tests: Add tests for privileges

* migrations/auth/20221116_01_nKUmX-add-privileges-to-group-leader-role.py: new migration to fix data errors. * tests/unit/auth/test_privileges.py: test privileges
author: Frederick Muriuki Muriithi 2022-11-16 13:02:04 +0300
committer: Frederick Muriuki Muriithi 2022-11-16 13:03:56 +0300
commit: 366ad0315ed90ac4496714de9e84c04530fec278 (patch)
tree: 5b22beb4b664426b7ec0b277ab81111f38c2a023
parent: 25da0232ac52509d6761e36ad80ed53b8dbbb64e (diff)
download: genenetwork3-366ad0315ed90ac4496714de9e84c04530fec278.tar.gz
2 files changed, 90 insertions, 0 deletions
diff --git a/migrations/auth/20221116_01_nKUmX-add-privileges-to-group-leader-role.py b/migrations/auth/20221116_01_nKUmX-add-privileges-to-group-leader-role.py
new file mode 100644
index 0000000..2e4ae28
--- /dev/null
+++ b/migrations/auth/20221116_01_nKUmX-add-privileges-to-group-leader-role.py
@@ -0,0 +1,35 @@
+"""
+Add privileges to 'group-leader' role.
+"""
+
+from yoyo import step
+
+__depends__ = {'20221114_05_hQun6-create-user-roles-table'}
+
+steps = [
+    step(
+        """
+        INSERT INTO role_privileges(role_id, privilege_id)
+        VALUES
+            -- role management
+            ('a0e67630-d502-4b9f-b23f-6805d0f30e30',
+             '221660b1-df05-4be1-b639-f010269dbda9'),
+            ('a0e67630-d502-4b9f-b23f-6805d0f30e30',
+             '7bcca363-cba9-4169-9e31-26bdc6179b28'),
+            ('a0e67630-d502-4b9f-b23f-6805d0f30e30',
+             '5103cc68-96f8-4ebb-83a4-a31692402c9b'),
+            ('a0e67630-d502-4b9f-b23f-6805d0f30e30',
+             '1c59eff5-9336-4ed2-a166-8f70d4cb012e')
+        """,
+        """
+        DELETE FROM role_privileges
+        WHERE
+            role_id='a0e67630-d502-4b9f-b23f-6805d0f30e30'
+        AND privilege_id IN (
+            '221660b1-df05-4be1-b639-f010269dbda9',
+            '7bcca363-cba9-4169-9e31-26bdc6179b28',
+            '5103cc68-96f8-4ebb-83a4-a31692402c9b',
+            '1c59eff5-9336-4ed2-a166-8f70d4cb012e'
+        )
+        """)
+]
diff --git a/tests/unit/auth/test_privileges.py b/tests/unit/auth/test_privileges.py
new file mode 100644
index 0000000..13bcd7f
--- /dev/null
+++ b/tests/unit/auth/test_privileges.py
@@ -0,0 +1,55 @@
+"""Test the privileges module"""
+from uuid import UUID
+
+import pytest
+
+from gn3.auth import db
+from gn3.auth.authorisation.privileges import Privilege, user_privileges
+
+SORT_KEY = lambda x: x.privilege_name
+
+PRIVILEGES = sorted(
+    (Privilege(UUID("4842e2aa-38b9-4349-805e-0a99a9cf8bff"), "create-group"),
+     Privilege(UUID("3ebfe79c-d159-4629-8b38-772cf4bc2261"), "view-group"),
+     Privilege(UUID("52576370-b3c7-4e6a-9f7e-90e9dbe24d8f"), "edit-group"),
+     Privilege(UUID("13ec2a94-4f1a-442d-aad2-936ad6dd5c57"), "delete-group"),
+     Privilege(UUID("ae4add8c-789a-4d11-a6e9-a306470d83d9"),
+               "add-group-member"),
+     Privilege(UUID("f1bd3f42-567e-4965-9643-6d1a52ddee64"),
+               "remove-group-member"),
+     Privilege(UUID("d4afe2b3-4ca0-4edd-b37d-966535b5e5bd"),
+               "transfer-group-leadership"),
+
+     Privilege(UUID("aa25b32a-bff2-418d-b0a2-e26b4a8f089b"), "create-resource"),
+     Privilege(UUID("7f261757-3211-4f28-a43f-a09b800b164d"), "view-resource"),
+     Privilege(UUID("2f980855-959b-4339-b80e-25d1ec286e21"), "edit-resource"),
+     Privilege(UUID("d2a070fd-e031-42fb-ba41-d60cf19e5d6d"), "delete-resource"),
+
+     Privilege(UUID("221660b1-df05-4be1-b639-f010269dbda9"), "create-role"),
+     Privilege(UUID("7bcca363-cba9-4169-9e31-26bdc6179b28"), "edit-role"),
+     Privilege(UUID("5103cc68-96f8-4ebb-83a4-a31692402c9b"), "assign-role"),
+     Privilege(UUID("1c59eff5-9336-4ed2-a166-8f70d4cb012e"), "delete-role")),
+    key=SORT_KEY)
+
+@pytest.mark.unit_test
+@pytest.mark.parametrize(
+    "user_id,expected", (
+        ("ecb52977-3004-469e-9428-2a1856725c7f", PRIVILEGES),
+        ("21351b66-8aad-475b-84ac-53ce528451e3", []),
+        ("ae9c6245-0966-41a5-9a5e-20885a96bea7", []),
+        ("9a0c7ce5-2f40-4e78-979e-bf3527a59579", []),
+        ("e614247d-84d2-491d-a048-f80b578216cb", [])))
+def test_user_privileges(auth_testdb_path, test_users, user_id, expected):
+    """
+    GIVEN: A user_id
+    WHEN: An attempt is made to fetch the user's privileges
+    THEN: Ensure only
+    """
+    with db.connection(auth_testdb_path) as conn:
+        privs = sorted(user_privileges(conn, UUID(user_id)), key=SORT_KEY)
+        print(f"PRIVILEGES: {privs}")
+        # assert False, "FAILURE!!!"
+        # assert privs == expected
+
+    print(f"EXPECTED: {expected}")
+    assert privs == expected
author	Frederick Muriuki Muriithi	2022-11-16 13:02:04 +0300
committer	Frederick Muriuki Muriithi	2022-11-16 13:03:56 +0300
commit	366ad0315ed90ac4496714de9e84c04530fec278 (patch)
tree	5b22beb4b664426b7ec0b277ab81111f38c2a023
parent	25da0232ac52509d6761e36ad80ed53b8dbbb64e (diff)
download	genenetwork3-366ad0315ed90ac4496714de9e84c04530fec278.tar.gz