spiff-arena/tests/spiffworkflow_backend/unit/test_permission_target.py

"""Process Model."""
import pytest
from flask.app import Flask
from flask_bpmn.models.db import db
from tests.spiffworkflow_backend.helpers.base_test import BaseTest

from spiffworkflow_backend.models.permission_target import (
    InvalidPermissionTargetUriError,
)
from spiffworkflow_backend.models.permission_target import PermissionTargetModel


class TestPermissionTarget(BaseTest):
    """TestPermissionTarget."""

    def test_wildcard_must_go_at_the_end_of_uri(
        self, app: Flask, with_db_and_bpmn_file_cleanup: None
    ) -> None:
        """Test_wildcard_must_go_at_the_end_of_uri."""
        permission_target = PermissionTargetModel(uri="/test_group/%")
        db.session.add(permission_target)
        db.session.commit()

        permission_target = PermissionTargetModel(uri="/test_group")
        db.session.add(permission_target)
        db.session.commit()

        with pytest.raises(InvalidPermissionTargetUriError) as exception:
            PermissionTargetModel(uri="/test_group/%/model")
        assert (
            str(exception.value) == "Wildcard must appear at end: /test_group/%/model"
        )

    def test_can_change_asterisk_to_percent_on_creation(
        self, app: Flask, with_db_and_bpmn_file_cleanup: None
    ) -> None:
        """Test_can_change_asterisk_to_percent_on_creation."""
        permission_target = PermissionTargetModel(uri="/test_group/*")
        db.session.add(permission_target)
        db.session.commit()
        assert isinstance(permission_target.id, int)
        assert permission_target.uri == "/test_group/%"
Squashed 'spiffworkflow-backend/' changes from 03bf7a61..10c443a2 10c443a2 Merge pull request #130 from sartography/feature/data 71c803aa allow passing in the log level into the app w/ burnettk daeb82d9 Merge pull request #126 from sartography/dependabot/pip/typing-extensions-4.4.0 14c8f52c Merge pull request #123 from sartography/dependabot/pip/dot-github/workflows/poetry-1.2.2 92d204e6 Merge remote-tracking branch 'origin/main' into feature/data 1cb77901 run the save all bpmn script on server boot w/ burnettk 16a6f476 Bump typing-extensions from 4.3.0 to 4.4.0 d8ac61fc Bump poetry from 1.2.1 to 1.2.2 in /.github/workflows 3be27786 Merge pull request #131 from sartography/feature/permissions2 1fd8fc78 Merge remote-tracking branch 'origin/main' into feature/permissions2 d29621ae data setup on app boot 0b21a5d4 refactor bin/save_all_bpmn.py into service code 02fb9d61 lint c95db461 refactor scripts 98628fc2 This caused a problem with scopes when token timed out. d8b2323b merged in main and resolved conflicts d01b4fc7 updated sentry-sdk to resolve deprecation warnings 5851ddf5 update for mypy in python 3.9 508f9900 merged in main and resolved conflicts 68d69978 precommit w/ burnettk 85a4ee16 removed debug print statements w/ burnettk 93eb91f4 added keycloak configs and user perms for staging w/ burnettk e4ded8fc added method to import permissions from yml file w/ burnettk 22ba89ae use percents instead of asterisks to better support db syntax w/ burnettk 0c116ae8 postgres does not use backticks w/ burnettk 621ad3ef attempting to see if sql like statement works in other dbs as well w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 10c443a2d82752e8ed9d1679afe6409d81029006 2022-10-12 19:28:52 +00:00			`"""Process Model."""`
			`import pytest`
			`from flask.app import Flask`
			`from flask_bpmn.models.db import db`
			`from tests.spiffworkflow_backend.helpers.base_test import BaseTest`

			`from spiffworkflow_backend.models.permission_target import (`
			`InvalidPermissionTargetUriError,`
			`)`
			`from spiffworkflow_backend.models.permission_target import PermissionTargetModel`


