feat: expose User "roles" for editing

2024-08-13 21:43:56 -05:00 · 2024-08-13 21:43:56 -05:00 · 97e914c2e0
commit 97e914c2e0
parent bdfa0197b2
13 changed files with 492 additions and 39 deletions
--- a/tests/forms/test_base.py
+++ b/tests/forms/test_base.py
@ -84,6 +84,12 @@ class TestForm(TestCase):
        form.set_fields(['baz'])
        self.assertEqual(form.fields, ['baz'])

+    def test_append(self):
+        form = self.make_form(fields=['one', 'two'])
+        self.assertEqual(form.fields, ['one', 'two'])
+        form.append('one', 'two', 'three')
+        self.assertEqual(form.fields, ['one', 'two', 'three'])
+
    def test_remove(self):
        form = self.make_form(fields=['one', 'two', 'three', 'four'])
        self.assertEqual(form.fields, ['one', 'two', 'three', 'four'])
@ -157,6 +163,14 @@ class TestForm(TestCase):
        self.assertIs(form.validators['foo'], validate2)
        self.assertIs(schema['foo'].validator, validate2)

+    def test_set_default(self):
+        form = self.make_form(fields=['foo', 'bar'])
+        self.assertEqual(form.defaults, {})
+
+        # basic
+        form.set_default('foo', 42)
+        self.assertEqual(form.defaults['foo'], 42)
+
    def test_get_schema(self):
        model = self.app.model
        form = self.make_form()
@ -233,6 +247,12 @@ class TestForm(TestCase):
        schema = form.get_schema()
        self.assertIs(schema.validator, validate)

+        # default value overrides are honored
+        form = self.make_form(model_class=model.Setting)
+        form.set_default('name', 'foo')
+        schema = form.get_schema()
+        self.assertEqual(schema['name'].default, 'foo')
+
    def test_get_deform(self):
        model = self.app.model
        schema = self.make_schema()
@ -422,6 +442,19 @@ class TestForm(TestCase):
        # nb. no error message
        self.assertNotIn('message', html)

+    def test_get_vue_model_data(self):
+        schema = self.make_schema()
+        form = self.make_form(schema=schema)
+
+        # 2 fields by default (foo, bar)
+        data = form.get_vue_model_data()
+        self.assertEqual(len(data), 2)
+
+        # still just 2 fields even if we request more
+        form.set_fields(['foo', 'bar', 'baz'])
+        data = form.get_vue_model_data()
+        self.assertEqual(len(data), 2)
+
    def test_get_field_errors(self):
        schema = self.make_schema()
        form = self.make_form(schema=schema)
--- a/tests/forms/test_schema.py
+++ b/tests/forms/test_schema.py
@ -197,3 +197,27 @@ class TestPersonRef(DataTestCase):
        sorted_query = typ.sort_query(query)
        self.assertIsInstance(sorted_query, orm.Query)
        self.assertIsNot(sorted_query, query)
+
+
+class TestRoleRefs(DataTestCase):
+
+    def setUp(self):
+        self.setup_db()
+        self.request = testing.DummyRequest(wutta_config=self.config)
+
+    def test_widget_maker(self):
+        model = self.app.model
+        auth = self.app.get_auth_handler()
+        admin = auth.get_role_administrator(self.session)
+        authed = auth.get_role_authenticated(self.session)
+        anon = auth.get_role_anonymous(self.session)
+        blokes = model.Role(name="Blokes")
+        self.session.add(blokes)
+        self.session.commit()
+
+        # default values for widget includes all but: authed, anon
+        typ = mod.RoleRefs(self.request, session=self.session)
+        widget = typ.widget_maker()
+        self.assertEqual(len(widget.values), 2)
+        self.assertEqual(widget.values[0][1], "Administrator")
+        self.assertEqual(widget.values[1][1], "Blokes")
--- a/tests/forms/test_widgets.py
+++ b/tests/forms/test_widgets.py
@ -4,8 +4,8 @@ import colander
 import deform
 from pyramid import testing

-from wuttaweb.forms import widgets
-from wuttaweb.forms.schema import PersonRef
+from wuttaweb.forms import widgets as mod
+from wuttaweb.forms.schema import PersonRef, RoleRefs
 from tests.util import WebTestCase


@ -25,7 +25,7 @@ class TestObjectRefWidget(WebTestCase):

