def test_in_node_descendants_check(db: Session, normal_user: User) -> None: node = create_random_node(db, created_by_id=normal_user.id, node_type="parent") node_create_permission = crud.node.get_permission( db, id=node.id, permission_type=PermissionTypeEnum.create ) node2 = create_random_node( db, created_by_id=normal_user.id, node_type="child", parent_id=node.id ) node2_read_permission = crud.node.get_permission( db, id=node2.id, permission_type=PermissionTypeEnum.read ) node3 = create_random_node( db, created_by_id=normal_user.id, node_type="child", parent_id=node2.id ) node3_update_permission = crud.node.get_permission( db, id=node3.id, permission_type=PermissionTypeEnum.update ) pass1 = crud.permission.in_node_descendants( db, node_id=node.id, permission=node_create_permission ) pass2 = crud.permission.in_node_descendants( db, node_id=node.id, permission=node2_read_permission ) pass3 = crud.permission.in_node_descendants( db, node_id=node2.id, permission=node3_update_permission ) fail = crud.permission.in_node_descendants( db, node_id=node3.id, permission=node_create_permission ) assert pass1 assert pass2 assert pass3 assert not fail
def node_children_setup( db: Session, ) -> Dict[str, Union[models.Node, models.Interface, models.UserGroup]]: """ Setup: Create a parent_node, create a user group with the parent node as the parent, create a child node with the parent node as the parent, create an interface, associate the interface with the parent node. Returns a dictionary of the format: { "parent_node": Node, "child_node": Node, "user_group": UserGroup, "interface": Interface } """ parent_node = create_random_node(db) user_group = create_random_user_group(db, node_id=parent_node.id) child_node = create_random_node(db, parent_id=parent_node.id) interface = create_random_form_input_interface(db) crud.node.add_interface(db, node=parent_node, interface=interface) return { "parent_node": parent_node, "child_node": child_node, "user_group": user_group, "interface": interface, }
def test_remove_interface_from_node(db: Session, superuser: User) -> None: node = create_random_node(db) interface = create_random_form_input_interface(db) crud.node.add_interface(db, node=node, interface=interface) result = crud.node.remove_interface(db, node=node, interface=interface) assert result is node assert interface not in node.interfaces
def test_create_form_input_entry(client: TestClient, superuser_token_headers: dict, db: Session) -> None: """Successful form input entry creation""" node = create_random_node(db) data = { "name": random_lower_string(), "date_created": str(date(1985, 1, 1) + timedelta(days=randint(0, 9999))), "an_integer": randint(0, 10000), "node_id": node.id, } form_input = crud.form_input.get_by_template_table_name( db, table_name="form_input_test_table") response = client.post( f"{settings.API_V1_STR}/interfaces/form-inputs/{form_input.id}/entries/", headers=superuser_token_headers, json=data, ) content = response.json() assert response.status_code == 200 assert content["id"] assert content["name"] == data["name"] assert content["date_created"] == data["date_created"] assert content["an_integer"] == data["an_integer"] assert content["node_id"] == data["node_id"]
def test_create_node_fail_permission_missing(client: TestClient, superuser_token_headers: dict, db: Session) -> None: """ Node creation fails when user does not have a permission associate with the resource """ # Setup: Create the parent node, create a user. Importantly, no permission setup # for the user and the parent node parent_node = create_random_node(db, created_by_id=1, node_type="network") user = create_random_user(db) user_token_headers = authentication_token_from_email(client=client, email=user.email, db=db) data = { "node_type": "test_create_node", "name": random_lower_string(), "is_active": True, "parent_id": parent_node.id, } response = client.post( f"{settings.API_V1_STR}/nodes/", headers=user_token_headers, json=data, ) assert response.status_code == 403 content = response.json() assert content[ "detail"] == "User does not have permission to create this node"
