github.com/blystad/deis@v0.11.0/controller/api/tests/test_perm.py (about) 1 2 from __future__ import unicode_literals 3 import json 4 5 from django.test import TestCase 6 from django.test.utils import override_settings 7 8 9 @override_settings(CELERY_ALWAYS_EAGER=True) 10 class TestAdminPerms(TestCase): 11 12 def test_first_signup(self): 13 # register a first user 14 username, password = 'firstuser', 'password' 15 email = 'autotest@deis.io' 16 submit = { 17 'username': username, 18 'password': password, 19 'email': email, 20 } 21 url = '/api/auth/register' 22 response = self.client.post(url, json.dumps(submit), content_type='application/json') 23 self.assertEqual(response.status_code, 201) 24 self.assertTrue(response.data['is_superuser']) 25 # register a second user 26 username, password = 'seconduser', 'password' 27 email = 'autotest@deis.io' 28 submit = { 29 'username': username, 30 'password': password, 31 'email': email, 32 } 33 url = '/api/auth/register' 34 response = self.client.post(url, json.dumps(submit), content_type='application/json') 35 self.assertEqual(response.status_code, 201) 36 self.assertFalse(response.data['is_superuser']) 37 38 def test_list(self): 39 submit = { 40 'username': 'firstuser', 41 'password': 'password', 42 'email': 'autotest@deis.io', 43 } 44 url = '/api/auth/register' 45 response = self.client.post(url, json.dumps(submit), content_type='application/json') 46 self.assertEqual(response.status_code, 201) 47 self.assertTrue(response.data['is_superuser']) 48 self.assertTrue( 49 self.client.login(username='firstuser', password='password')) 50 response = self.client.get('/api/admin/perms', content_type='application/json') 51 self.assertEqual(response.status_code, 200) 52 self.assertEqual(len(response.data['results']), 1) 53 self.assertEqual(response.data['results'][0]['username'], 'firstuser') 54 self.assertTrue(response.data['results'][0]['is_superuser']) 55 # register a non-superuser 56 submit = { 57 'username': 'seconduser', 58 'password': 'password', 59 'email': 'autotest@deis.io', 60 } 61 url = '/api/auth/register' 62 response = self.client.post(url, json.dumps(submit), content_type='application/json') 63 self.assertEqual(response.status_code, 201) 64 self.assertFalse(response.data['is_superuser']) 65 self.assertTrue( 66 self.client.login(username='seconduser', password='password')) 67 response = self.client.get('/api/admin/perms', content_type='application/json') 68 self.assertEqual(response.status_code, 403) 69 self.assertIn('You do not have permission', response.data['detail']) 70 71 def test_create(self): 72 submit = { 73 'username': 'first', 74 'password': 'password', 75 'email': 'autotest@deis.io', 76 } 77 url = '/api/auth/register' 78 response = self.client.post(url, json.dumps(submit), content_type='application/json') 79 self.assertEqual(response.status_code, 201) 80 self.assertTrue(response.data['is_superuser']) 81 submit = { 82 'username': 'second', 83 'password': 'password', 84 'email': 'autotest@deis.io', 85 } 86 url = '/api/auth/register' 87 response = self.client.post(url, json.dumps(submit), content_type='application/json') 88 self.assertEqual(response.status_code, 201) 89 self.assertFalse(response.data['is_superuser']) 90 self.assertTrue( 91 self.client.login(username='first', password='password')) 92 # grant user 2 the superuser perm 93 url = '/api/admin/perms' 94 body = {'username': 'second'} 95 response = self.client.post(url, json.dumps(body), content_type='application/json') 96 self.assertEqual(response.status_code, 201) 97 response = self.client.get(url) 98 self.assertEqual(response.status_code, 200) 99 self.assertEqual(len(response.data['results']), 2) 100 self.assertIn('second', str(response.data['results'])) 101 102 def test_delete(self): 103 submit = { 104 'username': 'first', 105 'password': 'password', 106 'email': 'autotest@deis.io', 107 } 108 url = '/api/auth/register' 109 response = self.client.post(url, json.dumps(submit), content_type='application/json') 110 self.assertEqual(response.status_code, 201) 111 self.assertTrue(response.data['is_superuser']) 112 submit = { 113 'username': 'second', 114 'password': 'password', 115 'email': 'autotest@deis.io', 116 } 117 url = '/api/auth/register' 118 response = self.client.post(url, json.dumps(submit), content_type='application/json') 119 self.assertEqual(response.status_code, 201) 120 self.assertFalse(response.data['is_superuser']) 121 self.assertTrue( 122 self.client.login(username='first', password='password')) 123 # grant user 2 the superuser perm 124 url = '/api/admin/perms' 125 body = {'username': 'second'} 126 response = self.client.post(url, json.dumps(body), content_type='application/json') 127 self.assertEqual(response.status_code, 201) 128 # revoke the superuser perm 129 response = self.client.delete(url + '/second') 130 self.assertEqual(response.status_code, 204) 131 response = self.client.get(url) 132 self.assertEqual(response.status_code, 200) 133 self.assertEqual(len(response.data['results']), 1) 134 self.assertNotIn('two', str(response.data['results'])) 135 136 137 @override_settings(CELERY_ALWAYS_EAGER=True) 138 class TestAppPerms(TestCase): 139 140 fixtures = ['test_sharing.json'] 141 142 def setUp(self): 143 self.assertTrue( 144 self.client.login(username='autotest-1', password='password')) 145 146 def test_create(self): 