diff --git a/CHANGELOG.md b/CHANGELOG.md index 7b8da411..a990a574 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ and this project adheres to ## Changed +- 🛂(backend) stop to list public doc to everyone #234 - 🚚(frontend) change visibility in share modal #235 diff --git a/src/backend/core/api/serializers.py b/src/backend/core/api/serializers.py index 793fa886..bad31f2f 100644 --- a/src/backend/core/api/serializers.py +++ b/src/backend/core/api/serializers.py @@ -66,9 +66,8 @@ class BaseAccessSerializer(serializers.ModelSerializer): "You must set a resource ID in kwargs to create a new access." ) from exc - teams = user.get_teams() if not self.Meta.model.objects.filter( # pylint: disable=no-member - Q(user=user) | Q(team__in=teams), + Q(user=user) | Q(team__in=user.teams), role__in=[models.RoleChoices.OWNER, models.RoleChoices.ADMIN], ).exists(): raise exceptions.PermissionDenied( @@ -78,7 +77,7 @@ class BaseAccessSerializer(serializers.ModelSerializer): if ( role == models.RoleChoices.OWNER and not self.Meta.model.objects.filter( # pylint: disable=no-member - Q(user=user) | Q(team__in=teams), + Q(user=user) | Q(team__in=user.teams), role=models.RoleChoices.OWNER, **{self.Meta.resource_field_name: resource_id}, # pylint: disable=no-member ).exists() @@ -272,9 +271,8 @@ class InvitationSerializer(serializers.ModelSerializer): "Anonymous users are not allowed to create invitations." ) - teams = user.get_teams() if not models.DocumentAccess.objects.filter( - Q(user=user) | Q(team__in=teams), + Q(user=user) | Q(team__in=user.teams), document=document_id, role__in=[models.RoleChoices.OWNER, models.RoleChoices.ADMIN], ).exists(): @@ -285,7 +283,7 @@ class InvitationSerializer(serializers.ModelSerializer): if ( role == models.RoleChoices.OWNER and not models.DocumentAccess.objects.filter( - Q(user=user) | Q(team__in=teams), + Q(user=user) | Q(team__in=user.teams), document=document_id, role=models.RoleChoices.OWNER, ).exists() diff --git a/src/backend/core/api/viewsets.py b/src/backend/core/api/viewsets.py index 6384fa23..2bf771c0 100644 --- a/src/backend/core/api/viewsets.py +++ b/src/backend/core/api/viewsets.py @@ -189,24 +189,35 @@ class ResourceViewsetMixin: return queryset.filter(is_public=True) user = self.request.user - teams = user.get_teams() - user_roles_query = ( self.access_model_class.objects.filter( - Q(user=user) | Q(team__in=teams), + Q(user=user) | Q(team__in=user.teams), **{self.resource_field_name: OuterRef("pk")}, ) .values(self.resource_field_name) .annotate(roles_array=ArrayAgg("role")) .values("roles_array") ) - return ( - queryset.filter( - Q(accesses__user=user) | Q(accesses__team__in=teams) | Q(is_public=True) + return queryset.annotate(user_roles=Subquery(user_roles_query)).distinct() + + def list(self, request, *args, **kwargs): + """Restrict resources returned by the list endpoint""" + queryset = self.filter_queryset(self.get_queryset()) + if self.request.user.is_authenticated: + user = self.request.user + queryset = queryset.filter( + Q(accesses__user=user) | Q(accesses__team__in=user.teams) ) - .annotate(user_roles=Subquery(user_roles_query)) - .distinct() - ) + else: + queryset = queryset.none() + + page = self.paginate_queryset(queryset) + if page is not None: + serializer = self.get_serializer(page, many=True) + return self.get_paginated_response(serializer.data) + + serializer = self.get_serializer(queryset, many=True) + return drf_response.Response(serializer.data) def perform_create(self, serializer): """Set the current user as owner of the newly created object.""" @@ -245,8 +256,7 @@ class ResourceAccessViewsetMixin: if self.action == "list": user = self.request.user - teams = user.get_teams() - + teams = user.teams user_roles_query = ( queryset.filter( Q(user=user) | Q(team__in=teams), @@ -314,7 +324,6 @@ class DocumentViewSet( ResourceViewsetMixin, mixins.CreateModelMixin, mixins.DestroyModelMixin, - mixins.ListModelMixin, mixins.RetrieveModelMixin, mixins.UpdateModelMixin, viewsets.GenericViewSet, @@ -351,10 +360,11 @@ class DocumentViewSet( to the document """ document = self.get_object() + user = request.user from_datetime = min( access.created_at for access in document.accesses.filter( - Q(user=request.user) | Q(team__in=request.user.get_teams()), + Q(user=user) | Q(team__in=user.teams), ) ) @@ -386,10 +396,11 @@ class DocumentViewSet( # Don't let users access versions that were created before they were given access # to the document + user = request.user from_datetime = min( access.created_at for access in document.accesses.filter( - Q(user=request.user) | Q(team__in=request.user.get_teams()), + Q(user=user) | Q(team__in=user.teams), ) ) if response["LastModified"] < from_datetime: @@ -529,7 +540,6 @@ class TemplateViewSet( ResourceViewsetMixin, mixins.CreateModelMixin, mixins.DestroyModelMixin, - mixins.ListModelMixin, mixins.RetrieveModelMixin, mixins.UpdateModelMixin, viewsets.GenericViewSet, @@ -671,7 +681,7 @@ class InvitationViewset( if self.action == "list": user = self.request.user - teams = user.get_teams() + teams = user.teams # Determine which role the logged-in user has in the document user_roles_query = ( diff --git a/src/backend/core/models.py b/src/backend/core/models.py index a818b21b..5615c0f2 100644 --- a/src/backend/core/models.py +++ b/src/backend/core/models.py @@ -21,7 +21,7 @@ from django.http import FileResponse from django.template.base import Template as DjangoTemplate from django.template.context import Context from django.utils import html, timezone -from django.utils.functional import lazy +from django.utils.functional import cached_property, lazy from django.utils.translation import gettext_lazy as _ import frontmatter @@ -42,10 +42,9 @@ def get_resource_roles(resource, user): try: roles = resource.user_roles or [] except AttributeError: - teams = user.get_teams() try: roles = resource.accesses.filter( - models.Q(user=user) | models.Q(team__in=teams), + models.Q(user=user) | models.Q(team__in=user.teams), ).values_list("role", flat=True) except (models.ObjectDoesNotExist, IndexError): roles = [] @@ -215,7 +214,8 @@ class User(AbstractBaseUser, BaseModel, auth_models.PermissionsMixin): raise ValueError("User has no email address.") mail.send_mail(subject, message, from_email, [self.email], **kwargs) - def get_teams(self): + @cached_property + def teams(self): """ Get list of teams in which the user is, as a list of strings. Must be cached if retrieved remotely. @@ -247,7 +247,7 @@ class BaseAccess(BaseModel): """ roles = [] if user.is_authenticated: - teams = user.get_teams() + teams = user.teams try: roles = self.user_roles or [] except AttributeError: @@ -778,7 +778,7 @@ class Invitation(BaseModel): roles = [] if user.is_authenticated: - teams = user.get_teams() + teams = user.teams try: roles = self.user_roles or [] except AttributeError: diff --git a/src/backend/core/tests/conftest.py b/src/backend/core/tests/conftest.py index 113245c4..ea586dcb 100644 --- a/src/backend/core/tests/conftest.py +++ b/src/backend/core/tests/conftest.py @@ -10,7 +10,9 @@ VIA = [USER, TEAM] @pytest.fixture -def mock_user_get_teams(): - """Mock for the "get_teams" method on the User model.""" - with mock.patch("core.models.User.get_teams") as mock_get_teams: - yield mock_get_teams +def mock_user_teams(): + """Mock for the "teams" property on the User model.""" + with mock.patch( + "core.models.User.teams", new_callable=mock.PropertyMock + ) as mock_teams: + yield mock_teams diff --git a/src/backend/core/tests/documents/test_api_document_accesses.py b/src/backend/core/tests/documents/test_api_document_accesses.py index 69f0cd0b..6431b850 100644 --- a/src/backend/core/tests/documents/test_api_document_accesses.py +++ b/src/backend/core/tests/documents/test_api_document_accesses.py @@ -57,7 +57,7 @@ def test_api_document_accesses_list_authenticated_unrelated(): @pytest.mark.parametrize("via", VIA) -def test_api_document_accesses_list_authenticated_related(via, mock_user_get_teams): +def test_api_document_accesses_list_authenticated_related(via, mock_user_teams): """ Authenticated users should be able to list document accesses for a document to which they are directly related, whatever their role in the document. @@ -76,7 +76,7 @@ def test_api_document_accesses_list_authenticated_related(via, mock_user_get_tea role=random.choice(models.RoleChoices.choices)[0], ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] user_access = models.DocumentAccess.objects.create( document=document, team="lasuite", @@ -181,7 +181,7 @@ def test_api_document_accesses_retrieve_authenticated_unrelated(): @pytest.mark.parametrize("via", VIA) -def test_api_document_accesses_retrieve_authenticated_related(via, mock_user_get_teams): +def test_api_document_accesses_retrieve_authenticated_related(via, mock_user_teams): """ A user who is related to a document should be allowed to retrieve the associated document user accesses. @@ -195,7 +195,7 @@ def test_api_document_accesses_retrieve_authenticated_related(via, mock_user_get if via == USER: factories.UserDocumentAccessFactory(document=document, user=user) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory(document=document, team="lasuite") access = factories.UserDocumentAccessFactory(document=document) @@ -276,7 +276,7 @@ def test_api_document_accesses_update_authenticated_unrelated(): @pytest.mark.parametrize("role", ["reader", "editor"]) @pytest.mark.parametrize("via", VIA) def test_api_document_accesses_update_authenticated_reader_or_editor( - via, role, mock_user_get_teams + via, role, mock_user_teams ): """Readers or editors of a document should not be allowed to