test(access): Ensure items returned from query are from user organization and/or globally set organization

ref: #459 closes #448
2025-01-04 18:04:02 +09:30
parent dd72843ffb
commit 1087dde2d5
48 changed files with 981 additions and 32 deletions
--- a/app/access/tests/functional/organization/test_organization_viewset.py
+++ b/app/access/tests/functional/organization/test_organization_viewset.py
@ -198,6 +198,17 @@ class OrganizationPermissionsAPI(
    TestCase
 ):

+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
+


    def test_add_has_permission(self):
--- a/app/access/tests/functional/team/test_team_permission_viewset.py
+++ b/app/access/tests/functional/team/test_team_permission_viewset.py
@ -191,7 +191,17 @@ class TeamPermissionsAPI(
    TestCase,
 ):

-    pass
+
+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass



--- a/app/access/tests/functional/team_user/test_team_user_permission_viewset.py
+++ b/app/access/tests/functional/team_user/test_team_user_permission_viewset.py
@ -205,6 +205,21 @@ class TeamUserPermissionsAPI(



+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
+
+
+
+
+
 class TeamUserViewSet(
    ViewSetBase,
    SerializersTestCases,
--- a/app/api/tests/abstract/api_permissions_viewset.py
+++ b/app/api/tests/abstract/api_permissions_viewset.py
@ -113,6 +113,16 @@ class APIPermissionView:
            url = reverse(self.app_namespace + ':' + self.url_name + '-list')


+        viewable_organizations = [
+            self.organization.id,
+        ]
+
+        if getattr(self, 'global_organization', None):    # Cater for above test that also has global org
+
+            viewable_organizations += [ self.global_organization.id ]
+
+
+
        client.force_login(self.view_user)
        response = client.get(url)

@ -120,14 +130,59 @@ class APIPermissionView:

        for item in response.data['results']:

-            if int(item['organization']['id']) != self.organization.id:
+            if int(item['organization']['id']) not in viewable_organizations:

                contains_different_org = True
+                print(f'Failed returned row was: {item}')

        assert not contains_different_org



+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+
+        client = Client()
+        url = reverse(self.app_namespace + ':' + self.url_name + '-list', kwargs=self.url_kwargs)
+
+
+        only_from_user_org: bool = True
+
+        viewable_organizations = [
+            self.organization.id,
+            self.global_organization.id
+        ]
+
+
+        assert getattr(self.global_organization, 'id', False)    # fail if no global org set
+        assert getattr(self.global_org_item, 'id', False)    # fail if no global item set
+
+
+        client.force_login(self.view_user)
+        response = client.get(url)
+
+        assert len(response.data['results']) >= 2    # fail if only one item extist.
+
+
+        for row in response.data['results']:
+
+            if row['organization']['id'] not in viewable_organizations:
+
+                only_from_user_org = False
+
+                print(f'Users org: {self.organization.id}')
+                print(f'global org: {self.global_organization.id}')
+                print(f'Failed returned row was: {row}')
+
+        assert only_from_user_org
+
+
+
+

 class APIPermissionAdd:

--- a/app/assistance/tests/functional/knowledge_base/test_knowledge_base_viewset.py
+++ b/app/assistance/tests/functional/knowledge_base/test_knowledge_base_viewset.py
@ -16,6 +16,9 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from assistance.models.knowledge_base import KnowledgeBase

+from settings.models.app_settings import AppSettings
+
+


 class ViewSetBase:
@ -50,6 +53,31 @@ class ViewSetBase:
        self.different_organization = different_organization


+        self.view_user = User.objects.create_user(username="test_user_view", password="password")
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            title = 'one',
+            content = 'some text for bodygfdgdf',
+            target_user = self.view_user
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+
+

        self.url_kwargs = {}

@ -124,7 +152,6 @@ class ViewSetBase:
        self.no_permissions_user = User.objects.create_user(username="test_no_permissions", password="password")


-        self.view_user = User.objects.create_user(username="test_user_view", password="password")
        self.view_user_b = User.objects.create_user(username="test_user_view_b", password="password")
        teamuser = TeamUsers.objects.create(
            team = view_team,
--- a/app/assistance/tests/functional/knowledge_base_category/test_knowledge_base_category_viewset.py
+++ b/app/assistance/tests/functional/knowledge_base_category/test_knowledge_base_category_viewset.py
@ -12,6 +12,9 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from assistance.models.knowledge_base import KnowledgeBaseCategory

