def test_update_node_normal_user(client: TestClient, superuser_token_headers: dict, db: Session) -> None: """Successfully update a node as a normal user""" setup = node_permission_setup( db, node_type="test_update_node_normal_user", permission_type=PermissionTypeEnum.update, permission_enabled=True, ) data = { "node_type": "updated_test_node", "name": random_lower_string(), } user_token_headers = authentication_token_from_email( client=client, email=setup["user"].email, db=db) response = client.put( f"{settings.API_V1_STR}/nodes/{setup['node'].id}", headers=user_token_headers, json=data, ) assert response.status_code == 200 content = response.json() assert content["node_type"] == data["node_type"] assert content["name"] == data["name"] assert content["is_active"] == setup["node"].is_active assert content["parent_id"] == setup["node"].parent_id assert content["depth"] == 0 assert "id" in content assert "created_at" in content assert "updated_at" in content assert "created_by_id" in content assert "updated_by_id" in content
def test_update_node_fail_user_no_permission(client: TestClient, superuser_token_headers: dict, db: Session) -> None: """Fails if the user doesn't have update permissions on the target node""" setup = node_permission_setup( db, node_type="test_update_node_fail_user_no_permission", permission_type=PermissionTypeEnum.update, permission_enabled=False, ) user_token_headers = authentication_token_from_email( client=client, email=setup["user"].email, db=db) data = {"name": "no matter"} response = client.put( f"{settings.API_V1_STR}/nodes/{setup['node'].id}", headers=user_token_headers, json=data, ) assert response.status_code == 403 content = response.json() assert content["detail"] == ( f"User ID {setup['user'].id} does not have " f"{setup['permission'].permission_type} permissions for " f"{setup['permission'].resource_type} ID {setup['node'].id}")
def test_read_node_normal_user(client: TestClient, superuser_token_headers: dict, db: Session) -> None: """Successfully read a node with permissions""" setup = node_permission_setup( db, node_type="test_read_node_normal_user", permission_type=PermissionTypeEnum.read, permission_enabled=True, ) user_token_headers = authentication_token_from_email( client=client, email=setup["user"].email, db=db) response = client.get( f"{settings.API_V1_STR}/nodes/{setup['node'].id}", headers=user_token_headers, ) assert response.status_code == 200 content = response.json() assert content["node_type"] == setup["node"].node_type assert content["name"] == setup["node"].name assert content["is_active"] assert content["depth"] == 0 assert "id" in content assert "parent_id" in content assert "created_at" in content assert "updated_at" in content assert "created_by_id" in content assert "updated_by_id" in content
def test_create_node_fail_permission_false(client: TestClient, superuser_token_headers: dict, db: Session) -> None: """Node creation fails when user has a permission not enabled for node parent""" setup = node_permission_setup( db, node_type="test_create_node_fail_permission_false", permission_type=PermissionTypeEnum.create, permission_enabled=False, ) user_token_headers = authentication_token_from_email( client=client, email=setup["user"].email, db=db) data = { "node_type": "test_create_node", "name": random_lower_string(), "is_active": True, "parent_id": setup["node"].id, } response = client.post( f"{settings.API_V1_STR}/nodes/", headers=user_token_headers, json=data, ) assert response.status_code == 403 content = response.json() assert content[ "detail"] == "User does not have permission to create this node"
def test_get_node_with_children_normal_user_fail_no_permission( client: TestClient, db: Session) -> None: """Fail if the user doesn't have read permissions on the node""" setup = node_permission_setup( db, node_type="test", permission_type=PermissionTypeEnum.read, permission_enabled=False, ) node = setup["node"] user = setup["user"] user_token_headers = authentication_token_from_email(client=client, email=user.email, db=db) response = client.get( f"{settings.API_V1_STR}/nodes/{node.id}/children", headers=user_token_headers, ) content = response.json() assert response.status_code == 403 assert content["detail"] == ( f"User ID {user.id} does not have " f"{setup['permission'].permission_type} permissions for " f"{setup['permission'].resource_type} ID {node.id}")
def test_get_node_with_children_normal_user(client: TestClient, db: Session) -> None: """Successfully get a node with children listing""" setup = node_permission_setup( db, node_type="test", permission_type=PermissionTypeEnum.read, permission_enabled=True, ) node = setup["node"] user = setup["user"] user_group = setup["user_group"] user_token_headers = authentication_token_from_email(client=client, email=user.email, db=db) response = client.get( f"{settings.API_V1_STR}/nodes/{node.id}/children", headers=user_token_headers, ) content = response.json() assert response.status_code == 200 for child in content: if child["child_type"] == "user_group": assert child["child_id"] == user_group.id
def test_read_node_fail_node_no_permission(client: TestClient, superuser_token_headers: dict, db: Session) -> None: """Fails if the user has no read permission on the node""" setup = node_permission_setup( db, node_type="test_read_node_fail_node_no_permission", permission_type=PermissionTypeEnum.read, permission_enabled=False, ) user_token_headers = authentication_token_from_email( client=client, email=setup["user"].email, db=db) response = client.get( f"{settings.API_V1_STR}/nodes/{setup['node'].id}", headers=user_token_headers, ) assert response.status_code == 403 content = response.json() assert content["detail"] == (f"User ID {setup['user'].id} does not have " f"read permissions for " f"node ID {setup['node'].id}")