tests_rbac: make some assertions more specific (#58696)
This commit is contained in:
parent
4bb8ee6794
commit
692ca755f0
|
@ -20,6 +20,7 @@ import pytest
|
|||
from django.contrib.auth import get_user_model
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.db import connection
|
||||
from django.db.models import Q
|
||||
from django.test.utils import CaptureQueriesContext
|
||||
|
||||
from django_rbac import backends, models, utils
|
||||
|
@ -36,14 +37,15 @@ def test_role_parenting(db):
|
|||
ou = OrganizationalUnit.objects.create(name='ou')
|
||||
roles = []
|
||||
for i in range(10):
|
||||
roles.append(Role.objects.create(name='r%d' % i, ou=ou))
|
||||
roles.append(Role.objects.create(name='test-role-%d' % i, ou=ou))
|
||||
|
||||
assert Role.objects.count() == 10
|
||||
assert RoleParenting.objects.count() == 0
|
||||
assert Role.objects.filter(name__startswith='test-role-').count() == 10
|
||||
role_parenting_qs = RoleParenting.objects.filter(Q(parent__in=roles) | Q(child__in=roles))
|
||||
assert role_parenting_qs.count() == 0
|
||||
for i in range(1, 3):
|
||||
RoleParenting.objects.soft_create(parent=roles[i - 1], child=roles[i])
|
||||
assert RoleParenting.objects.filter(direct=True).count() == 2
|
||||
assert RoleParenting.objects.filter(direct=False).count() == 1
|
||||
assert role_parenting_qs.filter(direct=True).count() == 2
|
||||
assert role_parenting_qs.filter(direct=False).count() == 1
|
||||
for i, role in enumerate(roles[:3]):
|
||||
assert role.children().count() == 3 - i
|
||||
assert role.parents().count() == i + 1
|
||||
|
@ -51,17 +53,17 @@ def test_role_parenting(db):
|
|||
assert role.parents(False).count() == i
|
||||
|
||||
for i in range(4, 6):
|
||||
RoleParenting.objects.create(parent=roles[i - 1], child=roles[i])
|
||||
assert RoleParenting.objects.filter(direct=True).count() == 4
|
||||
assert RoleParenting.objects.filter(direct=False).count() == 2
|
||||
role_parenting_qs.create(parent=roles[i - 1], child=roles[i])
|
||||
assert role_parenting_qs.filter(direct=True).count() == 4
|
||||
assert role_parenting_qs.filter(direct=False).count() == 2
|
||||
for i, role in enumerate(roles[3:6]):
|
||||
assert role.children().count() == 3 - i
|
||||
assert role.parents().count() == i + 1
|
||||
assert role.children(False).count() == 3 - i - 1
|
||||
assert role.parents(False).count() == i
|
||||
RoleParenting.objects.soft_create(parent=roles[2], child=roles[3])
|
||||
assert RoleParenting.objects.filter(direct=True).count() == 5
|
||||
assert RoleParenting.objects.filter(direct=False).count() == 10
|
||||
assert role_parenting_qs.filter(direct=True).count() == 5
|
||||
assert role_parenting_qs.filter(direct=False).count() == 10
|
||||
for i in range(6):
|
||||
assert roles[i].parents().distinct().count() == i + 1
|
||||
for i, role in enumerate(roles[:6]):
|
||||
|
@ -71,14 +73,14 @@ def test_role_parenting(db):
|
|||
assert role.parents(False).count() == i
|
||||
RoleParenting.objects.soft_delete(roles[2], roles[3])
|
||||
assert (
|
||||
RoleParenting.objects.filter(
|
||||
role_parenting_qs.filter(
|
||||
direct=True,
|
||||
deleted__isnull=True,
|
||||
).count()
|
||||
== 4
|
||||
)
|
||||
assert (
|
||||
RoleParenting.objects.filter(
|
||||
role_parenting_qs.filter(
|
||||
direct=False,
|
||||
deleted__isnull=True,
|
||||
).count()
|
||||
|
@ -101,20 +103,21 @@ def test_role_parenting_soft_delete_children(db):
|
|||
roles = []
|
||||
for i in range(10):
|
||||
roles.append(Role.objects.create(name='r%d' % i, ou=ou))
|
||||
assert not len(RoleParenting.objects.all())
|
||||
role_parenting_qs = RoleParenting.objects.filter(Q(parent__in=roles) | Q(child__in=roles))
|
||||
assert not len(role_parenting_qs.all())
|
||||
|
||||
rps = []
|
||||
for i in range(5):
|
||||
rps.append(RoleParenting.objects.soft_create(parent=roles[9 - i], child=roles[i]))
|
||||
assert len(RoleParenting.objects.all()) == 5
|
||||
assert len(role_parenting_qs.all()) == 5
|
||||
for i in range(5):
|
||||
roles[9 - i].remove_child(roles[i])
|
||||
assert len(RoleParenting.objects.all()) == 5
|
||||
assert len(RoleParenting.objects.filter(deleted__isnull=True).all()) == 4 - i
|
||||
assert len(role_parenting_qs.all()) == 5
|
||||
assert len(role_parenting_qs.filter(deleted__isnull=True).all()) == 4 - i
|
||||
for i in range(5):
|
||||
roles[9 - i].add_child(roles[i])
|
||||
assert len(RoleParenting.objects.all()) == 5
|
||||
assert len(RoleParenting.objects.filter(deleted__isnull=True).all()) == i + 1
|
||||
assert len(role_parenting_qs.all()) == 5
|
||||
assert len(role_parenting_qs.filter(deleted__isnull=True).all()) == i + 1
|
||||
|
||||
|
||||
def test_role_parenting_soft_delete_parents(db):
|
||||
|
@ -126,20 +129,21 @@ def test_role_parenting_soft_delete_parents(db):
|
|||
roles = []
|
||||
for i in range(10):
|
||||
roles.append(Role.objects.create(name='r%d' % i, ou=ou))
|
||||
assert not len(RoleParenting.objects.all())
|
||||
role_parenting_qs = RoleParenting.objects.filter(Q(parent__in=roles) | Q(child__in=roles))
|
||||
assert not len(role_parenting_qs.all())
|
||||
|
||||
rps = []
|
||||
for i in range(5):
|
||||
rps.append(RoleParenting.objects.soft_create(child=roles[9 - i], parent=roles[i]))
|
||||
assert len(RoleParenting.objects.all()) == 5
|
||||
assert len(role_parenting_qs.all()) == 5
|
||||
for i in range(5):
|
||||
roles[9 - i].remove_parent(roles[i])
|
||||
assert len(RoleParenting.objects.all()) == 5
|
||||
assert len(RoleParenting.objects.filter(deleted__isnull=True).all()) == 4 - i
|
||||
assert len(role_parenting_qs.all()) == 5
|
||||
assert len(role_parenting_qs.filter(deleted__isnull=True).all()) == 4 - i
|
||||
for i in range(5):
|
||||
roles[9 - i].add_parent(roles[i])
|
||||
assert len(RoleParenting.objects.all()) == 5
|
||||
assert len(RoleParenting.objects.filter(deleted__isnull=True).all()) == i + 1
|
||||
assert len(role_parenting_qs.all()) == 5
|
||||
assert len(role_parenting_qs.filter(deleted__isnull=True).all()) == i + 1
|
||||
|
||||
|
||||
SIZE = 50
|
||||
|
@ -147,6 +151,8 @@ SPAN = 10
|
|||
|
||||
|
||||
def test_massive_role_parenting(db):
|
||||
Role.objects.all().delete()
|
||||
|
||||
user = User.objects.create(username='user')
|
||||
roles = []
|
||||
# Try a depth=10 tree of roles
|
||||
|
@ -188,6 +194,7 @@ def test_rbac_backend(db):
|
|||
admin_op = models.Operation.objects.get(slug='admin')
|
||||
perm1 = Permission.objects.create(operation=change_op, target_ct=ct_ct, target_id=role_ct.pk)
|
||||
perm2 = Permission.objects.create(operation=view_op, target_ct=ct_ct, target_id=role_ct.pk)
|
||||
Role.objects.all().delete()
|
||||
role1 = Role.objects.create(name='role1')
|
||||
role2 = Role.objects.create(name='role2', ou=ou1)
|
||||
role1.permissions.add(perm1)
|
||||
|
@ -203,42 +210,43 @@ def test_rbac_backend(db):
|
|||
ctx = CaptureQueriesContext(connection)
|
||||
with ctx:
|
||||
assert rbac_backend.get_all_permissions(user1) == {
|
||||
'django_rbac.change_role',
|
||||
'django_rbac.search_role',
|
||||
'django_rbac.view_role',
|
||||
'a2_rbac.change_role',
|
||||
'a2_rbac.manage_members_role',
|
||||
'a2_rbac.search_role',
|
||||
'a2_rbac.view_role',
|
||||
}
|
||||
assert rbac_backend.get_all_permissions(user1, obj=role1) == {
|
||||
'django_rbac.delete_role',
|
||||
'django_rbac.change_role',
|
||||
'django_rbac.search_role',
|
||||
'django_rbac.view_role',
|
||||
'a2_rbac.delete_role',
|
||||
'a2_rbac.change_role',
|
||||
'a2_rbac.manage_members_role',
|
||||
'a2_rbac.search_role',
|
||||
'a2_rbac.view_role',
|
||||
}
|
||||
assert rbac_backend.get_all_permissions(user1, obj=role2) == {
|
||||
'django_rbac.change_role',
|
||||
'django_rbac.view_role',
|
||||
'django_rbac.search_role',
|
||||
'django_rbac.add_role',
|
||||
'a2_rbac.change_role',
|
||||
'a2_rbac.view_role',
|
||||
'a2_rbac.manage_members_role',
|
||||
'a2_rbac.search_role',
|
||||
'a2_rbac.add_role',
|
||||
}
|
||||
assert not rbac_backend.has_perm(user1, 'django_rbac.delete_role', obj=role2)
