matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
727d2ecd71af920ddb2f03a201014c8dd5a480e3
mayan-edms/mayan/apps/permissions/tests/test_api.py
Roberto Rosario 8e69178e07 Project: Switch to full app paths 
Instead of inserting the path of the apps into the Python app,
the apps are now referenced by their full import path.

This app name claves with external or native Python libraries.
Example: Mayan statistics app vs. Python new statistics library.

Every app reference is now prepended with 'mayan.apps'.

Existing config.yml files need to be updated manually.

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
2018-12-05 02:04:20 -04:00

248 lines
9.0 KiB
Python
Raw Blame History

from __future__ import unicode_literals
from django.contrib.auth.models import Group
from rest_framework import status
from mayan.apps.rest_api.tests import BaseAPITestCase
from mayan.apps.user_management.tests.literals import TEST_GROUP_2_NAME
from ..classes import Permission
from ..models import Role
from ..permissions import (
permission_role_create, permission_role_delete,
permission_role_edit, permission_role_view
)
from .literals import (
TEST_ROLE_2_LABEL, TEST_ROLE_LABEL, TEST_ROLE_LABEL_EDITED
)
class PermissionAPITestCase(BaseAPITestCase):
def setUp(self):
super(PermissionAPITestCase, self).setUp()
self.login_user()
Permission.invalidate_cache()
def test_permissions_list_view(self):
response = self.get(viewname='rest_api:permission-list')
self.assertEqual(response.status_code, status.HTTP_200_OK)
# Role view
def test_roles_list_view_no_access(self):
response = self.get(viewname='rest_api:role-list')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['count'], 0)
def test_roles_list_view_with_access(self):
self.grant_access(
permission=permission_role_view, obj=self.role
)
response = self.get(viewname='rest_api:role-list')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['count'], 1)
self.assertEqual(response.data['results'][0]['label'], self.role.label)
# Role create
def _role_create_request(self, extra_data=None):
data = {
'label': TEST_ROLE_2_LABEL
}
if extra_data:
data.update(extra_data)
return self.post(
viewname='rest_api:role-list', data=data
)
def test_role_create_view_no_permission(self):
response = self._role_create_request()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(Role.objects.count(), 1)
def test_role_create_view_with_permission(self):
self.grant_permission(permission=permission_role_create)
response = self._role_create_request()
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
role = Role.objects.get(label=TEST_ROLE_2_LABEL)
self.assertEqual(response.data, {'label': role.label, 'id': role.pk})
self.assertEqual(Role.objects.count(), 2)
self.assertEqual(role.label, TEST_ROLE_2_LABEL)
def _create_group(self):
self.group_2 = Group.objects.create(name=TEST_GROUP_2_NAME)
def _request_role_create_with_extra_data(self):
self._create_group()
return self._role_create_request(
extra_data={
'groups_pk_list': '{}'.format(self.group_2.pk),
'permissions_pk_list': '{}'.format(permission_role_view.pk)
}
)
def test_role_create_complex_view_no_permission(self):
response = self._request_role_create_with_extra_data()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(Role.objects.count(), 1)
self.assertEqual(
list(Role.objects.values_list('label', flat=True)),
[TEST_ROLE_LABEL]
)
def test_role_create_complex_view_with_permission(self):
self.grant_permission(permission=permission_role_create)
response = self._request_role_create_with_extra_data()
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(Role.objects.count(), 2)
role = Role.objects.get(label=TEST_ROLE_2_LABEL)
self.assertEqual(role.label, TEST_ROLE_2_LABEL)
self.assertQuerysetEqual(
role.groups.all(), (repr(self.group_2),)
)
self.assertQuerysetEqual(
role.permissions.all(),
(repr(permission_role_view.stored_permission),)
)
# Role edit
def _request_role_edit(self, extra_data=None, request_type='patch'):
data = {
'label': TEST_ROLE_LABEL_EDITED
}
if extra_data:
