Merge branch '2024-06-05' into 'development'

feat: 2024 06 05 Closes #16, #48, and #47 See merge request nofusscomputing/projects/django_template!18
nofusscomputing · Jun 5, 2024 · 4ee6347 · 4ee6347
2 parents 23a06be + adeffff
commit 4ee6347
Show file tree

Hide file tree

Showing 41 changed files with 3,407 additions and 80 deletions.
diff --git a/.gitignore b/.gitignore
@@ -5,3 +5,4 @@ __pycache__
 **.coverage
 artifacts/
 **.tmp.*
+volumes/
diff --git a/app/access/migrations/0003_alter_team_organization.py b/app/access/migrations/0003_alter_team_organization.py
@@ -0,0 +1,20 @@
+# Generated by Django 5.0.6 on 2024-06-05 09:16
+
+import access.models
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('access', '0002_alter_team_organization'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='team',
+            name='organization',
+            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.CASCADE, to='access.organization', validators=[access.models.TenancyObject.validatate_organization_exists]),
+        ),
+    ]
diff --git a/app/access/mixin.py b/app/access/mixin.py
@@ -27,11 +27,12 @@ def object_organization(self) -> int:
 
 
             if hasattr(self, 'get_object'):
-                self.get_object()
 
-                id = self.get_object().get_organization().id
+                obj = self.get_object()
 
-                if self.get_object().is_global:
+                id = obj.get_organization().id
+
+                if obj.is_global:
 
