From 3b0e87197f8749dcb35014e6130f16ec3b98ea0b Mon Sep 17 00:00:00 2001 From: devilsautumn Date: Mon, 19 Aug 2024 14:57:13 +0530 Subject: [PATCH] added login with role test. --- .../apps/dynamic_models/workspace/base.py | 15 ++---- .../tests/auth_tests/test_app_login/tests.py | 54 ++++++++++++++++--- .../workspace/login_app/policies.json | 32 ++++++++++- .../workspace/login_app/urls.py | 3 +- .../workspace/login_app/views.py | 6 ++- .../test_role_policy_mapping/tests.py | 11 ++-- 6 files changed, 96 insertions(+), 25 deletions(-) diff --git a/backend/src/zango/apps/dynamic_models/workspace/base.py b/backend/src/zango/apps/dynamic_models/workspace/base.py index e130b16e9..ff59f2f45 100644 --- a/backend/src/zango/apps/dynamic_models/workspace/base.py +++ b/backend/src/zango/apps/dynamic_models/workspace/base.py @@ -488,19 +488,12 @@ def sync_policies_with_roles(self, role_with_policies): """ mapping roles from policies.json to UserRoleModel """ - existing_roles = list(UserRoleModel.objects.values_list("id", flat=True)) for role, policies in role_with_policies.items(): - user_role, created = UserRoleModel.objects.update_or_create( + user_role = UserRoleModel.objects.filter( name=role, - defaults={ - "name": role - } - ) - user_role.policies.set(policies) - if not created: - existing_roles.remove(user_role.id) - - UserRoleModel.objects.filter(id__in=existing_roles).delete() + ).first() + if user_role: + user_role.policies.set(policies) def sync_role_with_policies(self): """ diff --git a/backend/src/zango/tests/auth_tests/test_app_login/tests.py b/backend/src/zango/tests/auth_tests/test_app_login/tests.py index 6c70c8477..c17300d6b 100644 --- a/backend/src/zango/tests/auth_tests/test_app_login/tests.py +++ b/backend/src/zango/tests/auth_tests/test_app_login/tests.py @@ -20,9 +20,9 @@ def sync_policies(self): @classmethod def create_app_user(self): - + UserRoleModel.objects.create(name="app_login_user") + UserRoleModel.objects.create(name="different_view_user") app_user_role = UserRoleModel.objects.filter(name="app_login_user").first() - app_user_role.policies.add(PolicyModel.objects.get(name="AllowFromAnywhere")) role_ids = [app_user_role.id] result = AppUserModel.create_user( name="John Doe", @@ -39,16 +39,15 @@ def create_app_user(self): def test_app_login(self): self.setUpAppAndModule("auth_tests", "test_app_login") - self.sync_policies() app_user = self.create_app_user() + self.sync_policies() self.client = ZangoClient(self.tenant) self.client.user = app_user session = self.client.session - if len(app_user.roles.all()) == 1: - session["role_id"] = app_user.roles.all().values_list("id", flat=True)[0] - session.save() - + session["role_id"] = app_user.roles.filter(name="app_login_user").values_list("id", flat=True)[0] + session.save() + logged_in = self.client.login(username="test_login_user@gmail.com", password="#Testpass123") if not logged_in: @@ -60,4 +59,43 @@ def test_app_login(self): self.client.logout() # View forbidden after logout res = self.client.get("/login_app/customer/") - self.assertIsInstance(res, HttpResponseForbidden) \ No newline at end of file + self.assertIsInstance(res, HttpResponseRedirect) + self.assertEqual(res.url, "/login/") + + def test_logged_in_user_policy_map(self): + app_user = self.create_app_user() + self.sync_policies() + self.client = ZangoClient(self.tenant) + self.client.user = app_user + + # add app_login_user role to app user. + session = self.client.session + session["role_id"] = app_user.roles.filter(name="app_login_user").values_list("id", flat=True)[0] + session.save() + + # login app user. + logged_in = self.client.login(username="test_login_user@gmail.com", password="#Testpass123") + + if not logged_in: + raise Exception("Unable to login user.") + + # app user does not have permission as different_view_user role is not assigned to app user. + res = self.client.get("/login_app/dummy/") + self.assertEqual(res.status_code, 403) + + # app_login_user has permission app_login_user is assigned to user. + res = self.client.get("/login_app/customer/") + self.assertEqual(res.status_code, 200) + + # assign app_login_user role and different_view_user role to user. + new_role_ids = UserRoleModel.objects.filter(name__in=["app_login_user", "different_view_user"]).values_list("id", flat=True) + app_user.add_roles(new_role_ids) + + # set role_id as per the view permissions. + session = self.client.session + session["role_id"] = app_user.roles.filter(name="different_view_user").values_list("id", flat=True)[0] + session.save() + + # now user has permission to this view. + res = self.client.get("/login_app/dummy/") + self.assertEqual(res.status_code, 200) diff --git a/backend/src/zango/tests/auth_tests/test_app_login/workspace/login_app/policies.json b/backend/src/zango/tests/auth_tests/test_app_login/workspace/login_app/policies.json index 217fddc7e..4e79ab0bd 100644 --- a/backend/src/zango/tests/auth_tests/test_app_login/workspace/login_app/policies.json +++ b/backend/src/zango/tests/auth_tests/test_app_login/workspace/login_app/policies.json @@ -12,8 +12,38 @@ ] }, "roles": [ + "app_login_user" + ] + }, + { + "name": "DummyGetViewAccess", + "description": "Access to the Dummy GET View", + "statement": { + "permissions": [ + { + "name": "login_app.views.TestDummyView", + "type": "view" + } + ] + }, + "roles": [ + "different_view_user" + ] + }, + { + "name": "AllowTestUserFromAnywhere", + "description": "Allow test user to access the app from anywhere.", + "statement": { + "permissions": [ + { + "type": "userAccess", + "accessIP": ["0.0.0.0/0"] + } + ] + }, + "roles":[ "app_login_user", - "AnonymousUsers" + "different_view_user" ] } ] diff --git a/backend/src/zango/tests/auth_tests/test_app_login/workspace/login_app/urls.py b/backend/src/zango/tests/auth_tests/test_app_login/workspace/login_app/urls.py index e8cb95d9d..a3f404f27 100644 --- a/backend/src/zango/tests/auth_tests/test_app_login/workspace/login_app/urls.py +++ b/backend/src/zango/tests/auth_tests/test_app_login/workspace/login_app/urls.py @@ -1,6 +1,7 @@ from django.urls import path -from .views import TestDynamicView +from .views import TestDynamicView, TestDummyView urlpatterns = [ path("customer/", TestDynamicView.as_view(), name="customer"), + path("dummy/", TestDummyView.as_view(), name="dummy"), ] diff --git a/backend/src/zango/tests/auth_tests/test_app_login/workspace/login_app/views.py b/backend/src/zango/tests/auth_tests/test_app_login/workspace/login_app/views.py index f5f34364e..444fd4cc9 100644 --- a/backend/src/zango/tests/auth_tests/test_app_login/workspace/login_app/views.py +++ b/backend/src/zango/tests/auth_tests/test_app_login/workspace/login_app/views.py @@ -3,4 +3,8 @@ class TestDynamicView(TemplateView): def get(self, request, *args, **kwargs): - return HttpResponse("