update its accesses.""" user = factories.UserFactory() @@ -288,7 +288,7 @@ def test_api_document_accesses_update_authenticated_reader_or_editor( if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role=role) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role=role ) @@ -316,9 +316,7 @@ def test_api_document_accesses_update_authenticated_reader_or_editor( @pytest.mark.parametrize("via", VIA) -def test_api_document_accesses_update_administrator_except_owner( - via, mock_user_get_teams -): +def test_api_document_accesses_update_administrator_except_owner(via, mock_user_teams): """ A user who is a direct administrator in a document should be allowed to update a user access for this document, as long as they don't try to set the role to owner. @@ -334,7 +332,7 @@ def test_api_document_accesses_update_administrator_except_owner( document=document, user=user, role="administrator" ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role="administrator" ) @@ -375,9 +373,7 @@ def test_api_document_accesses_update_administrator_except_owner( @pytest.mark.parametrize("via", VIA) -def test_api_document_accesses_update_administrator_from_owner( - via, mock_user_get_teams -): +def test_api_document_accesses_update_administrator_from_owner(via, mock_user_teams): """ A user who is an administrator in a document, should not be allowed to update the user access of an "owner" for this document. @@ -393,7 +389,7 @@ def test_api_document_accesses_update_administrator_from_owner( document=document, user=user, role="administrator" ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role="administrator" ) @@ -424,7 +420,7 @@ def test_api_document_accesses_update_administrator_from_owner( @pytest.mark.parametrize("via", VIA) -def test_api_document_accesses_update_administrator_to_owner(via, mock_user_get_teams): +def test_api_document_accesses_update_administrator_to_owner(via, mock_user_teams): """ A user who is an administrator in a document, should not be allowed to update the user access of another user to grant document ownership. @@ -440,7 +436,7 @@ def test_api_document_accesses_update_administrator_to_owner(via, mock_user_get_ document=document, user=user, role="administrator" ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role="administrator" ) @@ -478,7 +474,7 @@ def test_api_document_accesses_update_administrator_to_owner(via, mock_user_get_ @pytest.mark.parametrize("via", VIA) -def test_api_document_accesses_update_owner(via, mock_user_get_teams): +def test_api_document_accesses_update_owner(via, mock_user_teams): """ A user who is an owner in a document should be allowed to update a user access for this document whatever the role. @@ -492,7 +488,7 @@ def test_api_document_accesses_update_owner(via, mock_user_get_teams): if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role="owner") elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role="owner" ) @@ -534,7 +530,7 @@ def test_api_document_accesses_update_owner(via, mock_user_get_teams): @pytest.mark.parametrize("via", VIA) -def test_api_document_accesses_update_owner_self(via, mock_user_get_teams): +def test_api_document_accesses_update_owner_self(via, mock_user_teams): """ A user who is owner of a document should be allowed to update their own user access provided there are other owners in the document. @@ -551,7 +547,7 @@ def test_api_document_accesses_update_owner_self(via, mock_user_get_teams): document=document, user=user, role="owner" ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] access = factories.TeamDocumentAccessFactory( document=document, team="lasuite", role="owner" ) @@ -626,7 +622,7 @@ def test_api_document_accesses_delete_authenticated(): @pytest.mark.parametrize("role", ["reader", "editor"]) @pytest.mark.parametrize("via", VIA) -def test_api_document_accesses_delete_reader_or_editor(via, role, mock_user_get_teams): +def test_api_document_accesses_delete_reader_or_editor(via, role, mock_user_teams): """ Authenticated users should not be allowed to delete a document access for a document in which they are a simple reader or editor. @@ -640,7 +636,7 @@ def test_api_document_accesses_delete_reader_or_editor(via, role, mock_user_get_ if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role=role) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role=role ) @@ -660,7 +656,7 @@ def test_api_document_accesses_delete_reader_or_editor(via, role, mock_user_get_ @pytest.mark.parametrize("via", VIA) def test_api_document_accesses_delete_administrators_except_owners( - via, mock_user_get_teams + via, mock_user_teams ): """ Users who are administrators in a document should be allowed to delete an access @@ -677,7 +673,7 @@ def test_api_document_accesses_delete_administrators_except_owners( document=document, user=user, role="administrator" ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role="administrator" ) @@ -698,7 +694,7 @@ def test_api_document_accesses_delete_administrators_except_owners( @pytest.mark.parametrize("via", VIA) -def test_api_document_accesses_delete_administrator_on_owners(via, mock_user_get_teams): +def test_api_document_accesses_delete_administrator_on_owners(via, mock_user_teams): """ Users who are administrators in a document should not be allowed to delete an ownership access from the document. @@ -714,7 +710,7 @@ def test_api_document_accesses_delete_administrator_on_owners(via, mock_user_get document=document, user=user, role="administrator" ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role="administrator" ) @@ -733,7 +729,7 @@ def test_api_document_accesses_delete_administrator_on_owners(via, mock_user_get @pytest.mark.parametrize("via", VIA) -def test_api_document_accesses_delete_owners(via, mock_user_get_teams): +def test_api_document_accesses_delete_owners(via, mock_user_teams): """ Users should be able to delete the document access of another user for a document of which they are owner. @@ -747,7 +743,7 @@ def test_api_document_accesses_delete_owners(via, mock_user_get_teams): if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role="owner") elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role="owner" ) @@ -766,7 +762,7 @@ def test_api_document_accesses_delete_owners(via, mock_user_get_teams): @pytest.mark.parametrize("via", VIA) -def test_api_document_accesses_delete_owners_last_owner(via, mock_user_get_teams): +def test_api_document_accesses_delete_owners_last_owner(via, mock_user_teams): """ It should not be possible to delete the last owner access from a document """ @@ -782,7 +778,7 @@ def test_api_document_accesses_delete_owners_last_owner(via, mock_user_get_teams document=document, user=user, role="owner" ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] access = factories.TeamDocumentAccessFactory( document=document, team="lasuite", role="owner" ) diff --git a/src/backend/core/tests/documents/test_api_document_accesses_create.py b/src/backend/core/tests/documents/test_api_document_accesses_create.py index 92e1afec..779134e7 100644 --- a/src/backend/core/tests/documents/test_api_document_accesses_create.py +++ b/src/backend/core/tests/documents/test_api_document_accesses_create.py @@ -66,7 +66,7 @@ def test_api_document_accesses_create_authenticated_unrelated(): @pytest.mark.parametrize("role", ["reader", "editor"]) @pytest.mark.parametrize("via", VIA) def test_api_document_accesses_create_authenticated_reader_or_editor( - via, role, mock_user_get_teams + via, role, mock_user_teams ): """Readers or editors of a document should not be allowed to create document accesses.""" user = factories.UserFactory() @@ -78,7 +78,7 @@ def test_api_document_accesses_create_authenticated_reader_or_editor( if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role=role) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role=role ) @@ -101,9 +101,7 @@ def test_api_document_accesses_create_authenticated_reader_or_editor( @pytest.mark.parametrize("via", VIA) -def test_api_document_accesses_create_authenticated_administrator( - via, mock_user_get_teams -): +def test_api_document_accesses_create_authenticated_administrator(via, mock_user_teams): """ Administrators of a document should be able to create document accesses except for the "owner" role. @@ -120,7 +118,7 @@ def test_api_document_accesses_create_authenticated_administrator( document=document, user=user, role="administrator" ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role="administrator" ) @@ -178,7 +176,7 @@ def test_api_document_accesses_create_authenticated_administrator( @pytest.mark.parametrize("via", VIA) -def test_api_document_accesses_create_authenticated_owner(via, mock_user_get_teams): +def test_api_document_accesses_create_authenticated_owner(via, mock_user_teams): """ Owners of a document should be able to create document accesses whatever the role. An email should be sent to the accesses to notify them of the adding. @@ -192,7 +190,7 @@ def test_api_document_accesses_create_authenticated_owner(via, mock_user_get_tea if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role="owner") elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role="owner" ) diff --git a/src/backend/core/tests/documents/test_api_document_invitations.py b/src/backend/core/tests/documents/test_api_document_invitations.py index 8e36dc8b..77e43be9 100644 --- a/src/backend/core/tests/documents/test_api_document_invitations.py +++ b/src/backend/core/tests/documents/test_api_document_invitations.py @@ -80,7 +80,7 @@ def test_api_document_invitations__create__authenticated_outsider(): ) @pytest.mark.parametrize("via", VIA) def