Skip to content

Commit

Permalink
[#2939] Logic auth_test nicer api call fn name
Browse files Browse the repository at this point in the history
  • Loading branch information
@tobes
tobes committed Nov 19, 2012
1 parent 120149b commit 2723531
Showing 1 changed file with 54 additions and 54 deletions.
108 changes: 54 additions & 54 deletions ckan/tests/logic/test_auth.py
View file
Expand Up @@ -33,7 +33,7 @@ def teardown_class(cls):
new_authz.CONFIG_PERMISSIONS.update(cls.old_perm)
model.repo.rebuild_db()

def _action_post(self, action, data, user, status=None):
def _call_api(self, action, data, user, status=None):
params='%s=1' % json.dumps(data)
return self.app.post('/api/action/%s' % action,
params=params,
Expand All @@ -44,7 +44,7 @@ def create_user(self, name):
user = {'name': name,
'password': 'pass',
'email': 'moo@moo.com'}
res = self._action_post('user_create', user, 'sysadmin', 200)
res = self._call_api('user_create', user, 'sysadmin', 200)
self.apikeys[name] = str(json.loads(res.body)['result']['apikey'])


Expand All @@ -61,78 +61,78 @@ def test_01_create_users(self):
'password': 'pass',
'email': 'moo@moo.com'}

self._action_post('user_create', user, 'random_key', 403)
self._action_post('user_create', user, 'no_org', 403)
self._call_api('user_create', user, 'random_key', 403)
self._call_api('user_create', user, 'no_org', 403)

def test_02_create_orgs(self):
org = {'name': 'org_no_user',}
self._action_post('organization_create', org, 'random_key', 403)
self._action_post('organization_create', org, 'sysadmin')
self._call_api('organization_create', org, 'random_key', 403)
self._call_api('organization_create', org, 'sysadmin')

org = {'name': 'org_with_user',}
self._action_post('organization_create', org, 'random_key', 403)
self._action_post('organization_create', org, 'sysadmin')
self._call_api('organization_create', org, 'random_key', 403)
self._call_api('organization_create', org, 'sysadmin')

#no user should be able to create org
org = {'name': 'org_should_not_be_created',}
self._action_post('organization_create', org, 'org_admin', 403)
self._call_api('organization_create', org, 'org_admin', 403)

def test_03_create_dataset_no_org(self):

dataset = {'name': 'admin_create_no_org'}
self._action_post('package_create', dataset, 'sysadmin', 409)
self._call_api('package_create', dataset, 'sysadmin', 409)

dataset = {'name': 'should_not_be_created'}
self._action_post('package_create', dataset, 'no_org', 403)
self._call_api('package_create', dataset, 'no_org', 403)

def test_04_create_dataset_with_org(self):

dataset = {'name': 'admin_create_with_user', 'owner_org': 'org_with_user'}
self._action_post('package_create', dataset, 'sysadmin', 200)
self._call_api('package_create', dataset, 'sysadmin', 200)

dataset = {'name': 'sysadmin_create_no_user', 'owner_org': 'org_no_user'}
self._action_post('package_create', dataset, 'sysadmin', 200)
self._call_api('package_create', dataset, 'sysadmin', 200)

dataset = {'name': 'user_create_with_org', 'owner_org': 'org_with_user'}
self._action_post('package_create', dataset, 'no_org', 403)
self._call_api('package_create', dataset, 'no_org', 403)

def test_05_add_users_to_org(self):

member = {'username': 'org_admin',
'role': 'admin',
'id': 'org_with_user'}
self._action_post('organization_member_create', member, 'sysadmin')
self._call_api('organization_member_create', member, 'sysadmin')

## admin user should be able to add users now
member = {'username': 'org_editor',
'role': 'editor',
'id': 'org_with_user'}
self._action_post('organization_member_create', member, 'org_admin')
self._call_api('organization_member_create', member, 'org_admin')

