From 1bcc1033174127f165776f1b9c99ec75f1b49b4b Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Thu, 17 Nov 2022 12:55:00 +0300 Subject: tests: Add test to check creation of roles attached to groups * tests/unit/auth/conftest.py: Add fixtures to help with testing * tests/unit/auth/test_groups.py: Add incomplete and failing test --- tests/unit/auth/conftest.py | 39 ++++++++++++++++++++++++++++++++++++++- tests/unit/auth/test_groups.py | 31 ++++++++++++++++++++++++++++--- 2 files changed, 66 insertions(+), 4 deletions(-) (limited to 'tests/unit/auth') diff --git a/tests/unit/auth/conftest.py b/tests/unit/auth/conftest.py index 0c6b7c7..4f4f1f8 100644 --- a/tests/unit/auth/conftest.py +++ b/tests/unit/auth/conftest.py @@ -1,10 +1,14 @@ """Fixtures for auth tests.""" +import uuid + import pytest from yoyo.backends import DatabaseBackend from yoyo import get_backend, read_migrations from yoyo.migrations import Migration, MigrationList from gn3.auth import db +from gn3.auth.authentication.users import User +from gn3.auth.authorisation.groups import Group from gn3.migrations import apply_migrations, rollback_migrations @pytest.fixture(scope="session") @@ -50,6 +54,17 @@ def migrations_up_to(migration, migrations_dir): index = [mig.path for mig in migrations].index(migration) return MigrationList(migrations[0:index]) +@pytest.fixture(scope="function") +def test_group(conn_after_auth_migrations):# pylint: disable=[redefined-outer-name] + """Fixture: setup a test group.""" + query = "INSERT INTO groups(group_id, group_name) VALUES (?, ?)" + group_id = uuid.UUID("9988c21d-f02f-4d45-8966-22c968ac2fbf") + group_name = "TheTestGroup" + with db.cursor(conn_after_auth_migrations) as cursor: + cursor.execute(query, (str(group_id), group_name)) + + yield (conn_after_auth_migrations, Group(group_id, group_name)) + @pytest.fixture(scope="function") def test_users(conn_after_auth_migrations):# pylint: disable=[redefined-outer-name] """Fixture: setup test users.""" @@ -71,7 +86,8 @@ def test_users(conn_after_auth_migrations):# pylint: disable=[redefined-outer-na cursor.executemany(query, the_users) cursor.executemany(query_user_roles, test_user_roles) - yield conn_after_auth_migrations + yield (conn_after_auth_migrations, tuple( + User(uuid.UUID(uid), email, name) for uid, email, name in the_users)) with db.cursor(conn_after_auth_migrations) as cursor: cursor.executemany( @@ -83,3 +99,24 @@ def test_users(conn_after_auth_migrations):# pylint: disable=[redefined-outer-na ("21351b66-8aad-475b-84ac-53ce528451e3",), ("ae9c6245-0966-41a5-9a5e-20885a96bea7",), ("9a0c7ce5-2f40-4e78-979e-bf3527a59579",))) + +@pytest.fixture(scope="function") +def test_users_in_group(test_group, test_users):#pytest: disable=[redefined-outer-name] + """Link the users to the groups.""" + conn = test_group[0] + group = test_group[1] + users = test_users[1] + query_params = ( + (str(group.group_id), str(user.user_id)) for user in users + if user.email not in ("unaff@iliated.user",)) + with db.cursor(conn) as cursor: + cursor.execute( + "INSERT INTO group_users(group_id, user_id) VALUES (?, ?)", + query_params) + + yield (conn, group, users) + + with db.cursor(conn) as cursor: + cursor.execute( + "DELETE FROM group_users WHERE group_id=? AND user_id=?", + query_params) diff --git a/tests/unit/auth/test_groups.py b/tests/unit/auth/test_groups.py index 1db7a7c..0cd370e 100644 --- a/tests/unit/auth/test_groups.py +++ b/tests/unit/auth/test_groups.py @@ -4,14 +4,14 @@ from uuid import UUID import pytest from gn3.auth import db -from gn3.auth.authorisation.groups import Group, create_group +from gn3.auth.authorisation.groups import Group, create_group, create_group_role create_group_failure = { "status": "error", "message": "Unauthorised: Failed to create group." } -group_leader_id = lambda : UUID("d32611e3-07fc-4564-b56c-786c6db6de2b") +uuid_fn = lambda : UUID("d32611e3-07fc-4564-b56c-786c6db6de2b") @pytest.mark.unit_test @pytest.mark.parametrize( @@ -30,8 +30,33 @@ def test_create_group(# pylint: disable=[too-many-arguments] THEN: verify they are only able to create the group if they have the appropriate privileges """ - mocker.patch("gn3.auth.authorisation.groups.uuid4", group_leader_id) + mocker.patch("gn3.auth.authorisation.groups.uuid4", uuid_fn) with test_app.app_context() as flask_context: flask_context.g.user_id = UUID(user_id) with db.connection(auth_testdb_path) as conn: assert create_group(conn, "a_test_group") == expected + +@pytest.mark.unit_test +@pytest.mark.parametrize( + "user_id,expected", ( + ("ecb52977-3004-469e-9428-2a1856725c7f", Group( + UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group")), + ("21351b66-8aad-475b-84ac-53ce528451e3", create_group_failure), + ("ae9c6245-0966-41a5-9a5e-20885a96bea7", create_group_failure), + ("9a0c7ce5-2f40-4e78-979e-bf3527a59579", create_group_failure), + ("e614247d-84d2-491d-a048-f80b578216cb", create_group_failure))) +def test_create_group_role(mocker, test_users_in_group, test_app, user_id, expected): + """ + GIVEN: an authenticated user + WHEN: the user attempts to create a role, attached to a group + THEN: verify they are only able to create the role if they have the + appropriate privileges and that the role is attached to the given group + """ + mocker.patch("gn3.auth.authorisation.groups.uuid4", uuid_fn) + mocker.patch("gn3.auth.authorisation.roles.uuid4", uuid_fn) + conn, group, users = test_users_in_group + with test_app.app_context() as flask_context: + flask_context.g.user_id = UUID(user_id) + assert create_group_role(conn, GROUP, "a_test_role", PRIVILEGES) + + assert False, "NOT IMPLEMENTED" -- cgit v1.2.3