diff options
author | Frederick Muriuki Muriithi | 2022-11-21 02:44:38 +0300 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2022-11-21 02:44:38 +0300 |
commit | a93e8cc48815bd7e9b64c634ad808ddbfa85cd4b (patch) | |
tree | a81d56b751dc5d39d72e78de98dd55d16487ccf2 /tests/unit/auth/test_groups.py | |
parent | 8e0ed6fdb03d1a2c284a68a387105623c8947abd (diff) | |
download | genenetwork3-a93e8cc48815bd7e9b64c634ad808ddbfa85cd4b.tar.gz |
auth: Prevent group leader from being a member of multiple groups
* gn3/auth/authorisation/groups.py: Assign the group leader at group creation
time.
* tests/unit/auth/test_groups.py: Ensure the group leader is only ever a
member of a single group.
Diffstat (limited to 'tests/unit/auth/test_groups.py')
-rw-r--r-- | tests/unit/auth/test_groups.py | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/tests/unit/auth/test_groups.py b/tests/unit/auth/test_groups.py index 9471cac..225bb59 100644 --- a/tests/unit/auth/test_groups.py +++ b/tests/unit/auth/test_groups.py @@ -4,10 +4,11 @@ from uuid import UUID import pytest from gn3.auth import db +from gn3.auth.authentication.users import User from gn3.auth.authorisation.roles import Role from gn3.auth.authorisation.privileges import Privilege from gn3.auth.authorisation.groups import ( - Group, GroupRole, create_group, create_group_role) + Group, GroupRole, create_group, MembershipError, create_group_role) create_group_failure = { "status": "error", @@ -44,7 +45,8 @@ def test_create_group(# pylint: disable=[too-many-arguments] with test_app.app_context() as flask_context: flask_context.g.user_id = UUID(user_id) with db.connection(auth_testdb_path) as conn: - assert create_group(conn, "a_test_group") == expected + assert create_group(conn, "a_test_group", User( + UUID(user_id), "some@email.address", "a_test_user")) == expected create_role_failure = { "status": "error", @@ -76,3 +78,25 @@ def test_create_group_role(mocker, test_users_in_group, test_app, user_id, expec flask_context.g.user_id = UUID(user_id) assert create_group_role( conn, GROUP, "ResourceEditor", PRIVILEGES) == expected + +@pytest.mark.unit_test +def test_create_multiple_groups(mocker, test_app, test_users): + """ + GIVEN: An authenticated user with appropriate authorisation + WHEN: The user attempts to create a new group, while being a member of an + existing group + THEN: The system should prevent that, and respond with an appropriate error + message + """ + mocker.patch("gn3.auth.authorisation.groups.uuid4", uuid_fn) + user_id = UUID("ecb52977-3004-469e-9428-2a1856725c7f") + conn, _test_users = test_users + with test_app.app_context() as flask_context: + flask_context.g.user_id = user_id + user = User(user_id, "some@email.address", "a_test_user") + # First time, successfully creates the group + assert create_group(conn, "a_test_group", user) == Group( + UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group") + # subsequent attempts should fail + with pytest.raises(MembershipError): + create_group(conn, "another_test_group", user) |