TMSS-1911: add generic extra action system permissions population for...

TMSS-1911: add generic extra action system permissions population for blueprint_fixed permission group + test coverage

TMSS-1911: add generic extra action system permissions population for...
424879d7 · Jörn Künsemöller · ee9f106f · 424879d7 · 424879d7
Commit 424879d7 authored 2 years ago by Jörn Künsemöller
--- a/SAS/TMSS/backend/src/tmss/tmssapp/populate.py
+++ b/SAS/TMSS/backend/src/tmss/tmssapp/populate.py
@@ -1384,6 +1384,17 @@ def assign_system_permissions():
        admin_group.permissions.add(perm)
        maintenance_group.permissions.add(perm)

+        extra_actions = view.get_extra_actions()
+        if extra_actions:
+            for action in extra_actions:
+                perm = Permission.objects.get(codename='%s_%s' % (action.__name__, name))
+                if 'get' in action.mapping and perm not in already_handled:
+                    operator_group.permissions.add(perm)
+                    support_group.permissions.add(perm)
+                    developer_group.permissions.add(perm)
+                    admin_group.permissions.add(perm)
+                    maintenance_group.permissions.add(perm)
+
        # Note: we only grant view permissions, since alteration is only permitted to users who are superuser anyway.

    # operational

--- a/SAS/TMSS/backend/test/t_permissions_system_roles.py
+++ b/SAS/TMSS/backend/test/t_permissions_system_roles.py
@@ -68,8 +68,11 @@ class SystemPermissionTestCase(unittest.TestCase):
    '''

    @classmethod
-    def create_subtask(cls) -> int:
-        # Create preparatory data
+    def create_subtask(cls) -> (int, int):
+        """
+        returns ids of the created Subtask and its related TaskBlueprint
+        """
+        # Create preparatory data,
        with tmss_test_env.create_tmss_client() as client:
            test_data_creator.wipe_cache()

@@ -92,13 +95,13 @@ class SystemPermissionTestCase(unittest.TestCase):
            obs_subtask_output_url = test_data_creator.post_data_and_get_url(test_data_creator.SubtaskOutput(subtask_url=obs_subtask['url']), '/subtask_output/')
            test_data_creator.post_data_and_get_url(test_data_creator.Dataproduct(filename="L%s_SB000.MS" % obs_subtask['id'],
                                                                                  subtask_output_url=obs_subtask_output_url), '/dataproduct/')
-            return obs_subtask['id']
+            return obs_subtask['id'], obs_task_blueprint['id']

    @classmethod
    def setUpClass(cls) -> None:
        super().setUpClass()

-        cls.obs_subtask_id = cls.create_subtask()
+        cls.obs_subtask_id, cls.obs_taskblueprint_id = cls.create_subtask()

        # Create test_data_creator as regular user
        cls.test_data_creator = TMSSRESTTestDataCreator(BASE_URL, requests.auth.HTTPBasicAuth('paulus', 'pauluspass'))
@@ -107,8 +110,9 @@ class SystemPermissionTestCase(unittest.TestCase):
        # Populate permissions
        tmss_test_env.populate_permissions()

-        # Retrieve operator system role
+        # Retrieve operator and support system roles
        cls.operator_group = Group.objects.get(name='operator')
+        cls.support_group = Group.objects.get(name='support')

    def setUp(self):
        super().setUp()
@@ -328,7 +332,6 @@ class SystemPermissionTestCase(unittest.TestCase):
                                                      200,
                                                      auth=self.test_data_creator.auth)

-
    def test_Subtask_cannot_process_feedback_and_set_to_finished_if_complete_without_operator_group(self):
        user = User.objects.get(username='paulus')
        user.groups.set([])
@@ -362,7 +365,7 @@ class SystemPermissionTestCase(unittest.TestCase):
        # Assert Paulus has the process_feedback_and_set_to_finished_if_complete_subtask permission
        self.assertTrue(user.has_perm('tmssapp.process_feedback_and_set_to_finished_if_complete_subtask'))

