def test_delete_only_role_to_edit_roles(self):
"""
Test deleting a role that is the only one allowed to edit roles.
Expected result: An error is raised.
"""
name = 'Administrator'
permission = Permission.EditRole
role = Role(name=name)
role.permissions = permission
db.session.add(role)
db.session.commit()
with self.assertRaises(
DeletionPreconditionViolationError) as exception_cm:
role.delete()
self.assertIn(
'Cannot delete the only role with the permission to edit roles.',
str(exception_cm.exception))
# Add another role with the required permission. Now, it is possible to delete the first role.
other_role = Role(name='Guest')
other_role.permissions = permission
db.session.add(other_role)
db.session.commit()
role.delete()
self.assertIsNone(Role.load_from_name(name))
def test_load_roles_with_permission(self):
"""
Test loading roles that have a given permission.
Expected result: All roles that have the requested permission are returned.
"""
requested_permission = Permission.EditRole
other_permission = Permission.EditUser
role_without_permission = Role(name='No Permission')
role_without_permission.permissions = other_permission
db.session.add(role_without_permission)
role_with_permission = Role(name='With Permission')
role_with_permission.permissions = requested_permission
db.session.add(role_with_permission)
role_with_permissions = Role(name='With Permissions')
role_with_permissions.permissions = requested_permission | other_permission
db.session.add(role_with_permissions)
db.session.commit()
roles = Role.load_roles_with_permission(requested_permission)
self.assertListEqual([role_with_permission, role_with_permissions],
roles)
def test_load_roles_with_permission(self):
"""
Test loading roles that have a given permission.
Expected result: All roles that have the requested permission are returned.
"""
requested_permission = Permission.EditRole
other_permission = Permission.EditUser
role_without_permission = Role(name='No Permission')
role_without_permission.permissions = other_permission
db.session.add(role_without_permission)
role_with_permission = Role(name='With Permission')
role_with_permission.permissions = requested_permission
db.session.add(role_with_permission)
role_with_permissions = Role(name='With Permissions')
role_with_permissions.permissions = requested_permission | other_permission
db.session.add(role_with_permissions)
db.session.commit()
roles = Role.load_roles_with_permission(requested_permission)
self.assertListEqual([role_with_permission, role_with_permissions], roles)
def test_load_roles_with_permissions(self):
"""
Test loading roles that have multiple given permissions.
Expected result: All roles that have the requested permissions are returned.
"""
first_requested_permission = Permission.EditRole
second_requested_permission = Permission.EditGlobalSettings
other_permission = Permission.EditUser
role_without_permission = Role(name='No Permission')
role_without_permission.permissions = other_permission
db.session.add(role_without_permission)
role_with_one_permission = Role(name='With One Permission')
role_with_one_permission.permissions = first_requested_permission
db.session.add(role_with_one_permission)
role_with_all_permissions = Role(name='With All Permissions')
role_with_all_permissions.permissions = (first_requested_permission | second_requested_permission |
other_permission)
db.session.add(role_with_all_permissions)
db.session.commit()
roles = Role.load_roles_with_permissions_all(first_requested_permission, second_requested_permission)
self.assertListEqual([role_with_all_permissions], roles)
def test_has_permissions_one_of_single_permission(self):
"""
Test the has_permissions_one_of() method if a role has the request permission (and only this one).
Expected result: `True` when requesting this permission, `False` otherwise.
"""
role = Role('Administrator')
role.permissions = Permission.EditRole
self.assertTrue(role.has_permissions_one_of(Permission.EditRole))
self.assertFalse(role.has_permissions_one_of(Permission.EditUser))
# If a combination of multiple permissions is requested, the role does not have this permission.
self.assertFalse(
role.has_permissions_one_of(Permission.EditRole
| Permission.EditUser))
role.permissions = Permission.EditUser
self.assertFalse(role.has_permissions_one_of(Permission.EditRole))
self.assertTrue(role.has_permissions_one_of(Permission.EditUser))
# If a combination of multiple permissions is requested, the role does not have this permission.
self.assertFalse(
role.has_permissions_one_of(Permission.EditRole
| Permission.EditUser))
def test_is_only_role_allowed_to_edit_roles(self):
"""
Test if a role is the only one allowed to edit roles.
Expected result: `True` if it is, `False` otherwise.
