def test_resource_groups_for_any_perm_just_group_perms_limited_empty_group( self, db_session): self.maxDiff = 99999 self.set_up_user_group_and_perms(db_session) user6 = add_user(db_session, 6, "user 6") user7 = add_user(db_session, 7, "user 7") perm2 = GroupResourcePermission(perm_name="group_perm2", resource_id=self.resource.resource_id) self.group.resource_permissions.append(perm2) self.group.users.append(user6) self.group.users.append(user7) group3 = add_group(db_session, "Empty group") perm3 = GroupResourcePermission(perm_name="group_permx", resource_id=self.resource.resource_id) group3.resource_permissions.append(perm3) perms = ResourceService.groups_for_perm( self.resource, "__any_permission__", limit_group_permissions=True, db_session=db_session, ) second = [ PermissionTuple(None, "group_perm", "group", self.group, self.resource, False, True), PermissionTuple(None, "group_perm2", "group", self.group, self.resource, False, True), PermissionTuple(None, "group_perm", "group", self.group2, self.resource, False, True), PermissionTuple(None, "group_permx", "group", group3, self.resource, False, True), ] check_one_in_other(perms, second)
def test_resource_groups_for_any_perm_just_group_perms_limited_empty_group( self, db_session): self.maxDiff = 99999 self.set_up_user_group_and_perms(db_session) user6 = add_user(db_session, 6, 'user 6') user7 = add_user(db_session, 7, 'user 7') perm2 = GroupResourcePermission(perm_name='group_perm2', resource_id=self.resource.resource_id) self.group.resource_permissions.append(perm2) self.group.users.append(user6) self.group.users.append(user7) group3 = add_group(db_session, 'Empty group') perm3 = GroupResourcePermission(perm_name='group_permx', resource_id=self.resource.resource_id) group3.resource_permissions.append(perm3) perms = self.resource.groups_for_perm('__any_permission__', limit_group_permissions=True, db_session=db_session) second = [ PermissionTuple(None, 'group_perm', 'group', self.group, self.resource, False, True), PermissionTuple(None, 'group_perm2', 'group', self.group, self.resource, False, True), PermissionTuple(None, 'group_perm', 'group', self.group2, self.resource, False, True), PermissionTuple(None, 'group_permx', 'group', group3, self.resource, False, True) ] check_one_in_other(perms, second)
def test_resource_users_limited_group_ownage(self, db_session): self.maxDiff = 9999 self.set_up_user_group_and_perms(db_session) resource = TestResourceB(resource_id=99, resource_name='other', owner_user_id=self.user2.id) group3 = add_group(db_session, 'group 3') user2_permission = UserResourcePermission( perm_name='foo_perm', user_id=self.user2.id, ) group3_permission = GroupResourcePermission(perm_name='group_perm', group_id=group3.id) resource.group_permissions.append(group3_permission) resource.user_permissions.append(user2_permission) group3.users.append(self.user3) self.user.resources.append(resource) self.group2.resources.append(resource) db_session.flush() perms = resource.users_for_perm('__any_permission__', db_session=db_session) second = [ PermissionTuple(self.user2, 'foo_perm', 'user', None, resource, False, True), PermissionTuple(self.user, ALL_PERMISSIONS, 'user', None, resource, True, True), PermissionTuple(self.user4, ALL_PERMISSIONS, 'group', self.group2, resource, True, True), PermissionTuple(self.user3, 'group_perm', 'group', group3, resource, False, True) ] check_one_in_other(perms, second)
def test_resource_groups_for_any_perm_additional_users(self, db_session): self.maxDiff = 99999 self.set_up_user_group_and_perms(db_session) user6 = add_user(db_session, 6, 'user 6') user7 = add_user(db_session, 7, 'user 7') perm2 = GroupResourcePermission(perm_name='group_perm2', resource_id=self.resource.resource_id) self.group.resource_permissions.append(perm2) self.group.users.append(user6) self.group.users.append(user7) perms = self.resource.groups_for_perm('__any_permission__', db_session=db_session) second = [ PermissionTuple(self.user, 'group_perm', 'group', self.group, self.resource, False, True), PermissionTuple(user6, 'group_perm', 'group', self.group, self.resource, False, True), PermissionTuple(user7, 'group_perm', 'group', self.group, self.resource, False, True), PermissionTuple(self.user, 'group_perm2', 'group', self.group, self.resource, False, True), PermissionTuple(user6, 'group_perm2', 'group', self.group, self.resource, False, True), PermissionTuple(user7, 'group_perm2', 'group', self.group, self.resource, False, True), PermissionTuple(self.user4, 'group_perm', 'group', self.group2, self.resource, False, True), ] check_one_in_other(perms, second)
