def form_input_permission_setup( db: Session, *, permission_type: PermissionTypeEnum, permission_enabled: bool = True ) -> Dict[str, Union[models.Interface, models.Permission, models.UserGroup, models.User]]: form_input = crud.form_input.get_by_template_table_name( db, table_name="form_input_test_table") user = create_random_user(db) user_group = create_random_user_group(db) permission = crud.form_input.get_permission( db, id=form_input.id, permission_type=permission_type) crud.user_group.add_user(db, user_group=user_group, user_id=user.id) crud.permission.grant(db, user_group_id=user_group.id, permission_id=permission.id) if not permission_enabled: crud.permission.revoke(db, user_group_id=user_group.id, permission_id=permission.id) return { "form_input": form_input, "permission": permission, "user_group": user_group, "user": user, }
def test_create_user_normal_user(client: TestClient, db: Session) -> None: username = random_email() password = random_lower_string() user_group = create_random_user_group(db) data = {"email": username, "password": password, "user_group_id": user_group.id} user = create_random_user(db) crud.user_group.add_user(db, user_group=user_group, user_id=user.id) create_permission = crud.user_group.get_permission( db, id=user_group.id, permission_type=PermissionTypeEnum.create ) crud.permission.grant( db, user_group_id=user_group.id, permission_id=create_permission.id ) user_token_headers = authentication_token_from_email( client=client, email=user.email, db=db ) r = client.post( f"{settings.API_V1_STR}/users/", headers=user_token_headers, json=data, ) created_user = r.json() user = crud.user.get_by_email(db, email=username) assert 200 <= r.status_code < 300 assert user assert user.email == created_user["email"] assert user_group in user.user_groups
def query_permission_setup( db: Session, *, permission_type: PermissionTypeEnum, permission_enabled: bool = True ) -> Dict[str, Union[models.QueryInterface, models.Permission, models.UserGroup, models.User]]: query = create_random_query_interface(db) user = create_random_user(db) user_group = create_random_user_group(db) permission = crud.query.get_permission(db, id=query.id, permission_type=permission_type) crud.user_group.add_user(db, user_group=user_group, user_id=user.id) crud.permission.grant(db, user_group_id=user_group.id, permission_id=permission.id) if not permission_enabled: crud.permission.revoke(db, user_group_id=user_group.id, permission_id=permission.id) return { "query": query, "permission": permission, "user_group": user_group, "user": user, }
def node_all_permissions_setup( db: Session, ) -> Dict[str, Union[models.Node, models.Permission, models.UserGroup, models.User]]: """ Setup: Create the node, get all node permissions, create the user, create the user group, add the user to the user group, grant all the permissions to the user group Returns a dictionary of the format: { "node": Node, "permissions": List[Permission], "user_group": UserGroup, "user": User, } """ node = create_random_node(db, created_by_id=1, node_type="node_all_permissions_setup") permissions = crud.node.get_permissions(db, id=node.id) user = create_random_user(db) user_group = create_random_user_group(db, created_by_id=1, node_id=node.id) crud.user_group.add_user(db, user_group=user_group, user_id=user.id) crud.permission.grant_multiple(db, user_group_id=user_group.id, permission_ids=[p.id for p in permissions]) return { "node": node, "permissions": permissions, "user_group": user_group, "user": user, }
def test_create_user_fail_user_group_not_exists( client: TestClient, db: Session ) -> None: username = random_email() password = random_lower_string() data = {"email": username, "password": password, "user_group_id": -1} user = create_random_user(db) user_group = create_random_user_group(db) crud.user_group.add_user(db, user_group=user_group, user_id=user.id) create_permission = crud.user_group.get_permission( db, id=user_group.id, permission_type=PermissionTypeEnum.create ) crud.permission.grant( db, user_group_id=user_group.id, permission_id=create_permission.id ) user_token_headers = authentication_token_from_email( client=client, email=user.email, db=db ) r = client.post( f"{settings.API_V1_STR}/users/", headers=user_token_headers, json=data, ) content = r.json() user = crud.user.get_by_email(db, email=username) assert r.status_code == 404 assert user is None assert content["detail"] == "Can not find user group."
