2017-04-20 12:40:59 +00:00
|
|
|
# -*- coding: utf-8 -*-
|
2020-10-03 14:24:48 +00:00
|
|
|
from __future__ import unicode_literals
|
|
|
|
|
|
|
|
|
|
from django.test import TestCase
|
2020-10-03 14:34:22 +00:00
|
|
|
from django.apps import apps
|
2020-10-04 21:55:15 +00:00
|
|
|
from django.contrib.auth.models import Group
|
2020-10-03 14:24:48 +00:00
|
|
|
|
|
|
|
|
from users.models import RuleSet
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class RuleSetModelTest(TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Some simplistic tests to ensure the RuleSet model is setup correctly.
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
def test_ruleset_models(self):
|
|
|
|
|
|
|
|
|
|
keys = RuleSet.RULESET_MODELS.keys()
|
|
|
|
|
|
|
|
|
|
# Check if there are any rulesets which do not have models defined
|
|
|
|
|
|
|
|
|
|
missing = [name for name in RuleSet.RULESET_NAMES if name not in keys]
|
|
|
|
|
|
|
|
|
|
if len(missing) > 0:
|
|
|
|
|
print("The following rulesets do not have models assigned:")
|
|
|
|
|
for m in missing:
|
|
|
|
|
print("-", m)
|
|
|
|
|
|
|
|
|
|
# Check if models have been defined for a ruleset which is incorrect
|
|
|
|
|
extra = [name for name in keys if name not in RuleSet.RULESET_NAMES]
|
|
|
|
|
|
|
|
|
|
if len(extra) > 0:
|
|
|
|
|
print("The following rulesets have been improperly added to RULESET_MODELS:")
|
|
|
|
|
for e in extra:
|
|
|
|
|
print("-", e)
|
|
|
|
|
|
|
|
|
|
# Check that each ruleset has models assigned
|
|
|
|
|
empty = [key for key in keys if len(RuleSet.RULESET_MODELS[key]) == 0]
|
|
|
|
|
|
|
|
|
|
if len(empty) > 0:
|
|
|
|
|
print("The following rulesets have empty entries in RULESET_MODELS:")
|
|
|
|
|
for e in empty:
|
|
|
|
|
print("-", e)
|
|
|
|
|
|
|
|
|
|
self.assertEqual(len(missing), 0)
|
|
|
|
|
self.assertEqual(len(extra), 0)
|
|
|
|
|
self.assertEqual(len(empty), 0)
|
2017-04-20 12:40:59 +00:00
|
|
|
|
2020-10-03 14:34:22 +00:00
|
|
|
def test_model_names(self):
|
|
|
|
|
"""
|
|
|
|
|
Test that each model defined in the rulesets is valid,
|
|
|
|
|
based on the database schema!
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
available_models = apps.get_models()
|
|
|
|
|
|
2020-10-04 21:55:15 +00:00
|
|
|
available_tables = set()
|
2020-10-03 14:34:22 +00:00
|
|
|
|
2020-10-04 21:55:15 +00:00
|
|
|
# Extract each available database model and construct a formatted string
|
2020-10-03 14:34:22 +00:00
|
|
|
for model in available_models:
|
2020-10-04 21:55:15 +00:00
|
|
|
label = model.objects.model._meta.label
|
|
|
|
|
label = label.replace('.', '_').lower()
|
|
|
|
|
available_tables.add(label)
|
2020-10-03 14:34:22 +00:00
|
|
|
|
2020-10-04 21:55:15 +00:00
|
|
|
assigned_models = set()
|
2020-10-03 14:38:53 +00:00
|
|
|
|
2020-10-03 14:34:22 +00:00
|
|
|
# Now check that each defined model is a valid table name
|
|
|
|
|
for key in RuleSet.RULESET_MODELS.keys():
|
|
|
|
|
|
|
|
|
|
models = RuleSet.RULESET_MODELS[key]
|
|
|
|
|
|
|
|
|
|
for m in models:
|
2020-10-03 14:38:53 +00:00
|
|
|
|
2020-10-04 21:55:15 +00:00
|
|
|
assigned_models.add(m)
|
2020-10-03 14:38:53 +00:00
|
|
|
|
2020-10-04 21:55:15 +00:00
|
|
|
missing_models = set()
|
2020-10-03 14:38:53 +00:00
|
|
|
|
|
|
|
|
for model in available_tables:
|
2020-10-04 00:03:14 +00:00
|
|
|
