aboutsummaryrefslogtreecommitdiff
path: root/tests/unit/auth/test_groups.py
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2022-11-21 02:44:38 +0300
committerFrederick Muriuki Muriithi2022-11-21 02:44:38 +0300
commita93e8cc48815bd7e9b64c634ad808ddbfa85cd4b (patch)
treea81d56b751dc5d39d72e78de98dd55d16487ccf2 /tests/unit/auth/test_groups.py
parent8e0ed6fdb03d1a2c284a68a387105623c8947abd (diff)
downloadgenenetwork3-a93e8cc48815bd7e9b64c634ad808ddbfa85cd4b.tar.gz
auth: Prevent group leader from being a member of multiple groups
* gn3/auth/authorisation/groups.py: Assign the group leader at group creation time. * tests/unit/auth/test_groups.py: Ensure the group leader is only ever a member of a single group.
Diffstat (limited to 'tests/unit/auth/test_groups.py')
-rw-r--r--tests/unit/auth/test_groups.py28
1 files changed, 26 insertions, 2 deletions
diff --git a/tests/unit/auth/test_groups.py b/tests/unit/auth/test_groups.py
index 9471cac..225bb59 100644
--- a/tests/unit/auth/test_groups.py
+++ b/tests/unit/auth/test_groups.py
@@ -4,10 +4,11 @@ from uuid import UUID
import pytest
from gn3.auth import db
+from gn3.auth.authentication.users import User
from gn3.auth.authorisation.roles import Role
from gn3.auth.authorisation.privileges import Privilege
from gn3.auth.authorisation.groups import (
- Group, GroupRole, create_group, create_group_role)
+ Group, GroupRole, create_group, MembershipError, create_group_role)
create_group_failure = {
"status": "error",
@@ -44,7 +45,8 @@ def test_create_group(# pylint: disable=[too-many-arguments]
with test_app.app_context() as flask_context:
flask_context.g.user_id = UUID(user_id)
with db.connection(auth_testdb_path) as conn:
- assert create_group(conn, "a_test_group") == expected
+ assert create_group(conn, "a_test_group", User(
+ UUID(user_id), "some@email.address", "a_test_user")) == expected
create_role_failure = {
"status": "error",
@@ -76,3 +78,25 @@ def test_create_group_role(mocker, test_users_in_group, test_app, user_id, expec
flask_context.g.user_id = UUID(user_id)
assert create_group_role(
conn, GROUP, "ResourceEditor", PRIVILEGES) == expected
+
+@pytest.mark.unit_test
+def test_create_multiple_groups(mocker, test_app, test_users):
+ """
+ GIVEN: An authenticated user with appropriate authorisation
+ WHEN: The user attempts to create a new group, while being a member of an
+ existing group
+ THEN: The system should prevent that, and respond with an appropriate error
+ message
+ """
+ mocker.patch("gn3.auth.authorisation.groups.uuid4", uuid_fn)
+ user_id = UUID("ecb52977-3004-469e-9428-2a1856725c7f")
+ conn, _test_users = test_users
+ with test_app.app_context() as flask_context:
+ flask_context.g.user_id = user_id
+ user = User(user_id, "some@email.address", "a_test_user")
+ # First time, successfully creates the group
+ assert create_group(conn, "a_test_group", user) == Group(
+ UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group")
+ # subsequent attempts should fail
+ with pytest.raises(MembershipError):
+ create_group(conn, "another_test_group", user)