nofusscomputing/centurion_erp
1
0
Fork 0
Code Issues Wiki Activity

test(api): Inventory upload permission checks

Browse Source 
!24 #55
This commit is contained in:
Jon Lockwood
2024-06-11 22:19:06 +09:30
parent 505f4cfdd9
commit 65c6065ba1
2 changed files with 209 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

280
app/api/tests/inventory/test_api_inventory.py
View File

@ -1,151 +1,251 @@
from django.shortcuts import reverse
from django.test import TestCase, Client
import pytest
import unittest
from django.contrib.auth.models import User
from django.contrib.contenttypes.models import ContentType
from django.shortcuts import reverse
from django.test import TestCase, Client
from unittest.mock import patch
@pytest.mark.skip(reason="to be written")
def test_api_inventory_device_added():
""" Device is created """
pass
from access.models import Organization, Team, TeamUsers, Permission
from api.views.mixin import OrganizationPermissionAPI
from itam.models.device import Device
from settings.models.user_settings import UserSettings
@pytest.mark.skip(reason="to be written")
def test_api_inventory_operating_system_added():
""" Operating System is created """
pass
class InventoryAPI(TestCase):
model = Device
model_name = 'device'
app_label = 'itam'
inventory = {
"details": {
"name": "device_name",
"serial_number": "a serial number",
"uuid": "string"
},
"os": {
"name": "os_name",
"version_major": "12",
"version": "12.1"
},
"software": [
{
"name": "software_name",
"category": "category_name",
"version": "1.2.3"
}
]
}
@pytest.mark.skip(reason="to be written")
def test_api_inventory_operating_system_version_added():
""" Operating System version is created """
pass
@classmethod
def setUpTestData(self):
"""Setup Test
1. Create an organization for user and item
. create an organization that is different to item
2. Create a device
3. create teams with each permission: view, add, change, delete
4. create a user per team
"""
organization = Organization.objects.create(name='test_org')
self.organization = organization
add_permissions = Permission.objects.get(
codename = 'add_' + self.model_name,
content_type = ContentType.objects.get(
app_label = self.app_label,
model = self.model_name,
)
)
add_team = Team.objects.create(
team_name = 'add_team',
organization = organization,
)
add_team.permissions.set([add_permissions])
self.add_user = User.objects.create_user(username="test_user_add", password="password")
add_user_settings = UserSettings.objects.get(user=self.add_user)
add_user_settings.default_organization = organization
add_user_settings.save()
@pytest.mark.skip(reason="to be written")
def test_api_inventory_device_has_operating_system_added():
""" Operating System version linked to device """
pass
@patch.object(OrganizationPermissionAPI, 'permission_check')
def test_inventory_function_called_permission_check(self, permission_check):
""" Inventory Upload checks permissions
Function 'permission_check' is the function that checks permissions
As the non-established way of authentication an API permission is being done
confimation that the permissions are still checked is required.
"""
client = Client()
url = reverse('API:_api_device_inventory')
client.force_login(self.add_user)
response = client.post(url, data=self.inventory, content_type='application/json')
assert permission_check.called
@pytest.mark.skip(reason="to be written")
def test_api_inventory_device_added(self):
""" Device is created """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_device_operating_system_version_is_semver():
""" Operating System version is full semver
Operating system versions name is the major version number of semver.
The device version is to be full semver
"""
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_operating_system_added(self):
""" Operating System is created """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_software_no_version_cleaned():
""" Check softare cleaned up
As part of the inventory upload the software versions of software found on the device is set to null
and before the processing is completed, the version=null software is supposed to be cleaned up.
"""
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_operating_system_version_added(self):
""" Operating System version is created """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_software_category_added():
""" Software category exists """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_device_has_operating_system_added(self):
""" Operating System version linked to device """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_software_added():
""" Test software exists """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_device_operating_system_version_is_semver(self):
""" Operating System version is full semver
Operating system versions name is the major version number of semver.
The device version is to be full semver
"""
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_software_category_linked_to_software():
""" Software category linked to software """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_software_no_version_cleaned(self):
""" Check softare cleaned up
As part of the inventory upload the software versions of software found on the device is set to null
and before the processing is completed, the version=null software is supposed to be cleaned up.
"""
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_software_version_added():
""" Test software version exists """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_software_category_added(self):
""" Software category exists """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_software_version_returns_semver():
""" Software Version from inventory returns semver if within version string """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_software_added(self):
""" Test software exists """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_software_version_returns_original_version():
""" Software Version from inventory returns inventoried version if no semver found """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_software_category_linked_to_software(self):
""" Software category linked to software """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_software_version_linked_to_software():
""" Test software version linked to software it belongs too """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_software_version_added(self):
""" Test software version exists """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_device_has_software_version():
""" Inventoried software is linked to device and it's the corret one"""
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_software_version_returns_semver(self):
""" Software Version from inventory returns semver if within version string """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_device_software_has_installed_date():
""" Inventoried software version has install date """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_software_version_returns_original_version(self):
""" Software Version from inventory returns inventoried version if no semver found """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_device_software_blank_installed_date_is_updated():
""" A blank installed date of software is updated if the software was already attached to the device """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_software_version_linked_to_software(self):
""" Test software version linked to software it belongs too """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_valid_status_created():
""" Successful inventory upload returns 201 """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_device_has_software_version(self):
""" Inventoried software is linked to device and it's the corret one"""
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_invalid_status_bad_request():
""" Incorrectly formated inventory upload returns 400 """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_device_software_has_installed_date(self):
""" Inventoried software version has install date """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_exeception_status_sever_error():
""" if the method throws an exception 500 must be returned.
@pytest.mark.skip(reason="to be written")
def test_api_inventory_device_software_blank_installed_date_is_updated(self):
""" A blank installed date of software is updated if the software was already attached to the device """
pass
idea to test: add a random key to the report that is not documented
and perform some action against it that will cause a python exception.
"""
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_valid_status_created(self):
""" Successful inventory upload returns 201 """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_invalid_status_bad_request(self):
""" Incorrectly formated inventory upload returns 400 """
pass
@pytest.mark.skip(reason="to be written")
def test_api_inventory_exeception_status_sever_error(self):
""" if the method throws an exception 500 must be returned.
idea to test: add a random key to the report that is not documented
and perform some action against it that will cause a python exception.
"""
pass

