def test_valid_with_group_object_permission(self):
"""It should update permissions on an object.
"""
group = factories.GroupFactory(workspace_id=self.workspace.id)
group.user_set.add(self.users['MEMBER'])
resource = self.factory(workspace=self.workspace, object_permissions_enabled=True)
resource.assign_perm(group, 'change_datastore_access')
did = helpers.to_global_id('DatastoreType', resource.pk)
oid = helpers.to_global_id('GroupType', group.pk)
privileges = [
'view_datastore',
'change_datastore',
'change_datastore_access',
]
response = self.execute(variables={'id': did, 'objectId': oid, 'privileges': privileges})
response = response['data'][self.operation]
self.assertOk(response)
for privilege in privileges:
self.assertTrue(self.users['MEMBER'].has_perm(privilege, resource))
self.assertInstanceCreated(
audit.Activity,
verb='updated access privileges to',
**serializers.get_audit_kwargs(resource),
)
def test_remove_revoked_user_from_groups(self):
"""It should remove a User from all workspace groups when membership is revoked.
"""
user = factories.UserFactory()
workspace = factories.WorkspaceFactory(name='Metameta')
workspace.grant_membership(user, models.Membership.READONLY)
group = factories.GroupFactory(workspace_id=workspace.id)
group.user_set.add(user)
self.assertTrue(user.groups.filter(name=group.name).exists())
workspace.revoke_membership(user)
self.assertFalse(user.groups.filter(name=group.name).exists())
def setUp(cls):
super().setUp()
cls.datastore = factories.DatastoreFactory(workspace=cls.workspace)
cls.global_id = helpers.to_global_id('DatastoreType', cls.datastore.pk)
cls.group = factories.GroupFactory(workspace_id=cls.workspace.id)
cls.attributes = {
'content_type': cls.datastore.content_type,
'workspace': cls.workspace,
}
cls.customfields = [
factories.CustomFieldFactory(
field_name='Steward',
field_type=models.CustomField.USER,
validators={},
**cls.attributes,
),
factories.CustomFieldFactory(
field_name='Product Area',
field_type=models.CustomField.TEXT,
validators={},
**cls.attributes,
),
factories.CustomFieldFactory(
field_name='Department',
field_type=models.CustomField.ENUM,
validators={
'choices': ['Data Engineering', 'Product', 'Design']
},
**cls.attributes,
),
factories.CustomFieldFactory(
field_name='Team',
field_type=models.CustomField.GROUP,
**cls.attributes,
),
]
cls.datastore.custom_properties = {
cls.customfields[0].pk: cls.user.pk,
cls.customfields[2].pk: 'Design',
cls.customfields[3].pk: cls.group.pk,
}
cls.datastore.save()
def setUpTestData(cls):
cls.current_user = factories.UserFactory()
cls.workspace = factories.WorkspaceFactory(creator=cls.current_user)
cls.workspace.grant_membership(cls.current_user, auth.Membership.OWNER)
cls.group = factories.GroupFactory(workspace_id=cls.workspace.id)
cls.datastore = factories.DatastoreFactory(workspace=cls.workspace)
cls.attributes = {
'content_type': cls.datastore.content_type,
'workspace': cls.workspace,
}
cls.customfields = [
factories.CustomFieldFactory(
field_name='Steward',
field_type=models.CustomField.USER,
validators={},
**cls.attributes,
),
factories.CustomFieldFactory(
field_name='Product Area',
field_type=models.CustomField.TEXT,
validators={},
**cls.attributes,
),
factories.CustomFieldFactory(
field_name='Department',
field_type=models.CustomField.ENUM,
validators={
'choices': ['Data Engineering', 'Product', 'Design']
},
**cls.attributes,
),
factories.CustomFieldFactory(
field_name='Team',
field_type=models.CustomField.GROUP,
**cls.attributes,
),
]
cls.request = collections.namedtuple(
'Request',
['user', 'workspace'],
)(user=cls.current_user, workspace=cls.workspace)
def test_group_is_in_workspace(self):
"""It should NOT be able to create the resource.
"""
outsider_group = factories.GroupFactory()
serializer = self.serializer_class(
instance=self.datastore,
data={
'properties': {
self.customfields[2].pk: 'test',
self.customfields[3].pk: outsider_group.pk,
}
},
partial=True,
)
self.assertFalse(serializer.is_valid())
self.assertSerializerErrorsEqual(serializer, [{
'resource': 'CustomField',
'field': 'properties',
'code': 'invalid'
}])
def setUp(self):
super().setUp()
self.group = factories.GroupFactory(workspace_id=self.workspace.id)
self.other_group = factories.GroupFactory(workspace_id=self.workspace.id)
self.outside_group = factories.GroupFactory(workspace_id=self.other_workspace.id)
def test_with_valid_group(self):
"""It should create the asset owner when the user has the proper permissions.
"""
self.execute_success_test_case('GroupType', factories.GroupFactory(workspace=self.workspace))