diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/unit/auth/fixtures/group_fixtures.py | 104 | ||||
-rw-r--r-- | tests/unit/auth/fixtures/resource_fixtures.py | 42 | ||||
-rw-r--r-- | tests/unit/auth/fixtures/role_fixtures.py | 42 | ||||
-rw-r--r-- | tests/unit/auth/test_resources.py | 25 |
4 files changed, 148 insertions, 65 deletions
diff --git a/tests/unit/auth/fixtures/group_fixtures.py b/tests/unit/auth/fixtures/group_fixtures.py index a106ef4..d17d5cb 100644 --- a/tests/unit/auth/fixtures/group_fixtures.py +++ b/tests/unit/auth/fixtures/group_fixtures.py @@ -4,11 +4,46 @@ import uuid import pytest from gn3.auth import db -from gn3.auth.authorisation.groups import Group +from gn3.auth.authorisation.groups import Group, GroupRole +from gn3.auth.authorisation.resources import Resource, ResourceCategory -TEST_GROUPS = ( - Group(uuid.UUID("9988c21d-f02f-4d45-8966-22c968ac2fbf"), "TheTestGroup"), - Group(uuid.UUID("e37d59d7-c05e-4d67-b479-81e627d8d634"), "TheTestGroup")) +TEST_GROUP_01 = Group(uuid.UUID("9988c21d-f02f-4d45-8966-22c968ac2fbf"), + "TheTestGroup") +TEST_GROUP_02 = Group(uuid.UUID("e37d59d7-c05e-4d67-b479-81e627d8d634"), + "AnotherTestGroup") +TEST_GROUPS = (TEST_GROUP_01, TEST_GROUP_02) + +TEST_RESOURCES_GROUP_01 = ( + Resource(TEST_GROUPS[0], uuid.UUID("26ad1668-29f5-439d-b905-84d551f85955"), + "ResourceG01R01", + ResourceCategory(uuid.UUID("48056f84-a2a6-41ac-8319-0e1e212cba2a"), + "genotype", "Genotype Dataset"), + True), + Resource(TEST_GROUPS[0], uuid.UUID("2130aec0-fefd-434d-92fd-9ca342348b2d"), + "ResourceG01R02", + ResourceCategory(uuid.UUID("548d684b-d4d1-46fb-a6d3-51a56b7da1b3"), + "phenotype", "Phenotype (Publish) Dataset"), + False), + Resource(TEST_GROUPS[0], uuid.UUID("e9a1184a-e8b4-49fb-b713-8d9cbeea5b83"), + "ResourceG01R03", + ResourceCategory(uuid.UUID("fad071a3-2fc8-40b8-992b-cdefe7dcac79"), + "mrna", "mRNA Dataset"), + False)) + +TEST_RESOURCES_GROUP_02 = ( + Resource(TEST_GROUPS[1], uuid.UUID("14496a1c-c234-49a2-978c-8859ea274054"), + "ResourceG02R01", + ResourceCategory(uuid.UUID("48056f84-a2a6-41ac-8319-0e1e212cba2a"), + "genotype", "Genotype Dataset"), + False), + Resource(TEST_GROUPS[1], uuid.UUID("04ad9e09-94ea-4390-8a02-11f92999806b"), + "ResourceG02R02", + ResourceCategory(uuid.UUID("fad071a3-2fc8-40b8-992b-cdefe7dcac79"), + "mrna", "mRNA Dataset"), + True)) + +TEST_RESOURCES = TEST_RESOURCES_GROUP_01 + TEST_RESOURCES_GROUP_02 +TEST_RESOURCES_PUBLIC = (TEST_RESOURCES_GROUP_01[0], TEST_RESOURCES_GROUP_02[1]) @pytest.fixture(scope="function") def test_group(conn_after_auth_migrations):# pylint: disable=[redefined-outer-name] @@ -23,22 +58,69 @@ def test_group(conn_after_auth_migrations):# pylint: disable=[redefined-outer-na yield (conn_after_auth_migrations, TEST_GROUPS[0]) @pytest.fixture(scope="function") -def test_users_in_group(test_group, test_users):# pylint: disable=[redefined-outer-name] +def test_users_in_group(test_group, test_users):# pylint: disable=[redefined-outer-name, unused-argument] """Link the users to the groups.""" - conn = test_group[0] - group = test_group[1] - users = test_users[1] + conn, all_users = test_users + users = tuple( + user for user in all_users if user.email not in ("unaff@iliated.user",)) query_params = tuple( - (str(group.group_id), str(user.user_id)) for user in users - if user.email not in ("unaff@iliated.user",)) + (str(TEST_GROUP_01.group_id), str(user.user_id)) for user in users) with db.cursor(conn) as cursor: cursor.executemany( "INSERT INTO group_users(group_id, user_id) VALUES (?, ?)", query_params) - yield (conn, group, users) + yield (conn, TEST_GROUP_01, users) with db.cursor(conn) as cursor: cursor.executemany( "DELETE FROM group_users WHERE group_id=? AND user_id=?", query_params) + +@pytest.fixture(scope="function") +def fixture_group_roles(test_group):# pylint: disable=[redefined-outer-name] + """Link roles to group""" + from .role_fixtures import RESOURCE_EDITOR_ROLE, RESOURCE_READER_ROLE# pylint: disable=[import-outside-toplevel] + group_roles = ( + GroupRole(uuid.UUID("9c25efb2-b477-4918-a95c-9914770cbf4d"), + TEST_GROUP_01, RESOURCE_EDITOR_ROLE), + GroupRole(uuid.UUID("82aed039-fe2f-408c-ab1e-81cd1ba96630"), + TEST_GROUP_02, RESOURCE_READER_ROLE)) + conn, groups = test_group + with db.cursor(conn) as cursor: + cursor.executemany( + "INSERT INTO group_roles VALUES (?, ?, ?)", + ((str(role.group_role_id), str(role.group.group_id), + str(role.role.role_id)) + for role in group_roles)) + + yield conn, groups, group_roles + +@pytest.fixture(scope="function") +def fixture_group_user_roles(test_users_in_group, fixture_group_roles, fixture_resources):#pylint: disable=[redefined-outer-name,unused-argument] + """Assign roles to users.""" + from .role_fixtures import RESOURCE_EDITOR_ROLE # pylint: disable=[import-outside-toplevel] + conn, _groups, _group_roles = fixture_group_roles + _conn, _group, group_users = test_users_in_group + users = tuple(user for user in group_users if user.email + not in ("unaff@iliated.user", "group@lead.er")) + users_roles_resources = ( + (user, RESOURCE_EDITOR_ROLE, TEST_RESOURCES_GROUP_01[1]) + for user in users if user.email == "group@mem.ber01") + with db.cursor(conn) as cursor: + cursor.executemany( + ("INSERT INTO group_user_roles_on_resources VALUES (?, ?, ?, ?)"), + ((str(TEST_GROUP_01.group_id), str(user.user_id), str(role.role_id), + str(resource.resource_id)) + for user, role, resource in users_roles_resources)) + + yield conn + + with db.cursor(conn) as cursor: + cursor.executemany( + ("DELETE FROM group_user_roles_on_resources WHERE " + "group_id=? AND user_id=? AND role_id=? AND " + "resource_id=?"), + ((str(TEST_GROUP_01.group_id), str(user.user_id), str(role.role_id), + str(resource.resource_id)) + for user, role, resource in users_roles_resources)) diff --git a/tests/unit/auth/fixtures/resource_fixtures.py b/tests/unit/auth/fixtures/resource_fixtures.py index 1d6c25b..9287936 100644 --- a/tests/unit/auth/fixtures/resource_fixtures.py +++ b/tests/unit/auth/fixtures/resource_fixtures.py @@ -1,42 +1,12 @@ """Fixtures and utilities for resource-related tests""" -import uuid - import