def test_permission_on_contentype(db):
perm_ou = OU.objects.create(slug='perm-ou', name='perm ou')
some_role_dict = {
'name': 'some role',
'slug': 'some-role-slug',
'ou': None,
'service': None
}
some_role_dict['permissions'] = [{
"operation": {
"slug": "admin"
},
"ou": {
"slug": "perm-ou",
"name": "perm-ou"
},
'target_ct': {
"model": "contenttype",
"app_label": "contenttypes"
},
"target": {
"model": "logentry",
"app_label": "admin"
}
}]
import_context = ImportContext()
rd = RoleDeserializer(some_role_dict, import_context)
rd.deserialize()
perm_created, perm_deleted = rd.permissions()
assert len(perm_created) == 1
perm = perm_created[0]
assert perm.target.app_label == 'admin'
assert perm.target.model == 'logentry'
assert perm.ou == perm_ou
def test_role_deserializer_creates_admin_role(db):
role_dict = {
'name': 'some role',
'slug': 'some-role',
'uuid': get_hex_uuid(),
'ou': None,
'service': None
}
rd = RoleDeserializer(role_dict, ImportContext())
rd.deserialize()
Role.objects.get(slug='_a2-managers-of-role-some-role')
def test_role_deserializer_missing_ou(db):
rd = RoleDeserializer(
{
'uuid': get_hex_uuid(),
'name': 'some role',
'description': 'role description',
'slug': 'some-role',
'ou': {
'slug': 'some-ou'
},
'service': None
}, ImportContext())
with pytest.raises(DataImportError):
rd.deserialize()
def test_role_deserializer_parenting_existing_parent(db):
parent_role_dict = {
'name': 'grand parent role',
'slug': 'grand-parent-role',
'uuid': get_hex_uuid(),
'ou': None,
'service': None
}
parent_role = Role.objects.create(**parent_role_dict)
child_role_dict = {
'name': 'child role',
'slug': 'child-role',
'parents': [parent_role_dict],
'uuid': get_hex_uuid(),
'ou': None,
'service': None
}
rd = RoleDeserializer(child_role_dict, ImportContext())
child_role, status = rd.deserialize()
created, deleted = rd.parentings()
assert len(created) == 1
parenting = created[0]
assert parenting.direct is True
assert parenting.parent == parent_role
assert parenting.child == child_role
def test_role_deserializer_with_attributes(db):
attributes_data = {
'attr1_name': dict(name='attr1_name',
kind='string',
value='attr1_value'),
'attr2_name': dict(name='attr2_name',
kind='string',
value='attr2_value')
}
rd = RoleDeserializer(
{
'uuid': get_hex_uuid(),
'name': 'some role',
'description': 'some role description',
'slug': 'some-role',
'attributes': list(attributes_data.values()),
'ou': None,
'service': None
}, ImportContext())
role, status = rd.deserialize()
created, deleted = rd.attributes()
assert role.attributes.count() == 2
assert len(created) == 2
for attr in created:
attr_dict = attributes_data[attr.name]
assert attr_dict['name'] == attr.name
assert attr_dict['kind'] == attr.kind
assert attr_dict['value'] == attr.value
del attributes_data[attr.name]
def test_permission_on_role(db):
perm_ou = OU.objects.create(slug='perm-ou', name='perm ou')
perm_role = Role.objects.create(slug='perm-role',
ou=perm_ou,
name='perm role')
some_role_dict = {
'name': 'some role',
'slug': 'some-role-slug',
'ou': None,
'service': None
}
some_role_dict['permissions'] = [{
"operation": {
"slug": "admin"
},
"ou": {
"slug": "perm-ou",
"name": "perm-ou"
},
'target_ct': {
'app_label': u'a2_rbac',
'model': u'role'
},
"target": {
"slug": "perm-role",
"ou": {
"slug": "perm-ou",
"name": "perm ou"
},
"service": None,
"name": "perm role"
}
}]
import_context = ImportContext()
rd = RoleDeserializer(some_role_dict, import_context)
rd.deserialize()
perm_created, perm_deleted = rd.permissions()
assert len(perm_created) == 1
perm = perm_created[0]
assert perm.target == perm_role
assert perm.ou == perm_ou
assert perm.operation.slug == 'admin'
def test_role_deserializer_parenting_non_existing_parent(db):
parent_role_dict = {
'name': 'grand parent role',
