Skip to content

Commit

Permalink
test(config_management): config group software permission for add, ch…
Browse files Browse the repository at this point in the history 
…ange and delete

!22 #43
  • Loading branch information
@jon-nfc
jon-nfc committed Jun 9, 2024
1 parent e62a570 commit 11ec62f
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 49 deletions.
1 change: 1 addition & 0 deletions app/access/mixin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ def object_organization(self) -> int:

id = int(self.request.POST.get("organization", ""))


return id


Expand Down
99 changes: 50 additions & 49 deletions app/config_management/tests/config_groups_software/test_config_groups_software_permission.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,25 +10,33 @@
import requests

from access.models import Organization, Team, TeamUsers, Permission
from config_management.models.groups import ConfigGroups

from config_management.models.groups import ConfigGroups, ConfigGroupSoftware

from itam.models.device import DeviceSoftware
from itam.models.software import Software



class ConfigGroupSoftwarePermissions(TestCase):

model = ConfigGroups
model = ConfigGroupSoftware
parent_model = ConfigGroups

model_name = 'configgroups'
model_name = 'configgroupsoftware'
app_label = 'config_management'

@classmethod
def setUpTestData(self):
"""Setup Test
1. Create an organization for user and item
. create an organization that is different to item
2. Create a device
3. create teams with each permission: view, add, change, delete
4. create a user per team
2. create an organization that is different to item
3. Create the parent item
4. create a software item
5. create the item
6. create teams with each permission: view, add, change, delete
7. create a user per team
"""

organization = Organization.objects.create(name='test_org')
Expand All @@ -38,9 +46,21 @@ def setUpTestData(self):
different_organization = Organization.objects.create(name='test_different_organization')


self.item = self.model.objects.create(
self.parent_item = self.parent_model.objects.create(
organization=organization,
name = 'group_one'
)

self.software_item = Software.objects.create(
organization=organization,
name = 'deviceone'
name = 'softwareone',
)

self.item = self.model.objects.create(
organization = organization,
software = self.software_item,
config_group = self.parent_item,
action = DeviceSoftware.Actions.INSTALL
)

view_permissions = Permission.objects.get(
Expand Down Expand Up @@ -226,31 +246,29 @@ def test_config_groups_auth_view_has_permission(self):



@pytest.mark.skip(reason="figure out best way to test")
def test_config_groups_auth_add_user_anon_denied(self):
""" Check correct permission for add
Attempt to add as anon user
"""

client = Client()
url = reverse('Config Management:_group_add')
url = reverse('Config Management:_group_software_add', kwargs={'pk': self.parent_item.id,})


response = client.put(url, data={'device': 'device'})

assert response.status_code == 302 and response.url.startswith('/account/login')

# @pytest.mark.skip(reason="ToDO: figure out why fails")
@pytest.mark.skip(reason="figure out best way to test")

def test_config_groups_auth_add_no_permission_denied(self):
""" Check correct permission for add
Attempt to add as user with no permissions
"""

client = Client()
url = reverse('Config Management:_group_add')
url = reverse('Config Management:_group_software_add', kwargs={'pk': self.parent_item.id,})


client.force_login(self.no_permissions_user)
Expand All @@ -259,15 +277,14 @@ def test_config_groups_auth_add_no_permission_denied(self):
assert response.status_code == 403


@pytest.mark.skip(reason="figure out best way to test")
def test_config_groups_auth_add_different_organization_denied(self):
""" Check correct permission for add
attempt to add as user from different organization
"""

client = Client()
url = reverse('Config Management:_group_add')
url = reverse('Config Management:_group_software_add', kwargs={'pk': self.parent_item.id,})


client.force_login(self.different_organization_user)
Expand All @@ -276,15 +293,14 @@ def test_config_groups_auth_add_different_organization_denied(self):
assert response.status_code == 403


@pytest.mark.skip(reason="figure out best way to test")
def test_config_groups_auth_add_permission_view_denied(self):
""" Check correct permission for add
Attempt to add a user with view permission
"""

client = Client()
url = reverse('Config Management:_group_add')
url = reverse('Config Management:_group_software_add', kwargs={'pk': self.parent_item.id,})


client.force_login(self.view_user)
Expand All @@ -293,15 +309,14 @@ def test_config_groups_auth_add_permission_view_denied(self):
assert response.status_code == 403


@pytest.mark.skip(reason="figure out best way to test")
def test_config_groups_auth_add_has_permission(self):
""" Check correct permission for add
Attempt to add as user with no permission
"""

client = Client()
url = reverse('Config Management:_group_add')
url = reverse('Config Management:_group_software_add', kwargs={'pk': self.parent_item.id,})


client.force_login(self.add_user)
Expand All @@ -311,31 +326,29 @@ def test_config_groups_auth_add_has_permission(self):



@pytest.mark.skip(reason="figure out best way to test")
def test_config_groups_auth_change_user_anon_denied(self):
""" Check correct permission for change
Attempt to change as anon
"""

client = Client()
url = reverse('Config Management:_group_view', kwargs={'pk': self.item.id})
url = reverse('Config Management:_group_software_change', kwargs={'pk': self.item.id, 'group_id': self.parent_item.id})


response = client.patch(url, data={'device': 'device'})

assert response.status_code == 302 and response.url.startswith('/account/login')


@pytest.mark.skip(reason="figure out best way to test")
def test_config_groups_auth_change_no_permission_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user without permissions
"""

client = Client()
url = reverse('Config Management:_group_view', kwargs={'pk': self.item.id})
url = reverse('Config Management:_group_software_change', kwargs={'pk': self.item.id, 'group_id': self.parent_item.id})


client.force_login(self.no_permissions_user)
Expand All @@ -344,15 +357,14 @@ def test_config_groups_auth_change_no_permission_denied(self):
assert response.status_code == 403


@pytest.mark.skip(reason="figure out best way to test")
def test_config_groups_auth_change_different_organization_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user from different organization
"""

client = Client()
url = reverse('Config Management:_group_view', kwargs={'pk': self.item.id})
url = reverse('Config Management:_group_software_change', kwargs={'pk': self.item.id, 'group_id': self.parent_item.id})


client.force_login(self.different_organization_user)
Expand All @@ -361,15 +373,14 @@ def test_config_groups_auth_change_different_organization_denied(self):
assert response.status_code == 403


@pytest.mark.skip(reason="figure out best way to test")
def test_config_groups_auth_change_permission_view_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user with view permission
"""

client = Client()
url = reverse('Config Management:_group_view', kwargs={'pk': self.item.id})
url = reverse('Config Management:_group_software_change', kwargs={'pk': self.item.id, 'group_id': self.parent_item.id})


client.force_login(self.view_user)
Expand All @@ -378,15 +389,14 @@ def test_config_groups_auth_change_permission_view_denied(self):
assert response.status_code == 403


@pytest.mark.skip(reason="figure out best way to test")
def test_config_groups_auth_change_permission_add_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user with add permission
"""

client = Client()
url = reverse('Config Management:_group_view', kwargs={'pk': self.item.id})
url = reverse('Config Management:_group_software_change', kwargs={'pk': self.item.id, 'group_id': self.parent_item.id})


client.force_login(self.add_user)
Expand All @@ -395,49 +405,45 @@ def test_config_groups_auth_change_permission_add_denied(self):
assert response.status_code == 403


@pytest.mark.skip(reason="figure out best way to test")
def test_config_groups_auth_change_has_permission(self):
""" Check correct permission for change
Make change with user who has change permission
"""

client = Client()
url = reverse('Config Management:_group_view', kwargs={'pk': self.item.id})
url = reverse('Config Management:_group_software_change', kwargs={'pk': self.item.id, 'group_id': self.parent_item.id})


client.force_login(self.change_user)
response = client.post(url, data={'device': 'device'})

assert response.status_code == 200

assert response.status_code == 302 and response.url == reverse('Config Management:_group_view', kwargs={'pk': self.parent_item.id})


