add unit test to assure permission is checked

2026-01-12 18:40:01 -03:30 · 2017-01-04 14:46:23 -05:00 · 2017-01-04 14:46:23 -05:00 · 4e135bb406
commit 4e135bb406
parent bd82ab9fb0
1 changed files with 47 additions and 1 deletions
--- a/awx/main/tests/unit/api/test_generics.py
+++ b/awx/main/tests/unit/api/test_generics.py
@ -6,9 +6,16 @@ import mock
 # DRF
 from rest_framework import status
 from rest_framework.response import Response
+from rest_framework.exceptions import PermissionDenied

 # AWX
-from awx.api.generics import ParentMixin, SubListCreateAttachDetachAPIView, DeleteLastUnattachLabelMixin
+from awx.api.generics import (
+    ParentMixin,
+    SubListCreateAttachDetachAPIView,
+    DeleteLastUnattachLabelMixin,
+    ResourceAccessList
+)
+from awx.main.models import Organization


@pytest.fixture
@ -29,6 +36,11 @@ def mock_response_new(mocker):
    return m


+@pytest.fixture
+def mock_organization():
+    return Organization(pk=4, name="Unsaved Org")
+
+
@pytest.fixture
 def parent_relationship_factory(mocker):
    def rf(serializer_class, relationship_name, relationship_value=mocker.Mock()):
@ -178,3 +190,37 @@ class TestParentMixin:

        get_object_or_404.assert_called_with(parent_mixin.parent_model, **parent_mixin.kwargs)
        assert get_object_or_404.return_value == return_value
+
+
+class TestResourceAccessList:
+
+    def mock_request(self):
+        return mock.MagicMock(
+            user=mock.MagicMock(
+                is_anonymous=mock.MagicMock(return_value=False),
+                is_superuser=False
+            ), method='GET')
+
+
+    def mock_view(self):
+        view = ResourceAccessList()
+        view.parent_model = Organization
+        view.kwargs = {'pk': 4}
+        return view
+
+
+    def test_parent_access_check_failed(self, mocker, mock_organization):
+        with mocker.patch('awx.api.permissions.get_object_or_400', return_value=mock_organization):
+            mock_access = mocker.MagicMock(__name__='for logger', return_value=False)
+            with mocker.patch('awx.main.access.BaseAccess.can_read', mock_access):
+                with pytest.raises(PermissionDenied):
+                    self.mock_view().check_permissions(self.mock_request())
+                mock_access.assert_called_once_with(mock_organization)
+
+
+    def test_parent_access_check_worked(self, mocker, mock_organization):
+        with mocker.patch('awx.api.permissions.get_object_or_400', return_value=mock_organization):
+            mock_access = mocker.MagicMock(__name__='for logger', return_value=True)
+            with mocker.patch('awx.main.access.BaseAccess.can_read', mock_access):
+                self.mock_view().check_permissions(self.mock_request())
+                mock_access.assert_called_once_with(mock_organization)