diff --git a/tests/test_administration.py b/tests/test_administration.py
index 9ecc1360dc537852463c8ab3c2abc945266711e2..639396e37a8efb9bff173458b641c3e6fe4f47cc 100644
--- a/tests/test_administration.py
+++ b/tests/test_administration.py
@@ -30,9 +30,7 @@ from caosdb import administration as admin
from caosdb.connection.connection import configure_connection, get_connection
from caosdb.exceptions import (HTTPClientError, HTTPForbiddenError,
LoginFailedError, HTTPResourceNotFoundError)
-from nose.tools import (assert_equal, assert_is_not_none, assert_raises,
- assert_true)
-from pytest import raises
+from pytest import raises, mark
test_role = "test_role"
test_user = "test_user"
@@ -72,6 +70,10 @@ def teardown():
admin._delete_role(name=test_role)
except Exception as e:
print(e)
+ try:
+ admin._delete_role(name=test_role + "2")
+ except Exception as e:
+ print(e)
def switch_to_normal_user():
@@ -111,20 +113,17 @@ def test_insert_role_failure_permission():
def test_insert_role_failure_name_duplicates():
test_insert_role_success()
- with assert_raises(HTTPClientError) as cm:
+ with raises(HTTPClientError) as cm:
admin._insert_role(name=test_role, description=test_role_desc)
- assert_equal(
- cm.exception.msg,
- "Role name is already in use. Choose a different name.")
+ assert cm.value.msg == "Role name is already in use. Choose a different name."
def test_update_role_success():
test_insert_role_success()
- assert_is_not_none(
- admin._update_role(
- name=test_role,
- description=test_role_desc +
- "asdf"))
+ assert admin._update_role(
+ name=test_role,
+ description=test_role_desc +
+ "asdf") is not None
def test_update_role_failure_permissions():
@@ -143,7 +142,7 @@ def test_update_role_failure_non_existing():
def test_delete_role_success():
test_insert_role_success()
- assert_true(admin._delete_role(name=test_role))
+ assert admin._delete_role(name=test_role) == b"ok"
def test_delete_role_failure_permissions():
@@ -163,7 +162,7 @@ def test_delete_role_failure_non_existing():
def test_retrieve_role_success():
test_insert_role_success()
r = admin._retrieve_role(test_role)
- assert_is_not_none(r)
+ assert r is not None
def test_retrieve_role_failure_permission():
@@ -182,13 +181,10 @@ def test_retrieve_role_failure_non_existing():
def test_set_permissions_success():
test_insert_role_success()
- assert_true(
- admin._set_permissions(
- role=test_role,
- permission_rules=[
- admin.PermissionRule(
- "Grant",
- "BLA:BLA:BLA")]))
+ assert admin._set_permissions(
+ role=test_role, permission_rules=[
+ admin.PermissionRule(
+ "Grant", "BLA:BLA:BLA")]) == b"ok"
def test_set_permissions_failure_permissions():
@@ -214,8 +210,8 @@ def test_set_permissions_failure_non_existing():
def test_get_permissions_success():
test_set_permissions_success()
r = admin._get_permissions(role=test_role)
- assert_equal({admin.PermissionRule("Grant", "BLA:BLA:BLA")}, r)
- assert_is_not_none(r)
+ assert {admin.PermissionRule("Grant", "BLA:BLA:BLA")} == r
+ assert r is not None
def test_get_permissions_failure_permissions():
@@ -235,7 +231,7 @@ def test_get_permissions_failure_non_existing():
def test_get_roles_success():
test_insert_role_success()
r = admin._get_roles(username=test_user)
- assert_is_not_none(r)
+ assert r is not None
return r
@@ -258,17 +254,17 @@ def test_set_roles_success():
roles_old = test_get_roles_success()
roles = {test_role}
roles.union(roles_old)
- assert_is_not_none(admin._set_roles(username=test_user, roles=roles_old))
- assert_is_not_none(admin._set_roles(username=test_user, roles=roles))
- assert_is_not_none(admin._set_roles(username=test_user, roles=roles_old))
+ assert admin._set_roles(username=test_user, roles=roles_old) is not None
+ assert admin._set_roles(username=test_user, roles=roles) is not None
+ assert admin._set_roles(username=test_user, roles=roles_old) is not None
def test_set_roles_success_with_warning():
test_insert_role_success()
roles = {test_role}
r = admin._set_roles(username=test_user, roles=roles)
- assert_is_not_none(r)
- assert_is_not_none(admin._set_roles(username=test_user, roles=[]))
+ assert r is not None
+ assert admin._set_roles(username=test_user, roles=[]) is not None
def test_set_roles_failure_permissions():
@@ -283,9 +279,9 @@ def test_set_roles_failure_permissions():
def test_set_roles_failure_non_existing_role():
roles = {"non-existing-role"}
- with assert_raises(HTTPClientError) as cm:
+ with raises(HTTPClientError) as cm:
admin._set_roles(username=test_user, roles=roles)
- assert_equal(cm.exception.msg, "Role does not exist.")
+ assert cm.value.msg == "Role does not exist."
def test_set_roles_failure_non_existing_user():
@@ -319,14 +315,14 @@ def test_insert_user_failure_permissions():
def test_insert_user_failure_name_in_use():
test_insert_user_success()
- with assert_raises(HTTPClientError) as cm:
+ with raises(HTTPClientError) as cm:
test_insert_user_success()
- assert_equal(cm.exception.msg, "User name is already in use.")
