nofusscomputing/centurion_erp
1
0
Fork 0
Code Issues Wiki Activity

test(api): Inventory upload permission checks

Browse Source 
!24 #55
This commit is contained in:
Jon Lockwood
2024-06-11 22:19:06 +09:30
parent 505f4cfdd9
commit 65c6065ba1
2 changed files with 209 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

280
app/api/tests/inventory/test_api_inventory.py
View File

@ -1,151 +1,251 @@
from django.shortcuts import reverse
from django.test import TestCase, Client
import pytest import pytest
import unittest import unittest
from django.contrib.auth.models import User
from django.contrib.contenttypes.models import ContentType
from django.shortcuts import reverse
from django.test import TestCase, Client
from unittest.mock import patch
@pytest.mark.skip(reason="to be written") from access.models import Organization, Team, TeamUsers, Permission
def test_api_inventory_device_added():
""" Device is created """ from api.views.mixin import OrganizationPermissionAPI
pass
from itam.models.device import Device
from settings.models.user_settings import UserSettings
@pytest.mark.skip(reason="to be written") class InventoryAPI(TestCase):
def test_api_inventory_operating_system_added():
""" Operating System is created """ model = Device
pass
model_name = 'device'
app_label = 'itam'
inventory = {
"details": {
"name": "device_name",
"serial_number": "a serial number",
"uuid": "string"
},
"os": {
"name": "os_name",
"version_major": "12",
"version": "12.1"
},
"software": [
{
"name": "software_name",
"category": "category_name",
"version": "1.2.3"
}
]
}
@pytest.mark.skip(reason="to be written") @classmethod
def test_api_inventory_operating_system_version_added(): def setUpTestData(self):
""" Operating System version is created """ """Setup Test
pass
1. Create an organization for user and item
. create an organization that is different to item
2. Create a device
3. create teams with each permission: view, add, change, delete
4. create a user per team
"""
organization = Organization.objects.create(name='test_org')
self.organization = organization
add_permissions = Permission.objects.get(
codename = 'add_' + self.model_name,
content_type = ContentType.objects.get(
app_label = self.app_label,
model = self.model_name,
)
)
add_team = Team.objects.create(
team_name = 'add_team',
organization = organization,
)
add_team.permissions.set([add_permissions])
self.add_user = User.objects.create_user(username="test_user_add", password="password")
add_user_settings = UserSettings.objects.get(user=self.add_user)
add_user_settings.default_organization = organization
add_user_settings.save()
@pytest.mark.skip(reason="to be written") @patch.object(OrganizationPermissionAPI, 'permission_check')
def test_api_inventory_device_has_operating_system_added(): def test_inventory_function_called_permission_check(self, permission_check):
""" Operating System version linked to device """ """ Inventory Upload checks permissions
pass
Function 'permission_check' is the function that checks permissions
As the non-established way of authentication an API permission is being done
confimation that the permissions are still checked is required.
"""
client = Client()
url = reverse('API:_api_device_inventory')
client.force_login(self.add_user)
response = client.post(url, data=self.inventory, content_type='application/json')
assert permission_check.called
@pytest.mark.skip(reason="to be written")
def test_api_inventory_device_added(self):
""" Device is created """
pass
@pytest.mark.skip(reason="to be written") @pytest.mark.skip(reason="to be written")
def test_api_inventory_device_operating_system_version_is_semver(): def test_api_inventory_operating_system_added(self):
""" Operating System version is full semver """ Operating System is created """
pass
Operating system versions name is the major version number of semver.
The device version is to be full semver
"""
pass
@pytest.mark.skip(reason="to be written") @pytest.mark.skip(reason="to be written")
def test_api_inventory_software_no_version_cleaned(): def test_api_inventory_operating_system_version_added(self):
""" Check softare cleaned up """ Operating System version is created """
pass
As part of the inventory upload the software versions of software found on the device is set to null
and before the processing is completed, the version=null software is supposed to be cleaned up.
"""
pass
@pytest.mark.skip(reason="to be written") @pytest.mark.skip(reason="to be written")
def test_api_inventory_software_category_added(): def test_api_inventory_device_has_operating_system_added(self):
""" Software category exists """ """ Operating System version linked to device """
pass pass
@pytest.mark.skip(reason="to be written") @pytest.mark.skip(reason="to be written")
def test_api_inventory_software_added(): def test_api_inventory_device_operating_system_version_is_semver(self):
