✨(mail) manage mailboxes permissions

Manage create and list permissions for all roles.
2024-08-06 00:04:51 +02:00
parent 87e7d3e0b1
commit b637774179
8 changed files with 236 additions and 63 deletions
--- a/src/backend/mailbox_manager/tests/test_models_maildomain.py
+++ b/src/backend/mailbox_manager/tests/test_models_maildomain.py
@@ -2,12 +2,15 @@
 Unit tests for the MailDomain model
 """

+from django.contrib.auth.models import AnonymousUser
 from django.core.exceptions import ValidationError
 from django.utils.text import slugify

 import pytest

-from mailbox_manager import factories
+from core import factories as core_factories
+
+from mailbox_manager import enums, factories

 pytestmark = pytest.mark.django_db

@@ -32,3 +35,76 @@ def test_models_mail_domain__slug_inferred_from_name():
    name = "N3w_D0main-Name$.com"
    domain = factories.MailDomainFactory(name=name, slug="something else")
    assert domain.slug == slugify(name)
+
+
+# get_abilities
+
+
+def test_models_maildomains_get_abilities_anonymous():
+    """Check abilities returned for an anonymous user."""
+    maildomain = factories.MailDomainFactory()
+    abilities = maildomain.get_abilities(AnonymousUser())
+    assert abilities == {
+        "delete": False,
+        "get": False,
+        "patch": False,
+        "put": False,
+        "post": False,
+        "manage_accesses": False,
+    }
+
+
+def test_models_maildomains_get_abilities_authenticated():
+    """Check abilities returned for an authenticated user."""
+    maildomain = factories.MailDomainFactory()
+    abilities = maildomain.get_abilities(core_factories.UserFactory())
+    assert abilities == {
+        "delete": False,
+        "get": False,
+        "patch": False,
+        "put": False,
+        "post": False,
+        "manage_accesses": False,
+    }
+
+
+def test_models_maildomains_get_abilities_owner():
+    """Check abilities returned for the owner of a maildomain."""
+    access = factories.MailDomainAccessFactory(role=enums.MailDomainRoleChoices.OWNER)
+    abilities = access.domain.get_abilities(access.user)
+    assert abilities == {
+        "delete": True,
+        "get": True,
+        "patch": True,
+        "put": True,
+        "post": True,
+        "manage_accesses": True,
+    }
+
+
+def test_models_maildomains_get_abilities_administrator():
+    """Check abilities returned for the administrator of a maildomain."""
+    access = factories.MailDomainAccessFactory(role=enums.MailDomainRoleChoices.ADMIN)
+    abilities = access.domain.get_abilities(access.user)
+    assert abilities == {
+        "delete": False,
+        "get": True,
+        "patch": True,
+        "put": True,
+        "post": True,
+        "manage_accesses": True,
+    }
+
+
+def test_models_maildomains_get_abilities_viewer():
+    """Check abilities returned for the member of a mail domain. It's a viewer role."""
+    access = factories.MailDomainAccessFactory(role=enums.MailDomainRoleChoices.VIEWER)
+    abilities = access.domain.get_abilities(access.user)
+    assert abilities == {
+        "delete": False,
+        "get": True,
+        "patch": False,
+        "put": False,
+        "post": False,
+        "manage_accesses": False,
+    }