aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--tests/unit/auth/test_groups.py37
-rw-r--r--tests/unit/auth/test_resources_roles.py90
-rw-r--r--tests/unit/auth/test_roles.py34
3 files changed, 91 insertions, 70 deletions
diff --git a/tests/unit/auth/test_groups.py b/tests/unit/auth/test_groups.py
index f22a8cf..16df56e 100644
--- a/tests/unit/auth/test_groups.py
+++ b/tests/unit/auth/test_groups.py
@@ -6,10 +6,9 @@ from pymonad.maybe import Nothing
from gn_auth.auth.db import sqlite3 as db
from gn_auth.auth.errors import AuthorisationError
-from gn_auth.auth.authorisation.roles import Role
from gn_auth.auth.authorisation.privileges import Privilege
from gn_auth.auth.authorisation.resources.groups.models import (
- Group, GroupRole, user_group, create_group, create_group_role)
+ Group, user_group, create_group, create_group_role)
from tests.unit.auth import conftest
@@ -126,40 +125,6 @@ create_role_failure = {
"message": "Unauthorised: Could not create the group role"
}
-@pytest.mark.skip("Keep as placeholder until we implement test for creating "
- "a resource role.")
-@pytest.mark.unit_test
-@pytest.mark.parametrize(
- "user,expected", tuple(zip(conftest.TEST_USERS[0:1], (
- GroupRole(
- UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
- GROUP,
- Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
- "ResourceEditor", True, PRIVILEGES)),))))
-def test_create_group_role(mocker, fxtr_users_in_group, fxtr_oauth2_clients, user, expected):
- """
- GIVEN: an authenticated user
- WHEN: the user attempts to create a role, attached to a group
- THEN: verify they are only able to create the role if they have the
- appropriate privileges and that the role is attached to the given group
- """
- _conn, clients = fxtr_oauth2_clients
- mocker.patch("gn_auth.auth.authorisation.resources.groups.models.uuid4", conftest.uuid_fn)
- mocker.patch("gn_auth.auth.authorisation.roles.models.uuid4", conftest.uuid_fn)
- mocker.patch(
- "gn_auth.auth.authorisation.checks.require_oauth.acquire",
- conftest.get_tokeniser(
- user,
- tuple(client for client in clients if client.user == user)[0]))
- conn, _group, _users = fxtr_users_in_group
- with db.cursor(conn) as cursor:
- assert create_group_role(
- conn, GROUP, "ResourceEditor", PRIVILEGES) == expected
- # cleanup
- cursor.execute(
- ("DELETE FROM group_roles "
- "WHERE group_role_id=? AND group_id=? AND role_id=?"),
- (str(conftest.uuid_fn()), str(GROUP.group_id), str(conftest.uuid_fn())))
@pytest.mark.unit_test
@pytest.mark.parametrize(
diff --git a/tests/unit/auth/test_resources_roles.py b/tests/unit/auth/test_resources_roles.py
new file mode 100644
index 0000000..39a198f
--- /dev/null
+++ b/tests/unit/auth/test_resources_roles.py
@@ -0,0 +1,90 @@
+"""Tests for roles for a specific resource."""
+from uuid import UUID
+
+import pytest
+
+from gn_auth.auth.db import sqlite3 as db
+from gn_auth.auth.authorisation.privileges import Privilege
+from gn_auth.auth.authorisation.roles.models import Role, create_role
+from gn_auth.auth.authorisation.resources.groups.models import (
+ GroupRole,
+ create_group_role)
+
+from tests.unit.auth import conftest
+
+
+GROUP = conftest.TEST_GROUP_01
+PRIVILEGES = (
+ Privilege("group:resource:view-resource",
+ "view a resource and use it in computations"),
+ Privilege("group:resource:edit-resource", "edit/update a resource"))
+
+
+@pytest.mark.skip("Keep as placeholder until we implement test for creating "
+ "a resource role.")
+@pytest.mark.unit_test
+@pytest.mark.parametrize(
+ "user,expected", tuple(zip(conftest.TEST_USERS[0:1], (
+ GroupRole(
+ UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
+ GROUP,
+ Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
+ "ResourceEditor", True, PRIVILEGES)),))))
+def test_create_group_role(mocker, fxtr_users_in_group, fxtr_oauth2_clients, user, expected):
+ """
+ GIVEN: an authenticated user
+ WHEN: the user attempts to create a role, attached to a group
+ THEN: verify they are only able to create the role if they have the
+ appropriate privileges and that the role is attached to the given group
+ """
+ _conn, clients = fxtr_oauth2_clients
+ mocker.patch("gn_auth.auth.authorisation.resources.groups.models.uuid4", conftest.uuid_fn)
+ mocker.patch("gn_auth.auth.authorisation.roles.models.uuid4", conftest.uuid_fn)
+ mocker.patch(
+ "gn_auth.auth.authorisation.checks.require_oauth.acquire",
+ conftest.get_tokeniser(
+ user,
+ tuple(client for client in clients if client.user == user)[0]))
+ conn, _group, _users = fxtr_users_in_group
+ with db.cursor(conn) as cursor:
+ assert create_group_role(
+ conn, GROUP, "ResourceEditor", PRIVILEGES) == expected
+ # cleanup
+ cursor.execute(
+ ("DELETE FROM group_roles "
+ "WHERE group_role_id=? AND group_id=? AND role_id=?"),
+ (str(conftest.uuid_fn()), str(GROUP.group_id), str(conftest.uuid_fn())))
+
+
+@pytest.mark.skip(
+ "This needs to be replaced by tests for creation of resource roles.")
+@pytest.mark.unit_test
+@pytest.mark.parametrize(
+ "user,expected", tuple(zip(conftest.TEST_USERS[0:1], (
+ Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_role",
+ True, PRIVILEGES),))))
+def test_create_role(# pylint: disable=[too-many-arguments, unused-argument]
+ fxtr_app,
+ auth_testdb_path,
+ mocker,
+ fxtr_users,
+ fxtr_oauth2_clients,
+ user,
+ expected
+):
+ """
+ GIVEN: an authenticated user
+ WHEN: the user attempts to create a role
+ THEN: verify they are only able to create the role if they have the
+ appropriate privileges
+ """
+ _conn, clients = fxtr_oauth2_clients
+ mocker.patch("gn_auth.auth.authorisation.roles.models.uuid4", conftest.uuid_fn)
+ mocker.patch(
+ "gn_auth.auth.authorisation.checks.require_oauth.acquire",
+ conftest.get_tokeniser(
+ user,
+ tuple(client for client in clients if client.user == user)[0]))
+ with db.connection(auth_testdb_path) as conn, db.cursor(conn) as cursor:
+ the_role = create_role(cursor, "a_test_role", PRIVILEGES)
+ assert the_role == expected
diff --git a/tests/unit/auth/test_roles.py b/tests/unit/auth/test_roles.py
index b9d1183..251defb 100644
--- a/tests/unit/auth/test_roles.py
+++ b/tests/unit/auth/test_roles.py
@@ -22,40 +22,6 @@ PRIVILEGES = (
Privilege("group:resource:edit-resource", "edit/update a resource"))
-@pytest.mark.skip(
- "This needs to be replaced by tests for creation of resource roles.")
-@pytest.mark.unit_test
-@pytest.mark.parametrize(
- "user,expected", tuple(zip(conftest.TEST_USERS[0:1], (
- Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_role",
- True, PRIVILEGES),))))
-def test_create_role(# pylint: disable=[too-many-arguments, unused-argument]
- fxtr_app,
- auth_testdb_path,
- mocker,
- fxtr_users,
- fxtr_oauth2_clients,
- user,
- expected
-):
- """
- GIVEN: an authenticated user
- WHEN: the user attempts to create a role
- THEN: verify they are only able to create the role if they have the
- appropriate privileges
- """
- _conn, clients = fxtr_oauth2_clients
- mocker.patch("gn_auth.auth.authorisation.roles.models.uuid4", conftest.uuid_fn)
- mocker.patch(
- "gn_auth.auth.authorisation.checks.require_oauth.acquire",
- conftest.get_tokeniser(
- user,
- tuple(client for client in clients if client.user == user)[0]))
- with db.connection(auth_testdb_path) as conn, db.cursor(conn) as cursor:
- the_role = create_role(cursor, "a_test_role", PRIVILEGES)
- assert the_role == expected
-
-
@pytest.mark.unit_test
@pytest.mark.parametrize(
"user,expected", tuple(zip(conftest.TEST_USERS[1:], (