1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
"""Tests for roles for a specific resource."""
from uuid import UUID
import pytest
from gn_auth.auth.db import sqlite3 as db
from gn_auth.auth.authorisation.privileges import Privilege
from gn_auth.auth.authorisation.roles.models import Role, create_role
from gn_auth.auth.authorisation.resources.groups.models import (
GroupRole,
create_group_role)
from tests.unit.auth import conftest
GROUP = conftest.TEST_GROUP_01
PRIVILEGES = (
Privilege("group:resource:view-resource",
"view a resource and use it in computations"),
Privilege("group:resource:edit-resource", "edit/update a resource"))
@pytest.mark.skip("Keep as placeholder until we implement test for creating "
"a resource role.")
@pytest.mark.unit_test
@pytest.mark.parametrize(
"user,expected", tuple(zip(conftest.TEST_USERS[0:1], (
GroupRole(
UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
GROUP,
Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
"ResourceEditor", True, PRIVILEGES)),))))
def test_create_group_role(mocker, fxtr_users_in_group, fxtr_oauth2_clients, user, expected):
"""
GIVEN: an authenticated user
WHEN: the user attempts to create a role, attached to a group
THEN: verify they are only able to create the role if they have the
appropriate privileges and that the role is attached to the given group
"""
_conn, clients = fxtr_oauth2_clients
mocker.patch("gn_auth.auth.authorisation.resources.groups.models.uuid4", conftest.uuid_fn)
mocker.patch("gn_auth.auth.authorisation.roles.models.uuid4", conftest.uuid_fn)
mocker.patch(
"gn_auth.auth.authorisation.checks.require_oauth.acquire",
conftest.get_tokeniser(
user,
tuple(client for client in clients if client.user == user)[0]))
conn, _group, _users = fxtr_users_in_group
with db.cursor(conn) as cursor:
assert create_group_role(
conn, GROUP, "ResourceEditor", PRIVILEGES) == expected
# cleanup
cursor.execute(
("DELETE FROM group_roles "
"WHERE group_role_id=? AND group_id=? AND role_id=?"),
(str(conftest.uuid_fn()), str(GROUP.group_id), str(conftest.uuid_fn())))
@pytest.mark.skip(
"This needs to be replaced by tests for creation of resource roles.")
@pytest.mark.unit_test
@pytest.mark.parametrize(
"user,expected", tuple(zip(conftest.TEST_USERS[0:1], (
Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_role",
True, PRIVILEGES),))))
def test_create_role(# pylint: disable=[too-many-arguments, unused-argument]
fxtr_app,
auth_testdb_path,
mocker,
fxtr_users,
fxtr_oauth2_clients,
user,
expected
):
"""
GIVEN: an authenticated user
WHEN: the user attempts to create a role
THEN: verify they are only able to create the role if they have the
appropriate privileges
"""
_conn, clients = fxtr_oauth2_clients
mocker.patch("gn_auth.auth.authorisation.roles.models.uuid4", conftest.uuid_fn)
mocker.patch(
"gn_auth.auth.authorisation.checks.require_oauth.acquire",
conftest.get_tokeniser(
user,
tuple(client for client in clients if client.user == user)[0]))
with db.connection(auth_testdb_path) as conn, db.cursor(conn) as cursor:
the_role = create_role(cursor, "a_test_role", PRIVILEGES)
assert the_role == expected
|
