You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
94 lines
3.5 KiB
PPh
94 lines
3.5 KiB
PPh
# Copyright (C) 2021-2022 Intel Corporation
|
|
# Copyright (C) 2022 CVAT.ai Corporation
|
|
#
|
|
# SPDX-License-Identifier: MIT
|
|
|
|
import json
|
|
import typing
|
|
from http import HTTPStatus
|
|
|
|
import pytest
|
|
from cvat_sdk.core.helpers import get_paginated_collection
|
|
from deepdiff import DeepDiff
|
|
|
|
from shared.utils.config import make_api_client
|
|
|
|
|
|
@pytest.mark.usefixtures("dontchangedb")
|
|
class TestGetUsers:
|
|
def _test_can_see(
|
|
self,
|
|
user,
|
|
data,
|
|
id_: typing.Union[typing.Literal["self"], int, None] = None,
|
|
*,
|
|
exclude_paths="",
|
|
**kwargs,
|
|
):
|
|
with make_api_client(user) as api_client:
|
|
# TODO: refactor into several functions
|
|
if id_ == "self":
|
|
(_, response) = api_client.users_api.retrieve_self(**kwargs, _parse_response=False)
|
|
assert response.status == HTTPStatus.OK
|
|
response_data = json.loads(response.data)
|
|
elif id_ is None:
|
|
response_data = get_paginated_collection(
|
|
api_client.users_api.list_endpoint, return_json=True, **kwargs
|
|
)
|
|
else:
|
|
(_, response) = api_client.users_api.retrieve(id_, **kwargs, _parse_response=False)
|
|
assert response.status == HTTPStatus.OK
|
|
response_data = json.loads(response.data)
|
|
|
|
assert DeepDiff(data, response_data, ignore_order=True, exclude_paths=exclude_paths) == {}
|
|
|
|
def _test_cannot_see(
|
|
self, user, id_: typing.Union[typing.Literal["self"], int, None] = None, **kwargs
|
|
):
|
|
with make_api_client(user) as api_client:
|
|
# TODO: refactor into several functions
|
|
if id_ == "self":
|
|
(_, response) = api_client.users_api.retrieve_self(
|
|
**kwargs, _parse_response=False, _check_status=False
|
|
)
|
|
elif id_ is None:
|
|
(_, response) = api_client.users_api.list(
|
|
**kwargs, _parse_response=False, _check_status=False
|
|
)
|
|
else:
|
|
(_, response) = api_client.users_api.retrieve(
|
|
id_, **kwargs, _parse_response=False, _check_status=False
|
|
)
|
|
assert response.status == HTTPStatus.FORBIDDEN
|
|
|
|
def test_admin_can_see_all_others(self, users):
|
|
exclude_paths = [f"root[{i}]['last_login']" for i in range(len(users))]
|
|
self._test_can_see("admin2", users.raw, exclude_paths=exclude_paths)
|
|
|
|
def test_everybody_can_see_self(self, users_by_name):
|
|
for user, data in users_by_name.items():
|
|
self._test_can_see(user, data, id_="self", exclude_paths="root['last_login']")
|
|
|
|
def test_non_members_cannot_see_list_of_members(self):
|
|
self._test_cannot_see("user2", org="org1")
|
|
|
|
def test_non_admin_cannot_see_others(self, users):
|
|
non_admins = (v for v in users if not v["is_superuser"])
|
|
user = next(non_admins)["username"]
|
|
user_id = next(non_admins)["id"]
|
|
|
|
self._test_cannot_see(user, id_=user_id)
|
|
|
|
def test_all_members_can_see_list_of_members(self, find_users, users):
|
|
org_members = [user["username"] for user in find_users(org=1)]
|
|
available_fields = ["url", "id", "username", "first_name", "last_name"]
|
|
|
|
data = [
|
|
dict(filter(lambda row: row[0] in available_fields, user.items()))
|
|
for user in users
|
|
if user["username"] in org_members
|
|
]
|
|
|
|
for member in org_members:
|
|
self._test_can_see(member, data, org="org1")
|