diff options
| author | Frederick Muriuki Muriithi | 2023-01-23 14:30:20 +0300 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2023-01-23 14:30:20 +0300 |
| commit | b9139c2356f75103bc5fd17f074f4ee0e74b64aa (patch) | |
| tree | 06803f97ccea91ce5137d42f42e1abe33c38365c /tests/unit/auth/test_roles.py | |
| parent | e92ceacccb4c8d32f28ed7d2530ddc6912a730d4 (diff) | |
| download | genenetwork3-b9139c2356f75103bc5fd17f074f4ee0e74b64aa.tar.gz | |
auth: create group: Fix group creation.
* gn3/auth/authorisation/checks.py: Enable passing user to authorisation
checking function. Raise error on authorisation failure for consistent error
handling.
* gn3/auth/authorisation/groups.py: Add user to group, updating the privileges
as appropriate.
* gn3/auth/authorisation/resources.py: Fix resources querying
* gn3/auth/authorisation/roles.py: Assign/revoke roles by name
* gn3/auth/authorisation/views.py: Create group
* migrations/auth/20221108_01_CoxYh-create-the-groups-table.py: Add
group_metadata field
* tests/unit/auth/fixtures/group_fixtures.py: fix tests
* tests/unit/auth/test_groups.py: fix tests
* tests/unit/auth/test_resources.py: fix tests
* tests/unit/auth/test_roles.py: fix tests
Diffstat (limited to 'tests/unit/auth/test_roles.py')
| -rw-r--r-- | tests/unit/auth/test_roles.py | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/tests/unit/auth/test_roles.py b/tests/unit/auth/test_roles.py index 7252bfe..78ff8a6 100644 --- a/tests/unit/auth/test_roles.py +++ b/tests/unit/auth/test_roles.py @@ -5,6 +5,7 @@ import pytest from gn3.auth import db from gn3.auth.authorisation.privileges import Privilege +from gn3.auth.authorisation.errors import AuthorisationError from gn3.auth.authorisation.roles import Role, user_roles, create_role from tests.unit.auth import conftest @@ -24,11 +25,9 @@ PRIVILEGES = ( @pytest.mark.unit_test @pytest.mark.parametrize( - "user,expected", tuple(zip(conftest.TEST_USERS, ( - Role( - uuid.UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_role", - PRIVILEGES), create_role_failure, create_role_failure, - create_role_failure, create_role_failure)))) + "user,expected", tuple(zip(conftest.TEST_USERS[0:1], ( + Role(uuid.UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_role", + PRIVILEGES),)))) def test_create_role(# pylint: disable=[too-many-arguments] fxtr_app, auth_testdb_path, mocker, fxtr_users, user, expected):# pylint: disable=[unused-argument] """ @@ -46,6 +45,25 @@ def test_create_role(# pylint: disable=[too-many-arguments] @pytest.mark.unit_test @pytest.mark.parametrize( + "user,expected", tuple(zip(conftest.TEST_USERS[1:], ( + create_role_failure, create_role_failure, create_role_failure)))) +def test_create_role_raises_exception_for_unauthorised_users(# pylint: disable=[too-many-arguments] + fxtr_app, auth_testdb_path, mocker, fxtr_users, user, expected):# pylint: disable=[unused-argument] + """ + GIVEN: an authenticated user + WHEN: the user attempts to create a role + THEN: verify they are only able to create the role if they have the + appropriate privileges + """ + mocker.patch("gn3.auth.authorisation.roles.uuid4", uuid_fn) + with fxtr_app.app_context() as flask_context: + flask_context.g.user = user + with db.connection(auth_testdb_path) as conn, db.cursor(conn) as cursor: + with pytest.raises(AuthorisationError): + create_role(cursor, "a_test_role", PRIVILEGES) + +@pytest.mark.unit_test +@pytest.mark.parametrize( "user,expected", (zip(TEST_USERS, ((Role( |