studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🛂(backend) stop to list public doc to everyone

Browse Source 
Everybody could see the full list of public docs.
Now only members can see their public docs.
They can still access to any specific public doc.
This commit is contained in:
Anthony LC
2024-09-06 16:12:02 +02:00
committed by Samuel Paccoud
parent b716881d50
commit 140a630a6e
22 changed files with 290 additions and 291 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -16,6 +16,7 @@ and this project adheres to
## Changed ## Changed
- 🛂(backend) stop to list public doc to everyone #234
- 🚚(frontend) change visibility in share modal #235 - 🚚(frontend) change visibility in share modal #235

10
src/backend/core/api/serializers.py
View File

@@ -66,9 +66,8 @@ class BaseAccessSerializer(serializers.ModelSerializer):
"You must set a resource ID in kwargs to create a new access." "You must set a resource ID in kwargs to create a new access."
) from exc ) from exc
teams = user.get_teams()
if not self.Meta.model.objects.filter( # pylint: disable=no-member if not self.Meta.model.objects.filter( # pylint: disable=no-member
Q(user=user) | Q(team__in=teams), Q(user=user) | Q(team__in=user.teams),
role__in=[models.RoleChoices.OWNER, models.RoleChoices.ADMIN], role__in=[models.RoleChoices.OWNER, models.RoleChoices.ADMIN],
).exists(): ).exists():
raise exceptions.PermissionDenied( raise exceptions.PermissionDenied(
@@ -78,7 +77,7 @@ class BaseAccessSerializer(serializers.ModelSerializer):
if ( if (
role == models.RoleChoices.OWNER role == models.RoleChoices.OWNER
and not self.Meta.model.objects.filter( # pylint: disable=no-member and not self.Meta.model.objects.filter( # pylint: disable=no-member
Q(user=user) | Q(team__in=teams), Q(user=user) | Q(team__in=user.teams),
role=models.RoleChoices.OWNER, role=models.RoleChoices.OWNER,
**{self.Meta.resource_field_name: resource_id}, # pylint: disable=no-member **{self.Meta.resource_field_name: resource_id}, # pylint: disable=no-member
).exists() ).exists()
@@ -272,9 +271,8 @@ class InvitationSerializer(serializers.ModelSerializer):
"Anonymous users are not allowed to create invitations." "Anonymous users are not allowed to create invitations."
) )
teams = user.get_teams()
if not models.DocumentAccess.objects.filter( if not models.DocumentAccess.objects.filter(
Q(user=user) | Q(team__in=teams), Q(user=user) | Q(team__in=user.teams),
document=document_id, document=document_id,
role__in=[models.RoleChoices.OWNER, models.RoleChoices.ADMIN], role__in=[models.RoleChoices.OWNER, models.RoleChoices.ADMIN],
).exists(): ).exists():
@@ -285,7 +283,7 @@ class InvitationSerializer(serializers.ModelSerializer):
if ( if (
role == models.RoleChoices.OWNER role == models.RoleChoices.OWNER
and not models.DocumentAccess.objects.filter( and not models.DocumentAccess.objects.filter(
Q(user=user) | Q(team__in=teams), Q(user=user) | Q(team__in=user.teams),
document=document_id, document=document_id,
role=models.RoleChoices.OWNER, role=models.RoleChoices.OWNER,
).exists() ).exists()

42
src/backend/core/api/viewsets.py
View File

@@ -189,24 +189,35 @@ class ResourceViewsetMixin:
return queryset.filter(is_public=True) return queryset.filter(is_public=True)
user = self.request.user user = self.request.user
teams = user.get_teams()
user_roles_query = ( user_roles_query = (
self.access_model_class.objects.filter( self.access_model_class.objects.filter(
Q(user=user) | Q(team__in=teams), Q(user=user) | Q(team__in=user.teams),
**{self.resource_field_name: OuterRef("pk")}, **{self.resource_field_name: OuterRef("pk")},
) )
.values(self.resource_field_name) .values(self.resource_field_name)
.annotate(roles_array=ArrayAgg("role")) .annotate(roles_array=ArrayAgg("role"))
.values("roles_array") .values("roles_array")
) )
return ( return queryset.annotate(user_roles=Subquery(user_roles_query)).distinct()
queryset.filter(
Q(accesses__user=user) | Q(accesses__team__in=teams) | Q(is_public=True) def list(self, request, *args, **kwargs):
"""Restrict resources returned by the list endpoint"""
queryset = self.filter_queryset(self.get_queryset())
if self.request.user.is_authenticated:
user = self.request.user
queryset = queryset.filter(
Q(accesses__user=user) | Q(accesses__team__in=user.teams)
) )
.annotate(user_roles=Subquery(user_roles_query)) else:
.distinct() queryset = queryset.none()
)
page = self.paginate_queryset(queryset)
if page is not None:
serializer = self.get_serializer(page, many=True)
return self.get_paginated_response(serializer.data)
serializer = self.get_serializer(queryset, many=True)
return drf_response.Response(serializer.data)
def perform_create(self, serializer): def perform_create(self, serializer):
"""Set the current user as owner of the newly created object.""" """Set the current user as owner of the newly created object."""
@@ -245,8 +256,7 @@ class ResourceAccessViewsetMixin:
if self.action == "list": if self.action == "list":
user = self.request.user user = self.request.user
teams = user.get_teams() teams = user.teams
user_roles_query = ( user_roles_query = (
queryset.filter( queryset.filter(
Q(user=user) | Q(team__in=teams), Q(user=user) | Q(team__in=teams),
@@ -314,7 +324,6 @@ class DocumentViewSet(
ResourceViewsetMixin, ResourceViewsetMixin,
mixins.CreateModelMixin, mixins.CreateModelMixin,
mixins.DestroyModelMixin, mixins.DestroyModelMixin,
mixins.ListModelMixin,
mixins.RetrieveModelMixin, mixins.RetrieveModelMixin,
mixins.UpdateModelMixin, mixins.UpdateModelMixin,
viewsets.GenericViewSet, viewsets.GenericViewSet,
@@ -351,10 +360,11 @@ class DocumentViewSet(
to the document to the document
""" """
document = self.get_object() document = self.get_object()
user = request.user
from_datetime = min( from_datetime = min(
access.created_at access.created_at
for access in document.accesses.filter( for access in document.accesses.filter(
Q(user=request.user) | Q(team__in=request.user.get_teams()), Q(user=user) | Q(team__in=user.teams),
) )
) )
@@ -386,10 +396,11 @@ class DocumentViewSet(
# Don't let users access versions that were created before they were given access # Don't let users access versions that were created before they were given access
# to the document # to the document
user = request.user
from_datetime = min( from_datetime = min(
access.created_at access.created_at
for access in document.accesses.filter( for access in document.accesses.filter(
Q(user=request.user) | Q(team__in=request.user.get_teams()), Q(user=user) | Q(team__in=user.teams),
) )
) )
if response["LastModified"] < from_datetime: if response["LastModified"] < from_datetime:
@@ -529,7 +540,6 @@ class TemplateViewSet(
ResourceViewsetMixin, ResourceViewsetMixin,
mixins.CreateModelMixin, mixins.CreateModelMixin,
mixins.DestroyModelMixin, mixins.DestroyModelMixin,
mixins.ListModelMixin,
mixins.RetrieveModelMixin, mixins.RetrieveModelMixin,
mixins.UpdateModelMixin, mixins.UpdateModelMixin,
viewsets.GenericViewSet, viewsets.GenericViewSet,
@@ -671,7 +681,7 @@ class InvitationViewset(
if self.action == "list": if self.action == "list":
user = self.request.user user = self.request.user
teams = user.get_teams() teams = user.teams
# Determine which role the logged-in user has in the document # Determine which role the logged-in user has in the document
user_roles_query = ( user_roles_query = (

12
src/backend/core/models.py
View File

@@ -21,7 +21,7 @@ from django.http import FileResponse
from django.template.base import Template as DjangoTemplate from django.template.base import Template as DjangoTemplate
from django.template.context import Context from django.template.context import Context
from django.utils import html, timezone from django.utils import html, timezone
from django.utils.functional import lazy from django.utils.functional import cached_property, lazy
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
import frontmatter import frontmatter
@@ -42,10 +42,9 @@ def get_resource_roles(resource, user):
try: try:
roles = resource.user_roles or [] roles = resource.user_roles or []
except AttributeError: except AttributeError:
teams = user.get_teams()
try: try:
roles = resource.accesses.filter( roles = resource.accesses.filter(
models.Q(user=user) | models.Q(team__in=teams), models.Q(user=user) | models.Q(team__in=user.teams),
).values_list("role", flat=True) ).values_list("role", flat=True)
except (models.ObjectDoesNotExist, IndexError): except (models.ObjectDoesNotExist, IndexError):
roles = [] roles = []
@@ -215,7 +214,8 @@ class User(AbstractBaseUser, BaseModel, auth_models.PermissionsMixin):
raise ValueError("User has no email address.") raise ValueError("User has no email address.")
mail.send_mail(subject, message, from_email, [self.email], **kwargs) mail.send_mail(subject, message, from_email, [self.email], **kwargs)
def get_teams(self): @cached_property
def teams(self):
""" """
Get list of teams in which the user is, as a list of strings. Get list of teams in which the user is, as a list of strings.
Must be cached if retrieved remotely. Must be cached if retrieved remotely.
@@ -247,7 +247,7 @@ class BaseAccess(BaseModel):
""" """
roles = [] roles = []
if user.is_authenticated: if user.is_authenticated:
teams = user.get_teams() teams = user.teams
try: try:
roles = self.user_roles or [] roles = self.user_roles or []
except AttributeError: except AttributeError:
@@ -778,7 +778,7 @@ class Invitation(BaseModel):
roles = [] roles = []
if user.is_authenticated: if user.is_authenticated:
teams = user.get_teams() teams = user.teams
try: try:
roles = self.user_roles or [] roles = self.user_roles or []
except AttributeError: except AttributeError:

10
src/backend/core/tests/conftest.py
View File

@@ -10,7 +10,9 @@ VIA = [USER, TEAM]
@pytest.fixture @pytest.fixture
def mock_user_get_teams(): def mock_user_teams():
"""Mock for the "get_teams" method on the User model.""" """Mock for the "teams" property on the User model."""
with mock.patch("core.models.User.get_teams") as mock_get_teams: with mock.patch(
yield mock_get_teams "core.models.User.teams", new_callable=mock.PropertyMock
) as mock_teams:
yield mock_teams

