nofusscomputing/centurion_erp
1
0
Fork 0
Code Issues Wiki Activity

test(api): Adjust test case for metadata visibility

Browse Source 
view user only

ref: #442 #456
This commit is contained in:
Jon Lockwood
2024-12-27 22:28:12 +09:30
parent 1c87eeb188
commit 62fcb5aa01
5 changed files with 28 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/access/mixins/organization.py
View File

@ -201,6 +201,10 @@ class OrganizationMixin:
view_action = 'view'
elif self.action == 'metadata':
view_action = 'view'
if view_action is None:

145
app/api/tests/abstract/test_metadata_functional.py
View File

@ -615,54 +615,7 @@ class MetaDataNavigationEntriesFunctional:
content_type='application/json'
)
no_menu_entry_found: bool = True
for nav_menu in response.data['navigation']:
if nav_menu['name'] == self.menu_id:
for menu_entry in nav_menu['pages']:
if menu_entry['name'] == self.menu_entry_id:
no_menu_entry_found = False
assert no_menu_entry_found
def test_navigation_no_empty_menu_add_user(self):
"""Test HTTP/Options Method Navigation Entry
Ensure that a user with add permission, does not
have any nave menu without pages
"""
client = Client()
client.force_login(self.add_user)
if getattr(self, 'url_kwargs', None):
url = reverse(self.app_namespace + ':' + self.url_name + '-list', kwargs = self.url_kwargs)
else:
url = reverse(self.app_namespace + ':' + self.url_name + '-list')
response = client.options(
url,
content_type='application/json'
)
no_empty_menu_found: bool = True
for nav_menu in response.data['navigation']:
if len(nav_menu['pages']) == 0:
no_empty_menu_found = False
assert no_empty_menu_found
assert response.status_code == 403
@ -689,54 +642,8 @@ class MetaDataNavigationEntriesFunctional:
content_type='application/json'
)
no_menu_entry_found: bool = True
for nav_menu in response.data['navigation']:
if nav_menu['name'] == self.menu_id:
for menu_entry in nav_menu['pages']:
if menu_entry['name'] == self.menu_entry_id:
no_menu_entry_found = False
assert no_menu_entry_found
def test_navigation_no_empty_menu_change_user(self):
"""Test HTTP/Options Method Navigation Entry
Ensure that a user with change permission, does not
have any nave menu without pages
"""
client = Client()
client.force_login(self.change_user)
if getattr(self, 'url_kwargs', None):
url = reverse(self.app_namespace + ':' + self.url_name + '-list', kwargs = self.url_kwargs)
else:
url = reverse(self.app_namespace + ':' + self.url_name + '-list')
response = client.options(
url,
content_type='application/json'
)
no_empty_menu_found: bool = True
for nav_menu in response.data['navigation']:
if len(nav_menu['pages']) == 0:
no_empty_menu_found = False
assert no_empty_menu_found
assert response.status_code == 403
@ -763,54 +670,8 @@ class MetaDataNavigationEntriesFunctional:
content_type='application/json'
)
no_menu_entry_found: bool = True
for nav_menu in response.data['navigation']:
if nav_menu['name'] == self.menu_id:
for menu_entry in nav_menu['pages']:
if menu_entry['name'] == self.menu_entry_id:
no_menu_entry_found = False
assert no_menu_entry_found
def test_navigation_no_empty_menu_delete_user(self):
"""Test HTTP/Options Method Navigation Entry
Ensure that a user with delete permission, does not
have any nave menu without pages
"""
client = Client()
client.force_login(self.delete_user)
if getattr(self, 'url_kwargs', None):
url = reverse(self.app_namespace + ':' + self.url_name + '-list', kwargs = self.url_kwargs)
else:
url = reverse(self.app_namespace + ':' + self.url_name + '-list')
response = client.options(
url,
content_type='application/json'
)
no_empty_menu_found: bool = True
for nav_menu in response.data['navigation']:
if len(nav_menu['pages']) == 0:
no_empty_menu_found = False
assert no_empty_menu_found
assert response.status_code == 403

11
docs/projects/centurion_erp/development/api/models/access_organization_permission_checking.md
View File

@ -1,11 +0,0 @@
---
title: Organization Permission Checking
description: No Fuss Computings Centurion ERP API Documentation for Organization Permission Checking
date: 2024-06-17
template: project.html
about: https://gitlab.com/nofusscomputing/infrastructure/configuration-management/centurion_erp
---
::: app.access.mixin.OrganizationPermission
options:
inherited_members: true

22
docs/projects/centurion_erp/user/access/index.md
View File

@ -6,7 +6,7 @@ template: project.html
about: https://gitlab.com/nofusscomputing/infrastructure/configuration-management/centurion_erp
---
The Access module provides the multi-tenancy for this application. Tenancy is organized into organizations, which contain teams which contain users. As part of this module, application permission checking are also conducted. To view the details on how the permissions system works, please view the [application's API documentation](../../development/api/models/access_organization_permission_checking.md).
The Access module provides the multi-tenancy for this application. Tenancy is organized into organizations, which contain teams which contain users. As part of this module, application permission checking is also conducted.
## Components
@ -14,3 +14,23 @@ The Access module provides the multi-tenancy for this application. Tenancy is or
- [Organization](./organization.md)
- [Team](./team.md)
## Permission System
The permission system within Centurion ERP is custom and built upon Django's core permission types: add, change, delete and view. For a user to be granted access to perform an action, they must be assigned the permission and have that permission assigned to them as part of the organization they are performing the action in. ALL assigned permissions are limited to the organization the permission is assigned.
!!! tip
User `A` is in organization `A` and has device view permission. User `A` can view devices in Organization `A` **ONLY**. User `A` although they have the device view permission, can **not** view devices in organization `B`. For User `A` to view devices in organization `B` they would also require the device view permission be assigned to them within organization `B`.
Unlike filesystem based permssions, Centurion ERP permissions are not inclusive, they are mutually exclusive. That is:
- To `add` an item you must have its corresponding `add` permission
- To `change` an item you must have its corresponding `change` permission
- To `delete` an item you must have its corresponding `delete` permission
- To `view` an item you must have its corresponding `view` permission
The exclusitvity is that each of the permissions listed above, dont include an assumed permission. For instance if you have the `add` permission for an item, you will not be able to view it. That would require the `view` permission.

2
mkdocs.yml
View File

@ -91,8 +91,6 @@ nav:
- projects/centurion_erp/development/api/models/itam_device.md
- projects/centurion_erp/development/api/models/access_organization_permission_checking.md
- projects/centurion_erp/development/api/models/ticket.md
- projects/centurion_erp/development/api/models/tenancy_object.md