1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
"""Test resource-management functions"""
import uuid
import pytest
from gn_auth.auth.db import sqlite3 as db
from gn_auth.auth.authorisation.errors import AuthorisationError
from gn_auth.auth.authorisation.resources.groups import Group
from gn_auth.auth.authorisation.resources.models import (
Resource, user_resources, create_resource, ResourceCategory,
public_resources)
from tests.unit.auth import conftest
group = Group(uuid.UUID("9988c21d-f02f-4d45-8966-22c968ac2fbf"), "TheTestGroup",
{})
resource_category = ResourceCategory(
uuid.UUID("fad071a3-2fc8-40b8-992b-cdefe7dcac79"), "mrna", "mRNA Dataset")
create_resource_failure = {
"status": "error",
"message": "Unauthorised: Could not create resource"
}
@pytest.mark.unit_test
@pytest.mark.parametrize(
"user,expected",
tuple(zip(
conftest.TEST_USERS[0:1],
(Resource(
uuid.UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
"test_resource", resource_category, False),))))
def test_create_resource(mocker, fxtr_users_in_group, user, expected):
"""Test that resource creation works as expected."""
mocker.patch("gn_auth.auth.authorisation.resources.models.uuid4", conftest.uuid_fn)
mocker.patch("gn_auth.auth.authorisation.checks.require_oauth.acquire",
conftest.get_tokeniser(user))
conn, _group, _users = fxtr_users_in_group
resource = create_resource(
conn, "test_resource", resource_category, user, False)
assert resource == expected
with db.cursor(conn) as cursor:
# Cleanup
cursor.execute(
"DELETE FROM user_roles WHERE resource_id=?",
(str(resource.resource_id),))
cursor.execute(
"DELETE FROM resource_ownership WHERE resource_id=?",
(str(resource.resource_id),))
cursor.execute(
"DELETE FROM group_roles WHERE group_id=?",
(str(group.group_id),))
cursor.execute(
"DELETE FROM resources WHERE resource_id=?",
(str(resource.resource_id),))
@pytest.mark.unit_test
@pytest.mark.parametrize(
"user,expected",
tuple(zip(
conftest.TEST_USERS[1:],
(create_resource_failure, create_resource_failure,
create_resource_failure))))
def test_create_resource_raises_for_unauthorised_users(
mocker, fxtr_users_in_group, user, expected):
"""Test that resource creation works as expected."""
mocker.patch("gn_auth.auth.authorisation.resources.models.uuid4", conftest.uuid_fn)
mocker.patch("gn_auth.auth.authorisation.checks.require_oauth.acquire",
conftest.get_tokeniser(user))
conn, _group, _users = fxtr_users_in_group
with pytest.raises(AuthorisationError):
assert create_resource(
conn, "test_resource", resource_category, user, False) == expected
def sort_key_resources(resource):
"""Sort-key for resources."""
return resource.resource_id
@pytest.mark.unit_test
def test_public_resources(fxtr_resources):
"""
GIVEN: some resources in the database
WHEN: public resources are requested
THEN: only list the resources that are public
"""
conn, _res = fxtr_resources
assert sorted(public_resources(conn), key=sort_key_resources) == sorted(tuple(
res for res in conftest.TEST_RESOURCES if res.public), key=sort_key_resources)
PUBLIC_RESOURCES = sorted(
{res.resource_id: res for res in conftest.TEST_RESOURCES_PUBLIC}.values(),
key=sort_key_resources)
@pytest.mark.unit_test
@pytest.mark.parametrize(
"user,expected",
tuple(zip(
conftest.TEST_USERS,
(sorted(
{res.resource_id: res for res in
(conftest.TEST_RESOURCES_GROUP_01 +
conftest.TEST_RESOURCES_PUBLIC)}.values(),
key=sort_key_resources),
sorted(
{res.resource_id: res for res in
((conftest.TEST_RESOURCES_GROUP_01[1],) +
conftest.TEST_RESOURCES_PUBLIC)}.values()
,
key=sort_key_resources),
PUBLIC_RESOURCES, PUBLIC_RESOURCES))))
def test_user_resources(fxtr_group_user_roles, user, expected):
"""
GIVEN: some resources in the database
WHEN: a particular user's resources are requested
THEN: list only the resources for which the user can access
"""
conn, *_others = fxtr_group_user_roles
assert sorted(
{res.resource_id: res for res in user_resources(conn, user)
}.values(), key=sort_key_resources) == expected
|