56
src/backend/core/tests/documents/test_api_document_accesses.py
View File

@@ -57,7 +57,7 @@ def test_api_document_accesses_list_authenticated_unrelated():
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_accesses_list_authenticated_related(via, mock_user_get_teams): def test_api_document_accesses_list_authenticated_related(via, mock_user_teams):
""" """
Authenticated users should be able to list document accesses for a document Authenticated users should be able to list document accesses for a document
to which they are directly related, whatever their role in the document. to which they are directly related, whatever their role in the document.
@@ -76,7 +76,7 @@ def test_api_document_accesses_list_authenticated_related(via, mock_user_get_tea
role=random.choice(models.RoleChoices.choices)[0], role=random.choice(models.RoleChoices.choices)[0],
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
user_access = models.DocumentAccess.objects.create( user_access = models.DocumentAccess.objects.create(
document=document, document=document,
team="lasuite", team="lasuite",
@@ -181,7 +181,7 @@ def test_api_document_accesses_retrieve_authenticated_unrelated():
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_accesses_retrieve_authenticated_related(via, mock_user_get_teams): def test_api_document_accesses_retrieve_authenticated_related(via, mock_user_teams):
""" """
A user who is related to a document should be allowed to retrieve the A user who is related to a document should be allowed to retrieve the
associated document user accesses. associated document user accesses.
@@ -195,7 +195,7 @@ def test_api_document_accesses_retrieve_authenticated_related(via, mock_user_get
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user) factories.UserDocumentAccessFactory(document=document, user=user)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory(document=document, team="lasuite") factories.TeamDocumentAccessFactory(document=document, team="lasuite")
access = factories.UserDocumentAccessFactory(document=document) access = factories.UserDocumentAccessFactory(document=document)
@@ -276,7 +276,7 @@ def test_api_document_accesses_update_authenticated_unrelated():
@pytest.mark.parametrize("role", ["reader", "editor"]) @pytest.mark.parametrize("role", ["reader", "editor"])
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_accesses_update_authenticated_reader_or_editor( def test_api_document_accesses_update_authenticated_reader_or_editor(
via, role, mock_user_get_teams via, role, mock_user_teams
): ):
"""Readers or editors of a document should not be allowed to update its accesses.""" """Readers or editors of a document should not be allowed to update its accesses."""
user = factories.UserFactory() user = factories.UserFactory()
@@ -288,7 +288,7 @@ def test_api_document_accesses_update_authenticated_reader_or_editor(
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role=role) factories.UserDocumentAccessFactory(document=document, user=user, role=role)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role=role document=document, team="lasuite", role=role
) )
@@ -316,9 +316,7 @@ def test_api_document_accesses_update_authenticated_reader_or_editor(
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_accesses_update_administrator_except_owner( def test_api_document_accesses_update_administrator_except_owner(via, mock_user_teams):
via, mock_user_get_teams
):
""" """
A user who is a direct administrator in a document should be allowed to update a user A user who is a direct administrator in a document should be allowed to update a user
access for this document, as long as they don't try to set the role to owner. access for this document, as long as they don't try to set the role to owner.
@@ -334,7 +332,7 @@ def test_api_document_accesses_update_administrator_except_owner(
document=document, user=user, role="administrator" document=document, user=user, role="administrator"
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role="administrator" document=document, team="lasuite", role="administrator"
) )
@@ -375,9 +373,7 @@ def test_api_document_accesses_update_administrator_except_owner(
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_accesses_update_administrator_from_owner( def test_api_document_accesses_update_administrator_from_owner(via, mock_user_teams):
via, mock_user_get_teams
):
""" """
A user who is an administrator in a document, should not be allowed to update A user who is an administrator in a document, should not be allowed to update
the user access of an "owner" for this document. the user access of an "owner" for this document.
@@ -393,7 +389,7 @@ def test_api_document_accesses_update_administrator_from_owner(
document=document, user=user, role="administrator" document=document, user=user, role="administrator"
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role="administrator" document=document, team="lasuite", role="administrator"
) )
@@ -424,7 +420,7 @@ def test_api_document_accesses_update_administrator_from_owner(
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_accesses_update_administrator_to_owner(via, mock_user_get_teams): def test_api_document_accesses_update_administrator_to_owner(via, mock_user_teams):
""" """
A user who is an administrator in a document, should not be allowed to update A user who is an administrator in a document, should not be allowed to update
the user access of another user to grant document ownership. the user access of another user to grant document ownership.
@@ -440,7 +436,7 @@ def test_api_document_accesses_update_administrator_to_owner(via, mock_user_get_
document=document, user=user, role="administrator" document=document, user=user, role="administrator"
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role="administrator" document=document, team="lasuite", role="administrator"
) )
@@ -478,7 +474,7 @@ def test_api_document_accesses_update_administrator_to_owner(via, mock_user_get_
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_accesses_update_owner(via, mock_user_get_teams): def test_api_document_accesses_update_owner(via, mock_user_teams):
""" """
A user who is an owner in a document should be allowed to update A user who is an owner in a document should be allowed to update
a user access for this document whatever the role. a user access for this document whatever the role.
@@ -492,7 +488,7 @@ def test_api_document_accesses_update_owner(via, mock_user_get_teams):
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role="owner") factories.UserDocumentAccessFactory(document=document, user=user, role="owner")
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role="owner" document=document, team="lasuite", role="owner"
) )
@@ -534,7 +530,7 @@ def test_api_document_accesses_update_owner(via, mock_user_get_teams):
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_accesses_update_owner_self(via, mock_user_get_teams): def test_api_document_accesses_update_owner_self(via, mock_user_teams):
""" """
A user who is owner of a document should be allowed to update A user who is owner of a document should be allowed to update
their own user access provided there are other owners in the document. their own user access provided there are other owners in the document.
@@ -551,7 +547,7 @@ def test_api_document_accesses_update_owner_self(via, mock_user_get_teams):
document=document, user=user, role="owner" document=document, user=user, role="owner"
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
access = factories.TeamDocumentAccessFactory( access = factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role="owner" document=document, team="lasuite", role="owner"
) )
@@ -626,7 +622,7 @@ def test_api_document_accesses_delete_authenticated():
@pytest.mark.parametrize("role", ["reader", "editor"]) @pytest.mark.parametrize("role", ["reader", "editor"])
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_accesses_delete_reader_or_editor(via, role, mock_user_get_teams): def test_api_document_accesses_delete_reader_or_editor(via, role, mock_user_teams):
""" """
Authenticated users should not be allowed to delete a document access for a Authenticated users should not be allowed to delete a document access for a
document in which they are a simple reader or editor. document in which they are a simple reader or editor.
@@ -640,7 +636,7 @@ def test_api_document_accesses_delete_reader_or_editor(via, role, mock_user_get_
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role=role) factories.UserDocumentAccessFactory(document=document, user=user, role=role)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role=role document=document, team="lasuite", role=role
) )
@@ -660,7 +656,7 @@ def test_api_document_accesses_delete_reader_or_editor(via, role, mock_user_get_
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_accesses_delete_administrators_except_owners( def test_api_document_accesses_delete_administrators_except_owners(
via, mock_user_get_teams via, mock_user_teams
): ):
""" """
Users who are administrators in a document should be allowed to delete an access Users who are administrators in a document should be allowed to delete an access
@@ -677,7 +673,7 @@ def test_api_document_accesses_delete_administrators_except_owners(
document=document, user=user, role="administrator" document=document, user=user, role="administrator"
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role="administrator" document=document, team="lasuite", role="administrator"
) )
@@ -698,7 +694,7 @@ def test_api_document_accesses_delete_administrators_except_owners(
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_accesses_delete_administrator_on_owners(via, mock_user_get_teams): def test_api_document_accesses_delete_administrator_on_owners(via, mock_user_teams):
""" """
Users who are administrators in a document should not be allowed to delete an ownership Users who are administrators in a document should not be allowed to delete an ownership
access from the document. access from the document.
@@ -714,7 +710,7 @@ def test_api_document_accesses_delete_administrator_on_owners(via, mock_user_get
document=document, user=user, role="administrator" document=document, user=user, role="administrator"
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role="administrator" document=document, team="lasuite", role="administrator"
) )
@@ -733,7 +729,7 @@ def test_api_document_accesses_delete_administrator_on_owners(via, mock_user_get
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_accesses_delete_owners(via, mock_user_get_teams): def test_api_document_accesses_delete_owners(via, mock_user_teams):
""" """
Users should be able to delete the document access of another user Users should be able to delete the document access of another user
for a document of which they are owner. for a document of which they are owner.
@@ -747,7 +743,7 @@ def test_api_document_accesses_delete_owners(via, mock_user_get_teams):
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role="owner") factories.UserDocumentAccessFactory(document=document, user=user, role="owner")
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role="owner" document=document, team="lasuite", role="owner"
) )
@@ -766,7 +762,7 @@ def test_api_document_accesses_delete_owners(via, mock_user_get_teams):
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_accesses_delete_owners_last_owner(via, mock_user_get_teams): def test_api_document_accesses_delete_owners_last_owner(via, mock_user_teams):
""" """
It should not be possible to delete the last owner access from a document It should not be possible to delete the last owner access from a document
""" """
@@ -782,7 +778,7 @@ def test_api_document_accesses_delete_owners_last_owner(via, mock_user_get_teams
document=document, user=user, role="owner" document=document, user=user, role="owner"
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
access = factories.TeamDocumentAccessFactory( access = factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role="owner" document=document, team="lasuite", role="owner"
) )

14
src/backend/core/tests/documents/test_api_document_accesses_create.py
View File

@@ -66,7 +66,7 @@ def test_api_document_accesses_create_authenticated_unrelated():
@pytest.mark.parametrize("role", ["reader", "editor"]) @pytest.mark.parametrize("role", ["reader", "editor"])
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_accesses_create_authenticated_reader_or_editor( def test_api_document_accesses_create_authenticated_reader_or_editor(
via, role, mock_user_get_teams via, role, mock_user_teams
): ):
"""Readers or editors of a document should not be allowed to create document accesses.""" """Readers or editors of a document should not be allowed to create document accesses."""
user = factories.UserFactory() user = factories.UserFactory()
@@ -78,7 +78,7 @@ def test_api_document_accesses_create_authenticated_reader_or_editor(
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role=role) factories.UserDocumentAccessFactory(document=document, user=user, role=role)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role=role document=document, team="lasuite", role=role
) )
@@ -101,9 +101,7 @@ def test_api_document_accesses_create_authenticated_reader_or_editor(
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_accesses_create_authenticated_administrator( def test_api_document_accesses_create_authenticated_administrator(via, mock_user_teams):
via, mock_user_get_teams
):
""" """
Administrators of a document should be able to create document accesses Administrators of a document should be able to create document accesses
except for the "owner" role. except for the "owner" role.
@@ -120,7 +118,7 @@ def test_api_document_accesses_create_authenticated_administrator(
document=document, user=user, role="administrator" document=document, user=user, role="administrator"
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role="administrator" document=document, team="lasuite", role="administrator"
) )
@@ -178,7 +176,7 @@ def test_api_document_accesses_create_authenticated_administrator(
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_accesses_create_authenticated_owner(via, mock_user_get_teams): def test_api_document_accesses_create_authenticated_owner(via, mock_user_teams):
""" """
Owners of a document should be able to create document accesses whatever the role. Owners of a document should be able to create document accesses whatever the role.
An email should be sent to the accesses to notify them of the adding. An email should be sent to the accesses to notify them of the adding.
@@ -192,7 +190,7 @@ def test_api_document_accesses_create_authenticated_owner(via, mock_user_get_tea
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role="owner") factories.UserDocumentAccessFactory(document=document, user=user, role="owner")
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role="owner" document=document, team="lasuite", role="owner"
) )

