-
-
Notifications
You must be signed in to change notification settings - Fork 91
Expand file tree
/
Copy pathtest_permission_classes.py
More file actions
253 lines (235 loc) · 11.9 KB
/
test_permission_classes.py
File metadata and controls
253 lines (235 loc) · 11.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
from django.contrib.auth import get_user_model
from django.contrib.auth.models import Permission
from django.test import TestCase
from django.urls import reverse
from swapper import load_model
from openwisp_users.api.throttling import AuthRateThrottle
from ..models import Template
from .mixins import TestMultitenancyMixin
User = get_user_model()
Group = load_model('openwisp_users', 'Group')
OrganizationUser = load_model('openwisp_users', 'OrganizationUser')
class TestPermissionClasses(TestMultitenancyMixin, TestCase):
def setUp(self):
AuthRateThrottle.rate = 0
self.template_model = Template
self.member_url = reverse('test_api_member_view')
self.manager_url = reverse('test_api_manager_view')
self.owner_url = reverse('test_api_owner_view')
def test_operator_none(self):
self._get_operator()
token = self._obtain_auth_token()
auth = dict(HTTP_AUTHORIZATION=f'Bearer {token}')
with self.subTest('Organization Member'):
response = self.client.get(self.member_url, **auth)
self.assertEqual(response.status_code, 403)
with self.subTest('Organization Manager'):
response = self.client.get(self.manager_url, **auth)
self.assertEqual(response.status_code, 403)
with self.subTest('Organization Owner'):
response = self.client.get(self.owner_url, **auth)
self.assertEqual(response.status_code, 403)
def test_operator_member(self):
operator = self._get_operator()
self._create_org_user(user=operator)
token = self._obtain_auth_token()
auth = dict(HTTP_AUTHORIZATION=f'Bearer {token}')
with self.subTest('Organization Member'):
response = self.client.get(self.member_url, **auth)
self.assertEqual(response.status_code, 200)
with self.subTest('Organization Manager'):
response = self.client.get(self.manager_url, **auth)
self.assertEqual(response.status_code, 403)
with self.subTest('Organization Owner'):
response = self.client.get(self.owner_url, **auth)
self.assertEqual(response.status_code, 403)
def test_operator_manager(self):
operator = self._get_operator()
# First user is automatically owner, so created dummy
# user to keep operator as manager only.
self._create_org_user(user=self._get_user(), is_admin=True)
self._create_org_user(user=operator, is_admin=True)
token = self._obtain_auth_token()
auth = dict(HTTP_AUTHORIZATION=f'Bearer {token}')
with self.subTest('Organization Member'):
response = self.client.get(self.member_url, **auth)
self.assertEqual(response.status_code, 200)
with self.subTest('Organization Manager'):
response = self.client.get(self.manager_url, **auth)
self.assertEqual(response.status_code, 200)
with self.subTest('Organization Owner'):
response = self.client.get(self.owner_url, **auth)
self.assertEqual(response.status_code, 403)
def test_operator_owner(self):
operator = self._get_operator()
# First user is automatically owner
self._create_org_user(user=operator, is_admin=True)
token = self._obtain_auth_token()
auth = dict(HTTP_AUTHORIZATION=f'Bearer {token}')
with self.subTest('Organization Member'):
response = self.client.get(self.member_url, **auth)
self.assertEqual(response.status_code, 200)
with self.subTest('Organization Manager'):
response = self.client.get(self.manager_url, **auth)
self.assertEqual(response.status_code, 200)
with self.subTest('Organization Owner'):
response = self.client.get(self.owner_url, **auth)
self.assertEqual(response.status_code, 200)
def test_superuser(self):
admin = self._get_admin()
token = self._obtain_auth_token(username=admin)
self.client.force_login(admin)
auth = dict(HTTP_AUTHORIZATION=f'Bearer {token}')
with self.subTest('Organization Member'):
response = self.client.get(self.member_url, **auth)
self.assertEqual(response.status_code, 200)
with self.subTest('Organization Manager'):
response = self.client.get(self.manager_url, **auth)
self.assertEqual(response.status_code, 200)
with self.subTest('Organization Owner'):
response = self.client.get(self.owner_url, **auth)
self.assertEqual(response.status_code, 200)
def test_base_org_perm_fails(self):
admin = self._get_admin()
token = self._obtain_auth_token(username=admin)
self.client.force_login(admin)
auth = dict(HTTP_AUTHORIZATION=f'Bearer {token}')
base_org_permissions_url = reverse('test_base_org_permission_view')
with self.assertRaises(NotImplementedError) as error:
self.client.get(base_org_permissions_url, **auth)
self.assertIn('Please use one of the child classes', str(error.exception))
def test_organization_field_with_parent(self):
operator = self._get_operator()
self._create_org_user(user=operator)
token = self._obtain_auth_token()
auth = dict(HTTP_AUTHORIZATION=f'Bearer {token}')
response = self.client.get(reverse('test_organization_field_view'), **auth)
self.assertEqual(response.status_code, 200)
def test_organization_field_with_errored_parent(self):
operator = self._get_operator()
self._create_org_user(user=operator)
token = self._obtain_auth_token()
auth = dict(HTTP_AUTHORIZATION=f'Bearer {token}')
