.permissions_in_user_group(
db=db, id=user_group.id)
for permission in permissions:
assert permission.id in [sp.id for sp in stored_permissions]
assert permission.resource_id in [
sp.resource_id for sp in stored_permissions
]
assert permission.permission_type in [
sp.permission_type for sp in stored_permissions
]
def test_update_node_fail_user_no_parent_permission(
client: TestClient, superuser_token_headers: dict,
db: Session) -> None:
"""Fails if the user doesn't have update permissions on the new parent node"""
new_parent_node = create_random_node(db,
created_by_id=1,
node_type="new_parent_node")
data = {"parent_id": new_parent_node.id}
setup = node_permission_setup(
db,
node_type="test_update_node_fail_user_no_permission",
permission_type=PermissionTypeEnum.update,
permission_enabled=True,
)
user_token_headers = authentication_token_from_email(
client=client, email=setup["user"].email, db=db)
response = client.put(
f"{settings.API_V1_STR}/nodes/{setup['node'].id}",
headers=user_token_headers,
json=data,
)
assert response.status_code == 403
content = response.json()
assert content["detail"] == (
"User does not have permission to assign resources to node "
f"{data['parent_id']}")
def test_create_node(client: TestClient, superuser_token_headers: dict,
db: Session) -> None:
"""Successful node creation"""
parent_node = create_random_node(db, created_by_id=1, node_type="network")
data = {
"node_type": "test_create_node",
"name": random_lower_string(),
"is_active": True,
"parent_id": parent_node.id,
}
response = client.post(
f"{settings.API_V1_STR}/nodes/",
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 200
content = response.json()
assert content["node_type"] == data["node_type"]
assert content["name"] == data["name"]
assert content["is_active"]
assert content["parent_id"] == data["parent_id"]
assert content["depth"] > 0
assert "id" in content
assert "created_at" in content
assert "updated_at" in content
assert "created_by_id" in content
assert "updated_by_id" in content
def test_get_node_children(db: Session, superuser: User) -> None:
node = create_random_node(db)
user_group = create_random_user_group(db, node_id=node.id)
child_node = create_random_node(db, parent_id=node.id)
interface = create_random_form_input_interface(db)
crud.node.add_interface(db, node=node, interface=interface)
result = crud.node.get_node_children(db, id=node.id)
for node_child in result:
assert node_child.node_id == node.id
if node_child.child_type == "interface":
assert node_child.child_id == interface.id
if node_child.child_type == "node":
assert node_child.child_id == child_node.id
if node_child.child_type == "user_group":
assert node_child.child_id == user_group.id
def test_create_form_input_entry_normal_user_fail_no_permission(
client: TestClient, db: Session) -> None:
"""Fail if the normal user doesn't have create permissions"""
node = create_random_node(db)
data = {
"name": random_lower_string(),
"date_created":
str(date(1985, 1, 1) + timedelta(days=randint(0, 9999))),
"an_integer": randint(0, 10000),
"node_id": node.id,
}
form_input = crud.form_input.get_by_template_table_name(
db, table_name="form_input_test_table")
user = create_random_user(db)
user_token_headers = authentication_token_from_email(client=client,
email=user.email,
db=db)
response = client.post(
f"{settings.API_V1_STR}/interfaces/form-inputs/{form_input.id}/entries/",
headers=user_token_headers,
json=data,
)
content = response.json()
assert response.status_code == 403
assert content["detail"] == (f"User ID {user.id} does not have "
f"create permissions for "
f"interface ID {form_input.id}")
def node_all_permissions_setup(
db: Session,
) -> Dict[str, Union[models.Node, models.Permission, models.UserGroup,
models.User]]:
"""
Setup: Create the node, get all node permissions, create the user,
create the user group, add the user to the user group, grant all
the permissions to the user group
Returns a dictionary of the format: {
"node": Node,
"permissions": List[Permission],
"user_group": UserGroup,
"user": User,
}
"""
node = create_random_node(db,
created_by_id=1,
node_type="node_all_permissions_setup")
permissions = crud.node.get_permissions(db, id=node.id)
user = create_random_user(db)
user_group = create_random_user_group(db, created_by_id=1, node_id=node.id)
crud.user_group.add_user(db, user_group=user_group, user_id=user.id)
crud.permission.grant_multiple(db,
user_group_id=user_group.id,
permission_ids=[p.id for p in permissions])
return {
"node": node,
"permissions": permissions,
"user_group": user_group,
"user": user,
}
def test_create_user_group(db: Session, normal_user: User) -> None:
node = create_random_node(db,
created_by_id=normal_user.id,
node_type="test_create_user_group")
user_group_in = UserGroupCreate(name=random_lower_string(),
node_id=node.id)
user_group = crud.user_group.create(db=db,
obj_in=user_group_in,
created_by_id=normal_user.id)
assert user_group.created_by_id == normal_user.id
def test_create_node_fail_name_exists(client: TestClient,
superuser_token_headers: dict,
db: Session) -> None:
"""Fail if the node name isn't unique"""
existing_node = create_random_node(db)
parent_node = create_random_node(db, created_by_id=1, node_type="network")
data = {
"node_type": "test_create_node",
"name": existing_node.name,
"is_active": True,
"parent_id": parent_node.id,
}
response = client.post(
f"{settings.API_V1_STR}/nodes/",
headers=superuser_token_headers,
json=data,
)
content = response.json()
assert response.status_code == 409
assert content["detail"] == "A node with that name already exists."
def test_all_node_descendants(db: Session, normal_user: User) -> None:
node = create_random_node(db, created_by_id=normal_user.id, node_type="parent")
child_node = create_random_node(
db, created_by_id=normal_user.id, node_type="child", parent_id=node.id
)
user_group1 = create_random_user_group(
db, created_by_id=normal_user.id, node_id=node.id
)
user_group2 = create_random_user_group(
db, created_by_id=normal_user.id, node_id=child_node.id
)
not_child_node = create_random_node(
db, created_by_id=normal_user.id, node_type="not_child"
)
child_node_permissions = crud.node.get_permissions(db, id=child_node.id)
user_group1_permissions = crud.user_group.get_permissions(db, id=user_group1.id)
user_group2_permissions = crud.user_group.get_permissions(db, id=user_group2.id)
not_child_node_permissions = crud.node.get_permissions(db, id=not_child_node.id)
all_permissions = [
*child_node_permissions,
*user_group1_permissions,
*user_group2_permissions,
]
some_permissions = [*child_node_permissions, *not_child_node_permissions]
no_permissions = [*not_child_node_permissions]
pass1 = crud.permission.all_node_descendants(
db, node_id=node.id, permissions=all_permissions
)
fail1 = crud.permission.all_node_descendants(
db, node_id=node.id, permissions=some_permissions
)
fail2 = crud.permission.all_node_descendants(
db, node_id=node.id, permissions=no_permissions
)
assert pass1
assert not fail1
assert not fail2
def create_random_form_input_table_entry(db: Session):
node = create_random_node(db)
data = {
"name": random_lower_string(),
"date_created": str(date(1985, 1, 1) + timedelta(days=randint(0, 9999))),
"an_integer": randint(0, 10000),
"node_id": node.id,
}
form_input = crud.form_input.get_by_template_table_name(
db, table_name="form_input_test_table"
)
form_input_crud = crud.form_input.get_table_crud(db, id=form_input.id)
return form_input_crud.create(db, obj_in=data)
def test_remove_interface_from_node_fail_interface_not_exist(
client: TestClient, superuser_token_headers: dict,
db: Session) -> None:
"""Fail if the interface doesn't exist"""
node = create_random_node(db)
response = client.post(
f"{settings.API_V1_STR}/nodes/{node.id}/interfaces/{-1}/remove",
headers=superuser_token_headers,
)
content = response.json()
assert response.status_code == 404
assert content["detail"] == "Cannot find interface."
