def test_data_layer_get_collection_update_query(self, mock_eagerload_includes, instance, permission_user, session, sqlalchemy_data_layer): PermissionToMapper.add_permission('get', ModelWithMeta, [PermissionWithJoinsAndFilters]) kwargs = dict(query=session.query(ModelWithMeta), qs=QueryStringManager( {'fields[model_with_meta]': 'type,flags'}, ModelWithMetaSchema), self_json_api=sqlalchemy_data_layer, view_kwargs={'_permission_user': permission_user}) result = instance.data_layer_get_collection_update_query(**kwargs) permission_get = permission_user.permission_for_get(ModelWithMeta) expected_query = str( session.query(ModelWithMeta) # check that joins and filters from permission were applied .join(*permission_get.joins[0]).filter(*permission_get.filters) # and only requested and allowed fields were selected .with_entities(ModelWithMeta.id, ModelWithMeta.type).statement) assert str(result.statement) == expected_query
def test_permission_for_patch_permission__with_permissions( self, instance_patch, permission_list, expected_allow_columns, expected_forbidden_columns): PermissionToMapper.add_permission('patch', MyModel, permission_list) result = instance_patch.permission_for_patch_permission(MyModel) assert result.allow_columns == expected_allow_columns assert result.forbidden_columns == expected_forbidden_columns
def test_permission_for_get__many__with_permissions( self, instance_get_many, permission_list, expected_allow_columns, expected_forbidden_columns): PermissionToMapper.add_permission('get_list', MyModel, permission_list) result = instance_get_many.permission_for_get(MyModel) assert result.allow_columns == expected_allow_columns assert result.forbidden_columns == expected_forbidden_columns
def test_add_permission_success(self, type_): PermissionToMapper.add_permission(type_, MyModel, self.permissions) assert getattr(PermissionToMapper, type_)[MyModel.__name__] == { 'model': MyModel, 'permission': self.permissions } getattr(PermissionToMapper, type_).clear()
def test_permission_for_delete(self, instance_delete, permission_list, expected_raise): PermissionToMapper.add_permission('delete', MyModel, permission_list) raised = False try: instance_delete.permission_for_delete(model=MyModel) except JsonApiException as e: raised = True assert raised is expected_raise
def test__update_qs_fields(self, permission_user, qs, new_fields, new_include): PermissionToMapper.add_permission('get', ModelWithMeta, [SomePermission]) qs = QueryStringManager(qs, ModelWithMetaSchema) PermissionPlugin._update_qs_fields( ModelWithMetaSchema.Meta.type_, list(permission_user.permission_for_get(ModelWithMeta).columns), qs, 'related_model_id') assert set(qs.fields['model_with_meta']) == new_fields assert qs.qs['include'] == new_include
def test_data_layer_update_object_clean_data(self, instance, sqlalchemy_data_layer, permission_user): PermissionToMapper.add_permission('patch', ModelWithMeta, [SomePermission]) data = {} result = instance.data_layer_update_object_clean_data( data=data, self_json_api=sqlalchemy_data_layer, view_kwargs={'_permission_user': permission_user}) assert result['patched_by_some_permission']
def test__permission_for_link_schema(self, permission_user): PermissionToMapper.add_permission('get', ModelWithMeta, [SomePermission]) schema = ModelWithMetaSchema() PermissionPlugin._permission_for_link_schema( schema=schema, prefix_name_column='', columns=permission_user.permission_for_get( ModelWithMeta).columns_and_jsonb_columns) expected_fields = {'name', 'type', 'description', 'settings'} # check that only allowed fields are in schema now assert set(schema.fields.keys()) == set( schema.dump_fields.keys()) == set(schema.only) == expected_fields # check that func was applied recursively for nested schema settings_schema = schema.fields['settings'].schema assert set(settings_schema.fields.keys()) == set(settings_schema.dump_fields.keys()) == \ set(settings_schema.only) == {'first_attr'}
def test_data_layer_delete_object_clean_data(self, instance, permission_user, sqlalchemy_data_layer): PermissionToMapper.add_permission('delete', ModelWithMeta, [SomePermission]) obj = mock.Mock() obj.deletable = True # doesn't raise for deletable object instance.data_layer_delete_object_clean_data( obj=obj, self_json_api=sqlalchemy_data_layer, view_kwargs={'_permission_user': permission_user}) obj.deletable = False with pytest.raises(JsonApiException) as e: instance.data_layer_delete_object_clean_data( obj=obj, self_json_api=sqlalchemy_data_layer, view_kwargs={'_permission_user': permission_user}) assert e.value.detail == "It is forbidden to delete the object"
def test__is_access_foreign_key(self, permission_user, field_name, result): PermissionToMapper.add_permission('get', ModelWithMeta, [SomePermission]) assert result is PermissionPlugin._is_access_foreign_key( field_name, ModelWithMeta, permission_user)
def test_permission_for_patch_data__with_permissions( self, instance_patch, data, permission_list, expected_result): PermissionToMapper.add_permission('patch', MyModel, permission_list) result = instance_patch.permission_for_patch_data(model=MyModel, data=data) assert result == expected_result
def test_add_permission__fail__wrong_type(self): with pytest.raises(AttributeError): PermissionToMapper.add_permission('wrong_type', MyModel, self.permissions)