pytest from gn3.auth import db -from gn3.auth.authorisation.resources import Resource, ResourceCategory - -from .group_fixtures import TEST_GROUPS -TEST_RESOURCES = ( - Resource(TEST_GROUPS[0], uuid.UUID("26ad1668-29f5-439d-b905-84d551f85955"), - "ResourceG01R01", - ResourceCategory(uuid.UUID("48056f84-a2a6-41ac-8319-0e1e212cba2a"), - "genotype", "Genotype Dataset"), - True), - Resource(TEST_GROUPS[0], uuid.UUID("2130aec0-fefd-434d-92fd-9ca342348b2d"), - "ResourceG01R02", - ResourceCategory(uuid.UUID("548d684b-d4d1-46fb-a6d3-51a56b7da1b3"), - "phenotype", "Phenotype (Publish) Dataset"), - False), - Resource(TEST_GROUPS[0], uuid.UUID("e9a1184a-e8b4-49fb-b713-8d9cbeea5b83"), - "ResourceG01R03", - ResourceCategory(uuid.UUID("fad071a3-2fc8-40b8-992b-cdefe7dcac79"), - "mrna", "mRNA Dataset"), - False), - Resource(TEST_GROUPS[1], uuid.UUID("14496a1c-c234-49a2-978c-8859ea274054"), - "ResourceG02R01", - ResourceCategory(uuid.UUID("48056f84-a2a6-41ac-8319-0e1e212cba2a"), - "genotype", "Genotype Dataset"), - False), - Resource(TEST_GROUPS[1], uuid.UUID("04ad9e09-94ea-4390-8a02-11f92999806b"), - "ResourceG02R02", - ResourceCategory(uuid.UUID("fad071a3-2fc8-40b8-992b-cdefe7dcac79"), - "mrna", "mRNA Dataset"), - True)) +from .group_fixtures import TEST_RESOURCES @pytest.fixture(scope="function") -def test_resources(test_group):# pylint: disable=[redefined-outer-name] +def fixture_resources(test_group):# pylint: disable=[redefined-outer-name] """fixture: setup test resources in the database""" conn, _group = test_group with db.cursor(conn) as cursor: @@ -46,11 +16,3 @@ def test_resources(test_group):# pylint: disable=[redefined-outer-name] str(res.resource_category.resource_category_id), 1 if res.public else 0) for res in TEST_RESOURCES)) return (conn, TEST_RESOURCES) - -@pytest.fixture(scope="function") -def fixture_user_resources(test_users_in_group, test_resources):# pylint: disable=[redefined-outer-name, unused-argument] - """fixture: link users to roles and resources""" - conn, _resources = test_resources - ## TODO: setup user roles - ## TODO: attach user roles to specific resources - return conn diff --git a/tests/unit/auth/fixtures/role_fixtures.py b/tests/unit/auth/fixtures/role_fixtures.py index f8b0f6f..befa6b0 100644 --- a/tests/unit/auth/fixtures/role_fixtures.py +++ b/tests/unit/auth/fixtures/role_fixtures.py @@ -1,9 +1,45 @@ """Fixtures and utilities for role-related tests""" +import uuid + import pytest from gn3.auth import db +from gn3.auth.authorisation.roles import Role +from gn3.auth.authorisation.privileges import Privilege + +RESOURCE_READER_ROLE = Role( + uuid.UUID("c3ca2507-ee24-4835-9b31-8c21e1c072d3"), "resource_reader", + (Privilege(uuid.UUID("7f261757-3211-4f28-a43f-a09b800b164d"), + "view-resource"),)) + +RESOURCE_EDITOR_ROLE = Role( + uuid.UUID("89819f84-6346-488b-8955-86062e9eedb7"), "resource_editor", ( + Privilege(uuid.UUID("7f261757-3211-4f28-a43f-a09b800b164d"), + "view-resource"), + Privilege(uuid.UUID("2f980855-959b-4339-b80e-25d1ec286e21"), + "edit-resource"))) + +TEST_ROLES = (RESOURCE_READER_ROLE, RESOURCE_EDITOR_ROLE) @pytest.fixture(scope="function") -def fixture_user_roles(test_users_in_group): - conn, *_others = test_users_in_group - raise Exception("NOT IMPLEMENTED ...") +def fixture_roles(conn_after_auth_migrations): + """Setup some example roles.""" + with db.cursor(conn_after_auth_migrations) as cursor: + cursor.executemany( + ("INSERT INTO roles VALUES (?, ?, ?)"), + ((str(role.role_id), role.role_name, 1) for role in TEST_ROLES)) + cursor.executemany( + ("INSERT INTO role_privileges VALUES (?, ?)"), + ((str(role.role_id), str(privilege.privilege_id)) + for role in TEST_ROLES for privilege in role.privileges)) + + yield conn_after_auth_migrations, TEST_ROLES + + with db.cursor(conn_after_auth_migrations) as cursor: + cursor.executemany( + ("DELETE FROM role_privileges WHERE role_id=? AND privilege_id=?"), + ((str(role.role_id), str(privilege.privilege_id)) + for role in TEST_ROLES for privilege in role.privileges)) + cursor.executemany( + ("DELETE FROM roles WHERE role_id=?"), + ((str(role.role_id),) for role in TEST_ROLES)) diff --git a/tests/unit/auth/test_resources.py b/tests/unit/auth/test_resources.py index 88edc77..824062d 100644 --- a/tests/unit/auth/test_resources.py +++ b/tests/unit/auth/test_resources.py @@ -42,34 +42,37 @@ def test_create_resource(mocker, test_app, test_users_in_group, user, expected): SORTKEY = lambda resource: resource.resource_id @pytest.mark.unit_test -def test_public_resources(test_resources): +def test_public_resources(fixture_resources): """ GIVEN: some resources in the database WHEN: public resources are requested THEN: only list the resources that are public """ - conn, _res = test_resources + conn, _res = fixture_resources assert sorted(public_resources(conn), key=SORTKEY) == sorted(tuple( res for res in conftest.TEST_RESOURCES if res.public), key=SORTKEY) -PUBLIC_RESOURCES = sorted(conftest.TEST_RESOURCES, key=SORTKEY) +PUBLIC_RESOURCES = sorted(conftest.TEST_RESOURCES_PUBLIC, key=SORTKEY) -@pytest.mark.skip # REMOVE THIS LINE!!! @pytest.mark.unit_test @pytest.mark.parametrize( "user,expected", tuple(zip( conftest.TEST_USERS, - (sorted(conftest.TEST_RESOURCES, key=SORTKEY), - sorted(res for res in conftest.TEST_RESOURCES - if str(res.resource_id) not in - ("2130aec0-fefd-434d-92fd-9ca342348b2d", - "14496a1c-c234-49a2-978c-8859ea274054")), + (sorted( + set(conftest.TEST_RESOURCES_GROUP_01).union( + conftest.TEST_RESOURCES_PUBLIC), + key=SORTKEY), + sorted( + set([conftest.TEST_RESOURCES_GROUP_01[1]]).union( + conftest.TEST_RESOURCES_PUBLIC), + key=SORTKEY), PUBLIC_RESOURCES, PUBLIC_RESOURCES)))) -def test_user_resources(fixture_user_resources, user, expected): +def test_user_resources(fixture_group_user_roles, user, expected): """ GIVEN: some resources in the database WHEN: a particular user's resources are requested THEN: list only the resources for which the user can access """ - assert user_resources(fixture_user_resources, user) == expected + conn = fixture_group_user_roles + assert sorted(user_resources(conn, user), key=SORTKEY) == expected |