+from settings.models.app_settings import AppSettings
+
+


 class ViewSetBase:
@ -46,8 +49,29 @@ class ViewSetBase:
        self.different_organization = different_organization


+        self.view_user = User.objects.create_user(username="test_user_view", password="password")
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = 'onesdsad',
+            target_user = self.view_user
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+

-        # self.url_kwargs = {}


        view_permissions = Permission.objects.get(
@ -120,7 +144,6 @@ class ViewSetBase:
        self.no_permissions_user = User.objects.create_user(username="test_no_permissions", password="password")


-        self.view_user = User.objects.create_user(username="test_user_view", password="password")
        self.view_user_b = User.objects.create_user(username="test_user_view_b", password="password")
        teamuser = TeamUsers.objects.create(
            team = view_team,
--- a/app/assistance/tests/functional/model_knowledge_base_article/test_model_knowledge_base_article_viewset.py
+++ b/app/assistance/tests/functional/model_knowledge_base_article/test_model_knowledge_base_article_viewset.py
@ -226,6 +226,18 @@ class ModelKnowledgeBaseArticlePermissionsAPI(
 ):


+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
+
+
    @pytest.mark.skip( reason = 'not required' )
    def test_delete_permission_change_denied(self):
        """This model does not have a change user"""
--- a/app/config_management/tests/functional/config_groups/test_config_groups_notes_viewset.py
+++ b/app/config_management/tests/functional/config_groups/test_config_groups_notes_viewset.py
@ -60,3 +60,16 @@ class NotePermissionsAPI(
        self.url_view_kwargs = {'config_group_id': self.note_item.id, 'pk': self.item.pk }

        self.add_data = {'note': 'a note added', 'organization': self.organization.id}
+
+
+
+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
--- a/app/config_management/tests/functional/config_groups/test_config_groups_viewset.py
+++ b/app/config_management/tests/functional/config_groups/test_config_groups_viewset.py
@ -16,6 +16,9 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from config_management.models.groups import ConfigGroups

+from settings.models.app_settings import AppSettings
+
+


 class ViewSetBase:
@ -51,7 +54,27 @@ class ViewSetBase:



-        # self.url_kwargs = {}
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = 'global_item'
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+


        view_permissions = Permission.objects.get(
--- a/app/config_management/tests/functional/config_groups_software/test_config_groups_software_viewset.py
+++ b/app/config_management/tests/functional/config_groups_software/test_config_groups_software_viewset.py
@ -237,7 +237,18 @@ class ConfigGroupSoftwarePermissionsAPI(
    TestCase,
 ):

-    pass
+
+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
+



--- a/app/core/tests/abstract/test_ticket_viewset.py
+++ b/app/core/tests/abstract/test_ticket_viewset.py
@ -303,6 +303,19 @@ class TicketViewSetBase:
 class TicketViewSetPermissionsAPI( TicketViewSetBase, APIPermissions ):


+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
+
+
+
    def test_add_triage_user_denied(self):
        """ Check correct permission for add

--- a/app/core/tests/functional/manufacturer/test_manufacturer_viewset.py
+++ b/app/core/tests/functional/manufacturer/test_manufacturer_viewset.py
@ -16,6 +16,9 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from core.models.manufacturer import Manufacturer

+from settings.models.app_settings import AppSettings
+
+


 class ViewSetBase:
@ -51,7 +54,28 @@ class ViewSetBase:



-        # self.url_kwargs = {}
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = 'global_item'
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+
+


        view_permissions = Permission.objects.get(
--- a/app/core/tests/functional/related_ticket/test_related_ticket_viewset.py
+++ b/app/core/tests/functional/related_ticket/test_related_ticket_viewset.py
@ -215,6 +215,19 @@ class RelatedTicketsPermissionsAPI(
    TestCase,
 ):

+
+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
+
+
    def test_add_has_permission_post_not_allowed(self):
        """ Check correct permission for add 

--- a/app/core/tests/functional/test_history/test_history_viewset.py
+++ b/app/core/tests/functional/test_history/test_history_viewset.py
@ -231,6 +231,18 @@ class HistoryPermissionsAPI(
 ):


+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
+
+
    def test_view_list_has_permission(self):
        """ Check correct permission for view

--- a/app/core/tests/functional/test_task_result/test_task_result_viewset.py
+++ b/app/core/tests/functional/test_task_result/test_task_result_viewset.py
@ -209,6 +209,18 @@ class TaskResultPermissionsAPI(
        )