'slug': 'grand-parent-role',
'uuid': get_hex_uuid(),
'ou': None,
'service': None
}
child_role_dict = {
'name': 'child role',
'slug': 'child-role',
'parents': [parent_role_dict],
'uuid': get_hex_uuid(),
'ou': None,
'service': None
}
rd = RoleDeserializer(child_role_dict, ImportContext())
rd.deserialize()
with pytest.raises(DataImportError) as excinfo:
rd.parentings()
assert "Could not find role" in str(excinfo.value)
def test_role_deserializer_with_ou(db):
ou = OU.objects.create(name='some ou', slug='some-ou')
rd = RoleDeserializer(
{
'uuid': get_hex_uuid(),
'name': 'some role',
'description': 'some role description',
'slug': 'some-role',
'ou': {
'slug': 'some-ou'
},
'service': None
}, ImportContext())
role, status = rd.deserialize()
assert role.ou == ou
def test_role_deserializer_update_fields(db):
uuid = get_hex_uuid()
existing_role = Role.objects.create(uuid=uuid,
slug='some-role',
name='some role')
rd = RoleDeserializer(
{
'uuid': uuid,
'slug': 'some-role',
'name': 'some role changed',
'ou': None,
'service': None
}, ImportContext())
role, status = rd.deserialize()
assert role == existing_role
assert role.name == 'some role changed'
def test_role_deserializer_update_ou(db):
ou1 = OU.objects.create(name='ou 1', slug='ou-1')
ou2 = OU.objects.create(name='ou 2', slug='ou-2')
uuid = get_hex_uuid()
existing_role = Role.objects.create(uuid=uuid, slug='some-role', ou=ou1)
rd = RoleDeserializer(
{
'uuid': uuid,
'name': 'some-role',
'slug': 'some-role',
'ou': {
'slug': 'ou-2'
},
'service': None
}, ImportContext())
role, status = rd.deserialize()
assert role == existing_role
assert role.ou == ou2
def test_role_deserializer(db):
rd = RoleDeserializer(
{
'name': 'some role',
'description': 'some role description',
'slug': 'some-role',
'uuid': get_hex_uuid(),
'ou': None,
'service': None
}, ImportContext())
assert rd._parents is None
assert rd._attributes is None
assert rd._obj is None
role, status = rd.deserialize()
assert status == 'created'
assert role.name == 'some role'
assert role.description == 'some role description'
assert role.slug == 'some-role'
assert rd._obj == role
def test_role_deserializer_permissions(db):
ou = OU.objects.create(slug='some-ou')
other_role_dict = {
'name': 'other role',
'slug': 'other-role-slug',
'uuid': get_hex_uuid(),
'ou': ou
}
other_role = Role.objects.create(**other_role_dict)
other_role_dict['permisison'] = {
"operation": {
"slug": "admin"
},
"ou": {
"slug": "default",
"name": "Collectivit\u00e9 par d\u00e9faut"
},
'target_ct': {
'app_label': u'a2_rbac',
'model': u'role'
},
"target": {
"slug": "role-deux",
"ou": {
"slug": "default",
"name": "Collectivit\u00e9 par d\u00e9faut"
},
"service": None,
"name": "role deux"
}
}
some_role_dict = {
'name': 'some role',
'slug': 'some-role',
'uuid': get_hex_uuid(),
'ou': None,
'service': None
}
some_role_dict['permissions'] = [{
'operation': {
'slug': 'add'
},
'ou': None,
'target_ct': {
'app_label': u'a2_rbac',
'model': u'role'
},
'target': {
"slug": u'other-role-slug',
'ou': {
'slug': 'some-ou'
},
'service': None
}
}]
import_context = ImportContext()
rd = RoleDeserializer(some_role_dict, import_context)
rd.deserialize()
perm_created, perm_deleted = rd.permissions()
assert len(perm_created) == 1
assert len(perm_deleted) == 0
del some_role_dict['permissions']
role = Role.objects.get(slug=some_role_dict['slug'])
assert role.permissions.count() == 1
perm = role.permissions.first()
assert perm.operation.slug == 'add'
assert not perm.ou
assert perm.target == other_role
# that one should delete permissions
rd = RoleDeserializer(some_role_dict, import_context)
role, _ = rd.deserialize()
perm_created, perm_deleted = rd.permissions()
assert role.permissions.count() == 0
assert len(perm_created) == 0
assert len(perm_deleted) == 1