ScoDoc-PE/tests/test_users.py

116 lines
3.9 KiB
Python

# -*- coding: UTF-8 -*
"""Unit tests for auth (users/roles/permission management)
Usage: python -m unittest tests.test_users
"""
import os
import unittest
from flask import current_app
from app import app, db
from app.auth.models import User, Role, Permission
from app.scodoc.sco_roles_default import SCO_ROLES_DEFAULTS
DEPT = "XX"
class UserModelCase(unittest.TestCase):
def setUp(self):
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite://"
app.app_context().push()
db.create_all()
Role.insert_roles()
def tearDown(self):
db.session.remove()
db.drop_all()
def test_password_hashing(self):
u = User(username="susan")
u.set_password("cat")
self.assertFalse(u.check_password("dog"))
self.assertTrue(u.check_password("cat"))
def test_roles_permissions(self):
perm = Permission.ScoAbsChange # une permission au hasard
role = Role(name="test")
self.assertFalse(role.has_permission(perm))
role.add_permission(perm)
self.assertTrue(role.has_permission(perm))
role.remove_permission(perm)
self.assertFalse(role.has_permission(perm))
# Default roles:
Role.insert_roles()
# Bien présents ?
role_names = [r.name for r in Role.query.filter_by().all()]
self.assertTrue(len(role_names) == len(SCO_ROLES_DEFAULTS))
self.assertTrue("Ens" in role_names)
self.assertTrue("Secr" in role_names)
self.assertTrue("Admin" in role_names)
# Les permissions de "Ens":
role = Role.query.filter_by(name="Ens").first()
self.assertTrue(role)
self.assertTrue(role.has_permission(Permission.ScoView))
self.assertTrue(role.has_permission(Permission.ScoAbsChange))
# Permissions de Admin
role = Role.query.filter_by(name="Admin").first()
self.assertTrue(role.has_permission(Permission.ScoEtudChangeAdr))
# Permissions de Secr
role = Role.query.filter_by(name="Secr").first()
self.assertTrue(role.has_permission(Permission.ScoEtudChangeAdr))
self.assertFalse(role.has_permission(Permission.ScoEditAllNotes))
def test_users_roles(self):
dept = "XX"
perm = Permission.ScoAbsChange
perm2 = Permission.ScoView
u = User(username="un enseignant")
db.session.add(u)
self.assertFalse(u.has_permission(perm, dept))
r = Role.get_named_role("Ens")
if not r:
r = Role(name="Ens", permissions=perm)
u.add_role(r, dept)
self.assertTrue(u.has_permission(perm, dept))
u = User(username="un autre")
u.add_role(r, dept)
db.session.add(u)
db.session.commit()
self.assertTrue(u.has_permission(perm, dept))
r2 = Role.get_named_role("Secr")
if not r2:
r2 = Role(name="Secr", dept=dept, permissions=perm2)
u.add_roles([r, r2], dept)
self.assertTrue(len(u.roles) == 2)
u = User(username="encore un")
db.session.add(u)
db.session.commit()
u.set_roles([r, r2], dept)
print(u.roles)
self.assertTrue(len(u.roles) == 2)
self.assertTrue(u.has_permission(perm, dept))
self.assertTrue(u.has_permission(perm2, dept))
# et pas accès aux autres dept:
self.assertFalse(u.has_permission(perm, dept + "X"))
self.assertFalse(u.has_permission(perm, None))
def test_user_admin(self):
dept = "XX"
perm = 0x1234 # a random perm
u = User(username="un admin", email=current_app.config["SCODOC_ADMIN_MAIL"])
db.session.add(u)
self.assertTrue(len(u.roles) == 1)
self.assertTrue(u.has_permission(perm, dept))
# Le grand admin a accès à tous les départements:
self.assertTrue(u.has_permission(perm, dept + "XX"))
self.assertTrue("Admin" == u.roles[0].name)
if __name__ == "__main__":
app.app_context().push()
unittest.main(verbosity=2)