                     id = 0
 

diff --git a/app/access/tests/organization/test_organization_history_permission.py b/app/access/tests/organization/test_organization_history_permission.py
@@ -0,0 +1,165 @@
+# from django.conf import settings
+from django.contrib.auth import get_user_model
+from django.contrib.auth.models import AnonymousUser, User
+from django.contrib.contenttypes.models import ContentType
+from django.shortcuts import reverse
+from django.test import TestCase, Client
+
+import pytest
+import unittest
+import requests
+
+from access.models import Organization, Team, TeamUsers, Permission
+
+from core.models.history import History
+
+
+class DeviceHistoryPermissions(TestCase):
+
+
+    item_model = Organization
+
+
+    model = History
+
+    model_name = 'history'
+
+    app_label = 'core'
+
+    namespace = ''
+
+    name_view = '_history'
+
+
+    @classmethod
+    def setUpTestData(self):
+        """Setup Test
+
+        1. Create an organization for user and item
+        2. create an organization that is different to item
+        3. Create a device
+        4. Add history device history entry as item
+        5. create a user
+        6. create user in different organization (with the required permission)
+        """
+
+        organization = Organization.objects.create(name='test_org')
+
+        self.organization = organization
+
+        different_organization = Organization.objects.create(name='test_different_organization')
+
+        self.item = self.organization
+
+        self.history_model_name = self.item._meta.model_name
+
+        self.history = self.model.objects.get(
+            item_pk = self.item.id,
+            item_class = self.item._meta.model_name,
+            action = self.model.Actions.ADD,
+        )
+
+        view_permissions = Permission.objects.get(
+                codename = 'view_' + self.model_name,
+                content_type = ContentType.objects.get(
+                    app_label = self.app_label,
+                    model = self.model_name,
+                )
+            )
+
+        view_team = Team.objects.create(
+            team_name = 'view_team',
+            organization = organization,
+        )
+
+        view_team.permissions.set([view_permissions])
+
+
+        self.no_permissions_user = User.objects.create_user(username="test_no_permissions", password="password")
+
+
+        self.view_user = User.objects.create_user(username="test_user_view", password="password")
+        teamuser = TeamUsers.objects.create(
+            team = view_team,
+            user = self.view_user
+        )
+
+        self.different_organization_user = User.objects.create_user(username="test_different_organization_user", password="password")
+
+
+        different_organization_team = Team.objects.create(
+            team_name = 'different_organization_team',
+            organization = different_organization,
+        )
+
+        different_organization_team.permissions.set([
+            view_permissions,
+        ])
+
+        TeamUsers.objects.create(
+            team = different_organization_team,
+            user = self.different_organization_user
+        )
+
+
+
+    def test_auth_view_history_user_anon_denied(self):
+        """ Check correct permission for view
+
+        Attempt to view as anon user
+        """
+
+        client = Client()
+        url = reverse(self.namespace + self.name_view, kwargs={'model_name': self.history_model_name, 'model_pk': self.item.id})
+
+        response = client.get(url)
+
+        assert response.status_code == 302 and response.url.startswith('/account/login')
+
+
+    def test_auth_view_history_no_permission_denied(self):
+        """ Check correct permission for view
+
+        Attempt to view with user missing permission
+        """
+
+        client = Client()
+        url = reverse(self.namespace +  self.name_view, kwargs={'model_name': self.history_model_name, 'model_pk': self.item.id})
+
+
+        client.force_login(self.no_permissions_user)
+        response = client.get(url)
+
+        assert response.status_code == 403
+
+
+    def test_auth_view_history_different_organizaiton_denied(self):
+        """ Check correct permission for view
+
+        Attempt to view with user from different organization
+        """
+
+        client = Client()
+        url = reverse(self.namespace +  self.name_view, kwargs={'model_name': self.history_model_name, 'model_pk': self.item.id})
+
+
+        client.force_login(self.different_organization_user)
+        response = client.get(url)
+
+        assert response.status_code == 403
+
+
+    def test_auth_view_history_has_permission(self):
+        """ Check correct permission for view
+
+        Attempt to view as user with view permission
+        """
+
+        client = Client()
+        url = reverse(self.namespace +  self.name_view, kwargs={'model_name': self.history_model_name, 'model_pk': self.item.id})
+
+
+        client.force_login(self.view_user)
+        response = client.get(url)
+
+        assert response.status_code == 200
diff --git a/app/access/tests/team/test_team_history_permission.py b/app/access/tests/team/test_team_history_permission.py
@@ -0,0 +1,168 @@
+# from django.conf import settings
+from django.contrib.auth import get_user_model
+from django.contrib.auth.models import AnonymousUser, User
+from django.contrib.contenttypes.models import ContentType
+from django.shortcuts import reverse
+from django.test import TestCase, Client
+
+import pytest
+import unittest
+import requests
+
+from access.models import Organization, Team, TeamUsers, Permission
+
+from core.models.history import History
+
+
+class TeamHistoryPermissions(TestCase):
+
+
+    item_model = Team
+
+
+    model = History
+
+    model_name = 'history'
+
+    app_label = 'core'
+
+    namespace = ''
+
+    name_view = '_history'
+
+
+    @classmethod
+    def setUpTestData(self):
+        """Setup Test
+
+        1. Create an organization for user and item
+        2. create an organization that is different to item
+        3. Create a device
+        4. Add history device history entry as item
+        5. create a user
+        6. create user in different organization (with the required permission)
+        """
+
+        organization = Organization.objects.create(name='test_org')
+
+        self.organization = organization
+
+        different_organization = Organization.objects.create(name='test_different_organization')
+
+        self.item = self.item_model.objects.create(
+            organization=organization,
+            name = 'deviceone'
+        )
+
+        self.history_model_name = self.item._meta.model_name
+
+        self.history = self.model.objects.get(
+            item_pk = self.item.id,
+            item_class = self.item._meta.model_name,
+            action = self.model.Actions.ADD,
+        )
+
+        view_permissions = Permission.objects.get(
+                codename = 'view_' + self.model_name,
+                content_type = ContentType.objects.get(
+                    app_label = self.app_label,
+                    model = self.model_name,
+                )
+            )
+
+        view_team = Team.objects.create(
+            team_name = 'view_team',
+            organization = organization,
+        )
+
+        view_team.permissions.set([view_permissions])
+
+
+        self.no_permissions_user = User.objects.create_user(username="test_no_permissions", password="password")
+
+
+        self.view_user = User.objects.create_user(username="test_user_view", password="password")
+        teamuser = TeamUsers.objects.create(
+            team = view_team,
+            user = self.view_user
+        )
+
+        self.different_organization_user = User.objects.create_user(username="test_different_organization_user", password="password")
+
+
+        different_organization_team = Team.objects.create(
+            team_name = 'different_organization_team',
+            organization = different_organization,
+        )
+
+        different_organization_team.permissions.set([
+            view_permissions,
+        ])
+
+        TeamUsers.objects.create(
+            team = different_organization_team,
+            user = self.different_organization_user
+        )
+
+
+
+    def test_auth_view_history_user_anon_denied(self):
+        """ Check correct permission for view
+
+        Attempt to view as anon user
+        """
+
+        client = Client()
+        url = reverse(self.namespace + self.name_view, kwargs={'model_name': self.history_model_name, 'model_pk': self.item.id})
+
+        response = client.get(url)
+
+        assert response.status_code == 302 and response.url.startswith('/account/login')
+
+
+    def test_auth_view_history_no_permission_denied(self):
+        """ Check correct permission for view
+
+        Attempt to view with user missing permission
+        """
+
+        client = Client()
+        url = reverse(self.namespace +  self.name_view, kwargs={'model_name': self.history_model_name, 'model_pk': self.item.id})
+
+
+        client.force_login(self.no_permissions_user)
+        response = client.get(url)
+
+        assert response.status_code == 403
+
+
+    def test_auth_view_history_different_organizaiton_denied(self):
+        """ Check correct permission for view
+
+        Attempt to view with user from different organization
+        """
+
+        client = Client()
+        url = reverse(self.namespace +  self.name_view, kwargs={'model_name': self.history_model_name, 'model_pk': self.item.id})
+
+
+        client.force_login(self.different_organization_user)
+        response = client.get(url)
+
+        assert response.status_code == 403
+
+
+    def test_auth_view_history_has_permission(self):
+        """ Check correct permission for view
+
+        Attempt to view as user with view permission
+        """
+
+        client = Client()
+        url = reverse(self.namespace +  self.name_view, kwargs={'model_name': self.history_model_name, 'model_pk': self.item.id})
+
+
+        client.force_login(self.view_user)
+        response = client.get(url)
+
+        assert response.status_code == 200
diff --git a/app/api/tests/test_api_inventory.py → ...api/tests/inventory/test_api_inventory.py b/app/api/tests/test_api_inventory.py → ...api/tests/inventory/test_api_inventory.py