def node_children_setup( db: Session, ) -> Dict[str, Union[models.Node, models.Interface, models.UserGroup]]: """ Setup: Create a parent_node, create a user group with the parent node as the parent, create a child node with the parent node as the parent, create an interface, associate the interface with the parent node. Returns a dictionary of the format: { "parent_node": Node, "child_node": Node, "user_group": UserGroup, "interface": Interface } """ parent_node = create_random_node(db) user_group = create_random_user_group(db, node_id=parent_node.id) child_node = create_random_node(db, parent_id=parent_node.id) interface = create_random_form_input_interface(db) crud.node.add_interface(db, node=parent_node, interface=interface) return { "parent_node": parent_node, "child_node": child_node, "user_group": user_group, "interface": interface, }
def test_create_user_fail_normal_user_no_permission( client: TestClient, db: Session ) -> None: username = random_email() password = random_lower_string() user_group = create_random_user_group(db) data = {"email": username, "password": password, "user_group_id": user_group.id} user = create_random_user(db) crud.user_group.add_user(db, user_group=user_group, user_id=user.id) user_token_headers = authentication_token_from_email( client=client, email=user.email, db=db ) r = client.post( f"{settings.API_V1_STR}/users/", headers=user_token_headers, json=data, ) content = r.json() returned_user = crud.user.get_by_email(db, email=username) assert r.status_code == 403 assert returned_user is None assert content["detail"] == ( f"User ID {user.id} does not have create permissions for " f"user_group ID {user_group.id}" )
def test_get_multi_not_in_group(db: Session): email = random_email() password = random_lower_string() user_in = UserCreate(email=email, password=password) user = crud.user.create(db, obj_in=user_in) user_group = create_random_user_group(db) users_not_in_group = crud.user.get_multi_not_in_group( db, user_group_id=user_group.id, sort_by="id", sort_desc=True) assert user in users_not_in_group.records
def test_get_user_groups_for_user(db: Session) -> None: email = random_email() password = random_lower_string() user_in = UserCreate(email=email, password=password) user = crud.user.create(db, obj_in=user_in) user_group1 = create_random_user_group(db, created_by_id=user.id) user_group2 = create_random_user_group(db, created_by_id=user.id) user_group3 = create_random_user_group(db, created_by_id=user.id) crud.user_group.add_user(db, user_group=user_group1, user_id=user.id) crud.user_group.add_user(db, user_group=user_group2, user_id=user.id) user_user_groups = crud.user.get_user_groups(db, user=user) for user_group in user_user_groups: assert user_group.id in [user_group1.id, user_group2.id] assert user_group.id != user_group3.id
def test_get_multi_in_group(db: Session): email = random_email() password = random_lower_string() user_in = UserCreate(email=email, password=password) user = crud.user.create(db, obj_in=user_in) user_group = create_random_user_group(db) crud.user_group.add_user(db, user_group=user_group, user_id=user.id) users_in_group = crud.user.get_multi_in_group(db, user_group_id=user_group.id) assert user in users_in_group.records
def test_all_node_descendants(db: Session, normal_user: User) -> None: node = create_random_node(db, created_by_id=normal_user.id, node_type="parent") child_node = create_random_node( db, created_by_id=normal_user.id, node_type="child", parent_id=node.id ) user_group1 = create_random_user_group( db, created_by_id=normal_user.id, node_id=node.id ) user_group2 = create_random_user_group( db, created_by_id=normal_user.id, node_id=child_node.id ) not_child_node = create_random_node( db, created_by_id=normal_user.id, node_type="not_child" ) child_node_permissions = crud.node.get_permissions(db, id=child_node.id) user_group1_permissions = crud.user_group.get_permissions(db, id=user_group1.id) user_group2_permissions = crud.user_group.get_permissions(db, id=user_group2.id) not_child_node_permissions = crud.node.get_permissions(db, id=not_child_node.id) all_permissions = [ *child_node_permissions, *user_group1_permissions, *user_group2_permissions, ] some_permissions = [*child_node_permissions, *not_child_node_permissions] no_permissions = [*not_child_node_permissions] pass1 = crud.permission.all_node_descendants( db, node_id=node.id, permissions=all_permissions ) fail1 = crud.permission.all_node_descendants( db, node_id=node.id, permissions=some_permissions ) fail2 = crud.permission.all_node_descendants( db, node_id=node.id, permissions=no_permissions ) assert pass1 assert not fail1 assert not fail2
