added login with role test.

Healthlane-Technologies · Aug 19, 2024 · 3b0e871 · 3b0e871
1 parent d6c4b0b
commit 3b0e871
Show file tree

Hide file tree

Showing 6 changed files with 96 additions and 25 deletions.
diff --git a/backend/src/zango/apps/dynamic_models/workspace/base.py b/backend/src/zango/apps/dynamic_models/workspace/base.py
@@ -488,19 +488,12 @@ def sync_policies_with_roles(self, role_with_policies):
         """
         mapping roles from policies.json to UserRoleModel
         """
-        existing_roles = list(UserRoleModel.objects.values_list("id", flat=True))
         for role, policies in role_with_policies.items():
-            user_role, created = UserRoleModel.objects.update_or_create(
+            user_role = UserRoleModel.objects.filter(
                 name=role,
-                defaults={
-                    "name": role
-                }
-            )
-            user_role.policies.set(policies)
-            if not created:
-                existing_roles.remove(user_role.id)
-
-        UserRoleModel.objects.filter(id__in=existing_roles).delete()
+            ).first()
+            if user_role:
+                user_role.policies.set(policies)
 
     def sync_role_with_policies(self):
         """

diff --git a/backend/src/zango/tests/auth_tests/test_app_login/tests.py b/backend/src/zango/tests/auth_tests/test_app_login/tests.py
@@ -20,9 +20,9 @@ def sync_policies(self):
 
     @classmethod
     def create_app_user(self):
-
+        UserRoleModel.objects.create(name="app_login_user")
+        UserRoleModel.objects.create(name="different_view_user")
         app_user_role = UserRoleModel.objects.filter(name="app_login_user").first()
-        app_user_role.policies.add(PolicyModel.objects.get(name="AllowFromAnywhere"))
         role_ids = [app_user_role.id]
         result = AppUserModel.create_user(
             name="John Doe",
@@ -39,16 +39,15 @@ def create_app_user(self):
 
     def test_app_login(self):
         self.setUpAppAndModule("auth_tests", "test_app_login")
-        self.sync_policies()
         app_user = self.create_app_user()
+        self.sync_policies()
         self.client = ZangoClient(self.tenant)
         self.client.user = app_user
         session = self.client.session
 
-        if len(app_user.roles.all()) == 1:
-            session["role_id"] = app_user.roles.all().values_list("id", flat=True)[0]
-            session.save()
-
+        session["role_id"] = app_user.roles.filter(name="app_login_user").values_list("id", flat=True)[0]
+        session.save()
+
         logged_in = self.client.login(username="test_login_user@gmail.com", password="#Testpass123")
 
         if not logged_in:
@@ -60,4 +59,43 @@ def test_app_login(self):
         self.client.logout()
         # View forbidden after logout
         res = self.client.get("/login_app/customer/")
-        self.assertIsInstance(res, HttpResponseForbidden)
+        self.assertIsInstance(res, HttpResponseRedirect)
+        self.assertEqual(res.url, "/login/")
+
+    def test_logged_in_user_policy_map(self):
+        app_user = self.create_app_user()
+        self.sync_policies()
+        self.client = ZangoClient(self.tenant)
+        self.client.user = app_user
+
+        # add app_login_user role to app user.
+        session = self.client.session
+        session["role_id"] = app_user.roles.filter(name="app_login_user").values_list("id", flat=True)[0]
+        session.save()
+
+        # login app user.
+        logged_in = self.client.login(username="test_login_user@gmail.com", password="#Testpass123")
+
+        if not logged_in:
+            raise Exception("Unable to login user.")
+
+        # app user does not have permission as different_view_user role is not assigned to app user.
+        res = self.client.get("/login_app/dummy/")
+        self.assertEqual(res.status_code, 403)
+
+        # app_login_user has permission app_login_user is assigned to user.
+        res = self.client.get("/login_app/customer/")
+        self.assertEqual(res.status_code, 200)
+
+        # assign app_login_user role and different_view_user role to user.
+        new_role_ids = UserRoleModel.objects.filter(name__in=["app_login_user", "different_view_user"]).values_list("id", flat=True)
+        app_user.add_roles(new_role_ids)
+
+        # set role_id as per the view permissions.
+        session = self.client.session
+        session["role_id"] = app_user.roles.filter(name="different_view_user").values_list("id", flat=True)[0]  
+        session.save()
+
+        # now user has permission to this view.
+        res = self.client.get("/login_app/dummy/")
+        self.assertEqual(res.status_code, 200)
diff --git a/backend/src/zango/tests/auth_tests/test_app_login/workspace/login_app/policies.json b/backend/src/zango/tests/auth_tests/test_app_login/workspace/login_app/policies.json
@@ -12,8 +12,38 @@
                         ]
                   },
                   "roles": [
+                        "app_login_user"
+                  ]
+            },
+            {
+                  "name": "DummyGetViewAccess",
+                  "description": "Access to the Dummy GET View",
+                  "statement": {
+                        "permissions": [
+                              {
+                                    "name": "login_app.views.TestDummyView",
+                                    "type": "view"
+                              }
+                        ]
+                  },
+                  "roles": [
+                        "different_view_user"
+                  ]
+            },
+            {
+                  "name": "AllowTestUserFromAnywhere",
+                  "description": "Allow test user to access the app from anywhere.",
+                  "statement": {
+                        "permissions": [
+                              {
+                                    "type": "userAccess",
+                                    "accessIP": ["0.0.0.0/0"]
+                              }
+                        ]
+                  },
+                  "roles":[
                         "app_login_user",
-                        "AnonymousUsers"
+                        "different_view_user"
                   ]
             }
       ]

