From 62fcb5aa0164690d97d80ffa0353c238565a6b9e Mon Sep 17 00:00:00 2001
From: Jon <jonathon.lockwood@networkedweb.com>
Date: Fri, 27 Dec 2024 22:28:12 +0930
Subject: [PATCH] test(api): Adjust test case for metadata visibility

view user only

ref: #442 #456
---
 app/access/mixins/organization.py             |   4 +
 .../abstract/test_metadata_functional.py      | 145 +-----------------
 ...access_organization_permission_checking.md |  11 --
 .../centurion_erp/user/access/index.md        |  22 ++-
 mkdocs.yml                                    |   2 -
 5 files changed, 28 insertions(+), 156 deletions(-)
 delete mode 100644 docs/projects/centurion_erp/development/api/models/access_organization_permission_checking.md

diff --git a/app/access/mixins/organization.py b/app/access/mixins/organization.py
index a0c23f96..a6cc1cb6 100644
--- a/app/access/mixins/organization.py
+++ b/app/access/mixins/organization.py
@@ -201,6 +201,10 @@ class OrganizationMixin:
 
             view_action = 'view'
 
+        elif self.action == 'metadata':
+
+            view_action = 'view'
+
 
 
         if view_action is None:
diff --git a/app/api/tests/abstract/test_metadata_functional.py b/app/api/tests/abstract/test_metadata_functional.py
index fbc36098..0503d7c7 100644
--- a/app/api/tests/abstract/test_metadata_functional.py
+++ b/app/api/tests/abstract/test_metadata_functional.py
@@ -615,54 +615,7 @@ class MetaDataNavigationEntriesFunctional:
             content_type='application/json'
         )
 
-        no_menu_entry_found: bool = True
-
-        for nav_menu in response.data['navigation']:
-
-            if nav_menu['name'] == self.menu_id:
-
-                for menu_entry in nav_menu['pages']:
-
-                    if menu_entry['name'] == self.menu_entry_id:
-
-                        no_menu_entry_found = False
-
-        assert no_menu_entry_found
-
-
-
-    def test_navigation_no_empty_menu_add_user(self):
-        """Test HTTP/Options Method Navigation Entry
-
-        Ensure that a user with add permission, does not
-        have any nave menu without pages
-        """
-
-        client = Client()
-        client.force_login(self.add_user)
-
-        if getattr(self, 'url_kwargs', None):
-
-            url = reverse(self.app_namespace + ':' + self.url_name + '-list', kwargs = self.url_kwargs)
-
-        else:
-
-            url = reverse(self.app_namespace + ':' + self.url_name + '-list')
-
-        response = client.options(
-            url,
-            content_type='application/json'
-        )
-
-        no_empty_menu_found: bool = True
-
-        for nav_menu in response.data['navigation']:
-
-            if len(nav_menu['pages']) == 0:
-
-                no_empty_menu_found = False
-
-        assert no_empty_menu_found
+        assert response.status_code == 403
 
 
 
@@ -689,54 +642,8 @@ class MetaDataNavigationEntriesFunctional:
             content_type='application/json'
         )
 
-        no_menu_entry_found: bool = True
 
-        for nav_menu in response.data['navigation']:
-
-            if nav_menu['name'] == self.menu_id:
-
-                for menu_entry in nav_menu['pages']:
-
-                    if menu_entry['name'] == self.menu_entry_id:
-
-                        no_menu_entry_found = False
-
-        assert no_menu_entry_found
-
-
-
-    def test_navigation_no_empty_menu_change_user(self):
-        """Test HTTP/Options Method Navigation Entry
-
-        Ensure that a user with change permission, does not
-        have any nave menu without pages
-        """
-
-        client = Client()
-        client.force_login(self.change_user)
-
-        if getattr(self, 'url_kwargs', None):
-
-            url = reverse(self.app_namespace + ':' + self.url_name + '-list', kwargs = self.url_kwargs)
-
-        else:
-
-            url = reverse(self.app_namespace + ':' + self.url_name + '-list')
-
-        response = client.options(
-            url,
-            content_type='application/json'
-        )
-
-        no_empty_menu_found: bool = True
-
-        for nav_menu in response.data['navigation']:
-
-            if len(nav_menu['pages']) == 0:
-
-                no_empty_menu_found = False
-
-        assert no_empty_menu_found
+        assert response.status_code == 403
 
 
 
@@ -763,54 +670,8 @@ class MetaDataNavigationEntriesFunctional:
             content_type='application/json'
         )
 
