diff --git a/backend/geonature/tests/test_permissions.py b/backend/geonature/tests/test_permissions.py index a20882627e..4f43f15723 100644 --- a/backend/geonature/tests/test_permissions.py +++ b/backend/geonature/tests/test_permissions.py @@ -152,6 +152,94 @@ def _assert_cruved(role, cruved, module=None, object=None): @pytest.mark.usefixtures("temporary_transaction") class TestPermissions: + def test_module_objet_inheritance( + self, + permissions, + assert_cruved, + module_gn, + module_a, + module_b, + object_all, + object_a, + object_b, + ): + permissions("r1", "121-31", module=module_gn, object=object_all) # [r1_1] + + permissions("r1", "0123--", module=module_a, object=object_all) # [r1_2] + permissions("r1", "0121-3", module=module_b, object=object_all) # [r1_3] + + permissions("r1", "1-1---", module=module_a, object=object_a) # [r1_4] + permissions("r1", "--2---", module=module_a, object=object_b) # [r1_5] + permissions("r1", "----2-", module=module_b, object=object_a) # [r1_6] + permissions("r1", "-1----", module=module_b, object=object_b) # [r1_7] + + is_with_inheritance_modules_objects = True + + # Permissions added to keep "GEONATURE" module and "ALL" object inheritance + if is_with_inheritance_modules_objects: + # Inheritances from module "GEONATURE" + # - from [r1_1] + permissions("r1", "----31", module=module_a, object=object_all) # [r1_'1] given [r1_2] + permissions("r1", "----3-", module=module_b, object=object_all) # [r1_'2] given [r1_3] + + # Inheritances from module "A" and object "ALL" + # - from [r1_2] + permissions("r1", "-1-3--", module=module_a, object=object_a) # given [r1_4] + permissions("r1", "01-3--", module=module_a, object=object_b) # given [r1_5] + # - from [r1_3] + permissions("r1", "0121-3", module=module_b, object=object_a) # given [r1_6] + permissions("r1", "0-21-3", module=module_b, object=object_b) # given [r1_7] + + # Inheritances from module "GEONATURE" and object "ALL" + # - from [r1_'1] + permissions("r1", "----31", module=module_a, object=object_a) # given [r1_4] + permissions("r1", "----31", module=module_a, object=object_b) # given [r1_5] + # - from [r1_'2] + permissions("r1", "------", module=module_b, object=object_a) # given [r1_6] + permissions("r1", "----3-", module=module_b, object=object_b) # given [r1_7] + + ## Testing computed scope permissions + # With additional permissions to inherit "GEONATURE" and "ALL" + if is_with_inheritance_modules_objects: + # Scope permissions for "GEONATURE" and "ALL" + assert_cruved("r1", "121031") # given [r1_1] + assert_cruved("r2", "000000") # + assert_cruved("g1_r1", "000000") # + assert_cruved("g1_r2", "000000") # + assert_cruved("g2_r1", "000000") # + assert_cruved("g12_r1", "000000") # + assert_cruved("g12_r2", "000000") # + + # Scope permissions for "A" + assert_cruved("r1", "012331", module=module_a) # given [r1_2], then [r1_1] + assert_cruved("r1", "111331", module=module_a, object=object_a) + assert_cruved("r1", "012331", module=module_a, object=object_b) + + # Scope permissions for "B" + assert_cruved("r1", "012133", module=module_b) + assert_cruved("r1", "012133", module=module_b, object=object_a) + assert_cruved("r1", "012133", module=module_b, object=object_b) + # Without additional permissions to inherit "GEONATURE" and "ALL" + else: + # Scope permissions for "GEONATURE" and "ALL" + assert_cruved("r1", "121031") + assert_cruved("r2", "000000") + assert_cruved("g1_r1", "000000") + assert_cruved("g1_r2", "000000") + assert_cruved("g2_r1", "000000") + assert_cruved("g12_r1", "000000") + assert_cruved("g12_r2", "000000") + + # Scope permissions for "A" + assert_cruved("r1", "012300", module=module_a) + assert_cruved("r1", "000000", module=module_a, object=object_a) + assert_cruved("r1", "000000", module=module_a, object=object_b) + + # Scope permissions for "B" and "ALL" + assert_cruved("r1", "012103", module=module_b) + assert_cruved("r1", "000000", module=module_b, object=object_a) + assert_cruved("r1", "000000", module=module_b, object=object_b) + def test_no_right(self, assert_cruved, module_gn, module_a, object_a): assert_cruved("r1", "000000") assert_cruved("g1_r1", "000000", module_a)