        # standard (editable)
        node = colander.SchemaNode(PersonRef(self.request, session=self.session))
-        widget = widgets.ObjectRefWidget(self.request)
+        widget = mod.ObjectRefWidget(self.request)
        field = self.make_field(node)
        html = widget.serialize(field, person.uuid)
        self.assertIn('<b-select ', html)
@ -33,7 +33,45 @@ class TestObjectRefWidget(WebTestCase):
        # readonly
        node = colander.SchemaNode(PersonRef(self.request, session=self.session))
        node.model_instance = person
-        widget = widgets.ObjectRefWidget(self.request)
+        widget = mod.ObjectRefWidget(self.request)
        field = self.make_field(node)
        html = widget.serialize(field, person.uuid, readonly=True)
        self.assertEqual(html.strip(), '<span>Betty Boop</span>')
+
+
+class TestRoleRefsWidget(WebTestCase):
+
+    def make_field(self, node, **kwargs):
+        # TODO: not sure why default renderer is in use even though
+        # pyramid_deform was included in setup?  but this works..
+        kwargs.setdefault('renderer', deform.Form.default_renderer)
+        return deform.Field(node, **kwargs)
+
+    def test_serialize(self):
+        model = self.app.model
+        auth = self.app.get_auth_handler()
+        admin = auth.get_role_administrator(self.session)
+        blokes = model.Role(name="Blokes")
+        self.session.add(blokes)
+        self.session.commit()
+
+        # nb. we let the field construct the widget via our type
+        node = colander.SchemaNode(RoleRefs(self.request, session=self.session))
+        field = self.make_field(node)
+        widget = field.widget
+
+        # readonly values list includes admin
+        html = widget.serialize(field, {admin.uuid, blokes.uuid}, readonly=True)
+        self.assertIn(admin.name, html)
+        self.assertIn(blokes.name, html)
+
+        # editable values list *excludes* admin (by default)
+        html = widget.serialize(field, {admin.uuid, blokes.uuid})
+        self.assertNotIn(admin.uuid, html)
+        self.assertIn(blokes.uuid, html)
+
+        # but admin is included for root user
+        self.request.is_root = True
+        html = widget.serialize(field, {admin.uuid, blokes.uuid})
+        self.assertIn(admin.uuid, html)
+        self.assertIn(blokes.uuid, html)
--- a/tests/grids/test_base.py
+++ b/tests/grids/test_base.py
@ -69,6 +69,12 @@ class TestGrid(TestCase):
        self.assertEqual(grid.columns, ['name', 'value'])
        self.assertEqual(grid.get_columns(), ['name', 'value'])

+    def test_append(self):
+        grid = self.make_grid(columns=['one', 'two'])
+        self.assertEqual(grid.columns, ['one', 'two'])
+        grid.append('one', 'two', 'three')
+        self.assertEqual(grid.columns, ['one', 'two', 'three'])
+
    def test_remove(self):
        grid = self.make_grid(columns=['one', 'two', 'three', 'four'])
        self.assertEqual(grid.columns, ['one', 'two', 'three', 'four'])
--- a/tests/test_util.py
+++ b/tests/test_util.py
@ -442,6 +442,14 @@ class TestGetModelFields(TestCase):
        self.config = WuttaConfig()
        self.app = self.config.get_app()

+    def test_empty_model_class(self):
+        fields = util.get_model_fields(self.config)
+        self.assertIsNone(fields)
+
+    def test_unknown_model_class(self):
+        fields = util.get_model_fields(self.config, TestCase)
+        self.assertIsNone(fields)
+
    def test_basic(self):
        model = self.app.model
        fields = util.get_model_fields(self.config, model.Setting)
--- a/tests/views/test_users.py
+++ b/tests/views/test_users.py
@ -30,11 +30,29 @@ class TestUserView(WebTestCase):

    def test_configure_form(self):
        model = self.app.model
+        barney = model.User(username='barney')
+        self.session.add(barney)
+        self.session.commit()
        view = self.make_view()
-        form = view.make_form(model_class=model.Person)
-        self.assertIsNone(form.is_required('person'))
-        view.configure_form(form)
-        self.assertFalse(form.is_required('person'))
+
+        # person is *not* required
+        with patch.object(view, 'creating', new=True):
+            form = view.make_form(model_class=model.User)
+            self.assertIsNone(form.is_required('person'))
+            view.configure_form(form)
+            self.assertFalse(form.is_required('person'))
+
+        # password removed (always, for now)
+        with patch.object(view, 'viewing', new=True):
+            form = view.make_form(model_instance=barney)
+            self.assertIn('password', form)
+            view.configure_form(form)
+            self.assertNotIn('password', form)
+        with patch.object(view, 'editing', new=True):
+            form = view.make_form(model_instance=barney)
+            self.assertIn('password', form)
+            view.configure_form(form)
+            self.assertNotIn('password', form)

