def test_permission_on_contentype(db): perm_ou = OU.objects.create(slug='perm-ou', name='perm ou') some_role_dict = { 'name': 'some role', 'slug': 'some-role-slug', 'ou': None, 'service': None } some_role_dict['permissions'] = [{ "operation": { "slug": "admin" }, "ou": { "slug": "perm-ou", "name": "perm-ou" }, 'target_ct': { "model": "contenttype", "app_label": "contenttypes" }, "target": { "model": "logentry", "app_label": "admin" } }] import_context = ImportContext() rd = RoleDeserializer(some_role_dict, import_context) rd.deserialize() perm_created, perm_deleted = rd.permissions() assert len(perm_created) == 1 perm = perm_created[0] assert perm.target.app_label == 'admin' assert perm.target.model == 'logentry' assert perm.ou == perm_ou
def test_role_deserializer_parenting_existing_parent(db): parent_role_dict = { 'name': 'grand parent role', 'slug': 'grand-parent-role', 'uuid': get_hex_uuid(), 'ou': None, 'service': None } parent_role = Role.objects.create(**parent_role_dict) child_role_dict = { 'name': 'child role', 'slug': 'child-role', 'parents': [parent_role_dict], 'uuid': get_hex_uuid(), 'ou': None, 'service': None } rd = RoleDeserializer(child_role_dict, ImportContext()) child_role, status = rd.deserialize() created, deleted = rd.parentings() assert len(created) == 1 parenting = created[0] assert parenting.direct is True assert parenting.parent == parent_role assert parenting.child == child_role
def test_role_deserializer_with_attributes(db): attributes_data = { 'attr1_name': dict(name='attr1_name', kind='string', value='attr1_value'), 'attr2_name': dict(name='attr2_name', kind='string', value='attr2_value') } rd = RoleDeserializer( { 'uuid': get_hex_uuid(), 'name': 'some role', 'description': 'some role description', 'slug': 'some-role', 'attributes': list(attributes_data.values()), 'ou': None, 'service': None }, ImportContext()) role, status = rd.deserialize() created, deleted = rd.attributes() assert role.attributes.count() == 2 assert len(created) == 2 for attr in created: attr_dict = attributes_data[attr.name] assert attr_dict['name'] == attr.name assert attr_dict['kind'] == attr.kind assert attr_dict['value'] == attr.value del attributes_data[attr.name]
def test_role_deserializer_creates_admin_role(db): role_dict = { 'name': 'some role', 'slug': 'some-role', 'uuid': get_hex_uuid(), 'ou': None, 'service': None } rd = RoleDeserializer(role_dict, ImportContext()) rd.deserialize() Role.objects.get(slug='_a2-managers-of-role-some-role')
def test_role_deserializer_missing_ou(db): rd = RoleDeserializer( { 'uuid': get_hex_uuid(), 'name': 'some role', 'description': 'role description', 'slug': 'some-role', 'ou': { 'slug': 'some-ou' }, 'service': None }, ImportContext()) with pytest.raises(DataImportError): rd.deserialize()
def test_role_deserializer_with_ou(db): ou = OU.objects.create(name='some ou', slug='some-ou') rd = RoleDeserializer( { 'uuid': get_hex_uuid(), 'name': 'some role', 'description': 'some role description', 'slug': 'some-role', 'ou': { 'slug': 'some-ou' }, 'service': None }, ImportContext()) role, status = rd.deserialize() assert role.ou == ou
def test_role_deserializer_update_fields(db): uuid = get_hex_uuid() existing_role = Role.objects.create(uuid=uuid, slug='some-role', name='some role') rd = RoleDeserializer( { 'uuid': uuid, 'slug': 'some-role', 'name': 'some role changed', 'ou': None, 'service': None }, ImportContext()) role, status = rd.deserialize() assert role == existing_role assert role.name == 'some role changed'
def test_role_deserializer_update_ou(db): ou1 = OU.objects.create(name='ou 1', slug='ou-1') ou2 = OU.objects.create(name='ou 2', slug='ou-2') uuid = get_hex_uuid() existing_role = Role.objects.create(uuid=uuid, slug='some-role', ou=ou1) rd = RoleDeserializer( { 'uuid': uuid, 'name': 'some-role', 'slug': 'some-role', 'ou': { 'slug': 'ou-2' }, 'service': None }, ImportContext()) role, status = rd.deserialize() assert role == existing_role assert role.ou == ou2