+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
+
+
    def test_add_no_permission_denied(self):
        """ Check correct permission for add

--- a/app/core/tests/functional/ticket_category/test_ticket_category_viewset.py
+++ b/app/core/tests/functional/ticket_category/test_ticket_category_viewset.py
@ -16,6 +16,9 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from core.models.ticket.ticket_category import TicketCategory

+from settings.models.app_settings import AppSettings
+
+


 class ViewSetBase:
@ -50,6 +53,34 @@ class ViewSetBase:
        self.different_organization = different_organization


+
+
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = 'global_item'
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+
+
+
+
+
+
        view_permissions = Permission.objects.get(
                codename = 'view_' + self.model._meta.model_name,
                content_type = ContentType.objects.get(
--- a/app/core/tests/functional/ticket_comment/test_ticket_comment_viewset.py
+++ b/app/core/tests/functional/ticket_comment/test_ticket_comment_viewset.py
@ -242,6 +242,18 @@ class TicketCommentPermissionsAPI(
        pass


+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
+
+

 class TicketCommentMetadata(
    ViewSetBase,
--- a/app/core/tests/functional/ticket_comment_category/test_ticket_comment_category_viewset.py
+++ b/app/core/tests/functional/ticket_comment_category/test_ticket_comment_category_viewset.py
@ -16,6 +16,9 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from core.models.ticket.ticket_comment_category import TicketCommentCategory

+from settings.models.app_settings import AppSettings
+
+


 class ViewSetBase:
@ -50,6 +53,33 @@ class ViewSetBase:
        self.different_organization = different_organization


+
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = 'global_item'
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+
+
+
+
+
+
        view_permissions = Permission.objects.get(
                codename = 'view_' + self.model._meta.model_name,
                content_type = ContentType.objects.get(
--- a/app/core/tests/functional/ticket_linked_item/test_ticket_linked_item_viewset.py
+++ b/app/core/tests/functional/ticket_linked_item/test_ticket_linked_item_viewset.py
@ -247,7 +247,19 @@ class ViewSetBasePermissionsAPI(
    APIPermissionView,
 ):

-    pass
+
+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
+
+



--- a/app/itam/tests/functional/device/test_device_notes_viewset.py
+++ b/app/itam/tests/functional/device/test_device_notes_viewset.py
@ -65,3 +65,15 @@ class DeviceNotePermissionsAPI(
        self.url_view_kwargs = {'device_id': self.note_item.id, 'pk': self.item.pk }

        self.add_data = {'note': 'a note added', 'organization': self.organization.id}
+
+
+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
--- a/app/itam/tests/functional/device/test_device_viewset.py
+++ b/app/itam/tests/functional/device/test_device_viewset.py
@ -13,6 +13,8 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from itam.models.device import Device

+from settings.models.app_settings import AppSettings
+


 class ViewSetBase:
@ -47,6 +49,27 @@ class ViewSetBase:
        self.different_organization = different_organization


+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = 'global_item'
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+
+
        view_permissions = Permission.objects.get(
                codename = 'view_' + self.model._meta.model_name,
                content_type = ContentType.objects.get(
--- a/app/itam/tests/functional/device_model/test_device_model_viewset.py
+++ b/app/itam/tests/functional/device_model/test_device_model_viewset.py
@ -12,6 +12,9 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from itam.models.device import DeviceModel

+from settings.models.app_settings import AppSettings
+
+


 class ViewSetBase:
@ -46,6 +49,32 @@ class ViewSetBase:
        self.different_organization = different_organization


+
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = 'global_item'
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+
+
+
+
+
        view_permissions = Permission.objects.get(
                codename = 'view_' + self.model._meta.model_name,
                content_type = ContentType.objects.get(
--- a/app/itam/tests/functional/device_operating_system/test_device_operating_system_viewset.py
+++ b/app/itam/tests/functional/device_operating_system/test_device_operating_system_viewset.py
@ -247,7 +247,17 @@ class DeviceOperatingSystemPermissionsAPI(
    TestCase,
 ):

-    pass
+
+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass



--- a/app/itam/tests/functional/device_software/test_device_software_viewset.py
+++ b/app/itam/tests/functional/device_software/test_device_software_viewset.py
@ -214,8 +214,17 @@ class DeviceSoftwarePermissionsAPI(
    TestCase
 ):