test_api_document_invitations__create__privileged_members( - via, inviting, invited, is_allowed, mock_user_get_teams + via, inviting, invited, is_allowed, mock_user_teams ): """ Only owners and administrators should be able to invite new users. @@ -91,7 +91,7 @@ def test_api_document_invitations__create__privileged_members( if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role=inviting) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role=inviting ) @@ -291,7 +291,7 @@ def test_api_document_invitations__list__anonymous_user(): @pytest.mark.parametrize("via", VIA) def test_api_document_invitations__list__authenticated( - via, mock_user_get_teams, django_assert_num_queries + via, mock_user_teams, django_assert_num_queries ): """ Authenticated users should be able to list invitations for documents to which they are @@ -304,7 +304,7 @@ def test_api_document_invitations__list__authenticated( if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role=role) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role=role ) @@ -432,7 +432,7 @@ def test_api_document_invitations__retrieve__unrelated_user(): @pytest.mark.parametrize("via", VIA) -def test_api_document_invitations__retrieve__document_member(via, mock_user_get_teams): +def test_api_document_invitations__retrieve__document_member(via, mock_user_teams): """ Authenticated users related to the document should be able to retrieve invitations whatever their role in the document. @@ -445,7 +445,7 @@ def test_api_document_invitations__retrieve__document_member(via, mock_user_get_ document=invitation.document, user=user, role=role ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=invitation.document, team="lasuite", role=role ) @@ -475,7 +475,7 @@ def test_api_document_invitations__retrieve__document_member(via, mock_user_get_ @pytest.mark.parametrize("via", VIA) -def test_api_document_invitations__put_authenticated(via, mock_user_get_teams): +def test_api_document_invitations__put_authenticated(via, mock_user_teams): """ Authenticated user can put invitations. """ @@ -486,7 +486,7 @@ def test_api_document_invitations__put_authenticated(via, mock_user_get_teams): document=invitation.document, user=user, role="owner" ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=invitation.document, team="lasuite", role="owner" ) @@ -503,7 +503,7 @@ def test_api_document_invitations__put_authenticated(via, mock_user_get_teams): @pytest.mark.parametrize("via", VIA) -def test_api_document_invitations__patch_authenticated(via, mock_user_get_teams): +def test_api_document_invitations__patch_authenticated(via, mock_user_teams): """ Authenticated user can patch invitations. """ @@ -514,7 +514,7 @@ def test_api_document_invitations__patch_authenticated(via, mock_user_get_teams) document=invitation.document, user=user, role="owner" ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=invitation.document, team="lasuite", role="owner" ) @@ -546,7 +546,7 @@ def test_api_document_invitations__patch_authenticated(via, mock_user_get_teams) ["editor", "reader"], ) def test_api_document_invitations__update__forbidden__not_authenticated( - method, via, role, mock_user_get_teams + method, via, role, mock_user_teams ): """ Update of invitations is currently forbidden. @@ -558,7 +558,7 @@ def test_api_document_invitations__update__forbidden__not_authenticated( document=invitation.document, user=user, role=role ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=invitation.document, team="lasuite", role=role ) @@ -607,7 +607,7 @@ def test_api_document_invitations__delete__authenticated_outsider(): @pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("role", ["owner", "administrator"]) def test_api_document_invitations__delete__privileged_members( - role, via, mock_user_get_teams + role, via, mock_user_teams ): """Privileged member should be able to cancel invitation.""" user = factories.UserFactory() @@ -615,7 +615,7 @@ def test_api_document_invitations__delete__privileged_members( if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role=role) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role=role ) @@ -632,16 +632,14 @@ def test_api_document_invitations__delete__privileged_members( @pytest.mark.parametrize("role", ["reader", "editor"]) @pytest.mark.parametrize("via", VIA) -def test_api_document_invitations_delete_readers_or_editors( - via, role, mock_user_get_teams -): +def test_api_document_invitations_delete_readers_or_editors(via, role, mock_user_teams): """Readers or editors should not be able to cancel invitation.""" user = factories.UserFactory() document = factories.DocumentFactory() if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role=role) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role=role ) diff --git a/src/backend/core/tests/documents/test_api_document_versions.py b/src/backend/core/tests/documents/test_api_document_versions.py index 066f3997..6577215a 100644 --- a/src/backend/core/tests/documents/test_api_document_versions.py +++ b/src/backend/core/tests/documents/test_api_document_versions.py @@ -86,12 +86,14 @@ def test_api_document_versions_list_authenticated_unrelated_private(): response = client.get( f"/api/v1.0/documents/{document.id!s}/versions/", ) - assert response.status_code == 404 - assert response.json() == {"detail": "No Document matches the given query."} + assert response.status_code == 403 + assert response.json() == { + "detail": "You do not have permission to perform this action." + } @pytest.mark.parametrize("via", VIA) -def test_api_document_versions_list_authenticated_related(via, mock_user_get_teams): +def test_api_document_versions_list_authenticated_related(via, mock_user_teams): """ Authenticated users should be able to list document versions for a document to which they are directly related, whatever their role in the document. @@ -109,7 +111,7 @@ def test_api_document_versions_list_authenticated_related(via, mock_user_get_tea role=random.choice(models.RoleChoices.choices)[0], ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] models.DocumentAccess.objects.create( document=document, team="lasuite", @@ -211,12 +213,14 @@ def test_api_document_versions_retrieve_authenticated_unrelated_private(): response = client.get( f"/api/v1.0/documents/{document.id!s}/versions/{version_id:s}/", ) - assert response.status_code == 404 - assert response.json() == {"detail": "No Document matches the given query."} + assert response.status_code == 403 + assert response.json() == { + "detail": "You do not have permission to perform this action." + } @pytest.mark.parametrize("via", VIA) -def test_api_document_versions_retrieve_authenticated_related(via, mock_user_get_teams): +def test_api_document_versions_retrieve_authenticated_related(via, mock_user_teams): """ A user who is related to a document should be allowed to retrieve the associated document user accesses. @@ -232,10 +236,10 @@ def test_api_document_versions_retrieve_authenticated_related(via, mock_user_get if via == USER: factories.UserDocumentAccessFactory(document=document, user=user) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory(document=document, team="lasuite") - # Versions created before the document was shared should not be available to the user + # Versions created before the document was shared should not be seen by the user response = client.get( f"/api/v1.0/documents/{document.id!s}/versions/{version_id:s}/", ) @@ -295,7 +299,7 @@ def test_api_document_versions_create_authenticated_unrelated(): @pytest.mark.parametrize("via", VIA) -def test_api_document_versions_create_authenticated_related(via, mock_user_get_teams): +def test_api_document_versions_create_authenticated_related(via, mock_user_teams): """ Authenticated users related to a document should not be allowed to create document versions whatever their role. @@ -309,7 +313,7 @@ def test_api_document_versions_create_authenticated_related(via, mock_user_get_t if via == USER: factories.UserDocumentAccessFactory(document=document, user=user) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory(document=document, team="lasuite") response = client.post( @@ -356,7 +360,7 @@ def test_api_document_versions_update_authenticated_unrelated(): @pytest.mark.parametrize("via", VIA) -def test_api_document_versions_update_authenticated_related(via, mock_user_get_teams): +def test_api_document_versions_update_authenticated_related(via, mock_user_teams): """ Authenticated users with access to a document should not be able to update its versions whatever their role. @@ -372,7 +376,7 @@ def test_api_document_versions_update_authenticated_related(via, mock_user_get_t if via == USER: factories.UserDocumentAccessFactory(document=document, user=user) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory(document=document, team="lasuite") response = client.put( @@ -434,13 +438,15 @@ def test_api_document_versions_delete_authenticated_private(): f"/api/v1.0/documents/{document.id!s}/versions/{version_id:s}/", ) - assert response.status_code == 404 - assert response.json() == {"detail": "No Document matches the given query."