mirror of
https://github.com/valitydev/redash.git
synced 2024-11-08 09:53:59 +00:00
72 lines
2.6 KiB
Python
72 lines
2.6 KiB
Python
from redash import models
|
|
from tests import BaseTestCase
|
|
from tests.test_handlers import AuthenticationTestMixin
|
|
|
|
|
|
class QueryAccessPermissionsTest(BaseTestCase, AuthenticationTestMixin):
|
|
def setUp(self):
|
|
self.paths = ['/api/queries/1/acl']
|
|
super(QueryAccessPermissionsTest, self).setUp()
|
|
|
|
def test_check_access(self):
|
|
admin = self.factory.create_admin()
|
|
user = self.factory.create_user()
|
|
query = self.factory.create_query()
|
|
|
|
object_id = query.id
|
|
object_type = models.Query.__name__
|
|
access_type = models.AccessPermission.ACCESS_TYPE_MODIFY
|
|
|
|
rv = self.make_request('get', '/api/queries/%s/acl' % object_id, user=admin)
|
|
self.assertEquals(rv.status_code, 200)
|
|
self.assertEquals(len(rv.json), 0)
|
|
|
|
rv = self.make_request('get', '/api/queries/%s/acl' % object_id, user=user)
|
|
self.assertEquals(rv.status_code, 200)
|
|
self.assertEquals(len(rv.json), 0)
|
|
|
|
self.factory.create_access_permission(object_type = object_type, object_id = object_id,
|
|
grantee = user, grantor = admin, access_type = access_type)
|
|
|
|
rv = self.make_request('get', '/api/queries/%s/acl' % (object_id), user=admin)
|
|
self.assertEquals(rv.status_code, 200)
|
|
self.assertGreater(len(rv.json[access_type]), 0)
|
|
|
|
rv = self.make_request('get', '/api/queries/%s/acl/%s' % (object_id, access_type), user=user)
|
|
self.assertEquals(rv.status_code, 200)
|
|
|
|
rv = self.make_request('get', '/api/queries/%s/acl/%s' % (object_id, access_type), user=admin)
|
|
self.assertEquals(rv.status_code, 403)
|
|
|
|
|
|
class TestObjectPermissionsListGet(BaseTestCase):
|
|
# returns empty list when no permissions available
|
|
# returns relevant permissions when they exist
|
|
# returns 404 for users outside of organization
|
|
# returns 404? for users who don't have access to this query
|
|
pass
|
|
|
|
|
|
class TestObjectPermissionsListPost(BaseTestCase):
|
|
# creates permission
|
|
# returns 403 if user isn't owner or admin
|
|
# returns 404 for users outside of organization
|
|
# returns 404? for users who don't have access to this query
|
|
pass
|
|
|
|
|
|
class TestObjectPermissionsListDelete(BaseTestCase):
|
|
# deletes permission
|
|
# deletes permission created by someone else
|
|
# returns 404 for users outside of org
|
|
# returns 404? for users who don't have access to this query
|
|
pass
|
|
|
|
|
|
class TestCheckPermissionsGet(BaseTestCase):
|
|
# returns true for existing,
|
|
# false for not...
|
|
# returns 404 for users outside of org
|
|
# returns 404? for users who don't have access to this query
|
|
pass
|