feat: expose Role permissions for editing
This commit is contained in:
Lance Edgar
parent
97e914c2e0
commit
230e2fd1ab
19 changed files with 736 additions and 34 deletions
|
|
@ -15,6 +15,9 @@ class TestRoleView(WebTestCase):
|
|||
def make_view(self):
|
||||
return mod.RoleView(self.request)
|
||||
|
||||
def test_includeme(self):
|
||||
self.pyramid_config.include('wuttaweb.views.roles')
|
||||
|
||||
def test_get_query(self):
|
||||
view = self.make_view()
|
||||
query = view.get_query(session=self.session)
|
||||
|
|
@ -30,8 +33,9 @@ class TestRoleView(WebTestCase):
|
|||
|
||||
def test_configure_form(self):
|
||||
model = self.app.model
|
||||
role = model.Role(name="Foo")
|
||||
view = self.make_view()
|
||||
form = view.make_form(model_class=model.Person)
|
||||
form = view.make_form(model_instance=role)
|
||||
self.assertNotIn('name', form.validators)
|
||||
view.configure_form(form)
|
||||
self.assertIsNotNone(form.validators['name'])
|
||||
|
|
@ -55,3 +59,132 @@ class TestRoleView(WebTestCase):
|
|||
self.request.matchdict = {'uuid': role.uuid}
|
||||
node = colander.SchemaNode(colander.String(), name='name')
|
||||
self.assertIsNone(view.unique_name(node, 'Foo'))
|
||||
|
||||
def get_permissions(self):
|
||||
return {
|
||||
'widgets': {
|
||||
'label': "Widgets",
|
||||
'perms': {
|
||||
'widgets.list': {
|
||||
'label': "List widgets",
|
||||
},
|
||||
'widgets.polish': {
|
||||
'label': "Polish the widgets",
|
||||
},
|
||||
'widgets.view': {
|
||||
'label': "View widget",
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
def test_get_available_permissions(self):
|
||||
model = self.app.model
|
||||
auth = self.app.get_auth_handler()
|
||||
blokes = model.Role(name="Blokes")
|
||||
auth.grant_permission(blokes, 'widgets.list')
|
||||
self.session.add(blokes)
|
||||
barney = model.User(username='barney')
|
||||
barney.roles.append(blokes)
|
||||
self.session.add(barney)
|
||||
self.session.commit()
|
||||
view = self.make_view()
|
||||
all_perms = self.get_permissions()
|
||||
self.request.registry.settings['wutta_permissions'] = all_perms
|
||||
|
||||
def has_perm(perm):
|
||||
if perm == 'widgets.list':
|
||||
return True
|
||||
return False
|
||||
|
||||
with patch.object(self.request, 'has_perm', new=has_perm, create=True):
|
||||
|
||||
# sanity check; current request has 1 perm
|
||||
self.assertTrue(self.request.has_perm('widgets.list'))
|
||||
self.assertFalse(self.request.has_perm('widgets.polish'))
|
||||
self.assertFalse(self.request.has_perm('widgets.view'))
|
||||
|
||||
# when editing, user sees only the 1 perm
|
||||
with patch.object(view, 'editing', new=True):
|
||||
perms = view.get_available_permissions()
|
||||
self.assertEqual(list(perms), ['widgets'])
|
||||
self.assertEqual(list(perms['widgets']['perms']), ['widgets.list'])
|
||||
|
||||
# but when viewing, same user sees all perms
|
||||
with patch.object(view, 'viewing', new=True):
|
||||
perms = view.get_available_permissions()
|
||||
self.assertEqual(list(perms), ['widgets'])
|
||||
self.assertEqual(list(perms['widgets']['perms']),
|
||||
['widgets.list', 'widgets.polish', 'widgets.view'])
|
||||
|
||||
# also, when admin user is editing, sees all perms
|
||||
self.request.is_admin = True
|
||||
with patch.object(view, 'editing', new=True):
|
||||
perms = view.get_available_permissions()
|
||||
self.assertEqual(list(perms), ['widgets'])
|
||||
self.assertEqual(list(perms['widgets']['perms']),
|
||||
['widgets.list', 'widgets.polish', 'widgets.view'])
|
||||
|
||||
def test_objectify(self):
|
||||
model = self.app.model
|
||||
auth = self.app.get_auth_handler()
|
||||
blokes = model.Role(name="Blokes")
|
||||
self.session.add(blokes)
|
||||
barney = model.User(username='barney')
|
||||
barney.roles.append(blokes)
|
||||
self.session.add(barney)
|
||||
self.session.commit()
|
||||
view = self.make_view()
|
||||
permissions = self.get_permissions()
|
||||
|
||||
# sanity check, role has just 1 perm
|
||||
auth.grant_permission(blokes, 'widgets.list')
|
||||
self.session.commit()
|
||||
self.assertEqual(blokes.permissions, ['widgets.list'])
|
||||
|
||||
# form can update role perms
|
||||
view.editing = True
|
||||
self.request.matchdict = {'uuid': blokes.uuid}
|
||||
with patch.object(view, 'get_available_permissions', return_value=permissions):
|
||||
form = view.make_model_form(model_instance=blokes)
|
||||
form.validated = {'name': 'Blokes',
|
||||
'permissions': {'widgets.list', 'widgets.polish', 'widgets.view'}}
|
||||
role = view.objectify(form)
|
||||
self.session.commit()
|
||||
self.assertIs(role, blokes)
|
||||
self.assertEqual(blokes.permissions, ['widgets.list', 'widgets.polish', 'widgets.view'])
|
||||
|
||||
def test_update_permissions(self):
|
||||
model = self.app.model
|
||||
auth = self.app.get_auth_handler()
|
||||
blokes = model.Role(name="Blokes")
|
||||
auth.grant_permission(blokes, 'widgets.list')
|
||||
self.session.add(blokes)
|
||||
barney = model.User(username='barney')
|
||||
barney.roles.append(blokes)
|
||||
self.session.add(barney)
|
||||
self.session.commit()
|
||||
view = self.make_view()
|
||||
permissions = self.get_permissions()
|
||||
|
||||
with patch.object(view, 'get_available_permissions', return_value=permissions):
|
||||
|
||||
# no error if data is missing perms
|
||||
form = view.make_model_form(model_instance=blokes)
|
||||
form.validated = {'name': 'BloX'}
|
||||
role = view.objectify(form)
|
||||
self.session.commit()
|
||||
self.assertIs(role, blokes)
|
||||
self.assertEqual(blokes.name, 'BloX')
|
||||
|
||||
# sanity check, role has just 1 perm
|
||||
self.assertEqual(blokes.permissions, ['widgets.list'])
|
||||
|
||||
# role perms are updated
|
||||
form = view.make_model_form(model_instance=blokes)
|
||||
form.validated = {'name': 'Blokes',
|
||||
'permissions': {'widgets.polish', 'widgets.view'}}
|
||||
role = view.objectify(form)
|
||||
self.session.commit()
|
||||
self.assertIs(role, blokes)
|
||||
self.assertEqual(blokes.permissions, ['widgets.polish', 'widgets.view'])
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue