fix: add support for merging 2 roles

tests/views/test_roles.py

@@ -284,6 +284,153 @@ class TestRoleView(WebTestCase):
             self.assertIs(role, blokes)
             self.assertEqual(blokes.permissions, ["widgets.polish", "widgets.view"])
 
+    def test_merge_get_data(self):
+        model = self.app.model
+        auth = self.app.get_auth_handler()
+
+        role = model.Role(name="whatever")
+        auth.grant_permission(role, "people.list")
+        auth.grant_permission(role, "people.view")
+        auth.grant_permission(role, "people.edit")
+        self.session.add(role)
+
+        user1 = model.User(username="user1")
+        user1.roles.append(role)
+        self.session.add(user1)
+
+        user2 = model.User(username="user2")
+        user2.roles.append(role)
+        self.session.add(user2)
+
+        self.session.commit()
+        self.assertEqual(len(role.permissions), 3)
+        self.assertEqual(len(role.users), 2)
+
+        view = self.make_view()
+        with patch.object(view, "Session", return_value=self.session):
+            data = view.merge_get_data(role)
+            self.assertEqual(
+                sorted(data["permissions"]),
+                ["people.edit", "people.list", "people.view"],
+            )
+            self.assertEqual(data["permission_count"], 3)
+            self.assertEqual(data["usernames"], ["user1", "user2"])
+            self.assertEqual(data["user_count"], 2)
+
+    def test_merge_get_final_data(self):
+        model = self.app.model
+        auth = self.app.get_auth_handler()
+
+        role1 = model.Role(name="whatever1")
+        auth.grant_permission(role1, "people.list")
+        auth.grant_permission(role1, "people.view")
+        auth.grant_permission(role1, "people.edit")
+        self.session.add(role1)
+
+        role2 = model.Role(name="whatever2")
+        auth.grant_permission(role2, "people.list")
+        auth.grant_permission(role2, "people.view")
+        self.session.add(role2)
+
+        user1 = model.User(username="user1")
+        user1.roles.append(role1)
+        self.session.add(user1)
+
+        user2 = model.User(username="user2")
+        user2.roles.append(role1)
+        user2.roles.append(role2)
+        self.session.add(user2)
+
+        self.session.commit()
+        self.assertEqual(len(role1.permissions), 3)
+        self.assertEqual(len(role1.users), 2)
+        self.assertEqual(len(role2.permissions), 2)
+        self.assertEqual(len(role2.users), 1)
+
+        view = self.make_view()
+        with patch.object(view, "Session", return_value=self.session):
+            removing = view.merge_get_data(role1)
+            keeping = view.merge_get_data(role2)
+            final = view.merge_get_final_data(removing, keeping)
+            self.assertEqual(final["permission_count"], 3)
+            self.assertEqual(final["user_count"], 2)
+
+    def test_merge_why_not(self):
+        model = self.app.model
+        auth = self.app.get_auth_handler()
+
+        role1 = model.Role(name="whatever1")
+        self.session.add(role1)
+        role2 = model.Role(name="whatever2")
+        self.session.add(role2)
+        self.session.commit()
+
+        view = self.make_view()
+        with patch.object(view, "Session", return_value=self.session):
+
+            # normal merge is allowed
+            self.assertIsNone(view.merge_why_not(role1, role2))
+
+            # special roles can be part of a merge if they are being "kept"
+            # but not if being "removed"
+
+            admin = auth.get_role_administrator(self.session)
+            self.assertIsNone(view.merge_why_not(role1, admin))
+            reason = view.merge_why_not(admin, role1)
+            self.assertEqual(reason, "Cannot remove the Administrator role.")
+
+            authed = auth.get_role_authenticated(self.session)
+            self.assertIsNone(view.merge_why_not(role1, authed))
+            reason = view.merge_why_not(authed, role1)
+            self.assertEqual(reason, "Cannot remove the Authenticated role.")
+
+            anon = auth.get_role_anonymous(self.session)
+            self.assertIsNone(view.merge_why_not(role1, anon))
+            reason = view.merge_why_not(anon, role1)
+            self.assertEqual(reason, "Cannot remove the Anonymous role.")
+
+    def test_merge_execute(self):
+        model = self.app.model
+        auth = self.app.get_auth_handler()
+
+        role1 = model.Role(name="whatever1")
+        auth.grant_permission(role1, "people.list")
+        auth.grant_permission(role1, "people.view")
+        auth.grant_permission(role1, "people.edit")
+        self.session.add(role1)
+
+        role2 = model.Role(name="whatever2")
+        auth.grant_permission(role2, "people.list")
+        auth.grant_permission(role2, "people.view")
+        self.session.add(role2)
+
+        user1 = model.User(username="user1")
+        user1.roles.append(role1)
+        self.session.add(user1)
+
+        user2 = model.User(username="user2")
+        user2.roles.append(role1)
+        user2.roles.append(role2)
+        self.session.add(user2)
+
+        self.session.commit()
+        self.assertEqual(self.session.query(model.Role).count(), 2)
+        self.assertEqual(len(role1.permissions), 3)
+        self.assertEqual(len(role1.users), 2)
+        self.assertEqual(len(role2.permissions), 2)
+        self.assertEqual(len(role2.users), 1)
+
+        view = self.make_view()
+        with patch.object(view, "Session", return_value=self.session):
+            view.merge_execute(role1, role2)
+            self.session.commit()
+            self.assertEqual(self.session.query(model.Role).count(), 1)
+            self.assertNotIn(role1, self.session)
+            self.assertIn(role2, self.session)
+            self.assertIs(role2, self.session.query(model.Role).one())
+            self.assertEqual(len(role2.permissions), 3)
+            self.assertEqual(len(role2.users), 2)
+
 
 class TestPermissionView(WebTestCase):