mirror of
https://gitlab.com/allianceauth/allianceauth.git
synced 2026-02-06 23:26:19 +01:00
Grant service access by permissions (#692)
* Add service access permissions and migration `ENABLE_AUTH_<servicename> = True` will have the new permission applied to the settings configured `DEFAULT_AUTH_GROUP` group or `Member` if none is configured. `ENABLE_BLUE_<servicename> = True` will have the new permission applied to the settings configured `DEFAULT_BLUE_GROUP` group or `Blue` if none is configured. * Move views and hooks to permissions based access * Remove access restriction to services view Hypothetically non-member/blues could be granted permission to access services manually as desired now. A user that has no permissions to access any services will see a blank services list. * Remove obsolete service settings * Remove references to obsolete settings * Adjusted tests to support permissions based access * Fix incorrectly named permissions * Add simple get_services generator function * Added signals for user and groups perm changes * Update validate_services to support permissions deactivate_services removed as its surplus to requirements. * Removed state parameter from validate_services calls * Update tests to support signals changes * Fix incorrect call to validate_services task * Fix validate_services and test * Add validate_user to changed user groups signal * Added tests for new signals * Remove unnecessary post_add signals * Added documentation for service permissions * Added detection for members with service active If there are any service users in the Member or Blue groups active, then the permission will be added to the respective Member or Blue group. This means its no longer necessary to maintain the service enablesettings to migrate to permissions based service. Remove obsolete state based status checking
This commit is contained in:
Basraah
Adarnof
@@ -8,7 +8,7 @@ except ImportError:
|
||||
import mock
|
||||
|
||||
from django.test import TestCase
|
||||
from django.contrib.auth.models import Group
|
||||
from django.contrib.auth.models import Group, Permission
|
||||
|
||||
from alliance_auth.tests.auth_utils import AuthUtils
|
||||
|
||||
@@ -19,15 +19,16 @@ class ServicesSignalsTestCase(TestCase):
|
||||
self.none_user = AuthUtils.create_user('none_user', disconnect_signals=True)
|
||||
|
||||
@mock.patch('services.signals.transaction')
|
||||
@mock.patch('services.signals.get_hooks')
|
||||
def test_m2m_changed_user_groups(self, get_hooks, transaction):
|
||||
@mock.patch('services.signals.ServicesHook')
|
||||
def test_m2m_changed_user_groups(self, services_hook, transaction):
|
||||
"""
|
||||
Test that update_groups hook function is called on user groups change
|
||||
"""
|
||||
svc = mock.Mock()
|
||||
svc.update_groups.return_value = None
|
||||
svc.validate_user.return_value = None
|
||||
|
||||
get_hooks.return_value = [lambda: svc]
|
||||
services_hook.get_services.return_value = [svc]
|
||||
|
||||
# Overload transaction.on_commit so everything happens synchronously
|
||||
transaction.on_commit = lambda fn: fn()
|
||||
@@ -39,16 +40,20 @@ class ServicesSignalsTestCase(TestCase):
|
||||
self.member.save()
|
||||
|
||||
# Assert
|
||||
self.assertTrue(get_hooks.called)
|
||||
args, kwargs = get_hooks.call_args
|
||||
self.assertEqual('services_hook', args[0])
|
||||
self.assertTrue(services_hook.get_services.called)
|
||||
|
||||
self.assertTrue(svc.update_groups.called)
|
||||
args, kwargs = svc.update_groups.call_args
|
||||
self.assertEqual(self.member, args[0])
|
||||
|
||||
self.assertTrue(svc.validate_user.called)
|
||||
args, kwargs = svc.validate_user.call_args
|
||||
self.assertEqual(self.member, args[0])
|
||||
|
||||
|
||||
@mock.patch('services.signals.disable_user')
|
||||
def test_pre_delete_user(self, disable_user):
|
||||
|
||||
"""
|
||||
Test that disable_member is called when a user is deleted
|
||||
"""
|
||||
@@ -89,3 +94,62 @@ class ServicesSignalsTestCase(TestCase):
|
||||
self.assertTrue(set_state.called)
|
||||
args, kwargs = set_state.call_args
|
||||
self.assertEqual(self.member, args[0])
|
||||
|
||||
@mock.patch('services.signals.transaction')
|
||||
@mock.patch('services.signals.ServicesHook')
|
||||
def test_m2m_changed_group_permissions(self, services_hook, transaction):
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
svc = mock.Mock()
|
||||
svc.validate_user.return_value = None
|
||||
svc.access_perm = 'auth.access_testsvc'
|
||||
|
||||
services_hook.get_services.return_value = [svc]
|
||||
|
||||
# Overload transaction.on_commit so everything happens synchronously
|
||||
transaction.on_commit = lambda fn: fn()
|
||||
|
||||
test_group = Group.objects.create(name="Test group")
|
||||
AuthUtils.disconnect_signals()
|
||||
self.member.groups.add(test_group)
|
||||
AuthUtils.connect_signals()
|
||||
|
||||
ct = ContentType.objects.get(app_label='auth', model='permission')
|
||||
perm = Permission.objects.create(name="Test perm", codename="access_testsvc", content_type=ct)
