sander/rowsandall
Private
Public Access
1
0
Fork 0
Code Activity

MOST!

Browse Source
This commit is contained in:
Sander Roosendaal
2020-01-20 21:18:53 +01:00
parent b8bc152248
commit 45808ec954
2 changed files with 439 additions and 322 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
rowers/tests/test_permissions2.py
View File

@@ -146,6 +146,20 @@ class PermissionsViewTests(TestCase):
notes=faker.text(),
manager=self.ucoach['user'])
self.uplan['user'].rower.team.add(self.teamcoach)
self.ubasic['user'].rower.team.add(self.teamcoach)
self.ucoach['user'].rower.team.add(self.teamcoach)
self.upro['user'].rower.team.add(self.teamplan)
self.uplan2['user'].rower.team.add(self.teamplan)
self.upro['user'].rower.team.add(self.teampro)
self.uplan['user'].rower.team.add(self.teampro)
self.uplan['user'].rower.coachinggroups.add(coachinggroup)
self.ubasic['user'].rower.coachinggroups.add(coachinggroup)
viewstotest = [
('workout_view',
{
@@ -187,7 +201,7 @@ class PermissionsViewTests(TestCase):
# Test access for anonymous users
@parameterized.expand(viewstotest)
@patch('rowers.dataprep.create_engine')
@patch('rowers.dataprep.read_df_sql')
@@ -195,7 +209,7 @@ class PermissionsViewTests(TestCase):
@patch('requests.get',side_effect=mocked_requests)
@patch('requests.post',side_effect=mocked_requests)
@patch('rowers.dataprep.get_video_data',side_effect=mocked_get_video_data)
def test_permissions_generator(
def test_permissions_anonymous(
self,view,permissions,
mocked_sqlalchemy,
mocked_read_df_sql,
@@ -218,19 +232,40 @@ class PermissionsViewTests(TestCase):
result = self.c.get(url)
self.assertEqual(result.status_code,permissions['anonymous_response'])
if permissions['own'] and not permissions['is_staff']:
# Test access for logged in users - accessing own objects
@parameterized.expand(viewstotest)
@patch('rowers.dataprep.create_engine')
@patch('rowers.dataprep.read_df_sql')
@patch('rowers.dataprep.getsmallrowdata_db')
@patch('requests.get',side_effect=mocked_requests)
@patch('requests.post',side_effect=mocked_requests)
@patch('rowers.dataprep.get_video_data',side_effect=mocked_get_video_data)
def test_permissions_own(
self,view,permissions,
mocked_sqlalchemy,
mocked_read_df_sql,
mocked_getsmallrowdata_db,
mock_get,
mock_post,
mocked_get_video_data,
):
if permissions['member'] and not permissions['is_staff']:
urlstotest = []
falseurlstotest = []
if permissions['own'] == 'basic':
otheruserurls = []
if permissions['member'] == 'basic':
thisuser = self.ubasic
memberuser = self.uplan
notuser = None
elif permissions['own'] == 'pro':
elif permissions['member'] == 'pro':
thisuser = self.upro
notuser = self.ubasic
elif permissions['own'] == 'plan':
elif permissions['member'] == 'plan':
thisuser = self.uplan
notuser = self.upro
elif permissions['own'] == 'coach':
elif permissions['member'] == 'coach':
thisuser = self.ucoach
notuser = self.uplan
@@ -246,18 +281,100 @@ class PermissionsViewTests(TestCase):
elif permissions['userid']:
url = reverse(view,kwargs={'userid':thisuser['user'].id})
urlstotest.append(url)
if notuser:
url = reverse(view,kwargs={'userid':self.ustrange['user'].id})
falseurlstotest.append(url)
url = reverse(view,kwargs={'userid':self.ustrange['user'].id})
otheruserurls.append(url)
# test logged in as user who has permissions
for url in urlstotest:
print(url)
login = self.c.login(username = thisuser['username'],password = thisuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code, permissions['own_response'])
# test logged as user with no permissions (e.g. too low plan)
for url in falseurlstotest:
print(url)
login = self.c.login(username = notuser['username'],password = notuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code, permissions['own_nonperm'])
# test as user with permissions, accessing object of non-related user
for url in otheruserurls:
print(url)
login = self.c.login(username=thisuser['username'],password = thisuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code,403)
# Test access for logged in users - accessing team member objects
@parameterized.expand(viewstotest)
@patch('rowers.dataprep.create_engine')
@patch('rowers.dataprep.read_df_sql')
@patch('rowers.dataprep.getsmallrowdata_db')
@patch('requests.get',side_effect=mocked_requests)
@patch('requests.post',side_effect=mocked_requests)
@patch('rowers.dataprep.get_video_data',side_effect=mocked_get_video_data)
def test_permissions_own(
self,view,permissions,
mocked_sqlalchemy,
mocked_read_df_sql,
mocked_getsmallrowdata_db,
mock_get,
mock_post,
mocked_get_video_data,
):
if permissions['own'] and not permissions['is_staff']:
urlstotest = []
falseurlstotest = []
otheruserurls = []
if permissions['own'] == 'basic':
thisuser = self.ubasic
notuser = None
elif permissions['own'] == 'pro':
thisuser = self.upro
notuser = self.ubasic
elif permissions['own'] == 'plan':
thisuser = self.uplan
notuser = self.upro
elif permissions['own'] == 'coach':
thisuser = self.ucoach
notuser = self.uplan
if permissions['workoutid']:
workouts = thisuser['workouts']
url = reverse(view,kwargs={'id':encoder.encode_hex(workouts[0].id)})
urlstotest.append(url)
if notuser:
workouts = notuser['workouts']
url = reverse(view,kwargs={'id':encoder.encode_hex(workouts[0].id)})
falseurlstotest.append(url)
elif permissions['userid']:
url = reverse(view,kwargs={'userid':thisuser['user'].id})
urlstotest.append(url)
url = reverse(view,kwargs={'userid':self.ustrange['user'].id})
otheruserurls.append(url)
# test logged in as user who has permissions
for url in urlstotest:
print(url)
login = self.c.login(username = thisuser['username'],password = thisuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code, permissions['own_response'])
# test logged as user with no permissions (e.g. too low plan)
for url in falseurlstotest:
print(url)
login = self.c.login(username = notuser['username'],password = notuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code, permissions['own_nonperm'])
# test as user with permissions, accessing object of non-related user
for url in otheruserurls:
print(url)
login = self.c.login(username=thisuser['username'],password = thisuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code,403)