def test_permission_on_role(db): perm_ou = OU.objects.create(slug='perm-ou', name='perm ou') perm_role = Role.objects.create(slug='perm-role', ou=perm_ou, name='perm role') some_role_dict = { 'name': 'some role', 'slug': 'some-role-slug', 'ou': None, 'service': None } some_role_dict['permissions'] = [{ "operation": { "slug": "admin" }, "ou": { "slug": "perm-ou", "name": "perm-ou" }, 'target_ct': { 'app_label': u'a2_rbac', 'model': u'role' }, "target": { "slug": "perm-role", "ou": { "slug": "perm-ou", "name": "perm ou" }, "service": None, "name": "perm role" } }] import_context = ImportContext() rd = RoleDeserializer(some_role_dict, import_context) rd.deserialize() perm_created, perm_deleted = rd.permissions() assert len(perm_created) == 1 perm = perm_created[0] assert perm.target == perm_role assert perm.ou == perm_ou assert perm.operation.slug == 'admin'
def test_role_deserializer(db): rd = RoleDeserializer( { 'name': 'some role', 'description': 'some role description', 'slug': 'some-role', 'uuid': get_hex_uuid(), 'ou': None, 'service': None }, ImportContext()) assert rd._parents is None assert rd._attributes is None assert rd._obj is None role, status = rd.deserialize() assert status == 'created' assert role.name == 'some role' assert role.description == 'some role description' assert role.slug == 'some-role' assert rd._obj == role
def test_role_deserializer_parenting_non_existing_parent(db): parent_role_dict = { 'name': 'grand parent role', 'slug': 'grand-parent-role', 'uuid': get_hex_uuid(), 'ou': None, 'service': None } child_role_dict = { 'name': 'child role', 'slug': 'child-role', 'parents': [parent_role_dict], 'uuid': get_hex_uuid(), 'ou': None, 'service': None } rd = RoleDeserializer(child_role_dict, ImportContext()) rd.deserialize() with pytest.raises(DataImportError) as excinfo: rd.parentings() assert "Could not find role" in str(excinfo.value)
def test_role_deserializer_permissions(db): ou = OU.objects.create(slug='some-ou') other_role_dict = { 'name': 'other role', 'slug': 'other-role-slug', 'uuid': get_hex_uuid(), 'ou': ou } other_role = Role.objects.create(**other_role_dict) other_role_dict['permisison'] = { "operation": { "slug": "admin" }, "ou": { "slug": "default", "name": "Collectivit\u00e9 par d\u00e9faut" }, 'target_ct': { 'app_label': u'a2_rbac', 'model': u'role' }, "target": { "slug": "role-deux", "ou": { "slug": "default", "name": "Collectivit\u00e9 par d\u00e9faut" }, "service": None, "name": "role deux" } } some_role_dict = { 'name': 'some role', 'slug': 'some-role', 'uuid': get_hex_uuid(), 'ou': None, 'service': None } some_role_dict['permissions'] = [{ 'operation': { 'slug': 'add' }, 'ou': None, 'target_ct': { 'app_label': u'a2_rbac', 'model': u'role' }, 'target': { "slug": u'other-role-slug', 'ou': { 'slug': 'some-ou' }, 'service': None } }] import_context = ImportContext() rd = RoleDeserializer(some_role_dict, import_context) rd.deserialize() perm_created, perm_deleted = rd.permissions() assert len(perm_created) == 1 assert len(perm_deleted) == 0 del some_role_dict['permissions'] role = Role.objects.get(slug=some_role_dict['slug']) assert role.permissions.count() == 1 perm = role.permissions.first() assert perm.operation.slug == 'add' assert not perm.ou assert perm.target == other_role # that one should delete permissions rd = RoleDeserializer(some_role_dict, import_context) role, _ = rd.deserialize() perm_created, perm_deleted = rd.permissions() assert role.permissions.count() == 0 assert len(perm_created) == 0 assert len(perm_deleted) == 1