Add new ACL app API tests
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
This commit is contained in:
Roberto Rosario
@@ -1,21 +1,15 @@
|
||||
from __future__ import absolute_import, unicode_literals
|
||||
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.shortcuts import get_object_or_404
|
||||
|
||||
from rest_framework import generics, status, viewsets
|
||||
from rest_framework import status
|
||||
from rest_framework.decorators import action
|
||||
from rest_framework.response import Response
|
||||
|
||||
from mayan.apps.common.mixins import ContentTypeViewMixin, ExternalObjectMixin
|
||||
from mayan.apps.rest_api.viewsets import (
|
||||
MayanAPIGenericViewSet, MayanAPIModelViewSet, MayanAPIReadOnlyModelViewSet
|
||||
)
|
||||
from mayan.apps.permissions.serializers import (
|
||||
PermissionSerializer, RolePermissionAddRemoveSerializer
|
||||
)
|
||||
from mayan.apps.rest_api.viewsets import MayanAPIModelViewSet
|
||||
|
||||
from .models import AccessControlList
|
||||
from .permissions import permission_acl_edit, permission_acl_view
|
||||
from .serializers import AccessControlListSerializer
|
||||
|
||||
@@ -57,8 +51,7 @@ class ObjectACLAPIViewSet(ContentTypeViewMixin, ExternalObjectMixin, MayanAPIMod
|
||||
return self.get_content_type().get_all_objects_for_this_type()
|
||||
|
||||
def get_queryset(self):
|
||||
obj = self.get_external_object()
|
||||
return obj.acls.all()
|
||||
return self.get_external_object().acls.all()
|
||||
|
||||
@action(
|
||||
detail=True, lookup_url_kwarg='acl_id', methods=('post',),
|
||||
|
||||
@@ -7,7 +7,6 @@ from mayan.apps.events import ModelEventType
|
||||
from mayan.apps.events.links import (
|
||||
link_events_for_object, link_object_event_types_user_subcriptions_list
|
||||
)
|
||||
from mayan.apps.events.permissions import permission_events_view
|
||||
from mayan.apps.navigation import SourceColumn
|
||||
|
||||
from .classes import ModelPermission
|
||||
|
||||
@@ -1,30 +1,19 @@
|
||||
from __future__ import absolute_import, unicode_literals
|
||||
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.core.exceptions import ValidationError as DjangoValidationError
|
||||
from django.utils.encoding import force_text
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from rest_framework import serializers
|
||||
from rest_framework.exceptions import ValidationError
|
||||
from rest_framework.reverse import reverse
|
||||
|
||||
from mayan.apps.common.serializers import ContentTypeSerializer
|
||||
from mayan.apps.permissions import Permission
|
||||
from mayan.apps.permissions.models import Role, StoredPermission
|
||||
from mayan.apps.permissions.models import Role
|
||||
from mayan.apps.permissions.permissions import permission_role_edit
|
||||
from mayan.apps.permissions.serializers import (
|
||||
PermissionSerializer, RoleSerializer
|
||||
)
|
||||
from mayan.apps.rest_api.mixins import (
|
||||
ExternalObjectListSerializerMixin, ExternalObjectSerializerMixin
|
||||
)
|
||||
from mayan.apps.permissions.serializers import RoleSerializer
|
||||
from mayan.apps.rest_api.mixins import ExternalObjectSerializerMixin
|
||||
from mayan.apps.rest_api.relations import MultiKwargHyperlinkedIdentityField
|
||||
|
||||
from .models import AccessControlList
|
||||
|
||||
|
||||
#TODO: Inherited permissions
|
||||
class AccessControlListSerializer(ExternalObjectSerializerMixin, serializers.ModelSerializer):
|
||||
content_type = ContentTypeSerializer(read_only=True)
|
||||
role = RoleSerializer(read_only=True)
|
||||
|
||||
@@ -1,13 +1,8 @@
|
||||
from __future__ import absolute_import, unicode_literals
|
||||
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
|
||||
from rest_framework import status
|
||||
|
||||
from mayan.apps.common.tests.mixins import TestModelTestMixin
|
||||
from mayan.apps.documents.permissions import permission_document_view
|
||||
from mayan.apps.documents.tests import DocumentTestMixin
|
||||
from mayan.apps.permissions.tests.literals import TEST_ROLE_LABEL
|
||||
from mayan.apps.permissions.tests.mixins import PermissionTestMixin, RoleTestMixin
|
||||
from mayan.apps.rest_api.tests import BaseAPITestCase
|
||||
|
||||
@@ -24,7 +19,6 @@ class ACLAPITestCase(ACLTestMixin, RoleTestMixin, PermissionTestMixin, TestModel
|
||||
|
||||
self._create_test_model()
|
||||
self._create_test_object()
|
||||
self._create_test_acl()
|
||||
ModelPermission.register(
|
||||
model=self.test_object._meta.model, permissions=(
|
||||
permission_acl_edit, permission_acl_view,
|
||||
@@ -32,6 +26,7 @@ class ACLAPITestCase(ACLTestMixin, RoleTestMixin, PermissionTestMixin, TestModel
|
||||
)
|
||||
|
||||
self._create_test_permission()
|
||||
self._create_test_acl()
|
||||
ModelPermission.register(
|
||||
model=self.test_object._meta.model, permissions=(
|
||||
self.test_permission,
|
||||
@@ -86,141 +81,125 @@ class ACLAPITestCase(ACLTestMixin, RoleTestMixin, PermissionTestMixin, TestModel
|
||||
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
|
||||
self.assertTrue(self.test_acl in AccessControlList.objects.all())
|
||||
|
||||
def test_object_acl_detail_view(self):
|
||||
self._create_acl()
|
||||
def _request_object_acl_detail_api_view(self):
|
||||
kwargs = self.test_content_object_view_kwargs.copy()
|
||||
kwargs['acl_id'] = self.test_acl.pk
|
||||
|
||||
response = self.get(
|
||||
return self.get(
|
||||
viewname='rest_api:object-acl-detail',
|
||||
kwargs={
|
||||
'app_label': self.document_content_type.app_label,
|
||||
'model': self.document_content_type.model,
|
||||
'object_id': self.document.pk,
|
||||
'acl_pk': self.acl.pk
|
||||
}
|
||||
kwargs=kwargs
|
||||
)
|
||||
|
||||
def test_object_acl_detail_api_view_with_access(self):
|
||||
self.grant_access(obj=self.test_object, permission=permission_acl_view)
|
||||
|
||||
response = self._request_object_acl_detail_api_view()
|
||||
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
||||
self.assertEqual(
|
||||
response.data['content_type']['app_label'],
|
||||
self.document_content_type.app_label
|
||||
self.test_object_content_type.app_label
|
||||
)
|
||||
self.assertEqual(
|
||||
response.data['role']['label'], TEST_ROLE_LABEL
|
||||
response.data['role']['label'], self.test_acl.role.label
|
||||
)
|
||||
|
||||
def test_object_acl_permission_delete_view(self):
|
||||
self._create_acl()
|
||||
permission = self.acl.permissions.first()
|
||||
def test_object_acl_detail_api_view_no_permission(self):
|
||||
response = self._request_object_acl_detail_api_view()
|
||||
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
|
||||
|
||||
response = self.delete(
|
||||
viewname='rest_api:object-acl-permission-detail',
|
||||
kwargs={
|
||||
'app_label': self.document_content_type.app_label,
|
||||
'model_name': self.document_content_type.model,
|
||||
'object_id': self.document.pk,
|
||||
'acl_id': self.acl.pk, 'permission_id': permission.pk
|
||||
}
|
||||
)
|
||||
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
|
||||
self.assertEqual(self.acl.permissions.count(), 0)
|
||||
def _request_object_acl_permission_list_api_view(self):
|
||||
kwargs = self.test_content_object_view_kwargs.copy()
|
||||
kwargs['acl_id'] = self.test_acl.pk
|
||||
|
||||
def test_object_acl_permission_detail_view(self):
|
||||
self._create_acl()
|
||||
permission = self.acl.permissions.first()
|
||||
|
||||
response = self.get(
|
||||
viewname='rest_api:object-acl-permission-detail',
|
||||
kwargs={
|
||||
'app_label': self.document_content_type.app_label,
|
||||
'model_name': self.document_content_type.model,
|
||||
'object_id': self.document.pk, 'acl_pk': self.acl.pk,
|
||||
'permission_pk': permission.pk
|
||||
}
|
||||
)
|
||||
|
||||
self.assertEqual(
|
||||
response.data['permission_pk'], permission_document_view.pk
|
||||
)
|
||||
|
