def test_data_layer_get_collection_update_query(self,
mock_eagerload_includes,
instance, permission_user,
session,
sqlalchemy_data_layer):
PermissionToMapper.add_permission('get', ModelWithMeta,
[PermissionWithJoinsAndFilters])
kwargs = dict(query=session.query(ModelWithMeta),
qs=QueryStringManager(
{'fields[model_with_meta]': 'type,flags'},
ModelWithMetaSchema),
self_json_api=sqlalchemy_data_layer,
view_kwargs={'_permission_user': permission_user})
result = instance.data_layer_get_collection_update_query(**kwargs)
permission_get = permission_user.permission_for_get(ModelWithMeta)
expected_query = str(
session.query(ModelWithMeta)
# check that joins and filters from permission were applied
.join(*permission_get.joins[0]).filter(*permission_get.filters)
# and only requested and allowed fields were selected
.with_entities(ModelWithMeta.id, ModelWithMeta.type).statement)
assert str(result.statement) == expected_query
def test_permission_for_patch_permission__with_permissions(
self, instance_patch, permission_list, expected_allow_columns,
expected_forbidden_columns):
PermissionToMapper.add_permission('patch', MyModel, permission_list)
result = instance_patch.permission_for_patch_permission(MyModel)
assert result.allow_columns == expected_allow_columns
assert result.forbidden_columns == expected_forbidden_columns
def test_permission_for_get__many__with_permissions(
self, instance_get_many, permission_list, expected_allow_columns,
expected_forbidden_columns):
PermissionToMapper.add_permission('get_list', MyModel, permission_list)
result = instance_get_many.permission_for_get(MyModel)
assert result.allow_columns == expected_allow_columns
assert result.forbidden_columns == expected_forbidden_columns
def test_add_permission_success(self, type_):
PermissionToMapper.add_permission(type_, MyModel, self.permissions)
assert getattr(PermissionToMapper, type_)[MyModel.__name__] == {
'model': MyModel,
'permission': self.permissions
}
getattr(PermissionToMapper, type_).clear()
def test_permission_for_delete(self, instance_delete, permission_list,
expected_raise):
PermissionToMapper.add_permission('delete', MyModel, permission_list)
raised = False
try:
instance_delete.permission_for_delete(model=MyModel)
except JsonApiException as e:
raised = True
assert raised is expected_raise
def test__update_qs_fields(self, permission_user, qs, new_fields,
new_include):
PermissionToMapper.add_permission('get', ModelWithMeta,
[SomePermission])
qs = QueryStringManager(qs, ModelWithMetaSchema)
PermissionPlugin._update_qs_fields(
ModelWithMetaSchema.Meta.type_,
list(permission_user.permission_for_get(ModelWithMeta).columns),
qs, 'related_model_id')
assert set(qs.fields['model_with_meta']) == new_fields
assert qs.qs['include'] == new_include
def test_data_layer_update_object_clean_data(self, instance,
sqlalchemy_data_layer,
permission_user):
PermissionToMapper.add_permission('patch', ModelWithMeta,
[SomePermission])
data = {}
result = instance.data_layer_update_object_clean_data(
data=data,
self_json_api=sqlalchemy_data_layer,
view_kwargs={'_permission_user': permission_user})
assert result['patched_by_some_permission']
def test__permission_for_link_schema(self, permission_user):
PermissionToMapper.add_permission('get', ModelWithMeta,
[SomePermission])
schema = ModelWithMetaSchema()
PermissionPlugin._permission_for_link_schema(
schema=schema,
prefix_name_column='',
columns=permission_user.permission_for_get(
ModelWithMeta).columns_and_jsonb_columns)
expected_fields = {'name', 'type', 'description', 'settings'}
# check that only allowed fields are in schema now
assert set(schema.fields.keys()) == set(
schema.dump_fields.keys()) == set(schema.only) == expected_fields
# check that func was applied recursively for nested schema
settings_schema = schema.fields['settings'].schema
assert set(settings_schema.fields.keys()) == set(settings_schema.dump_fields.keys()) == \
set(settings_schema.only) == {'first_attr'}
def test_data_layer_delete_object_clean_data(self, instance,
permission_user,
sqlalchemy_data_layer):
PermissionToMapper.add_permission('delete', ModelWithMeta,
[SomePermission])
obj = mock.Mock()
obj.deletable = True
# doesn't raise for deletable object
instance.data_layer_delete_object_clean_data(
obj=obj,
self_json_api=sqlalchemy_data_layer,
view_kwargs={'_permission_user': permission_user})
obj.deletable = False
with pytest.raises(JsonApiException) as e:
instance.data_layer_delete_object_clean_data(
obj=obj,
self_json_api=sqlalchemy_data_layer,
view_kwargs={'_permission_user': permission_user})
assert e.value.detail == "It is forbidden to delete the object"
def test__is_access_foreign_key(self, permission_user, field_name, result):
PermissionToMapper.add_permission('get', ModelWithMeta,
[SomePermission])
assert result is PermissionPlugin._is_access_foreign_key(
field_name, ModelWithMeta, permission_user)
def test_permission_for_patch_data__with_permissions(
self, instance_patch, data, permission_list, expected_result):
PermissionToMapper.add_permission('patch', MyModel, permission_list)
result = instance_patch.permission_for_patch_data(model=MyModel,
data=data)
assert result == expected_result
def test_add_permission__fail__wrong_type(self):
with pytest.raises(AttributeError):
PermissionToMapper.add_permission('wrong_type', MyModel,
self.permissions)