			`class TestPermissionTarget(BaseTest):`
			`"""TestPermissionTarget."""`

Squashed 'spiffworkflow-backend/' changes from f9c2fa21e..5225a8b4c 5225a8b4c pyl 259f74a1e Merge branch 'main' into bug/refresh-token d452208ef Merge pull request #135 from sartography/feature/permissions3 8e1075406 Merge branch 'main' into bug/refresh-token 2b01d2fe7 fixed authentication_callback and getting the user w/ burnettk 476e36c7d mypy changes 6403e62c0 Fix migration after merging main 594a32b67 merged in main and resolved conflicts w/ burnettk b285ba1a1 added updated columns to secrets and updated flask-bpmn 7c53fc9fa Merge remote-tracking branch 'origin/main' into feature/permissions3 201a6918a pyl changes a6112f7fb Merge branch 'main' into bug/refresh-token 87f65a6c6 auth_token should be dictionary, not string f163de61c pyl 1f443bb94 PublicAuthenticationService -> AuthenticationService 6c491a3df Don't refresh token here. They just logged in. We are validating the returned token. If it is bad, raise an error. 91b8649f8 id_token -> auth_token fc94774bb Move `store_refresh_token` to authentication_service 00d66e9c5 mypy c4e415dbe mypy 1e75716eb Pre commit a72b03e09 Rename method. We pass it auth_tokens, not id_tokens 9a6700a6d Too many things expect g.token. Reverting my change 74883fb23 Noe store refresh_token, and try to use it if auth_token is expired Renamed some methods to use correct token type be0557013 Cleanup - remove unused code cf01f0d51 Add refresh_token model 1c0c937af added method to delete all permissions so we can recreate them w/ burnettk aaeaac879 Merge remote-tracking branch 'origin/main' into feature/permissions3 44856fce2 added api endpoint to check if user has permissions based on given target uris w/ burnettk ae830054d precommit w/ burnettk 94d50efb1 created common method to check whether an api method should have auth w/ burnettk c955335d0 precommit w/ burnettk 37caf1a69 added a finance user to keycloak and fixed up the staging permission yml w/ burnettk 93c456294 merged in main and resolved conflicts w/ burnettk 06a7c6485 remaining tests are now passing w/ burnettk 50529d04c added test to make sure api gives a 403 if a permission is not found w/ burnettk 6a9d0a68a api calls are somewhat respecting permissions now and the process api tests are passing d07fbbeff attempting to respect permissions w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 5225a8b4c101133567d4f7efa33632d36c29c81d 2022-10-20 20:00:12 +00:00			`def test_wildcard_must_go_at_the_end_of_uri(`
Squashed 'spiffworkflow-backend/' changes from 03bf7a61..10c443a2 10c443a2 Merge pull request #130 from sartography/feature/data 71c803aa allow passing in the log level into the app w/ burnettk daeb82d9 Merge pull request #126 from sartography/dependabot/pip/typing-extensions-4.4.0 14c8f52c Merge pull request #123 from sartography/dependabot/pip/dot-github/workflows/poetry-1.2.2 92d204e6 Merge remote-tracking branch 'origin/main' into feature/data 1cb77901 run the save all bpmn script on server boot w/ burnettk 16a6f476 Bump typing-extensions from 4.3.0 to 4.4.0 d8ac61fc Bump poetry from 1.2.1 to 1.2.2 in /.github/workflows 3be27786 Merge pull request #131 from sartography/feature/permissions2 1fd8fc78 Merge remote-tracking branch 'origin/main' into feature/permissions2 d29621ae data setup on app boot 0b21a5d4 refactor bin/save_all_bpmn.py into service code 02fb9d61 lint c95db461 refactor scripts 98628fc2 This caused a problem with scopes when token timed out. d8b2323b merged in main and resolved conflicts d01b4fc7 updated sentry-sdk to resolve deprecation warnings 5851ddf5 update for mypy in python 3.9 508f9900 merged in main and resolved conflicts 68d69978 precommit w/ burnettk 85a4ee16 removed debug print statements w/ burnettk 93eb91f4 added keycloak configs and user perms for staging w/ burnettk e4ded8fc added method to import permissions from yml file w/ burnettk 22ba89ae use percents instead of asterisks to better support db syntax w/ burnettk 0c116ae8 postgres does not use backticks w/ burnettk 621ad3ef attempting to see if sql like statement works in other dbs as well w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 10c443a2d82752e8ed9d1679afe6409d81029006 2022-10-12 19:28:52 +00:00			`self, app: Flask, with_db_and_bpmn_file_cleanup: None`
			`) -> None:`
Squashed 'spiffworkflow-backend/' changes from f9c2fa21e..5225a8b4c 5225a8b4c pyl 259f74a1e Merge branch 'main' into bug/refresh-token d452208ef Merge pull request #135 from sartography/feature/permissions3 8e1075406 Merge branch 'main' into bug/refresh-token 2b01d2fe7 fixed authentication_callback and getting the user w/ burnettk 476e36c7d mypy changes 6403e62c0 Fix migration after merging main 594a32b67 merged in main and resolved conflicts w/ burnettk b285ba1a1 added updated columns to secrets and updated flask-bpmn 7c53fc9fa Merge remote-tracking branch 'origin/main' into feature/permissions3 201a6918a pyl changes a6112f7fb Merge branch 'main' into bug/refresh-token 87f65a6c6 auth_token should be dictionary, not string f163de61c pyl 1f443bb94 PublicAuthenticationService -> AuthenticationService 6c491a3df Don't refresh token here. They just logged in. We are validating the returned token. If it is bad, raise an error. 91b8649f8 id_token -> auth_token fc94774bb Move `store_refresh_token` to authentication_service 00d66e9c5 mypy c4e415dbe mypy 1e75716eb Pre commit a72b03e09 Rename method. We pass it auth_tokens, not id_tokens 9a6700a6d Too many things expect g.token. Reverting my change 74883fb23 Noe store refresh_token, and try to use it if auth_token is expired Renamed some methods to use correct token type be0557013 Cleanup - remove unused code cf01f0d51 Add refresh_token model 1c0c937af added method to delete all permissions so we can recreate them w/ burnettk aaeaac879 Merge remote-tracking branch 'origin/main' into feature/permissions3 44856fce2 added api endpoint to check if user has permissions based on given target uris w/ burnettk ae830054d precommit w/ burnettk 94d50efb1 created common method to check whether an api method should have auth w/ burnettk c955335d0 precommit w/ burnettk 37caf1a69 added a finance user to keycloak and fixed up the staging permission yml w/ burnettk 93c456294 merged in main and resolved conflicts w/ burnettk 06a7c6485 remaining tests are now passing w/ burnettk 50529d04c added test to make sure api gives a 403 if a permission is not found w/ burnettk 6a9d0a68a api calls are somewhat respecting permissions now and the process api tests are passing d07fbbeff attempting to respect permissions w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 5225a8b4c101133567d4f7efa33632d36c29c81d 2022-10-20 20:00:12 +00:00			`"""Test_wildcard_must_go_at_the_end_of_uri."""`
Squashed 'spiffworkflow-backend/' changes from 03bf7a61..10c443a2 10c443a2 Merge pull request #130 from sartography/feature/data 71c803aa allow passing in the log level into the app w/ burnettk daeb82d9 Merge pull request #126 from sartography/dependabot/pip/typing-extensions-4.4.0 14c8f52c Merge pull request #123 from sartography/dependabot/pip/dot-github/workflows/poetry-1.2.2 92d204e6 Merge remote-tracking branch 'origin/main' into feature/data 1cb77901 run the save all bpmn script on server boot w/ burnettk 16a6f476 Bump typing-extensions from 4.3.0 to 4.4.0 d8ac61fc Bump poetry from 1.2.1 to 1.2.2 in /.github/workflows 3be27786 Merge pull request #131 from sartography/feature/permissions2 1fd8fc78 Merge remote-tracking branch 'origin/main' into feature/permissions2 d29621ae data setup on app boot 0b21a5d4 refactor bin/save_all_bpmn.py into service code 02fb9d61 lint c95db461 refactor scripts 98628fc2 This caused a problem with scopes when token timed out. d8b2323b merged in main and resolved conflicts d01b4fc7 updated sentry-sdk to resolve deprecation warnings 5851ddf5 update for mypy in python 3.9 508f9900 merged in main and resolved conflicts 68d69978 precommit w/ burnettk 85a4ee16 removed debug print statements w/ burnettk 93eb91f4 added keycloak configs and user perms for staging w/ burnettk e4ded8fc added method to import permissions from yml file w/ burnettk 22ba89ae use percents instead of asterisks to better support db syntax w/ burnettk 0c116ae8 postgres does not use backticks w/ burnettk 621ad3ef attempting to see if sql like statement works in other dbs as well w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 10c443a2d82752e8ed9d1679afe6409d81029006 2022-10-12 19:28:52 +00:00			`permission_target = PermissionTargetModel(uri="/test_group/%")`
			`db.session.add(permission_target)`
			`db.session.commit()`

