The superuser capability does not require the idea of ordinality since it is a binary permission.
This commit is contained in:
Jake Moshenko
parent
87efcb9e3d
commit
7b470237a1
2 changed files with 47 additions and 15 deletions
42
test/test_permissions.py
Normal file
42
test/test_permissions.py
Normal file
|
|
@ -0,0 +1,42 @@
|
|||
import unittest
|
||||
|
||||
from app import app
|
||||
|
||||
from data import model
|
||||
from auth import scopes
|
||||
from auth.permissions import SuperUserPermission, QuayDeferredPermissionUser
|
||||
from initdb import setup_database_for_testing, finished_database_for_testing
|
||||
|
||||
|
||||
SUPER_USERNAME = 'devtable'
|
||||
UNSUPER_USERNAME = 'freshuser'
|
||||
|
||||
|
||||
class TestSuperUserOps(unittest.TestCase):
|
||||
def setUp(self):
|
||||
setup_database_for_testing(self)
|
||||
self._su = model.get_user(SUPER_USERNAME)
|
||||
self._normie = model.get_user(UNSUPER_USERNAME)
|
||||
|
||||
def tearDown(self):
|
||||
finished_database_for_testing(self)
|
||||
|
||||
def test_superuser_matrix(self):
|
||||
import logging
|
||||
logging.basicConfig(level=logging.DEBUG)
|
||||
|
||||
test_cases = [
|
||||
(self._su, {scopes.SUPERUSER}, True),
|
||||
(self._su, {scopes.DIRECT_LOGIN}, True),
|
||||
(self._su, {scopes.READ_USER, scopes.SUPERUSER}, True),
|
||||
(self._su, {scopes.READ_USER}, False),
|
||||
(self._normie, {scopes.SUPERUSER}, False),
|
||||
(self._normie, {scopes.DIRECT_LOGIN}, False),
|
||||
(self._normie, {scopes.READ_USER, scopes.SUPERUSER}, False),
|
||||
(self._normie, {scopes.READ_USER}, False),
|
||||
]
|
||||
|
||||
for user_obj, scope_set, expected in test_cases:
|
||||
perm_user = QuayDeferredPermissionUser.for_user(user_obj, scope_set)
|
||||
has_su = perm_user.can(SuperUserPermission())
|
||||
self.assertEquals(has_su, expected)
|
||||
Reference in a new issue