-    pass

+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass


 class DeviceSoftwareViewSet(
--- a/app/itam/tests/functional/device_type/test_device_type_viewset.py
+++ b/app/itam/tests/functional/device_type/test_device_type_viewset.py
@ -12,6 +12,9 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from itam.models.device import DeviceType

+from settings.models.app_settings import AppSettings
+
+


 class ViewSetBase:
@ -46,6 +49,34 @@ class ViewSetBase:
        self.different_organization = different_organization


+
+
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = 'global_item'
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+
+
+
+
+
+
        view_permissions = Permission.objects.get(
                codename = 'view_' + self.model._meta.model_name,
                content_type = ContentType.objects.get(
--- a/app/itam/tests/functional/endpoint_operating_system_installs/test_operating_system_installs_viewset.py
+++ b/app/itam/tests/functional/endpoint_operating_system_installs/test_operating_system_installs_viewset.py
@ -170,7 +170,17 @@ class OperatingSystemInstallsPermissionsAPI(
    TestCase
 ):

-    pass
+
+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass



--- a/app/itam/tests/functional/endpoint_software_installs/test_software_installs_viewset.py
+++ b/app/itam/tests/functional/endpoint_software_installs/test_software_installs_viewset.py
@ -219,7 +219,17 @@ class SoftwareInstallsPermissionsAPI(
    TestCase
 ):

-    pass
+
+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass



--- a/app/itam/tests/functional/operating_system/test_operating_system_notes_viewset.py
+++ b/app/itam/tests/functional/operating_system/test_operating_system_notes_viewset.py
@ -65,3 +65,15 @@ class OperatingSystemNotePermissionsAPI(
        self.url_view_kwargs = {'operating_system_id': self.note_item.id, 'pk': self.item.pk }

        self.add_data = {'note': 'a note added', 'organization': self.organization.id}
+
+
+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
--- a/app/itam/tests/functional/operating_system/test_operating_system_viewset.py
+++ b/app/itam/tests/functional/operating_system/test_operating_system_viewset.py
@ -12,6 +12,9 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from itam.models.operating_system import OperatingSystem

+from settings.models.app_settings import AppSettings
+
+


 class ViewSetBase:
@ -46,6 +49,34 @@ class ViewSetBase:
        self.different_organization = different_organization


+
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = 'global_item'
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+
+
+
+
+
+
+
        view_permissions = Permission.objects.get(
                codename = 'view_' + self.model._meta.model_name,
                content_type = ContentType.objects.get(
--- a/app/itam/tests/functional/operating_system_version/test_operating_system_version_viewset.py
+++ b/app/itam/tests/functional/operating_system_version/test_operating_system_version_viewset.py
@ -12,6 +12,9 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from itam.models.operating_system import OperatingSystem, OperatingSystemVersion

+from settings.models.app_settings import AppSettings
+
+


 class ViewSetBase:
@ -46,6 +49,39 @@ class ViewSetBase:
        self.different_organization = different_organization


+
+        os = OperatingSystem.objects.create(
+            organization = self.organization,
+            name = 'one-add'
+        )
+
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = '22',
+            operating_system = os
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+
+
+
+
+
+
        view_permissions = Permission.objects.get(
                codename = 'view_' + self.model._meta.model_name,
                content_type = ContentType.objects.get(
@ -122,11 +158,6 @@ class ViewSetBase:
            user = self.view_user
        )

-        os = OperatingSystem.objects.create(
-            organization = self.organization,
-            name = 'one-add'
-        )
-
        os_b = OperatingSystem.objects.create(
            organization = different_organization,
            name = 'two-add'
--- a/app/itam/tests/functional/software/test_software_notes_viewset.py
+++ b/app/itam/tests/functional/software/test_software_notes_viewset.py
@ -65,3 +65,15 @@ class SoftwareNotePermissionsAPI(
        self.url_view_kwargs = {'software_id': self.note_item.id, 'pk': self.item.pk }

        self.add_data = {'note': 'a note added', 'organization': self.organization.id}
+
+
+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
--- a/app/itam/tests/functional/software/test_software_viewset.py
+++ b/app/itam/tests/functional/software/test_software_viewset.py
@ -12,6 +12,8 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from itam.models.software import Software

+from settings.models.app_settings import AppSettings
+


 class ViewSetBase:
@ -46,6 +48,35 @@ class ViewSetBase:
        self.different_organization = different_organization


+
+
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = 'global_item'
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+
+
+
+
+
+
+
        view_permissions = Permission.objects.get(
                codename = 'view_' + self.model._meta.model_name,
                content_type = ContentType.objects.get(
--- a/app/itam/tests/functional/software_category/test_software_category_viewset.py
+++ b/app/itam/tests/functional/software_category/test_software_category_viewset.py
@ -12,6 +12,8 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from itam.models.software import SoftwareCategory

+from settings.models.app_settings import AppSettings
+


 class ViewSetBase:
@ -46,6 +48,34 @@ class ViewSetBase:
        self.different_organization = different_organization


+
+
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = 'global_item'
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+
+
+
+
+
+
        view_permissions = Permission.objects.get(
                codename = 'view_' + self.model._meta.model_name,
                content_type = ContentType.objects.get(
--- a/app/itam/tests/functional/software_version/test_software_version_viewset.py
+++ b/app/itam/tests/functional/software_version/test_software_version_viewset.py
@ -12,6 +12,8 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from itam.models.software import Software, SoftwareVersion

+from settings.models.app_settings import AppSettings
+


 class ViewSetBase:
@ -46,6 +48,39 @@ class ViewSetBase:
        self.different_organization = different_organization


+
+        software = Software.objects.create(
+                organization = self.organization,
+                name = 'software'
+            )
+
+
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = '12',
+            software = software
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+
+
+
+
+
        view_permissions = Permission.objects.get(
                codename = 'view_' + self.model._meta.model_name,
                content_type = ContentType.objects.get(
@ -122,11 +157,6 @@ class ViewSetBase:
            user = self.view_user
        )

-        software = Software.objects.create(
-                organization = self.organization,
-                name = 'software'
-            )
-
        software_b = Software.objects.create(
                organization = different_organization,
                name = 'software-b'
--- a/app/itim/tests/functional/cluster/test_cluster_viewset.py
+++ b/app/itim/tests/functional/cluster/test_cluster_viewset.py
@ -12,6 +12,8 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from itim.models.clusters import Cluster

+from settings.models.app_settings import AppSettings
+


 class ViewSetBase:
@ -46,6 +48,33 @@ class ViewSetBase:
        self.different_organization = different_organization


+
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = 'global_item'
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+
+
+
+
+
+
        view_permissions = Permission.objects.get(
                codename = 'view_' + self.model._meta.model_name,
                content_type = ContentType.objects.get(
--- a/app/itim/tests/functional/cluster_types/test_cluster_type_viewset.py
+++ b/app/itim/tests/functional/cluster_types/test_cluster_type_viewset.py
@ -12,6 +12,8 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from itim.models.clusters import ClusterType

+from settings.models.app_settings import AppSettings
+


 class ViewSetBase:
@ -46,6 +48,31 @@ class ViewSetBase:
        self.different_organization = different_organization


+
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = 'global_item'
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+
+
+
+
        view_permissions = Permission.objects.get(
                codename = 'view_' + self.model._meta.model_name,
                content_type = ContentType.objects.get(
--- a/app/itim/tests/functional/port/test_port_viewset.py
+++ b/app/itim/tests/functional/port/test_port_viewset.py
@ -12,6 +12,8 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from itim.models.services import Port

+from settings.models.app_settings import AppSettings
+


 class ViewSetBase:
@ -46,6 +48,34 @@ class ViewSetBase:
        self.different_organization = different_organization


+
+
+
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            number = 8181,
+            protocol = Port.Protocol.TCP
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+
+
+
+
        view_permissions = Permission.objects.get(
                codename = 'view_' + self.model._meta.model_name,
                content_type = ContentType.objects.get(
--- a/app/itim/tests/functional/service/test_service_notes_viewset.py
+++ b/app/itim/tests/functional/service/test_service_notes_viewset.py
@ -60,3 +60,15 @@ class ServiceNotePermissionsAPI(
        self.url_view_kwargs = {'service_id': self.note_item.id, 'pk': self.item.pk }

        self.add_data = {'note': 'a note added', 'organization': self.organization.id}
+
+
+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
--- a/app/itim/tests/functional/service/test_service_viewset.py
+++ b/app/itim/tests/functional/service/test_service_viewset.py
@ -14,6 +14,8 @@ from itam.models.device import Device

 from itim.models.services import Service, Port

+from settings.models.app_settings import AppSettings
+


 class ViewSetBase:
@ -48,6 +50,40 @@ class ViewSetBase:
        self.different_organization = different_organization


