aboutsummaryrefslogtreecommitdiff
path: root/tests/unit/test_authentication.py
blob: 59c88efacf2c2eaa50b209924c387c43acab3162 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
"""Test cases for authentication.py"""
import json
import unittest
from unittest import mock

import pytest

from gn3.authentication import AdminRole
from gn3.authentication import DataRole
from gn3.authentication import get_highest_user_access_role
from gn3.authentication import get_user_membership


class TestGetUserMembership(unittest.TestCase):
    """Test cases for `get_user_membership`"""

    def setUp(self):
        conn = mock.MagicMock()
        conn.hgetall.return_value = {
            '7fa95d07-0e2d-4bc5-b47c-448fdc1260b2': (
                '{"name": "editors", '
                '"admins": ["8ad942fe-490d-453e-bd37-56f252e41604", "rand"], '
                '"members": ["8ad942fe-490d-453e-bd37-56f252e41603", '
                '"rand"], '
                '"changed_timestamp": "Oct 06 2021 06:39PM", '
                '"created_timestamp": "Oct 06 2021 06:39PM"}')}
        self.conn = conn

    @pytest.mark.unit_test
    def test_user_is_group_member_only(self):
        """Test that a user is only a group member"""
        self.assertEqual(
            get_user_membership(
                conn=self.conn,
                user_id="8ad942fe-490d-453e-bd37-56f252e41603",
                group_id="7fa95d07-0e2d-4bc5-b47c-448fdc1260b2"),
            {"member": True,
             "admin": False})

    @pytest.mark.unit_test
    def test_user_is_group_admin_only(self):
        """Test that a user is a group admin only"""
        self.assertEqual(
            get_user_membership(
                conn=self.conn,
                user_id="8ad942fe-490d-453e-bd37-56f252e41604",
                group_id="7fa95d07-0e2d-4bc5-b47c-448fdc1260b2"),
            {"member": False,
             "admin": True})

    @pytest.mark.unit_test
    def test_user_is_both_group_member_and_admin(self):
        """Test that a user is both an admin and member of a group"""
        self.assertEqual(
            get_user_membership(
                conn=self.conn,
                user_id="rand",
                group_id="7fa95d07-0e2d-4bc5-b47c-448fdc1260b2"),
            {"member": True,
             "admin": True})


class TestCheckUserAccessRole(unittest.TestCase):
    """Test cases for `get_highest_user_access_role`"""

    @pytest.mark.unit_test
    @mock.patch("gn3.authentication.requests.get")
    def test_edit_access(self, requests_mock):
        """Test that the right access roles are set if the user has edit access"""
        response = mock.PropertyMock(return_value=json.dumps(
            {
                'data': ['no-access', 'view', 'edit', ],
                'metadata': ['no-access', 'view', 'edit', ],
                'admin': ['not-admin', 'edit-access', ],
            }
        ))
        type(requests_mock.return_value).content = response
        self.assertEqual(
            get_highest_user_access_role(
                resource_id="0196d92e1665091f202f",
                user_id="8ad942fe-490d-453e-bd37"),
            {
                "data": DataRole.EDIT,
                "metadata": DataRole.EDIT,
                "admin": AdminRole.EDIT_ACCESS,
            })

    @pytest.mark.unit_test
    @mock.patch("gn3.authentication.requests.get")
    def test_no_access(self, requests_mock):
        """Test that the right access roles are set if the user has no access"""
        response = mock.PropertyMock(return_value=json.dumps(
            {
                'data': ['no-access', ],
                'metadata': ['no-access', ],
                'admin': ['not-admin', ],
            }
        ))
        type(requests_mock.return_value).content = response
        self.assertEqual(
            get_highest_user_access_role(
                resource_id="0196d92e1665091f202f",
                user_id=""),
            {
                "data": DataRole.NO_ACCESS,
                "metadata": DataRole.NO_ACCESS,
                "admin": AdminRole.NOT_ADMIN,
            })