33
app/api/tests/inventory/test_inventory_permission_api.py
View File

@ -1,17 +1,18 @@
# from django.conf import settings
import pytest
import unittest
import requests
from django.contrib.auth import get_user_model
from django.contrib.auth.models import AnonymousUser, User
from django.contrib.contenttypes.models import ContentType
from django.shortcuts import reverse
from django.test import TestCase, Client
import pytest
import unittest
import requests
from access.models import Organization, Team, TeamUsers, Permission
from itam.models.device import Device
from settings.models.user_settings import UserSettings
class InventoryPermissionsAPI(TestCase):
@ -140,6 +141,13 @@ class InventoryPermissionsAPI(TestCase):
)
self.add_user = User.objects.create_user(username="test_user_add", password="password")
add_user_settings = UserSettings.objects.get(user=self.add_user)
add_user_settings.default_organization = organization
add_user_settings.save()
teamuser = TeamUsers.objects.create(
team = add_team,
user = self.add_user
@ -180,7 +188,6 @@ class InventoryPermissionsAPI(TestCase):
@pytest.mark.skip(reason="test to be written")
def test_device_auth_add_user_anon_denied(self):
""" Check correct permission for add
@ -191,12 +198,11 @@ class InventoryPermissionsAPI(TestCase):
url = reverse('API:_api_device_inventory')
response = client.put(url, data=self.inventory)
response = client.put(url, data=self.inventory, content_type='application/json')
assert response.status_code == 401
@pytest.mark.skip(reason="test to be written")
def test_device_auth_add_no_permission_denied(self):
""" Check correct permission for add
@ -208,12 +214,11 @@ class InventoryPermissionsAPI(TestCase):
client.force_login(self.no_permissions_user)
response = client.post(url, data=self.inventory)
response = client.post(url, data=self.inventory, content_type='application/json')
assert response.status_code == 403
@pytest.mark.skip(reason="test to be written")
def test_device_auth_add_different_organization_denied(self):
""" Check correct permission for add
@ -225,12 +230,11 @@ class InventoryPermissionsAPI(TestCase):
client.force_login(self.different_organization_user)
response = client.post(url, data=self.inventory)
response = client.post(url, data=self.inventory, content_type='application/json')
assert response.status_code == 403
@pytest.mark.skip(reason="test to be written")
def test_device_auth_add_permission_view_denied(self):
""" Check correct permission for add
@ -242,12 +246,11 @@ class InventoryPermissionsAPI(TestCase):
client.force_login(self.view_user)
response = client.post(url, data=self.inventory)
response = client.post(url, data=self.inventory, content_type='application/json')
assert response.status_code == 403
@pytest.mark.skip(reason="test to be written")
def test_device_auth_add_has_permission(self):
""" Check correct permission for add
@ -259,7 +262,7 @@ class InventoryPermissionsAPI(TestCase):
client.force_login(self.add_user)
response = client.post(url, data=self.inventory)
response = client.post(url, data=self.inventory, content_type='application/json')
assert response.status_code == 201