Select Git revision
serializers.py
Forked from
hub / hub
Source project has a limited visibility.
permissions.py 12.51 KiB
from unittest.mock import Mock
from rest_framework.permissions import BasePermission
from django.contrib.auth.models import AnonymousUser
from django.test import RequestFactory, TestCase, override_settings
from core.models import Assembly, AssemblyMember, Badge, Conference, ConferenceMember, PlatformUser
from api.permissions import (
AssemblyPermission,
ConferencePermission,
HasIssuingToken,
IsApiUserOrReadOnly,
IsAssemblyManager,
IsAssemblyService,
IsConferenceService,
IsPublicAssemblyReadOnly,
IsReadOnly,
IsSuperUser,
)
class PermissionTestCase(TestCase):
factory: RequestFactory
view: Mock
object: Mock
def setUp(self) -> None:
super().setUp()
self.factory = RequestFactory()
self.view = Mock()
self.object = Mock()
def run_permission_test(self, permission: BasePermission, expected_result: tuple[bool, bool], request):
self.assertEqual(permission.has_permission(request, self.view), expected_result[0])
self.assertEqual(permission.has_object_permission(request, self.view, self.object), expected_result[1])
@override_settings(API_USERS=['robot', 'kusanagi'])
class IsApiUserTest(PermissionTestCase):
def setUp(self) -> None:
super().setUp()
self.robot = PlatformUser.objects.create(username='robot')
self.robot_2 = PlatformUser.objects.create(username='kusanagi')
self.user = PlatformUser.objects.create(username='bernd', user_type=PlatformUser.Type.HUMAN)
def test_api_user(self):
request_get_r1 = self.factory.get('/')
request_get_r1.user = self.robot
self.run_permission_test(IsApiUserOrReadOnly(), (True, True), request_get_r1)
self.view.assert_not_called()
self.object.assert_not_called()
request_post_r1 = self.factory.post('/')
request_post_r1.user = self.robot
self.run_permission_test(IsApiUserOrReadOnly(), (True, True), request_post_r1)
self.view.assert_not_called()
self.object.assert_not_called()
request_post_r2 = self.factory.post('/')
request_post_r2.user = self.robot
self.run_permission_test(IsApiUserOrReadOnly(), (True, True), request_post_r2)
self.view.assert_not_called()
self.object.assert_not_called()
@override_settings(API_USERS=[])
def test_api_user_not_set(self):
request_post_r1 = self.factory.post('/')
request_post_r1.user = self.robot
self.run_permission_test(IsApiUserOrReadOnly(), (False, False), request_post_r1)
self.view.assert_not_called()
self.object.assert_not_called()
def test_normal_user(self):
request_get = self.factory.get('/')
request_get.user = self.user
self.run_permission_test(IsApiUserOrReadOnly(), (True, True), request_get)
self.view.assert_not_called()
self.object.assert_not_called()
request_post = self.factory.post('/')
request_post.user = self.user
self.run_permission_test(IsApiUserOrReadOnly(), (False, False), request_post)
self.view.assert_not_called()
self.object.assert_not_called()
class IsReadOnlyTest(PermissionTestCase):
def test_get_allowed(self):
request = self.factory.get('/')
self.run_permission_test(IsReadOnly(), (True, True), request)
self.view.assert_not_called()
self.object.assert_not_called()
def test_post_forbidden(self):
request = self.factory.post('/')
self.run_permission_test(IsReadOnly(), (False, False), request)
self.view.assert_not_called()
self.object.assert_not_called()
class IsSuperUserTest(PermissionTestCase):
def setUp(self) -> None:
super().setUp()
self.admin = PlatformUser.objects.create(username='bernd', is_superuser=True)
self.user = PlatformUser.objects.create(username='brot', is_superuser=False)
def test_root_allowed(self):
request = self.factory.get('/')
request.user = self.admin
self.run_permission_test(IsSuperUser(), (True, True), request)
self.view.assert_not_called()
self.object.assert_not_called()