34
src/backend/core/tests/documents/test_api_document_invitations.py
View File

@@ -80,7 +80,7 @@ def test_api_document_invitations__create__authenticated_outsider():
) )
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_invitations__create__privileged_members( def test_api_document_invitations__create__privileged_members(
via, inviting, invited, is_allowed, mock_user_get_teams via, inviting, invited, is_allowed, mock_user_teams
): ):
""" """
Only owners and administrators should be able to invite new users. Only owners and administrators should be able to invite new users.
@@ -91,7 +91,7 @@ def test_api_document_invitations__create__privileged_members(
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role=inviting) factories.UserDocumentAccessFactory(document=document, user=user, role=inviting)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role=inviting document=document, team="lasuite", role=inviting
) )
@@ -291,7 +291,7 @@ def test_api_document_invitations__list__anonymous_user():
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_invitations__list__authenticated( def test_api_document_invitations__list__authenticated(
via, mock_user_get_teams, django_assert_num_queries via, mock_user_teams, django_assert_num_queries
): ):
""" """
Authenticated users should be able to list invitations for documents to which they are Authenticated users should be able to list invitations for documents to which they are
@@ -304,7 +304,7 @@ def test_api_document_invitations__list__authenticated(
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role=role) factories.UserDocumentAccessFactory(document=document, user=user, role=role)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role=role document=document, team="lasuite", role=role
) )
@@ -432,7 +432,7 @@ def test_api_document_invitations__retrieve__unrelated_user():
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_invitations__retrieve__document_member(via, mock_user_get_teams): def test_api_document_invitations__retrieve__document_member(via, mock_user_teams):
""" """
Authenticated users related to the document should be able to retrieve invitations Authenticated users related to the document should be able to retrieve invitations
whatever their role in the document. whatever their role in the document.
@@ -445,7 +445,7 @@ def test_api_document_invitations__retrieve__document_member(via, mock_user_get_
document=invitation.document, user=user, role=role document=invitation.document, user=user, role=role
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=invitation.document, team="lasuite", role=role document=invitation.document, team="lasuite", role=role
) )
@@ -475,7 +475,7 @@ def test_api_document_invitations__retrieve__document_member(via, mock_user_get_
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_invitations__put_authenticated(via, mock_user_get_teams): def test_api_document_invitations__put_authenticated(via, mock_user_teams):
""" """
Authenticated user can put invitations. Authenticated user can put invitations.
""" """
@@ -486,7 +486,7 @@ def test_api_document_invitations__put_authenticated(via, mock_user_get_teams):
document=invitation.document, user=user, role="owner" document=invitation.document, user=user, role="owner"
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=invitation.document, team="lasuite", role="owner" document=invitation.document, team="lasuite", role="owner"
) )
@@ -503,7 +503,7 @@ def test_api_document_invitations__put_authenticated(via, mock_user_get_teams):
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_invitations__patch_authenticated(via, mock_user_get_teams): def test_api_document_invitations__patch_authenticated(via, mock_user_teams):
""" """
Authenticated user can patch invitations. Authenticated user can patch invitations.
""" """
@@ -514,7 +514,7 @@ def test_api_document_invitations__patch_authenticated(via, mock_user_get_teams)
document=invitation.document, user=user, role="owner" document=invitation.document, user=user, role="owner"
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=invitation.document, team="lasuite", role="owner" document=invitation.document, team="lasuite", role="owner"
) )
@@ -546,7 +546,7 @@ def test_api_document_invitations__patch_authenticated(via, mock_user_get_teams)
["editor", "reader"], ["editor", "reader"],
) )
def test_api_document_invitations__update__forbidden__not_authenticated( def test_api_document_invitations__update__forbidden__not_authenticated(
method, via, role, mock_user_get_teams method, via, role, mock_user_teams
): ):
""" """
Update of invitations is currently forbidden. Update of invitations is currently forbidden.
@@ -558,7 +558,7 @@ def test_api_document_invitations__update__forbidden__not_authenticated(
document=invitation.document, user=user, role=role document=invitation.document, user=user, role=role
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=invitation.document, team="lasuite", role=role document=invitation.document, team="lasuite", role=role
) )
@@ -607,7 +607,7 @@ def test_api_document_invitations__delete__authenticated_outsider():
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
@pytest.mark.parametrize("role", ["owner", "administrator"]) @pytest.mark.parametrize("role", ["owner", "administrator"])
def test_api_document_invitations__delete__privileged_members( def test_api_document_invitations__delete__privileged_members(
role, via, mock_user_get_teams role, via, mock_user_teams
): ):
"""Privileged member should be able to cancel invitation.""" """Privileged member should be able to cancel invitation."""
user = factories.UserFactory() user = factories.UserFactory()
@@ -615,7 +615,7 @@ def test_api_document_invitations__delete__privileged_members(
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role=role) factories.UserDocumentAccessFactory(document=document, user=user, role=role)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role=role document=document, team="lasuite", role=role
) )
@@ -632,16 +632,14 @@ def test_api_document_invitations__delete__privileged_members(
@pytest.mark.parametrize("role", ["reader", "editor"]) @pytest.mark.parametrize("role", ["reader", "editor"])
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_invitations_delete_readers_or_editors( def test_api_document_invitations_delete_readers_or_editors(via, role, mock_user_teams):
via, role, mock_user_get_teams
):
"""Readers or editors should not be able to cancel invitation.""" """Readers or editors should not be able to cancel invitation."""
user = factories.UserFactory() user = factories.UserFactory()
document = factories.DocumentFactory() document = factories.DocumentFactory()
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role=role) factories.UserDocumentAccessFactory(document=document, user=user, role=role)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role=role document=document, team="lasuite", role=role
) )

44
src/backend/core/tests/documents/test_api_document_versions.py
View File

@@ -86,12 +86,14 @@ def test_api_document_versions_list_authenticated_unrelated_private():
response = client.get( response = client.get(
f"/api/v1.0/documents/{document.id!s}/versions/", f"/api/v1.0/documents/{document.id!s}/versions/",
) )
assert response.status_code == 404 assert response.status_code == 403
assert response.json() == {"detail": "No Document matches the given query."} assert response.json() == {
"detail": "You do not have permission to perform this action."
}
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_versions_list_authenticated_related(via, mock_user_get_teams): def test_api_document_versions_list_authenticated_related(via, mock_user_teams):
""" """
Authenticated users should be able to list document versions for a document Authenticated users should be able to list document versions for a document
to which they are directly related, whatever their role in the document. to which they are directly related, whatever their role in the document.
@@ -109,7 +111,7 @@ def test_api_document_versions_list_authenticated_related(via, mock_user_get_tea
role=random.choice(models.RoleChoices.choices)[0], role=random.choice(models.RoleChoices.choices)[0],
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
models.DocumentAccess.objects.create( models.DocumentAccess.objects.create(
document=document, document=document,
team="lasuite", team="lasuite",
@@ -211,12 +213,14 @@ def test_api_document_versions_retrieve_authenticated_unrelated_private():
response = client.get( response = client.get(
f"/api/v1.0/documents/{document.id!s}/versions/{version_id:s}/", f"/api/v1.0/documents/{document.id!s}/versions/{version_id:s}/",
) )
assert response.status_code == 404 assert response.status_code == 403
assert response.json() == {"detail": "No Document matches the given query."} assert response.json() == {
"detail": "You do not have permission to perform this action."
}
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_versions_retrieve_authenticated_related(via, mock_user_get_teams): def test_api_document_versions_retrieve_authenticated_related(via, mock_user_teams):
""" """
A user who is related to a document should be allowed to retrieve the A user who is related to a document should be allowed to retrieve the
associated document user accesses. associated document user accesses.
@@ -232,10 +236,10 @@ def test_api_document_versions_retrieve_authenticated_related(via, mock_user_get
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user) factories.UserDocumentAccessFactory(document=document, user=user)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory(document=document, team="lasuite") factories.TeamDocumentAccessFactory(document=document, team="lasuite")
# Versions created before the document was shared should not be available to the user # Versions created before the document was shared should not be seen by the user
response = client.get( response = client.get(
f"/api/v1.0/documents/{document.id!s}/versions/{version_id:s}/", f"/api/v1.0/documents/{document.id!s}/versions/{version_id:s}/",
) )
@@ -295,7 +299,7 @@ def test_api_document_versions_create_authenticated_unrelated():
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_versions_create_authenticated_related(via, mock_user_get_teams): def test_api_document_versions_create_authenticated_related(via, mock_user_teams):
""" """
Authenticated users related to a document should not be allowed to create document versions Authenticated users related to a document should not be allowed to create document versions
whatever their role. whatever their role.
@@ -309,7 +313,7 @@ def test_api_document_versions_create_authenticated_related(via, mock_user_get_t
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user) factories.UserDocumentAccessFactory(document=document, user=user)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory(document=document, team="lasuite") factories.TeamDocumentAccessFactory(document=document, team="lasuite")
response = client.post( response = client.post(
@@ -356,7 +360,7 @@ def test_api_document_versions_update_authenticated_unrelated():
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_versions_update_authenticated_related(via, mock_user_get_teams): def test_api_document_versions_update_authenticated_related(via, mock_user_teams):
""" """
Authenticated users with access to a document should not be able to update its versions Authenticated users with access to a document should not be able to update its versions
whatever their role. whatever their role.
@@ -372,7 +376,7 @@ def test_api_document_versions_update_authenticated_related(via, mock_user_get_t
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user) factories.UserDocumentAccessFactory(document=document, user=user)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory(document=document, team="lasuite") factories.TeamDocumentAccessFactory(document=document, team="lasuite")
response = client.put( response = client.put(
@@ -434,13 +438,15 @@ def test_api_document_versions_delete_authenticated_private():
f"/api/v1.0/documents/{document.id!s}/versions/{version_id:s}/", f"/api/v1.0/documents/{document.id!s}/versions/{version_id:s}/",
) )
assert response.status_code == 404 assert response.status_code == 403
assert response.json() == {"detail": "No Document matches the given query."} assert response.json() == {
"detail": "You do not have permission to perform this action."
}
@pytest.mark.parametrize("role", ["reader", "editor"]) @pytest.mark.parametrize("role", ["reader", "editor"])
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_versions_delete_reader_or_editor(via, role, mock_user_get_teams): def test_api_document_versions_delete_reader_or_editor(via, role, mock_user_teams):
""" """
Authenticated users should not be allowed to delete a document version for a Authenticated users should not be allowed to delete a document version for a
document in which they are a simple reader or editor. document in which they are a simple reader or editor.
@@ -454,7 +460,7 @@ def test_api_document_versions_delete_reader_or_editor(via, role, mock_user_get_
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role=role) factories.UserDocumentAccessFactory(document=document, user=user, role=role)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role=role document=document, team="lasuite", role=role
) )
@@ -484,7 +490,7 @@ def test_api_document_versions_delete_reader_or_editor(via, role, mock_user_get_
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_document_versions_delete_administrator_or_owner(via, mock_user_get_teams): def test_api_document_versions_delete_administrator_or_owner(via, mock_user_teams):
""" """
Users who are administrator or owner of a document should be allowed to delete a version. Users who are administrator or owner of a document should be allowed to delete a version.
""" """
@@ -498,7 +504,7 @@ def test_api_document_versions_delete_administrator_or_owner(via, mock_user_get_
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role=role) factories.UserDocumentAccessFactory(document=document, user=user, role=role)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role=role document=document, team="lasuite", role=role
) )

14
src/backend/core/tests/documents/test_api_documents_attachment_upload.py
View File

@@ -67,12 +67,14 @@ def test_api_documents_attachment_upload_authenticated_private():
url = f"/api/v1.0/documents/{document.id!s}/attachment-upload/" url = f"/api/v1.0/documents/{document.id!s}/attachment-upload/"
response = client.post(url, {"file": file}, format="multipart") response = client.post(url, {"file": file}, format="multipart")
assert response.status_code == 404 assert response.status_code == 403
assert response.json() == {"detail": "No Document matches the given query."} assert response.json() == {
"detail": "You do not have permission to perform this action."
}
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_documents_attachment_upload_reader(via, mock_user_get_teams): def test_api_documents_attachment_upload_reader(via, mock_user_teams):
""" """
Users who are simple readers on a document should not be allowed to upload an attachment. Users who are simple readers on a document should not be allowed to upload an attachment.
""" """
@@ -85,7 +87,7 @@ def test_api_documents_attachment_upload_reader(via, mock_user_get_teams):
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role="reader") factories.UserDocumentAccessFactory(document=document, user=user, role="reader")
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role="reader" document=document, team="lasuite", role="reader"
) )
@@ -103,7 +105,7 @@ def test_api_documents_attachment_upload_reader(via, mock_user_get_teams):
@pytest.mark.parametrize("role", ["editor", "administrator", "owner"]) @pytest.mark.parametrize("role", ["editor", "administrator", "owner"])
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_documents_attachment_upload_success(via, role, mock_user_get_teams): def test_api_documents_attachment_upload_success(via, role, mock_user_teams):
""" """
Editors, administrators and owners of a document should be able to upload an attachment. Editors, administrators and owners of a document should be able to upload an attachment.
""" """
@@ -116,7 +118,7 @@ def test_api_documents_attachment_upload_success(via, role, mock_user_get_teams)
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role=role) factories.UserDocumentAccessFactory(document=document, user=user, role=role)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role=role document=document, team="lasuite", role=role
) )

8
src/backend/core/tests/documents/test_api_documents_delete.py
View File

@@ -48,7 +48,7 @@ def test_api_documents_delete_authenticated_unrelated():
@pytest.mark.parametrize("role", ["reader", "editor", "administrator"]) @pytest.mark.parametrize("role", ["reader", "editor", "administrator"])
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_documents_delete_authenticated_not_owner(via, role, mock_user_get_teams): def test_api_documents_delete_authenticated_not_owner(via, role, mock_user_teams):
""" """
Authenticated users should not be allowed to delete a document for which they are Authenticated users should not be allowed to delete a document for which they are
only a reader, editor or administrator. only a reader, editor or administrator.
@@ -62,7 +62,7 @@ def test_api_documents_delete_authenticated_not_owner(via, role, mock_user_get_t
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role=role) factories.UserDocumentAccessFactory(document=document, user=user, role=role)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role=role document=document, team="lasuite", role=role
) )
@@ -79,7 +79,7 @@ def test_api_documents_delete_authenticated_not_owner(via, role, mock_user_get_t
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_documents_delete_authenticated_owner(via, mock_user_get_teams): def test_api_documents_delete_authenticated_owner(via, mock_user_teams):
""" """
Authenticated users should be able to delete a document they own. Authenticated users should be able to delete a document they own.
""" """
@@ -92,7 +92,7 @@ def test_api_documents_delete_authenticated_owner(via, mock_user_get_teams):
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role="owner") factories.UserDocumentAccessFactory(document=document, user=user, role="owner")
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role="owner" document=document, team="lasuite", role="owner"
) )

61
src/backend/core/tests/documents/test_api_documents_list.py
View File

@@ -7,7 +7,6 @@ from unittest import mock
import pytest import pytest
from faker import Faker from faker import Faker
from rest_framework.pagination import PageNumberPagination from rest_framework.pagination import PageNumberPagination
from rest_framework.status import HTTP_200_OK
from rest_framework.test import APIClient from rest_framework.test import APIClient
from core import factories from core import factories
@@ -17,18 +16,19 @@ pytestmark = pytest.mark.django_db
def test_api_documents_list_anonymous(): def test_api_documents_list_anonymous():
"""Anonymous users should only be able to list public documents.""" """Anonymous users should only be able to list documents public or not."""
factories.DocumentFactory.create_batch(2, is_public=False) factories.DocumentFactory.create_batch(2, is_public=False)
documents = factories.DocumentFactory.create_batch(2, is_public=True) factories.DocumentFactory.create_batch(2, is_public=True)
expected_ids = {str(document.id) for document in documents}
response = APIClient().get("/api/v1.0/documents/") response = APIClient().get("/api/v1.0/documents/")
assert response.status_code == HTTP_200_OK assert response.status_code == 200
results = response.json()["results"] assert response.json() == {
assert len(results) == 2 "count": 0,
results_id = {result["id"] for result in results} "next": None,
assert expected_ids == results_id "previous": None,
"results": [],
}
def test_api_documents_list_authenticated_direct(): def test_api_documents_list_authenticated_direct():
@@ -45,25 +45,23 @@ def test_api_documents_list_authenticated_direct():
access.document access.document
for access in factories.UserDocumentAccessFactory.create_batch(5, user=user) for access in factories.UserDocumentAccessFactory.create_batch(5, user=user)
] ]
public_documents = factories.DocumentFactory.create_batch(2, is_public=True) factories.DocumentFactory.create_batch(2, is_public=True)
factories.DocumentFactory.create_batch(2, is_public=False) factories.DocumentFactory.create_batch(2, is_public=False)
expected_ids = { expected_ids = {str(document.id) for document in related_documents}
str(document.id) for document in related_documents + public_documents
}
response = client.get( response = client.get(
"/api/v1.0/documents/", "/api/v1.0/documents/",
) )
assert response.status_code == HTTP_200_OK assert response.status_code == 200
results = response.json()["results"] results = response.json()["results"]
assert len(results) == 7 assert len(results) == 5
results_id = {result["id"] for result in results} results_id = {result["id"] for result in results}
assert expected_ids == results_id assert expected_ids == results_id
def test_api_documents_list_authenticated_via_team(mock_user_get_teams): def test_api_documents_list_authenticated_via_team(mock_user_teams):
""" """
Authenticated users should be able to list documents they are a Authenticated users should be able to list documents they are a
owner/administrator/member of via a team. owner/administrator/member of via a team.
@@ -73,7 +71,7 @@ def test_api_documents_list_authenticated_via_team(mock_user_get_teams):
client = APIClient() client = APIClient()
client.force_login(user) client.force_login(user)
mock_user_get_teams.return_value = ["team1", "team2", "unknown"] mock_user_teams.return_value = ["team1", "team2", "unknown"]
documents_team1 = [ documents_team1 = [
access.document access.document
@@ -83,19 +81,16 @@ def test_api_documents_list_authenticated_via_team(mock_user_get_teams):
access.document access.document
for access in factories.TeamDocumentAccessFactory.create_batch(3, team="team2") for access in factories.TeamDocumentAccessFactory.create_batch(3, team="team2")
] ]
public_documents = factories.DocumentFactory.create_batch(2, is_public=True) factories.DocumentFactory.create_batch(2, is_public=True)
factories.DocumentFactory.create_batch(2, is_public=False) factories.DocumentFactory.create_batch(2, is_public=False)
expected_ids = { expected_ids = {str(document.id) for document in documents_team1 + documents_team2}
str(document.id)
for document in documents_team1 + documents_team2 + public_documents
}
response = client.get("/api/v1.0/documents/") response = client.get("/api/v1.0/documents/")
assert response.status_code == HTTP_200_OK assert response.status_code == 200
results = response.json()["results"] results = response.json()["results"]
assert len(results) == 7 assert len(results) == 5
results_id = {result["id"] for result in results} results_id = {result["id"] for result in results}
assert expected_ids == results_id assert expected_ids == results_id
@@ -120,7 +115,7 @@ def test_api_documents_list_pagination(
"/api/v1.0/documents/", "/api/v1.0/documents/",
) )
assert response.status_code == HTTP_200_OK assert response.status_code == 200
content = response.json() content = response.json()
assert content["count"] == 3 assert content["count"] == 3
@@ -136,7 +131,7 @@ def test_api_documents_list_pagination(
"/api/v1.0/documents/?page=2", "/api/v1.0/documents/?page=2",
) )
assert response.status_code == HTTP_200_OK assert response.status_code == 200
content = response.json() content = response.json()
assert content["count"] == 3 assert content["count"] == 3
@@ -163,7 +158,7 @@ def test_api_documents_list_authenticated_distinct():
"/api/v1.0/documents/", "/api/v1.0/documents/",
) )
assert response.status_code == HTTP_200_OK assert response.status_code == 200
content = response.json() content = response.json()
assert len(content["results"]) == 1 assert len(content["results"]) == 1
assert content["results"][0]["id"] == str(document.id) assert content["results"][0]["id"] == str(document.id)
@@ -181,13 +176,13 @@ def test_api_documents_order_updated_at_desc_default():
documents_updated = [ documents_updated = [
document.updated_at.isoformat().replace("+00:00", "Z") document.updated_at.isoformat().replace("+00:00", "Z")
for document in factories.DocumentFactory.create_batch( for document in factories.DocumentFactory.create_batch(
5, is_public=True, updated_at=fake.date_time_this_year(before_now=False) 5, updated_at=fake.date_time_this_year(before_now=False), users=[user]
) )
] ]
documents_updated.sort(reverse=True) documents_updated.sort(reverse=True)
response = APIClient().get( response = client.get(
"/api/v1.0/documents/", "/api/v1.0/documents/",
) )
assert response.status_code == 200 assert response.status_code == 200
@@ -223,14 +218,14 @@ def test_api_documents_ordering_desc(ordering_field, factory_field):
if factory_field == "title": if factory_field == "title":
documents_field_values = [ documents_field_values = [
factories.DocumentFactory( factories.DocumentFactory(
is_public=True, title=fake.sentence(nb_words=4) title=fake.sentence(nb_words=4), users=[user]
).title ).title
for _ in range(5) for _ in range(5)
] ]
else: else:
documents_field_values = [ documents_field_values = [
getattr(document, factory_field).isoformat().replace("+00:00", "Z") getattr(document, factory_field).isoformat().replace("+00:00", "Z")
for document in factories.DocumentFactory.create_batch(5, is_public=True) for document in factories.DocumentFactory.create_batch(5, users=[user])
] ]
documents_field_values.sort(reverse=True) documents_field_values.sort(reverse=True)
@@ -273,14 +268,14 @@ def test_api_documents_ordering_asc(field):
if field == "title": if field == "title":
documents_field_values = [ documents_field_values = [
factories.DocumentFactory( factories.DocumentFactory(
is_public=True, title=fake.sentence(nb_words=4) users=[user], title=fake.sentence(nb_words=4)
).title ).title
for _ in range(5) for _ in range(5)
] ]
else: else:
documents_field_values = [ documents_field_values = [
getattr(document, field).isoformat().replace("+00:00", "Z") getattr(document, field).isoformat().replace("+00:00", "Z")
for document in factories.DocumentFactory.create_batch(5, is_public=True) for document in factories.DocumentFactory.create_batch(5, users=[user])
] ]
documents_field_values.sort() documents_field_values.sort()