if model not in assigned_models and model not in RuleSet.RULESET_IGNORE:
|
2020-10-04 21:55:15 +00:00
|
|
|
missing_models.add(model)
|
2020-10-03 14:38:53 +00:00
|
|
|
|
|
|
|
|
if len(missing_models) > 0:
|
2020-10-04 00:03:14 +00:00
|
|
|
print("The following database models are not covered by the defined RuleSet permissions:")
|
2020-10-03 14:38:53 +00:00
|
|
|
for m in missing_models:
|
2020-10-03 14:43:02 +00:00
|
|
|
print("-", m)
|
2020-10-04 00:03:14 +00:00
|
|
|
|
2020-10-04 21:55:15 +00:00
|
|
|
extra_models = set()
|
2020-10-04 21:29:36 +00:00
|
|
|
|
2020-10-04 21:55:15 +00:00
|
|
|
defined_models = set()
|
|
|
|
|
|
|
|
|
|
for model in assigned_models:
|
|
|
|
|
defined_models.add(model)
|
|
|
|
|
|
|
|
|
|
for model in RuleSet.RULESET_IGNORE:
|
|
|
|
|
defined_models.add(model)
|
2020-10-04 21:29:36 +00:00
|
|
|
|
|
|
|
|
for model in defined_models:
|
|
|
|
|
if model not in available_tables:
|
2020-10-04 21:55:15 +00:00
|
|
|
extra_models.add(model)
|
2020-10-04 21:29:36 +00:00
|
|
|
|
|
|
|
|
if len(extra_models) > 0:
|
|
|
|
|
print("The following RuleSet permissions do not match a database model:")
|
|
|
|
|
for m in extra_models:
|
|
|
|
|
print("-", m)
|
|
|
|
|
|
2020-10-04 01:18:31 +00:00
|
|
|
self.assertEqual(len(missing_models), 0)
|
2020-10-04 21:29:36 +00:00
|
|
|
self.assertEqual(len(extra_models), 0)
|
2020-10-04 21:55:15 +00:00
|
|
|
|
|
|
|
|
def test_permission_assign(self):
|
|
|
|
|
"""
|
|
|
|
|
Test that the permission assigning works!
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
# Create a new group
|
|
|
|
|
group = Group.objects.create(name="Test group")
|
|
|
|
|
|
|
|
|
|
rulesets = group.rule_sets.all()
|
|
|
|
|
|
|
|
|
|
# Rulesets should have been created automatically for this group
|
|
|
|
|
self.assertEqual(rulesets.count(), len(RuleSet.RULESET_CHOICES))
|
|
|
|
|
|
|
|
|
|
# Check that all permissions have been assigned permissions?
|
|
|
|
|
permission_set = set()
|
|
|
|
|
|
|
|
|
|
for models in RuleSet.RULESET_MODELS.values():
|
|
|
|
|
|
|
|
|
|
for model in models:
|
|
|
|
|
permission_set.add(model)
|
|
|
|
|
|
|
|
|
|
# Every ruleset by default sets one permission, the "view" permission set
|
|
|
|
|
self.assertEqual(group.permissions.count(), len(permission_set))
|
|
|
|
|
|
|
|
|
|
# Add some more rules
|
|
|
|
|
for rule in rulesets:
|
|
|
|
|
rule.can_add = True
|
|
|
|
|
rule.can_change = True
|
|
|
|
|
|
|
|
|
|
rule.save()
|
|
|
|
|
|
2020-10-05 15:52:47 +00:00
|
|
|
# update_fields is required to trigger permissions update
|
|
|
|
|
group.save(update_fields=['name'])
|
2020-10-04 21:55:15 +00:00
|
|
|
|
|
|
|
|
# There should now be three permissions for each rule set
|
|
|
|
|
self.assertEqual(group.permissions.count(), 3 * len(permission_set))
|
|
|
|
|
|
|
|
|
|
# Now remove *all* permissions
|
|
|
|
|
for rule in rulesets:
|
|
|
|
|
rule.can_view = False
|
|
|
|
|
rule.can_add = False
|
|
|
|
|
rule.can_change = False
|
|
|
|
|
rule.can_delete = False
|
|
|
|
|
|
|
|
|
|
rule.save()
|
|
|
|
|
|
2020-10-05 15:52:47 +00:00
|
|
|
# update_fields is required to trigger permissions update
|
|
|
|
|
group.save(update_fields=['name'])
|
2020-10-04 21:55:15 +00:00
|
|
|
|
|
|
|
|
# There should now not be any permissions assigned to this group
|
|
|
|
|
self.assertEqual(group.permissions.count(), 0)
|
