aboutsummaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2023-04-25 09:42:36 +0300
committerFrederick Muriuki Muriithi2023-04-25 09:42:36 +0300
commit8471ed1187a8abc5e28207776c5f49a59ba24b92 (patch)
treee5df42404938c078313b5b039ab0269b437bb49f /tests
parent3e2198e39bc229553d118f367fbd2f9932a9a76b (diff)
downloadgenenetwork3-8471ed1187a8abc5e28207776c5f49a59ba24b92.tar.gz
auth: Roles: Check for editability
Some roles should not be user-editable, and as such, we need to check before allowing any edits on such roles. This commit makes that possible.
Diffstat (limited to 'tests')
-rw-r--r--tests/unit/auth/fixtures/role_fixtures.py5
-rw-r--r--tests/unit/auth/test_groups.py2
-rw-r--r--tests/unit/auth/test_roles.py6
3 files changed, 7 insertions, 6 deletions
diff --git a/tests/unit/auth/fixtures/role_fixtures.py b/tests/unit/auth/fixtures/role_fixtures.py
index cde3d96..ee86aa2 100644
--- a/tests/unit/auth/fixtures/role_fixtures.py
+++ b/tests/unit/auth/fixtures/role_fixtures.py
@@ -8,12 +8,13 @@ from gn3.auth.authorisation.roles import Role
from gn3.auth.authorisation.privileges import Privilege
RESOURCE_READER_ROLE = Role(
- uuid.UUID("c3ca2507-ee24-4835-9b31-8c21e1c072d3"), "resource_reader",
+ uuid.UUID("c3ca2507-ee24-4835-9b31-8c21e1c072d3"), "resource_reader", True,
(Privilege("group:resource:view-resource",
"view a resource and use it in computations"),))
RESOURCE_EDITOR_ROLE = Role(
- uuid.UUID("89819f84-6346-488b-8955-86062e9eedb7"), "resource_editor", (
+ uuid.UUID("89819f84-6346-488b-8955-86062e9eedb7"), "resource_editor", True,
+ (
Privilege("group:resource:view-resource",
"view a resource and use it in computations"),
Privilege("group:resource:edit-resource", "edit/update a resource")))
diff --git a/tests/unit/auth/test_groups.py b/tests/unit/auth/test_groups.py
index 60b67a7..4824e14 100644
--- a/tests/unit/auth/test_groups.py
+++ b/tests/unit/auth/test_groups.py
@@ -80,7 +80,7 @@ create_role_failure = {
UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
GROUP,
Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
- "ResourceEditor", PRIVILEGES)),))))
+ "ResourceEditor", True, PRIVILEGES)),))))
def test_create_group_role(mocker, fxtr_users_in_group, user, expected):
"""
GIVEN: an authenticated user
diff --git a/tests/unit/auth/test_roles.py b/tests/unit/auth/test_roles.py
index 0a3ba19..02fd9f7 100644
--- a/tests/unit/auth/test_roles.py
+++ b/tests/unit/auth/test_roles.py
@@ -27,7 +27,7 @@ PRIVILEGES = (
@pytest.mark.parametrize(
"user,expected", tuple(zip(conftest.TEST_USERS[0:1], (
Role(uuid.UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_role",
- PRIVILEGES),))))
+ True, PRIVILEGES),))))
def test_create_role(# pylint: disable=[too-many-arguments]
fxtr_app, auth_testdb_path, mocker, fxtr_users, user, expected):# pylint: disable=[unused-argument]
"""
@@ -68,7 +68,7 @@ def test_create_role_raises_exception_for_unauthorised_users(# pylint: disable=[
(zip(TEST_USERS,
((Role(
role_id=uuid.UUID('a0e67630-d502-4b9f-b23f-6805d0f30e30'),
- role_name='group-leader',
+ role_name='group-leader', user_editable=False,
privileges=(
Privilege(privilege_id='group:resource:create-resource',
privilege_description='Create a resource object'),
@@ -108,7 +108,7 @@ def test_create_role_raises_exception_for_unauthorised_users(# pylint: disable=[
privilege_description='List users in the system'))),
Role(
role_id=uuid.UUID("ade7e6b0-ba9c-4b51-87d0-2af7fe39a347"),
- role_name="group-creator",
+ role_name="group-creator", user_editable=False,
privileges=(
Privilege(privilege_id='system:group:create-group',
privilege_description = "Create a group"),))),