Skip to content

Commit

Permalink
Add initial tests for permissions
Browse files Browse the repository at this point in the history
- Add tests for user without any role assigned and user without necessary scope
- Add more mock data for tests
- Add additional user_headers for different users
  • Loading branch information
dmtrek14 committed Nov 14, 2023
1 parent 170f51a commit 2602604
Show file tree
Hide file tree
Showing 4 changed files with 108 additions and 4 deletions.
32 changes: 32 additions & 0 deletions api/tests/conftest.py
Original file line number Diff line number Diff line change
Expand Up @@ -66,3 +66,35 @@ def get_regular_user_token_headers(client: TestClient) -> Dict[str, str]:
token = create_access_token(user)
headers = {"Authorization": f"Bearer {token}"}
return headers


@pytest.fixture(scope="module")
def get_user_without_roles_token_headers(client: TestClient) -> Dict[str, str]:
user = {
"aud": "account",
"roles": [],
"name": "Danaerys",
"preferred_username": "no_roles",
"given_name": "Danaerys",
"family_name": "Targaryen",
"email": "mother_of_dragons@westeros.com",
}
token = create_access_token(user)
headers = {"Authorization": f"Bearer {token}"}
return headers


@pytest.fixture(scope="module")
def get_user_missing_scopes_token_headers(client: TestClient) -> Dict[str, str]:
user = {
"aud": "account",
"roles": ["few scopes"],
"name": "Leslie",
"preferred_username": "missing_scope",
"given_name": "Leslie",
"family_name": "Knope",
"email": "knope@pawnee.gov",
}
token = create_access_token(user)
headers = {"Authorization": f"Bearer {token}"}
return headers
2 changes: 1 addition & 1 deletion api/tests/routers/test_main.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
from fastapi.testclient import TestClient


def test_status_enpoint(client: TestClient) -> None:
def test_status_endpoint(client: TestClient) -> None:
response = client.get(
"/status",
)
Expand Down
23 changes: 23 additions & 0 deletions api/tests/routers/v1/test_timelog.py
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,16 @@ def test_get_task_types_authenticated(client: TestClient, get_regular_user_token
assert task_types == expected_types


def test_get_task_types_no_scope(client: TestClient, get_user_missing_scopes_token_headers: Dict[str, str]) -> None:
response = client.get(
f"{API_BASE_URL}/v1/timelog/task_types/",
headers=get_user_missing_scopes_token_headers,
)
assert response.status_code == HTTPStatus.FORBIDDEN
res = response.json()
assert res["detail"] == "You do not have permission to perform this action."


def test_get_user_cannot_get_templates_from_other_user(
client: TestClient, get_regular_user_token_headers: Dict[str, str]
) -> None:
Expand Down Expand Up @@ -344,6 +354,19 @@ def test_regular_user_cannot_get_other_users_tasks(
assert res["detail"] == "You are not authorized to view tasks for this user"


def test_user_without_any_roles_cannot_get_tasks(
client: TestClient, get_user_without_roles_token_headers: Dict[str, str]
) -> None:
response = client.get(
f"{API_BASE_URL}/v1/timelog/tasks/",
headers=get_user_without_roles_token_headers,
params={"user_id": 6, "start": "2023-10-20", "end": "2023-10-20"},
)
assert response.status_code == HTTPStatus.UNAUTHORIZED
res = response.json()
assert res["detail"] == "You have not been assigned any roles in the application. Please speak to your sysadmin."


def test_create_task(client: TestClient, get_regular_user_token_headers: Dict[str, str]) -> None:
task_payload = {
"date": "2023-10-21",
Expand Down
55 changes: 52 additions & 3 deletions api/tests/utils/mock_data.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,14 +13,58 @@
{"login": "user", "password": "user"},
{"login": "admin", "password": "admin"},
{"login": "manager", "password": "manager"},
{"login": "human_resources", "password": "human_resources"},
{"login": "project_manager", "password": "project_manager"},
{"login": "no_roles", "password": "no_roles"},
{"login": "missing_scope", "password": "missing_scope"},
],
),
(
UserGroup,
[
{"id": 1, "name": "staff"},
{"id": 2, "name": "admin"},
{"id": 3, "name": "manager"},
{
"id": 1,
"name": "staff",
"scopes": (
"task:create-own,task:read-own,task:update-own,task:delete-own,task_type:read,"
"template:create-own,template:update-own,template:read-own,template:read-global,template:delete-own"
),
},
{
"id": 2,
"name": "admin",
"scopes": (
"task:create-own,task:read-own,task:update-own,task:delete-own,task_type:read,"
"template:create-own,template:update-own,template:read-own,template:read-global,"
"template:delete-own,template:create-global,template:update-global,template:delete-global"
),
},
{
"id": 3,
"name": "manager",
"scopes": (
"task:create-own,task:read-own,task:update-own,task:delete-own,task_type:read,"
"template:create-own,template:update-own,template:read-own,template:read-global,"
"template:delete-own,template:create-global,template:update-global,template:delete-global"
),
},
{
"id": 4,
"name": "human resources",
"scopes": (
"task:create-own,task:read-own,task:update-own,task:delete-own,task_type:read,"
"template:create-own,template:update-own,template:read-own,template:read-global,"
"template:delete-own"
),
},
{
"id": 5,
"name": "project manager",
"scopes": "task:create-own,task:read-own,task:update-own,task:delete-own,task_type:read,"
"template:create-own,template:update-own,template:read-own,template:read-global,"
"template:delete-own",
},
{"id": 6, "name": "few scopes", "scopes": "task:read-own"},
],
),
(
Expand All @@ -31,6 +75,11 @@
{"group_id": 2, "user_id": 2},
{"group_id": 1, "user_id": 3},
{"group_id": 3, "user_id": 3},
{"group_id": 1, "user_id": 4},
{"group_id": 4, "user_id": 4},
{"group_id": 1, "user_id": 5},
{"group_id": 5, "user_id": 5},
{"group_id": 6, "user_id": 7},
],
),
(
Expand Down

0 comments on commit 2602604

Please sign in to comment.