with self.assertRaises(AttributeError) as error:
self.client.get(reverse('test_error_field_view'), **auth)
self.assertIn('Organization not found', str(error.exception))
def test_view_permission_with_operator(self):
user = User.objects.create_user(
username='operator', password='tester', email='operator@test.com'
)
operator_group = Group.objects.filter(name='Operator')
user.groups.set(operator_group)
org1 = self._get_org()
OrganizationUser.objects.create(user=user, organization=org1, is_admin=True)
self.client.force_login(user)
token = self._obtain_auth_token()
auth = dict(HTTP_AUTHORIZATION=f'Bearer {token}')
t1 = self._create_template(organization=org1)
with self.subTest('Get Template List'):
response = self.client.get(reverse('test_template_list'), **auth)
self.assertEqual(response.status_code, 403)
with self.subTest('Get Template Detail'):
response = self.client.get(
reverse('test_template_detail', args=[t1.pk]), **auth
)
self.assertEqual(response.status_code, 403)
def test_view_permission_with_administrator(self):
user = User.objects.create_user(
username='operator', password='tester', email='operator@test.com'
)
administrator_group = Group.objects.get(name='Administrator')
change_perm = Permission.objects.get(codename='change_template')
administrator_group.permissions.add(change_perm)
user.groups.add(administrator_group)
org1 = self._get_org()
OrganizationUser.objects.create(user=user, organization=org1, is_admin=True)
self.client.force_login(user)
token = self._obtain_auth_token()
auth = dict(HTTP_AUTHORIZATION=f'Bearer {token}')
t1 = self._create_template(organization=org1)
with self.subTest('Get Template List'):
response = self.client.get(reverse('test_template_list'), **auth)
self.assertEqual(response.status_code, 200)
with self.subTest('Get Template Detail'):
response = self.client.get(
reverse('test_template_detail', args=[t1.pk]), **auth
)
self.assertEqual(response.status_code, 200)
permissions = administrator_group.permissions.values_list('codename', flat=True)
self.assertFalse('view_template' in permissions)
self.assertTrue('change_template' in permissions)
def test_view_permission_with_operator_having_view_perm(self):
user = User.objects.create_user(
username='operator', password='tester', email='operator@test.com'
)
operator_group = Group.objects.get(name='Operator')
view_perm = Permission.objects.get(codename='view_template')
operator_group.permissions.add(view_perm)
user.groups.add(operator_group)
org1 = self._get_org()
OrganizationUser.objects.create(user=user, organization=org1, is_admin=True)
self.client.force_login(user)
token = self._obtain_auth_token()
auth = dict(HTTP_AUTHORIZATION=f'Bearer {token}')
t1 = self._create_template(organization=org1)
with self.subTest('Get Template List'):
response = self.client.get(reverse('test_template_list'), **auth)
self.assertEqual(response.status_code, 200)
with self.subTest('Get Template Detail'):
response = self.client.get(
reverse('test_template_detail', args=[t1.pk]), **auth
)
self.assertEqual(response.status_code, 200)
with self.subTest('Change Template Detail'):
data = {'name': 'change-template'}
response = self.client.patch(
reverse('test_template_detail', args=[t1.pk]), data, **auth
)
self.assertEqual(response.status_code, 403)
with self.subTest('Delete Template'):
response = self.client.delete(
reverse('test_template_detail', args=[t1.pk]), **auth
)
self.assertEqual(response.status_code, 403)
def test_view_django_model_permission_with_view_perm(self):
user = User.objects.create_user(
username='operator', password='tester', email='operator@test.com'
)
user_permissions = Permission.objects.filter(codename='view_template')
user.user_permissions.add(*user_permissions)
user.organizations_dict # force caching
org1 = self._get_org()
OrganizationUser.objects.create(user=user, organization=org1, is_admin=True)
self.client.force_login(user)
token = self._obtain_auth_token()
auth = dict(HTTP_AUTHORIZATION=f'Bearer {token}')
t1 = self._create_template(organization=org1)
with self.subTest('Get Template List'):
response = self.client.get(reverse('test_template_list'), **auth)
self.assertEqual(response.status_code, 200)
with self.subTest('Get Template Detail'):
response = self.client.get(
reverse('test_template_detail', args=[t1.pk]), **auth
)
self.assertEqual(response.status_code, 200)
def test_view_django_model_permission_with_change_perm(self):
user = User.objects.create_user(
username='operator', password='tester', email='operator@test.com'
)
user_permissions = Permission.objects.filter(codename='change_template')
user.user_permissions.add(*user_permissions)
user.organizations_dict # force caching
org1 = self._get_org()
OrganizationUser.objects.create(user=user, organization=org1, is_admin=True)
self.client.force_login(user)
token = self._obtain_auth_token()
auth = dict(HTTP_AUTHORIZATION=f'Bearer {token}')
t1 = self._create_template(organization=org1)
with self.subTest('Get Template List'):
response = self.client.get(reverse('test_template_list'), **auth)
self.assertEqual(response.status_code, 200)
with self.subTest('Get Template Detail'):
response = self.client.get(
reverse('test_template_detail', args=[t1.pk]), **auth
)
self.assertEqual(response.status_code, 200)