authentik.rbac.tests.test_decorators
test decorators api
1"""test decorators api""" 2 3from rest_framework.decorators import action 4from rest_framework.request import Request 5from rest_framework.response import Response 6from rest_framework.test import APITestCase 7from rest_framework.viewsets import ModelViewSet 8 9from authentik.core.models import Application 10from authentik.core.tests.utils import RequestFactory, create_test_user 11from authentik.lib.generators import generate_id 12from authentik.rbac.decorators import permission_required 13 14 15class MVS(ModelViewSet): 16 17 queryset = Application.objects.all() 18 lookup_field = "slug" 19 20 @permission_required("authentik_core.view_application", ["authentik_events.view_event"]) 21 @action(detail=True, pagination_class=None, filter_backends=[]) 22 def test(self, request: Request, slug: str): 23 self.get_object() 24 return Response(status=200) 25 26 27class TestAPIDecorators(APITestCase): 28 """test decorators api""" 29 30 def setUp(self) -> None: 31 super().setUp() 32 self.user = create_test_user() 33 self.request_factory = RequestFactory() 34 35 def test_obj_perm_denied(self): 36 """Test object perm denied""" 37 request = self.request_factory.get("", user=self.user) 38 app = Application.objects.create(name=generate_id(), slug=generate_id()) 39 response = MVS.as_view({"get": "test"})(request, slug=app.slug) 40 self.assertEqual(response.status_code, 403) 41 42 def test_obj_perm_global(self): 43 """Test object perm successful (global)""" 44 self.user.assign_perms_to_managed_role("authentik_core.view_application") 45 self.user.assign_perms_to_managed_role("authentik_events.view_event") 46 app = Application.objects.create(name=generate_id(), slug=generate_id()) 47 request = self.request_factory.get("", user=self.user) 48 response = MVS.as_view({"get": "test"})(request, slug=app.slug) 49 self.assertEqual(response.status_code, 200, response.data) 50 51 def test_obj_perm_scoped(self): 52 """Test object perm successful (scoped)""" 53 self.user.assign_perms_to_managed_role("authentik_events.view_event") 54 app = Application.objects.create(name=generate_id(), slug=generate_id()) 55 self.user.assign_perms_to_managed_role("authentik_core.view_application", app) 56 request = self.request_factory.get("", user=self.user) 57 response = MVS.as_view({"get": "test"})(request, slug=app.slug) 58 self.assertEqual(response.status_code, 200) 59 60 def test_other_perm_denied(self): 61 """Test other perm denied""" 62 app = Application.objects.create(name=generate_id(), slug=generate_id()) 63 self.user.assign_perms_to_managed_role("authentik_core.view_application", app) 64 request = self.request_factory.get("", user=self.user) 65 response = MVS.as_view({"get": "test"})(request, slug=app.slug) 66 self.assertEqual(response.status_code, 403)
class
MVS(rest_framework.viewsets.ModelViewSet):
16class MVS(ModelViewSet): 17 18 queryset = Application.objects.all() 19 lookup_field = "slug" 20 21 @permission_required("authentik_core.view_application", ["authentik_events.view_event"]) 22 @action(detail=True, pagination_class=None, filter_backends=[]) 23 def test(self, request: Request, slug: str): 24 self.get_object() 25 return Response(status=200)
A viewset that provides default create(), retrieve(), update(),
partial_update(), destroy() and list() actions.
class
TestAPIDecorators(rest_framework.test.APITestCase):
28class TestAPIDecorators(APITestCase): 29 """test decorators api""" 30 31 def setUp(self) -> None: 32 super().setUp() 33 self.user = create_test_user() 34 self.request_factory = RequestFactory() 35 36 def test_obj_perm_denied(self): 37 """Test object perm denied""" 38 request = self.request_factory.get("", user=self.user) 39 app = Application.objects.create(name=generate_id(), slug=generate_id()) 40 response = MVS.as_view({"get": "test"})(request, slug=app.slug) 41 self.assertEqual(response.status_code, 403) 42 43 def test_obj_perm_global(self): 44 """Test object perm successful (global)""" 45 self.user.assign_perms_to_managed_role("authentik_core.view_application") 46 self.user.assign_perms_to_managed_role("authentik_events.view_event") 47 app = Application.objects.create(name=generate_id(), slug=generate_id()) 48 request = self.request_factory.get("", user=self.user) 49 response = MVS.as_view({"get": "test"})(request, slug=app.slug) 50 self.assertEqual(response.status_code, 200, response.data) 51 52 def test_obj_perm_scoped(self): 53 """Test object perm successful (scoped)""" 54 self.user.assign_perms_to_managed_role("authentik_events.view_event") 55 app = Application.objects.create(name=generate_id(), slug=generate_id()) 56 self.user.assign_perms_to_managed_role("authentik_core.view_application", app) 57 request = self.request_factory.get("", user=self.user) 58 response = MVS.as_view({"get": "test"})(request, slug=app.slug) 59 self.assertEqual(response.status_code, 200) 60 61 def test_other_perm_denied(self): 62 """Test other perm denied""" 63 app = Application.objects.create(name=generate_id(), slug=generate_id()) 64 self.user.assign_perms_to_managed_role("authentik_core.view_application", app) 65 request = self.request_factory.get("", user=self.user) 66 response = MVS.as_view({"get": "test"})(request, slug=app.slug) 67 self.assertEqual(response.status_code, 403)
test decorators api
def
setUp(self) -> None:
31 def setUp(self) -> None: 32 super().setUp() 33 self.user = create_test_user() 34 self.request_factory = RequestFactory()
Hook method for setting up the test fixture before exercising it.
def
test_obj_perm_denied(self):
36 def test_obj_perm_denied(self): 37 """Test object perm denied""" 38 request = self.request_factory.get("", user=self.user) 39 app = Application.objects.create(name=generate_id(), slug=generate_id()) 40 response = MVS.as_view({"get": "test"})(request, slug=app.slug) 41 self.assertEqual(response.status_code, 403)
Test object perm denied
def
test_obj_perm_global(self):
43 def test_obj_perm_global(self): 44 """Test object perm successful (global)""" 45 self.user.assign_perms_to_managed_role("authentik_core.view_application") 46 self.user.assign_perms_to_managed_role("authentik_events.view_event") 47 app = Application.objects.create(name=generate_id(), slug=generate_id()) 48 request = self.request_factory.get("", user=self.user) 49 response = MVS.as_view({"get": "test"})(request, slug=app.slug) 50 self.assertEqual(response.status_code, 200, response.data)
Test object perm successful (global)
def
test_obj_perm_scoped(self):
52 def test_obj_perm_scoped(self): 53 """Test object perm successful (scoped)""" 54 self.user.assign_perms_to_managed_role("authentik_events.view_event") 55 app = Application.objects.create(name=generate_id(), slug=generate_id()) 56 self.user.assign_perms_to_managed_role("authentik_core.view_application", app) 57 request = self.request_factory.get("", user=self.user) 58 response = MVS.as_view({"get": "test"})(request, slug=app.slug) 59 self.assertEqual(response.status_code, 200)
Test object perm successful (scoped)
def
test_other_perm_denied(self):
61 def test_other_perm_denied(self): 62 """Test other perm denied""" 63 app = Application.objects.create(name=generate_id(), slug=generate_id()) 64 self.user.assign_perms_to_managed_role("authentik_core.view_application", app) 65 request = self.request_factory.get("", user=self.user) 66 response = MVS.as_view({"get": "test"})(request, slug=app.slug) 67 self.assertEqual(response.status_code, 403)
Test other perm denied