aboutsummaryrefslogtreecommitdiff
path: root/tests/unit/auth/test_groups.py
diff options
context:
space:
mode:
Diffstat (limited to 'tests/unit/auth/test_groups.py')
-rw-r--r--tests/unit/auth/test_groups.py149
1 files changed, 92 insertions, 57 deletions
diff --git a/tests/unit/auth/test_groups.py b/tests/unit/auth/test_groups.py
index c9d8b19..16df56e 100644
--- a/tests/unit/auth/test_groups.py
+++ b/tests/unit/auth/test_groups.py
@@ -6,11 +6,9 @@ from pymonad.maybe import Nothing
from gn_auth.auth.db import sqlite3 as db
from gn_auth.auth.errors import AuthorisationError
-from gn_auth.auth.authentication.users import User
-from gn_auth.auth.authorisation.roles import Role
from gn_auth.auth.authorisation.privileges import Privilege
from gn_auth.auth.authorisation.resources.groups.models import (
- Group, GroupRole, user_group, create_group, create_group_role)
+ Group, user_group, create_group, create_group_role)
from tests.unit.auth import conftest
@@ -28,40 +26,96 @@ PRIVILEGES = (
Privilege("group:resource:edit-resource", "edit/update a resource"))
@pytest.mark.unit_test
+@pytest.mark.parametrize("user", tuple(conftest.TEST_USERS[0:3]))
+def test_create_group_fails(# pylint: disable=[too-many-arguments]
+ fxtr_app, auth_testdb_path, mocker, fxtr_resource_user_roles, fxtr_oauth2_clients, user):# pylint: disable=[unused-argument]
+ """
+ GIVEN: an authenticated user
+ WHEN: the user attempts to create a group
+ THEN: verify they are only able to create the group if they have the
+ appropriate privileges
+ """
+ _conn, clients = fxtr_oauth2_clients
+ mocker.patch("gn_auth.auth.authorisation.resources.groups.models.uuid4", conftest.uuid_fn)
+ mocker.patch(
+ "gn_auth.auth.authorisation.checks.require_oauth.acquire",
+ conftest.get_tokeniser(
+ user,
+ tuple(client for client in clients if client.user == user)[0]))
+ with db.connection(auth_testdb_path) as conn:
+ with pytest.raises(AuthorisationError):
+ create_group(conn, "a_test_group", user, "A test group")
+
+
+def __cleanup_create_group__(conn, user, group):
+ """Cleanup creating a group..."""
+ # cleanup: This should probably go into a 'delete_group(…) function'
+ with db.cursor(conn) as cursor:
+ cursor.execute("DELETE FROM group_users WHERE group_id=? AND user_id=?",
+ (str(group.group_id), str(user.user_id)))
+ cursor.execute("SELECT * FROM group_resources WHERE group_id=?",
+ (str(group.group_id),))
+ grp_rsc = cursor.fetchone()
+ cursor.execute(
+ "DELETE FROM user_roles WHERE user_id=? AND resource_id=?",
+ (str(user.user_id), str(grp_rsc["resource_id"])))
+ cursor.execute("DELETE FROM group_resources WHERE group_id=?",
+ (str(group.group_id),))
+ cursor.execute("DELETE FROM groups WHERE group_id=?",
+ (str(group.group_id),))
+
+
+@pytest.mark.unit_test
@pytest.mark.parametrize(
- "user,expected", tuple(zip(conftest.TEST_USERS[0:1], (
- Group(
- UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group",
- {"group_description": "A test group"}),
- create_group_failure, create_group_failure, create_group_failure,
- create_group_failure))))
-def test_create_group(# pylint: disable=[too-many-arguments]
- fxtr_app, auth_testdb_path, mocker, fxtr_users, user, expected):# pylint: disable=[unused-argument]
+ "user,expected",
+ ((conftest.TEST_USERS[3], Group(
+ UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group",
+ {"group_description": "A test group"})),))
+def test_create_group_succeeds(# pylint: disable=[too-many-arguments, unused-argument]
+ fxtr_app,
+ auth_testdb_path,
+ mocker,
+ fxtr_resource_user_roles,
+ fxtr_oauth2_clients,
+ user,
+ expected
+):
"""
GIVEN: an authenticated user
WHEN: the user attempts to create a group
THEN: verify they are only able to create the group if they have the
appropriate privileges
"""
+ _conn, clients = fxtr_oauth2_clients
mocker.patch("gn_auth.auth.authorisation.resources.groups.models.uuid4", conftest.uuid_fn)
- mocker.patch("gn_auth.auth.authorisation.checks.require_oauth.acquire",
- conftest.get_tokeniser(user))
+ mocker.patch(
+ "gn_auth.auth.authorisation.checks.require_oauth.acquire",
+ conftest.get_tokeniser(
+ user,
+ tuple(client for client in clients if client.user == user)[0]))
with db.connection(auth_testdb_path) as conn:
- assert create_group(
- conn, "a_test_group", user, "A test group") == expected
+ created_group = create_group(
+ conn, "a_test_group", user, "A test group")
+ assert created_group == expected
+ __cleanup_create_group__(conn, user, created_group)
+
@pytest.mark.unit_test
@pytest.mark.parametrize("user", conftest.TEST_USERS[1:])
def test_create_group_raises_exception_with_non_privileged_user(# pylint: disable=[too-many-arguments]
- fxtr_app, auth_testdb_path, mocker, fxtr_users, user):# pylint: disable=[unused-argument]
+ fxtr_app, auth_testdb_path, mocker, fxtr_users, fxtr_oauth2_clients, user):# pylint: disable=[unused-argument]
"""
GIVEN: an authenticated user, without appropriate privileges