def test_create_form_input_entry_normal_user(client: TestClient, db: Session) -> None: """Successful form input entry creation by normal user""" setup = form_input_permission_setup( db, permission_type=PermissionTypeEnum.create) user = setup["user"] form_input = setup["form_input"] node = create_random_node(db) data = { "name": random_lower_string(), "date_created": str(date(1985, 1, 1) + timedelta(days=randint(0, 9999))), "an_integer": randint(0, 10000), "node_id": node.id, } form_input = crud.form_input.get_by_template_table_name( db, table_name="form_input_test_table") user_token_headers = authentication_token_from_email(client=client, email=user.email, db=db) response = client.post( f"{settings.API_V1_STR}/interfaces/form-inputs/{form_input.id}/entries/", headers=user_token_headers, json=data, ) content = response.json() assert response.status_code == 200 assert content["id"] assert content["name"] == data["name"] assert content["date_created"] == data["date_created"] assert content["an_integer"] == data["an_integer"] assert content["node_id"] == data["node_id"]
def test_update_node(client: TestClient, superuser_token_headers: dict, db: Session) -> None: """Successfully update a node""" node = create_random_node(db, created_by_id=1, node_type="test_update_node") data = { "node_type": "updated_test_node", "name": random_lower_string(), } response = client.put( f"{settings.API_V1_STR}/nodes/{node.id}", headers=superuser_token_headers, json=data, ) assert response.status_code == 200 content = response.json() assert content["node_type"] == data["node_type"] assert content["name"] == data["name"] assert content["is_active"] == node.is_active assert content["parent_id"] == node.parent_id assert content["depth"] == 0 assert "id" in content assert "created_at" in content assert "updated_at" in content assert "created_by_id" in content assert "updated_by_id" in content
def test_get_all_permissions_for_user_group(db: Session, normal_user: User) -> None: nodes = [ create_random_node( db, created_by_id=normal_user.id, node_type="test_get_all_permissions_for_user_group", ) for n in range(10) ] name = random_lower_string() user_group_in = UserGroupCreate(name=name, node_id=random.choice(nodes).id) user_group = crud.user_group.create(db=db, obj_in=user_group_in, created_by_id=normal_user.id) permissions = chain( *[crud.node.get_permissions(db, id=node.id) for node in nodes]) for permission in permissions: crud.permission.grant(db, user_group_id=user_group.id, permission_id=permission.id) stored_permissions = crud.user_group.permissions_in_user_group( db=db, id=user_group.id) for permission in permissions: assert permission.id in [sp.id for sp in stored_permissions] assert permission.resource_id in [ sp.resource_id for sp in stored_permissions ] assert permission.permission_type in [ sp.permission_type for sp in stored_permissions ]
def test_update_node_fail_user_no_parent_permission( client: TestClient, superuser_token_headers: dict, db: Session) -> None: """Fails if the user doesn't have update permissions on the new parent node""" new_parent_node = create_random_node(db, created_by_id=1, node_type="new_parent_node") data = {"parent_id": new_parent_node.id} setup = node_permission_setup( db, node_type="test_update_node_fail_user_no_permission", permission_type=PermissionTypeEnum.update, permission_enabled=True, ) user_token_headers = authentication_token_from_email( client=client, email=setup["user"].email, db=db) response = client.put( f"{settings.API_V1_STR}/nodes/{setup['node'].id}", headers=user_token_headers, json=data, ) assert response.status_code == 403 content = response.json() assert content["detail"] == ( "User does not have permission to assign resources to node " f"{data['parent_id']}")
