def test_from_start_model(self, role_model_instances):
d1, s1, c1 = role_model_instances()
district_admin_role = Role.from_start_model(d1)
assert str(district_admin_role) == f'District-{d1.id}/perms=[]'
school_admin_role = Role.from_start_model(s1)
assert str(
school_admin_role) == f'District-{d1.id}/School-{s1.id}/perms=[]'
club_admin_role = Role.from_start_model(c1)
assert str(
club_admin_role) == f'District-{d1.id}/School-{s1.id}/Club-{c1.id}/perms=[]'
def test_create(self, db, role_model_instances):
d1, s1, c1 = role_model_instances()
r1 = Role.from_start_model(c1)
r1_model = RoleModel.from_role(r1)
invited = InvitedUser.create("*****@*****.**", roles=[r1])
assert invited.email == "*****@*****.**"
assert list(invited.roles.all()) == [r1_model]
def test_get_admins(self, role_model_instances, create_test_prof):
d1, s1, c1 = role_model_instances()
profiles = [create_test_prof(i) for i in range(2)]
role = Role.from_start_model(s1)
role.permissions.add('modify-school')
for prof in profiles:
role.give_role(prof)
role2 = Role.from_start_model(s1)
role2.permissions.add('hide-club')
other_prof = create_test_prof(3)
role2.give_role(other_prof)
assert list(role.get_admins()) == profiles
assert role.get_admins(perms=['create-club']) == None
assert set(role.get_admins(perms=['__any__'])) == set(
[other_prof, *profiles])
def test_user_create_from_invited(self, role_model_instances):
d1, s1, c1 = role_model_instances()
d2, s2, c2 = role_model_instances()
r1 = Role.from_start_model(c1)
r2 = Role.from_start_model(c2)
r1_model = RoleModel.from_role(r1)
r2_model = RoleModel.from_role(r2)
invited = InvitedUser.create(email="*****@*****.**", roles=[r1, r2])
invited_roles = list(invited.roles.all())
user = Profile.create_profile(email="*****@*****.**",
password="******",
first="a",
last="b")
assert invited_roles == list(user.roles.all())
# Make sure the invited user model is deleted
assert not InvitedUser.objects.filter(email="*****@*****.**").exists()
def test_get_editors(db, role_model_instances, create_test_prof,
perm_const_override):
d1, s1, c1 = role_model_instances()
profiles = [create_test_prof(i) for i in range(3)]
role = Role.from_start_model(c1)
role.permissions.add('hide-club')
for prof in profiles:
role.give_role(prof)
# Tests what happens if there are multiple RoleModel instances with the same role_name
role2 = Role.from_start_model(c1)
role2.permissions.add('add-admin')
profiles.append(create_test_prof(4))
role2.give_role(profiles[-1])
for prof in profiles:
assert prof in list(c1.editors)
def test_highest_level_str(self, perm_const_override, create_test_prof,
role_model_instances):
prof = create_test_prof(1)
district1, school1, club1 = role_model_instances()
role = Role.from_start_model(school1)
role.permissions.add('create-club')
role.give_role(prof)
hier_perm = RoleModel.get_role(role)
assert hier_perm.highest_level_str == f'School-{school1.id}/perms=[create-club]'
def test_get_admin_invited_users(self, role_model_instances):
d1, s1, c1 = role_model_instances()
role = Role.from_start_model(s1)
role.permissions.add('modify-school')
inv1 = InvitedUser.create(email="*****@*****.**", roles=[role])
inv2 = InvitedUser.create(email="*****@*****.**", roles=[role])
inv3 = InvitedUser.create(email="*****@*****.**", roles=[role])
invited = [inv1, inv2, inv3]
assert list(role.get_admins(invited=True)) == invited
def test_higher_access_level(self, perm_const_override, create_test_prof, role_model_instances, role_test_data):
min_role, min_perms = role_test_data
district1, school1, club1 = role_model_instances()
start_model = school1
min_role = Role.from_start_model(start_model)
min_role.permissions.add(*min_perms)
# Case 5 -- Higher level access same school
district_admin = create_test_prof(num=1)
valid_role = Role.create(district1)
valid_role.give_role(district_admin)
assert min_role.is_allowed(user=district_admin) is True