-        obs_subtask_id = self.create_subtask()
+        obs_subtask_id, _ = self.create_subtask()
        # Set subtask status to finishing, so it can process feedback and set to finished.
        set_subtask_state_following_allowed_transitions(Subtask.objects.get(id=obs_subtask_id), 'finishing')

@@ -410,7 +413,7 @@ class SystemPermissionTestCase(unittest.TestCase):
        # Assert Paulus has the schedule_subtask permission
        self.assertTrue(user.has_perm('tmssapp.schedule_subtask'))

-        obs_subtask_id = self.create_subtask()
+        obs_subtask_id, _ = self.create_subtask()
        # Set subtask status to defined, so it can be scheduled.
        set_subtask_state_following_allowed_transitions(Subtask.objects.get(id=obs_subtask_id), 'defined')

@@ -583,7 +586,7 @@ class SystemPermissionTestCase(unittest.TestCase):
        # Assert Paulus has the unschedule_subtask permission
        self.assertTrue(user.has_perm('tmssapp.unschedule_subtask'))

-        obs_subtask_id = self.create_subtask()
+        obs_subtask_id, _ = self.create_subtask()
        # Set subtask status to scheduled, so it can be unscheduled.
        set_subtask_state_following_allowed_transitions(Subtask.objects.get(id=obs_subtask_id), 'scheduled')

@@ -594,6 +597,45 @@ class SystemPermissionTestCase(unittest.TestCase):
                                                     None,
                                                     auth=self.test_data_creator.auth)

+    def test_TaskBlueprint_cannot_predecessors_without_support_group(self):
+        user = User.objects.get(username='paulus')
+        user.groups.set([])
+
+        # refresh user to update cache, see: https://docs.djangoproject.com/en/3.0/topics/auth/default/#permission-caching
+        user = User.objects.get(username='paulus')
+        while user.has_perm('tmssapp.predecessors_taskblueprint'):
+            user = User.objects.get(username='paulus')
+
+        # Assert support group has the predecessors_taskblueprint permission
+        self.assertIsNotNone(self.support_group.permissions.all().filter(codename='predecessors_taskblueprint'))
+        # Assert Paulus does not have the predecessors_taskblueprint permission
+        self.assertFalse(user.has_perm('tmssapp.predecessors_taskblueprint'))
+
+        # Try to predecessors taskblueprint and assert Paulus can't do it without the support group permissions.
+        response = GET_and_assert_equal_expected_code(self,
+                                                      BASE_URL + '/task_blueprint/%s/predecessors/' % self.obs_taskblueprint_id,
+                                                      403,
+                                                      auth=self.test_data_creator.auth)
+
+    def test_TaskBlueprint_can_predecessors_with_support_group(self):
+        user = User.objects.get(username='paulus')
+        user.groups.set([self.support_group])
+
+        # refresh user to update cache, see: https://docs.djangoproject.com/en/3.0/topics/auth/default/#permission-caching
+        user = User.objects.get(username='paulus')
+        while not user.has_perm('tmssapp.predecessors_taskblueprint'):
+            user = User.objects.get(username='paulus')
+
+        # Assert support group has the predecessors_taskblueprint permission
+        self.assertIsNotNone(self.support_group.permissions.all().filter(codename='predecessors_taskblueprint'))
+        # Assert Paulus does not have the predecessors_taskblueprint permission
+        self.assertTrue(user.has_perm('tmssapp.predecessors_taskblueprint'))
+
+        # Try to predecessors taskblueprint and assert Paulus can't do it without the support group permissions.
+        response = GET_and_assert_equal_expected_code(self,
+                                                      BASE_URL + '/task_blueprint/%s/predecessors/' % self.obs_taskblueprint_id,
+                                                      200,
+                                                      auth=self.test_data_creator.auth)

 if __name__ == "__main__":
    logging.basicConfig(format='%(asctime)s %(levelname)s %(message)s',