Commit 71db34b5 authored by Joern jkuensem's avatar Joern jkuensem Committed by Jorrit Schaap

TMSS-138: Restrict access to Cycle view via REST calls, add tests to...

TMSS-138: Restrict access to Cycle view via REST calls, add tests to demonstrate use of groups and permissions
parent f58a52ef
......@@ -192,8 +192,8 @@ if "OIDC_RP_CLIENT_ID" in os.environ.keys():
OIDC_DRF_AUTH_BACKEND = 'mozilla_django_oidc.auth.OIDCAuthenticationBackend'
# For talking to Mozilla Identity Provider:
OIDC_RP_SCOPES = "openid email groups"
OIDC_RP_CLIENT_ID = os.environ.get('OIDC_RP_CLIENT_ID', '1') # Secret, do not put real credentials on Git
OIDC_RP_SCOPES = "openid email profile" # todo: groups are not a standard scope, how to handle those?
OIDC_RP_CLIENT_ID = os.environ.get('OIDC_RP_CLIENT_ID', '2') # Secret, do not put real credentials on Git
OIDC_RP_CLIENT_SECRET = os.environ.get('OIDC_RP_CLIENT_SECRET',
'secret') # Secret, do not put real credentials on Git
OIDC_ENDPOINT_HOST = os.environ.get('OIDC_ENDPOINT_HOST', 'tmss_test_oidc')
......@@ -233,6 +233,7 @@ else:
REST_FRAMEWORK['DEFAULT_PERMISSION_CLASSES'].append('rest_framework.permissions.AllowAny')
logger.warning("No authentication configured! please set either OIDC_RP_CLIENT_ID or TMSS_LDAPCREDENTIALS environment variable.")
LOGIN_REDIRECT_URL = "/api/"
LOGIN_REDIRECT_URL_FAILURE = "/api/"
LOGOUT_REDIRECT_URL = "/api/"
......
......@@ -25,6 +25,7 @@ if(BUILD_TESTING)
lofar_add_test(t_tmssapp_scheduling_django)
lofar_add_test(t_tmssapp_scheduling_functional)
lofar_add_test(t_subtask_validation)
lofar_add_test(t_tmssapp_specification_permissions)
# set_tests_properties(t_tmssapp_scheduling_functional PROPERTIES TIMEOUT 300)
endif()
......
......@@ -91,7 +91,6 @@ class CycleTest(rest_framework.test.APITransactionTestCase):
res = client.post('%s/cycle/' % BASE_URI, data=self.test_data_2)
self.assertEqual(res.status_code, 201)
def test_Cycle_cannot_be_deleted_without_group(self):
self.user.groups.set([])
......@@ -107,7 +106,7 @@ class CycleTest(rest_framework.test.APITransactionTestCase):
self.assertEqual(res.status_code, 403)
self.assertEqual(count + 1, len(models.Cycle.objects.all()))
def test_Cycle_can_be_deleted_by_admin(self):
def test_Cycle_can_only_be_deleted_by_admin(self):
self.user.groups.set([self.admin_group])
......@@ -120,4 +119,6 @@ class CycleTest(rest_framework.test.APITransactionTestCase):
# delete
res = client.delete(url)
self.assertEqual(res.status_code, 204)
new_count = len(models.Cycle.objects.all())
self.assertEqual(count, len(models.Cycle.objects.all()))
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment