spiff-arena/tests/spiffworkflow_backend/unit/test_authorization_service.py

"""Test_message_service."""
import pytest
from flask import Flask
from tests.spiffworkflow_backend.helpers.base_test import BaseTest

from spiffworkflow_backend.models.user import UserNotFoundError
from spiffworkflow_backend.services.authorization_service import AuthorizationService


class TestAuthorizationService(BaseTest):
    """TestAuthorizationService."""

    def test_can_raise_if_missing_user(
        self, app: Flask, with_db_and_bpmn_file_cleanup: None
    ) -> None:
        """Test_can_raise_if_missing_user."""
        with pytest.raises(UserNotFoundError):
            AuthorizationService.import_permissions_from_yaml_file(
                raise_if_missing_user=True
            )

    def test_can_import_permissions_from_yaml(
        self, app: Flask, with_db_and_bpmn_file_cleanup: None
    ) -> None:
        """Test_can_import_permissions_from_yaml."""
        usernames = [
            "testadmin1",
            "testadmin2",
            "testuser1",
            "testuser2",
            "testuser3",
            "testuser4",
        ]
        users = {}
        for username in usernames:
            user = self.find_or_create_user(username=username)
            users[username] = user

        AuthorizationService.import_permissions_from_yaml_file()
        assert len(users["testadmin1"].groups) == 1
        assert users["testadmin1"].groups[0].identifier == "admin"
        assert len(users["testuser1"].groups) == 1
        assert users["testuser1"].groups[0].identifier == "finance"
        assert len(users["testuser2"].groups) == 2

        self.assert_user_has_permission(
            users["testuser1"], "update", "/v1.0/process-groups/finance/model1"
        )
        self.assert_user_has_permission(
            users["testuser1"], "update", "/v1.0/process-groups/finance/"
        )
        self.assert_user_has_permission(
            users["testuser1"], "update", "/v1.0/process-groups/", expected_result=False
        )
        self.assert_user_has_permission(
            users["testuser4"], "update", "/v1.0/process-groups/finance/model1"
        )
        self.assert_user_has_permission(
            users["testuser4"], "read", "/v1.0/process-groups/finance/model1"
        )
        self.assert_user_has_permission(
            users["testuser2"], "update", "/v1.0/process-groups/finance/model1"
        )
        self.assert_user_has_permission(
            users["testuser2"], "update", "/v1.0/process-groups/", expected_result=False
        )
        self.assert_user_has_permission(
            users["testuser2"], "read", "/v1.0/process-groups/"
        )
Squashed 'spiffworkflow-backend/' changes from 03bf7a61..10c443a2 10c443a2 Merge pull request #130 from sartography/feature/data 71c803aa allow passing in the log level into the app w/ burnettk daeb82d9 Merge pull request #126 from sartography/dependabot/pip/typing-extensions-4.4.0 14c8f52c Merge pull request #123 from sartography/dependabot/pip/dot-github/workflows/poetry-1.2.2 92d204e6 Merge remote-tracking branch 'origin/main' into feature/data 1cb77901 run the save all bpmn script on server boot w/ burnettk 16a6f476 Bump typing-extensions from 4.3.0 to 4.4.0 d8ac61fc Bump poetry from 1.2.1 to 1.2.2 in /.github/workflows 3be27786 Merge pull request #131 from sartography/feature/permissions2 1fd8fc78 Merge remote-tracking branch 'origin/main' into feature/permissions2 d29621ae data setup on app boot 0b21a5d4 refactor bin/save_all_bpmn.py into service code 02fb9d61 lint c95db461 refactor scripts 98628fc2 This caused a problem with scopes when token timed out. d8b2323b merged in main and resolved conflicts d01b4fc7 updated sentry-sdk to resolve deprecation warnings 5851ddf5 update for mypy in python 3.9 508f9900 merged in main and resolved conflicts 68d69978 precommit w/ burnettk 85a4ee16 removed debug print statements w/ burnettk 93eb91f4 added keycloak configs and user perms for staging w/ burnettk e4ded8fc added method to import permissions from yml file w/ burnettk 22ba89ae use percents instead of asterisks to better support db syntax w/ burnettk 0c116ae8 postgres does not use backticks w/ burnettk 621ad3ef attempting to see if sql like statement works in other dbs as well w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 10c443a2d82752e8ed9d1679afe6409d81029006 2022-10-12 15:28:52 -04:00			`"""Test_message_service."""`
			`import pytest`
			`from flask import Flask`
			`from tests.spiffworkflow_backend.helpers.base_test import BaseTest`

			`from spiffworkflow_backend.models.user import UserNotFoundError`
			`from spiffworkflow_backend.services.authorization_service import AuthorizationService`


			`class TestAuthorizationService(BaseTest):`
			`"""TestAuthorizationService."""`

			`def test_can_raise_if_missing_user(`
			`self, app: Flask, with_db_and_bpmn_file_cleanup: None`
			`) -> None:`
			`"""Test_can_raise_if_missing_user."""`
			`with pytest.raises(UserNotFoundError):`
			`AuthorizationService.import_permissions_from_yaml_file(`
			`raise_if_missing_user=True`
			`)`

			`def test_can_import_permissions_from_yaml(`
			`self, app: Flask, with_db_and_bpmn_file_cleanup: None`
			`) -> None:`
			`"""Test_can_import_permissions_from_yaml."""`
			`usernames = [`
			`"testadmin1",`
			`"testadmin2",`
			`"testuser1",`
			`"testuser2",`
			`"testuser3",`
			`"testuser4",`
			`]`
			`users = {}`
			`for username in usernames:`
			`user = self.find_or_create_user(username=username)`
			`users[username] = user`

			`AuthorizationService.import_permissions_from_yaml_file()`
			`assert len(users["testadmin1"].groups) == 1`
			`assert users["testadmin1"].groups[0].identifier == "admin"`
			`assert len(users["testuser1"].groups) == 1`
			`assert users["testuser1"].groups[0].identifier == "finance"`
			`assert len(users["testuser2"].groups) == 2`

			`self.assert_user_has_permission(`
			`users["testuser1"], "update", "/v1.0/process-groups/finance/model1"`
			`)`
			`self.assert_user_has_permission(`
			`users["testuser1"], "update", "/v1.0/process-groups/finance/"`
			`)`
			`self.assert_user_has_permission(`
			`users["testuser1"], "update", "/v1.0/process-groups/", expected_result=False`
			`)`
			`self.assert_user_has_permission(`
			`users["testuser4"], "update", "/v1.0/process-groups/finance/model1"`
			`)`
			`self.assert_user_has_permission(`
			`users["testuser4"], "read", "/v1.0/process-groups/finance/model1"`
			`)`
			`self.assert_user_has_permission(`
			`users["testuser2"], "update", "/v1.0/process-groups/finance/model1"`
			`)`
			`self.assert_user_has_permission(`
			`users["testuser2"], "update", "/v1.0/process-groups/", expected_result=False`
			`)`
			`self.assert_user_has_permission(`
			`users["testuser2"], "read", "/v1.0/process-groups/"`
			`)`