def test_app_admin_user_in_org_must_have_admin_access_for_the_app(self):
org = Organization.objects.create(name='Test', slug='test')
OrganizationUserRelation.objects.create(user=self.user,
organization=org,
is_admin=True)
DockerController.objects.create(
name='my test app',
organization=org,
owner=self.user,
domain_urls='test-app.molo.site my.domain.com')
# joe is an app admin user in the org (is_app_admin = True)
joe = User.objects.create_user('joe', '*****@*****.**', '1234')
OrganizationUserRelation.objects.create(user=joe,
organization=org,
is_app_admin=True)
# create the controller as testuser
self.client.login(username='******', password='******')
attr = permissions.org_permissions(joe, 'http://foobar.com/')
self.assertEqual(attr['has_perm'], False)
self.assertEqual(attr['is_admin'], False)
attr = permissions.org_permissions(joe, 'http://test-app.molo.site/')
self.assertEqual(attr['has_perm'], True)
self.assertEqual(attr['is_admin'], True)
def test_super_user_must_have_super_user_access(self):
org = Organization.objects.create(name='Test', slug='test')
OrganizationUserRelation.objects.create(
user=self.user, organization=org, is_admin=True)
joe = User.objects.create_superuser('joe', '*****@*****.**', '1234')
self.client.login(username='******', password='******')
attr = permissions.org_permissions(joe, 'http://foobar.com/')
self.assertEqual(attr['has_perm'], True)
self.assertEqual(attr['is_admin'], True)
attr = permissions.org_permissions(joe, 'http://test-app.molo.site/')
self.assertEqual(attr['has_perm'], True)
self.assertEqual(attr['is_admin'], True)
def test_super_user_must_have_super_user_access(self):
org = Organization.objects.create(name='Test', slug='test')
OrganizationUserRelation.objects.create(user=self.user,
organization=org,
is_admin=True)
joe = User.objects.create_superuser('joe', '*****@*****.**', '1234')
self.client.login(username='******', password='******')
attr = permissions.org_permissions(joe, 'http://foobar.com/')
self.assertEqual(attr['has_perm'], True)
self.assertEqual(attr['is_admin'], True)
attr = permissions.org_permissions(joe, 'http://test-app.molo.site/')
self.assertEqual(attr['has_perm'], True)
self.assertEqual(attr['is_admin'], True)
def test_org_admin_must_have_superuser_access(self):
user = User.objects.create_user('joe', '*****@*****.**', '1234')
org = Organization.objects.create(name='Test', slug='test')
OrganizationUserRelation.objects.create(
user=user, organization=org, is_admin=True)
DockerController.objects.create(
name='my test app', organization=org,
owner=user, domain_urls='foobar.com')
self.client.login(username='******', password='******')
attr = permissions.org_permissions(user, 'http://foobar1.com/')
self.assertEqual(attr['has_perm'], False)
self.assertEqual(attr['is_admin'], False)
attr = permissions.org_permissions(user, 'http://foobar.com/')
self.assertEqual(attr['has_perm'], True)
self.assertEqual(attr['is_admin'], True)
def test_user_in_other_org_must_not_have_cross_access(self):
org = Organization.objects.create(name='Test', slug='test')
OrganizationUserRelation.objects.create(user=self.user,
organization=org,
is_admin=True)
# joe is a normal user in the org (is_admin = False)
joe = User.objects.create_user('joe', '*****@*****.**', '1234')
OrganizationUserRelation.objects.create(user=joe, organization=org)
DockerController.objects.create(name='my test app',
organization=org,
owner=self.user,
domain_urls='foobar.com')
# sam is a normal user in other org
sam = User.objects.create_user('sam', '*****@*****.**', '1234')
other_org = Organization.objects.create(name='Other', slug='other')
OrganizationUserRelation.objects.create(user=sam,
organization=other_org)
DockerController.objects.create(name='my test app',
organization=other_org,
owner=self.user,
domain_urls='test-app.molo.site')
attr = permissions.org_permissions(joe, 'http://foobar.com/')
self.assertEqual(attr['has_perm'], True)
self.assertEqual(attr['is_admin'], False)
attr = permissions.org_permissions(sam, 'http://foobar.com/')
self.assertEqual(attr['has_perm'], False)
self.assertEqual(attr['is_admin'], False)
attr = permissions.org_permissions(joe, 'http://test-app.molo.site/')
self.assertEqual(attr['has_perm'], False)
self.assertEqual(attr['is_admin'], False)
attr = permissions.org_permissions(sam, 'http://test-app.molo.site/')
self.assertEqual(attr['has_perm'], True)
self.assertEqual(attr['is_admin'], False)
# tom is an admin user in other org
tom = User.objects.create_user('tom', '*****@*****.**', '1234')
OrganizationUserRelation.objects.create(user=tom,
organization=other_org,
is_admin=True)
attr = permissions.org_permissions(tom, 'http://foobar.com/')
self.assertEqual(attr['has_perm'], False)
self.assertEqual(attr['is_admin'], False)
attr = permissions.org_permissions(tom, 'http://test-app.molo.site/')
self.assertEqual(attr['has_perm'], True)
self.assertEqual(attr['is_admin'], True)
attr = permissions.org_permissions(sam, 'http://test-app.molo.site/')
self.assertEqual(attr['has_perm'], True)
self.assertEqual(attr['is_admin'], False)
def test_org_admin_must_have_superuser_access(self):
user = User.objects.create_user('joe', '*****@*****.**', '1234')
org = Organization.objects.create(name='Test', slug='test')
OrganizationUserRelation.objects.create(user=user,
organization=org,
is_admin=True)
DockerController.objects.create(name='my test app',
organization=org,
owner=user,
domain_urls='foobar.com')
self.client.login(username='******', password='******')
