def test_has_permission_normal_user_service_doesnt_exist(
self, auth_api_client, org_admin, org):
request = WSGIRequest(
auth_api_client._base_environ(**auth_api_client._credentials))
request.user = org_admin
kwargs = {'kwargs': {'service': 'test'}, 'request': request}
permission_obj = AllowLogicModuleGroup()
view = APIGatewayView(**kwargs)
with pytest.raises(ServiceDoesNotExist):
permission_obj.has_permission(kwargs['request'], view)
def test_has_permission_normal_user_no_restrictions(
self, auth_api_client, org_admin, org, logic_module):
"""
Services without permission groups can be accessed by everybody
"""
request = WSGIRequest(
auth_api_client._base_environ(**auth_api_client._credentials))
request.user = org_admin
kwargs = {'kwargs': {'service': logic_module.name}, 'request': request}
permission_obj = AllowLogicModuleGroup()
view = APIGatewayView(**kwargs)
result = permission_obj.has_permission(kwargs['request'], view)
assert result
def test_has_permission_superuser_success(self, auth_superuser_api_client,
superuser):
"""
Superusers are able to access all services
"""
request = WSGIRequest(
auth_superuser_api_client._base_environ(
**auth_superuser_api_client._credentials))
request.user = superuser
kwargs = {'kwargs': {'service': 'test'}, 'request': request}
permission_obj = AllowLogicModuleGroup()
view = APIGatewayView(**kwargs)
result = permission_obj.has_permission(kwargs['request'], view)
assert result
def test_has_permission_normal_user_org_level_permission(
self, auth_api_client, org_admin, org, logic_module):
"""
Organization level permissions of a service are applied to users of a specific org
"""
org_admin_group = org_admin.core_groups.all().first()
logic_module.core_groups.add(org_admin_group)
request = WSGIRequest(
auth_api_client._base_environ(**auth_api_client._credentials))
request.user = org_admin
kwargs = {'kwargs': {'service': logic_module.name}, 'request': request}
permission_obj = AllowLogicModuleGroup()
view = APIGatewayView(**kwargs)
result = permission_obj.has_permission(kwargs['request'], view)
assert result
def test_has_permission_normal_user_global_level_permission(
self, auth_api_client, org_admin, org, logic_module, core_group):
"""
Global level permissions of a service are applied to all users who try to access it
"""
core_group.is_global = True
core_group.is_org_level = False
core_group.organization = None
core_group.save()
logic_module.core_groups.add(core_group)
request = WSGIRequest(
auth_api_client._base_environ(**auth_api_client._credentials))
request.user = org_admin
kwargs = {'kwargs': {'service': logic_module.name}, 'request': request}
permission_obj = AllowLogicModuleGroup()
view = APIGatewayView(**kwargs)
result = permission_obj.has_permission(kwargs['request'], view)
assert result
def test_has_permission_normal_user_org_level_diff_org(
self, auth_api_client, org_admin, org, logic_module, core_group):
"""
Organization level permissions of a service aren't applied to users from an org different to the one
from the permissions
"""
core_group.is_global = False
core_group.is_org_level = True
core_group.organization = Organization.create()
core_group.save()
logic_module.core_groups.add(core_group)
request = WSGIRequest(
auth_api_client._base_environ(**auth_api_client._credentials))
request.user = org_admin
kwargs = {'kwargs': {'service': logic_module.name}, 'request': request}
permission_obj = AllowLogicModuleGroup()
view = APIGatewayView(**kwargs)
result = permission_obj.has_permission(kwargs['request'], view)
assert result