def test_delete_only_role_to_edit_roles(self): """ Test deleting a role that is the only one allowed to edit roles. Expected result: An error is raised. """ name = 'Administrator' permission = Permission.EditRole role = Role(name=name) role.permissions = permission db.session.add(role) db.session.commit() with self.assertRaises( DeletionPreconditionViolationError) as exception_cm: role.delete() self.assertIn( 'Cannot delete the only role with the permission to edit roles.', str(exception_cm.exception)) # Add another role with the required permission. Now, it is possible to delete the first role. other_role = Role(name='Guest') other_role.permissions = permission db.session.add(other_role) db.session.commit() role.delete() self.assertIsNone(Role.load_from_name(name))
def test_load_roles_with_permission(self): """ Test loading roles that have a given permission. Expected result: All roles that have the requested permission are returned. """ requested_permission = Permission.EditRole other_permission = Permission.EditUser role_without_permission = Role(name='No Permission') role_without_permission.permissions = other_permission db.session.add(role_without_permission) role_with_permission = Role(name='With Permission') role_with_permission.permissions = requested_permission db.session.add(role_with_permission) role_with_permissions = Role(name='With Permissions') role_with_permissions.permissions = requested_permission | other_permission db.session.add(role_with_permissions) db.session.commit() roles = Role.load_roles_with_permission(requested_permission) self.assertListEqual([role_with_permission, role_with_permissions], roles)
def test_load_roles_with_permissions(self): """ Test loading roles that have multiple given permissions. Expected result: All roles that have the requested permissions are returned. """ first_requested_permission = Permission.EditRole second_requested_permission = Permission.EditGlobalSettings other_permission = Permission.EditUser role_without_permission = Role(name='No Permission') role_without_permission.permissions = other_permission db.session.add(role_without_permission) role_with_one_permission = Role(name='With One Permission') role_with_one_permission.permissions = first_requested_permission db.session.add(role_with_one_permission) role_with_all_permissions = Role(name='With All Permissions') role_with_all_permissions.permissions = (first_requested_permission | second_requested_permission | other_permission) db.session.add(role_with_all_permissions) db.session.commit() roles = Role.load_roles_with_permissions_all(first_requested_permission, second_requested_permission) self.assertListEqual([role_with_all_permissions], roles)
def test_has_permissions_one_of_single_permission(self): """ Test the has_permissions_one_of() method if a role has the request permission (and only this one). Expected result: `True` when requesting this permission, `False` otherwise. """ role = Role('Administrator') role.permissions = Permission.EditRole self.assertTrue(role.has_permissions_one_of(Permission.EditRole)) self.assertFalse(role.has_permissions_one_of(Permission.EditUser)) # If a combination of multiple permissions is requested, the role does not have this permission. self.assertFalse( role.has_permissions_one_of(Permission.EditRole | Permission.EditUser)) role.permissions = Permission.EditUser self.assertFalse(role.has_permissions_one_of(Permission.EditRole)) self.assertTrue(role.has_permissions_one_of(Permission.EditUser)) # If a combination of multiple permissions is requested, the role does not have this permission. self.assertFalse( role.has_permissions_one_of(Permission.EditRole | Permission.EditUser))
def test_is_only_role_allowed_to_edit_roles(self): """ Test if a role is the only one allowed to edit roles. Expected result: `True` if it is, `False` otherwise. """ # First check if the role is not allowed to edit roles. name = 'Administrator' permission = Permission.EditRole role = Role(name=name) db.session.add(role) db.session.commit() self.assertFalse(role.is_only_role_allowed_to_edit_roles()) # Add the permission. Now it should be the only one. role.permissions = permission db.session.commit() self.assertTrue(role.is_only_role_allowed_to_edit_roles()) # Add another role with the required permission. other_role = Role(name='Guest') other_role.permissions = permission db.session.add(other_role) db.session.commit() self.assertFalse(role.is_only_role_allowed_to_edit_roles())