def test_create_node(client: TestClient, superuser_token_headers: dict, db: Session) -> None: """Successful node creation""" parent_node = create_random_node(db, created_by_id=1, node_type="network") data = { "node_type": "test_create_node", "name": random_lower_string(), "is_active": True, "parent_id": parent_node.id, } response = client.post( f"{settings.API_V1_STR}/nodes/", headers=superuser_token_headers, json=data, ) assert response.status_code == 200 content = response.json() assert content["node_type"] == data["node_type"] assert content["name"] == data["name"] assert content["is_active"] assert content["parent_id"] == data["parent_id"] assert content["depth"] > 0 assert "id" in content assert "created_at" in content assert "updated_at" in content assert "created_by_id" in content assert "updated_by_id" in content
def test_get_node_children(db: Session, superuser: User) -> None: node = create_random_node(db) user_group = create_random_user_group(db, node_id=node.id) child_node = create_random_node(db, parent_id=node.id) interface = create_random_form_input_interface(db) crud.node.add_interface(db, node=node, interface=interface) result = crud.node.get_node_children(db, id=node.id) for node_child in result: assert node_child.node_id == node.id if node_child.child_type == "interface": assert node_child.child_id == interface.id if node_child.child_type == "node": assert node_child.child_id == child_node.id if node_child.child_type == "user_group": assert node_child.child_id == user_group.id
def test_create_form_input_entry_normal_user_fail_no_permission( client: TestClient, db: Session) -> None: """Fail if the normal user doesn't have create permissions""" node = create_random_node(db) data = { "name": random_lower_string(), "date_created": str(date(1985, 1, 1) + timedelta(days=randint(0, 9999))), "an_integer": randint(0, 10000), "node_id": node.id, } form_input = crud.form_input.get_by_template_table_name( db, table_name="form_input_test_table") user = create_random_user(db) user_token_headers = authentication_token_from_email(client=client, email=user.email, db=db) response = client.post( f"{settings.API_V1_STR}/interfaces/form-inputs/{form_input.id}/entries/", headers=user_token_headers, json=data, ) content = response.json() assert response.status_code == 403 assert content["detail"] == (f"User ID {user.id} does not have " f"create permissions for " f"interface ID {form_input.id}")
def node_all_permissions_setup( db: Session, ) -> Dict[str, Union[models.Node, models.Permission, models.UserGroup, models.User]]: """ Setup: Create the node, get all node permissions, create the user, create the user group, add the user to the user group, grant all the permissions to the user group Returns a dictionary of the format: { "node": Node, "permissions": List[Permission], "user_group": UserGroup, "user": User, } """ node = create_random_node(db, created_by_id=1, node_type="node_all_permissions_setup") permissions = crud.node.get_permissions(db, id=node.id) user = create_random_user(db) user_group = create_random_user_group(db, created_by_id=1, node_id=node.id) crud.user_group.add_user(db, user_group=user_group, user_id=user.id) crud.permission.grant_multiple(db, user_group_id=user_group.id, permission_ids=[p.id for p in permissions]) return { "node": node, "permissions": permissions, "user_group": user_group, "user": user, }
def test_create_user_group(db: Session, normal_user: User) -> None: node = create_random_node(db, created_by_id=normal_user.id, node_type="test_create_user_group") user_group_in = UserGroupCreate(name=random_lower_string(), node_id=node.id) user_group = crud.user_group.create(db=db, obj_in=user_group_in, created_by_id=normal_user.id) assert user_group.created_by_id == normal_user.id
def test_create_node_fail_name_exists(client: TestClient, superuser_token_headers: dict, db: Session) -> None: """Fail if the node name isn't unique""" existing_node = create_random_node(db) parent_node = create_random_node(db, created_by_id=1, node_type="network") data = { "node_type": "test_create_node", "name": existing_node.name, "is_active": True, "parent_id": parent_node.id, } response = client.post( f"{settings.API_V1_STR}/nodes/", headers=superuser_token_headers, json=data, ) content = response.json() assert response.status_code == 409 assert content["detail"] == "A node with that name already exists."