|
||||
assert rbac_backend.has_perm(user1, 'django_rbac.delete_role', obj=role1)
|
||||
assert not rbac_backend.has_perm(user1, 'a2_rbac.delete_role', obj=role2)
|
||||
assert rbac_backend.has_perm(user1, 'a2_rbac.delete_role', obj=role1)
|
||||
assert rbac_backend.has_perms(
|
||||
user1, ['django_rbac.delete_role', 'django_rbac.change_role', 'django_rbac.view_role'], obj=role1
|
||||
user1, ['a2_rbac.delete_role', 'a2_rbac.change_role', 'a2_rbac.view_role'], obj=role1
|
||||
)
|
||||
assert rbac_backend.has_module_perms(user1, 'django_rbac')
|
||||
assert rbac_backend.has_module_perms(user1, 'a2_rbac')
|
||||
assert not rbac_backend.has_module_perms(user1, 'contenttypes')
|
||||
assert len(ctx.captured_queries) == 1
|
||||
assert set(rbac_backend.filter_by_perm(user1, 'django_rbac.add_role', Role.objects.all())) == {role2}
|
||||
assert set(rbac_backend.filter_by_perm(user1, 'django_rbac.delete_role', Role.objects.all())) == {role1}
|
||||
assert set(rbac_backend.filter_by_perm(user1, 'a2_rbac.add_role', Role.objects.all())) == {role2}
|
||||
assert set(rbac_backend.filter_by_perm(user1, 'a2_rbac.delete_role', Role.objects.all())) == {role1}
|
||||
assert set(
|
||||
rbac_backend.filter_by_perm(
|
||||
user1, ['django_rbac.delete_role', 'django_rbac.add_role'], Role.objects.all()
|
||||
)
|
||||
rbac_backend.filter_by_perm(user1, ['a2_rbac.delete_role', 'a2_rbac.add_role'], Role.objects.all())
|
||||
) == {role1, role2}
|
||||
assert set(rbac_backend.filter_by_perm(user1, 'django_rbac.view_role', Role.objects.all())) == {
|
||||
assert set(rbac_backend.filter_by_perm(user1, 'a2_rbac.view_role', Role.objects.all())) == {
|
||||
role1,
|
||||
role2,
|
||||
}
|
||||
assert set(rbac_backend.filter_by_perm(user1, 'django_rbac.change_role', Role.objects.all())) == {
|
||||
assert set(rbac_backend.filter_by_perm(user1, 'a2_rbac.change_role', Role.objects.all())) == {
|
||||
role1,
|
||||
role2,
|
||||
}
|
||||
|
@ -247,21 +255,27 @@ def test_rbac_backend(db):
|
|||
user2 = User.objects.create(username='donald.knuth')
|
||||
role3 = Role.objects.create(name='role3')
|
||||
role3.members.add(user2)
|
||||
perm5 = Permission.objects.create(operation=admin_op, target_ct=ct_ct, target_id=role_ct.pk)
|
||||
perm5 = Permission.objects.filter(operation=admin_op, target_ct=ct_ct, target_id=role_ct.pk).first()
|
||||
role3.permissions.add(perm5)
|
||||
assert rbac_backend.get_all_permissions(user2) == {
|
||||
'django_rbac.add_role',
|
||||
'django_rbac.change_role',
|
||||
'django_rbac.search_role',
|
||||
'django_rbac.admin_role',
|
||||
'django_rbac.view_role',
|
||||
'django_rbac.delete_role',
|
||||
'a2_rbac.activate_role',
|
||||
'a2_rbac.add_role',
|
||||
'a2_rbac.change_role',
|
||||
'a2_rbac.change_email_role',
|
||||
'a2_rbac.change_password_role',
|
||||
'a2_rbac.search_role',
|
||||
'a2_rbac.admin_role',
|
||||
'a2_rbac.view_role',
|
||||
'a2_rbac.delete_role',
|
||||
'a2_rbac.manage_authorizations_role',
|
||||
'a2_rbac.manage_members_role',
|
||||
'a2_rbac.reset_password_role',
|
||||
}
|
||||
|
||||
# test ous_with_perm
|
||||
assert set(rbac_backend.ous_with_perm(user1, 'django_rbac.add_role')) == {ou1}
|
||||
assert set(rbac_backend.ous_with_perm(user1, 'django_rbac.view_role')) == {ou1, ou2}
|
||||
assert set(rbac_backend.ous_with_perm(user1, 'django_rbac.delete_role')) == set()
|
||||
assert set(rbac_backend.ous_with_perm(user1, 'a2_rbac.add_role')) == {ou1}
|
||||
assert set(rbac_backend.ous_with_perm(user1, 'a2_rbac.view_role')).issuperset({ou1, ou2})
|
||||
assert set(rbac_backend.ous_with_perm(user1, 'a2_rbac.delete_role')) == set()
|
||||
|
||||
|
||||
def test_all_members(db):
|
||||
|
@ -295,6 +309,7 @@ def test_random_role_parenting(db):
|
|||
|
||||
import numpy as np
|
||||
|
||||
Role.objects.all().delete()
|
||||
c = 15
|
||||
roles = [Role.objects.create(id=i, name=f'role{i}') for i in range(c)]
|
||||
m = [[False] * c for i in range(c)]
|
||||
|
|
Loading…
Reference in New Issue