def test_delete_node(client: TestClient, superuser_token_headers: dict,
db: Session) -> None:
"""Successfully delete a node"""
node = create_random_node(db,
created_by_id=1,
node_type="test_delete_node")
response = client.delete(f"{settings.API_V1_STR}/nodes/{node.id}",
headers=superuser_token_headers)
stored_node = crud.node.get(db, id=node.id)
assert response.status_code == 200
content = response.json()
assert content["name"] == node.name
assert stored_node is None
def test_add_interface_to_node(client: TestClient,
superuser_token_headers: dict,
db: Session) -> None:
"""Successfully add an interface to a node"""
node = create_random_node(db)
interface = create_random_form_input_interface(db)
response = client.post(
f"{settings.API_V1_STR}/nodes/{node.id}/interfaces/{interface.id}/add",
headers=superuser_token_headers,
)
db.refresh(node)
assert response.status_code == 200
assert interface in node.interfaces
def create_random_permission(
db: Session, *, node_id: Optional[int] = None, enabled: Optional[bool] = True
) -> models.Node:
if node_id is None:
node = create_random_node(db, created_by_id=-1, node_type="random_node")
node_id = node.id
permission_type = random.choice(list(PermissionTypeEnum))
permission_in = PermissionCreate(
resource_id=node_id,
resource_type=ResourceTypeEnum.node,
permission_type=permission_type,
enabled=enabled,
)
return crud.node_permission.create(db=db, obj_in=permission_in)
def test_create_node_permission(db: Session, normal_user: User) -> None:
node = create_random_node(
db, created_by_id=normal_user.id, node_type="test_create_permission"
)
permission_type = random.choice(list(PermissionTypeEnum))
permission_in = PermissionCreate(
resource_id=node.id,
resource_type=ResourceTypeEnum.node,
permission_type=permission_type,
)
permission = crud.node_permission.create(db=db, obj_in=permission_in)
assert permission.resource_id == node.id
assert permission.permission_type == permission_type
def test_remove_interface_from_node(client: TestClient,
superuser_token_headers: dict,
db: Session) -> None:
"""Successfully remove an interface from a node"""
node = create_random_node(db)
interface = create_random_form_input_interface(db)
crud.node.add_interface(db, node=node, interface=interface)
response = client.post(
f"{settings.API_V1_STR}/nodes/{node.id}/interfaces/{interface.id}/remove",
headers=superuser_token_headers,
)
db.refresh(node)
assert response.status_code == 200
assert interface not in node.interfaces
def test_delete_user_group(db: Session, normal_user: User) -> None:
node = create_random_node(db,
created_by_id=normal_user.id,
node_type="test_delete_user_group")
name = random_lower_string()
user_group_in = UserGroupCreate(name=name, node_id=node.id)
user_group = crud.user_group.create(db=db,
obj_in=user_group_in,
created_by_id=normal_user.id)
user_group2 = crud.user_group.remove(db=db, id=user_group.id)
user_group3 = crud.user_group.get(db=db, id=user_group.id)
assert user_group3 is None
assert user_group2.id == user_group.id
assert user_group2.name == name
assert user_group2.created_by_id == normal_user.id
def test_add_user_to_user_group(db: Session, normal_user: User) -> None:
node = create_random_node(db,
created_by_id=normal_user.id,
node_type="test_add_user_to_user_group")
name = random_lower_string()
user_group_in = UserGroupCreate(name=name, node_id=node.id)
user_group = crud.user_group.create(db=db,
obj_in=user_group_in,
created_by_id=normal_user.id)
user = create_random_user(db)
association = crud.user_group.add_user(db=db,
user_group=user_group,
user_id=user.id)
assert association.user_group_id == user_group.id
assert association.user_id == user.id
def test_grant_single_permission(db: Session, normal_user: User) -> None:
node = create_random_node(
