tests: update test_check_and_repair_managers_of_roles (#48372)
This commit is contained in:
parent
95b4528228
commit
ea62c3f8ca
|
@ -25,7 +25,7 @@ from django.utils import six
|
|||
from django.utils.timezone import now
|
||||
import py
|
||||
|
||||
from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP
|
||||
from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP, VIEW_OP
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.models import UserExternalId
|
||||
from authentic2_auth_oidc.models import OIDCProvider, OIDCAccount
|
||||
|
@ -314,12 +314,27 @@ def test_check_and_repair_managers_of_roles(db, capsys):
|
|||
captured = capsys.readouterr()
|
||||
assert '"Managers of Role 1": no admin scope' in captured.out
|
||||
assert 'Managers of Role 1" wrong ou, should be "Default organizational unit"' in captured.out
|
||||
assert 'invalid permission "Management / role / Role 1 (scope "Default organizational unit")": not manage_members operation' in captured.out
|
||||
assert 'invalid permission "Management / role / Role 1 (scope "Default organizational unit")": not admin_scope' in captured.out
|
||||
assert 'invalid permission "Management / role / Role 1 (scope "Default organizational unit")": wrong ou' in captured.out
|
||||
assert 'invalid permission "Management / role / Role 1": not manage_members operation' in captured.out
|
||||
assert (
|
||||
'invalid permission "Management / role / Role 1": '
|
||||
'not admin_scope and not self manage permission'
|
||||
) in captured.out
|
||||
assert (
|
||||
'invalid admin role "Managers of Role 1" '
|
||||
'wrong ou, should be "Default organizational unit" is "None"'
|
||||
) in captured.out
|
||||
|
||||
perm1.refresh_from_db()
|
||||
assert perm1.ou is None
|
||||
manager_role1 = role1.get_admin_role()
|
||||
assert manager_role1.ou == get_default_ou()
|
||||
assert manager_role1.permissions.count() == 3
|
||||
assert manager_role1.permissions.get(operation=get_operation(MANAGE_MEMBERS_OP), target_id=manager_role1.id)
|
||||
assert manager_role1.permissions.get(operation=get_operation(MANAGE_MEMBERS_OP), target_id=role1.id)
|
||||
assert manager_role1.permissions.get(operation=get_operation(VIEW_OP),
|
||||
target_ct=ContentType.objects.get_for_model(ContentType),
|
||||
target_id=ContentType.objects.get_for_model(User).pk)
|
||||
|
||||
perm1 = Permission.objects.get(operation=admin_op, target_id=role1.id)
|
||||
assert perm1.ou == default_ou
|
||||
manage_members_op = get_operation(MANAGE_MEMBERS_OP)
|
||||
perm1.op = manage_members_op
|
||||
perm1.save()
|
||||
|
|
Loading…
Reference in New Issue