def test_check_permissions_on_user_key_request_readonly(user):
namespace = "peeringdb.organization.1.network"
api_key, key = UserAPIKey.objects.create_key(
name="test key", user=user, readonly=True
)
assert api_key.readonly
# Define permissions as CRUD
UserPermission.objects.create(namespace=namespace, permission=PERM_CRUD, user=user)
factory = RequestFactory()
request = factory.get("/api/net/1")
# Add api key header
request.META.update({"HTTP_AUTHORIZATION": "Api-Key " + key})
# Assert we're making a request with a OrgAPIKey
assert hasattr(request, "user") is False
assert request.META["HTTP_AUTHORIZATION"] == "Api-Key " + key
# Test permissions are readonly
perm_obj = get_permission_holder_from_request(request)
assert perm_obj == api_key
assert check_permissions(perm_obj, namespace, "c") is False
assert check_permissions(perm_obj, namespace, "r")
assert check_permissions(perm_obj, namespace, "u") is False
assert check_permissions(perm_obj, namespace, "d") is False
def test_check_permissions_on_org_key_request_crud(org, groups):
namespace = "peeringdb.organization.1.network"
api_key, key = OrganizationAPIKey.objects.create_key(
name="test key", org=org, email="test@localhost"
)
OrganizationAPIPermission.objects.create(
org_api_key=api_key, namespace=namespace, permission=PERM_CRUD
)
factory = RequestFactory()
request = factory.get("/api/net/1")
# Add api key header
request.META.update({"HTTP_AUTHORIZATION": "Api-Key " + key})
# Assert we're making a request with a OrgAPIKey
assert hasattr(request, "user") is False
assert request.META["HTTP_AUTHORIZATION"] == "Api-Key " + key
# Test permissions
perm_obj = get_permission_holder_from_request(request)
assert check_permissions(perm_obj, namespace, "c")
assert check_permissions(perm_obj, namespace, "r")
assert check_permissions(perm_obj, namespace, "u")
assert check_permissions(perm_obj, namespace, "d")
def test_check_perms(org, groups):
namespace = "peeringdb.organization.1.network"
api_key, key = OrganizationAPIKey.objects.create_key(name="test key", org=org)
OrganizationAPIPermission.objects.create(
org_api_key=api_key, namespace=namespace, permission=PERM_READ
)
assert check_permissions(api_key, namespace, "r")
assert check_permissions(api_key, namespace, "u") is False
def test_check_permissions_on_unauth_request(org):
namespace = "peeringdb.organization.1.network"
api_key, key = OrganizationAPIKey.objects.create_key(name="test key", org=org)
OrganizationAPIPermission.objects.create(
org_api_key=api_key, namespace=namespace, permission=PERM_READ
)
factory = RequestFactory()
request = factory.get("/api/net/1")
# Check permissions without any credentials
assert hasattr(request, "user") is False
assert request.META.get("HTTP_AUTHORIZATION") is None
perm_obj = get_permission_holder_from_request(request)
print(perm_obj)
assert check_permissions(perm_obj, namespace, "r") is False