From 8e0ed6fdb03d1a2c284a68a387105623c8947abd Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Thu, 17 Nov 2022 14:03:19 +0300 Subject: auth: Finish implementation of `create_group_role` * gn3/auth/authorisation/groups.py: Add `GroupRole` type. Fix typing annotations. Fix bugs. * tests/unit/auth/conftest.py: Fix bugs. * tests/unit/auth/test_groups.py: Fix test to run. --- gn3/auth/authorisation/groups.py | 15 +++++++++++---- tests/unit/auth/conftest.py | 8 ++++---- tests/unit/auth/test_groups.py | 38 +++++++++++++++++++++++++++----------- 3 files changed, 42 insertions(+), 19 deletions(-) diff --git a/gn3/auth/authorisation/groups.py b/gn3/auth/authorisation/groups.py index 210c8de..6d7b885 100644 --- a/gn3/auth/authorisation/groups.py +++ b/gn3/auth/authorisation/groups.py @@ -12,6 +12,11 @@ class Group(NamedTuple): group_id: UUID group_name: str +class GroupRole(NamedTuple): + """Class representing a role tied/belonging to a group.""" + group_role_id: UUID + role: Role + @authorised_p(("create-group",), error_message="Failed to create group.") def create_group(conn: db.DbConnection, group_name: str) -> Group: """Create a group""" @@ -30,12 +35,14 @@ def create_group(conn: db.DbConnection, group_name: str) -> Group: @authorised_p(("create-role",), error_message="Could not create the group role") def create_group_role( conn: db.DbConnection, group: Group, role_name: str, - privileges: Iterable[Privilege]) -> Role: + privileges: Iterable[Privilege]) -> GroupRole: """Create a role attached to a group.""" with db.cursor(conn) as cursor: + group_role_id = uuid4() role = create_role(cursor, role_name, privileges) cursor.execute( - "INSERT INTO group_roles(group_id, role_id) VALUES(?, ?)", - (str(group.group_id), role.role_id)) + ("INSERT INTO group_roles(group_role_id, group_id, role_id) " + "VALUES(?, ?, ?)"), + (str(group_role_id), str(group.group_id), str(role.role_id))) - return role + return GroupRole(group_role_id, role) diff --git a/tests/unit/auth/conftest.py b/tests/unit/auth/conftest.py index 4f4f1f8..37d78a3 100644 --- a/tests/unit/auth/conftest.py +++ b/tests/unit/auth/conftest.py @@ -101,22 +101,22 @@ def test_users(conn_after_auth_migrations):# pylint: disable=[redefined-outer-na ("9a0c7ce5-2f40-4e78-979e-bf3527a59579",))) @pytest.fixture(scope="function") -def test_users_in_group(test_group, test_users):#pytest: disable=[redefined-outer-name] +def test_users_in_group(test_group, test_users):# pylint: disable=[redefined-outer-name] """Link the users to the groups.""" conn = test_group[0] group = test_group[1] users = test_users[1] - query_params = ( + query_params = tuple( (str(group.group_id), str(user.user_id)) for user in users if user.email not in ("unaff@iliated.user",)) with db.cursor(conn) as cursor: - cursor.execute( + cursor.executemany( "INSERT INTO group_users(group_id, user_id) VALUES (?, ?)", query_params) yield (conn, group, users) with db.cursor(conn) as cursor: - cursor.execute( + cursor.executemany( "DELETE FROM group_users WHERE group_id=? AND user_id=?", query_params) diff --git a/tests/unit/auth/test_groups.py b/tests/unit/auth/test_groups.py index 0cd370e..9471cac 100644 --- a/tests/unit/auth/test_groups.py +++ b/tests/unit/auth/test_groups.py @@ -4,7 +4,10 @@ from uuid import UUID import pytest from gn3.auth import db -from gn3.auth.authorisation.groups import Group, create_group, create_group_role +from gn3.auth.authorisation.roles import Role +from gn3.auth.authorisation.privileges import Privilege +from gn3.auth.authorisation.groups import ( + Group, GroupRole, create_group, create_group_role) create_group_failure = { "status": "error", @@ -13,6 +16,13 @@ create_group_failure = { uuid_fn = lambda : UUID("d32611e3-07fc-4564-b56c-786c6db6de2b") +GROUP = Group(UUID("9988c21d-f02f-4d45-8966-22c968ac2fbf"), "TheTestGroup") +PRIVILEGES = ( + Privilege( + UUID("7f261757-3211-4f28-a43f-a09b800b164d"), "view-resource"), + Privilege( + UUID("2f980855-959b-4339-b80e-25d1ec286e21"), "edit-resource")) + @pytest.mark.unit_test @pytest.mark.parametrize( "user_id,expected", ( @@ -36,15 +46,22 @@ def test_create_group(# pylint: disable=[too-many-arguments] with db.connection(auth_testdb_path) as conn: assert create_group(conn, "a_test_group") == expected +create_role_failure = { + "status": "error", + "message": "Unauthorised: Could not create the group role" +} + @pytest.mark.unit_test @pytest.mark.parametrize( "user_id,expected", ( - ("ecb52977-3004-469e-9428-2a1856725c7f", Group( - UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group")), - ("21351b66-8aad-475b-84ac-53ce528451e3", create_group_failure), - ("ae9c6245-0966-41a5-9a5e-20885a96bea7", create_group_failure), - ("9a0c7ce5-2f40-4e78-979e-bf3527a59579", create_group_failure), - ("e614247d-84d2-491d-a048-f80b578216cb", create_group_failure))) + ("ecb52977-3004-469e-9428-2a1856725c7f", GroupRole( + UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), + Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), + "ResourceEditor", PRIVILEGES))), + ("21351b66-8aad-475b-84ac-53ce528451e3", create_role_failure), + ("ae9c6245-0966-41a5-9a5e-20885a96bea7", create_role_failure), + ("9a0c7ce5-2f40-4e78-979e-bf3527a59579", create_role_failure), + ("e614247d-84d2-491d-a048-f80b578216cb", create_role_failure))) def test_create_group_role(mocker, test_users_in_group, test_app, user_id, expected): """ GIVEN: an authenticated user @@ -54,9 +71,8 @@ def test_create_group_role(mocker, test_users_in_group, test_app, user_id, expec """ mocker.patch("gn3.auth.authorisation.groups.uuid4", uuid_fn) mocker.patch("gn3.auth.authorisation.roles.uuid4", uuid_fn) - conn, group, users = test_users_in_group + conn, _group, _users = test_users_in_group with test_app.app_context() as flask_context: flask_context.g.user_id = UUID(user_id) - assert create_group_role(conn, GROUP, "a_test_role", PRIVILEGES) - - assert False, "NOT IMPLEMENTED" + assert create_group_role( + conn, GROUP, "ResourceEditor", PRIVILEGES) == expected -- cgit v1.2.3