## admin user should be able to add users now
## editor should not be able to approve others as editors
member = {'username': 'editor_wannabe',
'role': 'editor',
'id': 'org_with_user'}
self._action_post('organization_member_create', member, 'org_editor', 403)
self._call_api('organization_member_create', member, 'org_editor', 403)

def _add_datasets(self, user):

#org admin/editor should be able to add dataset to org.
dataset = {'name': user + '_dataset', 'owner_org': 'org_with_user'}
self._action_post('package_create', dataset, user, 200)
self._call_api('package_create', dataset, user, 200)

#not able to add dataset to org admin does not belong to.
dataset = {'name': user + '_dataset_bad', 'owner_org': 'org_no_user'}
self._action_post('package_create', dataset, user, 409)
self._call_api('package_create', dataset, user, 409)

#admin not able to make dataset not owned by a org
dataset = {'name': user + '_dataset_bad' }
self._action_post('package_create', dataset, user, 409)
self._call_api('package_create', dataset, user, 409)

#not able to add org to not existant org
dataset = {'name': user + '_dataset_bad', 'owner_org': 'org_not_exist' }
self._action_post('package_create', dataset, user, 409)
self._call_api('package_create', dataset, user, 409)

def test_07_add_datasets(self):
self._add_datasets('org_admin')
Expand All @@ -141,16 +141,16 @@ def test_07_add_datasets(self):
def _update_datasets(self, user):
##editor/admin should be able to update dataset
dataset = {'id': 'org_editor_dataset', 'title': 'test'}
self._action_post('package_update', dataset, user, 200)
self._call_api('package_update', dataset, user, 200)
# editor/admin tries to change owner org
dataset = {'id': 'org_editor_dataset', 'owner_org': 'org_no_user'}
self._action_post('package_update', dataset, user, 409)
self._call_api('package_update', dataset, user, 409)
# editor/admin tries to update dataset in different org
dataset = {'id': 'sysadmin_create_no_user', 'title': 'test'}
self._action_post('package_update', dataset, user, 403)
self._call_api('package_update', dataset, user, 403)
#non existant owner org
dataset = {'id': 'org_editor_dataset', 'owner_org': 'org_not_exist' }
self._action_post('package_update', dataset, user, 409)
self._call_api('package_update', dataset, user, 409)

def test_08_update_datasets(self):
self._update_datasets('org_admin')
Expand All @@ -159,10 +159,10 @@ def test_08_update_datasets(self):
def _delete_datasets(self, user):
#editor/admin should be able to update dataset
dataset = {'id': 'org_editor_dataset'}
self._action_post('package_delete', dataset, user, 200)
self._call_api('package_delete', dataset, user, 200)
#not able to delete dataset in org user does not belong to
dataset = {'id': 'sysadmin_create_no_user'}
self._action_post('package_delete', dataset, user, 403)
self._call_api('package_delete', dataset, user, 403)

def test_09_delete_datasets(self):
self._delete_datasets('org_admin')
Expand All @@ -171,33 +171,33 @@ def test_09_delete_datasets(self):
def test_10_edit_org(self):
org = {'id': 'org_no_user', 'title': 'test'}
#change an org user does not belong to
self._action_post('organization_update', org, 'org_editor', 403)
self._action_post('organization_update', org, 'org_admin', 403)
self._call_api('organization_update', org, 'org_editor', 403)
self._call_api('organization_update', org, 'org_admin', 403)

#change an org a user belongs to
org = {'id': 'org_with_user', 'title': 'test'}
self._action_post('organization_update', org, 'org_editor', 403)
self._action_post('organization_update', org, 'org_admin', 200)
self._call_api('organization_update', org, 'org_editor', 403)
self._call_api('organization_update', org, 'org_admin', 200)

def test_11_delete_org(self):
org = {'id': 'org_no_user', 'title': 'test'}
self._action_post('organization_delete', org, 'org_editor', 403)
self._action_post('organization_delete', org, 'org_admin', 403)
self._call_api('organization_delete', org, 'org_editor', 403)
self._call_api('organization_delete', org, 'org_admin', 403)
org = {'id': 'org_with_user'}
self._action_post('organization_delete', org, 'org_editor', 403)
self._action_post('organization_delete', org, 'org_admin', 403)
self._call_api('organization_delete', org, 'org_editor', 403)
self._call_api('organization_delete', org, 'org_admin', 403)