-        no_menu_entry_found: bool = True
 
-        for nav_menu in response.data['navigation']:
-
-            if nav_menu['name'] == self.menu_id:
-
-                for menu_entry in nav_menu['pages']:
-
-                    if menu_entry['name'] == self.menu_entry_id:
-
-                        no_menu_entry_found = False
-
-        assert no_menu_entry_found
-
-
-
-    def test_navigation_no_empty_menu_delete_user(self):
-        """Test HTTP/Options Method Navigation Entry
-
-        Ensure that a user with delete permission, does not
-        have any nave menu without pages
-        """
-
-        client = Client()
-        client.force_login(self.delete_user)
-
-        if getattr(self, 'url_kwargs', None):
-
-            url = reverse(self.app_namespace + ':' + self.url_name + '-list', kwargs = self.url_kwargs)
-
-        else:
-
-            url = reverse(self.app_namespace + ':' + self.url_name + '-list')
-
-        response = client.options(
-            url,
-            content_type='application/json'
-        )
-
-        no_empty_menu_found: bool = True
-
-        for nav_menu in response.data['navigation']:
-
-            if len(nav_menu['pages']) == 0:
-
-                no_empty_menu_found = False
-
-        assert no_empty_menu_found
+        assert response.status_code == 403
 
 
 
diff --git a/docs/projects/centurion_erp/development/api/models/access_organization_permission_checking.md b/docs/projects/centurion_erp/development/api/models/access_organization_permission_checking.md
deleted file mode 100644
index 1b916e48..00000000
--- a/docs/projects/centurion_erp/development/api/models/access_organization_permission_checking.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-title: Organization Permission Checking
-description: No Fuss Computings Centurion ERP API Documentation for Organization Permission Checking
-date: 2024-06-17
-template: project.html
-about: https://gitlab.com/nofusscomputing/infrastructure/configuration-management/centurion_erp
----
-
-::: app.access.mixin.OrganizationPermission
-    options:
-        inherited_members: true
diff --git a/docs/projects/centurion_erp/user/access/index.md b/docs/projects/centurion_erp/user/access/index.md
index 47448cd4..1a4ef85d 100644
--- a/docs/projects/centurion_erp/user/access/index.md
+++ b/docs/projects/centurion_erp/user/access/index.md
@@ -6,7 +6,7 @@ template: project.html
 about: https://gitlab.com/nofusscomputing/infrastructure/configuration-management/centurion_erp
 ---
 
-The Access module provides the multi-tenancy for this application. Tenancy is organized into organizations, which contain teams which contain users. As part of this module, application permission checking are also conducted. To view the details on how the permissions system works, please view the [application's API documentation](../../development/api/models/access_organization_permission_checking.md).
+The Access module provides the multi-tenancy for this application. Tenancy is organized into organizations, which contain teams which contain users. As part of this module, application permission checking is also conducted.
 
 
 ## Components
@@ -14,3 +14,23 @@ The Access module provides the multi-tenancy for this application. Tenancy is or
 - [Organization](./organization.md)
 
 - [Team](./team.md)
+
+
+## Permission System
+
+The permission system within Centurion ERP is custom and built upon Django's core permission types: add, change, delete and view. For a user to be granted access to perform an action, they must be assigned the permission and have that permission assigned to them as part of the organization they are performing the action in. ALL assigned permissions are limited to the organization the permission is assigned.
+
+!!! tip
+    User `A` is in organization `A` and has device view permission. User `A` can view devices in Organization `A` **ONLY**. User `A` although they have the device view permission, can **not** view devices in organization `B`. For User `A` to view devices in organization `B` they would also require the device view permission be assigned to them within organization `B`.
+
+Unlike filesystem based permssions, Centurion ERP permissions are not inclusive, they are mutually exclusive. That is:
+
+- To `add` an item you must have its corresponding `add` permission
+
+- To `change` an item you must have its corresponding `change` permission
+
+- To `delete` an item you must have its corresponding `delete` permission
+
+- To `view` an item you must have its corresponding `view` permission
+
+The exclusitvity is that each of the permissions listed above, dont include an assumed permission. For instance if you have the `add` permission for an item, you will not be able to view it. That would require the `view` permission.
diff --git a/mkdocs.yml b/mkdocs.yml
index 7a5dc91e..70dfc930 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -91,8 +91,6 @@ nav:
 
           - projects/centurion_erp/development/api/models/itam_device.md
 
-          - projects/centurion_erp/development/api/models/access_organization_permission_checking.md
-
           - projects/centurion_erp/development/api/models/ticket.md
 
           - projects/centurion_erp/development/api/models/tenancy_object.md