""" Test software exists """ """ Operating System version is full semver
pass
Operating system versions name is the major version number of semver.
The device version is to be full semver
"""
pass
@pytest.mark.skip(reason="to be written") @pytest.mark.skip(reason="to be written")
def test_api_inventory_software_category_linked_to_software(): def test_api_inventory_software_no_version_cleaned(self):
""" Software category linked to software """ """ Check softare cleaned up
pass
As part of the inventory upload the software versions of software found on the device is set to null
and before the processing is completed, the version=null software is supposed to be cleaned up.
"""
pass
@pytest.mark.skip(reason="to be written") @pytest.mark.skip(reason="to be written")
def test_api_inventory_software_version_added(): def test_api_inventory_software_category_added(self):
""" Test software version exists """ """ Software category exists """
pass pass
@pytest.mark.skip(reason="to be written") @pytest.mark.skip(reason="to be written")
def test_api_inventory_software_version_returns_semver(): def test_api_inventory_software_added(self):
""" Software Version from inventory returns semver if within version string """ """ Test software exists """
pass pass
@pytest.mark.skip(reason="to be written") @pytest.mark.skip(reason="to be written")
def test_api_inventory_software_version_returns_original_version(): def test_api_inventory_software_category_linked_to_software(self):
""" Software Version from inventory returns inventoried version if no semver found """ """ Software category linked to software """
pass pass
@pytest.mark.skip(reason="to be written") @pytest.mark.skip(reason="to be written")
def test_api_inventory_software_version_linked_to_software(): def test_api_inventory_software_version_added(self):
""" Test software version linked to software it belongs too """ """ Test software version exists """
pass pass
@pytest.mark.skip(reason="to be written") @pytest.mark.skip(reason="to be written")
def test_api_inventory_device_has_software_version(): def test_api_inventory_software_version_returns_semver(self):
""" Inventoried software is linked to device and it's the corret one""" """ Software Version from inventory returns semver if within version string """
pass pass
@pytest.mark.skip(reason="to be written") @pytest.mark.skip(reason="to be written")
def test_api_inventory_device_software_has_installed_date(): def test_api_inventory_software_version_returns_original_version(self):
""" Inventoried software version has install date """ """ Software Version from inventory returns inventoried version if no semver found """
pass pass
@pytest.mark.skip(reason="to be written") @pytest.mark.skip(reason="to be written")
def test_api_inventory_device_software_blank_installed_date_is_updated(): def test_api_inventory_software_version_linked_to_software(self):
""" A blank installed date of software is updated if the software was already attached to the device """ """ Test software version linked to software it belongs too """
pass pass
@pytest.mark.skip(reason="to be written") @pytest.mark.skip(reason="to be written")
def test_api_inventory_valid_status_created(): def test_api_inventory_device_has_software_version(self):
""" Successful inventory upload returns 201 """ """ Inventoried software is linked to device and it's the corret one"""
pass pass
@pytest.mark.skip(reason="to be written") @pytest.mark.skip(reason="to be written")
def test_api_inventory_invalid_status_bad_request(): def test_api_inventory_device_software_has_installed_date(self):
""" Incorrectly formated inventory upload returns 400 """ """ Inventoried software version has install date """
pass pass
@pytest.mark.skip(reason="to be written") @pytest.mark.skip(reason="to be written")
def test_api_inventory_exeception_status_sever_error(): def test_api_inventory_device_software_blank_installed_date_is_updated(self):
""" if the method throws an exception 500 must be returned. """ A blank installed date of software is updated if the software was already attached to the device """
pass
idea to test: add a random key to the report that is not documented
and perform some action against it that will cause a python exception.
""" @pytest.mark.skip(reason="to be written")
pass def test_api_inventory_valid_status_created(self):
""" Successful inventory upload returns 201 """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_invalid_status_bad_request(self):
""" Incorrectly formated inventory upload returns 400 """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_exeception_status_sever_error(self):
""" if the method throws an exception 500 must be returned.
idea to test: add a random key to the report that is not documented
and perform some action against it that will cause a python exception.
"""
pass