28
src/backend/core/tests/documents/test_api_documents_retrieve.py
View File

@@ -103,8 +103,10 @@ def test_api_documents_retrieve_authenticated_unrelated_not_public():
response = client.get( response = client.get(
f"/api/v1.0/documents/{document.id!s}/", f"/api/v1.0/documents/{document.id!s}/",
) )
assert response.status_code == 404 assert response.status_code == 403
assert response.json() == {"detail": "No Document matches the given query."} assert response.json() == {
"detail": "You do not have permission to perform this action."
}
def test_api_documents_retrieve_authenticated_related_direct(): def test_api_documents_retrieve_authenticated_related_direct():
@@ -158,12 +160,12 @@ def test_api_documents_retrieve_authenticated_related_direct():
} }
def test_api_documents_retrieve_authenticated_related_team_none(mock_user_get_teams): def test_api_documents_retrieve_authenticated_related_team_none(mock_user_teams):
""" """
Authenticated users should not be able to retrieve a document related to teams in Authenticated users should not be able to retrieve a document related to teams in
which the user is not. which the user is not.
""" """
mock_user_get_teams.return_value = [] mock_user_teams.return_value = []
user = factories.UserFactory() user = factories.UserFactory()
@@ -186,8 +188,10 @@ def test_api_documents_retrieve_authenticated_related_team_none(mock_user_get_te
factories.TeamDocumentAccessFactory() factories.TeamDocumentAccessFactory()
response = client.get(f"/api/v1.0/documents/{document.id!s}/") response = client.get(f"/api/v1.0/documents/{document.id!s}/")
assert response.status_code == 404 assert response.status_code == 403
assert response.json() == {"detail": "No Document matches the given query."} assert response.json() == {
"detail": "You do not have permission to perform this action."
}
@pytest.mark.parametrize( @pytest.mark.parametrize(
@@ -200,13 +204,13 @@ def test_api_documents_retrieve_authenticated_related_team_none(mock_user_get_te
], ],
) )
def test_api_documents_retrieve_authenticated_related_team_members( def test_api_documents_retrieve_authenticated_related_team_members(
teams, mock_user_get_teams teams, mock_user_teams
): ):
""" """
Authenticated users should be allowed to retrieve a document to which they Authenticated users should be allowed to retrieve a document to which they
are related via a team whatever the role and see all its accesses. are related via a team whatever the role and see all its accesses.
""" """
mock_user_get_teams.return_value = teams mock_user_teams.return_value = teams
user = factories.UserFactory() user = factories.UserFactory()
@@ -302,13 +306,13 @@ def test_api_documents_retrieve_authenticated_related_team_members(
], ],
) )
def test_api_documents_retrieve_authenticated_related_team_administrators( def test_api_documents_retrieve_authenticated_related_team_administrators(
teams, mock_user_get_teams teams, mock_user_teams
): ):
""" """
Authenticated users should be allowed to retrieve a document to which they Authenticated users should be allowed to retrieve a document to which they
are related via a team whatever the role and see all its accesses. are related via a team whatever the role and see all its accesses.
""" """
mock_user_get_teams.return_value = teams mock_user_teams.return_value = teams
user = factories.UserFactory() user = factories.UserFactory()
@@ -422,13 +426,13 @@ def test_api_documents_retrieve_authenticated_related_team_administrators(
], ],
) )
def test_api_documents_retrieve_authenticated_related_team_owners( def test_api_documents_retrieve_authenticated_related_team_owners(
teams, mock_user_get_teams teams, mock_user_teams
): ):
""" """
Authenticated users should be allowed to retrieve a document to which they Authenticated users should be allowed to retrieve a document to which they
are related via a team whatever the role and see all its accesses. are related via a team whatever the role and see all its accesses.
""" """
mock_user_get_teams.return_value = teams mock_user_teams.return_value = teams
user = factories.UserFactory() user = factories.UserFactory()

4
src/backend/core/tests/documents/test_api_documents_retrieve_auth.py
View File

@@ -157,7 +157,7 @@ def test_api_documents_retrieve_auth_authenticated_not_public():
@pytest.mark.parametrize("is_public", [True, False]) @pytest.mark.parametrize("is_public", [True, False])
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_documents_retrieve_auth_related(via, is_public, mock_user_get_teams): def test_api_documents_retrieve_auth_related(via, is_public, mock_user_teams):
""" """
Users who have a role on a document, whatever the role, should be able to Users who have a role on a document, whatever the role, should be able to
retrieve related attachments. retrieve related attachments.
@@ -170,7 +170,7 @@ def test_api_documents_retrieve_auth_related(via, is_public, mock_user_get_teams
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user) factories.UserDocumentAccessFactory(document=document, user=user)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory(document=document, team="lasuite") factories.TeamDocumentAccessFactory(document=document, team="lasuite")
filename = f"{uuid.uuid4()!s}.jpg" filename = f"{uuid.uuid4()!s}.jpg"

24
src/backend/core/tests/documents/test_api_documents_update.py
View File

@@ -58,8 +58,10 @@ def test_api_documents_update_authenticated_unrelated():
format="json", format="json",
) )
assert response.status_code == 404 assert response.status_code == 403
assert response.json() == {"detail": "No Document matches the given query."} assert response.json() == {
"detail": "You do not have permission to perform this action."
}
document.refresh_from_db() document.refresh_from_db()
document_values = serializers.DocumentSerializer(instance=document).data document_values = serializers.DocumentSerializer(instance=document).data
@@ -67,7 +69,7 @@ def test_api_documents_update_authenticated_unrelated():
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_documents_update_authenticated_reader(via, mock_user_get_teams): def test_api_documents_update_authenticated_reader(via, mock_user_teams):
""" """
Users who are editors or reader of a document but not administrators should Users who are editors or reader of a document but not administrators should
not be allowed to update it. not be allowed to update it.
@@ -81,7 +83,7 @@ def test_api_documents_update_authenticated_reader(via, mock_user_get_teams):
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role="reader") factories.UserDocumentAccessFactory(document=document, user=user, role="reader")
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role="reader" document=document, team="lasuite", role="reader"
) )
@@ -110,7 +112,7 @@ def test_api_documents_update_authenticated_reader(via, mock_user_get_teams):
@pytest.mark.parametrize("role", ["editor", "administrator", "owner"]) @pytest.mark.parametrize("role", ["editor", "administrator", "owner"])
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_documents_update_authenticated_editor_administrator_or_owner( def test_api_documents_update_authenticated_editor_administrator_or_owner(
via, role, mock_user_get_teams via, role, mock_user_teams
): ):
"""A user who is editor, administrator or owner of a document should be allowed to update it.""" """A user who is editor, administrator or owner of a document should be allowed to update it."""
user = factories.UserFactory() user = factories.UserFactory()
@@ -122,7 +124,7 @@ def test_api_documents_update_authenticated_editor_administrator_or_owner(
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role=role) factories.UserDocumentAccessFactory(document=document, user=user, role=role)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role=role document=document, team="lasuite", role=role
) )
@@ -151,7 +153,7 @@ def test_api_documents_update_authenticated_editor_administrator_or_owner(
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_documents_update_authenticated_owners(via, mock_user_get_teams): def test_api_documents_update_authenticated_owners(via, mock_user_teams):
"""Administrators of a document should be allowed to update it.""" """Administrators of a document should be allowed to update it."""
user = factories.UserFactory() user = factories.UserFactory()
@@ -162,7 +164,7 @@ def test_api_documents_update_authenticated_owners(via, mock_user_get_teams):
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role="owner") factories.UserDocumentAccessFactory(document=document, user=user, role="owner")
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role="owner" document=document, team="lasuite", role="owner"
) )
@@ -190,9 +192,7 @@ def test_api_documents_update_authenticated_owners(via, mock_user_get_teams):
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_documents_update_administrator_or_owner_of_another( def test_api_documents_update_administrator_or_owner_of_another(via, mock_user_teams):
via, mock_user_get_teams
):
""" """
Being administrator or owner of a document should not grant authorization to update Being administrator or owner of a document should not grant authorization to update
another document. another document.
@@ -208,7 +208,7 @@ def test_api_documents_update_administrator_or_owner_of_another(
document=document, user=user, role=random.choice(["administrator", "owner"]) document=document, user=user, role=random.choice(["administrator", "owner"])
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, document=document,
team="lasuite", team="lasuite",