147 # check that user 1 sees her lone app 148 response = self.client.get('/api/apps') 149 self.assertEqual(response.status_code, 200) 150 self.assertEqual(len(response.data['results']), 1) 151 app_id = response.data['results'][0]['id'] 152 # check that user 2 can't see any apps 153 self.assertTrue( 154 self.client.login(username='autotest-2', password='password')) 155 response = self.client.get('/api/apps') 156 self.assertEqual(len(response.data['results']), 0) 157 # check that user 2 can't see any of the app's builds, configs, 158 # containers, limits, or releases 159 for model in ['builds', 'config', 'containers', 'limits', 'releases']: 160 response = self.client.get("/api/apps/{}/{}/".format(app_id, model)) 161 self.assertEqual(response.data['detail'], 'Not found') 162 # TODO: test that git pushing to the app fails 163 # give user 2 permission to user 1's app 164 self.assertTrue( 165 self.client.login(username='autotest-1', password='password')) 166 url = "/api/apps/{}/perms".format(app_id) 167 body = {'username': 'autotest-2'} 168 response = self.client.post(url, json.dumps(body), content_type='application/json') 169 self.assertEqual(response.status_code, 201) 170 # check that user 2 can see the app 171 self.assertTrue( 172 self.client.login(username='autotest-2', password='password')) 173 response = self.client.get('/api/apps') 174 self.assertEqual(response.status_code, 200) 175 self.assertEqual(len(response.data['results']), 1) 176 # check that user 2 sees (empty) results now for builds, containers, 177 # and releases. (config and limit will still give 404s since we didn't 178 # push a build here.) 179 for model in ['builds', 'containers', 'releases']: 180 response = self.client.get("/api/apps/{}/{}/".format(app_id, model)) 181 self.assertEqual(len(response.data['results']), 0) 182 # TODO: check that user 2 can git push the app 183 184 def test_create_errors(self): 185 # check that user 1 sees her lone app 186 response = self.client.get('/api/apps') 187 app_id = response.data['results'][0]['id'] 188 # check that user 2 can't create a permission 189 self.assertTrue( 190 self.client.login(username='autotest-2', password='password')) 191 url = "/api/apps/{}/perms".format(app_id) 192 body = {'username': 'autotest-2'} 193 response = self.client.post(url, json.dumps(body), content_type='application/json') 194 self.assertEqual(response.status_code, 403) 195 196 def test_delete(self): 197 # give user 2 permission to user 1's app 198 self.assertTrue( 199 self.client.login(username='autotest-1', password='password')) 200 response = self.client.get('/api/apps') 201 app_id = response.data['results'][0]['id'] 202 url = "/api/apps/{}/perms".format(app_id) 203 body = {'username': 'autotest-2'} 204 response = self.client.post(url, json.dumps(body), content_type='application/json') 205 self.assertEqual(response.status_code, 201) 206 # check that user 2 can see the app 207 self.assertTrue( 208 self.client.login(username='autotest-2', password='password')) 209 response = self.client.get('/api/apps') 210 self.assertEqual(response.status_code, 200) 211 self.assertEqual(len(response.data['results']), 1) 212 # try to delete the permission as user 2 213 url = "/api/apps/{}/perms/{}".format(app_id, 'autotest-2') 214 response = self.client.delete(url, content_type='application/json') 215 self.assertEqual(response.status_code, 403) 216 self.assertIsNone(response.data) 217 # delete permission to user 1's app 218 self.assertTrue( 219 self.client.login(username='autotest-1', password='password')) 220 response = self.client.delete(url, content_type='application/json') 221 self.assertEqual(response.status_code, 204) 222 self.assertIsNone(response.data) 223 # check that user 2 can't see any apps 224 self.assertTrue( 225 self.client.login(username='autotest-2', password='password')) 226 response = self.client.get('/api/apps') 227 self.assertEqual(len(response.data['results']), 0) 228 # delete permission to user 1's app again, expecting an error 229 self.assertTrue( 230 self.client.login(username='autotest-1', password='password')) 231 response = self.client.delete(url, content_type='application/json') 232 self.assertEqual(response.status_code, 404) 233 234 def test_list(self): 235 # check that user 1 sees her lone app 236 response = self.client.get('/api/apps') 237 self.assertEqual(response.status_code, 200) 238 self.assertEqual(len(response.data['results']), 1) 239 app_id = response.data['results'][0]['id'] 240 # create a new object permission 241 url = "/api/apps/{}/perms".format(app_id) 242 body = {'username': 'autotest-2'} 243 response = self.client.post(url, json.dumps(body), content_type='application/json') 244 self.assertEqual(response.status_code, 201) 245 # list perms on the app 246 response = self.client.get( 247 "/api/apps/{}/perms".format(app_id), content_type='application/json') 248 self.assertEqual(response.data, {'users': ['autotest-2']}) 249 250 def test_list_errors(self): 251 response = self.client.get('/api/apps') 252 app_id = response.data['results'][0]['id'] 253 # login as user 2 254 self.assertTrue( 255 self.client.login(username='autotest-2', password='password')) 256 # list perms on the app 257 response = self.client.get( 258 "/api/apps/{}/perms".format(app_id), content_type='application/json') 259 self.assertEqual(response.status_code, 403)