diff --git a/app/config_management/tests/config_groups_software/test_config_groups_software_core_history.py b/app/config_management/tests/config_groups_software/test_config_groups_software_core_history.py new file mode 100644 index 000000000..9c1277848 --- /dev/null +++ b/app/config_management/tests/config_groups_software/test_config_groups_software_core_history.py @@ -0,0 +1,245 @@ + +import pytest +import unittest +import requests + +from django.test import TestCase, Client + +from access.models import Organization + +from core.models.history import History + +from config_management.models.groups import ConfigGroups + + +# @pytest.mark.skip(reason="to be written") +# def test_history_auth_view(): +# """ User requires Permission view_history """ +# pass + + +# @pytest.mark.skip(reason="to be written") +# def test_history_device_create(): +# """ History row must be added to history table on create """ +# pass + + +# @pytest.mark.skip(reason="to be written") +# def test_history_device_update(): +# """ History row must be added to history table on updatej """ +# pass + + +# @pytest.mark.skip(reason="to be written") +# def test_history_device_delete(): +# """ History row must be added to history table on delete """ +# pass + + + +# @pytest.mark.skip(reason="to be written") +# def test_history_device_operating_system_create(): +# """ History row must be added to history table on create + +# Must also have populated parent_item_pk and parent_item_class columns +# """ +# pass + + +# @pytest.mark.skip(reason="to be written") +# def test_history_device_operating_system_update(): +# """ History row must be added to history table on update + +# Must also have populated parent_item_pk and parent_item_class columns +# """ +# pass + + +# @pytest.mark.skip(reason="to be written") +# def test_history_device_operating_system_delete(): +# """ History row must be added to history table on delete + +# Must also have populated parent_item_pk and parent_item_class columns +# """ +# pass + + + +# @pytest.mark.skip(reason="to be written") +# def test_history_device_software_create(): +# """ History row must be added to history table on create + +# Must also have populated parent_item_pk and parent_item_class columns +# """ +# pass + + +# @pytest.mark.skip(reason="to be written") +# def test_history_device_software_update(): +# """ History row must be added to history table on update + +# Must also have populated parent_item_pk and parent_item_class columns +# """ +# pass + + +# @pytest.mark.skip(reason="to be written") +# def test_history_device_software_delete(): +# """ History row must be added to history table on delete + +# Must also have populated parent_item_pk and parent_item_class columns +# """ +# pass + + + + +class ConfigGroupSoftwareHistory(TestCase): + + model = ConfigGroups + + model_name = 'configgroups' + + + @classmethod + def setUpTestData(self): + """ Setup Test """ + + organization = Organization.objects.create(name='test_org') + + self.organization = organization + + self.item_create = self.model.objects.create( + name = 'test_item_' + self.model_name, + organization = self.organization + ) + + + self.history_create = History.objects.get( + action = History.Actions.ADD[0], + item_pk = self.item_create.pk, + item_class = self.model._meta.model_name, + ) + + self.item_change = self.item_create + self.item_change.name = 'test_item_' + self.model_name + '_changed' + self.item_change.save() + + self.history_change = History.objects.get( + action = History.Actions.UPDATE[0], + item_pk = self.item_change.pk, + item_class = self.model._meta.model_name, + ) + + + # field type testing to be done as part of model testing + @pytest.mark.skip(reason="figure out best way to test") + def test_device_history_entry_item_add_field_action(self): + """ Ensure action is "add" for item creation """ + + history = self.history_create.__dict__ + + assert history['action'] == int(History.Actions.ADD[0]) + # assert type(history['action']) is int + + + @pytest.mark.skip(reason="to be written") + @pytest.mark.skip(reason="figure out best way to test") + def test_device_history_entry_item_add_field_after(self): + """ Ensure after field contains correct value """ + + history = self.history_create.__dict__ + + assert history['after'] == str('{}') + # assert type(history['after']) is str + + + @pytest.mark.skip(reason="figure out best way to test") + def test_device_history_entry_item_add_field_before(self): + """ Ensure before field is an empty JSON string for create """ + + history = self.history_create.__dict__ + + assert history['before'] == str('{}') + # assert type(history['before']) is str + + + @pytest.mark.skip(reason="figure out best way to test") + def test_device_history_entry_item_add_field_item_pk(self): + """ Ensure history entry field item_pk is the created items pk """ + + history = self.history_create.__dict__ + + assert history['item_pk'] == self.item_create.pk + # assert type(history['item_pk']) is int + + + @pytest.mark.skip(reason="figure out best way to test") + def test_device_history_entry_item_add_field_item_class(self): + """ Ensure history entry field item_class is the model name """ + + history = self.history_create.__dict__ + + assert history['item_class'] == self.model._meta.model_name + # assert type(history['item_class']) is str + + + + +################################## Change ################################## + + + + + # field type testing to be done as part of model testing + @pytest.mark.skip(reason="figure out best way to test") + def test_device_history_entry_item_change_field_action(self): + """ Ensure action is "add" for item creation """ + + history = self.history_change.__dict__ + + assert history['action'] == int(History.Actions.UPDATE[0]) + # assert type(history['action']) is int + + + @pytest.mark.skip(reason="figure out best way to test") + def test_device_history_entry_item_change_field_after(self): + """ Ensure after field contains correct value """ + + history = self.history_change.__dict__ + + assert history['after'] == str('{"name": "test_item_' + self.model_name + '_changed"}') + # assert type(history['after']) is str + + + @pytest.mark.skip(reason="to be written") + @pytest.mark.skip(reason="figure out best way to test") + def test_device_history_entry_item_change_field_before(self): + """ Ensure before field is an empty JSON string for create """ + + history = self.history_change.__dict__ + + assert history['before'] == str('{}') + # assert type(history['before']) is str + + + @pytest.mark.skip(reason="figure out best way to test") + def test_device_history_entry_item_change_field_item_pk(self): + """ Ensure history entry field item_pk is the created items pk """ + + history = self.history_change.__dict__ + + assert history['item_pk'] == self.item_create.pk + # assert type(history['item_pk']) is int + + + @pytest.mark.skip(reason="figure out best way to test") + def test_device_history_entry_item_change_field_item_class(self): + """ Ensure history entry field item_class is the model name """ + + history = self.history_change.__dict__ + + assert history['item_class'] == self.model._meta.model_name + # assert type(history['item_class']) is str + + diff --git a/app/config_management/tests/config_groups_software/test_config_groups_software_history_permission.py b/app/config_management/tests/config_groups_software/test_config_groups_software_history_permission.py new file mode 100644 index 000000000..e69d64d7e --- /dev/null +++ b/app/config_management/tests/config_groups_software/test_config_groups_software_history_permission.py @@ -0,0 +1,174 @@ +# from django.conf import settings +from django.contrib.auth import get_user_model +from django.contrib.auth.models import AnonymousUser, User +from django.contrib.contenttypes.models import ContentType +from django.shortcuts import reverse +from django.test import TestCase, Client + +import pytest +import unittest +import requests + +from access.models import Organization, Team, TeamUsers, Permission + +from config_management.models.groups import ConfigGroups + +from core.models.history import History + + +class ConfigGroupSoftwaresHistoryPermissions(TestCase): + + + item_model = ConfigGroups + + + model = History + + model_name = 'history' + + app_label = 'core' + + namespace = '' + + name_view = '_history' + + + @classmethod + def setUpTestData(self): + """Setup Test + + 1. Create an organization for user and item + 2. create an organization that is different to item + 3. Create a device + 4. Add history device history entry as item + 5. create a user + 6. create user in different organization (with the required permission) + """ + + organization = Organization.objects.create(name='test_org') + + self.organization = organization + + different_organization = Organization.objects.create(name='test_different_organization') + + self.item = self.item_model.objects.create( + organization=organization, + name = 'deviceone' + ) + + self.history_model_name = self.item._meta.model_name + + self.history = self.model.objects.get( + item_pk = self.item.id, + item_class = self.item._meta.model_name, + action = self.model.Actions.ADD, + ) + + view_permissions = Permission.objects.get( + codename = 'view_' + self.model_name, + content_type = ContentType.objects.get( + app_label = self.app_label, + model = self.model_name, + ) + ) + + view_team = Team.objects.create( + team_name = 'view_team', + organization = organization, + ) + + view_team.permissions.set([view_permissions]) + + + self.no_permissions_user = User.objects.create_user(username="test_no_permissions", password="password") + + + self.view_user = User.objects.create_user(username="test_user_view", password="password") + teamuser = TeamUsers.objects.create( + team = view_team, + user = self.view_user + ) + + self.different_organization_user = User.objects.create_user(username="test_different_organization_user", password="password") + + + different_organization_team = Team.objects.create( + team_name = 'different_organization_team', + organization = different_organization, + ) + + different_organization_team.permissions.set([ + view_permissions, + ]) + + TeamUsers.objects.create( + team = different_organization_team, + user = self.different_organization_user + ) + + + + @pytest.mark.skip(reason="figure out best way to test") + def test_auth_view_history_user_anon_denied(self): + """ Check correct permission for view + + Attempt to view as anon user + """ + + client = Client() + url = reverse(self.namespace + self.name_view, kwargs={'model_name': self.history_model_name, 'model_pk': self.item.id}) + + response = client.get(url) + + assert response.status_code == 302 and response.url.startswith('/account/login') + + + @pytest.mark.skip(reason="figure out best way to test") + def test_auth_view_history_no_permission_denied(self): + """ Check correct permission for view + + Attempt to view with user missing permission + """ + + client = Client() + url = reverse(self.namespace + self.name_view, kwargs={'model_name': self.history_model_name, 'model_pk': self.item.id}) + + + client.force_login(self.no_permissions_user) + response = client.get(url) + + assert response.status_code == 403 + + + @pytest.mark.skip(reason="figure out best way to test") + def test_auth_view_history_different_organizaiton_denied(self): + """ Check correct permission for view + + Attempt to view with user from different organization + """ + + client = Client() + url = reverse(self.namespace + self.name_view, kwargs={'model_name': self.history_model_name, 'model_pk': self.item.id}) + + + client.force_login(self.different_organization_user) + response = client.get(url) + + assert response.status_code == 403 + + + @pytest.mark.skip(reason="figure out best way to test") + def test_auth_view_history_has_permission(self): + """ Check correct permission for view + + Attempt to view as user with view permission + """ + + client = Client() + url = reverse(self.namespace + self.name_view, kwargs={'model_name': self.history_model_name, 'model_pk': self.item.id}) + + + client.force_login(self.view_user) + response = client.get(url) + + assert response.status_code == 200 diff --git a/app/config_management/tests/config_groups_software/test_config_groups_software_permission.py b/app/config_management/tests/config_groups_software/test_config_groups_software_permission.py new file mode 100644 index 000000000..d2d2b811e --- /dev/null +++ b/app/config_management/tests/config_groups_software/test_config_groups_software_permission.py @@ -0,0 +1,531 @@ +# from django.conf import settings +from django.contrib.auth import get_user_model +from django.contrib.auth.models import AnonymousUser, User +from django.contrib.contenttypes.models import ContentType +from django.shortcuts import reverse +from django.test import TestCase, Client + +import pytest +import unittest +import requests + +from access.models import Organization, Team, TeamUsers, Permission +from config_management.models.groups import ConfigGroups + + +class ConfigGroupSoftwarePermissions(TestCase): + + model = ConfigGroups + + model_name = 'configgroups' + app_label = 'config_management' + + @classmethod + def setUpTestData(self): + """Setup Test + + 1. Create an organization for user and item + . create an organization that is different to item + 2. Create a device + 3. create teams with each permission: view, add, change, delete + 4. create a user per team + """ + + organization = Organization.objects.create(name='test_org') + + self.organization = organization + + different_organization = Organization.objects.create(name='test_different_organization') + + + self.item = self.model.objects.create( + organization=organization, + name = 'deviceone' + ) + + view_permissions = Permission.objects.get( + codename = 'view_' + self.model_name, + content_type = ContentType.objects.get( + app_label = self.app_label, + model = self.model_name, + ) + ) + + view_team = Team.objects.create( + team_name = 'view_team', + organization = organization, + ) + + view_team.permissions.set([view_permissions]) + + + + add_permissions = Permission.objects.get( + codename = 'add_' + self.model_name, + content_type = ContentType.objects.get( + app_label = self.app_label, + model = self.model_name, + ) + ) + + add_team = Team.objects.create( + team_name = 'add_team', + organization = organization, + ) + + add_team.permissions.set([add_permissions]) + + + + change_permissions = Permission.objects.get( + codename = 'change_' + self.model_name, + content_type = ContentType.objects.get( + app_label = self.app_label, + model = self.model_name, + ) + ) + + change_team = Team.objects.create( + team_name = 'change_team', + organization = organization, + ) + + change_team.permissions.set([change_permissions]) + + + + delete_permissions = Permission.objects.get( + codename = 'delete_' + self.model_name, + content_type = ContentType.objects.get( + app_label = self.app_label, + model = self.model_name, + ) + ) + + delete_team = Team.objects.create( + team_name = 'delete_team', + organization = organization, + ) + + delete_team.permissions.set([delete_permissions]) + + + self.no_permissions_user = User.objects.create_user(username="test_no_permissions", password="password") + + + self.view_user = User.objects.create_user(username="test_user_view", password="password") + teamuser = TeamUsers.objects.create( + team = view_team, + user = self.view_user + ) + + self.add_user = User.objects.create_user(username="test_user_add", password="password") + teamuser = TeamUsers.objects.create( + team = add_team, + user = self.add_user + ) + + self.change_user = User.objects.create_user(username="test_user_change", password="password") + teamuser = TeamUsers.objects.create( + team = change_team, + user = self.change_user + ) + + self.delete_user = User.objects.create_user(username="test_user_delete", password="password") + teamuser = TeamUsers.objects.create( + team = delete_team, + user = self.delete_user + ) + + + self.different_organization_user = User.objects.create_user(username="test_different_organization_user", password="password") + + + different_organization_team = Team.objects.create( + team_name = 'different_organization_team', + organization = different_organization, + ) + + different_organization_team.permissions.set([ + view_permissions, + add_permissions, + change_permissions, + delete_permissions, + ]) + + TeamUsers.objects.create( + team = different_organization_team, + user = self.different_organization_user + ) + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_view_user_anon_denied(self): + """ Check correct permission for view + + Attempt to view as anon user + """ + + client = Client() + url = reverse('Config Management:_group_view', kwargs={'pk': self.item.id}) + + response = client.get(url) + + assert response.status_code == 302 and response.url.startswith('/account/login') + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_view_no_permission_denied(self): + """ Check correct permission for view + + Attempt to view with user missing permission + """ + + client = Client() + url = reverse('Config Management:_group_view', kwargs={'pk': self.item.id}) + + + client.force_login(self.no_permissions_user) + response = client.get(url) + + assert response.status_code == 403 + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_view_different_organizaiton_denied(self): + """ Check correct permission for view + + Attempt to view with user from different organization + """ + + client = Client() + url = reverse('Config Management:_group_view', kwargs={'pk': self.item.id}) + + + client.force_login(self.different_organization_user) + response = client.get(url) + + assert response.status_code == 403 + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_view_has_permission(self): + """ Check correct permission for view + + Attempt to view as user with view permission + """ + + client = Client() + url = reverse('Config Management:_group_view', kwargs={'pk': self.item.id}) + + + client.force_login(self.view_user) + response = client.get(url) + + assert response.status_code == 200 + + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_add_user_anon_denied(self): + """ Check correct permission for add + + Attempt to add as anon user + """ + + client = Client() + url = reverse('Config Management:_group_add') + + + response = client.put(url, data={'device': 'device'}) + + assert response.status_code == 302 and response.url.startswith('/account/login') + + # @pytest.mark.skip(reason="ToDO: figure out why fails") + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_add_no_permission_denied(self): + """ Check correct permission for add + + Attempt to add as user with no permissions + """ + + client = Client() + url = reverse('Config Management:_group_add') + + + client.force_login(self.no_permissions_user) + response = client.post(url, data={'device': 'device'}) + + assert response.status_code == 403 + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_add_different_organization_denied(self): + """ Check correct permission for add + + attempt to add as user from different organization + """ + + client = Client() + url = reverse('Config Management:_group_add') + + + client.force_login(self.different_organization_user) + response = client.post(url, data={'name': 'device', 'organization': self.organization.id}) + + assert response.status_code == 403 + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_add_permission_view_denied(self): + """ Check correct permission for add + + Attempt to add a user with view permission + """ + + client = Client() + url = reverse('Config Management:_group_add') + + + client.force_login(self.view_user) + response = client.post(url, data={'device': 'device'}) + + assert response.status_code == 403 + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_add_has_permission(self): + """ Check correct permission for add + + Attempt to add as user with no permission + """ + + client = Client() + url = reverse('Config Management:_group_add') + + + client.force_login(self.add_user) + response = client.post(url, data={'device': 'device', 'organization': self.organization.id}) + + assert response.status_code == 200 + + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_change_user_anon_denied(self): + """ Check correct permission for change + + Attempt to change as anon + """ + + client = Client() + url = reverse('Config Management:_group_view', kwargs={'pk': self.item.id}) + + + response = client.patch(url, data={'device': 'device'}) + + assert response.status_code == 302 and response.url.startswith('/account/login') + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_change_no_permission_denied(self): + """ Ensure permission view cant make change + + Attempt to make change as