attr = permissions.org_permissions(user, 'http://foobar1.com/')
self.assertEqual(attr['has_perm'], False)
self.assertEqual(attr['is_admin'], False)
attr = permissions.org_permissions(user, 'http://foobar.com/')
self.assertEqual(attr['has_perm'], True)
self.assertEqual(attr['is_admin'], True)
def test_user_in_other_org_must_not_have_cross_access(self):
org = Organization.objects.create(name='Test', slug='test')
OrganizationUserRelation.objects.create(
user=self.user, organization=org, is_admin=True)
# joe is a normal user in the org (is_admin = False)
joe = User.objects.create_user('joe', '*****@*****.**', '1234')
OrganizationUserRelation.objects.create(
user=joe, organization=org)
DockerController.objects.create(
name='my test app', organization=org,
owner=self.user, domain_urls='foobar.com')
# sam is a normal user in other org
sam = User.objects.create_user('sam', '*****@*****.**', '1234')
other_org = Organization.objects.create(name='Other', slug='other')
OrganizationUserRelation.objects.create(
user=sam, organization=other_org)
DockerController.objects.create(
name='my test app', organization=other_org,
owner=self.user, domain_urls='test-app.molo.site')
attr = permissions.org_permissions(joe, 'http://foobar.com/')
self.assertEqual(attr['has_perm'], True)
self.assertEqual(attr['is_admin'], False)
attr = permissions.org_permissions(sam, 'http://foobar.com/')
self.assertEqual(attr['has_perm'], False)
self.assertEqual(attr['is_admin'], False)
attr = permissions.org_permissions(joe, 'http://test-app.molo.site/')
self.assertEqual(attr['has_perm'], False)
self.assertEqual(attr['is_admin'], False)
attr = permissions.org_permissions(sam, 'http://test-app.molo.site/')
self.assertEqual(attr['has_perm'], True)
self.assertEqual(attr['is_admin'], False)
# tom is an admin user in other org
tom = User.objects.create_user('tom', '*****@*****.**', '1234')
OrganizationUserRelation.objects.create(
user=tom, organization=other_org, is_admin=True)
attr = permissions.org_permissions(tom, 'http://foobar.com/')
self.assertEqual(attr['has_perm'], False)
self.assertEqual(attr['is_admin'], False)
attr = permissions.org_permissions(tom, 'http://test-app.molo.site/')
self.assertEqual(attr['has_perm'], True)
self.assertEqual(attr['is_admin'], True)
attr = permissions.org_permissions(sam, 'http://test-app.molo.site/')
self.assertEqual(attr['has_perm'], True)
self.assertEqual(attr['is_admin'], False)
def test_app_admin_user_in_org_must_have_admin_access_for_the_app(self):
org = Organization.objects.create(name='Test', slug='test')
OrganizationUserRelation.objects.create(
user=self.user, organization=org, is_admin=True)
DockerController.objects.create(
name='my test app', organization=org,
owner=self.user, domain_urls='test-app.molo.site my.domain.com')
# joe is an app admin user in the org (is_app_admin = True)
joe = User.objects.create_user('joe', '*****@*****.**', '1234')
OrganizationUserRelation.objects.create(
user=joe, organization=org, is_app_admin=True)
# create the controller as testuser
self.client.login(username='******', password='******')
attr = permissions.org_permissions(joe, 'http://foobar.com/')
self.assertEqual(attr['has_perm'], False)
self.assertEqual(attr['is_admin'], False)
attr = permissions.org_permissions(joe, 'http://test-app.molo.site/')
self.assertEqual(attr['has_perm'], True)
self.assertEqual(attr['is_admin'], True)
def test_access_using_generic_domain(self):
user = User.objects.create_user('joe', '*****@*****.**', '1234')
org = Organization.objects.create(name='Test', slug='test')
OrganizationUserRelation.objects.create(
user=user, organization=org, is_admin=True)
self.client.login(username='******', password='******')
controller = DockerController.objects.create(
name='my test app', organization=org,
owner=self.user, slug='test-app')
attr = permissions.org_permissions(
user, 'http://%s.seed.p16n.org/admin/' % controller.app_id)
self.assertEqual(attr['has_perm'], True)
self.assertEqual(attr['is_admin'], True)
def test_access_using_generic_domain(self):
user = User.objects.create_user('joe', '*****@*****.**', '1234')
org = Organization.objects.create(name='Test', slug='test')
OrganizationUserRelation.objects.create(user=user,
organization=org,
is_admin=True)
self.client.login(username='******', password='******')
controller = DockerController.objects.create(name='my test app',
organization=org,
owner=self.user,
slug='test-app')
attr = permissions.org_permissions(
user, 'http://%s.seed.p16n.org/admin/' % controller.app_id)
self.assertEqual(attr['has_perm'], True)
self.assertEqual(attr['is_admin'], True)
def test_user_details(self):
user = User.objects.create(first_name='foo', email='*****@*****.**')
attr = permissions.org_permissions(user, 'http://foobar.com/')
self.assertEqual(attr['givenName'], 'foo')
self.assertEqual(attr['email'], '*****@*****.**')
def test_group_access(self):
user = User.objects.create(first_name='foo')
attr = permissions.org_permissions(user, 'http://foobar.com/')
self.assertEqual(attr['has_perm'], False)
def test_user_details(self):
user = User.objects.create(first_name='foo', email='*****@*****.**')
attr = permissions.org_permissions(user, 'http://foobar.com/')
self.assertEqual(attr['givenName'], 'foo')
self.assertEqual(attr['email'], '*****@*****.**')
def test_group_access(self):
user = User.objects.create(first_name='foo')
attr = permissions.org_permissions(user, 'http://foobar.com/')
self.assertEqual(attr['has_perm'], False)