|
1
|
1 |
|
import json |
|
2
|
|
|
|
|
3
|
1 |
|
from rest_framework import status |
|
4
|
1 |
|
from rest_framework.test import APITestCase, force_authenticate |
|
5
|
|
|
|
|
6
|
1 |
|
from sigma_core.models.group import Group |
|
7
|
1 |
|
from sigma_core.serializers.group import GroupSerializer |
|
8
|
1 |
|
from sigma_core.tests.factories import UserFactory, AdminUserFactory, GroupFactory, GroupAcknowledgmentFactory, GroupMemberFactory, ClusterFactory |
|
9
|
|
|
|
|
10
|
|
|
|
|
11
|
1 |
|
def reload(obj): |
|
12
|
1 |
|
return obj.__class__.objects.get(pk=obj.pk) |
|
13
|
|
|
|
|
14
|
1 |
|
|
|
15
|
|
|
class GroupTests(APITestCase): |
|
16
|
1 |
|
@classmethod |
|
17
|
1 |
|
def setUpTestData(self): |
|
18
|
|
|
# Summary: 1 cluster, 4 users + 1 admin, 5 groups (+1 group for the cluster) |
|
19
|
1 |
|
# Users #1 and #2 are in cluster #1 |
|
20
|
1 |
|
# User #5 is Sigma admin |
|
21
|
1 |
|
# Group #1 is public, others are private |
|
22
|
|
|
# Users #1 and #2 are members of group #3; user #1 is group admin |
|
23
|
1 |
|
# Users #3 and #4 are members of group #2; user #3 has invitation clearance, not user #4 |
|
24
|
|
|
# User #4 is member of group #5 |
|
25
|
1 |
|
# User #1 is invited to group #5 |
|
26
|
|
|
# Group #4 is acknowledged by cluster #1 |
|
27
|
|
|
|
|
28
|
1 |
|
super(GroupTests, self).setUpTestData() |
|
29
|
|
|
self.clusters = ClusterFactory.create_batch(1) |
|
30
|
1 |
|
self.groups = GroupFactory.create_batch(5, is_private=True) |
|
31
|
1 |
|
self.users = UserFactory.create_batch(3) + [AdminUserFactory()] |
|
32
|
|
|
|
|
33
|
|
|
# Group #1 is public |
|
34
|
|
|
self.groups[0].is_private = False |
|
35
|
|
|
self.groups[0].default_member_rank = 1 |
|
36
|
|
|
self.groups[0].name = "Public group without invitation" |
|
37
|
|
|
self.groups[0].save() |
|
38
|
|
|
|
|
39
|
1 |
|
# Group #2 clearance parameters |
|
40
|
|
|
self.groups[1].req_rank_invite = 5 |
|
41
|
1 |
|
self.groups[1].save() |
|
42
|
1 |
|
|
|
43
|
1 |
|
# Users in cluster |
|
44
|
1 |
|
self.users[0].clusters.add(self.clusters[0]) |
|
45
|
|
|
self.users[1].clusters.add(self.clusters[0]) |
|
46
|
|
|
GroupMemberFactory(user=self.users[0], group=self.clusters[0].group_ptr) |
|
47
|
1 |
|
GroupMemberFactory(user=self.users[1], group=self.clusters[0].group_ptr) |
|
48
|
|
|
# Users in group #2 |
|
49
|
1 |
|
GroupMemberFactory(user=self.users[2], group=self.groups[1], perm_rank=self.groups[1].req_rank_invite) |
|
50
|
1 |
|
GroupMemberFactory(user=self.users[3], group=self.groups[1]) |
|
51
|
|
|
# Users in group #3 |
|
52
|
|
|
GroupMemberFactory(user=self.users[0], group=self.groups[2], perm_rank=Group.ADMINISTRATOR_RANK) |
|
53
|
|
|
GroupMemberFactory(user=self.users[1], group=self.groups[2]) |
|
54
|
|
|
# Users in group #5 |
|
55
|
|
|
GroupMemberFactory(user=self.users[3], group=self.groups[4]) |
|
56
|
1 |
|
# User #1 is invited to group #5 |
|
57
|
|
|
self.users[0].invited_to_groups.add(self.groups[4]) |
|
58
|
1 |
|
|
|
59
|
1 |
|
# GroupAcknowledgment |
|
60
|
1 |
|
GroupAcknowledgmentFactory(subgroup=self.groups[3], parent_group=self.clusters[0].group_ptr, validated=True) |
|
61
|
1 |
|
|
|
62
|
|
|
self.groups_url = "/group/" |
|
63
|
|
|
self.group_url = self.groups_url + "%d/" |
|
64
|
|
|
|
|
65
|
|
|
self.new_private_group_data = {"name": "New private group", "is_private": True} |
|
66
|
|
|
self.new_public_group_data = {"name": "New public group", "is_private": False} |
|
67
|
|
|
self.invite_data = {"user_id": self.users[0].id} |
|
68
|
|
|
|
|
69
|
|
|
#### Model methods test |
|
70
|
|
|
def test_model_group(self): |
|
71
|
|
|
self.assertEqual(self.clusters[0].group_ptr.members_count, 2) |
|
72
|
|
|
self.assertFalse(self.groups[1].can_anyone_join()) |
|
73
|
|
|
self.assertTrue(self.groups[0].can_anyone_join()) |
|
74
|
|
|
self.assertEqual(self.groups[0].__str__(), "Public group without invitation") |
|
75
|
|
|
self.assertSetEqual(set(self.clusters[0].subgroups_list), set([self.groups[3]])) |
|
76
|
|
|
self.assertSetEqual(set(self.groups[3].group_parents_list), set([self.clusters[0].group_ptr])) |
|
77
|
|
|
|
|
78
|
|
|
#### List requests |
|
79
|
|
|
def test_get_groups_list_unauthed(self): |
|
80
|
|
|
# Client not authenticated |
|
81
|
|
|
