def test_comparison_operators(self, create_club, role_model_instances):
district1, school1, club1 = role_model_instances()
role1 = Role.create(district1)
role1.permissions.add('modify-district', 'create-school')
role2 = Role.create(district1, school1)
role2.permissions.add('modify-school', 'create-club')
role3 = Role.create(district1, school1, club1)
role3.permissions.add('modify-club')
# Test when exactly equal
assert role1 == role1
# Test when role is higher level than other
assert role1 > role2
assert role1 > role3
assert role2 > role3
# Test when role is less than other
assert role3 < role2
assert role3 < role1
assert role2 < role1
# Test <= and >=
assert role1 >= role2
assert role1 >= role1
assert role2 <= role1
assert role2 <= role2
def test_comparison_method(self, create_club, role_model_instances):
district1, school1, club1 = role_model_instances()
role1 = Role.create(district1)
role1.permissions.add('modify-district', 'create-school')
role2 = Role.create(district1, school1)
role2.permissions.add('modify-school', 'create-club')
role3 = Role.create(district1, school1, club1)
role3.permissions.add('modify-club')
# Test when exactly equal
assert role1._comparison(role1) == 0
# Test when role is higher level than other
assert role1._comparison(role2) == 1
assert role1._comparison(role3) == 1
assert role2._comparison(role3) == 1
# Test when role is less than other
assert role3._comparison(role2) == -1
assert role3._comparison(role1) == -1
assert role2._comparison(role1) == -1
temp_role = Role.create(district1)
temp_role.permissions.add('modify-district')
# Test when same level as other role but more perms
assert role1._comparison(temp_role) == 0
# Test when same level as other role but fewer perms
assert temp_role._comparison(role1) == 0
def test_give_profile_role(self, create_club, create_test_prof, role_model_instances):
prof = create_test_prof(1)
district1, school1, club1 = role_model_instances()
role = Role.create(district1, school1, club1)
role.permissions.add('modify-club')
role.give_role(prof)
role_model = RoleModel.get_role(role)
assert role_model in list(prof.roles.all())
role2 = Role.create(district1, school1, club1)
role_model2 = RoleModel.from_role(role2)
assert role_model2 not in list(prof.roles.all())
def test_allowed_higher_level(self, role_model_instances):
d1, s1, c1 = role_model_instances()
role = Role.create(d1)
input_str = f'District-{d1.id}/School-{s1.id}/perms=[create-club, modify-school]'
assert Role.from_str(input_str).is_allowed(role=role) == True
def test_not_allowed(self, create_club, role_model_instances):
d1, s1, c1 = role_model_instances()
d2, s2, c2 = role_model_instances()
role = Role.create(d1, s1, c1)
role.permissions.add('modify-club')
input_str = f'District-{d2.id}/School-{s2.id}/Club-{c2.id}/perms=[add-admin]'
assert role.is_allowed(role=Role.from_str(input_str)) == False
def create(prof_id, role_objs, is_auth=True, perms=['__all__']):
prof = create_test_prof(num=prof_id)
role = Role.create(*role_objs)
role.permissions.add(*perms)
role.give_role(prof)
client = APIClient()
if is_auth:
client.force_authenticate(user=prof)
return prof, role, client
def test_no_permissions_given(self, role_model_instances, create_test_prof):
prof = create_test_prof(num=1)
district1, school1, club1 = role_model_instances()
role = Role.create(district1, school1, club1)
assert role.is_allowed(user=prof) is False
role.give_role(prof)
assert role.is_allowed(user=prof) is True
def test_is_allowed_user(self, role_model_instances, create_test_prof):
prof = create_test_prof(num=1)
district1, school1, club1 = role_model_instances()
role = Role.create(district1, school1, club1)
role.permissions.add('modify-club')
assert role.is_allowed(user=prof) is False
role.give_role(prof)
assert role.is_allowed(user=prof) is True
def test_move_up_levels(self, role_model_instances, create_test_prof):
district1, school1, club1 = role_model_instances()
role = Role.create(district1, school1, club1)
new_role = role.go_up_levels(times=1, perms=['modify-school'])
assert Role.create(district1, school1) == new_role
assert new_role.permissions.permissions == {'modify-school'}
role = Role.create(district1, school1, club1)
new_role = role.go_up_levels(
times=2, perms=['create-school', 'modify-district'])
assert Role.create(district1) == new_role
assert new_role.permissions.permissions == {
'create-school', 'modify-district'}
# Goes outside of possible roles
with pytest.raises(AssertionError):