"""
# First check if the role is not allowed to edit roles.
name = 'Administrator'
permission = Permission.EditRole
role = Role(name=name)
db.session.add(role)
db.session.commit()
self.assertFalse(role.is_only_role_allowed_to_edit_roles())
# Add the permission. Now it should be the only one.
role.permissions = permission
db.session.commit()
self.assertTrue(role.is_only_role_allowed_to_edit_roles())
# Add another role with the required permission.
other_role = Role(name='Guest')
other_role.permissions = permission
db.session.add(other_role)
db.session.commit()
self.assertFalse(role.is_only_role_allowed_to_edit_roles())
def test_delete_only_role_to_edit_roles(self):
"""
Test deleting a role that is the only one allowed to edit roles.
Expected result: An error is raised.
"""
name = 'Administrator'
permission = Permission.EditRole
role = Role(name=name)
role.permissions = permission
db.session.add(role)
db.session.commit()
with self.assertRaises(DeletionPreconditionViolationError) as exception_cm:
role.delete()
self.assertIn('Cannot delete the only role with the permission to edit roles.',
str(exception_cm.exception))
# Add another role with the required permission. Now, it is possible to delete the first role.
other_role = Role(name='Guest')
other_role.permissions = permission
db.session.add(other_role)
db.session.commit()
role.delete()
self.assertIsNone(Role.load_from_name(name))
def test_is_only_role_allowed_to_edit_roles(self):
"""
Test if a role is the only one allowed to edit roles.
Expected result: `True` if it is, `False` otherwise.
"""
# First check if the role is not allowed to edit roles.
name = 'Administrator'
permission = Permission.EditRole
role = Role(name=name)
db.session.add(role)
db.session.commit()
self.assertFalse(role.is_only_role_allowed_to_edit_roles())
# Add the permission. Now it should be the only one.
role.permissions = permission
db.session.commit()
self.assertTrue(role.is_only_role_allowed_to_edit_roles())
# Add another role with the required permission.
other_role = Role(name='Guest')
other_role.permissions = permission
db.session.add(other_role)
db.session.commit()
self.assertFalse(role.is_only_role_allowed_to_edit_roles())
def test_permissions_set_permission_no_edit_role_only_role(self):
"""
Test setting permissions with giving permissions that do not include the permission to edit roles if this
is the only role allowed to edit roles.
Expected result: The permission to edit roles is set automatically.
"""
role = Role('Administrator')
role.permissions = Permission.EditRole
db.session.add(role)
db.session.commit()
self.assertTrue(role.is_only_role_allowed_to_edit_roles())
role.permissions = Permission.EditUser
self.assertEqual(Permission.EditUser | Permission.EditRole, role.permissions)
def test_permissions_set_permission_no_edit_role_only_role(self):
"""
Test setting permissions with giving permissions that do not include the permission to edit roles if this
is the only role allowed to edit roles.
Expected result: The permission to edit roles is set automatically.
"""
role = Role('Administrator')
role.permissions = Permission.EditRole
db.session.add(role)
db.session.commit()
self.assertTrue(role.is_only_role_allowed_to_edit_roles())
role.permissions = Permission.EditUser
self.assertEqual(Permission.EditUser | Permission.EditRole,
role.permissions)
def test_permissions_set_permission(self):
"""
Test setting permissions with giving a permission.
Expected result: The permission is set, overwriting previous values.
"""
role = Role('Administrator')
role._permissions = Permission.EditRole.value
self.assertEqual(Permission.EditRole, role.permissions)
role.permissions = Permission.EditUser
self.assertEqual(Permission.EditUser.value, role._permissions)
def test_permissions_set_none(self):
"""
Test setting permissions without giving a permission.
Expected result: The empty permission is set.
"""
role = Role('Administrator')
role._permissions = Permission.EditRole.value
self.assertEqual(Permission.EditRole, role.permissions)
role.permissions = None
self.assertEqual(Permission(0).value, role._permissions)
def test_permissions_set_permission_no_edit_role_other_roles(self):
"""
Test setting permissions with giving permissions that do not include the permission to edit roles if there
are also other roles allowed to edit roles.
Expected result: The permission to edit roles is not set.
"""
other_role = Role('Guest')
other_role.permissions = Permission.EditRole
db.session.add(other_role)
role = Role('Administrator')
role.permissions = Permission.EditRole
db.session.add(role)
db.session.commit()
self.assertFalse(role.is_only_role_allowed_to_edit_roles())
new_permissions = Permission.EditUser
role.permissions = new_permissions
self.assertEqual(new_permissions, role.permissions)
def test_permissions_set_none(self):
"""
Test setting permissions without giving a permission.
