1 files changed, 167 insertions, 2 deletions

diff --git a/tests/unit/auth/fixtures/role_fixtures.py b/tests/unit/auth/fixtures/role_fixtures.py
index ddcbba5..1858712 100644
--- a/tests/unit/auth/fixtures/role_fixtures.py
+++ b/tests/unit/auth/fixtures/role_fixtures.py
@@ -7,18 +7,41 @@ from gn_auth.auth.db import sqlite3 as db
 from gn_auth.auth.authorisation.roles import Role
 from gn_auth.auth.authorisation.privileges import Privilege
 
+from .user_fixtures import TEST_USERS
+from .resource_fixtures import SYSTEM_RESOURCE, TEST_RESOURCES_PUBLIC
+from .group_fixtures import (
+    TEST_GROUP_01,
+    TEST_RESOURCES_GROUP_01,
+    TEST_RESOURCES_GROUP_02)
+
+PUBLIC_VIEW_ROLE = Role(
+    uuid.UUID("fd88bfed-d869-4969-87f2-67c4e8446ecb"),
+    "public-view",
+    False,
+    (Privilege("group:resource:view-resource",
+               "view a resource and use it in computations"),))
+
 RESOURCE_READER_ROLE = Role(
-    uuid.UUID("c3ca2507-ee24-4835-9b31-8c21e1c072d3"), "resource_reader", True,
+    uuid.UUID("c3ca2507-ee24-4835-9b31-8c21e1c072d3"), "resource_reader",
+    True,
     (Privilege("group:resource:view-resource",
                "view a resource and use it in computations"),))
 
 RESOURCE_EDITOR_ROLE = Role(
-    uuid.UUID("89819f84-6346-488b-8955-86062e9eedb7"), "resource_editor", True,
+    uuid.UUID("89819f84-6346-488b-8955-86062e9eedb7"),
+    "resource_editor",
+    True,
     (
         Privilege("group:resource:view-resource",
                   "view a resource and use it in computations"),
         Privilege("group:resource:edit-resource", "edit/update a resource")))
 
+CREATE_GROUP_ROLE = Role(
+    uuid.UUID("ade7e6b0-ba9c-4b51-87d0-2af7fe39a347"),
+    "group-creator",
+    False,
+    (Privilege("system:group:create-group", "Create a group"),))
+
 TEST_ROLES = (RESOURCE_READER_ROLE, RESOURCE_EDITOR_ROLE)
 
 @pytest.fixture(scope="function")
@@ -43,3 +66,145 @@ def fxtr_roles(conn_after_auth_migrations):
         cursor.executemany(
             ("DELETE FROM roles WHERE role_id=?"),
             ((str(role.role_id),) for role in TEST_ROLES))
+
+
+@pytest.fixture(scope="function")
+def fxtr_resource_roles(fxtr_resources, fxtr_roles):# pylint: disable=[redefined-outer-name,unused-argument]
+    """Link roles to resources."""
+    resource_roles = ({
+        "resource_id": str(TEST_RESOURCES_GROUP_01[0].resource_id),
+        "role_created_by": "ecb52977-3004-469e-9428-2a1856725c7f",
+        "role_id": str(RESOURCE_EDITOR_ROLE.role_id)
+    },{
+        "resource_id": str(TEST_RESOURCES_GROUP_01[0].resource_id),
+        "role_created_by": "ecb52977-3004-469e-9428-2a1856725c7f",
+        "role_id": str(RESOURCE_READER_ROLE.role_id)
+    }, {
+        "resource_id": str(TEST_RESOURCES_GROUP_02[1].resource_id),
+        "role_created_by": "ecb52977-3004-469e-9428-2a1856725c7f",
+        "role_id": str(RESOURCE_EDITOR_ROLE.role_id)
+    },{
+        "resource_id": str(TEST_RESOURCES_GROUP_02[1].resource_id),
+        "role_created_by": "ecb52977-3004-469e-9428-2a1856725c7f",
+        "role_id": str(RESOURCE_READER_ROLE.role_id)
+    })
+
+    conn, resources = fxtr_resources
+    with db.cursor(conn) as cursor:
+        cursor.executemany(
+            "INSERT INTO resource_roles(resource_id, role_created_by, role_id) "
+            "VALUES (:resource_id, :role_created_by, :role_id)",
+            resource_roles)
+
+    yield conn, resources, resource_roles
+
+    with db.cursor(conn) as cursor:
+        cursor.executemany(
+            ("DELETE FROM resource_roles "
+             "WHERE resource_id=:resource_id "
+             "AND role_created_by=:role_created_by "
+             "AND role_id=:role_id"),
+            resource_roles)
+
+
+@pytest.fixture(scope="function")
+def fxtr_setup_group_leaders(fxtr_users):
+    """Define what roles users have that target resources of type 'Group'."""
+    conn, users = fxtr_users
+    with db.cursor(conn) as cursor:
+        cursor.execute("SELECT * FROM group_resources")
+        g01res_id = {
+            row["group_id"]: row["resource_id"]
+            for row in cursor.fetchall()
+        }[str(TEST_GROUP_01.group_id)]
+        test_user_roles = ({
+            "user_id": "ecb52977-3004-469e-9428-2a1856725c7f",
+            "role_id": "a0e67630-d502-4b9f-b23f-6805d0f30e30",# group-leader
+            "resource_id": g01res_id
+        },)
+        cursor.executemany(
+            "INSERT INTO user_roles(user_id, role_id, resource_id) "
+            "VALUES (:user_id, :role_id, :resource_id)",
+            test_user_roles)
+
+    yield conn, users
+
+    with db.cursor(conn) as cursor:
+        cursor.executemany(
+            "DELETE FROM user_roles WHERE user_id=:user_id "
+            "AND role_id=:role_id AND resource_id=:resource_id",
+            test_user_roles)
+
+
+@pytest.fixture(scope="function")
+def fxtr_system_roles(fxtr_users):
+    """Define what roles users have that target resources of type 'Group'."""
+    conn, users = fxtr_users
+    with db.cursor(conn) as cursor:
+        cursor.execute("SELECT * FROM resources WHERE resource_name='GeneNetwork System'")
+        sysres_id = cursor.fetchone()["resource_id"]
+        test_user_roles = tuple({
+            "user_id": str(user.user_id),
+            "role_id": str(PUBLIC_VIEW_ROLE.role_id),
+            "resource_id": sysres_id
+        } for user in TEST_USERS)
+        cursor.executemany(
+            "INSERT INTO user_roles(user_id, role_id, resource_id) "
+            "VALUES (:user_id, :role_id, :resource_id)",
+            test_user_roles)
+
+    yield conn, users
+
+    with db.cursor(conn) as cursor:
+        cursor.executemany(
+            "DELETE FROM user_roles WHERE user_id=:user_id "
+            "AND role_id=:role_id AND resource_id=:resource_id",
+            test_user_roles)
+
+
+@pytest.fixture(scope="function")
+def fxtr_resource_user_roles(# pylint: disable=[too-many-arguments, too-many-locals]
+        fxtr_resources,
+        fxtr_users_in_group,
+        fxtr_resource_ownership,
+        fxtr_resource_roles,
+        fxtr_setup_group_leaders,
+        fxtr_system_roles
+):#pylint: disable=[redefined-outer-name,unused-argument]
+    """Assign roles to users."""
+    _conn, group_resources = fxtr_resources
+    _conn, _resources, _groups, group_resources = fxtr_resource_ownership
+    _conn, _group, group_users = fxtr_users_in_group
+    conn, _groups, resource_roles = fxtr_resource_roles
+
+    users_roles_resources = (
+        # Give access to group leader to all resources in their group
+        tuple((TEST_USERS[0], RESOURCE_EDITOR_ROLE, resource)
+              for resource in TEST_RESOURCES_GROUP_01)
+        # Set group member as resource editor
+        + ((TEST_USERS[1], RESOURCE_EDITOR_ROLE, TEST_RESOURCES_GROUP_01[1]),)
+        # Set group-creator role on the unaffiliated user
+        + ((TEST_USERS[3], CREATE_GROUP_ROLE, SYSTEM_RESOURCE),)
+        # Set roles for public resources
+        + tuple(
+            (user, PUBLIC_VIEW_ROLE, resource)
+            for user in TEST_USERS for resource in TEST_RESOURCES_PUBLIC[1:]))
+    with db.cursor(conn) as cursor:
+        params = tuple({
+            "user_id": str(user.user_id),
+            "role_id": str(role.role_id),
+            "resource_id": str(resource.resource_id)
+        } for user, role, resource in users_roles_resources)
+        cursor.executemany(
+            ("INSERT INTO user_roles "
+             "VALUES (:user_id, :role_id, :resource_id)"),
+            params)
+
+    yield conn, group_users, resource_roles, group_resources
+
+    with db.cursor(conn) as cursor:
+        cursor.executemany(
+            ("DELETE FROM user_roles WHERE "
+             "user_id=:user_id AND role_id=:role_id AND "
+             "resource_id=:resource_id"),
+            params)