user without permissions + """ + + client = Client() + url = reverse('Config Management:_group_view', kwargs={'pk': self.item.id}) + + + client.force_login(self.no_permissions_user) + response = client.post(url, data={'device': 'device'}) + + assert response.status_code == 403 + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_change_different_organization_denied(self): + """ Ensure permission view cant make change + + Attempt to make change as user from different organization + """ + + client = Client() + url = reverse('Config Management:_group_view', kwargs={'pk': self.item.id}) + + + client.force_login(self.different_organization_user) + response = client.post(url, data={'device': 'device'}) + + assert response.status_code == 403 + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_change_permission_view_denied(self): + """ Ensure permission view cant make change + + Attempt to make change as user with view permission + """ + + client = Client() + url = reverse('Config Management:_group_view', kwargs={'pk': self.item.id}) + + + client.force_login(self.view_user) + response = client.post(url, data={'device': 'device'}) + + assert response.status_code == 403 + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_change_permission_add_denied(self): + """ Ensure permission view cant make change + + Attempt to make change as user with add permission + """ + + client = Client() + url = reverse('Config Management:_group_view', kwargs={'pk': self.item.id}) + + + client.force_login(self.add_user) + response = client.post(url, data={'device': 'device'}) + + assert response.status_code == 403 + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_change_has_permission(self): + """ Check correct permission for change + + Make change with user who has change permission + """ + + client = Client() + url = reverse('Config Management:_group_view', kwargs={'pk': self.item.id}) + + + client.force_login(self.change_user) + response = client.post(url, data={'device': 'device'}) + + assert response.status_code == 200 + + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_delete_user_anon_denied(self): + """ Check correct permission for delete + + Attempt to delete item as anon user + """ + + client = Client() + url = reverse('Config Management:_group_delete', kwargs={'pk': self.item.id}) + + + response = client.delete(url, data={'device': 'device'}) + + assert response.status_code == 302 and response.url.startswith('/account/login') + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_delete_no_permission_denied(self): + """ Check correct permission for delete + + Attempt to delete as user with no permissons + """ + + client = Client() + url = reverse('Config Management:_group_delete', kwargs={'pk': self.item.id}) + + + client.force_login(self.no_permissions_user) + response = client.delete(url, data={'device': 'device'}) + + assert response.status_code == 403 + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_delete_different_organization_denied(self): + """ Check correct permission for delete + + Attempt to delete as user from different organization + """ + + client = Client() + url = reverse('Config Management:_group_delete', kwargs={'pk': self.item.id}) + + + client.force_login(self.different_organization_user) + response = client.delete(url, data={'device': 'device'}) + + assert response.status_code == 403 + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_delete_permission_view_denied(self): + """ Check correct permission for delete + + Attempt to delete as user with veiw permission only + """ + + client = Client() + url = reverse('Config Management:_group_delete', kwargs={'pk': self.item.id}) + + + client.force_login(self.view_user) + response = client.delete(url, data={'device': 'device'}) + + assert response.status_code == 403 + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_delete_permission_add_denied(self): + """ Check correct permission for delete + + Attempt to delete as user with add permission only + """ + + client = Client() + url = reverse('Config Management:_group_delete', kwargs={'pk': self.item.id}) + + + client.force_login(self.add_user) + response = client.delete(url, data={'device': 'device'}) + + assert response.status_code == 403 + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_delete_permission_change_denied(self): + """ Check correct permission for delete + + Attempt to delete as user with change permission only + """ + + client = Client() + url = reverse('Config Management:_group_delete', kwargs={'pk': self.item.id}) + + + client.force_login(self.change_user) + response = client.delete(url, data={'device': 'device'}) + + assert response.status_code == 403 + + + @pytest.mark.skip(reason="figure out best way to test") + def test_config_groups_auth_delete_has_permission(self): + """ Check correct permission for delete + + Delete item as user with delete permission + """ + + client = Client() + url = reverse('Config Management:_group_delete', kwargs={'pk': self.item.id}) + + + client.force_login(self.delete_user) + response = client.delete(url, data={'device': 'device'}) + + assert response.status_code == 302 and response.url == reverse('Config Management:Groups')