def test_all_node_descendants(db: Session, normal_user: User) -> None: node = create_random_node(db, created_by_id=normal_user.id, node_type="parent") child_node = create_random_node( db, created_by_id=normal_user.id, node_type="child", parent_id=node.id ) user_group1 = create_random_user_group( db, created_by_id=normal_user.id, node_id=node.id ) user_group2 = create_random_user_group( db, created_by_id=normal_user.id, node_id=child_node.id ) not_child_node = create_random_node( db, created_by_id=normal_user.id, node_type="not_child" ) child_node_permissions = crud.node.get_permissions(db, id=child_node.id) user_group1_permissions = crud.user_group.get_permissions(db, id=user_group1.id) user_group2_permissions = crud.user_group.get_permissions(db, id=user_group2.id) not_child_node_permissions = crud.node.get_permissions(db, id=not_child_node.id) all_permissions = [ *child_node_permissions, *user_group1_permissions, *user_group2_permissions, ] some_permissions = [*child_node_permissions, *not_child_node_permissions] no_permissions = [*not_child_node_permissions] pass1 = crud.permission.all_node_descendants( db, node_id=node.id, permissions=all_permissions ) fail1 = crud.permission.all_node_descendants( db, node_id=node.id, permissions=some_permissions ) fail2 = crud.permission.all_node_descendants( db, node_id=node.id, permissions=no_permissions ) assert pass1 assert not fail1 assert not fail2
def create_random_form_input_table_entry(db: Session): node = create_random_node(db) data = { "name": random_lower_string(), "date_created": str(date(1985, 1, 1) + timedelta(days=randint(0, 9999))), "an_integer": randint(0, 10000), "node_id": node.id, } form_input = crud.form_input.get_by_template_table_name( db, table_name="form_input_test_table" ) form_input_crud = crud.form_input.get_table_crud(db, id=form_input.id) return form_input_crud.create(db, obj_in=data)
def test_remove_interface_from_node_fail_interface_not_exist( client: TestClient, superuser_token_headers: dict, db: Session) -> None: """Fail if the interface doesn't exist""" node = create_random_node(db) response = client.post( f"{settings.API_V1_STR}/nodes/{node.id}/interfaces/{-1}/remove", headers=superuser_token_headers, ) content = response.json() assert response.status_code == 404 assert content["detail"] == "Cannot find interface."
def test_delete_node(client: TestClient, superuser_token_headers: dict, db: Session) -> None: """Successfully delete a node""" node = create_random_node(db, created_by_id=1, node_type="test_delete_node") response = client.delete(f"{settings.API_V1_STR}/nodes/{node.id}", headers=superuser_token_headers) stored_node = crud.node.get(db, id=node.id) assert response.status_code == 200 content = response.json() assert content["name"] == node.name assert stored_node is None
def test_add_interface_to_node(client: TestClient, superuser_token_headers: dict, db: Session) -> None: """Successfully add an interface to a node""" node = create_random_node(db) interface = create_random_form_input_interface(db) response = client.post( f"{settings.API_V1_STR}/nodes/{node.id}/interfaces/{interface.id}/add", headers=superuser_token_headers, ) db.refresh(node) assert response.status_code == 200 assert interface in node.interfaces
def create_random_permission( db: Session, *, node_id: Optional[int] = None, enabled: Optional[bool] = True ) -> models.Node: if node_id is None: node = create_random_node(db, created_by_id=-1, node_type="random_node") node_id = node.id permission_type = random.choice(list(PermissionTypeEnum)) permission_in = PermissionCreate( resource_id=node_id, resource_type=ResourceTypeEnum.node, permission_type=permission_type, enabled=enabled, ) return crud.node_permission.create(db=db, obj_in=permission_in)
def test_create_node_permission(db: Session, normal_user: User) -> None: node = create_random_node( db, created_by_id=normal_user.id, node_type="test_create_permission" ) permission_type = random.choice(list(PermissionTypeEnum)) permission_in = PermissionCreate( resource_id=node.id, resource_type=ResourceTypeEnum.node, permission_type=permission_type, ) permission = crud.node_permission.create(db=db, obj_in=permission_in) assert permission.resource_id == node.id assert permission.permission_type == permission_type
def test_remove_interface_from_node(client: TestClient, superuser_token_headers: dict, db: Session) -> None: """Successfully remove an interface from a node""" node = create_random_node(db) interface = create_random_form_input_interface(db) crud.node.add_interface(db, node=node, interface=interface) response = client.post( f"{settings.API_V1_STR}/nodes/{node.id}/interfaces/{interface.id}/remove", headers=superuser_token_headers, ) db.refresh(node) assert response.status_code == 200 assert interface not in node.interfaces
