Skip to content

Commit

Permalink
permissions: check user permissions for host delete
Browse files Browse the repository at this point in the history
SAT-21619 (component evaluation).

Check for correct user permissions when deleting a host.

Because a host deletion action has defined multiple permissions,
following modifications have been done:

- function `_permission_name` renamed to `_permission_names` and returns list instead of string
- new method `TestUserRole.give_user_permissions` that works well with `_permission_names`
  • Loading branch information
pnovotny committed Mar 4, 2024
1 parent 89c80a3 commit da02297
Showing 1 changed file with 29 additions and 16 deletions.
45 changes: 29 additions & 16 deletions tests/foreman/api/test_permission.py
Original file line number Diff line number Diff line change
Expand Up @@ -161,18 +161,20 @@ def test_positive_search(self, target_sat):

# FIXME: This method is a hack. This information should somehow be tied
# directly to the `Entity` classes.
def _permission_name(entity, which_perm):
"""Find a permission name.
def _permission_names(entity, which_perm: str) -> list:
"""Find a permission names.
Attempt to locate a permission in :data:`robottelo.constants.PERMISSIONS`.
For example, return 'view_architectures' if ``entity`` is ``Architecture``
and ``which_perm`` is 'read'.
Attempt to locate permissions in :data:`robottelo.constants.PERMISSIONS`.
Examples:
_permission_names('Architecture', 'read') -> ['view_architectures']
_permission_names('Host', 'delete') -> ['destroy_discovered_hosts', 'destroy_hosts']
:param entity: A ``nailgun.entity_mixins.Entity`` subclass.
:param str which_perm: Either the word "create", "read", "update" or
"delete".
:raise: ``LookupError`` if a relevant permission cannot be found, or if
multiple results are found.
:raise: ``LookupError`` if a relevant permission cannot be found
:returns: list of found permission names
"""
pattern = {'create': '^create_', 'delete': '^destroy_', 'read': '^view_', 'update': '^edit_'}[
which_perm
Expand All @@ -181,11 +183,11 @@ def _permission_name(entity, which_perm):
permissions = PERMISSIONS.get(entity.__name__) or PERMISSIONS.get(f'Katello::{entity.__name__}')
for permission in permissions:
match = re.match(pattern, permission)
if match is not None:
if match:
perm_names.append(permission)
if len(perm_names) != 1:
raise LookupError(f'Could not find the requested permission. Found: {perm_names}')
return perm_names[0]
if not perm_names:
raise LookupError(f'Could not find any "{which_perm}" permission for entity "{entity}"')
return perm_names


# This class might better belong in module test_multiple_paths.
Expand Down Expand Up @@ -226,6 +228,15 @@ def give_user_permission(self, perm_name, target_sat):
self.user.role += [role]
self.user = self.user.update(['role'])

def give_user_permissions(self, perm_names, target_sat):
"""Give ``self.user`` multiple permissions.
Otherwise, works the same as method ``self.give_user_permission``.
:param list perm_names: permission names
"""
for perm_name in perm_names:
self.give_user_permission(perm_name, target_sat)

def set_taxonomies(self, entity, organization=None, location=None):
"""Set organization and location for entity if it supports them.
Expand Down Expand Up @@ -273,7 +284,7 @@ def test_positive_check_create(self, entity_cls, class_org, class_location, targ
"""
with pytest.raises(HTTPError):
entity_cls(self.cfg).create()
self.give_user_permission(_permission_name(entity_cls, 'create'), target_sat)
self.give_user_permissions(_permission_names(entity_cls, 'create'), target_sat)
new_entity = self.set_taxonomies(entity_cls(self.cfg), class_org, class_location)
# Entities with both org and loc require
# additional permissions to set them.
Expand Down Expand Up @@ -307,14 +318,16 @@ def test_positive_check_read(self, entity_cls, class_org, class_location, target
new_entity = new_entity.create()
with pytest.raises(HTTPError):
entity_cls(self.cfg, id=new_entity.id).read()
self.give_user_permission(_permission_name(entity_cls, 'read'), target_sat)
self.give_user_permissions(_permission_names(entity_cls, 'read'), target_sat)
entity_cls(self.cfg, id=new_entity.id).read()

@pytest.mark.upgrade
@pytest.mark.tier1
@pytest.mark.parametrize(
'entity_cls',
**parametrized([entities.Architecture, entities.Domain, entities.ActivationKey]),
**parametrized(
[entities.Architecture, entities.Domain, entities.ActivationKey, entities.Host]
),
)
def test_positive_check_delete(self, entity_cls, class_org, class_location, target_sat):
"""Check whether the "destroy_*" role has an effect.
Expand All @@ -334,7 +347,7 @@ def test_positive_check_delete(self, entity_cls, class_org, class_location, targ
new_entity = new_entity.create()
with pytest.raises(HTTPError):
entity_cls(self.cfg, id=new_entity.id).delete()
self.give_user_permission(_permission_name(entity_cls, 'delete'), target_sat)
self.give_user_permissions(_permission_names(entity_cls, 'delete'), target_sat)
entity_cls(self.cfg, id=new_entity.id).delete()
with pytest.raises(HTTPError):
new_entity.read() # As admin user
Expand Down Expand Up @@ -371,7 +384,7 @@ def test_positive_check_update(self, entity_cls, class_org, class_location, targ
update_entity = entity_cls(self.cfg, id=new_entity.id, name=name)
with pytest.raises(HTTPError):
update_entity.update(['name'])
self.give_user_permission(_permission_name(entity_cls, 'update'), target_sat)
self.give_user_permissions(_permission_names(entity_cls, 'update'), target_sat)
# update() calls read() under the hood, which triggers
# permission error
if entity_cls is entities.ActivationKey:
Expand Down

0 comments on commit da02297

Please sign in to comment.