db, created_by_id=normal_user.id, node_type="test_grant_single_permission"
)
user_group = create_random_user_group(
db, created_by_id=normal_user.id, node_id=node.id
)
permission = crud.node.get_permission(
db, id=node.id, permission_type=PermissionTypeEnum.read
)
user_group_permission_rel = crud.permission.grant(
db, user_group_id=user_group.id, permission_id=permission.id
)
assert user_group_permission_rel.user_group_id == user_group.id
assert user_group_permission_rel.permission_id == permission.id
assert user_group_permission_rel.enabled
def test_grant_multiple_permissions(db: Session, normal_user: User) -> None:
node = create_random_node(
db, created_by_id=normal_user.id, node_type="test_grant_multiple_permissions"
)
user_group = create_random_user_group(
db, created_by_id=normal_user.id, node_id=node.id
)
permissions = crud.node.get_permissions(db, id=node.id)
permission_ids = [p.id for p in permissions]
user_group_permission_rels = crud.permission.grant_multiple(
db, user_group_id=user_group.id, permission_ids=permission_ids
)
assert len(permission_ids) == len(user_group_permission_rels)
for ugpr in user_group_permission_rels:
assert ugpr.user_group_id == user_group.id
assert ugpr.enabled
def test_verify_user_node_permission(db: Session, normal_user: User) -> None:
email = random_email()
password = random_lower_string()
user_in = UserCreate(email=email, password=password)
user = crud.user.create(db, obj_in=user_in)
node = create_random_node(db,
created_by_id=normal_user.id,
node_type="verify_user_node_permission")
user_group = create_random_user_group(db, created_by_id=normal_user.id)
crud.user_group.add_user(db, user_group=user_group, user_id=user.id)
permission = create_random_permission(db, node_id=node.id)
crud.permission.grant(db,
user_group_id=user_group.id,
permission_id=permission.id)
has_permission = crud.user.has_permission(
db,
user=user,
resource_type="node",
resource_id=node.id,
permission_type=permission.permission_type,
)
# Need to add an explicit 'False' permission for the User to the resource
# to ensure that will return False in addition to the missing permissions
permissions_not_granted = [
i for i in list(PermissionTypeEnum) if i != permission.permission_type
]
permission_type = random.choice(permissions_not_granted)
permission_in = PermissionCreate(
resource_id=node.id,
resource_type=ResourceTypeEnum.node,
permission_type=permission_type,
enabled=False,
)
crud.node_permission.create(db=db, obj_in=permission_in)
assert has_permission == True # noqa E712
for png in permissions_not_granted:
has_permission = crud.user.has_permission(
db,
user=user,
resource_type="node",
resource_id=node.id,
permission_type=png,
)
assert has_permission == False # noqa: E712
def create_random_user_group(db: Session,
*,
created_by_id: Optional[int] = 1,
node_id: Optional[int] = None) -> models.Node:
if created_by_id is None:
user = create_random_user(db)
created_by_id = user.id
if node_id is None:
node = create_random_node(db,
created_by_id=created_by_id,
node_type="random_node")
node_id = node.id
user_group_in = UserGroupCreate(name=random_lower_string(),
node_id=node_id)
return crud.user_group.create(db=db,
obj_in=user_group_in,
created_by_id=created_by_id)
def test_update_node_fail_parent_not_exists(client: TestClient,
superuser_token_headers: dict,
db: Session) -> None:
"""Fails if the node indicated by parent_id doesn't exist in the database"""
node = create_random_node(
db,
created_by_id=1,
node_type="test_update_node_fail_parent_not_exists")
response = client.put(
f"{settings.API_V1_STR}/nodes/{node.id}",
headers=superuser_token_headers,
json={"parent_id": -1},
)
assert response.status_code == 404
content = response.json()
assert content["detail"] == "Cannot find parent node."