response = self.client.get(self.groups_url) |
|
82
|
|
|
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) |
|
83
|
|
|
|
|
84
|
|
|
def test_get_groups_list_limited_1(self): |
|
85
|
|
|
# Client authenticated and can see limited list of groups |
|
86
|
|
|
self.client.force_authenticate(user=self.users[0]) |
|
87
|
|
|
response = self.client.get(self.groups_url) |
|
88
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
89
|
|
|
self.assertEqual(len(response.data), 5) |
|
90
|
|
|
self.assertIn(self.groups[0].id, [d['id'] for d in response.data]) |
|
91
|
|
|
self.assertNotIn(self.groups[1].id, [d['id'] for d in response.data]) |
|
92
|
|
|
|
|
93
|
|
View Code Duplication |
def test_get_groups_list_limited_2(self): |
|
|
|
|
|
|
94
|
|
|
# Client authenticated and can see limited list of groups |
|
95
|
|
|
self.client.force_authenticate(user=self.users[1]) |
|
96
|
|
|
response = self.client.get(self.groups_url) |
|
97
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
98
|
|
|
self.assertEqual(len(response.data), 4) |
|
99
|
|
|
self.assertNotIn(self.groups[4].id, [d['id'] for d in response.data]) |
|
100
|
|
|
|
|
101
|
|
|
def test_get_groups_list_admin(self): |
|
102
|
|
|
# Client authenticated and can see limited list of groups |
|
103
|
|
|
self.client.force_authenticate(user=self.users[-1]) |
|
104
|
|
|
response = self.client.get(self.groups_url) |
|
105
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
106
|
|
|
self.assertEqual(len(response.data), 6) |
|
107
|
|
|
|
|
108
|
|
|
#### Get requests |
|
109
|
|
|
def test_get_group_unauthed(self): |
|
110
|
|
|
# Client is not authenticated |
|
111
|
|
|
response = self.client.get(self.group_url % self.groups[0].id) |
|
112
|
|
|
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) |
|
113
|
|
|
|
|
114
|
|
|
def test_get_group_public(self): |
|
115
|
|
|
# Client can see public group |
|
116
|
|
|
self.client.force_authenticate(user=self.users[0]) |
|
117
|
|
|
response = self.client.get(self.group_url % self.groups[0].id) |
|
118
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
119
|
|
|
|
|
120
|
|
|
def test_get_group_private(self): |
|
121
|
|
|
# Client cannot see private group if he's not a member |
|
122
|
|
|
self.client.force_authenticate(user=self.users[0]) |
|
123
|
|
|
response = self.client.get(self.group_url % self.groups[1].id) |
|
124
|
|
|
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) |
|
125
|
|
|
|
|
126
|
|
|
def test_get_group_member(self): |
|
127
|
|
|
# Client can see private group if he is a member |
|
128
|
|
|
self.client.force_authenticate(user=self.users[0]) |
|
129
|
|
|
response = self.client.get(self.group_url % self.groups[2].id) |
|
130
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
131
|
|
|
|
|
132
|
|
|
def test_get_group_acknowledged(self): |
|
133
|
|
|
# Client can see private group if it has been acknowledged by one of his groups |
|
134
|
|
|
self.client.force_authenticate(user=self.users[0]) |
|
135
|
|
|
response = self.client.get(self.group_url % self.groups[3].id) |
|
136
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
137
|
|
|
|
|
138
|
|
|
def test_get_group_invited(self): |
|
139
|
|
|
# Client can see private if he has been invited to it |
|
140
|
|
|
self.client.force_authenticate(user=self.users[0]) |
|
141
|
|
|
response = self.client.get(self.group_url % self.groups[4].id) |
|
142
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
143
|
|
|
|
|
144
|
|
|
#### Create requests |
|
145
|
|
|
def test_create_unauthed(self): |
|
146
|
|
|
# Client is not authenticated |
|
147
|
|
|
response = self.client.post(self.groups_url, self.new_private_group_data) |
|
148
|
|
|
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) |
|
149
|
|
|
|
|
150
|
|
|
def test_create_private_group(self): |
|
151
|
|
|
# Everybody can create a group |
|
152
|
|
|
self.client.force_authenticate(user=self.users[1]) |
|
153
|
|
|
response = self.client.post(self.groups_url, self.new_private_group_data) |
|
154
|
|
|
self.assertEqual(response.status_code, status.HTTP_201_CREATED) |
|
155
|
|
|
self.assertEqual(response.data['name'], self.new_private_group_data['name']) |
|
156
|
|
|
self.assertEqual(response.data['is_private'], True) |
|
157
|
|
