Improve ACLs tests.
This commit is contained in:
Roberto Rosario
@@ -11,9 +11,13 @@ from documents.permissions import permission_document_view
|
||||
from documents.tests import TEST_SMALL_DOCUMENT_PATH, TEST_DOCUMENT_TYPE
|
||||
from permissions.classes import Permission
|
||||
from permissions.models import Role
|
||||
from permissions.tests.literals import TEST_ROLE_LABEL
|
||||
from user_management.tests.literals import TEST_USER_USERNAME, TEST_GROUP
|
||||
|
||||
from ..models import AccessControlList
|
||||
|
||||
TEST_DOCUMENT_TYPE_2 = 'test document type 2'
|
||||
|
||||
|
||||
@override_settings(OCR_AUTO_OCR=False)
|
||||
class PermissionTestCase(TestCase):
|
||||
@@ -23,27 +27,33 @@ class PermissionTestCase(TestCase):
|
||||
)
|
||||
|
||||
self.document_type_2 = DocumentType.objects.create(
|
||||
label=TEST_DOCUMENT_TYPE + '2'
|
||||
label=TEST_DOCUMENT_TYPE_2
|
||||
)
|
||||
|
||||
with open(TEST_SMALL_DOCUMENT_PATH) as file_object:
|
||||
self.document_1 = self.document_type_1.new_document(
|
||||
file_object=File(file_object), label='document 1'
|
||||
file_object=File(file_object)
|
||||
)
|
||||
|
||||
with open(TEST_SMALL_DOCUMENT_PATH) as file_object:
|
||||
self.document_2 = self.document_type_1.new_document(
|
||||
file_object=File(file_object), label='document 2'
|
||||
file_object=File(file_object)
|
||||
)
|
||||
|
||||
with open(TEST_SMALL_DOCUMENT_PATH) as file_object:
|
||||
self.document_3 = self.document_type_2.new_document(
|
||||
file_object=File(file_object), label='document 3'
|
||||
file_object=File(file_object)
|
||||
)
|
||||
|
||||
self.user = get_user_model().objects.create(username='test user')
|
||||
self.group = Group.objects.create(name='test group')
|
||||
self.role = Role.objects.create(label='test role')
|
||||
self.user = get_user_model().objects.create(
|
||||
username=TEST_USER_USERNAME
|
||||
)
|
||||
self.group = Group.objects.create(name=TEST_GROUP)
|
||||
self.role = Role.objects.create(label=TEST_ROLE_LABEL)
|
||||
|
||||
self.group.user_set.add(self.user)
|
||||
self.role.groups.add(self.group)
|
||||
|
||||
Permission.invalidate_cache()
|
||||
|
||||
def tearDown(self):
|
||||
@@ -61,19 +71,14 @@ class PermissionTestCase(TestCase):
|
||||
)
|
||||
|
||||
def test_filtering_without_permissions(self):
|
||||
self.assertEqual(
|
||||
list(
|
||||
AccessControlList.objects.filter_by_access(
|
||||
permission=permission_document_view, user=self.user,
|
||||
queryset=Document.objects.all()
|
||||
)
|
||||
self.assertQuerysetEqual(
|
||||
AccessControlList.objects.filter_by_access(
|
||||
permission=permission_document_view, user=self.user,
|
||||
queryset=Document.objects.all()
|
||||
), []
|
||||
)
|
||||
|
||||
def test_check_access_with_acl(self):
|
||||
self.group.user_set.add(self.user)
|
||||
self.role.groups.add(self.group)
|
||||
|
||||
acl = AccessControlList.objects.create(
|
||||
content_object=self.document_1, role=self.role
|
||||
)
|
||||
@@ -88,28 +93,21 @@ class PermissionTestCase(TestCase):
|
||||
self.fail('PermissionDenied exception was not expected.')
|
||||
|
||||
def test_filtering_with_permissions(self):
|
||||
self.group.user_set.add(self.user)
|
||||
self.role.permissions.add(permission_document_view.stored_permission)
|
||||
self.role.groups.add(self.group)
|
||||
|
||||
acl = AccessControlList.objects.create(
|
||||
content_object=self.document_1, role=self.role
|
||||
)
|
||||
acl.permissions.add(permission_document_view.stored_permission)
|
||||
|
||||
self.assertEqual(
|
||||
list(
|
||||
AccessControlList.objects.filter_by_access(
|
||||
permission=permission_document_view, user=self.user,
|
||||
queryset=Document.objects.all()
|
||||
)
|
||||
), [self.document_1]
|
||||
self.assertQuerysetEqual(
|
||||
AccessControlList.objects.filter_by_access(
|
||||
permission=permission_document_view, user=self.user,
|
||||
queryset=Document.objects.all()
|
||||
), (repr(self.document_1),)
|
||||
)
|
||||
|
||||
def test_check_access_with_inherited_acl(self):
|
||||
self.group.user_set.add(self.user)
|
||||
self.role.groups.add(self.group)
|
||||
|
||||
acl = AccessControlList.objects.create(
|
||||
content_object=self.document_type_1, role=self.role
|
||||
)
|
||||
@@ -124,9 +122,6 @@ class PermissionTestCase(TestCase):
|
||||
self.fail('PermissionDenied exception was not expected.')
|
||||
|
||||
def test_check_access_with_inherited_acl_and_local_acl(self):
|
||||
self.group.user_set.add(self.user)
|
||||
self.role.groups.add(self.group)
|
||||
|
||||
acl = AccessControlList.objects.create(
|
||||
content_object=self.document_type_1, role=self.role
|
||||
)
|
||||
@@ -146,9 +141,7 @@ class PermissionTestCase(TestCase):
|
||||
self.fail('PermissionDenied exception was not expected.')
|
||||
|
||||
def test_filtering_with_inherited_permissions(self):
|
||||
self.group.user_set.add(self.user)
|
||||
self.role.permissions.add(permission_document_view.stored_permission)
|
||||
self.role.groups.add(self.group)
|
||||
|
||||
acl = AccessControlList.objects.create(
|
||||
content_object=self.document_type_1, role=self.role
|
||||
@@ -164,9 +157,7 @@ class PermissionTestCase(TestCase):
|
||||
self.assertTrue(self.document_3 not in result)
|
||||
|
||||
def test_filtering_with_inherited_permissions_and_local_acl(self):
|
||||
self.group.user_set.add(self.user)
|
||||
self.role.permissions.add(permission_document_view.stored_permission)
|
||||
self.role.groups.add(self.group)
|
||||
|
||||
acl = AccessControlList.objects.create(
|
||||
content_object=self.document_type_1, role=self.role
|
||||
|
||||
Reference in New Issue
Block a user