diff --git a/backend/src/zango/tests/auth_tests/test_app_login/workspace/login_app/urls.py b/backend/src/zango/tests/auth_tests/test_app_login/workspace/login_app/urls.py
@@ -1,6 +1,7 @@
 from django.urls import path
-from .views import TestDynamicView
+from .views import TestDynamicView, TestDummyView
 
 urlpatterns = [
     path("customer/", TestDynamicView.as_view(), name="customer"),
+    path("dummy/", TestDummyView.as_view(), name="dummy"),
 ]
diff --git a/backend/src/zango/tests/auth_tests/test_app_login/workspace/login_app/views.py b/backend/src/zango/tests/auth_tests/test_app_login/workspace/login_app/views.py
@@ -3,4 +3,8 @@
 
 class TestDynamicView(TemplateView):
     def get(self, request, *args, **kwargs):
-        return HttpResponse("<h1>Hey! This is response from app after login.</h1>")
+        return HttpResponse("<h1>Hey! This is response from app after login.</h1>")
+
+class TestDummyView(TemplateView):
+    def get(self, request, *args, **kwargs):
+        return HttpResponse("<h1>Hey! This is dummy response from app.</h1>")
diff --git a/backend/src/zango/tests/policy_tests/test_role_policy_mapping/tests.py b/backend/src/zango/tests/policy_tests/test_role_policy_mapping/tests.py
@@ -19,10 +19,14 @@ def sync_policies(self):
     def test_multi_role_with_one_policy_mapping(self):
         # passing same module name in this class again will throw error.
         self.setUpAppAndModule("policy_tests", "test_role_policy_mapping")
-        self.sync_policies()
+
 
         expected_role_names = ["test_role_1", "test_role_2"]
         expected_policy_name = "CustomerGetViewAccess"
+        UserRoleModel.objects.create(name="test_role_1")
+        UserRoleModel.objects.create(name="test_role_2")
+
+        self.sync_policies()
 
         for role_name in expected_role_names:
             role = UserRoleModel.objects.filter(name=role_name).first()
@@ -48,11 +52,12 @@ def test_multi_role_with_one_policy_mapping(self):
             )
 
     def test_one_role_with_multi_policy_mapping(self):
-        self.sync_policies()
-
         expected_role_name = "dummy_role_1"
         expected_policy_names = ["RetailersGetViewAccess", "DummyGetViewAccess"]
+        UserRoleModel.objects.create(name=expected_role_name)
 
+        self.sync_policies()
+
         role = UserRoleModel.objects.filter(name=expected_role_name).first()
         self.assertIsNotNone(role, f"Role '{expected_role_name}' does not exist")