Valentin Rigal
--- a/arkindex/project/tests/test_acl_mixin.py

+ 105

− 28
+++ b/arkindex/project/tests/test_acl_mixin.py

+ 105

− 28
 @@ -2,9 +2,9 @@ from django.contrib.contenttypes.models import ContentType

 from arkindex.dataimport.models import Repository, RepositoryType
 from arkindex.documents.models import Corpus
-from arkindex.project.mixins import ACLMixin
+from arkindex.project.mixins import ACLMixin, NewCorpusACLMixin, RepositoryACLMixin
 from arkindex.project.tests import FixtureTestCase
-from arkindex.users.models import Group, Right, User
+from arkindex.users.models import Group, Right, Role, User


 class TestACLMixin(FixtureTestCase):
 @@ -15,15 +15,15 @@ class TestACLMixin(FixtureTestCase):
        Create user and groups with rights on a Corpus and a Repository
        We use a simple rights configuration for those tests

-        User1  User2      User3
-          |    |  |       /  |
-         100   10 |     80   |
-           \  /   90    |    75
-         Group1   |   Group2 |
-           / \    |    /\    |
-         100  75  |  100 50  |
-          |    \  |  /    \  |
-         Repo1  Corpus1  Corpus2
+        User1     User2     User3
+         |  |     / |       /  |
+         | 100   10 |     100  |
+        100  \  /   90    |    75
+         |  Group1  |   Group2 |
+         |   / \    |    /\    |
+         |  80  75  |  100 50  |
+         | /     \  |  /    \  |
+        Repo1    Corpus1  Corpus2
        """

        super().setUpClass()
 @@ -40,16 +40,18 @@ class TestACLMixin(FixtureTestCase):

        Right.objects.bulk_create([
            Right(user=cls.user1, content_object=cls.group1, level=100),
+            Right(user=cls.user1, content_object=cls.repo1, level=100),
            Right(user=cls.user2, content_object=cls.group1, level=10),
-            Right(user=cls.user3, content_object=cls.group2, level=80),
            Right(user=cls.user2, content_object=cls.corpus1, level=90),
+            Right(user=cls.user3, content_object=cls.group2, level=100),
            Right(user=cls.user3, content_object=cls.corpus2, level=75),
-            Right(group=cls.group1, content_object=cls.repo1, level=100),
+            Right(group=cls.group1, content_object=cls.repo1, level=80),
            Right(group=cls.group1, content_object=cls.corpus1, level=75),
            Right(group=cls.group2, content_object=cls.corpus1, level=100),
            Right(group=cls.group2, content_object=cls.corpus2, level=50),
        ])
        cls.corpus_type = ContentType.objects.get_for_model(Corpus)
+        cls.repo_type = ContentType.objects.get_for_model(Repository)
        cls.group_type = ContentType.objects.get_for_model(Group)

    def test_right_via_group_restriction(self):
 @@ -62,13 +64,10 @@ class TestACLMixin(FixtureTestCase):
            'corpus_type_id': self.corpus_type.id,
            'level': 80,
        }
-        with self.assertExactQueries('rights_filter.sql', params=params):
+        with self.assertExactQueries('corpus_rights_filter.sql', params=params):
            # List to queryset to fire the DB request
-            queryset_list = list(acl_mixin.rights_filter(Corpus, 80))
-        self.assertCountEqual(
-            queryset_list,
-            [self.corpus1]
-        )
+            corpora = list(acl_mixin.rights_filter(Corpus, 80))
+        self.assertCountEqual(corpora, [self.corpus1])

    def test_right_direct_access(self):
        # User 2 has a direct access to the above corpus with a level of 90
 @@ -81,7 +80,7 @@ class TestACLMixin(FixtureTestCase):
            'corpus_type_id': self.corpus_type.id,
            'level': 80,
        }
-        with self.assertExactQueries('right_access.sql', params=params):
+        with self.assertExactQueries('corpus_right_access.sql', params=params):
            has_access = acl_mixin.has_access(self.corpus1, 80)
        self.assertTrue(has_access)

 @@ -92,11 +91,89 @@ class TestACLMixin(FixtureTestCase):
            acl_mixin.has_access(self.corpus1, 80)
        )