			`permission_target = PermissionTargetModel(uri="/test_group")`
			`db.session.add(permission_target)`
			`db.session.commit()`

			`with pytest.raises(InvalidPermissionTargetUriError) as exception:`
			`PermissionTargetModel(uri="/test_group/%/model")`
			`assert (`
			`str(exception.value) == "Wildcard must appear at end: /test_group/%/model"`
			`)`
Squashed 'spiffworkflow-backend/' changes from f9c2fa21e..5225a8b4c 5225a8b4c pyl 259f74a1e Merge branch 'main' into bug/refresh-token d452208ef Merge pull request #135 from sartography/feature/permissions3 8e1075406 Merge branch 'main' into bug/refresh-token 2b01d2fe7 fixed authentication_callback and getting the user w/ burnettk 476e36c7d mypy changes 6403e62c0 Fix migration after merging main 594a32b67 merged in main and resolved conflicts w/ burnettk b285ba1a1 added updated columns to secrets and updated flask-bpmn 7c53fc9fa Merge remote-tracking branch 'origin/main' into feature/permissions3 201a6918a pyl changes a6112f7fb Merge branch 'main' into bug/refresh-token 87f65a6c6 auth_token should be dictionary, not string f163de61c pyl 1f443bb94 PublicAuthenticationService -> AuthenticationService 6c491a3df Don't refresh token here. They just logged in. We are validating the returned token. If it is bad, raise an error. 91b8649f8 id_token -> auth_token fc94774bb Move `store_refresh_token` to authentication_service 00d66e9c5 mypy c4e415dbe mypy 1e75716eb Pre commit a72b03e09 Rename method. We pass it auth_tokens, not id_tokens 9a6700a6d Too many things expect g.token. Reverting my change 74883fb23 Noe store refresh_token, and try to use it if auth_token is expired Renamed some methods to use correct token type be0557013 Cleanup - remove unused code cf01f0d51 Add refresh_token model 1c0c937af added method to delete all permissions so we can recreate them w/ burnettk aaeaac879 Merge remote-tracking branch 'origin/main' into feature/permissions3 44856fce2 added api endpoint to check if user has permissions based on given target uris w/ burnettk ae830054d precommit w/ burnettk 94d50efb1 created common method to check whether an api method should have auth w/ burnettk c955335d0 precommit w/ burnettk 37caf1a69 added a finance user to keycloak and fixed up the staging permission yml w/ burnettk 93c456294 merged in main and resolved conflicts w/ burnettk 06a7c6485 remaining tests are now passing w/ burnettk 50529d04c added test to make sure api gives a 403 if a permission is not found w/ burnettk 6a9d0a68a api calls are somewhat respecting permissions now and the process api tests are passing d07fbbeff attempting to respect permissions w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 5225a8b4c101133567d4f7efa33632d36c29c81d 2022-10-20 20:00:12 +00:00
			`def test_can_change_asterisk_to_percent_on_creation(`
			`self, app: Flask, with_db_and_bpmn_file_cleanup: None`
			`) -> None:`
			`"""Test_can_change_asterisk_to_percent_on_creation."""`
			`permission_target = PermissionTargetModel(uri="/test_group/*")`
			`db.session.add(permission_target)`
			`db.session.commit()`
			`assert isinstance(permission_target.id, int)`
			`assert permission_target.uri == "/test_group/%"`