33
app/api/tests/inventory/test_inventory_permission_api.py
View File

@ -1,17 +1,18 @@
# from django.conf import settings import pytest
import unittest
import requests
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
from django.contrib.auth.models import AnonymousUser, User from django.contrib.auth.models import AnonymousUser, User
from django.contrib.contenttypes.models import ContentType from django.contrib.contenttypes.models import ContentType
from django.shortcuts import reverse from django.shortcuts import reverse
from django.test import TestCase, Client from django.test import TestCase, Client
import pytest
import unittest
import requests
from access.models import Organization, Team, TeamUsers, Permission from access.models import Organization, Team, TeamUsers, Permission
from itam.models.device import Device from itam.models.device import Device
from settings.models.user_settings import UserSettings
class InventoryPermissionsAPI(TestCase): class InventoryPermissionsAPI(TestCase):
@ -140,6 +141,13 @@ class InventoryPermissionsAPI(TestCase):
) )
self.add_user = User.objects.create_user(username="test_user_add", password="password") self.add_user = User.objects.create_user(username="test_user_add", password="password")
add_user_settings = UserSettings.objects.get(user=self.add_user)
add_user_settings.default_organization = organization
add_user_settings.save()
teamuser = TeamUsers.objects.create( teamuser = TeamUsers.objects.create(
team = add_team, team = add_team,
user = self.add_user user = self.add_user
@ -180,7 +188,6 @@ class InventoryPermissionsAPI(TestCase):
@pytest.mark.skip(reason="test to be written")
def test_device_auth_add_user_anon_denied(self): def test_device_auth_add_user_anon_denied(self):
""" Check correct permission for add """ Check correct permission for add
@ -191,12 +198,11 @@ class InventoryPermissionsAPI(TestCase):
url = reverse('API:_api_device_inventory') url = reverse('API:_api_device_inventory')
response = client.put(url, data=self.inventory) response = client.put(url, data=self.inventory, content_type='application/json')
assert response.status_code == 401 assert response.status_code == 401
@pytest.mark.skip(reason="test to be written")
def test_device_auth_add_no_permission_denied(self): def test_device_auth_add_no_permission_denied(self):
""" Check correct permission for add """ Check correct permission for add
@ -208,12 +214,11 @@ class InventoryPermissionsAPI(TestCase):
client.force_login(self.no_permissions_user) client.force_login(self.no_permissions_user)
response = client.post(url, data=self.inventory) response = client.post(url, data=self.inventory, content_type='application/json')
assert response.status_code == 403 assert response.status_code == 403
@pytest.mark.skip(reason="test to be written")
def test_device_auth_add_different_organization_denied(self): def test_device_auth_add_different_organization_denied(self):
""" Check correct permission for add """ Check correct permission for add
@ -225,12 +230,11 @@ class InventoryPermissionsAPI(TestCase):
client.force_login(self.different_organization_user) client.force_login(self.different_organization_user)
response = client.post(url, data=self.inventory) response = client.post(url, data=self.inventory, content_type='application/json')
assert response.status_code == 403 assert response.status_code == 403
@pytest.mark.skip(reason="test to be written")
def test_device_auth_add_permission_view_denied(self): def test_device_auth_add_permission_view_denied(self):
""" Check correct permission for add """ Check correct permission for add
@ -242,12 +246,11 @@ class InventoryPermissionsAPI(TestCase):
client.force_login(self.view_user) client.force_login(self.view_user)
response = client.post(url, data=self.inventory) response = client.post(url, data=self.inventory, content_type='application/json')
assert response.status_code == 403 assert response.status_code == 403
@pytest.mark.skip(reason="test to be written")
def test_device_auth_add_has_permission(self): def test_device_auth_add_has_permission(self):
""" Check correct permission for add """ Check correct permission for add
@ -259,7 +262,7 @@ class InventoryPermissionsAPI(TestCase):
client.force_login(self.add_user) client.force_login(self.add_user)
response = client.post(url, data=self.inventory) response = client.post(url, data=self.inventory, content_type='application/json')
assert response.status_code == 201 assert response.status_code == 201