From 53371fb668d1d18ba4696b3e4739f26edd677d8d Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Wed, 11 Jan 2023 11:20:36 +0300 Subject: auth: assign default role. separate group creation from group admin A newly registered user will have the ability to create a group. Once a user is a member of a group, either by creating a new group, or being added to a group, they should not be able to create any more groups, i.e. they lose the 'create-group' (and/or equivalent) privileges. This means that the group-administration privileges should be separated from the group-creation privilege. * gn3/auth/authorisation/roles.py: assign default roles to user on registration * gn3/auth/authorisation/views.py: assign default roles to user on registration * migrations/auth/20230111_01_Wd6IZ-remove-create-group-privilege-from-group-leader.py: separate group-creation role from group-administration role. * tests/unit/auth/fixtures/user_fixtures.py: Add group-creation role to test user * tests/unit/auth/test_roles.py: Add the group-creation role explicitly in the expected results for the test --- tests/unit/auth/fixtures/user_fixtures.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'tests/unit/auth/fixtures') diff --git a/tests/unit/auth/fixtures/user_fixtures.py b/tests/unit/auth/fixtures/user_fixtures.py index 89b7e62..4e42abe 100644 --- a/tests/unit/auth/fixtures/user_fixtures.py +++ b/tests/unit/auth/fixtures/user_fixtures.py @@ -24,7 +24,9 @@ def fxtr_users(conn_after_auth_migrations):# pylint: disable=[redefined-outer-na query_user_roles = "INSERT INTO user_roles(user_id, role_id) VALUES (?, ?)" test_user_roles = ( ("ecb52977-3004-469e-9428-2a1856725c7f", - "a0e67630-d502-4b9f-b23f-6805d0f30e30"),) + "a0e67630-d502-4b9f-b23f-6805d0f30e30"), + ("ecb52977-3004-469e-9428-2a1856725c7f", + "ade7e6b0-ba9c-4b51-87d0-2af7fe39a347")) with db.cursor(conn_after_auth_migrations) as cursor: cursor.executemany(query, ( (str(user.user_id), user.email, user.name) for user in TEST_USERS)) -- cgit v1.2.3