d24e2abe7f
* rbac: rework API slightly to improve terraform compatibility Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sigh https://www.django-rest-framework.org/api-guide/filtering/#filtering-and-object-lookups Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add permission support for users global permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add role support to blueprints Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix yaml tags Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add generated read-only role Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make permissions optional Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add object permission support to blueprints Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests kinda Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more tests and fix bugs Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
58 lines
2.1 KiB
Python
58 lines
2.1 KiB
Python
"""Test blueprints v1"""
|
|
|
|
from django.test import TransactionTestCase
|
|
from guardian.shortcuts import get_perms
|
|
|
|
from authentik.blueprints.v1.importer import Importer
|
|
from authentik.core.models import User
|
|
from authentik.flows.models import Flow
|
|
from authentik.lib.generators import generate_id
|
|
from authentik.lib.tests.utils import load_fixture
|
|
from authentik.rbac.models import Role
|
|
|
|
|
|
class TestBlueprintsV1RBAC(TransactionTestCase):
|
|
"""Test Blueprints rbac attribute"""
|
|
|
|
def test_user_permission(self):
|
|
"""Test permissions"""
|
|
uid = generate_id()
|
|
import_yaml = load_fixture("fixtures/rbac_user.yaml", id=uid)
|
|
|
|
importer = Importer.from_string(import_yaml)
|
|
self.assertTrue(importer.validate()[0])
|
|
self.assertTrue(importer.apply())
|
|
user = User.objects.filter(username=uid).first()
|
|
self.assertIsNotNone(user)
|
|
self.assertTrue(user.has_perms(["authentik_blueprints.view_blueprintinstance"]))
|
|
|
|
def test_role_permission(self):
|
|
"""Test permissions"""
|
|
uid = generate_id()
|
|
import_yaml = load_fixture("fixtures/rbac_role.yaml", id=uid)
|
|
|
|
importer = Importer.from_string(import_yaml)
|
|
self.assertTrue(importer.validate()[0])
|
|
self.assertTrue(importer.apply())
|
|
role = Role.objects.filter(name=uid).first()
|
|
self.assertIsNotNone(role)
|
|
self.assertEqual(
|
|
list(role.group.permissions.all().values_list("codename", flat=True)),
|
|
["view_blueprintinstance"],
|
|
)
|
|
|
|
def test_object_permission(self):
|
|
"""Test permissions"""
|
|
uid = generate_id()
|
|
import_yaml = load_fixture("fixtures/rbac_object.yaml", id=uid)
|
|
|
|
importer = Importer.from_string(import_yaml)
|
|
self.assertTrue(importer.validate()[0])
|
|
self.assertTrue(importer.apply())
|
|
flow = Flow.objects.filter(slug=uid).first()
|
|
user = User.objects.filter(username=uid).first()
|
|
role = Role.objects.filter(name=uid).first()
|
|
self.assertIsNotNone(flow)
|
|
self.assertEqual(get_perms(user, flow), ["view_flow"])
|
|
self.assertEqual(get_perms(role.group, flow), ["view_flow"])
|