def test_resource_users_for_any_perm_excluding_group_perms( self, db_session): self.maxDiff = 99999 self.set_up_user_group_and_perms(db_session) user6 = add_user(db_session, 6, "user 6") user7 = add_user(db_session, 7, "user 7") perm2 = GroupResourcePermission(perm_name="group_perm2", resource_id=self.resource.resource_id) self.group.resource_permissions.append(perm2) self.group.users.append(user6) self.group.users.append(user7) perms = ResourceService.users_for_perm( self.resource, "__any_permission__", limit_group_permissions=True, skip_group_perms=True, db_session=db_session, ) second = [ PermissionTuple(self.user, "test_perm2", "user", None, self.resource, False, True), PermissionTuple(self.user, "foo_perm", "user", None, self.resource, False, True), ] check_one_in_other(perms, second)
def test_resource_users_limited_group_ownage(self, db_session): self.maxDiff = 9999 self.set_up_user_group_and_perms(db_session) resource = ResourceTestobjB(resource_id=99, resource_name="other", owner_user_id=self.user2.id) group3 = add_group(db_session, "group 3") user2_permission = UserResourcePermission(perm_name="foo_perm", user_id=self.user2.id) group3_permission = GroupResourcePermission(perm_name="group_perm", group_id=group3.id) resource.group_permissions.append(group3_permission) resource.user_permissions.append(user2_permission) group3.users.append(self.user3) self.user.resources.append(resource) self.group2.resources.append(resource) db_session.flush() perms = ResourceService.users_for_perm(resource, "__any_permission__", db_session=db_session) second = [ PermissionTuple(self.user2, "foo_perm", "user", None, resource, False, True), PermissionTuple(self.user, ALL_PERMISSIONS, "user", None, resource, True, True), PermissionTuple(self.user4, ALL_PERMISSIONS, "group", self.group2, resource, True, True), PermissionTuple(self.user3, "group_perm", "group", group3, resource, False, True), ] check_one_in_other(perms, second)
def test_resources_with_wrong_group_permission(self, db_session): created_user = add_user(db_session) resource = add_resource(db_session, 1, 'test_resource') group = add_group(db_session, ) group.users.append(created_user) group_permission = GroupResourcePermission( perm_name='test_perm_bad', group_id=group.id, resource_id=resource.resource_id) with pytest.raises(AssertionError): resource.group_permissions.append(group_permission)
def test_resources_with_group_permission(self, db_session): created_user = add_user(db_session) resource = add_resource(db_session, 1, "test_resource") resource2 = add_resource(db_session, 2, "test_resource2") add_resource(db_session, 3, "test_resource3") group = add_group(db_session) group.users.append(created_user) group_permission = GroupResourcePermission( perm_name="test_perm", group_id=1, resource_id=resource.resource_id) group_permission2 = GroupResourcePermission( perm_name="foo_perm", group_id=1, resource_id=resource2.resource_id) resource.group_permissions.append(group_permission) resource2.group_permissions.append(group_permission2) db_session.flush() resources = UserService.resources_with_perms( created_user, ["foo_perm"], db_session=db_session).all() assert resources[0] == resource2
def test_resources_with_group_permission(self, db_session): created_user = add_user(db_session) resource = add_resource(db_session, 1, 'test_resource') resource2 = add_resource(db_session, 2, 'test_resource2') add_resource(db_session, 3, 'test_resource3') group = add_group(db_session, ) group.users.append(created_user) group_permission = GroupResourcePermission( perm_name='test_perm', group_id=1, resource_id=resource.resource_id) group_permission2 = GroupResourcePermission( perm_name='foo_perm', group_id=1, resource_id=resource2.resource_id) resource.group_permissions.append(group_permission) resource2.group_permissions.append(group_permission2) db_session.flush() resources = created_user.resources_with_perms( ['foo_perm'], db_session=db_session).all() assert resources[0] == resource2