WHEN: the user attempts to create a group
THEN: verify the system raises an exception
"""
+ _conn, clients = fxtr_oauth2_clients
mocker.patch("gn_auth.auth.authorisation.resources.groups.models.uuid4", conftest.uuid_fn)
- mocker.patch("gn_auth.auth.authorisation.checks.require_oauth.acquire",
- conftest.get_tokeniser(user))
+ mocker.patch(
+ "gn_auth.auth.authorisation.checks.require_oauth.acquire",
+ conftest.get_tokeniser(
+ user,
+ tuple(client for client in clients if client.user == user)[0]))
with db.connection(auth_testdb_path) as conn:
with pytest.raises(AuthorisationError):
assert create_group(conn, "a_test_group", user, "A test group")
@@ -71,58 +125,34 @@ create_role_failure = {
"message": "Unauthorised: Could not create the group role"
}
-@pytest.mark.unit_test
-@pytest.mark.parametrize(
- "user,expected", tuple(zip(conftest.TEST_USERS[0:1], (
- GroupRole(
- UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
- GROUP,
- Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
- "ResourceEditor", True, PRIVILEGES)),))))
-def test_create_group_role(mocker, fxtr_users_in_group, user, expected):
- """
- GIVEN: an authenticated user
- WHEN: the user attempts to create a role, attached to a group
- THEN: verify they are only able to create the role if they have the
- appropriate privileges and that the role is attached to the given group
- """
- mocker.patch("gn_auth.auth.authorisation.resources.groups.models.uuid4", conftest.uuid_fn)
- mocker.patch("gn_auth.auth.authorisation.roles.models.uuid4", conftest.uuid_fn)
- mocker.patch("gn_auth.auth.authorisation.checks.require_oauth.acquire",
- conftest.get_tokeniser(user))
- conn, _group, _users = fxtr_users_in_group
- with db.cursor(conn) as cursor:
- assert create_group_role(
- conn, GROUP, "ResourceEditor", PRIVILEGES) == expected
- # cleanup
- cursor.execute(
- ("DELETE FROM group_roles "
- "WHERE group_role_id=? AND group_id=? AND role_id=?"),
- (str(conftest.uuid_fn()), str(GROUP.group_id), str(conftest.uuid_fn())))
@pytest.mark.unit_test
@pytest.mark.parametrize(
"user,expected", tuple(zip(conftest.TEST_USERS[1:], (
create_role_failure, create_role_failure, create_role_failure))))
def test_create_group_role_raises_exception_with_unauthorised_users(
- mocker, fxtr_users_in_group, user, expected):
+ mocker, fxtr_users_in_group, fxtr_oauth2_clients, user, expected):
"""
GIVEN: an authenticated user
WHEN: the user attempts to create a role, attached to a group
THEN: verify they are only able to create the role if they have the
appropriate privileges and that the role is attached to the given group
"""
+ _conn, clients = fxtr_oauth2_clients
mocker.patch("gn_auth.auth.authorisation.resources.groups.models.uuid4", conftest.uuid_fn)
mocker.patch("gn_auth.auth.authorisation.roles.models.uuid4", conftest.uuid_fn)
- mocker.patch("gn_auth.auth.authorisation.checks.require_oauth.acquire",
- conftest.get_tokeniser(user))
+ mocker.patch(
+ "gn_auth.auth.authorisation.checks.require_oauth.acquire",
+ conftest.get_tokeniser(
+ user,
+ tuple(client for client in clients if client.user == user)[0]))
conn, _group, _users = fxtr_users_in_group
with pytest.raises(AuthorisationError):
assert create_group_role(
conn, GROUP, "ResourceEditor", PRIVILEGES) == expected
@pytest.mark.unit_test
-def test_create_multiple_groups(mocker, fxtr_users):
+def test_create_multiple_groups(mocker, fxtr_resource_user_roles, fxtr_oauth2_clients):
"""
GIVEN: An authenticated user with appropriate authorisation
WHEN: The user attempts to create a new group, while being a member of an
@@ -130,21 +160,26 @@ def test_create_multiple_groups(mocker, fxtr_users):
THEN: The system should prevent that, and respond with an appropriate error
message
"""
+ _conn, clients = fxtr_oauth2_clients
mocker.patch("gn_auth.auth.authorisation.resources.groups.models.uuid4", conftest.uuid_fn)
- user = User(
- UUID("ecb52977-3004-469e-9428-2a1856725c7f"), "group@lead.er",
- "Group Leader")
- mocker.patch("gn_auth.auth.authorisation.checks.require_oauth.acquire",
- conftest.get_tokeniser(user))
- conn, _test_users = fxtr_users
+ user = conftest.TEST_USERS[3]
+ mocker.patch(
+ "gn_auth.auth.authorisation.checks.require_oauth.acquire",
+ conftest.get_tokeniser(
+ user,
+ tuple(client for client in clients if client.user == user)[0]))
+ conn, *_test_users = fxtr_resource_user_roles
# First time, successfully creates the group
- assert create_group(conn, "a_test_group", user) == Group(
+ created_group = create_group(conn, "a_test_group", user)
+ assert created_group == Group(
UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group",
{})
# subsequent attempts should fail
with pytest.raises(AuthorisationError):
create_group(conn, "another_test_group", user)
+ __cleanup_create_group__(conn, user, created_group)
+
@pytest.mark.unit_test
@pytest.mark.parametrize(
"user,expected",
generated by cgit v1.2.3 (git 2.25.4) at 2024-06-30 20:35:31 +0000