]>
Commit | Line | Data |
---|---|---|
11fdf7f2 TL |
1 | # -*- coding: utf-8 -*- |
2 | ||
3 | from __future__ import absolute_import | |
4 | ||
f6b5b4d7 | 5 | from .helper import DashboardTestCase |
11fdf7f2 TL |
6 | |
7 | ||
8 | class RoleTest(DashboardTestCase): | |
9 | @classmethod | |
10 | def _create_role(cls, name=None, description=None, scopes_permissions=None): | |
11 | data = {} | |
12 | if name: | |
13 | data['name'] = name | |
14 | if description: | |
15 | data['description'] = description | |
16 | if scopes_permissions: | |
17 | data['scopes_permissions'] = scopes_permissions | |
18 | cls._post('/api/role', data) | |
19 | ||
20 | def test_crud_role(self): | |
21 | self._create_role(name='role1', | |
22 | description='Description 1', | |
23 | scopes_permissions={'osd': ['read']}) | |
24 | self.assertStatus(201) | |
25 | self.assertJsonBody({ | |
26 | 'name': 'role1', | |
27 | 'description': 'Description 1', | |
28 | 'scopes_permissions': {'osd': ['read']}, | |
29 | 'system': False | |
30 | }) | |
31 | ||
32 | self._get('/api/role/role1') | |
33 | self.assertStatus(200) | |
34 | self.assertJsonBody({ | |
35 | 'name': 'role1', | |
36 | 'description': 'Description 1', | |
37 | 'scopes_permissions': {'osd': ['read']}, | |
38 | 'system': False | |
39 | }) | |
40 | ||
41 | self._put('/api/role/role1', { | |
42 | 'description': 'Description 2', | |
43 | 'scopes_permissions': {'osd': ['read', 'update']}, | |
44 | }) | |
45 | self.assertStatus(200) | |
46 | self.assertJsonBody({ | |
47 | 'name': 'role1', | |
48 | 'description': 'Description 2', | |
49 | 'scopes_permissions': {'osd': ['read', 'update']}, | |
50 | 'system': False | |
51 | }) | |
52 | ||
53 | self._delete('/api/role/role1') | |
54 | self.assertStatus(204) | |
55 | ||
56 | def test_list_roles(self): | |
57 | roles = self._get('/api/role') | |
58 | self.assertStatus(200) | |
59 | ||
60 | self.assertGreaterEqual(len(roles), 1) | |
61 | for role in roles: | |
62 | self.assertIn('name', role) | |
63 | self.assertIn('description', role) | |
64 | self.assertIn('scopes_permissions', role) | |
65 | self.assertIn('system', role) | |
66 | ||
67 | def test_get_role_does_not_exist(self): | |
68 | self._get('/api/role/role2') | |
69 | self.assertStatus(404) | |
70 | ||
71 | def test_create_role_already_exists(self): | |
72 | self._create_role(name='read-only', | |
73 | description='Description 1', | |
74 | scopes_permissions={'osd': ['read']}) | |
75 | self.assertStatus(400) | |
76 | self.assertError(code='role_already_exists', | |
77 | component='role') | |
78 | ||
79 | def test_create_role_no_name(self): | |
80 | self._create_role(description='Description 1', | |
81 | scopes_permissions={'osd': ['read']}) | |
82 | self.assertStatus(400) | |
83 | self.assertError(code='name_required', | |
84 | component='role') | |
85 | ||
86 | def test_create_role_invalid_scope(self): | |
87 | self._create_role(name='role1', | |
88 | description='Description 1', | |
89 | scopes_permissions={'invalid-scope': ['read']}) | |
90 | self.assertStatus(400) | |
91 | self.assertError(code='invalid_scope', | |
92 | component='role') | |
93 | ||
94 | def test_create_role_invalid_permission(self): | |
95 | self._create_role(name='role1', | |
96 | description='Description 1', | |
97 | scopes_permissions={'osd': ['invalid-permission']}) | |
98 | self.assertStatus(400) | |
99 | self.assertError(code='invalid_permission', | |
100 | component='role') | |
101 | ||
102 | def test_delete_role_does_not_exist(self): | |
103 | self._delete('/api/role/role2') | |
104 | self.assertStatus(404) | |
105 | ||
106 | def test_delete_system_role(self): | |
107 | self._delete('/api/role/read-only') | |
108 | self.assertStatus(400) | |
109 | self.assertError(code='cannot_delete_system_role', | |
110 | component='role') | |
111 | ||
112 | def test_delete_role_associated_with_user(self): | |
113 | self.create_user("user", "user", ['read-only']) | |
114 | self._create_role(name='role1', | |
115 | description='Description 1', | |
116 | scopes_permissions={'user': ['create', 'read', 'update', 'delete']}) | |
117 | self.assertStatus(201) | |
118 | self._put('/api/user/user', {'roles': ['role1']}) | |
119 | self.assertStatus(200) | |
120 | ||
121 | self._delete('/api/role/role1') | |
122 | self.assertStatus(400) | |
123 | self.assertError(code='role_is_associated_with_user', | |
124 | component='role') | |
125 | ||
126 | self._put('/api/user/user', {'roles': ['administrator']}) | |
127 | self.assertStatus(200) | |
128 | self._delete('/api/role/role1') | |
129 | self.assertStatus(204) | |
130 | self.delete_user("user") | |
131 | ||
132 | def test_update_role_does_not_exist(self): | |
133 | self._put('/api/role/role2', {}) | |
134 | self.assertStatus(404) | |
135 | ||
136 | def test_update_system_role(self): | |
137 | self._put('/api/role/read-only', {}) | |
138 | self.assertStatus(400) | |
139 | self.assertError(code='cannot_update_system_role', | |
140 | component='role') | |
9f95a23c TL |
141 | |
142 | def test_clone_role(self): | |
143 | self._post('/api/role/read-only/clone', {'new_name': 'foo'}) | |
144 | self.assertStatus(201) | |
145 | self._delete('/api/role/foo') |