8
src/backend/core/tests/templates/test_api_templates_delete.py
View File

@@ -49,7 +49,7 @@ def test_api_templates_delete_authenticated_unrelated():
@pytest.mark.parametrize("role", ["reader", "editor", "administrator"]) @pytest.mark.parametrize("role", ["reader", "editor", "administrator"])
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_templates_delete_authenticated_member_or_administrator( def test_api_templates_delete_authenticated_member_or_administrator(
via, role, mock_user_get_teams via, role, mock_user_teams
): ):
""" """
Authenticated users should not be allowed to delete a template for which they are Authenticated users should not be allowed to delete a template for which they are
@@ -64,7 +64,7 @@ def test_api_templates_delete_authenticated_member_or_administrator(
if via == USER: if via == USER:
factories.UserTemplateAccessFactory(template=template, user=user, role=role) factories.UserTemplateAccessFactory(template=template, user=user, role=role)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory( factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role=role template=template, team="lasuite", role=role
) )
@@ -81,7 +81,7 @@ def test_api_templates_delete_authenticated_member_or_administrator(
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_templates_delete_authenticated_owner(via, mock_user_get_teams): def test_api_templates_delete_authenticated_owner(via, mock_user_teams):
""" """
Authenticated users should be able to delete a template they own. Authenticated users should be able to delete a template they own.
""" """
@@ -94,7 +94,7 @@ def test_api_templates_delete_authenticated_owner(via, mock_user_get_teams):
if via == USER: if via == USER:
factories.UserTemplateAccessFactory(template=template, user=user, role="owner") factories.UserTemplateAccessFactory(template=template, user=user, role="owner")
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory( factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role="owner" template=template, team="lasuite", role="owner"
) )

10
src/backend/core/tests/templates/test_api_templates_generate_document.py
View File

@@ -87,12 +87,14 @@ def test_api_templates_generate_document_authenticated_not_public():
format="json", format="json",
) )
assert response.status_code == 404 assert response.status_code == 403
assert response.json() == {"detail": "No Template matches the given query."} assert response.json() == {
"detail": "You do not have permission to perform this action."
}
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_templates_generate_document_related(via, mock_user_get_teams): def test_api_templates_generate_document_related(via, mock_user_teams):
"""Users related to a template can generate pdf document.""" """Users related to a template can generate pdf document."""
user = factories.UserFactory() user = factories.UserFactory()
@@ -102,7 +104,7 @@ def test_api_templates_generate_document_related(via, mock_user_get_teams):
if via == USER: if via == USER:
access = factories.UserTemplateAccessFactory(user=user) access = factories.UserTemplateAccessFactory(user=user)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
access = factories.TeamTemplateAccessFactory(team="lasuite") access = factories.TeamTemplateAccessFactory(team="lasuite")
data = {"body": "# Test markdown body"} data = {"body": "# Test markdown body"}

67
src/backend/core/tests/templates/test_api_templates_list.py
View File

@@ -6,7 +6,6 @@ from unittest import mock
import pytest import pytest
from rest_framework.pagination import PageNumberPagination from rest_framework.pagination import PageNumberPagination
from rest_framework.status import HTTP_200_OK
from rest_framework.test import APIClient from rest_framework.test import APIClient
from core import factories from core import factories
@@ -15,18 +14,15 @@ pytestmark = pytest.mark.django_db
def test_api_templates_list_anonymous(): def test_api_templates_list_anonymous():
"""Anonymous users should only be able to list public templates.""" """Anonymous users should not be able to list templates, public or not."""
factories.TemplateFactory.create_batch(2, is_public=False) factories.TemplateFactory.create_batch(2, is_public=False)
templates = factories.TemplateFactory.create_batch(2, is_public=True) factories.TemplateFactory.create_batch(2, is_public=True)
expected_ids = {str(template.id) for template in templates}
response = APIClient().get("/api/v1.0/templates/") response = APIClient().get("/api/v1.0/templates/")
assert response.status_code == HTTP_200_OK assert response.status_code == 200
results = response.json()["results"] results = response.json()["results"]
assert len(results) == 2 assert len(results) == 0
results_id = {result["id"] for result in results}
assert expected_ids == results_id
def test_api_templates_list_authenticated_direct(): def test_api_templates_list_authenticated_direct():
@@ -43,25 +39,23 @@ def test_api_templates_list_authenticated_direct():
access.template access.template
for access in factories.UserTemplateAccessFactory.create_batch(5, user=user) for access in factories.UserTemplateAccessFactory.create_batch(5, user=user)
] ]
public_templates = factories.TemplateFactory.create_batch(2, is_public=True) factories.TemplateFactory.create_batch(2, is_public=True)
factories.TemplateFactory.create_batch(2, is_public=False) factories.TemplateFactory.create_batch(2, is_public=False)
expected_ids = { expected_ids = {str(template.id) for template in related_templates}
str(template.id) for template in related_templates + public_templates
}
response = client.get( response = client.get(
"/api/v1.0/templates/", "/api/v1.0/templates/",
) )
assert response.status_code == HTTP_200_OK assert response.status_code == 200
results = response.json()["results"] results = response.json()["results"]
assert len(results) == 7 assert len(results) == 5
results_id = {result["id"] for result in results} results_id = {result["id"] for result in results}
assert expected_ids == results_id assert expected_ids == results_id
def test_api_templates_list_authenticated_via_team(mock_user_get_teams): def test_api_templates_list_authenticated_via_team(mock_user_teams):
""" """
Authenticated users should be able to list templates they are a Authenticated users should be able to list templates they are a
owner/administrator/member of via a team. owner/administrator/member of via a team.
@@ -71,7 +65,7 @@ def test_api_templates_list_authenticated_via_team(mock_user_get_teams):
client = APIClient() client = APIClient()
client.force_login(user) client.force_login(user)
mock_user_get_teams.return_value = ["team1", "team2", "unknown"] mock_user_teams.return_value = ["team1", "team2", "unknown"]
templates_team1 = [ templates_team1 = [
access.template access.template
@@ -81,19 +75,16 @@ def test_api_templates_list_authenticated_via_team(mock_user_get_teams):
access.template access.template
for access in factories.TeamTemplateAccessFactory.create_batch(3, team="team2") for access in factories.TeamTemplateAccessFactory.create_batch(3, team="team2")
] ]
public_templates = factories.TemplateFactory.create_batch(2, is_public=True) factories.TemplateFactory.create_batch(2, is_public=True)
factories.TemplateFactory.create_batch(2, is_public=False) factories.TemplateFactory.create_batch(2, is_public=False)
expected_ids = { expected_ids = {str(template.id) for template in templates_team1 + templates_team2}
str(template.id)
for template in templates_team1 + templates_team2 + public_templates
}
response = client.get("/api/v1.0/templates/") response = client.get("/api/v1.0/templates/")
assert response.status_code == HTTP_200_OK assert response.status_code == 200
results = response.json()["results"] results = response.json()["results"]
assert len(results) == 7 assert len(results) == 5
results_id = {result["id"] for result in results} results_id = {result["id"] for result in results}
assert expected_ids == results_id assert expected_ids == results_id
@@ -118,7 +109,7 @@ def test_api_templates_list_pagination(
"/api/v1.0/templates/", "/api/v1.0/templates/",
) )
assert response.status_code == HTTP_200_OK assert response.status_code == 200
content = response.json() content = response.json()
assert content["count"] == 3 assert content["count"] == 3
@@ -134,7 +125,7 @@ def test_api_templates_list_pagination(
"/api/v1.0/templates/?page=2", "/api/v1.0/templates/?page=2",
) )
assert response.status_code == HTTP_200_OK assert response.status_code == 200
content = response.json() content = response.json()
assert content["count"] == 3 assert content["count"] == 3
@@ -161,26 +152,24 @@ def test_api_templates_list_authenticated_distinct():
"/api/v1.0/templates/", "/api/v1.0/templates/",
) )
assert response.status_code == HTTP_200_OK assert response.status_code == 200
content = response.json() content = response.json()
assert len(content["results"]) == 1 assert len(content["results"]) == 1
assert content["results"][0]["id"] == str(template.id) assert content["results"][0]["id"] == str(template.id)
def test_api_templates_order(): def test_api_templates_list_order_default():
""" """The templates list should be sorted by 'created_at' in descending order by default."""
Test that the endpoint GET templates is sorted in 'created_at' descending order by default.
"""
user = factories.UserFactory() user = factories.UserFactory()
client = APIClient() client = APIClient()
client.force_login(user) client.force_login(user)
template_ids = [ template_ids = [
str(template.id) str(access.template.id)
for template in factories.TemplateFactory.create_batch(5, is_public=True) for access in factories.UserTemplateAccessFactory.create_batch(5, user=user)
] ]
response = APIClient().get( response = client.get(
"/api/v1.0/templates/", "/api/v1.0/templates/",
) )
@@ -195,21 +184,21 @@ def test_api_templates_order():
), "created_at values are not sorted from newest to oldest" ), "created_at values are not sorted from newest to oldest"
def test_api_templates_order_param(): def test_api_templates_list_order_param():
""" """
Test that the 'created_at' field is sorted in ascending order The templates list is sorted by 'created_at' in ascending order when setting
when the 'ordering' query parameter is set. the "ordering" query parameter.
""" """
user = factories.UserFactory() user = factories.UserFactory()
client = APIClient() client = APIClient()
client.force_login(user) client.force_login(user)
templates_ids = [ templates_ids = [
str(template.id) str(access.template.id)
for template in factories.TemplateFactory.create_batch(5, is_public=True) for access in factories.UserTemplateAccessFactory.create_batch(5, user=user)
] ]
response = APIClient().get( response = client.get(
"/api/v1.0/templates/?ordering=created_at", "/api/v1.0/templates/?ordering=created_at",
) )
assert response.status_code == 200 assert response.status_code == 200