|
Group.objects.get(pk=response.data['id']).delete() |
|
158
|
|
|
|
|
159
|
|
View Code Duplication |
def test_create_public_group(self): |
|
|
|
|
|
|
160
|
|
|
# Everybody can create a public group |
|
161
|
|
|
self.client.force_authenticate(user=self.users[1]) |
|
162
|
|
|
response = self.client.post(self.groups_url, self.new_public_group_data) |
|
163
|
|
|
self.assertEqual(response.status_code, status.HTTP_201_CREATED) |
|
164
|
|
|
self.assertEqual(response.data['is_private'], False) |
|
165
|
|
|
Group.objects.get(pk=response.data['id']).delete() |
|
166
|
|
|
|
|
167
|
|
|
#### Modification requests |
|
168
|
|
|
def test_update_unauthed(self): |
|
169
|
|
|
# Unauthed client cannot update a group |
|
170
|
|
|
update_group_data = GroupSerializer(self.groups[2]).data |
|
171
|
|
|
response = self.client.put(self.group_url % self.groups[2].id, update_group_data) |
|
172
|
|
|
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) |
|
173
|
|
|
|
|
174
|
|
|
def test_update_forbidden(self): |
|
175
|
|
|
# Client cannot update a group if he hasn't clearance |
|
176
|
|
|
update_group_data = GroupSerializer(self.groups[2]).data |
|
177
|
|
|
self.client.force_authenticate(user=self.users[1]) |
|
178
|
|
|
response = self.client.put(self.group_url % self.groups[2].id, update_group_data) |
|
179
|
|
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) |
|
180
|
|
|
|
|
181
|
|
View Code Duplication |
def test_update_ok(self): |
|
|
|
|
|
|
182
|
|
|
# Client can update a group if he has clearance |
|
183
|
|
|
update_group_data = GroupSerializer(self.groups[2]).data |
|
184
|
|
|
self.client.force_authenticate(user=self.users[0]) |
|
185
|
|
|
old_name = update_group_data['name'] |
|
186
|
|
|
update_group_data['name'] = "A new name" |
|
187
|
|
|
response = self.client.put(self.group_url % self.groups[2].id, update_group_data) |
|
188
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
189
|
|
|
self.assertEqual(reload(self.groups[2]).name, update_group_data['name']) |
|
190
|
|
|
# Guarantee independance of tests |
|
191
|
|
|
self.groups[2].name = old_name |
|
192
|
|
|
self.groups[2].save() |
|
193
|
|
|
|
|
194
|
|
|
def test_update_group_by_acknowledgment_delegation(self): # TODO |
|
195
|
|
|
pass |
|
196
|
|
|
|
|
197
|
|
|
#### Deletion requests |
|
198
|
|
|
|
|
199
|
|
|
#### Invitation requests |
|
200
|
|
|
def test_invite_unauthed(self): |
|
201
|
|
|
response = self.client.put((self.group_url + "invite/") % self.groups[1].id, self.invite_data) |
|
202
|
|
|
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) |
|
203
|
|
|
|
|
204
|
|
|
def test_invite_forbidden(self): |
|
205
|
|
|
# Client has not perms to invite |
|
206
|
|
|
self.client.force_authenticate(user=self.users[3]) |
|
207
|
|
|
response = self.client.put((self.group_url + "invite/") % self.groups[1].id, self.invite_data) |
|
208
|
|
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) |
|
209
|
|
|
|
|
210
|
|
|
def test_invite_ok(self): |
|
211
|
|
|
# Client has perms to invite |
|
212
|
|
|
self.client.force_authenticate(user=self.users[2]) |
|
213
|
|
|
response = self.client.put((self.group_url + "invite/") % self.groups[1].id, self.invite_data) |
|
214
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
215
|
|
|
self.assertIn(self.groups[1], reload(self.users[0]).invited_to_groups.all()) |
|
216
|
|
|
# Guarantee independance of tests |
|
217
|
|
|
self.users[0].invited_to_groups.remove(self.groups[1]) |
|
218
|
|
|
|
|
219
|
|
|
def test_invite_duplicate(self): |
|
220
|
|
|
# Client wants to invite someone who has already received an invitation |
|
221
|
|
|
self.client.force_authenticate(user=self.users[3]) |
|
222
|
|
|
response = self.client.put((self.group_url + "invite/") % self.groups[4].id, self.invite_data) |
|
223
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
224
|
|
|
|
|
225
|
|
|
def test_invite_already_member(self): |
|
226
|
|
|
# Client wants to invite a member |
|
227
|
|
|
self.client.force_authenticate(user=self.users[1]) |
|
228
|
|
|
response = self.client.put((self.group_url + "invite/") % self.groups[2].id, self.invite_data) |
|
229
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) |
|
230
|
|
|
|
ProjetSigma /
backend
Loading history...