+ assert cm.value.msg == "User name is already in use."
def test_delete_user_success():
test_insert_user_success()
- assert_is_not_none(admin._delete_user(name=test_user + "2"))
+ assert admin._delete_user(name=test_user + "2") is not None
def test_delete_user_failure_permissions():
@@ -344,13 +340,12 @@ def test_delete_user_failure_non_existing():
def test_update_user_success_status():
- assert_is_not_none(
- admin._insert_user(
- name=test_user + "2",
- password="secret1P!",
- status="INACTIVE",
- email="email@example.com",
- entity=None))
+ assert admin._insert_user(
+ name=test_user + "2",
+ password="secret1P!",
+ status="INACTIVE",
+ email="email@example.com",
+ entity=None) is not None
admin._update_user(
realm=None,
name=test_user + "2",
@@ -361,13 +356,12 @@ def test_update_user_success_status():
def test_update_user_success_email():
- assert_is_not_none(
- admin._insert_user(
- name=test_user + "2",
- password="secret1P!",
- status="ACTIVE",
- email="email@example.com",
- entity=None))
+ assert admin._insert_user(
+ name=test_user + "2",
+ password="secret1P!",
+ status="ACTIVE",
+ email="email@example.com",
+ entity=None) is not None
admin._update_user(
realm=None,
name=test_user + "2",
@@ -378,25 +372,23 @@ def test_update_user_success_email():
def test_update_user_success_entity():
- assert_is_not_none(
- admin._insert_user(
- name=test_user + "2",
- password="secret1P!",
- status="ACTIVE",
- email="email@example.com",
- entity=None))
+ assert admin._insert_user(
+ name=test_user + "2",
+ password="secret1P!",
+ status="ACTIVE",
+ email="email@example.com",
+ entity=None) is not None
admin._update_user(realm=None, name=test_user + "2", password=None,
status=None, email=None, entity="21")
def test_update_user_success_password():
- assert_is_not_none(
- admin._insert_user(
- name=test_user + "2",
- password="secret1P!",
- status="ACTIVE",
- email="email@example.com",
- entity=None))
+ assert admin._insert_user(
+ name=test_user + "2",
+ password="secret1P!",
+ status="ACTIVE",
+ email="email@example.com",
+ entity=None) is not None
admin._update_user(
realm=None,
name=test_user + "2",
@@ -500,7 +492,7 @@ def test_update_user_failure_non_existing_entity():
def test_retrieve_user_success():
test_insert_user_success()
- assert_is_not_none(admin._retrieve_user(realm=None, name=test_user + "2"))
+ assert admin._retrieve_user(realm=None, name=test_user + "2") is not None
def test_retrieve_user_failure_permissions():
@@ -518,14 +510,67 @@ def test_retrieve_user_failure_non_existing():
def test_login_with_inactive_user_failure():
- assert_is_not_none(
- admin._insert_user(
- name=test_user + "2",
- password="secret1P!",
- status="INACTIVE",
- email="email@example.com",
- entity=None))
+ assert admin._insert_user(
+ name=test_user + "2",
+ password="secret1P!",
+ status="INACTIVE",
+ email="email@example.com",
+ entity=None) is not None
configure_connection(username=test_user + "2", password="secret1P!",
password_method="plain")
- with assert_raises(LoginFailedError):
+ with raises(LoginFailedError):
get_connection()._login()
+
+
+def grant_role_permission(role_name, role_permissions,
+ permissions_priority=False):
+ perms = admin._get_permissions(role_name)
+
+ for p in role_permissions:
+ g = admin.PermissionRule(
+ action="Grant", permission=p, priority=permissions_priority)
+ d = admin.PermissionRule(
+ action="Deny", permission=p, priority=permissions_priority)
+
+ if g in perms:
+ perms.remove(g)
+
+ if d in perms:
+ perms.remove(d)
+ perms.add(g)
+ admin._set_permissions(role=role_name, permission_rules=perms)
+
+
+def add_roles(user_name, user_roles):
+ roles = admin._get_roles(username=user_name, realm=None)
+
+ for r in user_roles:
+ roles.add(r)
+ admin._set_roles(username=user_name, roles=roles)
+
+
+@mark.xfail(reason=("fix needed for "
+ "https://gitlab.com/caosdb/caosdb-server/-/issues/128"))
+def test_update_own_password():
+ admin._insert_user(
+ name=test_user + "2",
+ password="secret1P!",
+ status="ACTIVE",
+ email="email@example.com",
+ entity=None)
+
+ # workaround
+ # admin._insert_role(name=test_role + "2", description="some role_description")
+ # add_roles(test_user + "2", [test_role + "2"])
+ # grant_role_permission(test_role + "2",
+ # ["ACM:USER:UPDATE_PASSWORD:?REALM?:?USERNAME?"])
+
+ configure_connection(username=test_user + "2", password="secret1P!",
+ password_method="plain")
+ assert b"ok" == admin._update_user(
+ realm=None,
+ name=test_user + "2",
+ password="newsecret1P!",
+ status=None,
+ email=None,
+ entity=None)