} + assert response.status_code == 403 + assert response.json() == { + "detail": "You do not have permission to perform this action." + } @pytest.mark.parametrize("role", ["reader", "editor"]) @pytest.mark.parametrize("via", VIA) -def test_api_document_versions_delete_reader_or_editor(via, role, mock_user_get_teams): +def test_api_document_versions_delete_reader_or_editor(via, role, mock_user_teams): """ Authenticated users should not be allowed to delete a document version for a document in which they are a simple reader or editor. @@ -454,7 +460,7 @@ def test_api_document_versions_delete_reader_or_editor(via, role, mock_user_get_ if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role=role) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role=role ) @@ -484,7 +490,7 @@ def test_api_document_versions_delete_reader_or_editor(via, role, mock_user_get_ @pytest.mark.parametrize("via", VIA) -def test_api_document_versions_delete_administrator_or_owner(via, mock_user_get_teams): +def test_api_document_versions_delete_administrator_or_owner(via, mock_user_teams): """ Users who are administrator or owner of a document should be allowed to delete a version. """ @@ -498,7 +504,7 @@ def test_api_document_versions_delete_administrator_or_owner(via, mock_user_get_ if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role=role) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role=role ) diff --git a/src/backend/core/tests/documents/test_api_documents_attachment_upload.py b/src/backend/core/tests/documents/test_api_documents_attachment_upload.py index 3f1282d3..10caf05b 100644 --- a/src/backend/core/tests/documents/test_api_documents_attachment_upload.py +++ b/src/backend/core/tests/documents/test_api_documents_attachment_upload.py @@ -67,12 +67,14 @@ def test_api_documents_attachment_upload_authenticated_private(): url = f"/api/v1.0/documents/{document.id!s}/attachment-upload/" response = client.post(url, {"file": file}, format="multipart") - assert response.status_code == 404 - assert response.json() == {"detail": "No Document matches the given query."} + assert response.status_code == 403 + assert response.json() == { + "detail": "You do not have permission to perform this action." + } @pytest.mark.parametrize("via", VIA) -def test_api_documents_attachment_upload_reader(via, mock_user_get_teams): +def test_api_documents_attachment_upload_reader(via, mock_user_teams): """ Users who are simple readers on a document should not be allowed to upload an attachment. """ @@ -85,7 +87,7 @@ def test_api_documents_attachment_upload_reader(via, mock_user_get_teams): if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role="reader") elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role="reader" ) @@ -103,7 +105,7 @@ def test_api_documents_attachment_upload_reader(via, mock_user_get_teams): @pytest.mark.parametrize("role", ["editor", "administrator", "owner"]) @pytest.mark.parametrize("via", VIA) -def test_api_documents_attachment_upload_success(via, role, mock_user_get_teams): +def test_api_documents_attachment_upload_success(via, role, mock_user_teams): """ Editors, administrators and owners of a document should be able to upload an attachment. """ @@ -116,7 +118,7 @@ def test_api_documents_attachment_upload_success(via, role, mock_user_get_teams) if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role=role) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role=role ) diff --git a/src/backend/core/tests/documents/test_api_documents_delete.py b/src/backend/core/tests/documents/test_api_documents_delete.py index 0831b93a..538e25c5 100644 --- a/src/backend/core/tests/documents/test_api_documents_delete.py +++ b/src/backend/core/tests/documents/test_api_documents_delete.py @@ -48,7 +48,7 @@ def test_api_documents_delete_authenticated_unrelated(): @pytest.mark.parametrize("role", ["reader", "editor", "administrator"]) @pytest.mark.parametrize("via", VIA) -def test_api_documents_delete_authenticated_not_owner(via, role, mock_user_get_teams): +def test_api_documents_delete_authenticated_not_owner(via, role, mock_user_teams): """ Authenticated users should not be allowed to delete a document for which they are only a reader, editor or administrator. @@ -62,7 +62,7 @@ def test_api_documents_delete_authenticated_not_owner(via, role, mock_user_get_t if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role=role) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role=role ) @@ -79,7 +79,7 @@ def test_api_documents_delete_authenticated_not_owner(via, role, mock_user_get_t @pytest.mark.parametrize("via", VIA) -def test_api_documents_delete_authenticated_owner(via, mock_user_get_teams): +def test_api_documents_delete_authenticated_owner(via, mock_user_teams): """ Authenticated users should be able to delete a document they own. """ @@ -92,7 +92,7 @@ def test_api_documents_delete_authenticated_owner(via, mock_user_get_teams): if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role="owner") elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role="owner" ) diff --git a/src/backend/core/tests/documents/test_api_documents_list.py b/src/backend/core/tests/documents/test_api_documents_list.py index 26adb8c3..456518a1 100644 --- a/src/backend/core/tests/documents/test_api_documents_list.py +++ b/src/backend/core/tests/documents/test_api_documents_list.py @@ -7,7 +7,6 @@ from unittest import mock import pytest from faker import Faker from rest_framework.pagination import PageNumberPagination -from rest_framework.status import HTTP_200_OK from rest_framework.test import APIClient from core import factories @@ -17,18 +16,19 @@ pytestmark = pytest.mark.django_db def test_api_documents_list_anonymous(): - """Anonymous users should only be able to list public documents.""" + """Anonymous users should only be able to list documents public or not.""" factories.DocumentFactory.create_batch(2, is_public=False) - documents = factories.DocumentFactory.create_batch(2, is_public=True) - expected_ids = {str(document.id) for document in documents} + factories.DocumentFactory.create_batch(2, is_public=True) response = APIClient().get("/api/v1.0/documents/") - assert response.status_code == HTTP_200_OK - results = response.json()["results"] - assert len(results) == 2 - results_id = {result["id"] for result in results} - assert expected_ids == results_id + assert response.status_code == 200 + assert response.json() == { + "count": 0, + "next": None, + "previous": None, + "results": [], + } def test_api_documents_list_authenticated_direct(): @@ -45,25 +45,23 @@ def test_api_documents_list_authenticated_direct(): access.document for access in factories.UserDocumentAccessFactory.create_batch(5, user=user) ] - public_documents = factories.DocumentFactory.create_batch(2, is_public=True) + factories.DocumentFactory.create_batch(2, is_public=True) factories.DocumentFactory.create_batch(2, is_public=False) - expected_ids = { - str(document.id) for document in related_documents + public_documents - } + expected_ids = {str(document.id) for document in related_documents} response = client.get( "/api/v1.0/documents/", ) - assert response.status_code == HTTP_200_OK + assert response.status_code == 200 results = response.json()["results"] - assert len(results) == 7 + assert len(results) == 5 results_id = {result["id"] for result in results} assert expected_ids == results_id -def test_api_documents_list_authenticated_via_team(mock_user_get_teams): +def test_api_documents_list_authenticated_via_team(mock_user_teams): """ Authenticated users should be able to list documents they are a owner/administrator/member of via a team. @@ -73,7 +71,7 @@ def test_api_documents_list_authenticated_via_team(mock_user_get_teams): client = APIClient() client.force_login(user) - mock_user_get_teams.return_value = ["team1", "team2", "unknown"] + mock_user_teams.return_value = ["team1", "team2", "unknown"] documents_team1 = [ access.document @@ -83,19 +81,16 @@ def test_api_documents_list_authenticated_via_team(mock_user_get_teams): access.document for access in factories.TeamDocumentAccessFactory.create_batch(3, team="team2") ] - public_documents = factories.DocumentFactory.create_batch(2, is_public=True) + factories.DocumentFactory.create_batch(2, is_public=True) factories.DocumentFactory.create_batch(2, is_public=False) - expected_ids = { - str(document.id) - for document in documents_team1 + documents_team2 + public_documents - } + expected_ids = {str(document.id) for document in documents_team1 + documents_team2} response = client.get("/api/v1.0/documents/") - assert response.status_code == HTTP_200_OK + assert response.status_code == 200 results = response.json()["results"] - assert len(results) == 7 + assert len(results) == 5 results_id = {result["id"] for result in results} assert expected_ids == results_id @@ -120,7 +115,7 @@ def test_api_documents_list_pagination( "/api/v1.0/documents/", ) - assert response.status_code == HTTP_200_OK + assert response.status_code == 200 content = response.json() assert content["count"] == 3 @@ -136,7 +131,7 @@ def test_api_documents_list_pagination( "/api/v1.0/documents/?page=2", ) - assert response.status_code == HTTP_200_OK + assert response.status_code == 200 content = response.json() assert content["count"] == 3 @@ -163,7 +158,7 @@ def test_api_documents_list_authenticated_distinct(): "/api/v1.0/documents/", ) - assert response.status_code == HTTP_200_OK + assert response.status_code == 200 content = response.json() assert len(content["results"]) == 1 assert content["results"][0]["id"] == str(document.id) @@ -181,13 +176,13 @@ def test_api_documents_order_updated_at_desc_default(): documents_updated = [ document.updated_at.isoformat().replace("+00:00", "Z") for document in factories.DocumentFactory.create_batch( - 5, is_public=True, updated_at=fake.date_time_this_year(before_now=False) + 5, updated_at=fake.date_time_this_year(before_now=False), users=[user] ) ] documents_updated.sort(reverse=True) - response = APIClient().get( + response = client.get( "/api/v1.0/documents/", ) assert response.status_code == 200 @@ -223,14 +218,14 @@ def test_api_documents_ordering_desc(ordering_field, factory_field): if factory_field == "title": documents_field_values = [ factories.DocumentFactory( - is_public=True, title=fake.sentence(nb_words=4) + title=fake.sentence(nb_words=4), users=[user] ).title for _ in range(5) ] else: documents_field_values = [ getattr(document, factory_field).isoformat().replace("+00:00", "Z") - for document in factories.DocumentFactory.create_batch(5, is_public=True) + for document in factories.DocumentFactory.create_batch(5, users=[user]) ] documents_field_values.sort(reverse=True) @@ -273,14 +268,14 @@ def test_api_documents_ordering_asc(field): if field == "title": documents_field_values = [ factories.DocumentFactory( - is_public=True, title=fake.sentence(nb_words=4) + users=[user], title=fake.sentence(nb_words=4) ).title for _ in range(5) ] else: documents_field_values = [ getattr(document, field).isoformat().replace("+00:00", "Z") - for document in factories.DocumentFactory.create_batch(5, is_public=True) + for document in factories.DocumentFactory.create_batch(5, users=[user]) ] documents_field_values.sort() diff --git a/src/backend/core/tests/documents/test_api_documents_retrieve.py b/src/backend/core/tests/documents/test_api_documents_retrieve.py index 7cea1af9..e70ebae8 100644 --- a/src/backend/core/tests/documents/test_api_documents_retrieve.py +++ b/src/backend/core/tests/documents/test_api_documents_retrieve.py @@ -103,8 +103,10 @@ def test_api_documents_retrieve_authenticated_unrelated_not_public(): response = client.get( f"/api/v1.0/documents/{document.id!s}/", ) - assert response.status_code == 404 - assert response.json() == {"detail": "No Document matches the given query."} + assert response.status_code == 403 + assert response.json() == { + "detail": "You do not have permission to perform this action." + } def test_api_documents_retrieve_authenticated_related_direct(): @@ -158,12 +160,12 @@ def test_api_documents_retrieve_authenticated_related_direct(): } -def test_api_documents_retrieve_authenticated_related_team_none(mock_user_get_teams): +def test_api_documents_retrieve_authenticated_related_team_none(mock_user_teams): """ Authenticated users should not be able to retrieve a document related to teams in which the user is not. """ - mock_user_get_teams.return_value = [] + mock_user_teams.return_value = [] user = factories.UserFactory() @@ -186,8 +188,10 @@ def test_api_documents_retrieve_authenticated_related_team_none(mock_user_get_te factories.TeamDocumentAccessFactory() response = client.get(f"/api/v1.0/documents/{document.id!s}/") - assert response.status_code == 404 - assert response.json() == {"detail": "No Document matches the given query."} + assert response.status_code == 403 + assert response.json() == { + "detail": "You do not have permission to perform this action." + } @pytest.mark.parametrize( @@ -200,13 +204,13 @@ def test_api_documents_retrieve_authenticated_related_team_none(mock_user_get_te ], ) def test_api_documents_retrieve_authenticated_related_team_members( - teams, mock_user_get_teams + teams, mock_user_teams ): """ Authenticated users should be allowed to retrieve a document to which they are related via a team whatever the role and see all its accesses. """ - mock_user_get_teams.return_value = teams + mock_user_teams.return_value = teams user = factories.UserFactory() @@ -302,13 +306,13 @@ def test_api_documents_retrieve_authenticated_related_team_members( ], ) def test_api_documents_retrieve_authenticated_related_team_administrators( - teams, mock_user_get_teams + teams, mock_user_teams ): """ Authenticated users should be allowed to retrieve a document to which they are related via a team whatever the role and see all its accesses. """ - mock_user_get_teams.return_value = teams + mock_user_teams.return_value = teams user = factories.UserFactory() @@ -422,13 +426,13 @@ def test_api_documents_retrieve_authenticated_related_team_administrators( ], ) def test_api_documents_retrieve_authenticated_related_team_owners( - teams, mock_user_get_teams + teams, mock_user_teams ): """ Authenticated users should be allowed to retrieve a document to which they are related via a team whatever the role and see all its accesses. """ - mock_user_get_teams.return_value = teams + mock_user_teams.return_value = teams user = factories.UserFactory() diff --git a/src/backend/core/tests/documents/test_api_documents_retrieve_auth.py b/src/backend/core/tests/documents/test_api_documents_retrieve_auth.py index 4724fc21..83336d0b 100644 --- a/src/backend/core/tests/documents/test_api_documents_retrieve_auth.py +++ b/src/backend/core/tests/documents/test_api_documents_retrieve_auth.py @@ -157,7 +157,7 @@ def test_api_documents_retrieve_auth_authenticated_not_public(): @pytest.mark.parametrize("is_public", [True, False]) @pytest.mark.parametrize("via", VIA) -def test_api_documents_retrieve_auth_related(via, is_public, mock_user_get_teams): +def test_api_documents_retrieve_auth_related(via, is_public, mock_user_teams): """ Users who have a role on a document, whatever the role, should be able to retrieve related attachments. @@ -170,7 +170,7 @@ def test_api_documents_retrieve_auth_related(via, is_public, mock_user_get_teams if via == USER: factories.UserDocumentAccessFactory(document=document, user=user) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory(document=document, team="lasuite") filename = f"{uuid.uuid4()!s}.jpg" diff --git a/src/backend/core/tests/documents/test_api_documents_update.py b/src/backend/core/tests/documents/test_api_documents_update.py index 7b3ee965..531848f3 100644 --- a/src/backend/core/tests/documents/test_api_documents_update.py +++ b/src/backend/core/tests/documents/test_api_documents_update.py @@ -58,8 +58,10 @@ def test_api_documents_update_authenticated_unrelated(): format="json", ) - assert response.status_code == 404 - assert response.json() == {"detail": "No Document matches the given query."} + assert response.status_code == 403 + assert response.json() == { + "detail": "You do not have permission to perform this action." + } document.refresh_from_db() document_values = serializers.DocumentSerializer(instance=document).data @@ -67,7 +69,7 @@ def test_api_documents_update_authenticated_unrelated(): @pytest.mark.parametrize("via", VIA) -def test_api_documents_update_authenticated_reader(via, mock_user_get_teams): +def test_api_documents_update_authenticated_reader(via, mock_user_teams): """ Users who are editors or reader of a document but not administrators should not be allowed to update it. @@ -81,7 +83,7 @@ def test_api_documents_update_authenticated_reader(via, mock_user_get_teams): if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role="reader") elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role="reader" ) @@ -110,7 +112,7 @@ def test_api_documents_update_authenticated_reader(via, mock_user_get_teams): @pytest.mark.parametrize("role", ["editor", "administrator", "owner"]) @pytest.mark.parametrize("via", VIA) def test_api_documents_update_authenticated_editor_administrator_or_owner( - via, role, mock_user_get_teams + via, role, mock_user_teams ): """A user who is editor, administrator or owner of a document should be allowed to update it.""" user = factories.UserFactory() @@ -122,7 +124,7 @@ def test_api_documents_update_authenticated_editor_administrator_or_owner( if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role=role) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role=role ) @@ -151,7 +153,7 @@ def test_api_documents_update_authenticated_editor_administrator_or_owner( @pytest.mark.parametrize("via", VIA) -def test_api_documents_update_authenticated_owners(via, mock_user_get_teams): +def test_api_documents_update_authenticated_owners(via, mock_user_teams): """Administrators of a document should be allowed to update it.""" user = factories.UserFactory() @@ -162,7 +164,7 @@ def test_api_documents_update_authenticated_owners(via, mock_user_get_teams): if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role="owner") elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role="owner" ) @@ -190,9 +192,7 @@ def test_api_documents_update_authenticated_owners(via, mock_user_get_teams): @pytest.mark.parametrize("via", VIA) -def test_api_documents_update_administrator_or_owner_of_another( - via, mock_user_get_teams -): +def test_api_documents_update_administrator_or_owner_of_another(via, mock_user_teams): """ Being administrator or owner of a document should not grant authorization to update another document. @@ -208,7 +208,7 @@ def test_api_documents_update_administrator_or_owner_of_another( document=document, user=user, role=random.choice(["administrator", "owner"]) ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", diff --git a/src/backend/core/tests/templates/test_api_templates_delete.py b/src/backend/core/tests/templates/test_api_templates_delete.py index 0c0bd161..5c4005e4 100644 --- a/src/backend/core/tests/templates/test_api_templates_delete.py +++ b/src/backend/core/tests/templates/test_api_templates_delete.py @@ -49,7 +49,7 @@ def test_api_templates_delete_authenticated_unrelated(): @pytest.mark.parametrize("role", ["reader", "editor", "administrator"]) @pytest.mark.parametrize("via", VIA) def test_api_templates_delete_authenticated_member_or_administrator( - via, role, mock_user_get_teams + via, role, mock_user_teams ): """ Authenticated users should not be allowed to delete a template for which they are @@ -64,7 +64,7 @@ def test_api_templates_delete_authenticated_member_or_administrator( if via == USER: factories.UserTemplateAccessFactory(template=template, user=user, role=role) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamTemplateAccessFactory( template=template, team="lasuite", role=role ) @@ -81,7 +81,7 @@ def test_api_templates_delete_authenticated_member_or_administrator( @pytest.mark.parametrize("via", VIA) -def test_api_templates_delete_authenticated_owner(via, mock_user_get_teams): +def test_api_templates_delete_authenticated_owner(via, mock_user_teams): """ Authenticated users should be able to delete a template they own. """ @@ -94,7 +94,7 @@ def test_api_templates_delete_authenticated_owner(via, mock_user_get_teams): if via == USER: factories.UserTemplateAccessFactory(template=template, user=user, role="owner") elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamTemplateAccessFactory( template=template, team="lasuite", role="owner" ) diff --git a/src/backend/core/tests/templates/test_api_templates_generate_document.py b/src/backend/core/tests/templates/test_api_templates_generate_document.py index bfc30161..1f7bf824 100644 --- a/src/backend/core/tests/templates/test_api_templates_generate_document.py +++ b/src/backend/core/tests/templates/test_api_templates_generate_document.py @@ -87,12 +87,14 @@ def test_api_templates_generate_document_authenticated_not_public(): format="json", ) - assert response.status_code == 404 - assert response.json() == {"detail": "No Template matches the given query."