From e9482a985f9080a775fe16298275b9b8bac5bd29 Mon Sep 17 00:00:00 2001 From: Lebaud Antoine Date: Wed, 6 Mar 2024 19:17:02 +0100 Subject: [PATCH] =?UTF-8?q?=E2=9C=85(backend)=20enhance=20tests=20when=20l?= =?UTF-8?q?isting=20team=20accesses?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Abilities on team accesses are computed based on request user role. Thus, members' roles in relation with user's role matters a lot, to ensure the abilities were correctly computed. Complexified the test that lists team accesses while being authenticated. More members are added to the team with privileged roles. The user is added last to the less with the less privileged role, "member". Order matters, because when computing the sub query to determine user's role within the team, code use the first result value to set the role to compute abilities. --- .../test_api_team_accesses_list.py | 37 ++++++++++++++----- 1 file changed, 27 insertions(+), 10 deletions(-) diff --git a/src/backend/core/tests/team_accesses/test_api_team_accesses_list.py b/src/backend/core/tests/team_accesses/test_api_team_accesses_list.py index bb623ce..5897555 100644 --- a/src/backend/core/tests/team_accesses/test_api_team_accesses_list.py +++ b/src/backend/core/tests/team_accesses/test_api_team_accesses_list.py @@ -54,20 +54,27 @@ def test_api_team_accesses_list_authenticated_unrelated(): def test_api_team_accesses_list_authenticated_related(): """ Authenticated users should be able to list team accesses for a team - to which they are related, whatever their role in the team. + to which they are related, with a given role. """ identity = factories.IdentityFactory(is_main=True) user = identity.user team = factories.TeamFactory() - user_access = models.TeamAccess.objects.create(team=team, user=user) # random role - # other team members should appear - other_member = factories.UserFactory() - other_member_identity = factories.IdentityFactory(is_main=True, user=other_member) - access1 = factories.TeamAccessFactory.create(team=team, user=other_member) + owner = factories.IdentityFactory(is_main=True) + access1 = factories.TeamAccessFactory.create( + team=team, user=owner.user, role="owner" + ) - # Accesses for other teams to which the user is related should not be listed either + administrator = factories.IdentityFactory(is_main=True) + access2 = factories.TeamAccessFactory.create( + team=team, user=administrator.user, role="administrator" + ) + + # Ensure this user's role is different from other team members to test abilities' computation + user_access = models.TeamAccess.objects.create(team=team, user=user, role="member") + + # Grant other team accesses to the user, they should not be listed either other_access = factories.TeamAccessFactory(user=user) factories.TeamAccessFactory(team=other_access.team) @@ -78,7 +85,7 @@ def test_api_team_accesses_list_authenticated_related(): ) assert response.status_code == 200 - assert response.json()["count"] == 2 + assert response.json()["count"] == 3 assert sorted(response.json()["results"], key=lambda x: x["id"]) == sorted( [ { @@ -95,12 +102,22 @@ def test_api_team_accesses_list_authenticated_related(): "id": str(access1.id), "user": { "id": str(access1.user.id), - "email": str(other_member_identity.email), - "name": str(other_member_identity.name), + "email": str(owner.email), + "name": str(owner.name), }, "role": str(access1.role), "abilities": access1.get_abilities(user), }, + { + "id": str(access2.id), + "user": { + "id": str(access2.user.id), + "email": str(administrator.email), + "name": str(administrator.name), + }, + "role": str(access2.role), + "abilities": access2.get_abilities(user), + }, ], key=lambda x: x["id"], )