sander/rowsandall
Private
Public Access
1
0
Fork 0
Code Activity

first working version with viewnames.csv

Browse Source
This commit is contained in:
Sander Roosendaal
2020-01-21 16:17:09 +01:00
parent 4a9621ba56
commit 5d37acbbc8
2 changed files with 443 additions and 397 deletions
Download Patch File Download Diff File Expand all files Collapse all files

216
rowers/tests/test_permissions2.py
View File

@@ -178,6 +178,7 @@ class PermissionsViewTests(TestCase):
'is_staff': False,
'workoutid': True,
'userid': False,
'dotest': True,
}
),
('workouts_view',
@@ -196,11 +197,39 @@ class PermissionsViewTests(TestCase):
'is_staff': False,
'workoutid': False,
'userid': True,
'dotest': True,
}
)
]
import pandas as pd
df = pd.read_csv('./rowers/tests/viewnames.csv')
for id, row in df.iterrows():
view = row['view']
tpl = (view,
{
'anonymous':row.anonymous,
'anonymous_response':row.anonymous_response,
'own': row.own,
'own_response':row.own_response,
'own_nonperm': row.own_nonperm,
'member': row.member,
'member_response':row.member_response,
'member_nonperm': row.member_nonperm,
'coachee': row.coachee,
'coachee_response':row.coachee_response,
'coachee_nonperm': row.coachee_nonperm,
'is_staff':row.is_staff,
'workoutid':row.workoutid,
'userid':row.userid,
'dotest':row.dotest,
})
if row.dotest:
viewstotest.append(tpl)
plans = ['basic','plan','coach','pro']
# Test access for anonymous users
@parameterized.expand(viewstotest)
@@ -220,13 +249,14 @@ class PermissionsViewTests(TestCase):
mocked_get_video_data,
):
if permissions['anonymous'] and not permissions['is_staff']:
if permissions['anonymous'] in plans and not permissions['is_staff'] and permissions['dotest']:
urlstotest = []
if permissions['workoutid']:
url = reverse(view,kwargs={'id':encoder.encode_hex(self.ucoach['workouts'][0].id)})
urlstotest.append(url)
else:
url = reverse(view)
urlstotest.append(url)
for url in urlstotest:
print(url)
@@ -251,22 +281,26 @@ class PermissionsViewTests(TestCase):
mocked_get_video_data,
):
if permissions['member'] and not permissions['is_staff']:
if permissions['own'] in plans and not permissions['is_staff'] and permissions['dotest']:
urlstotest = []
falseurlstotest = []
otheruserurls = []
if permissions['member'] == 'basic':
thisuser = self.ubasic
memberuser = self.uplan
notuser = None
if permissions['own'] == 'basic':
thisuser = self.ubasic
memberuser = self.uplan
notuser = None
elif permissions['member'] == 'pro':
elif permissions['own'] == 'pro':
thisuser = self.upro
notuser = self.ubasic
elif permissions['member'] == 'plan':
elif permissions['own'] == 'plan':
thisuser = self.uplan
notuser = self.upro
elif permissions['member'] == 'coach':
elif permissions['own'] == 'coach':
thisuser = self.ucoach
notuser = self.uplan
@@ -285,6 +319,9 @@ class PermissionsViewTests(TestCase):
url = reverse(view,kwargs={'userid':self.ustrange['user'].id})
otheruserurls.append(url)
else:
url = reverse(view)
urlstotest.append(url)
# test logged in as user who has permissions
for url in urlstotest:
@@ -325,62 +362,69 @@ class PermissionsViewTests(TestCase):
mocked_get_video_data,
):
if permissions['own'] and not permissions['is_staff']:
urlstotest = []
falseurlstotest = []
otheruserurls = []
if permissions['member'] in plans and not permissions['is_staff'] and permissions['dotest']:
urlstotest = []
falseurlstotest = []
otheruserurls = []
if permissions['member'] == 'basic':
thisuser = self.ubasic
memberuser = self.uplan
notuser = None
elif permissions['member'] == 'pro':
thisuser = self.upro
memberuser = self.uplan
notuser = self.ubasic
elif permissions['member'] == 'plan':
thisuser = self.uplan
memberuser = self.ubasic
notuser = self.upro
elif permissions['member'] == 'coach':
thisuser = self.ucoach
memberuser = self.uplan
notuser = self.uplan
thisuser = self.ubasic
memberuser = self.uplan
notuser = None
if permissions['member'] == 'basic':
thisuser = self.ubasic
memberuser = self.uplan
notuser = None
elif permissions['member'] == 'pro':
thisuser = self.upro
memberuser = self.uplan
notuser = self.ubasic
elif permissions['member'] == 'plan':
thisuser = self.uplan
memberuser = self.ubasic
notuser = self.upro
elif permissions['member'] == 'coach':
thisuser = self.ucoach
memberuser = self.uplan
notuser = self.uplan
if permissions['workoutid']:
workouts = memberuser['workouts']
url = reverse(view,kwargs={'id':encoder.encode_hex(workouts[0].id)})
urlstotest.append(url)
if notuser:
falseurlstotest.append(url)
elif permissions['userid']:
url = reverse(view,kwargs={'userid':thisuser['user'].id})
urlstotest.append(url)
if permissions['workoutid']:
workouts = memberuser['workouts']