def test_delete_only_role_to_edit_roles(self): """ Test deleting a role that is the only one allowed to edit roles. Expected result: An error is raised. """ name = 'Administrator' permission = Permission.EditRole role = Role(name=name) role.permissions = permission db.session.add(role) db.session.commit() with self.assertRaises(DeletionPreconditionViolationError) as exception_cm: role.delete() self.assertIn('Cannot delete the only role with the permission to edit roles.', str(exception_cm.exception)) # Add another role with the required permission. Now, it is possible to delete the first role. other_role = Role(name='Guest') other_role.permissions = permission db.session.add(other_role) db.session.commit() role.delete() self.assertIsNone(Role.load_from_name(name))
def test_permissions_set_permission_no_edit_role_only_role(self): """ Test setting permissions with giving permissions that do not include the permission to edit roles if this is the only role allowed to edit roles. Expected result: The permission to edit roles is set automatically. """ role = Role('Administrator') role.permissions = Permission.EditRole db.session.add(role) db.session.commit() self.assertTrue(role.is_only_role_allowed_to_edit_roles()) role.permissions = Permission.EditUser self.assertEqual(Permission.EditUser | Permission.EditRole, role.permissions)
def test_permissions_set_permission(self): """ Test setting permissions with giving a permission. Expected result: The permission is set, overwriting previous values. """ role = Role('Administrator') role._permissions = Permission.EditRole.value self.assertEqual(Permission.EditRole, role.permissions) role.permissions = Permission.EditUser self.assertEqual(Permission.EditUser.value, role._permissions)
def test_permissions_set_none(self): """ Test setting permissions without giving a permission. Expected result: The empty permission is set. """ role = Role('Administrator') role._permissions = Permission.EditRole.value self.assertEqual(Permission.EditRole, role.permissions) role.permissions = None self.assertEqual(Permission(0).value, role._permissions)
def test_permissions_set_permission_no_edit_role_other_roles(self): """ Test setting permissions with giving permissions that do not include the permission to edit roles if there are also other roles allowed to edit roles. Expected result: The permission to edit roles is not set. """ other_role = Role('Guest') other_role.permissions = Permission.EditRole db.session.add(other_role) role = Role('Administrator') role.permissions = Permission.EditRole db.session.add(role) db.session.commit() self.assertFalse(role.is_only_role_allowed_to_edit_roles()) new_permissions = Permission.EditUser role.permissions = new_permissions self.assertEqual(new_permissions, role.permissions)
def test_has_permissions_one_of_multiple_permissions(self): """ Test the has_permissions_one_of() method if a role has the requested permission (and others). Expected result: `True` when requesting the set permissions. """ role = Role('Administrator') role.permissions = Permission.EditRole | Permission.EditUser self.assertTrue(role.has_permissions_one_of(Permission.EditRole)) self.assertTrue(role.has_permissions_one_of(Permission.EditUser)) self.assertTrue( role.has_permissions_one_of(Permission.EditRole, Permission.EditUser, Permission(0)))
def test_has_permissions_one_of_empty_permission(self): """ Test the has_permissions_one_of() method with the empty permission. Expected result: `False`. """ role = Role('Administrator') db.session.add(role) db.session.commit() self.assertEqual(0, role._permissions) self.assertTrue(role.has_permissions_one_of(Permission(0))) role.permissions = Permission.EditRole self.assertTrue(role.has_permissions_one_of(Permission(0)))
def test_repr(self): """ Test the string representation of the role. Expected result: The representation contains details on the role. """ name = 'Administrator' permissions = Permission.EditRole | Permission.EditUser role = Role(name=name) self.assertEqual(f'<Role [None] "{name}" [Permission.0]>', str(role)) role.permissions = permissions db.session.add(role) db.session.commit() self.assertEqual(f'<Role [1] "{name}" [{permissions}]>', str(role))
def role_new() -> ResponseType: """ Show and process a form to create a new role. :return: The response for this view. """ new_role_form = create_permission_form(RoleNewForm, Permission(0)) if new_role_form.validate_on_submit(): role = Role(name=new_role_form.name.data) role.permissions = new_role_form.permissions db.session.add(role) db.session.commit() flash(_('The new role has been created.')) return redirect(url_for('.roles_list')) return render_template('administration/role_new.html', new_role_form=new_role_form)
def role_new() -> str: """ Show a form to create a new role. :return: The HTML response. """ new_role_form = create_permission_form(RoleNewForm, Permission(0)) if new_role_form.validate_on_submit(): role = Role(name=new_role_form.name.data) role.permissions = new_role_form.permissions db.session.add(role) db.session.commit() flash(_('The new role has been created.')) return redirect(url_for('.roles_list')) return render_template('administration/role_new.html', new_role_form=new_role_form)