28
src/backend/core/tests/templates/test_api_templates_retrieve.py
View File

@@ -94,8 +94,10 @@ def test_api_templates_retrieve_authenticated_unrelated_not_public():
response = client.get( response = client.get(
f"/api/v1.0/templates/{template.id!s}/", f"/api/v1.0/templates/{template.id!s}/",
) )
assert response.status_code == 404 assert response.status_code == 403
assert response.json() == {"detail": "No Template matches the given query."} assert response.json() == {
"detail": "You do not have permission to perform this action."
}
def test_api_templates_retrieve_authenticated_related_direct(): def test_api_templates_retrieve_authenticated_related_direct():
@@ -146,12 +148,12 @@ def test_api_templates_retrieve_authenticated_related_direct():
} }
def test_api_templates_retrieve_authenticated_related_team_none(mock_user_get_teams): def test_api_templates_retrieve_authenticated_related_team_none(mock_user_teams):
""" """
Authenticated users should not be able to retrieve a template related to teams in Authenticated users should not be able to retrieve a template related to teams in
which the user is not. which the user is not.
""" """
mock_user_get_teams.return_value = [] mock_user_teams.return_value = []
user = factories.UserFactory() user = factories.UserFactory()
@@ -174,8 +176,10 @@ def test_api_templates_retrieve_authenticated_related_team_none(mock_user_get_te
factories.TeamTemplateAccessFactory() factories.TeamTemplateAccessFactory()
response = client.get(f"/api/v1.0/templates/{template.id!s}/") response = client.get(f"/api/v1.0/templates/{template.id!s}/")
assert response.status_code == 404 assert response.status_code == 403
assert response.json() == {"detail": "No Template matches the given query."} assert response.json() == {
"detail": "You do not have permission to perform this action."
}
@pytest.mark.parametrize( @pytest.mark.parametrize(
@@ -188,13 +192,13 @@ def test_api_templates_retrieve_authenticated_related_team_none(mock_user_get_te
], ],
) )
def test_api_templates_retrieve_authenticated_related_team_readers_or_editors( def test_api_templates_retrieve_authenticated_related_team_readers_or_editors(
teams, mock_user_get_teams teams, mock_user_teams
): ):
""" """
Authenticated users should be allowed to retrieve a template to which they Authenticated users should be allowed to retrieve a template to which they
are related via a team whatever the role and see all its accesses. are related via a team whatever the role and see all its accesses.
""" """
mock_user_get_teams.return_value = teams mock_user_teams.return_value = teams
user = factories.UserFactory() user = factories.UserFactory()
@@ -287,13 +291,13 @@ def test_api_templates_retrieve_authenticated_related_team_readers_or_editors(
], ],
) )
def test_api_templates_retrieve_authenticated_related_team_administrators( def test_api_templates_retrieve_authenticated_related_team_administrators(
teams, mock_user_get_teams teams, mock_user_teams
): ):
""" """
Authenticated users should be allowed to retrieve a template to which they Authenticated users should be allowed to retrieve a template to which they
are related via a team whatever the role and see all its accesses. are related via a team whatever the role and see all its accesses.
""" """
mock_user_get_teams.return_value = teams mock_user_teams.return_value = teams
user = factories.UserFactory() user = factories.UserFactory()
@@ -405,13 +409,13 @@ def test_api_templates_retrieve_authenticated_related_team_administrators(
], ],
) )
def test_api_templates_retrieve_authenticated_related_team_owners( def test_api_templates_retrieve_authenticated_related_team_owners(
teams, mock_user_get_teams teams, mock_user_teams
): ):
""" """
Authenticated users should be allowed to retrieve a template to which they Authenticated users should be allowed to retrieve a template to which they
are related via a team whatever the role and see all its accesses. are related via a team whatever the role and see all its accesses.
""" """
mock_user_get_teams.return_value = teams mock_user_teams.return_value = teams
user = factories.UserFactory() user = factories.UserFactory()

24
src/backend/core/tests/templates/test_api_templates_update.py
View File

@@ -58,8 +58,10 @@ def test_api_templates_update_authenticated_unrelated():
format="json", format="json",
) )
assert response.status_code == 404 assert response.status_code == 403
assert response.json() == {"detail": "No Template matches the given query."} assert response.json() == {
"detail": "You do not have permission to perform this action."
}
template.refresh_from_db() template.refresh_from_db()
template_values = serializers.TemplateSerializer(instance=template).data template_values = serializers.TemplateSerializer(instance=template).data
@@ -67,7 +69,7 @@ def test_api_templates_update_authenticated_unrelated():
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_templates_update_authenticated_readers(via, mock_user_get_teams): def test_api_templates_update_authenticated_readers(via, mock_user_teams):
""" """
Users who are readers of a template should not be allowed to update it. Users who are readers of a template should not be allowed to update it.
""" """
@@ -80,7 +82,7 @@ def test_api_templates_update_authenticated_readers(via, mock_user_get_teams):
if via == USER: if via == USER:
factories.UserTemplateAccessFactory(template=template, user=user, role="reader") factories.UserTemplateAccessFactory(template=template, user=user, role="reader")
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory( factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role="reader" template=template, team="lasuite", role="reader"
) )
@@ -109,7 +111,7 @@ def test_api_templates_update_authenticated_readers(via, mock_user_get_teams):
@pytest.mark.parametrize("role", ["editor", "administrator", "owner"]) @pytest.mark.parametrize("role", ["editor", "administrator", "owner"])
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_templates_update_authenticated_editor_or_administrator_or_owner( def test_api_templates_update_authenticated_editor_or_administrator_or_owner(
via, role, mock_user_get_teams via, role, mock_user_teams
): ):
"""Administrator or owner of a template should be allowed to update it.""" """Administrator or owner of a template should be allowed to update it."""
user = factories.UserFactory() user = factories.UserFactory()
@@ -121,7 +123,7 @@ def test_api_templates_update_authenticated_editor_or_administrator_or_owner(
if via == USER: if via == USER:
factories.UserTemplateAccessFactory(template=template, user=user, role=role) factories.UserTemplateAccessFactory(template=template, user=user, role=role)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory( factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role=role template=template, team="lasuite", role=role
) )
@@ -148,7 +150,7 @@ def test_api_templates_update_authenticated_editor_or_administrator_or_owner(
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_templates_update_authenticated_owners(via, mock_user_get_teams): def test_api_templates_update_authenticated_owners(via, mock_user_teams):
"""Administrators of a template should be allowed to update it.""" """Administrators of a template should be allowed to update it."""
user = factories.UserFactory() user = factories.UserFactory()
@@ -159,7 +161,7 @@ def test_api_templates_update_authenticated_owners(via, mock_user_get_teams):
if via == USER: if via == USER:
factories.UserTemplateAccessFactory(template=template, user=user, role="owner") factories.UserTemplateAccessFactory(template=template, user=user, role="owner")
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory( factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role="owner" template=template, team="lasuite", role="owner"
) )
@@ -185,9 +187,7 @@ def test_api_templates_update_authenticated_owners(via, mock_user_get_teams):
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_templates_update_administrator_or_owner_of_another( def test_api_templates_update_administrator_or_owner_of_another(via, mock_user_teams):
via, mock_user_get_teams
):
""" """
Being administrator or owner of a template should not grant authorization to update Being administrator or owner of a template should not grant authorization to update
another template. another template.
@@ -203,7 +203,7 @@ def test_api_templates_update_administrator_or_owner_of_another(
template=template, user=user, role=random.choice(["administrator", "owner"]) template=template, user=user, role=random.choice(["administrator", "owner"])
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory( factories.TeamTemplateAccessFactory(
template=template, template=template,
team="lasuite", team="lasuite",