-    def test_has_read_access_null(self):
-        # Only instances with defined level may pass mixin acces check
-        acl_mixin = ACLMixin(self.user1)
-        # User1 has the maximun level on the repository but write access level is not declared
-        self.assertFalse(hasattr(self.repo1, 'WRITE_LEVEL'))
-        self.assertFalse(acl_mixin.has_write_access(self.repo1))
-        # However he has an execute privilege for this repository
-        self.assertTrue(acl_mixin.has_execute_access(self.repo1))
+    def test_corpus_acl_mixin_has_read_access(self):
+        corpus_acl_mixin = NewCorpusACLMixin(self.user2)
+        with self.assertNumQueries(1):
+            read_access = corpus_acl_mixin.has_read_access(self.corpus1)
+        self.assertTrue(read_access)
+
+    def test_corpus_acl_mixin_has_write_access(self):
+        # User2 has a direct access to Corpus1 with an adequate level
+        corpus_acl_mixin = NewCorpusACLMixin(self.user2)
+        with self.assertNumQueries(1):
+            write_access = corpus_acl_mixin.has_write_access(self.corpus1)
+        self.assertTrue(write_access)
+
+    def test_corpus_acl_mixin_has_admin_access(self):
+        # Admin access requires either to have an admin right or to be a django admin/internal user
+        admin_access = [
+            (self.user, 1, False),
+            (self.superuser, 0, True),
+            (self.user1, 1, False),
+            (self.user2, 1, False),
+            (self.user3, 1, True)
+        ]
+        for user, queries, access_check in admin_access:
+            corpus_acl_mixin = NewCorpusACLMixin(user)
+            with self.assertNumQueries(queries):
+                admin_access = corpus_acl_mixin.has_admin_access(self.corpus1)
+            self.assertEqual(admin_access, access_check)
+
+    def test_corpus_acl_mixin_readable(self):
+        # Corpora with the public attribute are accessible by any user
+        corpus_acl_mixin = NewCorpusACLMixin(self.user1)
+        params = {
+            'user_id': self.user1.id,
+            'group_id': self.group2.id,
+            'group_type_id': self.group_type.id,
+            'corpus_type_id': self.corpus_type.id,
+            'level': Role.Guest.value,
+        }
+        with self.assertExactQueries('corpus_rights_filter_public.sql', params=params):
+            corpora = list(corpus_acl_mixin.readable_corpora())
+        self.assertCountEqual(corpora, [self.corpus, self.corpus1])
+
+    def test_corpus_acl_mixin_writable(self):
+        corpus_acl_mixin = NewCorpusACLMixin(self.user1)
+        with self.assertNumQueries(1):
+            corpora = list(corpus_acl_mixin.writable_corpora())
+        self.assertCountEqual(corpora, [self.corpus1])
+
+    def test_repo_acl_mixin_has_read_access(self):
+        repo_acl_mixin = RepositoryACLMixin(self.user2)
+        with self.assertNumQueries(1):
+            read_access = repo_acl_mixin.has_read_access(self.repo1)
+        self.assertTrue(read_access)
+
+    def test_repo_acl_mixin_has_write_access(self):
+        repo_acl_mixin = RepositoryACLMixin(self.user2)
+        with self.assertNumQueries(1):
+            exec_access = repo_acl_mixin.has_execution_access(self.repo1)
+        self.assertFalse(exec_access)
+
+    def test_repo_acl_mixin_has_admin_access(self):
+        # Admin access requires either to have an admin right or to be a django admin/internal user
+        admin_access = [
+            (self.user, 1, False),
+            (self.superuser, 0, True),
+            (self.user1, 1, True),
+            (self.user2, 1, False),
+            (self.user3, 1, False)
+        ]
+        for user, queries, access_check in admin_access:
+            repo_acl_mixin = RepositoryACLMixin(user)
+            with self.assertNumQueries(queries):
+                admin_access = repo_acl_mixin.has_admin_access(self.repo1)
+            self.assertEqual(admin_access, access_check)
+
+    def test_repo_acl_mixin_readable(self):
+        repo_acl_mixin = RepositoryACLMixin(self.user2)
+        with self.assertNumQueries(1):
+            repos = list(repo_acl_mixin.readable_repositories())
+        self.assertCountEqual(repos, [self.repo1])
+
+    def test_repo_acl_mixin_executable(self):
+        repo_acl_mixin = RepositoryACLMixin(self.user2)
+        with self.assertNumQueries(1):
+            repos = list(repo_acl_mixin.executable_repositories())
+        self.assertEqual(repos, [])