def test_resource_groups_for_any_perm_additional_users(self, db_session): self.maxDiff = 99999 self.set_up_user_group_and_perms(db_session) user6 = add_user(db_session, 6, "user 6") user7 = add_user(db_session, 7, "user 7") perm2 = GroupResourcePermission(perm_name="group_perm2", resource_id=self.resource.resource_id) self.group.resource_permissions.append(perm2) self.group.users.append(user6) self.group.users.append(user7) perms = ResourceService.groups_for_perm(self.resource, "__any_permission__", db_session=db_session) second = [ PermissionTuple(self.user, "group_perm", "group", self.group, self.resource, False, True), PermissionTuple(user6, "group_perm", "group", self.group, self.resource, False, True), PermissionTuple(user7, "group_perm", "group", self.group, self.resource, False, True), PermissionTuple( self.user, "group_perm2", "group", self.group, self.resource, False, True, ), PermissionTuple(user6, "group_perm2", "group", self.group, self.resource, False, True), PermissionTuple(user7, "group_perm2", "group", self.group, self.resource, False, True), PermissionTuple( self.user4, "group_perm", "group", self.group2, self.resource, False, True, ), ] check_one_in_other(perms, second)
def test_resources_with_possible_perms_group2(self, db_session): self.set_up_user_group_and_perms(db_session) resource3 = add_resource_b(db_session, 3, "other resource") self.group2.resources.append(resource3) group_permission2 = GroupResourcePermission(perm_name="group_perm2", group_id=self.group2.id) self.resource2.group_permissions.append(group_permission2) perms = GroupService.resources_with_possible_perms(self.group2) second = [ PermissionTuple(None, "group_perm", "group", self.group2, self.resource, False, True), PermissionTuple(None, "group_perm2", "group", self.group2, self.resource2, False, True), PermissionTuple(None, ALL_PERMISSIONS, "group", self.group2, resource3, True, True), ] check_one_in_other(perms, second)
def test_group_resource_permission(self, db_session): self.set_up_user_group_and_perms(db_session) resource3 = add_resource_b(db_session, 3, 'other resource') db_session.flush() group_permission2 = GroupResourcePermission( perm_name='group_perm2', group_id=self.group2.id, ) row = GroupResourcePermissionService.get( group_id=self.group2.id, resource_id=self.resource2.resource_id, perm_name='group_perm2', db_session=db_session) assert row is None self.resource2.group_permissions.append(group_permission2) row = GroupResourcePermissionService.get( group_id=self.group2.id, resource_id=self.resource2.resource_id, perm_name='group_perm2', db_session=db_session) assert row is not None
def test_resources_with_possible_perms_group2(self, db_session): self.set_up_user_group_and_perms(db_session) resource3 = add_resource_b(db_session, 3, 'other resource') self.group2.resources.append(resource3) group_permission2 = GroupResourcePermission( perm_name='group_perm2', group_id=self.group2.id, ) self.resource2.group_permissions.append(group_permission2) perms = self.group2.resources_with_possible_perms() second = [ PermissionTuple(None, 'group_perm', 'group', self.group2, self.resource, False, True), PermissionTuple(None, 'group_perm2', 'group', self.group2, self.resource2, False, True), PermissionTuple(None, ALL_PERMISSIONS, 'group', self.group2, resource3, True, True), ] check_one_in_other(perms, second)
def test_resource_users_for_any_perm_excluding_group_perms( self, db_session): self.maxDiff = 99999 self.set_up_user_group_and_perms(db_session) user6 = add_user(db_session, 6, 'user 6') user7 = add_user(db_session, 7, 'user 7') perm2 = GroupResourcePermission(perm_name='group_perm2', resource_id=self.resource.resource_id) self.group.resource_permissions.append(perm2) self.group.users.append(user6) self.group.users.append(user7) perms = self.resource.users_for_perm('__any_permission__', limit_group_permissions=True, skip_group_perms=True, db_session=db_session) second = [ PermissionTuple(self.user, 'test_perm2', 'user', None, self.resource, False, True), PermissionTuple(self.user, 'foo_perm', 'user', None, self.resource, False, True) ] check_one_in_other(perms, second)