} + assert response.status_code == 403 + assert response.json() == { + "detail": "You do not have permission to perform this action." + } @pytest.mark.parametrize("via", VIA) -def test_api_templates_generate_document_related(via, mock_user_get_teams): +def test_api_templates_generate_document_related(via, mock_user_teams): """Users related to a template can generate pdf document.""" user = factories.UserFactory() @@ -102,7 +104,7 @@ def test_api_templates_generate_document_related(via, mock_user_get_teams): if via == USER: access = factories.UserTemplateAccessFactory(user=user) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] access = factories.TeamTemplateAccessFactory(team="lasuite") data = {"body": "# Test markdown body"} diff --git a/src/backend/core/tests/templates/test_api_templates_list.py b/src/backend/core/tests/templates/test_api_templates_list.py index 2e6eb329..d68799f2 100644 --- a/src/backend/core/tests/templates/test_api_templates_list.py +++ b/src/backend/core/tests/templates/test_api_templates_list.py @@ -6,7 +6,6 @@ from unittest import mock import pytest from rest_framework.pagination import PageNumberPagination -from rest_framework.status import HTTP_200_OK from rest_framework.test import APIClient from core import factories @@ -15,18 +14,15 @@ pytestmark = pytest.mark.django_db def test_api_templates_list_anonymous(): - """Anonymous users should only be able to list public templates.""" + """Anonymous users should not be able to list templates, public or not.""" factories.TemplateFactory.create_batch(2, is_public=False) - templates = factories.TemplateFactory.create_batch(2, is_public=True) - expected_ids = {str(template.id) for template in templates} + factories.TemplateFactory.create_batch(2, is_public=True) response = APIClient().get("/api/v1.0/templates/") - assert response.status_code == HTTP_200_OK + assert response.status_code == 200 results = response.json()["results"] - assert len(results) == 2 - results_id = {result["id"] for result in results} - assert expected_ids == results_id + assert len(results) == 0 def test_api_templates_list_authenticated_direct(): @@ -43,25 +39,23 @@ def test_api_templates_list_authenticated_direct(): access.template for access in factories.UserTemplateAccessFactory.create_batch(5, user=user) ] - public_templates = factories.TemplateFactory.create_batch(2, is_public=True) + factories.TemplateFactory.create_batch(2, is_public=True) factories.TemplateFactory.create_batch(2, is_public=False) - expected_ids = { - str(template.id) for template in related_templates + public_templates - } + expected_ids = {str(template.id) for template in related_templates} response = client.get( "/api/v1.0/templates/", ) - assert response.status_code == HTTP_200_OK + assert response.status_code == 200 results = response.json()["results"] - assert len(results) == 7 + assert len(results) == 5 results_id = {result["id"] for result in results} assert expected_ids == results_id -def test_api_templates_list_authenticated_via_team(mock_user_get_teams): +def test_api_templates_list_authenticated_via_team(mock_user_teams): """ Authenticated users should be able to list templates they are a owner/administrator/member of via a team. @@ -71,7 +65,7 @@ def test_api_templates_list_authenticated_via_team(mock_user_get_teams): client = APIClient() client.force_login(user) - mock_user_get_teams.return_value = ["team1", "team2", "unknown"] + mock_user_teams.return_value = ["team1", "team2", "unknown"] templates_team1 = [ access.template @@ -81,19 +75,16 @@ def test_api_templates_list_authenticated_via_team(mock_user_get_teams): access.template for access in factories.TeamTemplateAccessFactory.create_batch(3, team="team2") ] - public_templates = factories.TemplateFactory.create_batch(2, is_public=True) + factories.TemplateFactory.create_batch(2, is_public=True) factories.TemplateFactory.create_batch(2, is_public=False) - expected_ids = { - str(template.id) - for template in templates_team1 + templates_team2 + public_templates - } + expected_ids = {str(template.id) for template in templates_team1 + templates_team2} response = client.get("/api/v1.0/templates/") - assert response.status_code == HTTP_200_OK + assert response.status_code == 200 results = response.json()["results"] - assert len(results) == 7 + assert len(results) == 5 results_id = {result["id"] for result in results} assert expected_ids == results_id @@ -118,7 +109,7 @@ def test_api_templates_list_pagination( "/api/v1.0/templates/", ) - assert response.status_code == HTTP_200_OK + assert response.status_code == 200 content = response.json() assert content["count"] == 3 @@ -134,7 +125,7 @@ def test_api_templates_list_pagination( "/api/v1.0/templates/?page=2", ) - assert response.status_code == HTTP_200_OK + assert response.status_code == 200 content = response.json() assert content["count"] == 3 @@ -161,26 +152,24 @@ def test_api_templates_list_authenticated_distinct(): "/api/v1.0/templates/", ) - assert response.status_code == HTTP_200_OK + assert response.status_code == 200 content = response.json() assert len(content["results"]) == 1 assert content["results"][0]["id"] == str(template.id) -def test_api_templates_order(): - """ - Test that the endpoint GET templates is sorted in 'created_at' descending order by default. - """ +def test_api_templates_list_order_default(): + """The templates list should be sorted by 'created_at' in descending order by default.""" user = factories.UserFactory() client = APIClient() client.force_login(user) template_ids = [ - str(template.id) - for template in factories.TemplateFactory.create_batch(5, is_public=True) + str(access.template.id) + for access in factories.UserTemplateAccessFactory.create_batch(5, user=user) ] - response = APIClient().get( + response = client.get( "/api/v1.0/templates/", ) @@ -195,21 +184,21 @@ def test_api_templates_order(): ), "created_at values are not sorted from newest to oldest" -def test_api_templates_order_param(): +def test_api_templates_list_order_param(): """ - Test that the 'created_at' field is sorted in ascending order - when the 'ordering' query parameter is set. + The templates list is sorted by 'created_at' in ascending order when setting + the "ordering" query parameter. """ user = factories.UserFactory() client = APIClient() client.force_login(user) templates_ids = [ - str(template.id) - for template in factories.TemplateFactory.create_batch(5, is_public=True) + str(access.template.id) + for access in factories.UserTemplateAccessFactory.create_batch(5, user=user) ] - response = APIClient().get( + response = client.get( "/api/v1.0/templates/?ordering=created_at", ) assert response.status_code == 200 diff --git a/src/backend/core/tests/templates/test_api_templates_retrieve.py b/src/backend/core/tests/templates/test_api_templates_retrieve.py index e6ea96d1..d16b9ef4 100644 --- a/src/backend/core/tests/templates/test_api_templates_retrieve.py +++ b/src/backend/core/tests/templates/test_api_templates_retrieve.py @@ -94,8 +94,10 @@ def test_api_templates_retrieve_authenticated_unrelated_not_public(): response = client.get( f"/api/v1.0/templates/{template.id!s}/", ) - assert response.status_code == 404 - assert response.json() == {"detail": "No Template matches the given query."} + assert response.status_code == 403 + assert response.json() == { + "detail": "You do not have permission to perform this action." + } def test_api_templates_retrieve_authenticated_related_direct(): @@ -146,12 +148,12 @@ def test_api_templates_retrieve_authenticated_related_direct(): } -def test_api_templates_retrieve_authenticated_related_team_none(mock_user_get_teams): +def test_api_templates_retrieve_authenticated_related_team_none(mock_user_teams): """ Authenticated users should not be able to retrieve a template related to teams in which the user is not. """ - mock_user_get_teams.return_value = [] + mock_user_teams.return_value = [] user = factories.UserFactory() @@ -174,8 +176,10 @@ def test_api_templates_retrieve_authenticated_related_team_none(mock_user_get_te factories.TeamTemplateAccessFactory() response = client.get(f"/api/v1.0/templates/{template.id!s}/") - assert response.status_code == 404 - assert response.json() == {"detail": "No Template matches the given query."