aboutsummaryrefslogtreecommitdiff
path: root/tests/unit/auth/test_resources.py
blob: ee4f3127bd30e5ca26572898e334cfaf07390c9c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
"""Test resource-management functions"""
import uuid

import pytest

from gn_auth.auth.db import sqlite3 as db

from gn_auth.auth.authorisation.errors import AuthorisationError
from gn_auth.auth.authorisation.resources.groups import Group
from gn_auth.auth.authorisation.resources.models import (
    Resource, user_resources, create_resource, ResourceCategory,
    public_resources)

from tests.unit.auth import conftest

group = Group(uuid.UUID("9988c21d-f02f-4d45-8966-22c968ac2fbf"), "TheTestGroup",
              {})
resource_category = ResourceCategory(
    uuid.UUID("fad071a3-2fc8-40b8-992b-cdefe7dcac79"), "mrna", "mRNA Dataset")
create_resource_failure = {
    "status": "error",
    "message": "Unauthorised: Could not create resource"
}

@pytest.mark.unit_test
@pytest.mark.parametrize(
    "user,expected",
    tuple(zip(
        conftest.TEST_USERS[0:1],
        (Resource(
            uuid.UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
            "test_resource", resource_category, False),))))
def test_create_resource(mocker, fxtr_users_in_group, user, expected):
    """Test that resource creation works as expected."""
    mocker.patch("gn_auth.auth.authorisation.resources.models.uuid4", conftest.uuid_fn)
    mocker.patch("gn_auth.auth.authorisation.checks.require_oauth.acquire",
                 conftest.get_tokeniser(user))
    conn, _group, _users = fxtr_users_in_group
    resource = create_resource(
        conn, "test_resource", resource_category, user, False)
    assert resource == expected

    with db.cursor(conn) as cursor:
        # Cleanup
        cursor.execute(
            "DELETE FROM user_roles WHERE resource_id=?",
            (str(resource.resource_id),))
        cursor.execute(
            "DELETE FROM resource_ownership WHERE resource_id=?",
            (str(resource.resource_id),))
        cursor.execute(
            "DELETE FROM group_roles WHERE group_id=?",
            (str(group.group_id),))
        cursor.execute(
            "DELETE FROM resources WHERE resource_id=?",
            (str(resource.resource_id),))

@pytest.mark.unit_test
@pytest.mark.parametrize(
    "user,expected",
    tuple(zip(
        conftest.TEST_USERS[1:],
        (create_resource_failure, create_resource_failure,
         create_resource_failure))))
def test_create_resource_raises_for_unauthorised_users(
        mocker, fxtr_users_in_group, user, expected):
    """Test that resource creation works as expected."""
    mocker.patch("gn_auth.auth.authorisation.resources.models.uuid4", conftest.uuid_fn)
    mocker.patch("gn_auth.auth.authorisation.checks.require_oauth.acquire",
                 conftest.get_tokeniser(user))
    conn, _group, _users = fxtr_users_in_group
    with pytest.raises(AuthorisationError):
        assert create_resource(
            conn, "test_resource", resource_category, user, False) == expected

def sort_key_resources(resource):
    """Sort-key for resources."""
    return resource.resource_id

@pytest.mark.unit_test
def test_public_resources(fxtr_resources):
    """
    GIVEN: some resources in the database
    WHEN: public resources are requested
    THEN: only list the resources that are public
    """
    conn, _res = fxtr_resources
    assert sorted(public_resources(conn), key=sort_key_resources) == sorted(tuple(
        res for res in conftest.TEST_RESOURCES if res.public), key=sort_key_resources)

PUBLIC_RESOURCES = sorted(
    {res.resource_id: res for res in conftest.TEST_RESOURCES_PUBLIC}.values(),
    key=sort_key_resources)

@pytest.mark.unit_test
@pytest.mark.parametrize(
    "user,expected",
    tuple(zip(
        conftest.TEST_USERS,
        (sorted(
            {res.resource_id: res for res in
             (conftest.TEST_RESOURCES_GROUP_01 +
              conftest.TEST_RESOURCES_PUBLIC)}.values(),
            key=sort_key_resources),
         sorted(
             {res.resource_id: res for res in
              ((conftest.TEST_RESOURCES_GROUP_01[1],) +
               conftest.TEST_RESOURCES_PUBLIC)}.values()
             ,
             key=sort_key_resources),
         PUBLIC_RESOURCES, PUBLIC_RESOURCES))))
def test_user_resources(fxtr_group_user_roles, user, expected):
    """
    GIVEN: some resources in the database
    WHEN: a particular user's resources are requested
    THEN: list only the resources for which the user can access
    """
    conn, *_others = fxtr_group_user_roles
    assert sorted(
        {res.resource_id: res for res in user_resources(conn, user)
         }.values(), key=sort_key_resources) == expected