vigiboard / vigiboard / tests / functional / test_userutils.py @ c1ce3d6a
History | View | Annotate | Download (2.93 KB)
1 |
# -*- coding: utf-8 -*-
|
---|---|
2 |
# vim:set expandtab tabstop=4 shiftwidth=4:
|
3 |
"""
|
4 |
Test de la classe User Utils
|
5 |
"""
|
6 |
import tg |
7 |
import transaction |
8 |
from nose.tools import assert_true |
9 |
|
10 |
from vigiboard.model import DBSession, Group, Permission, User |
11 |
from vigiboard.tests import TestController |
12 |
|
13 |
class TestUserUtils(TestController): |
14 |
"""Test retrieval of groups of hosts/services."""
|
15 |
|
16 |
def setUp(self): |
17 |
TestController.setUp(self)
|
18 |
|
19 |
# On commence par peupler la base.
|
20 |
# Les groupes.
|
21 |
self.hosteditors = Group(name=u'hosteditors', parent=None) |
22 |
DBSession.add(self.hosteditors)
|
23 |
DBSession.flush() |
24 |
|
25 |
self.hostmanagers = Group(name=u'hostmanagers', parent=self.hosteditors) |
26 |
DBSession.add(self.hostmanagers)
|
27 |
DBSession.flush() |
28 |
|
29 |
# L'attribution des permissions.
|
30 |
manage_perm = Permission.by_permission_name(u'manage')
|
31 |
edit_perm = Permission.by_permission_name(u'edit')
|
32 |
|
33 |
manage_perm.groups.append(self.hostmanagers)
|
34 |
edit_perm.groups.append(self.hosteditors)
|
35 |
DBSession.flush() |
36 |
transaction.commit() |
37 |
|
38 |
|
39 |
def tearDown(self): |
40 |
# This operation is only necessary for DBMS which are
|
41 |
# really strict about table locks, such as PostgreSQL.
|
42 |
# For our tests, we use an (in-memory) SQLite database,
|
43 |
# so we're unaffected. This is done only for completeness.
|
44 |
DBSession.delete(self.hostmanagers)
|
45 |
DBSession.flush() |
46 |
transaction.commit() |
47 |
|
48 |
DBSession.delete(self.hosteditors)
|
49 |
DBSession.flush() |
50 |
transaction.commit() |
51 |
TestController.tearDown(self)
|
52 |
|
53 |
|
54 |
def test_groups_inheritance(self): |
55 |
"""
|
56 |
S'assure que les groupes sont correctement hérités.
|
57 |
"""
|
58 |
|
59 |
# On obtient les variables de session comme si on était loggué
|
60 |
# en tant que manager.
|
61 |
environ = {'REMOTE_USER': 'manager'} |
62 |
response = self.app.get('/', extra_environ=environ) |
63 |
|
64 |
# On récupère la liste des groups auxquels l'utilisateur appartient.
|
65 |
username = response.request.environ \ |
66 |
['repoze.who.identity'] \
|
67 |
['repoze.who.userid']
|
68 |
grp = User.by_user_name(username).groups |
69 |
|
70 |
# On vérifie que la liste est correcte : le manager doit avoir accès
|
71 |
# aux groupes 'hostmanagers' & 'hosteditors' (dont il hérite).
|
72 |
assert_true( u'hostmanagers' in grp and u'hosteditors' in grp , |
73 |
msg = "il est dans %s" % grp)
|
74 |
|
75 |
# On recommence avec l'utilisateur editor.
|
76 |
environ = {'REMOTE_USER': 'editor'} |
77 |
response = self.app.get('/', extra_environ=environ) |
78 |
|
79 |
username = response.request.environ \ |
80 |
['repoze.who.identity'] \
|
81 |
['repoze.who.userid']
|
82 |
grp = User.by_user_name(username).groups |
83 |
|
84 |
# L'utilisateur editor ne doit avoir accès qu'au groupe 'hosteditors'.
|
85 |
assert_true( not(u'hostmanagers' in grp) and u'hosteditors' in grp, |
86 |
msg = "il est dans %s" % grp)
|
87 |
|