+
+
+        device = Device.objects.create(
+            organization=organization,
+            name = 'device'
+        )
+
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = 'global_item',
+            device = device,
+            config_key_variable = 'value'
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+
+
+
+
+
        view_permissions = Permission.objects.get(
                codename = 'view_' + self.model._meta.model_name,
                content_type = ContentType.objects.get(
@ -124,11 +160,6 @@ class ViewSetBase:
            user = self.view_user
        )

-        device = Device.objects.create(
-            organization=organization,
-            name = 'device'
-        )
-
        port = Port.objects.create(
            organization=organization,
            number = 80,
--- a/app/itim/tests/functional/service_cluster/test_service_cluster_viewset.py
+++ b/app/itim/tests/functional/service_cluster/test_service_cluster_viewset.py
@ -156,7 +156,18 @@ class ViewSetBase:

 class ServicePermissionsAPI(ViewSetBase, APIPermissionView, TestCase):

-    pass
+
+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
+



--- a/app/itim/tests/functional/service_device/test_service_device_viewset.py
+++ b/app/itim/tests/functional/service_device/test_service_device_viewset.py
@ -158,7 +158,18 @@ class ViewSetBase:

 class ServicePermissionsAPI(ViewSetBase, APIPermissionView, TestCase):

-    pass
+
+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
+



--- a/app/project_management/tests/functional/project/test_project_viewset.py
+++ b/app/project_management/tests/functional/project/test_project_viewset.py
@ -13,6 +13,8 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from project_management.models.projects import Project

+from settings.models.app_settings import AppSettings
+


 class ViewSetBase:
@ -47,6 +49,31 @@ class ViewSetBase:
        self.different_organization = different_organization


+
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = 'global_item'
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+
+
+
+
        view_permissions = Permission.objects.get(
                codename = 'view_' + self.model._meta.model_name,
                content_type = ContentType.objects.get(
--- a/app/project_management/tests/functional/project_milestone/test_project_milestone_viewset.py
+++ b/app/project_management/tests/functional/project_milestone/test_project_milestone_viewset.py
@ -199,7 +199,18 @@ class ViewSetBase:

 class ProjectMilestonePermissionsAPI(ViewSetBase, APIPermissions, TestCase):

-    pass
+
+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
+



--- a/app/project_management/tests/functional/project_state/test_project_state_viewset.py
+++ b/app/project_management/tests/functional/project_state/test_project_state_viewset.py
@ -12,6 +12,8 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from project_management.models.project_states import ProjectState

+from settings.models.app_settings import AppSettings
+


 class ViewSetBase:
@ -46,6 +48,32 @@ class ViewSetBase:
        self.different_organization = different_organization


+
+
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = 'global_item'
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+
+
+
+
        view_permissions = Permission.objects.get(
                codename = 'view_' + self.model._meta.model_name,
                content_type = ContentType.objects.get(
--- a/app/project_management/tests/functional/project_type/test_project_type_viewset.py
+++ b/app/project_management/tests/functional/project_type/test_project_type_viewset.py
@ -12,6 +12,8 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from project_management.models.project_types import ProjectType

+from settings.models.app_settings import AppSettings
+


 class ViewSetBase:
@ -46,6 +48,31 @@ class ViewSetBase:
        self.different_organization = different_organization


+
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = 'global_item'
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+
+
+
+
        view_permissions = Permission.objects.get(
                codename = 'view_' + self.model._meta.model_name,
                content_type = ContentType.objects.get(
--- a/app/settings/tests/functional/app_settings/test_app_settings_viewset.py
+++ b/app/settings/tests/functional/app_settings/test_app_settings_viewset.py
@ -197,6 +197,18 @@ class AppSettingsPermissionsAPI(
 ):


+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
+
+

    def test_add_create_not_allowed(self):
        """ Check correct permission for add 
--- a/app/settings/tests/functional/external_links/test_external_link_viewset.py
+++ b/app/settings/tests/functional/external_links/test_external_link_viewset.py
@ -194,7 +194,17 @@ class ViewSetBase:

 class ExternalLinkPermissionsAPI(ViewSetBase, APIPermissions, TestCase):

-    pass
+
+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass



--- a/app/settings/tests/functional/user_settings/test_user_settings_viewset.py
+++ b/app/settings/tests/functional/user_settings/test_user_settings_viewset.py
@ -198,6 +198,19 @@ class UserSettingsPermissionsAPI(
 ):


+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
+
+
+
    def test_add_create_not_allowed(self):
        """ Check correct permission for add