about summary refs log tree commit diff
path: root/tests/unit/auth/test_roles.py
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2023-01-11 11:20:36 +0300
committerFrederick Muriuki Muriithi2023-01-11 11:20:36 +0300
commit53371fb668d1d18ba4696b3e4739f26edd677d8d (patch)
tree1bdc74e65ed1c49de6414949d0a02e5cb05f7d75 /tests/unit/auth/test_roles.py
parent1b28c4043b4e1199920bc848d752bcc154314842 (diff)
downloadgenenetwork3-53371fb668d1d18ba4696b3e4739f26edd677d8d.tar.gz
auth: assign default role. separate group creation from group admin
A newly registered user will have the ability to create a group.

Once a user is a member of a group, either by creating a new group, or being
added to a group, they should not be able to create any more groups, i.e. they
lose the 'create-group' (and/or equivalent) privileges.

This means that the group-administration privileges should be separated from
the group-creation privilege.

* gn3/auth/authorisation/roles.py: assign default roles to user on
  registration
* gn3/auth/authorisation/views.py: assign default roles to user on
  registration
* migrations/auth/20230111_01_Wd6IZ-remove-create-group-privilege-from-group-leader.py:
  separate group-creation role from group-administration role.
* tests/unit/auth/fixtures/user_fixtures.py: Add group-creation role to test
  user
* tests/unit/auth/test_roles.py: Add the group-creation role explicitly in the
  expected results for the test
Diffstat (limited to 'tests/unit/auth/test_roles.py')
-rw-r--r--tests/unit/auth/test_roles.py12
1 files changed, 8 insertions, 4 deletions
diff --git a/tests/unit/auth/test_roles.py b/tests/unit/auth/test_roles.py
index 3fc146a..21d8e86 100644
--- a/tests/unit/auth/test_roles.py
+++ b/tests/unit/auth/test_roles.py
@@ -69,9 +69,6 @@ def test_create_role(# pylint: disable=[too-many-arguments]
                      privilege_id=uuid.UUID('3ebfe79c-d159-4629-8b38-772cf4bc2261'),
                      privilege_name='view-group'),
                  Privilege(
-                     privilege_id=uuid.UUID('4842e2aa-38b9-4349-805e-0a99a9cf8bff'),
-                     privilege_name='create-group'),
-                 Privilege(
                      privilege_id=uuid.UUID('5103cc68-96f8-4ebb-83a4-a31692402c9b'),
                      privilege_name='assign-role'),
                  Privilege(
@@ -97,7 +94,14 @@ def test_create_role(# pylint: disable=[too-many-arguments]
                      privilege_name='transfer-group-leadership'),
              Privilege(
                  privilege_id=uuid.UUID('f1bd3f42-567e-4965-9643-6d1a52ddee64'),
-                 privilege_name='remove-group-member'))),),
+                 privilege_name='remove-group-member'))),
+           Role(
+               role_id=uuid.UUID("ade7e6b0-ba9c-4b51-87d0-2af7fe39a347"),
+               role_name="group-creator",
+               privileges=(
+                   Privilege(
+                       privilege_id=uuid.UUID('4842e2aa-38b9-4349-805e-0a99a9cf8bff'),
+                       privilege_name='create-group'),))),
           tuple(), tuple(), tuple()))))
 def test_user_roles(fxtr_group_user_roles, user, expected):
     """