From ba73a9b55edccf0fc4143194e9c771c79c5b4747 Mon Sep 17 00:00:00 2001 From: Roberto Rosario Date: Sat, 20 Apr 2019 17:39:07 -0400 Subject: [PATCH] Fix ACLs app tests Signed-off-by: Roberto Rosario --- mayan/apps/acls/api_views.py | 16 +- mayan/apps/acls/tests/test_api.py | 254 ++++++++++++++++++------------ mayan/apps/acls/views.py | 6 +- 3 files changed, 166 insertions(+), 110 deletions(-) diff --git a/mayan/apps/acls/api_views.py b/mayan/apps/acls/api_views.py index 5c3612a9cb..62e3cd0709 100644 --- a/mayan/apps/acls/api_views.py +++ b/mayan/apps/acls/api_views.py @@ -124,9 +124,13 @@ class APIObjectACLPermissionListView(generics.ListCreateAPIView): klass=content_type.model_class(), pk=self.kwargs['object_pk'] ) + if self.request.method == 'GET': + permission = permission_acl_view + else: + permission = permission_acl_edit + AccessControlList.objects.check_access( - permissions=permission_acl_view, user=self.request.user, - obj=content_object + obj=content_object, permissions=permission, user=self.request.user ) return content_object @@ -181,9 +185,13 @@ class APIObjectACLPermissionView(generics.RetrieveDestroyAPIView): klass=content_type.model_class(), pk=self.kwargs['object_pk'] ) + if self.request.method == 'GET': + permission = permission_acl_view + else: + permission = permission_acl_edit + AccessControlList.objects.check_access( - permissions=permission_acl_view, user=self.request.user, - obj=content_object + obj=content_object, permissions=permission, user=self.request.user ) return content_object diff --git a/mayan/apps/acls/tests/test_api.py b/mayan/apps/acls/tests/test_api.py index b332f56c27..759402a894 100644 --- a/mayan/apps/acls/tests/test_api.py +++ b/mayan/apps/acls/tests/test_api.py @@ -10,7 +10,7 @@ from mayan.apps.permissions.tests.literals import TEST_ROLE_LABEL from mayan.apps.rest_api.tests import BaseAPITestCase from ..models import AccessControlList -from ..permissions import permission_acl_view +from ..permissions import permission_acl_edit, permission_acl_view from .mixins import ACLTestMixin @@ -18,12 +18,12 @@ from .mixins import ACLTestMixin class ACLAPITestCase(ACLTestMixin, DocumentTestMixin, BaseAPITestCase): def setUp(self): super(ACLAPITestCase, self).setUp() - self.test_document_content_type = ContentType.objects.get_for_model( - self.test_document - ) self.test_object = self.test_document + self.test_object_content_type = ContentType.objects.get_for_model( + self.test_object + ) - def test_object_acl_list_view(self): + def test_acl_list_api_view_with_access(self): self._create_test_acl() self.grant_access(obj=self.test_object, permission=permission_acl_view) @@ -31,169 +31,213 @@ class ACLAPITestCase(ACLTestMixin, DocumentTestMixin, BaseAPITestCase): response = self.get( viewname='rest_api:accesscontrollist-list', args=( - self.test_document_content_type.app_label, - self.test_document_content_type.model, - self.test_document.pk + self.test_object_content_type.app_label, + self.test_object_content_type.model, + self.test_object.pk ) ) self.assertEqual(response.status_code, status.HTTP_200_OK) - self.assertEqual( - response.data['results'][0]['content_type']['app_label'], - self.test_object_content_type.app_label + self.assertContains( + response=response, text=self.test_object_content_type.app_label, + status_code=200 ) - self.assertEqual( - response.data['results'][0]['role']['label'], - self.test_acl.role.label + self.assertContains( + response=response, text=self.test_acl.role.label, + status_code=200 ) - def test_object_acl_delete_view(self): + def _request_test_acl_delete_api_view(self): + return self.delete( + viewname='rest_api:accesscontrollist-detail', + args=( + self.test_object_content_type.app_label, + self.test_object_content_type.model, + self.test_object.pk, self.test_acl.pk + ) + ) + + def test_acl_delete_api_view_with_access(self): self.expected_content_type = None self._create_test_acl() - response = self.delete( + self.grant_access(self.test_object, permission=permission_acl_edit) + + acl_count = AccessControlList.objects.count() + + response = self._request_test_acl_delete_api_view() + self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) + + self.assertEqual(AccessControlList.objects.count(), acl_count - 1) + + def _request_test_acl_detail_api_view(self): + return