url = reverse(view,kwargs={'id':encoder.encode_hex(workouts[0].id)})
urlstotest.append(url)
if notuser:
falseurlstotest.append(url)
elif permissions['userid']:
url = reverse(view,kwargs={'userid':thisuser['user'].id})
urlstotest.append(url)
url = reverse(view,kwargs={'userid':self.ustrange['user'].id})
otheruserurls.append(url)
url = reverse(view,kwargs={'userid':self.ustrange['user'].id})
otheruserurls.append(url)
else:
url = reverse(view)
urlstotest.append(url)
# test logged in as user who has permissions
for url in urlstotest:
print(url)
login = self.c.login(username = thisuser['username'],password = thisuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code, permissions['member_response'])
# test logged in as user who has permissions
for url in urlstotest:
print(url)
login = self.c.login(username = thisuser['username'],password = thisuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code, permissions['member_response'])
# test logged as user with no permissions (e.g. too low plan)
for url in falseurlstotest:
print(url)
login = self.c.login(username = notuser['username'],password = notuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code, permissions['member_nonperm'])
# test logged as user with no permissions (e.g. too low plan)
for url in falseurlstotest:
print(url)
login = self.c.login(username = notuser['username'],password = notuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code, permissions['member_nonperm'])
# test as user with permissions, accessing object of non-related user
for url in otheruserurls:
print(url)
login = self.c.login(username=thisuser['username'],password = thisuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code,403)
# test as user with permissions, accessing object of non-related user
for url in otheruserurls:
print(url)
login = self.c.login(username=thisuser['username'],password = thisuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code,403)
# Test access for logged in users - accessing coachee
@parameterized.expand(viewstotest)
@@ -390,7 +434,7 @@ class PermissionsViewTests(TestCase):
@patch('requests.get',side_effect=mocked_requests)
@patch('requests.post',side_effect=mocked_requests)
@patch('rowers.dataprep.get_video_data',side_effect=mocked_get_video_data)
def test_permissions_member(
def test_permissions_coachee(
self,view,permissions,
mocked_sqlalchemy,
mocked_read_df_sql,
@@ -400,40 +444,42 @@ class PermissionsViewTests(TestCase):
mocked_get_video_data,
):
if permissions['own'] and not permissions['is_staff']:
urlstotest = []
falseurlstotest = []
otheruserurls = []
if permissions['coachee'] in plans and not permissions['is_staff'] and permissions['dotest']:
urlstotest = []
falseurlstotest = []
otheruserurls = []
if permissions['coachee'] == 'coach':
thisuser = self.ucoach
coacheeuser = self.ubasic
notuser = self.uplan
thisuser = self.ucoach
coacheeuser = self.ubasic
notuser = self.uplan
if permissions['workoutid']:
workouts = coacheeuser['workouts']
url = reverse(view,kwargs={'id':encoder.encode_hex(workouts[0].id)})
urlstotest.append(url)
if permissions['workoutid']:
workouts = coacheeuser['workouts']
url = reverse(view,kwargs={'id':encoder.encode_hex(workouts[0].id)})
urlstotest.append(url)
elif permissions['userid']:
url = reverse(view,kwargs={'userid':coacheeuser['user'].id})
urlstotest.append(url)
elif permissions['userid']:
url = reverse(view,kwargs={'userid':coacheeuser['user'].id})
urlstotest.append(url)
url = reverse(view,kwargs={'userid':self.ustrange['user'].id})
otheruserurls.append(url)
url = reverse(view,kwargs={'userid':self.ustrange['user'].id})
otheruserurls.append(url)
else:
url = reverse(view)
urlstotest.append(url)
# test logged in as user who has permissions
for url in urlstotest:
print(url)
login = self.c.login(username = thisuser['username'],password = thisuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code, permissions['coachee_response'])
# test logged in as user who has permissions
for url in urlstotest:
print(url)
login = self.c.login(username = thisuser['username'],password = thisuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code, permissions['coachee_response'])
# test as user with permissions, accessing object of non-related user
for url in otheruserurls:
print(url)
login = self.c.login(username=thisuser['username'],password = thisuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code,403)
# test as user with permissions, accessing object of non-related user
for url in otheruserurls:
print(url)
login = self.c.login(username=thisuser['username'],password = thisuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code,403)