data.update(extra_data)
return getattr(self, request_type)(
viewname='rest_api:role-detail', args=(self.role.pk,),
data=data
)
def test_role_edit_via_patch_no_access(self):
response = self._request_role_edit(request_type='patch')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.role.refresh_from_db()
self.assertEqual(self.role.label, TEST_ROLE_LABEL)
def test_role_edit_via_patch_with_access(self):
self.grant_access(permission=permission_role_edit, obj=self.role)
response = self._request_role_edit(request_type='patch')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.role.refresh_from_db()
self.assertEqual(self.role.label, TEST_ROLE_LABEL_EDITED)
def _request_role_edit_via_patch_with_extra_data(self):
self._create_group()
return self._request_role_edit(
extra_data={
'groups_pk_list': '{}'.format(self.group_2.pk),
'permissions_pk_list': '{}'.format(permission_role_view.pk)
},
request_type='patch'
)
def test_role_edit_complex_via_patch_no_access(self):
response = self._request_role_edit_via_patch_with_extra_data()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.role.refresh_from_db()
self.assertEqual(self.role.label, TEST_ROLE_LABEL)
self.assertQuerysetEqual(
self.role.groups.all(), (repr(self.group),)
)
self.assertQuerysetEqual(self.role.permissions.all(), ())
def test_role_edit_complex_via_patch_with_access(self):
self.grant_access(permission=permission_role_edit, obj=self.role)
response = self._request_role_edit_via_patch_with_extra_data()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.role.refresh_from_db()
self.assertEqual(self.role.label, TEST_ROLE_LABEL_EDITED)
self.assertQuerysetEqual(
self.role.groups.all(), (repr(self.group_2),)
)
self.assertQuerysetEqual(
self.role.permissions.all(),
(repr(permission_role_view.stored_permission),)
)
def test_role_edit_via_put_no_access(self):
response = self._request_role_edit(request_type='put')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.role.refresh_from_db()
self.assertEqual(self.role.label, TEST_ROLE_LABEL)
def test_role_edit_via_put_with_access(self):
self.grant_access(permission=permission_role_edit, obj=self.role)
response = self._request_role_edit(request_type='put')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.role.refresh_from_db()
self.assertEqual(self.role.label, TEST_ROLE_LABEL_EDITED)
def _request_role_edit_via_put_with_extra_data(self):
self._create_group()
return self._request_role_edit(
extra_data={
'groups_pk_list': '{}'.format(self.group_2.pk),
'permissions_pk_list': '{}'.format(permission_role_view.pk)
}, request_type='put'
)
def test_role_edit_complex_via_put_no_access(self):
response = self._request_role_edit_via_put_with_extra_data()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.role.refresh_from_db()
self.assertEqual(self.role.label, TEST_ROLE_LABEL)
self.assertQuerysetEqual(
self.role.groups.all(), (repr(self.group),)
)
self.assertQuerysetEqual(
self.role.permissions.all(),
()
)
def test_role_edit_complex_via_put_with_access(self):
self.grant_access(permission=permission_role_edit, obj=self.role)
response = self._request_role_edit_via_put_with_extra_data()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.role.refresh_from_db()
self.assertEqual(self.role.label, TEST_ROLE_LABEL_EDITED)
self.assertQuerysetEqual(
self.role.groups.all(), (repr(self.group_2),)
)
self.assertQuerysetEqual(
self.role.permissions.all(),
(repr(permission_role_view.stored_permission),)
)
# Role delete
def _request_role_delete_view(self):
return self.delete(
viewname='rest_api:role-detail', args=(self.role.pk,)
)
def test_role_delete_view_no_access(self):
response = self._request_role_delete_view()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(Role.objects.count(), 1)
def test_role_delete_view_with_access(self):
self.grant_access(permission=permission_role_delete, obj=self.role)
response = self._request_role_delete_view()
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertEqual(Role.objects.count(), 0)
Reference in New Issue View Git Blame Copy Permalink