@pytest.mark.skip(reason="figure out best way to test")
def test_config_groups_auth_delete_user_anon_denied(self):
""" Check correct permission for delete
Attempt to delete item as anon user
"""

client = Client()
url = reverse('Config Management:_group_delete', kwargs={'pk': self.item.id})
url = reverse('Config Management:_group_software_delete', kwargs={'pk': self.item.id, 'group_id': self.parent_item.id})


response = client.delete(url, data={'device': 'device'})

assert response.status_code == 302 and response.url.startswith('/account/login')


@pytest.mark.skip(reason="figure out best way to test")
def test_config_groups_auth_delete_no_permission_denied(self):
""" Check correct permission for delete
Attempt to delete as user with no permissons
"""

client = Client()
url = reverse('Config Management:_group_delete', kwargs={'pk': self.item.id})
url = reverse('Config Management:_group_software_delete', kwargs={'pk': self.item.id, 'group_id': self.parent_item.id})


client.force_login(self.no_permissions_user)
Expand All @@ -446,15 +452,14 @@ def test_config_groups_auth_delete_no_permission_denied(self):
assert response.status_code == 403


@pytest.mark.skip(reason="figure out best way to test")
def test_config_groups_auth_delete_different_organization_denied(self):
""" Check correct permission for delete
Attempt to delete as user from different organization
"""

client = Client()
url = reverse('Config Management:_group_delete', kwargs={'pk': self.item.id})
url = reverse('Config Management:_group_software_delete', kwargs={'pk': self.item.id, 'group_id': self.parent_item.id})


client.force_login(self.different_organization_user)
Expand All @@ -463,15 +468,14 @@ def test_config_groups_auth_delete_different_organization_denied(self):
assert response.status_code == 403


@pytest.mark.skip(reason="figure out best way to test")
def test_config_groups_auth_delete_permission_view_denied(self):
""" Check correct permission for delete
Attempt to delete as user with veiw permission only
"""

client = Client()
url = reverse('Config Management:_group_delete', kwargs={'pk': self.item.id})
url = reverse('Config Management:_group_software_delete', kwargs={'pk': self.item.id, 'group_id': self.parent_item.id})


client.force_login(self.view_user)
Expand All @@ -480,15 +484,14 @@ def test_config_groups_auth_delete_permission_view_denied(self):
assert response.status_code == 403


@pytest.mark.skip(reason="figure out best way to test")
def test_config_groups_auth_delete_permission_add_denied(self):
""" Check correct permission for delete
Attempt to delete as user with add permission only
"""

client = Client()
url = reverse('Config Management:_group_delete', kwargs={'pk': self.item.id})
url = reverse('Config Management:_group_software_delete', kwargs={'pk': self.item.id, 'group_id': self.parent_item.id})


client.force_login(self.add_user)
Expand All @@ -497,15 +500,14 @@ def test_config_groups_auth_delete_permission_add_denied(self):
assert response.status_code == 403


@pytest.mark.skip(reason="figure out best way to test")
def test_config_groups_auth_delete_permission_change_denied(self):
""" Check correct permission for delete
Attempt to delete as user with change permission only
"""

client = Client()
url = reverse('Config Management:_group_delete', kwargs={'pk': self.item.id})
url = reverse('Config Management:_group_software_delete', kwargs={'pk': self.item.id, 'group_id': self.parent_item.id})


client.force_login(self.change_user)
Expand All @@ -514,18 +516,17 @@ def test_config_groups_auth_delete_permission_change_denied(self):
assert response.status_code == 403


@pytest.mark.skip(reason="figure out best way to test")
def test_config_groups_auth_delete_has_permission(self):
""" Check correct permission for delete
Delete item as user with delete permission
"""

client = Client()
url = reverse('Config Management:_group_delete', kwargs={'pk': self.item.id})
url = reverse('Config Management:_group_software_delete', kwargs={'pk': self.item.id, 'group_id': self.parent_item.id})


client.force_login(self.delete_user)
response = client.delete(url, data={'device': 'device'})

assert response.status_code == 302 and response.url == reverse('Config Management:Groups')
assert response.status_code == 302 and response.url == reverse('Config Management:_group_view', kwargs={'pk': self.parent_item.id})

0 comments on commit 11ec62f

Please sign in to comment.