def test_grant_multiple_permissions(db: Session, normal_user: User) -> None: node = create_random_node( db, created_by_id=normal_user.id, node_type="test_grant_multiple_permissions" ) user_group = create_random_user_group( db, created_by_id=normal_user.id, node_id=node.id ) permissions = crud.node.get_permissions(db, id=node.id) permission_ids = [p.id for p in permissions] user_group_permission_rels = crud.permission.grant_multiple( db, user_group_id=user_group.id, permission_ids=permission_ids ) assert len(permission_ids) == len(user_group_permission_rels) for ugpr in user_group_permission_rels: assert ugpr.user_group_id == user_group.id assert ugpr.enabled
def test_grant_single_permission(db: Session, normal_user: User) -> None: node = create_random_node( db, created_by_id=normal_user.id, node_type="test_grant_single_permission" ) user_group = create_random_user_group( db, created_by_id=normal_user.id, node_id=node.id ) permission = crud.node.get_permission( db, id=node.id, permission_type=PermissionTypeEnum.read ) user_group_permission_rel = crud.permission.grant( db, user_group_id=user_group.id, permission_id=permission.id ) assert user_group_permission_rel.user_group_id == user_group.id assert user_group_permission_rel.permission_id == permission.id assert user_group_permission_rel.enabled
def test_get_node_children(db: Session, superuser: User) -> None: node = create_random_node(db) user_group = create_random_user_group(db, node_id=node.id) child_node = create_random_node(db, parent_id=node.id) interface = create_random_form_input_interface(db) crud.node.add_interface(db, node=node, interface=interface) result = crud.node.get_node_children(db, id=node.id) for node_child in result: assert node_child.node_id == node.id if node_child.child_type == "interface": assert node_child.child_id == interface.id if node_child.child_type == "node": assert node_child.child_id == child_node.id if node_child.child_type == "user_group": assert node_child.child_id == user_group.id
def test_verify_user_node_permission(db: Session, normal_user: User) -> None: email = random_email() password = random_lower_string() user_in = UserCreate(email=email, password=password) user = crud.user.create(db, obj_in=user_in) node = create_random_node(db, created_by_id=normal_user.id, node_type="verify_user_node_permission") user_group = create_random_user_group(db, created_by_id=normal_user.id) crud.user_group.add_user(db, user_group=user_group, user_id=user.id) permission = create_random_permission(db, node_id=node.id) crud.permission.grant(db, user_group_id=user_group.id, permission_id=permission.id) has_permission = crud.user.has_permission( db, user=user, resource_type="node", resource_id=node.id, permission_type=permission.permission_type, ) # Need to add an explicit 'False' permission for the User to the resource # to ensure that will return False in addition to the missing permissions permissions_not_granted = [ i for i in list(PermissionTypeEnum) if i != permission.permission_type ] permission_type = random.choice(permissions_not_granted) permission_in = PermissionCreate( resource_id=node.id, resource_type=ResourceTypeEnum.node, permission_type=permission_type, enabled=False, ) crud.node_permission.create(db=db, obj_in=permission_in) assert has_permission == True # noqa E712 for png in permissions_not_granted: has_permission = crud.user.has_permission( db, user=user, resource_type="node", resource_id=node.id, permission_type=png, ) assert has_permission == False # noqa: E712
def test_revoke_multiple_permissions_missing(db: Session, normal_user: User) -> None: """ Raises a MissingRecordsError if one or more permissions are a not associated with the user group, making them ineligible to be revoked """ node = create_random_node( db, created_by_id=normal_user.id, node_type="test_revoke_multiple_permissions" ) user_group = create_random_user_group( db, created_by_id=normal_user.id, node_id=node.id ) permissions = crud.node.get_permissions(db, id=node.id) permission_ids = [p.id for p in permissions] with pytest.raises(MissingRecordsError): crud.permission.revoke_multiple( db, user_group_id=user_group.id, permission_ids=permission_ids )
