logos-co
/
open-law
mirror of https://github.com/logos-co/open-law.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
open-law/tests/test_permissions.py

289 lines
8.9 KiB
Python
Raw Normal View History

connected permissions checks and testing editor access
2023-05-31 11:18:11 +00:00
from random import randint
from flask import current_app as Response, url_for
from flask.testing import FlaskClient, FlaskCliRunner
from app import models as m, db
from app.controllers.create_access_groups import create_moderator_group
from tests.utils import (
login,
logout,
check_if_nested_book_entities_is_deleted,
check_if_nested_collection_entities_is_deleted,
check_if_nested_section_entities_is_deleted,
check_if_nested_interpretation_entities_is_deleted,
create_test_book,
)
def create_book(client):
random_id = randint(1, 100)
BOOK_NAME = f"TBook {random_id}"
response: Response = client.post(
"/book/create",
data=dict(label=BOOK_NAME),
follow_redirects=True,
)
assert response.status_code == 200
assert b"Book added!" in response.data
book: m.Book = m.Book.query.filter_by(label=BOOK_NAME).first()
assert book
assert book.versions
assert len(book.versions) == 1
assert book.access_groups
assert len(book.access_groups) == 2
root_collection: m.Collection = book.last_version.collections[0]
assert root_collection
assert root_collection.access_groups
assert len(root_collection.access_groups) == 2
return book
def create_collection(client, book_id):
random_id = randint(1, 100)
LABEL = f"TCollection {random_id}"
response: Response = client.post(
f"/book/{book_id}/create_collection",
data=dict(label=LABEL),
follow_redirects=True,
)
assert response.status_code == 200
assert b"Success!" in response.data
collection: m.Collection = m.Collection.query.filter_by(label=LABEL).first()
assert collection
assert collection.access_groups
assert len(collection.access_groups) == 2
for access_group in collection.access_groups:
access_group: m.AccessGroup
assert access_group.book_id == collection.version.book_id
return collection, response
def create_section(client, book_id, collection_id):
random_id = randint(1, 100)
LABEL = f"TSection {random_id}"
response: Response = client.post(
f"/book/{book_id}/{collection_id}/create_section",
data=dict(collection_id=collection_id, label=LABEL),
follow_redirects=True,
)
assert response.status_code == 200
assert b"Success!" in response.data
section: m.Section = m.Section.query.filter_by(
label=LABEL, collection_id=collection_id
).first()
assert section
assert section.collection_id == collection_id
assert not section.interpretations
assert section.access_groups
assert len(section.access_groups) == 2
for access_group in section.access_groups:
access_group: m.AccessGroup
assert access_group.book_id == section.version.book_id
return section, response
def create_interpretation(client, book_id, section_id):
random_id = randint(1, 100)
LABEL = f"TInterpretation {random_id}"
response: Response = client.post(
f"/book/{book_id}/{section_id}/create_interpretation",
data=dict(section_id=section_id, text=LABEL),
follow_redirects=True,
)
assert response.status_code == 200
interpretation: m.Interpretation = m.Interpretation.query.filter_by(
section_id=section_id, text=LABEL
).first()
assert interpretation
assert interpretation.section_id == section_id
assert not interpretation.comments
assert interpretation.access_groups
assert len(interpretation.access_groups) == 2
for access_group in interpretation.access_groups:
access_group: m.AccessGroup
assert access_group.book_id == interpretation.section.version.book_id
return interpretation, response
def create_comment(client, book_id, interpretation_id):
random_id = randint(1, 100)
TEXT = f"TComment {random_id}"
response: Response = client.post(
f"/book/{book_id}/{interpretation_id}/create_comment",
data=dict(
text=TEXT,
interpretation_id=interpretation_id,
),
follow_redirects=True,
)
assert response
assert response.status_code == 200
assert b"Success" in response.data
assert str.encode(TEXT) in response.data
comment: m.Comment = m.Comment.query.filter_by(text=TEXT).first()
assert comment
return comment, response
def test_editor_access_to_entire_book(client):
login(client)
book = create_book(client)
editor = m.User(username="editor", password="editor").save()
response: Response = client.post(
f"/book/{book.id}/add_contributor",
data=dict(user_id=editor.id, role=m.BookContributor.Roles.EDITOR),
follow_redirects=True,
)
assert response.status_code == 200
assert b"Contributor was added!" in response.data
logout(client)
login(client, "editor", "editor")
# access to settings page
response: Response = client.get(f"/book/{book.id}/settings", follow_redirects=True)
assert b"You do not have permission" not in response.data
# access to edit book
response: Response = client.post(
f"/book/{book.id}/edit",
data=dict(book_id=book.id, label="BookEdited"),
follow_redirects=True,
)
assert b"You do not have permission" not in response.data
assert b"Success!" in response.data
# dont have access to delete
response: Response = client.post(
f"/book/{book.id}/delete",
data=dict(book_id=book.id),
follow_redirects=True,
)
assert b"You do not have permission" in response.data
# access to create collection
collection, response = create_collection(client, book.id)
assert b"You do not have permission" not in response.data
assert b"Success!" in response.data
# access to edit collection
response: Response = client.post(
f"/book/{book.id}/{collection.id}/edit",
data=dict(label="NewLabel"),
follow_redirects=True,
)
assert b"You do not have permission" not in response.data
assert b"Success!" in response.data
# access to delete collection
response: Response = client.post(
f"/book/{book.id}/{collection.id}/delete", follow_redirects=True
)
assert b"You do not have permission" not in response.data
assert b"Success!" in response.data
# restore collection
collection.is_deleted = False
collection.save()
# access to create section
section, response = create_section(client, book.id, collection.id)
assert b"You do not have permission" not in response.data
assert b"Success!" in response.data
# access to edit section
response: Response = client.post(
f"/book/{book.id}/{section.id}/edit_section",
data=dict(section_id=section.id, label="NewLabel"),
follow_redirects=True,
)
assert b"You do not have permission" not in response.data
assert b"Success!" in response.data
# access to delete section
response: Response = client.post(
f"/book/{book.id}/{section.id}/delete_section", follow_redirects=True
)
assert b"You do not have permission" not in response.data
assert b"Success!" in response.data
# restore section
section.is_deleted = False
section.save()
# access to create interpretation
interpretation, response = create_interpretation(client, book.id, section.id)
assert b"You do not have permission" not in response.data
assert b"Success!" in response.data
# access to approve interpretation
response: Response = client.post(
f"/approve/interpretation/{interpretation.id}",
follow_redirects=True,
)
assert response
assert response.json["message"] == "success"
assert response.json["approve"]
assert interpretation.approved
# access to delete interpretation
response: Response = client.post(
(f"/book/{book.id}/{interpretation.id}/delete_interpretation"),
follow_redirects=True,
)
assert b"You do not have permission" not in response.data
assert b"Success!" in response.data
# restore interpretation
interpretation.is_deleted = False
interpretation.save()
# access to create comment
comment, response = create_comment(client, book.id, interpretation.id)
assert b"You do not have permission" not in response.data
assert b"Success!" in response.data
# access to approve comment
response: Response = client.post(
f"/approve/comment/{comment.id}",
follow_redirects=True,
)
assert response
assert response.json["message"] == "success"
assert response.json["approve"]
assert interpretation.approved
# access to delete comment
response: Response = client.post(
f"/book/{book.id}/{interpretation.id}/comment_delete",
data=dict(
text=comment.text,
interpretation_id=interpretation.id,
comment_id=comment.id,
),
follow_redirects=True,
)
assert b"You do not have permission" not in response.data
assert b"Success!" in response.data