def test_user_forbidden(self):
request = self.factory.get('/')
request.user = self.user
self.run_permission_test(IsSuperUser(), (False, False), request)
self.view.assert_not_called()
self.object.assert_not_called()
class ConferencePermissionTestCase(PermissionTestCase):
view: Mock
def setUp(self) -> None:
super().setUp()
self.conference = self.view.conference = Conference.objects.create(slug='conf', name='TestConf', is_public=True)
class ConferenceDetectionTestCase(PermissionTestCase):
def test_get_conference_view(self):
self.assertEqual(ConferencePermission().get_conference(view=self.view), self.conference)
def test_get_conference_object(self):
del self.view.conference
self.assertEqual(ConferencePermission().get_conference(view=self.view, obj=self.conference), self.conference)
def test_get_conference_object_attribute(self):
del self.view.conference
self.object.conference = self.conference
self.assertEqual(ConferencePermission().get_conference(view=self.view, obj=self.object), self.conference)
def test_get_conference_not_found(self):
del self.view.conference
self.assertFalse(ConferencePermission().get_conference(view=self.view))
class IsConferenceServiceTestCase(ConferencePermissionTestCase):
def setUp(self) -> None:
super().setUp()
self.user = PlatformUser.objects.create(username='bernd', user_type=PlatformUser.Type.HUMAN)
self.robot = PlatformUser.objects.create(username='robot', user_type=PlatformUser.Type.SERVICE)
self.service = PlatformUser.objects.create(username='kusanagi', user_type=PlatformUser.Type.SERVICE)
self.service_cm = ConferenceMember.objects.create(conference=self.conference, user=self.service)
self.view.required_service_classes = ['test1', 'test2']
def test_anonymous_forbidden(self):
request = self.factory.get('/')
request.user = AnonymousUser()
self.run_permission_test(IsConferenceService(), (False, False), request)
def test_human_forbidden(self):
request = self.factory.get('/')
request.user = self.user
self.run_permission_test(IsConferenceService(), (False, False), request)
def test_non_conference_member_forbidden(self):
request = self.factory.get('/')
request.user = self.robot
self.run_permission_test(IsConferenceService(), (False, False), request)
def test_conference_member_missing_roles_forbidden(self):
request = self.factory.get('/')
request.user = self.service
self.service_cm.roles = ['test1']
self.service_cm.save()
self.run_permission_test(IsConferenceService(), (False, False), request)
def test_conference_member_allowed(self):
request = self.factory.get('/')
request.user = self.service
self.service_cm.roles = ['test1', 'test2']
self.service_cm.save()
self.run_permission_test(IsConferenceService(), (True, True), request)
class AssemblyPermissionTestCase(ConferencePermissionTestCase):
view: Mock
def setUp(self) -> None:
super().setUp()
self.assembly = self.view.assembly = Assembly.objects.create(
name='TestAssembly',
slug='asmbly',
state=Assembly.State('planned'),
conference=self.conference,
)
class AssemblyDetectionTestCase(ConferencePermissionTestCase):
def test_get_assembly_view(self):
self.assertEqual(AssemblyPermission().get_assembly(view=self.view), self.assembly)
def test_get_assembly_object(self):
del self.view.assembly
self.assertEqual(AssemblyPermission().get_assembly(view=self.view, obj=self.assembly), self.assembly)
def test_get_assembly_object_attribute(self):
del self.view.assembly
self.object.assembly = self.assembly
self.assertEqual(AssemblyPermission().get_assembly(view=self.view, obj=self.object), self.assembly)
def test_get_assembly_not_found(self):
del self.view.assembly
self.assertFalse(AssemblyPermission().get_conference(view=self.view))
class IsPublicAssemblyReadOnlyTestCase(AssemblyPermissionTestCase):