||||
def test_object_acl_permission_list_view(self):
|
||||
self._create_acl()
|
||||
|
||||
response = self.get(
|
||||
return self.get(
|
||||
viewname='rest_api:object-acl-permission-list',
|
||||
kwargs={
|
||||
'app_label': self.document_content_type.app_label,
|
||||
'model_name': self.document_content_type.model,
|
||||
'object_id': self.document.pk,
|
||||
'acl_id': self.acl.pk
|
||||
}
|
||||
kwargs=kwargs
|
||||
)
|
||||
|
||||
def test_object_acl_permission_list_api_view_with_access(self):
|
||||
self.grant_access(obj=self.test_object, permission=permission_acl_view)
|
||||
|
||||
response = self._request_object_acl_permission_list_api_view()
|
||||
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
||||
self.assertEqual(
|
||||
response.data['results'][0]['permission_pk'],
|
||||
permission_document_view.pk
|
||||
response.data['results'][0]['pk'],
|
||||
self.test_permission.pk
|
||||
)
|
||||
|
||||
def test_object_acl_permission_list_post_view(self):
|
||||
self._create_acl()
|
||||
def test_object_acl_permission_list_api_view_no_permission(self):
|
||||
response = self._request_object_acl_permission_list_api_view()
|
||||
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
|
||||
|
||||
response = self.post(
|
||||
viewname='rest_api:object-acl-permission-list',
|
||||
kwargs={
|
||||
'app_label': self.document_content_type.app_label,
|
||||
'model_name': self.document_content_type.model,
|
||||
'object_id': self.document.pk, 'acl_pk': self.acl.pk
|
||||
}, data={'permission_id': permission_acl_view.pk}
|
||||
def _request_object_acl_permission_remove_api_view(self):
|
||||
kwargs = self.test_content_object_view_kwargs.copy()
|
||||
kwargs['acl_id'] = self.test_acl.pk
|
||||
|
||||
return self.post(
|
||||
viewname='rest_api:object-acl-permission-remove',
|
||||
kwargs=kwargs, data={'permission_id_list': self.test_permission.pk}
|
||||
)
|
||||
|
||||
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
|
||||
self.assertQuerysetEqual(
|
||||
ordered=False, qs=self.acl.permissions.all(), values=(
|
||||
repr(permission_document_view.stored_permission),
|
||||
repr(permission_acl_view.stored_permission)
|
||||
)
|
||||
def test_object_acl_permission_remove_api_view_with_access(self):
|
||||
self.grant_access(obj=self.test_object, permission=permission_acl_edit)
|
||||
|
||||
response = self._request_object_acl_permission_remove_api_view()
|
||||
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
||||
self.assertTrue(self.test_permission.stored_permission not in self.test_acl.permissions.all())
|
||||
|
||||
def test_object_acl_permission_remove_api_view_no_permission(self):
|
||||
response = self._request_object_acl_permission_remove_api_view()
|
||||
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
|
||||
self.assertTrue(self.test_permission.stored_permission in self.test_acl.permissions.all())
|
||||
|
||||
def _request_object_acl_permission_add_api_view(self):
|
||||
kwargs = self.test_content_object_view_kwargs.copy()
|
||||
kwargs['acl_id'] = self.test_acl.pk
|
||||
|
||||
return self.post(
|
||||
viewname='rest_api:object-acl-permission-add',
|
||||
kwargs=kwargs, data={'permission_id_list': self.test_permission.pk}
|
||||
)
|
||||
|
||||
def test_object_acl_post_no_permissions_added_view(self):
|
||||
response = self.post(
|
||||
viewname='rest_api:object-acl-list',
|
||||
kwargs={
|
||||
'app_label': self.document_content_type.app_label,
|
||||
'model_name': self.document_content_type.model,
|
||||
'object_id': self.document.pk
|
||||
}, data={'role_id': self.test_role.pk}
|
||||
def test_object_acl_permission_add_api_view_with_access(self):
|
||||
self.test_acl.permissions.clear()
|
||||
self.grant_access(obj=self.test_object, permission=permission_acl_edit)
|
||||
|
||||
response = self._request_object_acl_permission_add_api_view()
|
||||
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