def multi_node_permission_setup( db: Session, *, n: int, node_type: str, permission_type: PermissionTypeEnum, permission_enabled: bool ) -> Dict[str, Union[List[models.Node], List[models.Permission], models.UserGroup, models.User], ]: """ Setup: Create 'n' nodes, get create permissions, create user, create user group, add user to user group, give user group specified permission on all nodes Returns a dictionary of the format: { "nodes": [Node], "permissions": [Permission], "user_group": UserGroup, "user": User, } """ nodes = [ create_random_node(db, created_by_id=1, node_type=node_type) for i in range(n) ] user = create_random_user(db) user_group = create_random_user_group(db, created_by_id=1, node_id=nodes[0].id) crud.user_group.add_user(db, user_group=user_group, user_id=user.id) permissions = [] for node in nodes: permission = crud.node.get_permission(db, id=node.id, permission_type=permission_type) permissions.append(permission) crud.permission.grant(db, user_group_id=user_group.id, permission_id=permission.id) if not permission_enabled: crud.permission.revoke(db, user_group_id=user_group.id, permission_id=permission.id) return { "nodes": nodes, "permissions": permissions, "user_group": user_group, "user": user, }
def multi_user_group_permission_setup( db: Session, *, n: int, permission_type: PermissionTypeEnum, permission_enabled: bool ) -> Dict[str, Union[models.Node, List[models.Permission], List[models.UserGroup], models.User], ]: """ Setup: Create a parent node, create a user, create 'n' user groups, add user to all groups, give each user group the specified permission. Returns a dictionary of the format: { "node": Node, "permissions": [Permission], "user_groups": [UserGroup], "user": User, } """ node = create_random_node(db, created_by_id=1, node_type="multi_user_group_permission_setup") user = create_random_user(db) user_groups = [ create_random_user_group(db, created_by_id=1, node_id=node.id) for i in range(n) ] permissions = [] for user_group in user_groups: permission = crud.user_group.get_permission( db, id=user_group.id, permission_type=permission_type) permissions.append(permission) crud.user_group.add_user(db, user_group=user_group, user_id=user.id) crud.permission.grant(db, user_group_id=user_group.id, permission_id=permission.id) if not permission_enabled: crud.permission.revoke(db, user_group_id=user_group.id, permission_id=permission.id) return { "node": node, "permissions": permissions, "user_groups": user_groups, "user": user, }
def test_revoke_single_permission_missing(db: Session, normal_user: User) -> None: """ Raises a NoResultFound error if the user_group/permission relationship doesn't exist """ node = create_random_node( db, created_by_id=normal_user.id, node_type="test_revoke_single_permission" ) user_group = create_random_user_group( db, created_by_id=normal_user.id, node_id=node.id ) permission = crud.node.get_permission( db, id=node.id, permission_type=PermissionTypeEnum.read ) with pytest.raises(NoResultFound): crud.permission.revoke( db, user_group_id=user_group.id, permission_id=permission.id )
def test_grant_single_permission_existing(db: Session, normal_user: User) -> None: node = create_random_node( db, created_by_id=normal_user.id, node_type="test_grant_single_permission" ) user_group = create_random_user_group( db, created_by_id=normal_user.id, node_id=node.id ) permission = crud.node.get_permission( db, id=node.id, permission_type=PermissionTypeEnum.read ) # Grant then revoke the permission before trying to grant it again crud.permission.grant(db, user_group_id=user_group.id, permission_id=permission.id) crud.permission.revoke(db, user_group_id=user_group.id, permission_id=permission.id) user_group_permission_rel = crud.permission.grant( db, user_group_id=user_group.id, permission_id=permission.id ) assert user_group_permission_rel.user_group_id == user_group.id assert user_group_permission_rel.permission_id == permission.id assert user_group_permission_rel.enabled
def user_group_permission_setup( db: Session, *, permission_type: PermissionTypeEnum, permission_enabled: bool ) -> Dict[str, Union[models.Node, models.Permission, models.UserGroup, models.User]]: """ Setup: Create a node, create a user, create a user group, get the specified permission, add the user to the user group, grant the user group the specified permission (to itself) Returns a dictionary of the format: { "node": Node, "permission": Permission, "user_group": UserGroup, "user": User, } """ node = create_random_node(db, created_by_id=1, node_type="user_group_permission_setup") user = create_random_user(db) user_group = create_random_user_group(db, created_by_id=1, node_id=node.id) permission = crud.user_group.get_permission( db, id=user_group.id, permission_type=permission_type) crud.user_group.add_user(db, user_group=user_group, user_id=user.id) crud.permission.grant(db, user_group_id=user_group.id, permission_id=permission.id) if not permission_enabled: crud.permission.revoke(db, user_group_id=user_group.id, permission_id=permission.id) return { "node": node, "permission": permission, "user_group": user_group, "user": user, }