70
src/backend/core/tests/test_api_template_accesses.py
View File

@@ -57,7 +57,7 @@ def test_api_template_accesses_list_authenticated_unrelated():
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_template_accesses_list_authenticated_related(via, mock_user_get_teams): def test_api_template_accesses_list_authenticated_related(via, mock_user_teams):
""" """
Authenticated users should be able to list template accesses for a template Authenticated users should be able to list template accesses for a template
to which they are directly related, whatever their role in the template. to which they are directly related, whatever their role in the template.
@@ -76,7 +76,7 @@ def test_api_template_accesses_list_authenticated_related(via, mock_user_get_tea
role=random.choice(models.RoleChoices.choices)[0], role=random.choice(models.RoleChoices.choices)[0],
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
user_access = models.TemplateAccess.objects.create( user_access = models.TemplateAccess.objects.create(
template=template, template=template,
team="lasuite", team="lasuite",
@@ -178,7 +178,7 @@ def test_api_template_accesses_retrieve_authenticated_unrelated():
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_template_accesses_retrieve_authenticated_related(via, mock_user_get_teams): def test_api_template_accesses_retrieve_authenticated_related(via, mock_user_teams):
""" """
A user who is related to a template should be allowed to retrieve the A user who is related to a template should be allowed to retrieve the
associated template user accesses. associated template user accesses.
@@ -192,7 +192,7 @@ def test_api_template_accesses_retrieve_authenticated_related(via, mock_user_get
if via == USER: if via == USER:
factories.UserTemplateAccessFactory(template=template, user=user) factories.UserTemplateAccessFactory(template=template, user=user)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory(template=template, team="lasuite") factories.TeamTemplateAccessFactory(template=template, team="lasuite")
access = factories.UserTemplateAccessFactory(template=template) access = factories.UserTemplateAccessFactory(template=template)
@@ -261,7 +261,7 @@ def test_api_template_accesses_create_authenticated_unrelated():
@pytest.mark.parametrize("role", ["reader", "editor"]) @pytest.mark.parametrize("role", ["reader", "editor"])
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_template_accesses_create_authenticated_editor_or_reader( def test_api_template_accesses_create_authenticated_editor_or_reader(
via, role, mock_user_get_teams via, role, mock_user_teams
): ):
"""Editors or readers of a template should not be allowed to create template accesses.""" """Editors or readers of a template should not be allowed to create template accesses."""
user = factories.UserFactory() user = factories.UserFactory()
@@ -273,7 +273,7 @@ def test_api_template_accesses_create_authenticated_editor_or_reader(
if via == USER: if via == USER:
factories.UserTemplateAccessFactory(template=template, user=user, role=role) factories.UserTemplateAccessFactory(template=template, user=user, role=role)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory( factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role=role template=template, team="lasuite", role=role
) )
@@ -296,9 +296,7 @@ def test_api_template_accesses_create_authenticated_editor_or_reader(
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_template_accesses_create_authenticated_administrator( def test_api_template_accesses_create_authenticated_administrator(via, mock_user_teams):
via, mock_user_get_teams
):
""" """
Administrators of a template should be able to create template accesses Administrators of a template should be able to create template accesses
except for the "owner" role. except for the "owner" role.
@@ -314,7 +312,7 @@ def test_api_template_accesses_create_authenticated_administrator(
template=template, user=user, role="administrator" template=template, user=user, role="administrator"
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory( factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role="administrator" template=template, team="lasuite", role="administrator"
) )
@@ -363,7 +361,7 @@ def test_api_template_accesses_create_authenticated_administrator(
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_template_accesses_create_authenticated_owner(via, mock_user_get_teams): def test_api_template_accesses_create_authenticated_owner(via, mock_user_teams):
""" """
Owners of a template should be able to create template accesses whatever the role. Owners of a template should be able to create template accesses whatever the role.
""" """
@@ -376,7 +374,7 @@ def test_api_template_accesses_create_authenticated_owner(via, mock_user_get_tea
if via == USER: if via == USER:
factories.UserTemplateAccessFactory(template=template, user=user, role="owner") factories.UserTemplateAccessFactory(template=template, user=user, role="owner")
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory( factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role="owner" template=template, team="lasuite", role="owner"
) )
@@ -466,7 +464,7 @@ def test_api_template_accesses_update_authenticated_unrelated():
@pytest.mark.parametrize("role", ["reader", "editor"]) @pytest.mark.parametrize("role", ["reader", "editor"])
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_template_accesses_update_authenticated_editor_or_reader( def test_api_template_accesses_update_authenticated_editor_or_reader(
via, role, mock_user_get_teams via, role, mock_user_teams
): ):
"""Editors or readers of a template should not be allowed to update its accesses.""" """Editors or readers of a template should not be allowed to update its accesses."""
user = factories.UserFactory() user = factories.UserFactory()
@@ -478,7 +476,7 @@ def test_api_template_accesses_update_authenticated_editor_or_reader(
if via == USER: if via == USER:
factories.UserTemplateAccessFactory(template=template, user=user, role=role) factories.UserTemplateAccessFactory(template=template, user=user, role=role)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory( factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role=role template=template, team="lasuite", role=role
) )
@@ -506,9 +504,7 @@ def test_api_template_accesses_update_authenticated_editor_or_reader(
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_template_accesses_update_administrator_except_owner( def test_api_template_accesses_update_administrator_except_owner(via, mock_user_teams):
via, mock_user_get_teams
):
""" """
A user who is a direct administrator in a template should be allowed to update a user A user who is a direct administrator in a template should be allowed to update a user
access for this template, as long as they don't try to set the role to owner. access for this template, as long as they don't try to set the role to owner.
@@ -524,7 +520,7 @@ def test_api_template_accesses_update_administrator_except_owner(
template=template, user=user, role="administrator" template=template, user=user, role="administrator"
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory( factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role="administrator" template=template, team="lasuite", role="administrator"
) )
@@ -565,9 +561,7 @@ def test_api_template_accesses_update_administrator_except_owner(
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_template_accesses_update_administrator_from_owner( def test_api_template_accesses_update_administrator_from_owner(via, mock_user_teams):
via, mock_user_get_teams
):
""" """
A user who is an administrator in a template, should not be allowed to update A user who is an administrator in a template, should not be allowed to update
the user access of an "owner" for this template. the user access of an "owner" for this template.
@@ -583,7 +577,7 @@ def test_api_template_accesses_update_administrator_from_owner(
template=template, user=user, role="administrator" template=template, user=user, role="administrator"
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory( factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role="administrator" template=template, team="lasuite", role="administrator"
) )
@@ -614,7 +608,7 @@ def test_api_template_accesses_update_administrator_from_owner(
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_template_accesses_update_administrator_to_owner(via, mock_user_get_teams): def test_api_template_accesses_update_administrator_to_owner(via, mock_user_teams):
""" """
A user who is an administrator in a template, should not be allowed to update A user who is an administrator in a template, should not be allowed to update
the user access of another user to grant template ownership. the user access of another user to grant template ownership.
@@ -630,7 +624,7 @@ def test_api_template_accesses_update_administrator_to_owner(via, mock_user_get_
template=template, user=user, role="administrator" template=template, user=user, role="administrator"
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory( factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role="administrator" template=template, team="lasuite", role="administrator"
) )
@@ -668,7 +662,7 @@ def test_api_template_accesses_update_administrator_to_owner(via, mock_user_get_
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_template_accesses_update_owner(via, mock_user_get_teams): def test_api_template_accesses_update_owner(via, mock_user_teams):
""" """
A user who is an owner in a template should be allowed to update A user who is an owner in a template should be allowed to update
a user access for this template whatever the role. a user access for this template whatever the role.
@@ -682,7 +676,7 @@ def test_api_template_accesses_update_owner(via, mock_user_get_teams):
if via == USER: if via == USER:
factories.UserTemplateAccessFactory(template=template, user=user, role="owner") factories.UserTemplateAccessFactory(template=template, user=user, role="owner")
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory( factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role="owner" template=template, team="lasuite", role="owner"
) )
@@ -724,7 +718,7 @@ def test_api_template_accesses_update_owner(via, mock_user_get_teams):
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_template_accesses_update_owner_self(via, mock_user_get_teams): def test_api_template_accesses_update_owner_self(via, mock_user_teams):
""" """
A user who is owner of a template should be allowed to update A user who is owner of a template should be allowed to update
their own user access provided there are other owners in the template. their own user access provided there are other owners in the template.
@@ -741,7 +735,7 @@ def test_api_template_accesses_update_owner_self(via, mock_user_get_teams):
template=template, user=user, role="owner" template=template, user=user, role="owner"
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
access = factories.TeamTemplateAccessFactory( access = factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role="owner" template=template, team="lasuite", role="owner"
) )
@@ -810,7 +804,7 @@ def test_api_template_accesses_delete_authenticated():
@pytest.mark.parametrize("role", ["reader", "editor"]) @pytest.mark.parametrize("role", ["reader", "editor"])
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_template_accesses_delete_editor_or_reader(via, role, mock_user_get_teams): def test_api_template_accesses_delete_editor_or_reader(via, role, mock_user_teams):
""" """
Authenticated users should not be allowed to delete a template access for a Authenticated users should not be allowed to delete a template access for a
template in which they are a simple editor or reader. template in which they are a simple editor or reader.
@@ -824,7 +818,7 @@ def test_api_template_accesses_delete_editor_or_reader(via, role, mock_user_get_
if via == USER: if via == USER:
factories.UserTemplateAccessFactory(template=template, user=user, role=role) factories.UserTemplateAccessFactory(template=template, user=user, role=role)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory( factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role=role template=template, team="lasuite", role=role
) )
@@ -844,7 +838,7 @@ def test_api_template_accesses_delete_editor_or_reader(via, role, mock_user_get_
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_template_accesses_delete_administrators_except_owners( def test_api_template_accesses_delete_administrators_except_owners(
via, mock_user_get_teams via, mock_user_teams
): ):
""" """
Users who are administrators in a template should be allowed to delete an access Users who are administrators in a template should be allowed to delete an access
@@ -861,7 +855,7 @@ def test_api_template_accesses_delete_administrators_except_owners(
template=template, user=user, role="administrator" template=template, user=user, role="administrator"
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory( factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role="administrator" template=template, team="lasuite", role="administrator"
) )
@@ -882,7 +876,7 @@ def test_api_template_accesses_delete_administrators_except_owners(
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_template_accesses_delete_administrator_on_owners(via, mock_user_get_teams): def test_api_template_accesses_delete_administrator_on_owners(via, mock_user_teams):
""" """
Users who are administrators in a template should not be allowed to delete an ownership Users who are administrators in a template should not be allowed to delete an ownership
access from the template. access from the template.
@@ -898,7 +892,7 @@ def test_api_template_accesses_delete_administrator_on_owners(via, mock_user_get
template=template, user=user, role="administrator" template=template, user=user, role="administrator"
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory( factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role="administrator" template=template, team="lasuite", role="administrator"
) )
@@ -917,7 +911,7 @@ def test_api_template_accesses_delete_administrator_on_owners(via, mock_user_get
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_template_accesses_delete_owners(via, mock_user_get_teams): def test_api_template_accesses_delete_owners(via, mock_user_teams):
""" """
Users should be able to delete the template access of another user Users should be able to delete the template access of another user
for a template of which they are owner. for a template of which they are owner.
@@ -931,7 +925,7 @@ def test_api_template_accesses_delete_owners(via, mock_user_get_teams):
if via == USER: if via == USER:
factories.UserTemplateAccessFactory(template=template, user=user, role="owner") factories.UserTemplateAccessFactory(template=template, user=user, role="owner")
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory( factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role="owner" template=template, team="lasuite", role="owner"
) )
@@ -950,7 +944,7 @@ def test_api_template_accesses_delete_owners(via, mock_user_get_teams):
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_api_template_accesses_delete_owners_last_owner(via, mock_user_get_teams): def test_api_template_accesses_delete_owners_last_owner(via, mock_user_teams):
""" """
It should not be possible to delete the last owner access from a template It should not be possible to delete the last owner access from a template
""" """
@@ -966,7 +960,7 @@ def test_api_template_accesses_delete_owners_last_owner(via, mock_user_get_teams
template=template, user=user, role="owner" template=template, user=user, role="owner"
) )
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
access = factories.TeamTemplateAccessFactory( access = factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role="owner" template=template, team="lasuite", role="owner"
) )

12
src/backend/core/tests/test_models_invitations.py
View File

@@ -189,7 +189,7 @@ def test_models_document_invitations_get_abilities_authenticated():
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
@pytest.mark.parametrize("role", ["administrator", "owner"]) @pytest.mark.parametrize("role", ["administrator", "owner"])
def test_models_document_invitations_get_abilities_privileged_member( def test_models_document_invitations_get_abilities_privileged_member(
role, via, mock_user_get_teams role, via, mock_user_teams
): ):
"""Check abilities for a document member with a privileged role.""" """Check abilities for a document member with a privileged role."""
@@ -198,7 +198,7 @@ def test_models_document_invitations_get_abilities_privileged_member(
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role=role) factories.UserDocumentAccessFactory(document=document, user=user, role=role)
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role=role document=document, team="lasuite", role=role
) )
@@ -217,7 +217,7 @@ def test_models_document_invitations_get_abilities_privileged_member(
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_models_document_invitations_get_abilities_reader(via, mock_user_get_teams): def test_models_document_invitations_get_abilities_reader(via, mock_user_teams):
"""Check abilities for a document reader with 'reader' role.""" """Check abilities for a document reader with 'reader' role."""
user = factories.UserFactory() user = factories.UserFactory()
@@ -225,7 +225,7 @@ def test_models_document_invitations_get_abilities_reader(via, mock_user_get_tea
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role="reader") factories.UserDocumentAccessFactory(document=document, user=user, role="reader")
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role="reader" document=document, team="lasuite", role="reader"
) )
@@ -242,7 +242,7 @@ def test_models_document_invitations_get_abilities_reader(via, mock_user_get_tea
@pytest.mark.parametrize("via", VIA) @pytest.mark.parametrize("via", VIA)
def test_models_document_invitations_get_abilities_editor(via, mock_user_get_teams): def test_models_document_invitations_get_abilities_editor(via, mock_user_teams):
"""Check abilities for a document editor with 'editor' role.""" """Check abilities for a document editor with 'editor' role."""
user = factories.UserFactory() user = factories.UserFactory()
@@ -250,7 +250,7 @@ def test_models_document_invitations_get_abilities_editor(via, mock_user_get_tea
if via == USER: if via == USER:
factories.UserDocumentAccessFactory(document=document, user=user, role="editor") factories.UserDocumentAccessFactory(document=document, user=user, role="editor")
elif via == TEAM: elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory( factories.TeamDocumentAccessFactory(
document=document, team="lasuite", role="editor" document=document, team="lasuite", role="editor"
) )