Hey! This is response from app after login.

") \ No newline at end of file + return HttpResponse("

Hey! This is response from app after login.

") + +class TestDummyView(TemplateView): + def get(self, request, *args, **kwargs): + return HttpResponse("

Hey! This is dummy response from app.

") \ No newline at end of file diff --git a/backend/src/zango/tests/policy_tests/test_role_policy_mapping/tests.py b/backend/src/zango/tests/policy_tests/test_role_policy_mapping/tests.py index fef9fbb8b..31e252e8c 100644 --- a/backend/src/zango/tests/policy_tests/test_role_policy_mapping/tests.py +++ b/backend/src/zango/tests/policy_tests/test_role_policy_mapping/tests.py @@ -19,10 +19,14 @@ def sync_policies(self): def test_multi_role_with_one_policy_mapping(self): # passing same module name in this class again will throw error. self.setUpAppAndModule("policy_tests", "test_role_policy_mapping") - self.sync_policies() + expected_role_names = ["test_role_1", "test_role_2"] expected_policy_name = "CustomerGetViewAccess" + UserRoleModel.objects.create(name="test_role_1") + UserRoleModel.objects.create(name="test_role_2") + + self.sync_policies() for role_name in expected_role_names: role = UserRoleModel.objects.filter(name=role_name).first() @@ -48,11 +52,12 @@ def test_multi_role_with_one_policy_mapping(self): ) def test_one_role_with_multi_policy_mapping(self): - self.sync_policies() - expected_role_name = "dummy_role_1" expected_policy_names = ["RetailersGetViewAccess", "DummyGetViewAccess"] + UserRoleModel.objects.create(name=expected_role_name) + self.sync_policies() + role = UserRoleModel.objects.filter(name=expected_role_name).first() self.assertIsNotNone(role, f"Role '{expected_role_name}' does not exist")