def node_permission_setup( db: Session, *, node_type: str, permission_type: PermissionTypeEnum, permission_enabled: bool ) -> Dict[str, Union[models.Node, models.Permission, models.UserGroup, models.User]]: """ Setup: Create the node, get create permission, create user, create user group, add user to user group, give user group specified permission on the node Returns a dictionary of the format: { "node": Node, "permission": Permission, "user_group": UserGroup, "user": User, } """ node = create_random_node(db, created_by_id=1, node_type=node_type) permission = crud.node.get_permission(db, id=node.id, permission_type=permission_type) user = create_random_user(db) user_group = create_random_user_group(db, created_by_id=1, node_id=node.id) crud.user_group.add_user(db, user_group=user_group, user_id=user.id) crud.permission.grant(db, user_group_id=user_group.id, permission_id=permission.id) if not permission_enabled: crud.permission.revoke(db, user_group_id=user_group.id, permission_id=permission.id) return { "node": node, "permission": permission, "user_group": user_group, "user": user, }
def test_grant_multiple_permissions_existing(db: Session, normal_user: User) -> None: node = create_random_node( db, created_by_id=normal_user.id, node_type="test_grant_multiple_permissions" ) user_group = create_random_user_group( db, created_by_id=normal_user.id, node_id=node.id ) permissions = crud.node.get_permissions(db, id=node.id) permission_ids = [p.id for p in permissions] # Grant then revoke the permissions before trying to grant them again crud.permission.grant_multiple( db, user_group_id=user_group.id, permission_ids=permission_ids ) crud.permission.revoke_multiple( db, user_group_id=user_group.id, permission_ids=permission_ids[:2] ) user_group_permission_rels = crud.permission.grant_multiple( db, user_group_id=user_group.id, permission_ids=permission_ids ) assert len(permission_ids) == len(user_group_permission_rels) for ugpr in user_group_permission_rels: assert ugpr.user_group_id == user_group.id assert ugpr.enabled
def test_get_multi_user_groups_with_permission(db: Session, superuser: User) -> None: # Create parent node parent_node = create_random_node( db, created_by_id=superuser.id, node_type="test_get_multi_user_groups_with_permission", ) # Create User Group attached to parent node user_group = create_random_user_group(db, created_by_id=superuser.id, node_id=parent_node.id) # Create a normal user and add that user to the user group normal_user = create_random_user(db) crud.user_group.add_user(db, user_group=user_group, user_id=normal_user.id) # Create a bunch of child nodes (it doesn't matter whether or not they're attached # to the parent node) new_user_groups = [ create_random_user_group(db, created_by_id=superuser.id, node_id=parent_node.id) for i in range(10) ] # For each node, instantiate permissions, get the read permission, then add it to # the user group, enabled for ug in new_user_groups: read_permission = crud.user_group.get_permission( db, id=ug.id, permission_type=PermissionTypeEnum.read) crud.permission.grant(db, user_group_id=user_group.id, permission_id=read_permission.id) user_group_names = [ug.name for ug in new_user_groups] # Create a new node, instantiate permissions, add it to the user group, disabled blocked_user_group = create_random_user_group(db, created_by_id=superuser.id, node_id=parent_node.id) blocked_user_group_read_permission = crud.user_group.get_permission( db, id=blocked_user_group.id, permission_type=PermissionTypeEnum.read) crud.permission.grant( db, user_group_id=user_group.id, permission_id=blocked_user_group_read_permission.id, ) crud.permission.revoke( db, user_group_id=user_group.id, permission_id=blocked_user_group_read_permission.id, ) # Get the nodes back with permission requirements and ensure that you get back # all the nodes we just put in with permissions and that you don't get the # blocked node stored_user_groups = crud.user_group.get_multi_with_permissions( db=db, user=normal_user) stored_user_group_names = [sn.name for sn in stored_user_groups.records] for n in user_group_names: assert n in stored_user_group_names assert blocked_user_group.name not in stored_user_group_names