def set_up_user_group_and_perms(self, db_session): """ perm map: username: first_user : root, alter_users res_perms: r1:g1:foo_perm, r1:g1:test_perm2 foouser: user_perms : custom res_perms: r2:foo_perm baruser: user_perms : root, alter_users res_perms: r2:test_perm bazuser: user_perms : root, alter_users res_perms: r1:g2:group_perm """ created_user = add_user(db_session, user_name="first_user") created_user2 = add_user(db_session, user_name="foouser", email="new_email", perms=["custom"]) created_user3 = add_user(db_session, user_name="baruser", email="new_email2") created_user4 = add_user(db_session, user_name="bazuser", email="new_email3") resource = add_resource(db_session, 1, "test_resource") resource2 = add_resource_b(db_session, 2, "other_resource") group = add_group(db_session) group2 = add_group(db_session, group_name="group2") group.users.append(created_user) group2.users.append(created_user4) group_permission = GroupResourcePermission(perm_name="group_perm", group_id=group.id) group_permission2 = GroupResourcePermission(perm_name="group_perm", group_id=group2.id) user_permission = UserResourcePermission(perm_name="test_perm2", user_id=created_user.id) user_permission2 = UserResourcePermission(perm_name="foo_perm", user_id=created_user.id) user2_permission = UserResourcePermission(perm_name="foo_perm", user_id=created_user2.id) user3_permission = UserResourcePermission(perm_name="test_perm", user_id=created_user3.id) resource.group_permissions.append(group_permission) resource.group_permissions.append(group_permission2) resource.user_permissions.append(user_permission) resource.user_permissions.append(user_permission2) resource2.user_permissions.append(user2_permission) resource2.user_permissions.append(user3_permission) db_session.flush() self.resource = resource self.resource2 = resource2 self.user = created_user self.user2 = created_user2 self.user3 = created_user3 self.user4 = created_user4 self.group = group self.group2 = group2
def test_repr(self, db_session): group_resource_perm = GroupResourcePermission(group_id=1, resource_id=1, perm_name="perm") assert repr( group_resource_perm) == "<GroupResourcePermission: g:1, perm, r:1>"
def set_up_user_group_and_perms(self, db_session): """ perm map: username: first_user : root, alter_users res_perms: r1:g1:foo_perm, r1:g1:test_perm2 foouser: user_perms : custom res_perms: r2:foo_perm baruser: user_perms : root, alter_users res_perms: r2:test_perm bazuser: user_perms : root, alter_users res_perms: r1:g2:group_perm """ created_user = add_user(db_session, user_name="first_user") created_user2 = add_user(db_session, user_name='foouser', email='new_email', perms=['custom']) created_user3 = add_user(db_session, user_name='baruser', email='new_email2') created_user4 = add_user(db_session, user_name='bazuser', email='new_email3') resource = add_resource(db_session, 1, 'test_resource') resource2 = add_resource_b(db_session, 2, 'other_resource') group = add_group(db_session, ) group2 = add_group(db_session, group_name='group2') group.users.append(created_user) group2.users.append(created_user4) group_permission = GroupResourcePermission( perm_name='group_perm', group_id=group.id, ) group_permission2 = GroupResourcePermission( perm_name='group_perm', group_id=group2.id, ) user_permission = UserResourcePermission( perm_name='test_perm2', user_id=created_user.id, ) user_permission2 = UserResourcePermission( perm_name='foo_perm', user_id=created_user.id, ) user2_permission = UserResourcePermission( perm_name='foo_perm', user_id=created_user2.id, ) user3_permission = UserResourcePermission( perm_name='test_perm', user_id=created_user3.id, ) resource.group_permissions.append(group_permission) resource.group_permissions.append(group_permission2) resource.user_permissions.append(user_permission) resource.user_permissions.append(user_permission2) resource2.user_permissions.append(user2_permission) resource2.user_permissions.append(user3_permission) db_session.flush() self.resource = resource self.resource2 = resource2 self.user = created_user self.user2 = created_user2 self.user3 = created_user3 self.user4 = created_user4 self.group = group self.group2 = group2