|
||||
test_group.permissions.add(perm)
|
||||
|
||||
# Act, should trigger m2m change
|
||||
test_group.permissions.remove(perm)
|
||||
|
||||
# Assert
|
||||
self.assertTrue(services_hook.get_services.called)
|
||||
|
||||
self.assertTrue(svc.validate_user.called)
|
||||
args, kwargs = svc.validate_user.call_args
|
||||
self.assertEqual(self.member, args[0])
|
||||
|
||||
@mock.patch('services.signals.transaction')
|
||||
@mock.patch('services.signals.ServicesHook')
|
||||
def test_m2m_changed_user_permissions(self, services_hook, transaction):
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
svc = mock.Mock()
|
||||
svc.validate_user.return_value = None
|
||||
svc.access_perm = 'auth.access_testsvc'
|
||||
|
||||
services_hook.get_services.return_value = [svc]
|
||||
|
||||
# Overload transaction.on_commit so everything happens synchronously
|
||||
transaction.on_commit = lambda fn: fn()
|
||||
|
||||
ct = ContentType.objects.get(app_label='auth', model='permission')
|
||||
perm = Permission.objects.create(name="Test perm", codename="access_testsvc", content_type=ct)
|
||||
self.member.user_permissions.add(perm)
|
||||
|
||||
# Act, should trigger m2m change
|
||||
self.member.user_permissions.remove(perm)
|
||||
|
||||
# Assert
|
||||
self.assertTrue(services_hook.get_services.called)
|
||||
|
||||
self.assertTrue(svc.validate_user.called)
|
||||
args, kwargs = svc.validate_user.call_args
|
||||
self.assertEqual(self.member, args[0])
|
||||
|
||||
@@ -9,10 +9,9 @@ except ImportError:
|
||||
|
||||
from django.test import TestCase
|
||||
|
||||
from authentication.states import MEMBER_STATE, BLUE_STATE, NONE_STATE
|
||||
from alliance_auth.tests.auth_utils import AuthUtils
|
||||
|
||||
from services.tasks import deactivate_services, validate_services
|
||||
from services.tasks import validate_services
|
||||
|
||||
|
||||
class ServicesTasksTestCase(TestCase):
|
||||
@@ -20,62 +19,16 @@ class ServicesTasksTestCase(TestCase):
|
||||
self.member = AuthUtils.create_member('auth_member')
|
||||
self.none_user = AuthUtils.create_user('none_user', disconnect_signals=True)
|
||||
|
||||
@mock.patch('services.tasks.get_hooks')
|
||||
@mock.patch('services.tasks.deactivate_services')
|
||||
def test_validate_services_deactivate(self, deactivate_services, get_hooks):
|
||||
"""
|
||||
Test validate services will call deactivate on a None state user
|
||||
"""
|
||||
|
||||
validate_services.delay(user=self.none_user, state=NONE_STATE)
|
||||
|
||||
self.assertTrue(deactivate_services.called)
|
||||
args, kwargs = deactivate_services.call_args
|
||||
self.assertEqual(self.none_user, args[0]) # Assert correct user is passed
|
||||
self.assertFalse(get_hooks.called)
|
||||
|
||||
@mock.patch('services.tasks.get_hooks')
|
||||
@mock.patch('services.tasks.deactivate_services')
|
||||
def test_validate_services_valid_member(self, deactivate_services, get_hooks):
|
||||
"""
|
||||
Test that validate_services is called for a valid member
|
||||
"""
|
||||
@mock.patch('services.tasks.ServicesHook')
|
||||
def test_validate_services(self, services_hook):
|
||||
svc = mock.Mock()
|
||||
svc.validate_user.return_value = None
|
||||
|
||||
get_hooks.return_value = [lambda: svc]
|
||||
services_hook.get_services.return_value = [svc]
|
||||
|
||||
validate_services.delay(user=self.member, state=MEMBER_STATE)
|
||||
validate_services.delay(user=self.member)
|
||||
|
||||
self.assertTrue(get_hooks.called)
|
||||
args, kwargs = get_hooks.call_args
|
||||
self.assertEqual('services_hook', args[0])
|
||||
self.assertTrue(services_hook.get_services.called)
|
||||
self.assertTrue(svc.validate_user.called)
|
||||
args, kwargs = svc.validate_user.call_args
|
||||
self.assertEqual(self.member, args[0]) # Assert correct user is passed to service hook function
|
||||
self.assertFalse(deactivate_services.called)
|
||||
|
||||
@mock.patch('services.tasks.notify')
|
||||
@mock.patch('services.tasks.get_hooks')
|
||||
def test_deactivate_services(self, get_hooks, notify):
|
||||
"""
|
||||
Test that hooks delete_user function is called by deactivate_services
|
||||
"""
|
||||
svc = mock.Mock()
|
||||
svc.delete_user.return_value = True
|
||||
|
||||
get_hooks.return_value = [lambda: svc]
|
||||
|
||||
deactivate_services(self.member)
|
||||
|
||||
self.assertTrue(get_hooks.called)
|
||||
args, kwargs = get_hooks.call_args
|
||||
self.assertEqual('services_hook', args[0])
|
||||
self.assertTrue(svc.delete_user.called)
|
||||
args, kwargs = svc.delete_user.call_args
|
||||
self.assertEqual(self.member, args[0]) # Assert correct user is passed to service hook function
|
||||
self.assertTrue(notify.called)
|
||||
args, kwargs = notify.call_args
|
||||
self.assertEqual(self.member, args[0]) # Assert user is passed to the notification system
|
||||
self.assertEqual("Services Disabled", args[1])
|
||||
self.assertEqual("danger", kwargs['level'])
|
||||
|
||||
Reference in New Issue
Block a user