||||
self.assertTrue(self.test_permission.stored_permission in self.test_acl.permissions.all())
|
||||
|
||||
def test_object_acl_permission_add_api_view_no_permission(self):
|
||||
self.test_acl.permissions.clear()
|
||||
|
||||
response = self._request_object_acl_permission_add_api_view()
|
||||
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
|
||||
self.assertTrue(self.test_permission.stored_permission not in self.test_acl.permissions.all())
|
||||
|
||||
def _request_object_acl_inherited_permission_list_api_view(self):
|
||||
kwargs = self.test_content_object_view_kwargs.copy()
|
||||
kwargs['acl_id'] = self.test_acl.pk
|
||||
|
||||
return self.get(
|
||||
viewname='rest_api:object-acl-permission-inherited-list',
|
||||
kwargs=kwargs
|
||||
)
|
||||
|
||||
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
|
||||
def test_object_acl_inherited_permission_list_api_view_with_access(self):
|
||||
self.test_acl.permissions.clear()
|
||||
self.test_role.grant(permission=self.test_permission)
|
||||
|
||||
self.grant_access(obj=self.test_object, permission=permission_acl_view)
|
||||
|
||||
response = self._request_object_acl_inherited_permission_list_api_view()
|
||||
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
||||
self.assertEqual(
|
||||
self.document.acls.first().role, self.test_role
|
||||
)
|
||||
self.assertEqual(
|
||||
self.document.acls.first().content_object, self.document
|
||||
)
|
||||
self.assertEqual(
|
||||
self.document.acls.first().permissions.count(), 0
|
||||
response.data['results'][0]['pk'],
|
||||
self.test_permission.pk
|
||||
)
|
||||
|
||||
def test_object_acl_post_with_permissions_added_view(self):
|
||||
response = self.post(
|
||||
viewname='rest_api:object-acl-list',
|
||||
kwargs={
|
||||
'app_label': self.document_content_type.app_label,
|
||||
'model': self.document_content_type.model,
|
||||
'object_id': self.document.pk
|
||||
}, data={
|
||||
'role_pk': self.test_role.pk,
|
||||
'permissions_pk_list': permission_acl_view.pk
|
||||
def test_object_acl_inherited_permission_list_api_view_no_permission(self):
|
||||
self.test_acl.permissions.clear()
|
||||
self.test_role.grant(permission=self.test_permission)
|
||||
|
||||
}
|
||||
)
|
||||
|
||||
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
|
||||
self.assertEqual(
|
||||
self.document.acls.first().content_object, self.document
|
||||
)
|
||||
self.assertEqual(
|
||||
self.document.acls.first().role, self.test_role
|
||||
)
|
||||
self.assertEqual(
|
||||
self.document.acls.first().permissions.first(),
|
||||
permission_acl_view.stored_permission
|
||||
)
|
||||
response = self._request_object_acl_inherited_permission_list_api_view()
|
||||
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
|
||||
|
||||
@@ -32,26 +32,3 @@ api_router_entries = (
|
||||
'viewset': ObjectACLAPIViewSet, 'basename': 'object-acl'
|
||||
},
|
||||
)
|
||||
|
||||
'''
|
||||
api_urls = [
|
||||
url(
|
||||
regex=r'^objects/(?P<app_label>[-\w]+)/(?P<model>[-\w]+)/(?P<object_id>\d+)/acls/$',
|
||||
name='accesscontrollist-list', view=APIObjectACLListView.as_view()
|
||||
),
|
||||
url(
|
||||
regex=r'^objects/(?P<app_label>[-\w]+)/(?P<model>[-\w]+)/(?P<object_id>\d+)/acls/(?P<acl_id>\d+)/$',
|
||||
name='accesscontrollist-detail', view=APIObjectACLView.as_view()
|
||||
),
|
||||
url(
|
||||
regex=r'^objects/(?P<app_label>[-\w]+)/(?P<model>[-\w]+)/(?P<object_id>\d+)/acls/(?P<acl_id>\d+)/permissions/$',
|
||||
name='accesscontrollist-permission-list',
|
||||
view=APIObjectACLPermissionListView.as_view()
|
||||
),
|
||||
url(
|
||||
regex=r'^objects/(?P<app_label>[-\w]+)/(?P<model>[-\w]+)/(?P<object_id>\d+)/acls/(?P<acl_id>\d+)/permissions/(?P<permission_id>\d+)/$',
|
||||
name='accesscontrollist-permission-detail',
|
||||
view=APIObjectACLPermissionView.as_view()
|
||||
),
|
||||
]
|
||||
'''
|
||||
|
||||
Reference in New Issue
Block a user