self.get( viewname='rest_api:accesscontrollist-detail', args=( - self.test_document_content_type.app_label, - self.test_document_content_type.model, - self.test_document.pk, self.test_acl.pk + self.test_object_content_type.app_label, + self.test_object_content_type.model, + self.test_object.pk, self.test_acl.pk ) ) - self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) - self.assertEqual(AccessControlList.objects.count(), 0) - def test_object_acl_detail_view(self): + + def test_acl_detail_api_view_with_access(self): self._create_test_acl() - response = self.get( - viewname='rest_api:accesscontrollist-detail', - args=( - self.test_document_content_type.app_label, - self.test_document_content_type.model, - self.test_document.pk, self.test_acl.pk - ) - ) + self.grant_access(obj=self.test_object, permission=permission_acl_view) + + response = self._request_test_acl_detail_api_view() + self.assertEqual( response.data['content_type']['app_label'], - self.test_document_content_type.app_label + self.test_object_content_type.app_label ) self.assertEqual( response.data['role']['label'], TEST_ROLE_LABEL ) - def test_object_acl_permission_delete_view(self): - self.expected_content_type = None - self._create_test_acl() - self.test_acls.grant_permission(permission=permission_document_view) - permission = self.test_acl.permissions.first() - - response = self.delete( + def _request_test_acl_permission_delete_api_view(self): + return self.delete( viewname='rest_api:accesscontrollist-permission-detail', args=( - self.test_document_content_type.app_label, - self.test_document_content_type.model, - self.test_document.pk, self.test_acl.pk, - permission.pk + self.test_object_content_type.app_label, + self.test_object_content_type.model, + self.test_object.pk, self.test_acl.pk, + self.test_permission.stored_permission.pk ) ) + + + def test_acl_permission_delete_view_with_access(self): + self.expected_content_type = None + self.test_permission = permission_document_view + self._create_test_acl() + self.test_acl.permissions.add(self.test_permission.stored_permission) + + self.grant_access(obj=self.test_object, permission=permission_acl_edit) + + response = self._request_test_acl_permission_delete_api_view() self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) + self.assertEqual(self.test_acl.permissions.count(), 0) - def test_object_acl_permission_detail_view(self): - self._create_test_acl() - permission = self.test_acl.permissions.first() - - response = self.get( + def _request_test_acl_permission_detail_api_view(self): + return self.get( viewname='rest_api:accesscontrollist-permission-detail', args=( - self.test_document_content_type.app_label, - self.test_document_content_type.model, - self.test_document.pk, self.test_acl.pk, - permission.pk + self.test_object_content_type.app_label, + self.test_object_content_type.model, + self.test_object.pk, self.test_acl.pk, + self.test_acl.permissions.first().pk ) ) + + def test_acl_permission_detail_api_view_with_access(self): + self._create_test_acl() + self.test_acl.permissions.add(permission_document_view.stored_permission) + + self.grant_access(obj=self.test_object, permission=permission_acl_view) + + response = self._request_test_acl_permission_detail_api_view() self.assertEqual( response.data['pk'], permission_document_view.pk ) - def test_object_acl_permission_list_view(self): - self._create_test_acl() - - response = self.get( + def _request_test_acl_permission_list_api_get_view(self): + return self.get( viewname='rest_api:accesscontrollist-permission-list', args=( - self.test_document_content_type.app_label, - self.test_document_content_type.model, - self.test_document.pk, self.test_acl.pk + self.test_object_content_type.app_label, + self.test_object_content_type.model, + self.test_object.pk, self.test_acl.pk ) ) + + def test_acl_permission_list_api_get_view_with_access(self): + self._create_test_acl() + self.test_acl.permissions.add(permission_document_view.stored_permission) + + self.grant_access(obj=self.test_object, permission=permission_acl_view) + + response = self._request_test_acl_permission_list_api_get_view() self.assertEqual( response.data['results'][0]['pk'], permission_document_view.pk ) - def test_object_acl_permission_list_post_view(self): - self._create_test_acl() - - response = self.post( + def _request_acl_permssion_list_api_post_view(self): + return self.post( viewname='rest_api:accesscontrollist-permission-list', args=( - self.test_document_content_type.app_label, - self.test_document_content_type.model, - self.test_document.pk, self.test_acl.pk - ), data={'permission_pk': permission_acl_view.pk} + self.test_object_content_type.app_label, + self.test_object_content_type.model, + self.test_object.pk, self.test_acl.pk + ), data={'permission_pk': self.test_permission.pk} ) + + def test_acl_permission_list_api_post_view_with_access(self): + self._create_test_acl() + self.test_permission = permission_document_view + + self.grant_access(obj=self.test_object, permission=permission_acl_edit) + + response = self._request_acl_permssion_list_api_post_view() self.assertEqual(response.status_code, status.HTTP_201_CREATED) - self.assertQuerysetEqual( - ordered=False, qs=self.test_acl.permissions.all(), values=( - repr(permission_document_view.stored_permission), - repr(permission_acl_view.stored_permission) - ) + self.assertTrue( + self.test_permission.stored_permission in self.test_acl.permissions.all() ) - def test_object_acl_post_no_permissions_added_view(self): - response = self.post( + def _request_acl_create_api_view(self, extra_data=None): + data = {'role_pk': self.test_role.pk} + + if extra_data: + data.update(extra_data) + + return self.post( viewname='rest_api:accesscontrollist-list', args=( - self.test_document_content_type.app_label, - self.test_document_content_type.model, - self.test_document.pk - ), data={'role_pk': self.test_role.pk} + self.test_object_content_type.app_label, + self.test_object_content_type.model, + self.test_object.pk + ), data=data + ) + + def test_acl_create_api_api_view_with_access(self): + self.grant_access(obj=self.test_object, permission=permission_acl_edit) + + response = self._request_acl_create_api_view() + self.assertEqual(response.status_code, status.HTTP_201_CREATED) + pk = response.data['id'] + + test_object_acl = self.test_object.acls.get(pk=pk) + self.assertEqual( + test_object_acl.role, self.test_role + ) + self.assertEqual( + test_object_acl.content_object, self.test_object + ) + self.assertEqual( + test_object_acl.permissions.count(), 0 + ) + + def test_acl_create_post_api_extra_data_view_with_access(self): + self.grant_access(obj=self.test_object, permission=permission_acl_edit) + + response = self._request_acl_create_api_view( + extra_data={'permissions_pk_list': permission_acl_view.pk} ) self.assertEqual(response.status_code, status.HTTP_201_CREATED) + pk = response.data['id'] + + test_object_acl = self.test_object.acls.get(pk=pk) self.assertEqual( - self.test_document.acls.first().role, self.test_role + test_object_acl.content_object, self.test_object ) self.assertEqual( - self.test_document.acls.first().content_object, self.test_document + test_object_acl.role, self.test_role ) self.assertEqual( - self.test_document.acls.first().permissions.count(), 0 - ) - - def test_object_acl_post_with_permissions_added_view(self): - response = self.post( - viewname='rest_api:accesscontrollist-list', - args=( - self.test_document_content_type.app_label, - self.test_document_content_type.model, - self.test_document.pk - ), data={ - 'role_pk': self.role.pk, - 'permissions_pk_list': permission_acl_view.pk - - } - ) - self.assertEqual(response.status_code, status.HTTP_201_CREATED) - - self.assertEqual( - self.test_document.acls.first().content_object, self.test_document - ) - self.assertEqual( - self.test_document.acls.first().role, self.role - ) - self.assertEqual( - self.test_document.acls.first().permissions.first(), + test_object_acl.permissions.first(), permission_acl_view.stored_permission ) diff --git a/mayan/apps/acls/views.py b/mayan/apps/acls/views.py index 657226f00d..0b7f4c7983 100644 --- a/mayan/apps/acls/views.py +++ b/mayan/apps/acls/views.py @@ -66,9 +66,13 @@ class ACLCreateView(SingleObjectCreateView): } def get_form_extra_kwargs(self): + acls = AccessControlList.objects.filter( + content_type=self.content_type, object_id=self.content_object.pk + ) + return { 'queryset': Role.objects.exclude( - pk__in=self.content_object.acls.values('role') + pk__in=acls.values('role') ), 'user': self.request.user }