|
|
|
|
@ -1,6 +1,6 @@
|
|
|
|
|
import pytest
|
|
|
|
|
from unittest.mock import Mock, patch
|
|
|
|
|
from sqlalchemy.orm import Session
|
|
|
|
|
|
|
|
|
|
import pytest
|
|
|
|
|
|
|
|
|
|
from models.account import Account, TenantAccountRole
|
|
|
|
|
from models.dataset import Dataset, DatasetPermission, DatasetPermissionEnum
|
|
|
|
|
@ -77,7 +77,7 @@ class TestDatasetPermissionService:
|
|
|
|
|
DatasetService.check_dataset_permission(self.dataset, self.normal_user)
|
|
|
|
|
DatasetService.check_dataset_permission(self.dataset, self.creator_user)
|
|
|
|
|
|
|
|
|
|
@patch('services.dataset_service.db.session')
|
|
|
|
|
@patch("services.dataset_service.db.session")
|
|
|
|
|
def test_partial_team_permission_creator_can_access(self, mock_session):
|
|
|
|
|
"""Test PARTIAL_TEAM permission allows creator to access"""
|
|
|
|
|
self.dataset.permission = DatasetPermissionEnum.PARTIAL_TEAM
|
|
|
|
|
@ -88,7 +88,7 @@ class TestDatasetPermissionService:
|
|
|
|
|
# Should not query database for creator
|
|
|
|
|
mock_session.query.assert_not_called()
|
|
|
|
|
|
|
|
|
|
@patch('services.dataset_service.db.session')
|
|
|
|
|
@patch("services.dataset_service.db.session")
|
|
|
|
|
def test_partial_team_permission_with_explicit_permission(self, mock_session):
|
|
|
|
|
"""Test PARTIAL_TEAM permission allows users with explicit permission"""
|
|
|
|
|
self.dataset.permission = DatasetPermissionEnum.PARTIAL_TEAM
|
|
|
|
|
@ -101,12 +101,9 @@ class TestDatasetPermissionService:
|
|
|
|
|
DatasetService.check_dataset_permission(self.dataset, self.normal_user)
|
|
|
|
|
|
|
|
|
|
# Verify database was queried correctly
|
|
|
|
|
mock_session.query().filter_by.assert_called_with(
|
|
|
|
|
dataset_id=self.dataset.id,
|
|
|
|
|
account_id=self.normal_user.id
|
|
|
|
|
)
|
|
|
|
|
mock_session.query().filter_by.assert_called_with(dataset_id=self.dataset.id, account_id=self.normal_user.id)
|
|
|
|
|
|
|
|
|
|
@patch('services.dataset_service.db.session')
|
|
|
|
|
@patch("services.dataset_service.db.session")
|
|
|
|
|
def test_partial_team_permission_without_explicit_permission(self, mock_session):
|
|
|
|
|
"""Test PARTIAL_TEAM permission denies users without explicit permission"""
|
|
|
|
|
self.dataset.permission = DatasetPermissionEnum.PARTIAL_TEAM
|
|
|
|
|
@ -118,12 +115,9 @@ class TestDatasetPermissionService:
|
|
|
|
|
DatasetService.check_dataset_permission(self.dataset, self.normal_user)
|
|
|
|
|
|
|
|
|
|
# Verify database was queried correctly
|
|
|
|
|
mock_session.query().filter_by.assert_called_with(
|
|
|
|
|
dataset_id=self.dataset.id,
|
|
|
|
|
account_id=self.normal_user.id
|
|
|
|
|
)
|
|
|
|
|
mock_session.query().filter_by.assert_called_with(dataset_id=self.dataset.id, account_id=self.normal_user.id)
|
|
|
|
|
|
|
|
|
|
@patch('services.dataset_service.db.session')
|
|
|
|
|
@patch("services.dataset_service.db.session")
|
|
|
|
|
def test_partial_team_permission_non_creator_without_permission_fails(self, mock_session):
|
|
|
|
|
"""Test that non-creators without explicit permission are denied access"""
|
|
|
|
|
self.dataset.permission = DatasetPermissionEnum.PARTIAL_TEAM
|
|
|
|
|
@ -148,8 +142,8 @@ class TestDatasetPermissionService:
|
|
|
|
|
# Creator should always have access
|
|
|
|
|
DatasetService.check_dataset_permission(self.dataset, self.creator_user)
|
|
|
|
|
|
|
|
|
|
@patch('services.dataset_service.logging')
|
|
|
|
|
@patch('services.dataset_service.db.session')
|
|
|
|
|
@patch("services.dataset_service.logging")
|
|
|
|
|
@patch("services.dataset_service.db.session")
|
|
|
|
|
def test_permission_denied_logs_debug_message(self, mock_session, mock_logging):
|
|
|
|
|
"""Test that permission denied events are logged"""
|
|
|
|
|
self.dataset.permission = DatasetPermissionEnum.PARTIAL_TEAM
|
|
|
|
|
|
MioINAMIJIMA
1 year ago