role = Role.create(district1, school1, club1)
assert role.go_up_levels(times=3)
# Permissions not valid for new role
with pytest.raises(AssertionError):
role = Role.create(district1, school1, club1)
assert role.go_up_levels(
times=2, perms=['perms not in permissions'])
def test_str_matches(self, role_model_instances, perm_const_override):
district1, school1, club1 = role_model_instances()
test_hier = PermConst.Hierarchy(District, School, Club, name="test_hier", poss_perms=[
'some_str', 'other_str'])
role = Role.create(district1, school1, club1)
role.hierarchy = test_hier
role.permissions.hierarchy = test_hier
perms = role.hierarchy.poss_perms
role.permissions.add('some_str', 'other_str')
expected = 'District-1/School-1/Club-1/perms=[some_str, other_str]'
def test_role_from_str_given_perms(self, role_model_instances):
d1, s1, c1 = role_model_instances()
# The possible perms for School Admins are 'create-club', 'modify-school', 'hide-school'
role_expected = Role.create(d1, s1)
role_expected.permissions.add('modify-school', 'hide-school')
given_str = f'District-{d1.id}/School-{s1.id}'
role_test = Role.from_str(
given_str, perms=['modify-school', 'hide-school'])
assert str(role_expected) == str(role_test)
def test_is_allowed_perms_1_layer_multi_param_str(self, role_model_instances):
d1, s1, c1 = role_model_instances()
role = Role.create(d1)
role.permissions.add('modify-district', 'create-school')
input_str = f'District-{d1.id}/perms=[modify-district]'
assert role.is_allowed(role=Role.from_str(input_str)) is False
input_str = f'District-{d1.id}/perms=[create-school, modify-district]'
assert role.is_allowed(role=Role.from_str(input_str)) is True
input_str = f'District-{d1.id}/perms=[]'
assert role.is_allowed(role=Role.from_str(input_str)) is False
def test_higher_access_level(self, perm_const_override, create_test_prof, role_model_instances, role_test_data):
min_role, min_perms = role_test_data
district1, school1, club1 = role_model_instances()
start_model = school1
min_role = Role.from_start_model(start_model)
min_role.permissions.add(*min_perms)
# Case 5 -- Higher level access same school
district_admin = create_test_prof(num=1)
valid_role = Role.create(district1)
valid_role.give_role(district_admin)
assert min_role.is_allowed(user=district_admin) is True
def test_same_access_level_diff_perms(self, perm_const_override, create_test_prof, role_model_instances, role_test_data):
min_role, min_perms = role_test_data
district1, school1, club1 = role_model_instances()
start_model = school1
min_role = Role.from_start_model(start_model)
min_role.permissions.add(*min_perms)
# Case 3 -- Same level access but does not have right permission
school_admin = create_test_prof(num=1)
invalid_role = Role.create(district1, school1)
invalid_role.permissions.add('hide-school')
assert min_role.is_allowed(user=school_admin) is False
def test_role_from_str(self, role_model_instances):
d1, s1, c1 = role_model_instances()
# The possible perms for School Admins are 'create-club', 'modify-school', 'hide-school'
role_expected = Role.create(d1, s1)
role_expected.permissions.add('modify-school', 'hide-school')
perm_str = f'District-{d1.id}/School-{s1.id}/perms=[modify-school, hide-school]'
role_test = Role.from_str(perm_str)
assert str(role_expected) == str(role_test)
perm_str = f'District-{d1.id}/School-{s1.id}/perms=[]'
role_test = Role.from_str(perm_str)
assert role_test.permissions.permissions == set()
def test_low_access_level(self, perm_const_override, create_test_prof, role_model_instances, role_test_data):
min_hier, min_perms = role_test_data
district1, school1, club1 = role_model_instances()
start_model = school1
min_role = Role.from_start_model(start_model)
min_role.permissions.add(*min_perms)
# Case 1 -- Lower access user tries to access higher permission level resource
club_editor = create_test_prof(num=1)
invalid_role = Role.create(district1, school1, club1)
invalid_role.permissions.add('modify-club')
invalid_role.give_role(club_editor)
assert min_role.is_allowed(user=club_editor) is False
def test_same_access_level(self, perm_const_override, create_test_prof, role_model_instances, role_test_data):
min_role, min_perms = role_test_data
district1, school1, club1 = role_model_instances()
start_model = school1
min_role = Role.from_start_model(start_model)
min_role.permissions.add(*min_perms)
# Case 2 -- Same level access with correct permission tries to access resource
school_admin = create_test_prof(num=1)
valid_role = Role.create(district1, school1)
valid_role.permissions.add('modify-school', 'hide-school')
valid_role.give_role(school_admin)
assert min_role.is_allowed(user=school_admin) is True
def test_reset_perms(self, role_model_instances, create_test_prof):
district1, school1, club1 = role_model_instances()
role = Role.create(district1, school1, club1)
role.permissions.add('modify-club')
assert role.permissions.permissions == {'modify-club'}
role.reset_perms()
assert role.permissions.permissions == set()
assert role.hierarchy == role.permissions.hierarchy
role.reset_perms(['modify-club', 'add-admin'])
assert role.permissions.permissions == {'modify-club', 'add-admin'}
with pytest.raises(AssertionError):
assert role.reset_perms(['modify-club', 'blah-blah'])
def test_is_allowed_perms_3_layer_str(self, create_club, role_model_instances):
d1, s1, c1 = role_model_instances()
role = Role.create(d1)
role.permissions.add('modify-district', 'create-school')
# Check that School-2 is a part of District-1, and Club-52 is a part of School-2
input_str = f'District-{d1.id}/School-{s1.id}/Club-{c1.id}/perms=[modify-club]'
assert Role.from_str(input_str).is_allowed(role=role) == True
d2, s2, c2 = role_model_instances()
# Check that School-5 is not a part of District-1 and Club-1 not part of School-5, raises exception
input_str = f'District-{d1.id}/School-{s2.id}/Club-{c2.id}/perms=[update-club]'
with pytest.raises(InvalidRoleCreated):
assert role.is_allowed(role=Role.from_str(input_str))
def test_same_access_level_diff_inst(self, perm_const_override, create_test_prof, role_model_instances, role_test_data):
min_role, min_perms = role_test_data
district1, school1, club1 = role_model_instances()
start_model = school1
min_role = Role.from_start_model(start_model)
min_role.permissions.add(*min_perms)
# Case 4 -- Same level access but on a different school instance
school_admin = create_test_prof(num=1)
district2, school2, club2 = role_model_instances()
invalid_role = Role.create(district2, school2)
invalid_role.permissions.add('modify-school')
invalid_role.give_role(school_admin)
assert min_role.is_allowed(user=school_admin) is False
def test_give_role_same_obj_twice(self, create_test_prof, role_model_instances):
# Check that a new RoleModel is not created each time a prof is given a role. It should just be appended
# Added to test found bug
prof = create_test_prof(1)
district1, school1, club1 = role_model_instances()
role = Role.create(district1, school1, club1)
role.permissions.add('modify-club')
role.give_role(prof)
role.permissions.add('hide-club')
role.give_role(prof)
prof.refresh_from_db()
assert prof.roles.filter(role_name=role.role_str).count() == 1
def test_uncomparable_exception(self, create_club, role_model_instances):
district1, school1, club1 = role_model_instances()
district2, school2, club2 = role_model_instances()
role1 = Role.create(district1)
role2 = Role.create(district1, school1)
role3 = Role.create(district1, school1, club1)
role_a = [role1, role2, role3]
role4 = Role.create(district2)
role5 = Role.create(district2, school2)
role6 = Role.create(district2, school2, club2)
role_b = [role4, role5, role6]
for r_a in role_a:
for r_b in role_b:
with pytest.raises(RoleNotComparable):
assert r_a._check_comparable(r_b)
def test_create_role_2_layers(self, role_model_instances):
d1, s1, c1 = role_model_instances()
role = Role.create(d1, s1, role=PermConst.SCHOOL_ADMIN)
assert str(role) == f'District-{d1.id}/School-{s1.id}/perms=[]'
def test_create_role_1_layer(self, role_model_instances):
d1, s1, c1 = role_model_instances()
role = Role.create(d1, role=PermConst.DISTRICT_ADMIN)
assert str(role) == f'District-{d1.id}/perms=[]'
def test_object_inst_string_perm(self, role_model_instances):
district1, school1, club1 = role_model_instances()
role = Role.create(district1, school1, club1)
role.permissions.add('add-admin')
assert role.highest_level_str == f"Club-{club1.id}/perms=[add-admin]"
def test_role_matcher(self, role_model_instances):
district1, school1, club1 = role_model_instances()
role = Role.create(district1)
assert role.hierarchy.name == PermConst.DISTRICT_ADMIN
def test_create_role_3_layers(self, create_club, role_model_instances):
d1, s1, c1 = role_model_instances()
role = Role.create(d1, s1, c1, role=PermConst.CLUB_EDITOR)
assert str(
role) == f'District-{d1.id}/School-{s1.id}/Club-{c1.id}/perms=[]'