def test_get_forbidden_non_public(self):
request = self.factory.get('/')
self.run_permission_test(IsPublicAssemblyReadOnly(), (False, False), request)
self.view.assert_not_called()
self.object.assert_not_called()
def test_get_allowed_public(self):
request = self.factory.get('/')
self.assembly.state = Assembly.PUBLIC_STATES[0]
self.assembly.save()
self.run_permission_test(IsPublicAssemblyReadOnly(), (True, True), request)
self.view.assert_not_called()
self.object.assert_not_called()
class IsAssemblyServiceTestCase(AssemblyPermissionTestCase):
def setUp(self) -> None:
super().setUp()
self.user = PlatformUser.objects.create(username='bernd', user_type=PlatformUser.Type.HUMAN)
self.robot = PlatformUser.objects.create(username='robot', user_type=PlatformUser.Type.SERVICE)
self.assembly.technical_user = self.robot
self.assembly.save()
def test_get_forbidden_human(self):
request = self.factory.get('/')
request.user = self.user
self.run_permission_test(IsAssemblyService(), (False, False), request)
self.view.assert_not_called()
self.object.assert_not_called()
def test_get_allowed_assembly_service(self):
request = self.factory.get('/')
request.user = self.robot
self.run_permission_test(IsAssemblyService(), (True, True), request)
self.view.assert_not_called()
self.object.assert_not_called()
class IsAssemblyManagerTestCase(AssemblyPermissionTestCase):
def setUp(self) -> None:
super().setUp()
self.robot = PlatformUser.objects.create(username='robot', user_type=PlatformUser.Type.SERVICE)
self.external = PlatformUser.objects.create(username='bob', user_type=PlatformUser.Type.HUMAN)
self.user = PlatformUser.objects.create(username='marc', user_type=PlatformUser.Type.HUMAN)
ConferenceMember.objects.create(conference=self.conference, user=self.user)
self.member = PlatformUser.objects.create(username='pearl', user_type=PlatformUser.Type.HUMAN)
ConferenceMember.objects.create(conference=self.conference, user=self.member)
AssemblyMember.objects.create(assembly=self.assembly, member=self.member)
self.manager = PlatformUser.objects.create(username='bernd', user_type=PlatformUser.Type.HUMAN)
ConferenceMember.objects.create(conference=self.conference, user=self.manager)
AssemblyMember.objects.create(assembly=self.assembly, member=self.manager, can_manage_assembly=True)
self.assembly.save()
def test_get_forbidden_robot(self):
request = self.factory.get('/')
request.user = self.robot
self.run_permission_test(IsAssemblyManager(), (False, False), request)
self.view.assert_not_called()
self.object.assert_not_called()
def test_users_without_permission_forbidden(self):
request = self.factory.get('/')
request.user = AnonymousUser()
self.run_permission_test(IsAssemblyManager(), (False, False), request)
request.user = self.external
self.run_permission_test(IsAssemblyManager(), (False, False), request)
request.user = self.user
self.run_permission_test(IsAssemblyManager(), (False, False), request)
request.user = self.member
self.run_permission_test(IsAssemblyManager(), (False, False), request)
def test_manager_allowed(self):
request = self.factory.get('/')
request.user = self.manager
self.run_permission_test(IsAssemblyManager(), (True, True), request)
class HasIssuingTokenTestCase(AssemblyPermissionTestCase):
def setUp(self) -> None:
super().setUp()
self.badge = Badge.objects.create(name='test', issuing_assembly=self.assembly)
self.badge_token = self.badge.reset_token()
def test_has_issuing_token_allowed(self):
request = self.factory.post('/')
self.view.kwargs = {'issuing_token': self.badge_token}
self.run_permission_test(HasIssuingToken(), (True, True), request)
def test_has_issuing_token_forbidden(self):
request = self.factory.post('/')
self.view.kwargs = {}
self.run_permission_test(HasIssuingToken(), (False, False), request)