test(access): Ensure items returned from query are from user organization and/or globally set organization

ref: #459 closes #448
2025-01-04 18:04:02 +09:30
parent dd72843ffb
commit 1087dde2d5
48 changed files with 981 additions and 32 deletions
--- a/app/config_management/tests/functional/config_groups/test_config_groups_notes_viewset.py
+++ b/app/config_management/tests/functional/config_groups/test_config_groups_notes_viewset.py
@ -60,3 +60,16 @@ class NotePermissionsAPI(
        self.url_view_kwargs = {'config_group_id': self.note_item.id, 'pk': self.item.pk }

        self.add_data = {'note': 'a note added', 'organization': self.organization.id}
+
+
+
+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
--- a/app/config_management/tests/functional/config_groups/test_config_groups_viewset.py
+++ b/app/config_management/tests/functional/config_groups/test_config_groups_viewset.py
@ -16,6 +16,9 @@ from api.tests.abstract.test_metadata_functional import MetadataAttributesFuncti

 from config_management.models.groups import ConfigGroups

+from settings.models.app_settings import AppSettings
+
+


 class ViewSetBase:
@ -51,7 +54,27 @@ class ViewSetBase:



-        # self.url_kwargs = {}
+
+
+        self.global_organization = Organization.objects.create(
+            name = 'test_global_organization'
+        )
+
+        self.global_org_item = self.model.objects.create(
+            organization = self.global_organization,
+            name = 'global_item'
+        )
+
+        app_settings = AppSettings.objects.get(
+            owner_organization = None
+        )
+
+        app_settings.global_organization = self.global_organization
+
+        app_settings.save()
+
+
+


        view_permissions = Permission.objects.get(
--- a/app/config_management/tests/functional/config_groups_software/test_config_groups_software_viewset.py
+++ b/app/config_management/tests/functional/config_groups_software/test_config_groups_software_viewset.py
@ -237,7 +237,18 @@ class ConfigGroupSoftwarePermissionsAPI(
    TestCase,
 ):

-    pass
+
+    def test_returned_data_from_user_and_global_organizations_only(self):
+        """Check items returned
+
+        This test case is a over-ride of a test case with the same name.
+        This model is not a tenancy model making this test not-applicable.
+
+        Items returned from the query Must be from the users organization and
+        global ONLY!
+        """
+        pass
+