diff options
| author | Frederick Muriuki Muriithi | 2023-01-11 11:20:36 +0300 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2023-01-11 11:20:36 +0300 |
| commit | 53371fb668d1d18ba4696b3e4739f26edd677d8d (patch) | |
| tree | 1bdc74e65ed1c49de6414949d0a02e5cb05f7d75 /tests | |
| parent | 1b28c4043b4e1199920bc848d752bcc154314842 (diff) | |
| download | genenetwork3-53371fb668d1d18ba4696b3e4739f26edd677d8d.tar.gz | |
auth: assign default role. separate group creation from group admin
A newly registered user will have the ability to create a group.
Once a user is a member of a group, either by creating a new group, or being
added to a group, they should not be able to create any more groups, i.e. they
lose the 'create-group' (and/or equivalent) privileges.
This means that the group-administration privileges should be separated from
the group-creation privilege.
* gn3/auth/authorisation/roles.py: assign default roles to user on
registration
* gn3/auth/authorisation/views.py: assign default roles to user on
registration
* migrations/auth/20230111_01_Wd6IZ-remove-create-group-privilege-from-group-leader.py:
separate group-creation role from group-administration role.
* tests/unit/auth/fixtures/user_fixtures.py: Add group-creation role to test
user
* tests/unit/auth/test_roles.py: Add the group-creation role explicitly in the
expected results for the test
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/unit/auth/fixtures/user_fixtures.py | 4 | ||||
| -rw-r--r-- | tests/unit/auth/test_roles.py | 12 |
2 files changed, 11 insertions, 5 deletions
diff --git a/tests/unit/auth/fixtures/user_fixtures.py b/tests/unit/auth/fixtures/user_fixtures.py index 89b7e62..4e42abe 100644 --- a/tests/unit/auth/fixtures/user_fixtures.py +++ b/tests/unit/auth/fixtures/user_fixtures.py @@ -24,7 +24,9 @@ def fxtr_users(conn_after_auth_migrations):# pylint: disable=[redefined-outer-na query_user_roles = "INSERT INTO user_roles(user_id, role_id) VALUES (?, ?)" test_user_roles = ( ("ecb52977-3004-469e-9428-2a1856725c7f", - "a0e67630-d502-4b9f-b23f-6805d0f30e30"),) + "a0e67630-d502-4b9f-b23f-6805d0f30e30"), + ("ecb52977-3004-469e-9428-2a1856725c7f", + "ade7e6b0-ba9c-4b51-87d0-2af7fe39a347")) with db.cursor(conn_after_auth_migrations) as cursor: cursor.executemany(query, ( (str(user.user_id), user.email, user.name) for user in TEST_USERS)) diff --git a/tests/unit/auth/test_roles.py b/tests/unit/auth/test_roles.py index 3fc146a..21d8e86 100644 --- a/tests/unit/auth/test_roles.py +++ b/tests/unit/auth/test_roles.py @@ -69,9 +69,6 @@ def test_create_role(# pylint: disable=[too-many-arguments] privilege_id=uuid.UUID('3ebfe79c-d159-4629-8b38-772cf4bc2261'), privilege_name='view-group'), Privilege( - privilege_id=uuid.UUID('4842e2aa-38b9-4349-805e-0a99a9cf8bff'), - privilege_name='create-group'), - Privilege( privilege_id=uuid.UUID('5103cc68-96f8-4ebb-83a4-a31692402c9b'), privilege_name='assign-role'), Privilege( @@ -97,7 +94,14 @@ def test_create_role(# pylint: disable=[too-many-arguments] privilege_name='transfer-group-leadership'), Privilege( privilege_id=uuid.UUID('f1bd3f42-567e-4965-9643-6d1a52ddee64'), - privilege_name='remove-group-member'))),), + privilege_name='remove-group-member'))), + Role( + role_id=uuid.UUID("ade7e6b0-ba9c-4b51-87d0-2af7fe39a347"), + role_name="group-creator", + privileges=( + Privilege( + privilege_id=uuid.UUID('4842e2aa-38b9-4349-805e-0a99a9cf8bff'), + privilege_name='create-group'),))), tuple(), tuple(), tuple())))) def test_user_roles(fxtr_group_user_roles, user, expected): """ |