    def test_unique_username(self):
        model = self.app.model
@ -55,3 +73,103 @@ class TestUserView(WebTestCase):
            self.request.matchdict = {'uuid': user.uuid}
            node = colander.SchemaNode(colander.String(), name='username')
            self.assertIsNone(view.unique_username(node, 'foo'))
+
+    def test_objectify(self):
+        model = self.app.model
+        blokes = model.Role(name="Blokes")
+        self.session.add(blokes)
+        others = model.Role(name="Others")
+        self.session.add(others)
+        barney = model.User(username='barney')
+        barney.roles.append(blokes)
+        self.session.add(barney)
+        self.session.commit()
+        view = self.make_view()
+        view.editing = True
+        self.request.matchdict = {'uuid': barney.uuid}
+
+        # sanity check, user is just in 'blokes' role
+        self.session.refresh(barney)
+        self.assertEqual(len(barney.roles), 1)
+        self.assertEqual(barney.roles[0].name, "Blokes")
+
+        # form can update user roles
+        form = view.make_model_form(model_instance=barney)
+        form.validated = {'username': 'barney', 'roles': {others.uuid}}
+        user = view.objectify(form, session=self.session)
+        self.assertIs(user, barney)
+        self.assertEqual(len(user.roles), 1)
+        self.assertEqual(user.roles[0].name, "Others")
+
+    def test_update_roles(self):
+        model = self.app.model
+        auth = self.app.get_auth_handler()
+        admin = auth.get_role_administrator(self.session)
+        authed = auth.get_role_authenticated(self.session)
+        anon = auth.get_role_anonymous(self.session)
+        blokes = model.Role(name="Blokes")
+        self.session.add(blokes)
+        others = model.Role(name="Others")
+        self.session.add(others)
+        barney = model.User(username='barney')
+        barney.roles.append(blokes)
+        self.session.add(barney)
+        self.session.commit()
+        view = self.make_view()
+        view.editing = True
+        self.request.matchdict = {'uuid': barney.uuid}
+
+        # no error if data is missing roles
+        form = view.make_model_form(model_instance=barney)
+        form.validated = {'username': 'barneyx'}
+        user = view.objectify(form, session=self.session)
+        self.assertIs(user, barney)
+        self.assertEqual(barney.username, 'barneyx')
+
+        # sanity check, user is just in 'blokes' role
+        self.session.refresh(barney)
+        self.assertEqual(len(barney.roles), 1)
+        self.assertEqual(barney.roles[0].name, "Blokes")
+
+        # let's test a bunch at once to ensure:
+        # - user roles are updated
+        # - authed / anon roles are not added
+        # - admin role not added if current user is not root
+        form = view.make_model_form(model_instance=barney)
+        form.validated = {'username': 'barney',
+                          'roles': {admin.uuid, authed.uuid, anon.uuid, others.uuid}}
+        user = view.objectify(form, session=self.session)
+        self.assertIs(user, barney)
+        self.assertEqual(len(user.roles), 1)
+        self.assertEqual(user.roles[0].name, "Others")
+
+        # let's test a bunch at once to ensure:
+        # - user roles are updated
+        # - admin role is added if current user is root
+        self.request.is_root = True
+        form = view.make_model_form(model_instance=barney)
+        form.validated = {'username': 'barney',
+                          'roles': {admin.uuid, blokes.uuid, others.uuid}}
+        user = view.objectify(form, session=self.session)
+        self.assertIs(user, barney)
+        self.assertEqual(len(user.roles), 3)
+        role_uuids = set([role.uuid for role in user.roles])
+        self.assertEqual(role_uuids, {admin.uuid, blokes.uuid, others.uuid})
+
+        # admin role not removed if current user is not root
+        self.request.is_root = False
+        form = view.make_model_form(model_instance=barney)
+        form.validated = {'username': 'barney',
+                          'roles': {blokes.uuid, others.uuid}}
+        user = view.objectify(form, session=self.session)
+        self.assertIs(user, barney)
+        self.assertEqual(len(user.roles), 3)
+
+        # admin role is removed if current user is root
+        self.request.is_root = True
+        form = view.make_model_form(model_instance=barney)
+        form.validated = {'username': 'barney',
+                          'roles': {blokes.uuid, others.uuid}}
+        user = view.objectify(form, session=self.session)
+        self.assertIs(user, barney)
+        self.assertEqual(len(user.roles), 2)