def test_same_access_level_diff_perms(self, perm_const_override, create_test_prof, role_model_instances, role_test_data):
min_role, min_perms = role_test_data
district1, school1, club1 = role_model_instances()
start_model = school1
min_role = Role.from_start_model(start_model)
min_role.permissions.add(*min_perms)
# Case 3 -- Same level access but does not have right permission
school_admin = create_test_prof(num=1)
invalid_role = Role.create(district1, school1)
invalid_role.permissions.add('hide-school')
assert min_role.is_allowed(user=school_admin) is False
def test_profile_serialize_permissions(self, db, role_model_instances,
perm_const_override,
create_test_prof):
d1, s1, c1 = role_model_instances()
prof = create_test_prof(1)
role = Role.from_start_model(c1)
role.permissions.add('modify-club', 'add-admin')
role.give_role(prof)
role = Role.from_start_model(s1)
role.permissions.allow_all_perms()
role.give_role(prof)
expected = {
'id':
prof.id,
'email':
prof.email,
'first_name':
prof.first_name,
'last_name':
prof.last_name,
'school':
None,
'district':
None,
'is_anon':
prof.is_anon,
'permissions': [
f'Club-{c1.id}/perms=[add-admin, modify-club]',
f'School-{s1.id}/perms=[__all__]',
],
'joined_clubs': [],
}
assert ProfileSerializer(prof).data == expected
def test_same_access_level(self, perm_const_override, create_test_prof, role_model_instances, role_test_data):
min_role, min_perms = role_test_data
district1, school1, club1 = role_model_instances()
start_model = school1
min_role = Role.from_start_model(start_model)
min_role.permissions.add(*min_perms)
# Case 2 -- Same level access with correct permission tries to access resource
school_admin = create_test_prof(num=1)
valid_role = Role.create(district1, school1)
valid_role.permissions.add('modify-school', 'hide-school')
valid_role.give_role(school_admin)
assert min_role.is_allowed(user=school_admin) is True
def test_low_access_level(self, perm_const_override, create_test_prof, role_model_instances, role_test_data):
min_hier, min_perms = role_test_data
district1, school1, club1 = role_model_instances()
start_model = school1
min_role = Role.from_start_model(start_model)
min_role.permissions.add(*min_perms)
# Case 1 -- Lower access user tries to access higher permission level resource
club_editor = create_test_prof(num=1)
invalid_role = Role.create(district1, school1, club1)
invalid_role.permissions.add('modify-club')
invalid_role.give_role(club_editor)
assert min_role.is_allowed(user=club_editor) is False
def test_same_access_level_diff_inst(self, perm_const_override, create_test_prof, role_model_instances, role_test_data):
min_role, min_perms = role_test_data
district1, school1, club1 = role_model_instances()
start_model = school1
min_role = Role.from_start_model(start_model)
min_role.permissions.add(*min_perms)
# Case 4 -- Same level access but on a different school instance
school_admin = create_test_prof(num=1)
district2, school2, club2 = role_model_instances()
invalid_role = Role.create(district2, school2)
invalid_role.permissions.add('modify-school')
invalid_role.give_role(school_admin)
assert min_role.is_allowed(user=school_admin) is False
def test_valid_data(self, perm_const_override, create_test_prof,
role_model_instances):
d1, s1, c1 = role_model_instances()
role = Role.from_start_model(c1)
role.permissions.add('hide-club')
prof = create_test_prof(1)
role.give_role(prof)
serializer = EditorSerializer(prof, context={'role': role})
expected_data = {
'profile': {
'id': prof.id,
'email': prof.email,
'first_name': prof.first_name,
'last_name': prof.last_name,
},
'perms': ['hide-club']
}
assert serializer.data == expected_data
def setup(model, prof_num=1, perms=[]):
prof, client = setup_client_auth(prof_num)
role = Role.from_start_model(model)
role.permissions.add(*perms)
role.give_role(prof)
return prof, client