Expected result: The empty permission is set.
"""
role = Role('Administrator')
role._permissions = Permission.EditRole.value
self.assertEqual(Permission.EditRole, role.permissions)
role.permissions = None
self.assertEqual(Permission(0).value, role._permissions)
def test_permissions_set_permission_no_edit_role_other_roles(self):
"""
Test setting permissions with giving permissions that do not include the permission to edit roles if there
are also other roles allowed to edit roles.
Expected result: The permission to edit roles is not set.
"""
other_role = Role('Guest')
other_role.permissions = Permission.EditRole
db.session.add(other_role)
role = Role('Administrator')
role.permissions = Permission.EditRole
db.session.add(role)
db.session.commit()
self.assertFalse(role.is_only_role_allowed_to_edit_roles())
new_permissions = Permission.EditUser
role.permissions = new_permissions
self.assertEqual(new_permissions, role.permissions)
def test_permissions_set_permission(self):
"""
Test setting permissions with giving a permission.
Expected result: The permission is set, overwriting previous values.
"""
role = Role('Administrator')
role._permissions = Permission.EditRole.value
self.assertEqual(Permission.EditRole, role.permissions)
role.permissions = Permission.EditUser
self.assertEqual(Permission.EditUser.value, role._permissions)
def test_has_permissions_one_of_multiple_permissions(self):
"""
Test the has_permissions_one_of() method if a role has the requested permission (and others).
Expected result: `True` when requesting the set permissions.
"""
role = Role('Administrator')
role.permissions = Permission.EditRole | Permission.EditUser
self.assertTrue(role.has_permissions_one_of(Permission.EditRole))
self.assertTrue(role.has_permissions_one_of(Permission.EditUser))
self.assertTrue(
role.has_permissions_one_of(Permission.EditRole,
Permission.EditUser, Permission(0)))
def test_has_permissions_one_of_empty_permission(self):
"""
Test the has_permissions_one_of() method with the empty permission.
Expected result: `False`.
"""
role = Role('Administrator')
db.session.add(role)
db.session.commit()
self.assertEqual(0, role._permissions)
self.assertTrue(role.has_permissions_one_of(Permission(0)))
role.permissions = Permission.EditRole
self.assertTrue(role.has_permissions_one_of(Permission(0)))
def test_repr(self):
"""
Test the string representation of the role.
Expected result: The representation contains details on the role.
"""
name = 'Administrator'
permissions = Permission.EditRole | Permission.EditUser
role = Role(name=name)
self.assertEqual(f'<Role [None] "{name}" [Permission.0]>', str(role))
role.permissions = permissions
db.session.add(role)
db.session.commit()
self.assertEqual(f'<Role [1] "{name}" [{permissions}]>', str(role))
def test_repr(self):
"""
Test the string representation of the role.
Expected result: The representation contains details on the role.
"""
name = 'Administrator'
permissions = Permission.EditRole | Permission.EditUser
role = Role(name=name)
self.assertEqual(f'<Role [None] "{name}" [Permission.0]>', str(role))
role.permissions = permissions
db.session.add(role)
db.session.commit()
self.assertEqual(f'<Role [1] "{name}" [{permissions}]>', str(role))
def role_new() -> ResponseType:
"""
Show and process a form to create a new role.
:return: The response for this view.
"""
new_role_form = create_permission_form(RoleNewForm, Permission(0))
if new_role_form.validate_on_submit():
role = Role(name=new_role_form.name.data)
role.permissions = new_role_form.permissions
db.session.add(role)
db.session.commit()
flash(_('The new role has been created.'))
return redirect(url_for('.roles_list'))
return render_template('administration/role_new.html', new_role_form=new_role_form)
def role_new() -> str:
"""
Show a form to create a new role.
:return: The HTML response.
"""
new_role_form = create_permission_form(RoleNewForm, Permission(0))
if new_role_form.validate_on_submit():
role = Role(name=new_role_form.name.data)
role.permissions = new_role_form.permissions
db.session.add(role)
db.session.commit()
flash(_('The new role has been created.'))
return redirect(url_for('.roles_list'))
return render_template('administration/role_new.html', new_role_form=new_role_form)