def test_delete_user_group(db: Session, normal_user: User) -> None: node = create_random_node(db, created_by_id=normal_user.id, node_type="test_delete_user_group") name = random_lower_string() user_group_in = UserGroupCreate(name=name, node_id=node.id) user_group = crud.user_group.create(db=db, obj_in=user_group_in, created_by_id=normal_user.id) user_group2 = crud.user_group.remove(db=db, id=user_group.id) user_group3 = crud.user_group.get(db=db, id=user_group.id) assert user_group3 is None assert user_group2.id == user_group.id assert user_group2.name == name assert user_group2.created_by_id == normal_user.id
def test_add_user_to_user_group(db: Session, normal_user: User) -> None: node = create_random_node(db, created_by_id=normal_user.id, node_type="test_add_user_to_user_group") name = random_lower_string() user_group_in = UserGroupCreate(name=name, node_id=node.id) user_group = crud.user_group.create(db=db, obj_in=user_group_in, created_by_id=normal_user.id) user = create_random_user(db) association = crud.user_group.add_user(db=db, user_group=user_group, user_id=user.id) assert association.user_group_id == user_group.id assert association.user_id == user.id
def test_grant_single_permission(db: Session, normal_user: User) -> None: node = create_random_node( db, created_by_id=normal_user.id, node_type="test_grant_single_permission" ) user_group = create_random_user_group( db, created_by_id=normal_user.id, node_id=node.id ) permission = crud.node.get_permission( db, id=node.id, permission_type=PermissionTypeEnum.read ) user_group_permission_rel = crud.permission.grant( db, user_group_id=user_group.id, permission_id=permission.id ) assert user_group_permission_rel.user_group_id == user_group.id assert user_group_permission_rel.permission_id == permission.id assert user_group_permission_rel.enabled
def test_grant_multiple_permissions(db: Session, normal_user: User) -> None: node = create_random_node( db, created_by_id=normal_user.id, node_type="test_grant_multiple_permissions" ) user_group = create_random_user_group( db, created_by_id=normal_user.id, node_id=node.id ) permissions = crud.node.get_permissions(db, id=node.id) permission_ids = [p.id for p in permissions] user_group_permission_rels = crud.permission.grant_multiple( db, user_group_id=user_group.id, permission_ids=permission_ids ) assert len(permission_ids) == len(user_group_permission_rels) for ugpr in user_group_permission_rels: assert ugpr.user_group_id == user_group.id assert ugpr.enabled
def test_verify_user_node_permission(db: Session, normal_user: User) -> None: email = random_email() password = random_lower_string() user_in = UserCreate(email=email, password=password) user = crud.user.create(db, obj_in=user_in) node = create_random_node(db, created_by_id=normal_user.id, node_type="verify_user_node_permission") user_group = create_random_user_group(db, created_by_id=normal_user.id) crud.user_group.add_user(db, user_group=user_group, user_id=user.id) permission = create_random_permission(db, node_id=node.id) crud.permission.grant(db, user_group_id=user_group.id, permission_id=permission.id) has_permission = crud.user.has_permission( db, user=user, resource_type="node", resource_id=node.id, permission_type=permission.permission_type, ) # Need to add an explicit 'False' permission for the User to the resource # to ensure that will return False in addition to the missing permissions permissions_not_granted = [ i for i in list(PermissionTypeEnum) if i != permission.permission_type ] permission_type = random.choice(permissions_not_granted) permission_in = PermissionCreate( resource_id=node.id, resource_type=ResourceTypeEnum.node, permission_type=permission_type, enabled=False, ) crud.node_permission.create(db=db, obj_in=permission_in) assert has_permission == True # noqa E712 for png in permissions_not_granted: has_permission = crud.user.has_permission( db, user=user, resource_type="node", resource_id=node.id, permission_type=png, ) assert has_permission == False # noqa: E712
def create_random_user_group(db: Session, *, created_by_id: Optional[int] = 1, node_id: Optional[int] = None) -> models.Node: if created_by_id is None: user = create_random_user(db) created_by_id = user.id if node_id is None: node = create_random_node(db, created_by_id=created_by_id, node_type="random_node") node_id = node.id user_group_in = UserGroupCreate(name=random_lower_string(), node_id=node_id) return crud.user_group.create(db=db, obj_in=user_group_in, created_by_id=created_by_id)
def test_update_node_fail_parent_not_exists(client: TestClient, superuser_token_headers: dict, db: Session) -> None: """Fails if the node indicated by parent_id doesn't exist in the database""" node = create_random_node( db, created_by_id=1, node_type="test_update_node_fail_parent_not_exists") response = client.put( f"{settings.API_V1_STR}/nodes/{node.id}", headers=superuser_token_headers, json={"parent_id": -1}, ) assert response.status_code == 404 content = response.json() assert content["detail"] == "Cannot find parent node."