feat: expose User "roles" for editing
This commit is contained in:
Lance Edgar
parent
bdfa0197b2
commit
97e914c2e0
13 changed files with 492 additions and 39 deletions
|
|
@ -30,11 +30,29 @@ class TestUserView(WebTestCase):
|
|||
|
||||
def test_configure_form(self):
|
||||
model = self.app.model
|
||||
barney = model.User(username='barney')
|
||||
self.session.add(barney)
|
||||
self.session.commit()
|
||||
view = self.make_view()
|
||||
form = view.make_form(model_class=model.Person)
|
||||
self.assertIsNone(form.is_required('person'))
|
||||
view.configure_form(form)
|
||||
self.assertFalse(form.is_required('person'))
|
||||
|
||||
# person is *not* required
|
||||
with patch.object(view, 'creating', new=True):
|
||||
form = view.make_form(model_class=model.User)
|
||||
self.assertIsNone(form.is_required('person'))
|
||||
view.configure_form(form)
|
||||
self.assertFalse(form.is_required('person'))
|
||||
|
||||
# password removed (always, for now)
|
||||
with patch.object(view, 'viewing', new=True):
|
||||
form = view.make_form(model_instance=barney)
|
||||
self.assertIn('password', form)
|
||||
view.configure_form(form)
|
||||
self.assertNotIn('password', form)
|
||||
with patch.object(view, 'editing', new=True):
|
||||
form = view.make_form(model_instance=barney)
|
||||
self.assertIn('password', form)
|
||||
view.configure_form(form)
|
||||
self.assertNotIn('password', form)
|
||||
|
||||
def test_unique_username(self):
|
||||
model = self.app.model
|
||||
|
|
@ -55,3 +73,103 @@ class TestUserView(WebTestCase):
|
|||
self.request.matchdict = {'uuid': user.uuid}
|
||||
node = colander.SchemaNode(colander.String(), name='username')
|
||||
self.assertIsNone(view.unique_username(node, 'foo'))
|
||||
|
||||
def test_objectify(self):
|
||||
model = self.app.model
|
||||
blokes = model.Role(name="Blokes")
|
||||
self.session.add(blokes)
|
||||
others = model.Role(name="Others")
|
||||
self.session.add(others)
|
||||
barney = model.User(username='barney')
|
||||
barney.roles.append(blokes)
|
||||
self.session.add(barney)
|
||||
self.session.commit()
|
||||
view = self.make_view()
|
||||
view.editing = True
|
||||
self.request.matchdict = {'uuid': barney.uuid}
|
||||
|
||||
# sanity check, user is just in 'blokes' role
|
||||
self.session.refresh(barney)
|
||||
self.assertEqual(len(barney.roles), 1)
|
||||
self.assertEqual(barney.roles[0].name, "Blokes")
|
||||
|
||||
# form can update user roles
|
||||
form = view.make_model_form(model_instance=barney)
|
||||
form.validated = {'username': 'barney', 'roles': {others.uuid}}
|
||||
user = view.objectify(form, session=self.session)
|
||||
self.assertIs(user, barney)
|
||||
self.assertEqual(len(user.roles), 1)
|
||||
self.assertEqual(user.roles[0].name, "Others")
|
||||
|
||||
def test_update_roles(self):
|
||||
model = self.app.model
|
||||
auth = self.app.get_auth_handler()
|
||||
admin = auth.get_role_administrator(self.session)
|
||||
authed = auth.get_role_authenticated(self.session)
|
||||
anon = auth.get_role_anonymous(self.session)
|
||||
blokes = model.Role(name="Blokes")
|
||||
self.session.add(blokes)
|
||||
others = model.Role(name="Others")
|
||||
self.session.add(others)
|
||||
barney = model.User(username='barney')
|
||||
barney.roles.append(blokes)
|
||||
self.session.add(barney)
|
||||
self.session.commit()
|
||||
view = self.make_view()
|
||||
view.editing = True
|
||||
self.request.matchdict = {'uuid': barney.uuid}
|
||||
|
||||
# no error if data is missing roles
|
||||
form = view.make_model_form(model_instance=barney)
|
||||
form.validated = {'username': 'barneyx'}
|
||||
user = view.objectify(form, session=self.session)
|
||||
self.assertIs(user, barney)
|
||||
self.assertEqual(barney.username, 'barneyx')
|
||||
|
||||
# sanity check, user is just in 'blokes' role
|
||||
self.session.refresh(barney)
|
||||
self.assertEqual(len(barney.roles), 1)
|
||||
self.assertEqual(barney.roles[0].name, "Blokes")
|
||||
|
||||
# let's test a bunch at once to ensure:
|
||||
# - user roles are updated
|
||||
# - authed / anon roles are not added
|
||||
# - admin role not added if current user is not root
|
||||
form = view.make_model_form(model_instance=barney)
|
||||
form.validated = {'username': 'barney',
|
||||
'roles': {admin.uuid, authed.uuid, anon.uuid, others.uuid}}
|
||||
user = view.objectify(form, session=self.session)
|
||||
self.assertIs(user, barney)
|
||||
self.assertEqual(len(user.roles), 1)
|
||||
self.assertEqual(user.roles[0].name, "Others")
|
||||
|
||||
# let's test a bunch at once to ensure:
|
||||
# - user roles are updated
|
||||
# - admin role is added if current user is root
|
||||
self.request.is_root = True
|
||||
form = view.make_model_form(model_instance=barney)
|
||||
form.validated = {'username': 'barney',
|
||||
'roles': {admin.uuid, blokes.uuid, others.uuid}}
|
||||
user = view.objectify(form, session=self.session)
|
||||
self.assertIs(user, barney)
|
||||
self.assertEqual(len(user.roles), 3)
|
||||
role_uuids = set([role.uuid for role in user.roles])
|
||||
self.assertEqual(role_uuids, {admin.uuid, blokes.uuid, others.uuid})
|
||||
|
||||
# admin role not removed if current user is not root
|
||||
self.request.is_root = False
|
||||
form = view.make_model_form(model_instance=barney)
|
||||
form.validated = {'username': 'barney',
|
||||
'roles': {blokes.uuid, others.uuid}}
|
||||
user = view.objectify(form, session=self.session)
|
||||
self.assertIs(user, barney)
|
||||
self.assertEqual(len(user.roles), 3)
|
||||
|
||||
# admin role is removed if current user is root
|
||||
self.request.is_root = True
|
||||
form = view.make_model_form(model_instance=barney)
|
||||
form.validated = {'username': 'barney',
|
||||
'roles': {blokes.uuid, others.uuid}}
|
||||
user = view.objectify(form, session=self.session)
|
||||
self.assertIs(user, barney)
|
||||
self.assertEqual(len(user.roles), 2)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue