aboutsummaryrefslogtreecommitdiff
path: root/tests/unit/test_authentication.py
blob: 061b684cee027f184996740b5279157e1e7ec18f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
"""Test cases for authentication.py"""
import json
import unittest

from unittest import mock
from gn3.authentication import AdminRole
from gn3.authentication import DataRole
from gn3.authentication import get_highest_user_access_role
from gn3.authentication import get_user_membership


class TestGetUserMembership(unittest.TestCase):
    """Test cases for `get_user_membership`"""

    def setUp(self):
        conn = mock.MagicMock()
        conn.hgetall.return_value = {
            '7fa95d07-0e2d-4bc5-b47c-448fdc1260b2': (
                '{"name": "editors", '
                '"admins": ["8ad942fe-490d-453e-bd37-56f252e41604", "rand"], '
                '"members": ["8ad942fe-490d-453e-bd37-56f252e41603", '
                '"rand"], '
                '"changed_timestamp": "Oct 06 2021 06:39PM", '
                '"created_timestamp": "Oct 06 2021 06:39PM"}')}
        self.conn = conn

    def test_user_is_group_member_only(self):
        """Test that a user is only a group member"""
        self.assertEqual(
            get_user_membership(
                conn=self.conn,
                user_id="8ad942fe-490d-453e-bd37-56f252e41603",
                group_id="7fa95d07-0e2d-4bc5-b47c-448fdc1260b2"),
            {"member": True,
             "admin": False})

    def test_user_is_group_admin_only(self):
        """Test that a user is a group admin only"""
        self.assertEqual(
            get_user_membership(
                conn=self.conn,
                user_id="8ad942fe-490d-453e-bd37-56f252e41604",
                group_id="7fa95d07-0e2d-4bc5-b47c-448fdc1260b2"),
            {"member": False,
             "admin": True})

    def test_user_is_both_group_member_and_admin(self):
        """Test that a user is both an admin and member of a group"""
        self.assertEqual(
            get_user_membership(
                conn=self.conn,
                user_id="rand",
                group_id="7fa95d07-0e2d-4bc5-b47c-448fdc1260b2"),
            {"member": True,
             "admin": True})


class TestCheckUserAccessRole(unittest.TestCase):
    """Test cases for `get_highest_user_access_role`"""

    @mock.patch("gn3.authentication.requests.get")
    def test_edit_access(self, requests_mock):
        """Test that the right access roles are set if the user has edit access"""
        response = mock.PropertyMock(return_value=json.dumps(
            {
                'data': ['no-access', 'view', 'edit', ],
                'metadata': ['no-access', 'view', 'edit', ],
                'admin': ['not-admin', 'edit-access', ],
            }
        ))
        type(requests_mock.return_value).content = response
        self.assertEqual(
            get_highest_user_access_role(
                resource_id="0196d92e1665091f202f",
                user_id="8ad942fe-490d-453e-bd37"),
            {
                "data": DataRole.EDIT,
                "metadata": DataRole.EDIT,
                "admin": AdminRole.EDIT_ACCESS,
            })

    @mock.patch("gn3.authentication.requests.get")
    def test_no_access(self, requests_mock):
        """Test that the right access roles are set if the user has no access"""
        response = mock.PropertyMock(return_value=json.dumps(
            {
                'data': ['no-access', ],
                'metadata': ['no-access', ],
                'admin': ['not-admin', ],
            }
        ))
        type(requests_mock.return_value).content = response
        self.assertEqual(
            get_highest_user_access_role(
                resource_id="0196d92e1665091f202f",
                user_id=""),
            {
                "data": DataRole.NO_ACCESS,
                "metadata": DataRole.NO_ACCESS,
                "admin": AdminRole.NOT_ADMIN,
            })