class TestAuthGroups(TestAuth):

def test_01_create_groups(self):
group = {'name': 'group_no_user',}
self._action_post('group_create', group, 'random_key', 403)
self._action_post('group_create', group, 'sysadmin')
self._call_api('group_create', group, 'random_key', 403)
self._call_api('group_create', group, 'sysadmin')

group = {'name': 'group_with_user',}
self._action_post('group_create', group, 'random_key', 403)
self._action_post('group_create', group, 'sysadmin')
self._call_api('group_create', group, 'random_key', 403)
self._call_api('group_create', group, 'sysadmin')


def test_02_add_users_to_group(self):
Expand All @@ -210,56 +210,56 @@ def test_02_add_users_to_group(self):
member = {'username': 'org_admin',
'role': 'admin',
'id': 'group_with_user'}
self._action_post('group_member_create', member, 'sysadmin')
self._call_api('group_member_create', member, 'sysadmin')

## admin user should be able to add users now
member = {'username': 'org_editor',
'role': 'editor',
'id': 'group_with_user'}
self._action_post('group_member_create', member, 'org_admin')
self._call_api('group_member_create', member, 'org_admin')

## editor should not be able to approve others as editors
member = {'username': 'org_editor_wannabe',
'role': 'editor',
'id': 'group_with_user'}
self._action_post('group_member_create', member, 'org_editor', 403)
self._call_api('group_member_create', member, 'org_editor', 403)

def test_03_add_dataset_to_group(self):
org = {'name': 'org'}
self._action_post('organization_create', org, 'sysadmin')
self._call_api('organization_create', org, 'sysadmin')
package = {'name': 'package_added_by_admin', 'owner_org': 'org'}
self._action_post('package_create', package, 'sysadmin')
self._call_api('package_create', package, 'sysadmin')
package = {'name': 'package_added_by_editor', 'owner_org': 'org'}
self._action_post('package_create', package, 'sysadmin')
self._call_api('package_create', package, 'sysadmin')

group = {'id': 'group_with_user', 'packages': [{'id': 'package_added_by_admin'}]}
self._action_post('group_update', group, 'no_group', 403)
self._action_post('group_update', group, 'org_admin')
self._call_api('group_update', group, 'no_group', 403)
self._call_api('group_update', group, 'org_admin')

group = {'id': 'group_with_user',
'packages': [{'id': 'package_added_by_admin'}, {'id' :'package_added_by_editor'}]}
# org editor doesn't have edit rights
self._action_post('group_update', group, 'org_editor', 403)
self._call_api('group_update', group, 'org_editor', 403)

def test_04_modify_group(self):

group = {'id': 'group_with_user', 'title': 'moo',
'packages': [{'id': 'package_added_by_admin'}]}

self._action_post('group_update', group, 'org_admin')
self._call_api('group_update', group, 'org_admin')

# need to think about this as is horrible may just let editor edit
# group for this case even though spec says otherwise
self._action_post('group_update', group, 'org_editor', 403)
self._call_api('group_update', group, 'org_editor', 403)

def test_05_delete_group(self):

org = {'id': 'group_with_user'}
self._action_post('group_delete', org, 'org_editor', 403)
self._action_post('group_delete', org, 'org_admin', 403)
self._call_api('group_delete', org, 'org_editor', 403)
self._call_api('group_delete', org, 'org_admin', 403)
org = {'id': 'group_with_user'}
self._action_post('group_delete', org, 'org_editor', 403)
self._action_post('group_delete', org, 'org_admin', 403)
self._call_api('group_delete', org, 'org_editor', 403)
self._call_api('group_delete', org, 'org_admin', 403)



Expand Down

0 comments on commit 2723531

Please sign in to comment.