} + assert response.status_code == 403 + assert response.json() == { + "detail": "You do not have permission to perform this action." + } @pytest.mark.parametrize( @@ -188,13 +192,13 @@ def test_api_templates_retrieve_authenticated_related_team_none(mock_user_get_te ], ) def test_api_templates_retrieve_authenticated_related_team_readers_or_editors( - teams, mock_user_get_teams + teams, mock_user_teams ): """ Authenticated users should be allowed to retrieve a template to which they are related via a team whatever the role and see all its accesses. """ - mock_user_get_teams.return_value = teams + mock_user_teams.return_value = teams user = factories.UserFactory() @@ -287,13 +291,13 @@ def test_api_templates_retrieve_authenticated_related_team_readers_or_editors( ], ) def test_api_templates_retrieve_authenticated_related_team_administrators( - teams, mock_user_get_teams + teams, mock_user_teams ): """ Authenticated users should be allowed to retrieve a template to which they are related via a team whatever the role and see all its accesses. """ - mock_user_get_teams.return_value = teams + mock_user_teams.return_value = teams user = factories.UserFactory() @@ -405,13 +409,13 @@ def test_api_templates_retrieve_authenticated_related_team_administrators( ], ) def test_api_templates_retrieve_authenticated_related_team_owners( - teams, mock_user_get_teams + teams, mock_user_teams ): """ Authenticated users should be allowed to retrieve a template to which they are related via a team whatever the role and see all its accesses. """ - mock_user_get_teams.return_value = teams + mock_user_teams.return_value = teams user = factories.UserFactory() diff --git a/src/backend/core/tests/templates/test_api_templates_update.py b/src/backend/core/tests/templates/test_api_templates_update.py index 56e582ea..7c5a27c6 100644 --- a/src/backend/core/tests/templates/test_api_templates_update.py +++ b/src/backend/core/tests/templates/test_api_templates_update.py @@ -58,8 +58,10 @@ def test_api_templates_update_authenticated_unrelated(): format="json", ) - assert response.status_code == 404 - assert response.json() == {"detail": "No Template matches the given query."} + assert response.status_code == 403 + assert response.json() == { + "detail": "You do not have permission to perform this action." + } template.refresh_from_db() template_values = serializers.TemplateSerializer(instance=template).data @@ -67,7 +69,7 @@ def test_api_templates_update_authenticated_unrelated(): @pytest.mark.parametrize("via", VIA) -def test_api_templates_update_authenticated_readers(via, mock_user_get_teams): +def test_api_templates_update_authenticated_readers(via, mock_user_teams): """ Users who are readers of a template should not be allowed to update it. """ @@ -80,7 +82,7 @@ def test_api_templates_update_authenticated_readers(via, mock_user_get_teams): if via == USER: factories.UserTemplateAccessFactory(template=template, user=user, role="reader") elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamTemplateAccessFactory( template=template, team="lasuite", role="reader" ) @@ -109,7 +111,7 @@ def test_api_templates_update_authenticated_readers(via, mock_user_get_teams): @pytest.mark.parametrize("role", ["editor", "administrator", "owner"]) @pytest.mark.parametrize("via", VIA) def test_api_templates_update_authenticated_editor_or_administrator_or_owner( - via, role, mock_user_get_teams + via, role, mock_user_teams ): """Administrator or owner of a template should be allowed to update it.""" user = factories.UserFactory() @@ -121,7 +123,7 @@ def test_api_templates_update_authenticated_editor_or_administrator_or_owner( if via == USER: factories.UserTemplateAccessFactory(template=template, user=user, role=role) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamTemplateAccessFactory( template=template, team="lasuite", role=role ) @@ -148,7 +150,7 @@ def test_api_templates_update_authenticated_editor_or_administrator_or_owner( @pytest.mark.parametrize("via", VIA) -def test_api_templates_update_authenticated_owners(via, mock_user_get_teams): +def test_api_templates_update_authenticated_owners(via, mock_user_teams): """Administrators of a template should be allowed to update it.""" user = factories.UserFactory() @@ -159,7 +161,7 @@ def test_api_templates_update_authenticated_owners(via, mock_user_get_teams): if via == USER: factories.UserTemplateAccessFactory(template=template, user=user, role="owner") elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamTemplateAccessFactory( template=template, team="lasuite", role="owner" ) @@ -185,9 +187,7 @@ def test_api_templates_update_authenticated_owners(via, mock_user_get_teams): @pytest.mark.parametrize("via", VIA) -def test_api_templates_update_administrator_or_owner_of_another( - via, mock_user_get_teams -): +def test_api_templates_update_administrator_or_owner_of_another(via, mock_user_teams): """ Being administrator or owner of a template should not grant authorization to update another template. @@ -203,7 +203,7 @@ def test_api_templates_update_administrator_or_owner_of_another( template=template, user=user, role=random.choice(["administrator", "owner"]) ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamTemplateAccessFactory( template=template, team="lasuite", diff --git a/src/backend/core/tests/test_api_template_accesses.py b/src/backend/core/tests/test_api_template_accesses.py index 7b8f8eb4..734fa8b8 100644 --- a/src/backend/core/tests/test_api_template_accesses.py +++ b/src/backend/core/tests/test_api_template_accesses.py @@ -57,7 +57,7 @@ def test_api_template_accesses_list_authenticated_unrelated(): @pytest.mark.parametrize("via", VIA) -def test_api_template_accesses_list_authenticated_related(via, mock_user_get_teams): +def test_api_template_accesses_list_authenticated_related(via, mock_user_teams): """ Authenticated users should be able to list template accesses for a template to which they are directly related, whatever their role in the template. @@ -76,7 +76,7 @@ def test_api_template_accesses_list_authenticated_related(via, mock_user_get_tea role=random.choice(models.RoleChoices.choices)[0], ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] user_access = models.TemplateAccess.objects.create( template=template, team="lasuite", @@ -178,7 +178,7 @@ def test_api_template_accesses_retrieve_authenticated_unrelated(): @pytest.mark.parametrize("via", VIA) -def test_api_template_accesses_retrieve_authenticated_related(via, mock_user_get_teams): +def test_api_template_accesses_retrieve_authenticated_related(via, mock_user_teams): """ A user who is related to a template should be allowed to retrieve the associated template user accesses. @@ -192,7 +192,7 @@ def test_api_template_accesses_retrieve_authenticated_related(via, mock_user_get if via == USER: factories.UserTemplateAccessFactory(template=template, user=user) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamTemplateAccessFactory(template=template, team="lasuite") access = factories.UserTemplateAccessFactory(template=template) @@ -261,7 +261,7 @@ def test_api_template_accesses_create_authenticated_unrelated(): @pytest.mark.parametrize("role", ["reader", "editor"]) @pytest.mark.parametrize("via", VIA) def test_api_template_accesses_create_authenticated_editor_or_reader( - via, role, mock_user_get_teams + via, role, mock_user_teams ): """Editors or readers of a template should not be allowed to create template accesses.""" user = factories.UserFactory() @@ -273,7 +273,7 @@ def test_api_template_accesses_create_authenticated_editor_or_reader( if via == USER: factories.UserTemplateAccessFactory(template=template, user=user, role=role) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamTemplateAccessFactory( template=template, team="lasuite", role=role ) @@ -296,9 +296,7 @@ def test_api_template_accesses_create_authenticated_editor_or_reader( @pytest.mark.parametrize("via", VIA) -def test_api_template_accesses_create_authenticated_administrator( - via, mock_user_get_teams -): +def test_api_template_accesses_create_authenticated_administrator(via, mock_user_teams): """ Administrators of a template should be able to create template accesses except for the "owner" role. @@ -314,7 +312,7 @@ def test_api_template_accesses_create_authenticated_administrator( template=template, user=user, role="administrator" ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamTemplateAccessFactory( template=template, team="lasuite", role="administrator" ) @@ -363,7 +361,7 @@ def test_api_template_accesses_create_authenticated_administrator( @pytest.mark.parametrize("via", VIA) -def test_api_template_accesses_create_authenticated_owner(via, mock_user_get_teams): +def test_api_template_accesses_create_authenticated_owner(via, mock_user_teams): """ Owners of a template should be able to create template accesses whatever the role. """ @@ -376,7 +374,7 @@ def test_api_template_accesses_create_authenticated_owner(via, mock_user_get_tea if via == USER: factories.UserTemplateAccessFactory(template=template, user=user, role="owner") elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamTemplateAccessFactory( template=template, team="lasuite", role="owner" ) @@ -466,7 +464,7 @@ def test_api_template_accesses_update_authenticated_unrelated(): @pytest.mark.parametrize("role", ["reader", "editor"]) @pytest.mark.parametrize("via", VIA) def test_api_template_accesses_update_authenticated_editor_or_reader( - via, role, mock_user_get_teams + via, role, mock_user_teams ): """Editors or readers of a template should not be allowed to update its accesses.""" user = factories.UserFactory() @@ -478,7 +476,7 @@ def test_api_template_accesses_update_authenticated_editor_or_reader( if via == USER: factories.UserTemplateAccessFactory(template=template, user=user, role=role) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamTemplateAccessFactory( template=template, team="lasuite", role=role ) @@ -506,9 +504,7 @@ def test_api_template_accesses_update_authenticated_editor_or_reader( @pytest.mark.parametrize("via", VIA) -def test_api_template_accesses_update_administrator_except_owner( - via, mock_user_get_teams -): +def test_api_template_accesses_update_administrator_except_owner(via, mock_user_teams): """ A user who is a direct administrator in a template should be allowed to update a user access for this template, as long as they don't try to set the role to owner. @@ -524,7 +520,7 @@ def test_api_template_accesses_update_administrator_except_owner( template=template, user=user, role="administrator" ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamTemplateAccessFactory( template=template, team="lasuite", role="administrator" ) @@ -565,9 +561,7 @@ def test_api_template_accesses_update_administrator_except_owner( @pytest.mark.parametrize("via", VIA) -def test_api_template_accesses_update_administrator_from_owner( - via, mock_user_get_teams -): +def test_api_template_accesses_update_administrator_from_owner(via, mock_user_teams): """ A user who is an administrator in a template, should not be allowed to update the user access of an "owner" for this template. @@ -583,7 +577,7 @@ def test_api_template_accesses_update_administrator_from_owner( template=template, user=user, role="administrator" ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamTemplateAccessFactory( template=template, team="lasuite", role="administrator" ) @@ -614,7 +608,7 @@ def test_api_template_accesses_update_administrator_from_owner( @pytest.mark.parametrize("via", VIA) -def test_api_template_accesses_update_administrator_to_owner(via, mock_user_get_teams): +def test_api_template_accesses_update_administrator_to_owner(via, mock_user_teams): """ A user who is an administrator in a template, should not be allowed to update the user access of another user to grant template ownership. @@ -630,7 +624,7 @@ def test_api_template_accesses_update_administrator_to_owner(via, mock_user_get_ template=template, user=user, role="administrator" ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamTemplateAccessFactory( template=template, team="lasuite", role="administrator" ) @@ -668,7 +662,7 @@ def test_api_template_accesses_update_administrator_to_owner(via, mock_user_get_ @pytest.mark.parametrize("via", VIA) -def test_api_template_accesses_update_owner(via, mock_user_get_teams): +def test_api_template_accesses_update_owner(via, mock_user_teams): """ A user who is an owner in a template should be allowed to update a user access for this template whatever the role. @@ -682,7 +676,7 @@ def test_api_template_accesses_update_owner(via, mock_user_get_teams): if via == USER: factories.UserTemplateAccessFactory(template=template, user=user, role="owner") elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamTemplateAccessFactory( template=template, team="lasuite", role="owner" ) @@ -724,7 +718,7 @@ def test_api_template_accesses_update_owner(via, mock_user_get_teams): @pytest.mark.parametrize("via", VIA) -def test_api_template_accesses_update_owner_self(via, mock_user_get_teams): +def test_api_template_accesses_update_owner_self(via, mock_user_teams): """ A user who is owner of a template should be allowed to update their own user access provided there are other owners in the template. @@ -741,7 +735,7 @@ def test_api_template_accesses_update_owner_self(via, mock_user_get_teams): template=template, user=user, role="owner" ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] access = factories.TeamTemplateAccessFactory( template=template, team="lasuite", role="owner" ) @@ -810,7 +804,7 @@ def test_api_template_accesses_delete_authenticated(): @pytest.mark.parametrize("role", ["reader", "editor"]) @pytest.mark.parametrize("via", VIA) -def test_api_template_accesses_delete_editor_or_reader(via, role, mock_user_get_teams): +def test_api_template_accesses_delete_editor_or_reader(via, role, mock_user_teams): """ Authenticated users should not be allowed to delete a template access for a template in which they are a simple editor or reader. @@ -824,7 +818,7 @@ def test_api_template_accesses_delete_editor_or_reader(via, role, mock_user_get_ if via == USER: factories.UserTemplateAccessFactory(template=template, user=user, role=role) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamTemplateAccessFactory( template=template, team="lasuite", role=role ) @@ -844,7 +838,7 @@ def test_api_template_accesses_delete_editor_or_reader(via, role, mock_user_get_ @pytest.mark.parametrize("via", VIA) def test_api_template_accesses_delete_administrators_except_owners( - via, mock_user_get_teams + via, mock_user_teams ): """ Users who are administrators in a template should be allowed to delete an access @@ -861,7 +855,7 @@ def test_api_template_accesses_delete_administrators_except_owners( template=template, user=user, role="administrator" ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamTemplateAccessFactory( template=template, team="lasuite", role="administrator" ) @@ -882,7 +876,7 @@ def test_api_template_accesses_delete_administrators_except_owners( @pytest.mark.parametrize("via", VIA) -def test_api_template_accesses_delete_administrator_on_owners(via, mock_user_get_teams): +def test_api_template_accesses_delete_administrator_on_owners(via, mock_user_teams): """ Users who are administrators in a template should not be allowed to delete an ownership access from the template. @@ -898,7 +892,7 @@ def test_api_template_accesses_delete_administrator_on_owners(via, mock_user_get template=template, user=user, role="administrator" ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamTemplateAccessFactory( template=template, team="lasuite", role="administrator" ) @@ -917,7 +911,7 @@ def test_api_template_accesses_delete_administrator_on_owners(via, mock_user_get @pytest.mark.parametrize("via", VIA) -def test_api_template_accesses_delete_owners(via, mock_user_get_teams): +def test_api_template_accesses_delete_owners(via, mock_user_teams): """ Users should be able to delete the template access of another user for a template of which they are owner. @@ -931,7 +925,7 @@ def test_api_template_accesses_delete_owners(via, mock_user_get_teams): if via == USER: factories.UserTemplateAccessFactory(template=template, user=user, role="owner") elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamTemplateAccessFactory( template=template, team="lasuite", role="owner" ) @@ -950,7 +944,7 @@ def test_api_template_accesses_delete_owners(via, mock_user_get_teams): @pytest.mark.parametrize("via", VIA) -def test_api_template_accesses_delete_owners_last_owner(via, mock_user_get_teams): +def test_api_template_accesses_delete_owners_last_owner(via, mock_user_teams): """ It should not be possible to delete the last owner access from a template """ @@ -966,7 +960,7 @@ def test_api_template_accesses_delete_owners_last_owner(via, mock_user_get_teams template=template, user=user, role="owner" ) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] access = factories.TeamTemplateAccessFactory( template=template, team="lasuite", role="owner" ) diff --git a/src/backend/core/tests/test_models_invitations.py b/src/backend/core/tests/test_models_invitations.py index 2ed88571..bfb3fdf5 100644 --- a/src/backend/core/tests/test_models_invitations.py +++ b/src/backend/core/tests/test_models_invitations.py @@ -189,7 +189,7 @@ def test_models_document_invitations_get_abilities_authenticated(): @pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("role", ["administrator", "owner"]) def test_models_document_invitations_get_abilities_privileged_member( - role, via, mock_user_get_teams + role, via, mock_user_teams ): """Check abilities for a document member with a privileged role.""" @@ -198,7 +198,7 @@ def test_models_document_invitations_get_abilities_privileged_member( if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role=role) elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role=role ) @@ -217,7 +217,7 @@ def test_models_document_invitations_get_abilities_privileged_member( @pytest.mark.parametrize("via", VIA) -def test_models_document_invitations_get_abilities_reader(via, mock_user_get_teams): +def test_models_document_invitations_get_abilities_reader(via, mock_user_teams): """Check abilities for a document reader with 'reader' role.""" user = factories.UserFactory() @@ -225,7 +225,7 @@ def test_models_document_invitations_get_abilities_reader(via, mock_user_get_tea if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role="reader") elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role="reader" ) @@ -242,7 +242,7 @@ def test_models_document_invitations_get_abilities_reader(via, mock_user_get_tea @pytest.mark.parametrize("via", VIA) -def test_models_document_invitations_get_abilities_editor(via, mock_user_get_teams): +def test_models_document_invitations_get_abilities_editor(via, mock_user_teams): """Check abilities for a document editor with 'editor' role.""" user = factories.UserFactory() @@ -250,7 +250,7 @@ def test_models_document_invitations_get_abilities_editor(via, mock_user_get_tea if via == USER: factories.UserDocumentAccessFactory(document=document, user=user, role="editor") elif via == TEAM: - mock_user_get_teams.return_value = ["lasuite", "unknown"] + mock_user_teams.return_value = ["lasuite", "unknown"] factories.TeamDocumentAccessFactory( document=document, team="lasuite", role="editor" )