1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
"""Test functions dealing with group management."""
from uuid import UUID
import pytest
from gn3.auth import db
from gn3.auth.authentication.users import User
from gn3.auth.authorisation.roles import Role
from gn3.auth.authorisation.privileges import Privilege
from gn3.auth.authorisation.groups import (
Group, GroupRole, create_group, MembershipError, create_group_role)
from tests.unit.auth import conftest
create_group_failure = {
"status": "error",
"message": "Unauthorised: Failed to create group."
}
uuid_fn = lambda : UUID("d32611e3-07fc-4564-b56c-786c6db6de2b")
GROUP = Group(UUID("9988c21d-f02f-4d45-8966-22c968ac2fbf"), "TheTestGroup")
PRIVILEGES = (
Privilege(
UUID("7f261757-3211-4f28-a43f-a09b800b164d"), "view-resource"),
Privilege(
UUID("2f980855-959b-4339-b80e-25d1ec286e21"), "edit-resource"))
@pytest.mark.unit_test
@pytest.mark.parametrize(
"user,expected", tuple(zip(conftest.TEST_USERS, (
Group(
UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group"),
create_group_failure, create_group_failure, create_group_failure,
create_group_failure))))
def test_create_group(# pylint: disable=[too-many-arguments]
test_app, auth_testdb_path, mocker, test_users, user, expected):# pylint: disable=[unused-argument]
"""
GIVEN: an authenticated user
WHEN: the user attempts to create a group
THEN: verify they are only able to create the group if they have the
appropriate privileges
"""
mocker.patch("gn3.auth.authorisation.groups.uuid4", uuid_fn)
with test_app.app_context() as flask_context:
flask_context.g.user = user
with db.connection(auth_testdb_path) as conn:
assert create_group(conn, "a_test_group", user) == expected
create_role_failure = {
"status": "error",
"message": "Unauthorised: Could not create the group role"
}
@pytest.mark.unit_test
@pytest.mark.parametrize(
"user,expected", tuple(zip(conftest.TEST_USERS, (
GroupRole(
UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
"ResourceEditor", PRIVILEGES)),
create_role_failure, create_role_failure, create_role_failure,
create_role_failure))))
def test_create_group_role(mocker, test_users_in_group, test_app, user, expected):
"""
GIVEN: an authenticated user
WHEN: the user attempts to create a role, attached to a group
THEN: verify they are only able to create the role if they have the
appropriate privileges and that the role is attached to the given group
"""
mocker.patch("gn3.auth.authorisation.groups.uuid4", uuid_fn)
mocker.patch("gn3.auth.authorisation.roles.uuid4", uuid_fn)
conn, _group, _users = test_users_in_group
with test_app.app_context() as flask_context:
flask_context.g.user = user
assert create_group_role(
conn, GROUP, "ResourceEditor", PRIVILEGES) == expected
@pytest.mark.unit_test
def test_create_multiple_groups(mocker, test_app, test_users):
"""
GIVEN: An authenticated user with appropriate authorisation
WHEN: The user attempts to create a new group, while being a member of an
existing group
THEN: The system should prevent that, and respond with an appropriate error
message
"""
mocker.patch("gn3.auth.authorisation.groups.uuid4", uuid_fn)
user = User(
UUID("ecb52977-3004-469e-9428-2a1856725c7f"), "group@lead.er",
"Group Leader")
conn, _test_users = test_users
with test_app.app_context() as flask_context:
flask_context.g.user = user
# First time, successfully creates the group
assert create_group(conn, "a_test_group", user) == Group(
UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group")
# subsequent attempts should fail
with pytest.raises(MembershipError):
create_group(conn, "another_test_group", user)
|