diff --git a/pytest_fixtures/component/user_role.py b/pytest_fixtures/component/user_role.py index 28a36c87c73..99b6a8492c2 100644 --- a/pytest_fixtures/component/user_role.py +++ b/pytest_fixtures/component/user_role.py @@ -13,6 +13,11 @@ def function_role(target_sat): return target_sat.api.Role().create() +@pytest.fixture +def function_role_with_org(module_target_sat, module_org): + return module_target_sat.api.Role(organization=[module_org]).create() + + @pytest.fixture(scope='module') def module_user(module_target_sat, module_org, module_location): return module_target_sat.api.User( diff --git a/tests/foreman/api/test_contentview.py b/tests/foreman/api/test_contentview.py index 2ab59d38c76..334b1b34e11 100644 --- a/tests/foreman/api/test_contentview.py +++ b/tests/foreman/api/test_contentview.py @@ -2242,7 +2242,7 @@ def test_repository_rpms_id_type(target_sat): def test_negative_readonly_user_actions( - target_sat, function_role, content_view, module_org, module_lce + target_sat, content_view, module_org, module_lce, function_role_with_org ): """Attempt to manage content views @@ -2264,27 +2264,26 @@ def test_negative_readonly_user_actions( """ user_login = gen_string('alpha') user_password = gen_string('alphanumeric') + # create a role with content views read only permissions target_sat.api.Filter( - organization=[module_org], permission=target_sat.api.Permission().search( filters={'name': 'view_content_views'}, query={'search': 'resource_type="Katello::ContentView"'}, ), - role=function_role, + role=function_role_with_org, ).create() # create environment permissions and assign it to our role target_sat.api.Filter( - organization=[module_org], permission=target_sat.api.Permission().search( query={'search': 'resource_type="Katello::KTEnvironment"'} ), - role=function_role, + role=function_role_with_org, ).create() # create a user and assign the above created role target_sat.api.User( organization=[module_org], - role=[function_role], + role=[function_role_with_org], login=user_login, password=user_password, ).create() @@ -2323,7 +2322,9 @@ def test_negative_readonly_user_actions( target_sat.api.HostCollection(server_config=cfg).create() -def test_negative_non_readonly_user_actions(target_sat, content_view, function_role, module_org): +def test_negative_non_readonly_user_actions( + target_sat, content_view, module_org, function_role_with_org +): """Attempt to view content views :id: b0a53c38-72f1-4731-881e-192134df6ef3 @@ -2349,14 +2350,13 @@ def test_negative_non_readonly_user_actions(target_sat, content_view, function_r entity for entity in cv_permissions_entities if entity.name in user_cv_permissions ] target_sat.api.Filter( - organization=[module_org], permission=user_cv_permissions_entities, - role=function_role, + role=function_role_with_org, ).create() # create a user and assign the above created role target_sat.api.User( organization=[module_org], - role=[function_role], + role=[function_role_with_org], login=user_login, password=user_password, ).create() diff --git a/tests/foreman/api/test_role.py b/tests/foreman/api/test_role.py index 9689da71c95..b2c6cce5956 100644 --- a/tests/foreman/api/test_role.py +++ b/tests/foreman/api/test_role.py @@ -165,8 +165,8 @@ def role_taxonomies(self, target_sat): } @pytest.fixture - def filter_taxonomies(self, target_sat): - """Create filter taxonomies""" + def another_taxonomies(self, target_sat): + """Create another set of taxonomies""" return { 'org': target_sat.api.Organization().create(), 'loc': target_sat.api.Location().create(), @@ -244,21 +244,19 @@ def test_positive_create_role_without_taxonomies(self, target_sat): assert not role.organization assert not role.location - def test_positive_create_filter_without_override(self, role_taxonomies, target_sat): - """Create filter in role w/o overriding it + def test_positive_create_filter(self, role_taxonomies, target_sat): + """Create filter in role :id: 1aadb7ea-ff76-4171-850f-188ba6f87021 :steps: 1. Create a role with taxonomies assigned - 2. Create filter in role without overriding it + 2. Create filter in role :expectedresults: - 1. Filter w/o override is created in role - 2. The taxonomies of role are inherited to filter - 3. Override check is not marked by default in filters table + 1. Filter is created in role :CaseImportance: Critical """ @@ -272,116 +270,15 @@ def test_positive_create_filter_without_override(self, role_taxonomies, target_s dom_perm = target_sat.api.Permission().search(query={'search': 'resource_type="Domain"'}) filtr = target_sat.api.Filter(permission=dom_perm, role=role.id).create() assert role.id == filtr.role.id - assert role_taxonomies['org'].id == filtr.organization[0].id - assert role_taxonomies['loc'].id == filtr.location[0].id - assert not filtr.override - def test_positive_create_non_overridable_filter(self, target_sat): - """Create non overridable filter in role - - :id: f891e2e1-76f8-4edf-8c96-b41d05483298 - - :steps: Create a filter to which taxonomies cannot be associated. - e.g. Architecture filter - - :expectedresults: - - 1. Filter is created without taxonomies - 2. Override check is set to false - - :CaseImportance: Critical - """ - role_name = gen_string('alpha') - role = target_sat.api.Role(name=role_name).create() - assert role.name == role_name - arch_perm = target_sat.api.Permission().search( - query={'search': 'resource_type="Architecture"'} - ) - filtr = target_sat.api.Filter(permission=arch_perm, role=role.id).create() - assert role.id == filtr.role.id - assert not filtr.override - - def test_negative_override_non_overridable_filter(self, filter_taxonomies, target_sat): - """Override non overridable filter - - :id: 7793be96-e8eb-451b-a986-51a46a1ab4f9 - - :steps: Attempt to override a filter to which taxonomies cannot be - associated. e.g. Architecture filter - - :expectedresults: Filter is not overridden as taxonomies cannot be - applied to that filter - - :CaseImportance: Critical - """ - role_name = gen_string('alpha') - role = target_sat.api.Role(name=role_name).create() - assert role.name == role_name - arch_perm = target_sat.api.Permission().search( - query={'search': 'resource_type="Architecture"'} - ) - with pytest.raises(HTTPError): - target_sat.api.Filter( - permission=arch_perm, - role=[role.id], - override=True, - organization=[filter_taxonomies['org']], - location=[filter_taxonomies['loc']], - ).create() - - @pytest.mark.upgrade - def test_positive_create_overridable_filter( - self, role_taxonomies, filter_taxonomies, target_sat - ): - """Create overridable filter in role - - :id: c7ea9377-9b9e-495e-accd-3576166d504e - - :steps: - - 1. Create a filter to which taxonomies can be associated. - e.g Domain filter - 2. Override a filter with some taxonomies - - :expectedresults: - - 1. Filter is created with taxonomies - 2. Override check is set to true - 3. Filter doesn't inherits taxonomies from role - - :CaseImportance: Critical - """ - role_name = gen_string('alpha') - role = target_sat.api.Role( - name=role_name, - organization=[role_taxonomies['org']], - location=[role_taxonomies['loc']], - ).create() - assert role.name == role_name - dom_perm = target_sat.api.Permission().search(query={'search': 'resource_type="Domain"'}) - filtr = target_sat.api.Filter( - permission=dom_perm, - role=role.id, - override=True, - organization=[filter_taxonomies['org']], - location=[filter_taxonomies['loc']], - ).create() - assert role.id == filtr.role.id - assert filter_taxonomies['org'].id == filtr.organization[0].id - assert filter_taxonomies['loc'].id == filtr.location[0].id - assert filtr.override - assert role_taxonomies['org'].id != filtr.organization[0].id - assert role_taxonomies['loc'].id != filtr.location[0].id - - def test_positive_update_role_taxonomies(self, role_taxonomies, filter_taxonomies, target_sat): - """Update role taxonomies which applies to its non-overrided filters + def test_positive_update_role_taxonomies(self, role_taxonomies, another_taxonomies, target_sat): + """Update role taxonomies which applies to its filters :id: 902dcb32-2126-4ff4-b733-3e86749ccd1e :steps: Update existing role with different taxonomies - :expectedresults: The taxonomies are applied only to non-overrided role - filters + :expectedresults: The taxonomies are applied only to role filters :CaseImportance: Critical """ @@ -395,103 +292,13 @@ def test_positive_update_role_taxonomies(self, role_taxonomies, filter_taxonomie dom_perm = target_sat.api.Permission().search(query={'search': 'resource_type="Domain"'}) filtr = target_sat.api.Filter(permission=dom_perm, role=role.id).create() assert role.id == filtr.role.id - role.organization = [filter_taxonomies['org']] - role.location = [filter_taxonomies['loc']] + role.organization = [another_taxonomies['org']] + role.location = [another_taxonomies['loc']] role = role.update(['organization', 'location']) # Updated Role role = target_sat.api.Role(id=role.id).read() - assert filter_taxonomies['org'].id == role.organization[0].id - assert filter_taxonomies['loc'].id == role.location[0].id - # Updated Filter - filtr = target_sat.api.Filter(id=filtr.id).read() - assert filter_taxonomies['org'].id == filtr.organization[0].id - assert filter_taxonomies['loc'].id == filtr.location[0].id - - def test_negative_update_role_taxonomies(self, role_taxonomies, filter_taxonomies, target_sat): - """Update role taxonomies which doesn't apply to its overridden filters - - :id: 9f3bf95a-f71a-4063-b51c-12610bc655f2 - - :steps: - - 1. Update existing role with different taxonomies - - :expectedresults: The overridden role filters are not updated - - :CaseImportance: Critical - """ - role_name = gen_string('alpha') - role = target_sat.api.Role( - name=role_name, - organization=[role_taxonomies['org']], - location=[role_taxonomies['loc']], - ).create() - assert role.name == role_name - dom_perm = target_sat.api.Permission().search(query={'search': 'resource_type="Domain"'}) - filtr = target_sat.api.Filter( - permission=dom_perm, - role=role.id, - override=True, - organization=[filter_taxonomies['org']], - location=[filter_taxonomies['loc']], - ).create() - assert role.id == filtr.role.id - # Creating new Taxonomies - org_new = target_sat.api.Organization().create() - loc_new = target_sat.api.Location().create() - # Updating Taxonomies - role.organization = [org_new] - role.location = [loc_new] - role = role.update(['organization', 'location']) - # Updated Role - role = target_sat.api.Role(id=role.id).read() - assert org_new.id == role.organization[0].id - assert loc_new.id == role.location[0].id - # Updated Filter - filtr = target_sat.api.Filter(id=filtr.id).read() - assert org_new.id != filtr.organization[0].id - assert loc_new.id != filtr.location[0].id - - def test_positive_disable_filter_override(self, role_taxonomies, filter_taxonomies, target_sat): - """Unsetting override flag resets filter taxonomies - - :id: eaa7b921-7c12-45c5-989b-d82aa2b6e3a6 - - :steps: - - 1. Create role with organization A and Location A - 2. Create an overridden filter in role with organization B - and Location B - 3. Set above filter override flag to False in role - 4. Get above role filters - - :expectedresults: The taxonomies of filters resets/synced to role - taxonomies - - :CaseImportance: Critical - """ - role_name = gen_string('alpha') - role = target_sat.api.Role( - name=role_name, - organization=[role_taxonomies['org']], - location=[role_taxonomies['loc']], - ).create() - assert role.name == role_name - dom_perm = target_sat.api.Permission().search(query={'search': 'resource_type="Domain"'}) - filtr = target_sat.api.Filter( - permission=dom_perm, - role=role.id, - override=True, - organization=[filter_taxonomies['org']], - location=[filter_taxonomies['loc']], - ).create() - assert role.id == filtr.role.id - # Un-overriding - filtr.override = False - filtr = filtr.update(['override']) - assert not filtr.override - assert filter_taxonomies['org'].id != filtr.organization[0].id - assert filter_taxonomies['loc'].id != filtr.location[0].id + assert another_taxonomies['org'].id == role.organization[0].id + assert another_taxonomies['loc'].id == role.location[0].id def test_positive_create_org_admin_from_clone(self, target_sat): """Create Org Admin role which has access to most of the resources @@ -541,7 +348,7 @@ def test_positive_create_cloned_role_with_taxonomies(self, role_taxonomies, targ assert role_taxonomies['loc'].id == org_admin.location[0].id def test_negative_access_entities_from_org_admin( - self, role_taxonomies, filter_taxonomies, target_sat + self, role_taxonomies, another_taxonomies, target_sat ): """User can not access resources in taxonomies assigned to role if its own taxonomies are not same as its role @@ -561,7 +368,7 @@ def test_negative_access_entities_from_org_admin( """ user = self.create_org_admin_user( - target_sat, role_taxos=role_taxonomies, user_taxos=filter_taxonomies + target_sat, role_taxos=role_taxonomies, user_taxos=another_taxonomies ) domain = self.create_domain( target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] @@ -572,7 +379,7 @@ def test_negative_access_entities_from_org_admin( target_sat.api.Domain(server_config=sc, id=domain.id).read() def test_negative_access_entities_from_user( - self, role_taxonomies, filter_taxonomies, target_sat + self, role_taxonomies, another_taxonomies, target_sat ): """User can not access resources within its own taxonomies if assigned role does not have permissions for user taxonomies @@ -592,330 +399,16 @@ def test_negative_access_entities_from_user( """ user = self.create_org_admin_user( - target_sat, role_taxos=role_taxonomies, user_taxos=filter_taxonomies + target_sat, role_taxos=role_taxonomies, user_taxos=another_taxonomies ) domain = self.create_domain( - target_sat, orgs=[filter_taxonomies['org'].id], locs=[filter_taxonomies['loc'].id] + target_sat, orgs=[another_taxonomies['org'].id], locs=[another_taxonomies['loc'].id] ) sc = self.user_config(user, target_sat) # Getting the domain from user with pytest.raises(HTTPError): target_sat.api.Domain(server_config=sc, id=domain.id).read() - def test_positive_override_cloned_role_filter(self, role_taxonomies, target_sat): - """Cloned role filter overrides - - :id: 8a32ed5f-b93f-4f31-aff4-16602fbe7fab - - :steps: - - 1. Create a role with overridden filter - 2. Clone above role - 3. Attempt to override the filter in cloned role - - :expectedresults: Filter in cloned role should be overridden - - """ - role_name = gen_string('alpha') - role = target_sat.api.Role(name=role_name).create() - dom_perm = target_sat.api.Permission().search(query={'search': 'resource_type="Domain"'}) - target_sat.api.Filter(permission=dom_perm, role=role.id).create() - cloned_role_name = gen_string('alpha') - cloned_role = target_sat.api.Role(id=role.id).clone(data={'name': cloned_role_name}) - assert cloned_role_name == cloned_role['name'] - filter_cloned_id = target_sat.api.Role(id=cloned_role['id']).read().filters[0].id - filter_cloned = target_sat.api.Filter(id=filter_cloned_id).read() - filter_cloned.override = True - filter_cloned.organization = [role_taxonomies['org']] - filter_cloned.location = [role_taxonomies['loc']] - filter_cloned.update(['override', 'organization', 'location']) - # Updated Filter - filter_cloned = target_sat.api.Filter(id=filter_cloned_id).read() - assert filter_cloned.override - assert role_taxonomies['org'].id == filter_cloned.organization[0].id - assert role_taxonomies['loc'].id == filter_cloned.location[0].id - - def test_positive_emptiness_of_filter_taxonomies_on_role_clone( - self, role_taxonomies, filter_taxonomies, target_sat - ): - """Taxonomies of filters in cloned role are set to None for filters that - are overridden in parent role - - :id: 4bfc44db-9089-4ce8-9fd8-8eab1a7cbd33 - - :steps: - - 1. Create a role with an overridden filter - 2. Overridden filter should have taxonomies assigned - 3. Clone above role - 4. GET cloned role filters - - :expectedresults: - - 1. Taxonomies of the 'parent roles overridden filter' are set to - None in cloned role - 2. Override flag is set to True in cloned role filter - - """ - role = target_sat.api.Role( - name=gen_string('alpha'), - organization=[role_taxonomies['org']], - location=[role_taxonomies['loc']], - ).create() - dom_perm = target_sat.api.Permission().search(query={'search': 'resource_type="Domain"'}) - target_sat.api.Filter( - permission=dom_perm, - role=role.id, - override=True, - organization=[filter_taxonomies['org']], - location=[filter_taxonomies['loc']], - ).create() - cloned_role = target_sat.api.Role(id=role.id).clone(data={'name': gen_string('alpha')}) - cloned_role_filter = target_sat.api.Role(id=cloned_role['id']).read().filters[0] - filter_cloned = target_sat.api.Filter(id=cloned_role_filter.id).read() - assert not filter_cloned.organization - assert not filter_cloned.location - assert filter_cloned.override - - def test_positive_clone_role_having_overridden_filter_with_taxonomies( - self, role_taxonomies, filter_taxonomies, target_sat - ): - """When taxonomies assigned to cloned role, Unlimited and Override flag - sets on filter for filter that is overridden in parent role - - :id: 233a4489-d327-4fa0-8a8a-b3a0905b9c12 - - :steps: - - 1. Create a role with organization A and Location A - 2. Create overridden role filter in organization B - and Location B - 3. Clone above role and assign Organization A and Location A - while cloning - 4. GET cloned role filter - - :expectedresults: Unlimited and Override flags should be set to True on - filter for filter that is overridden in parent role - - """ - role = target_sat.api.Role( - name=gen_string('alpha'), - organization=[role_taxonomies['org']], - location=[role_taxonomies['loc']], - ).create() - dom_perm = target_sat.api.Permission().search(query={'search': 'resource_type="Domain"'}) - target_sat.api.Filter( - permission=dom_perm, - role=role.id, - override=True, - organization=[filter_taxonomies['org']], - location=[filter_taxonomies['loc']], - ).create() - cloned_role = target_sat.api.Role(id=role.id).clone( - data={ - 'name': gen_string('alpha'), - 'organization_ids': [role_taxonomies['org'].id], - 'location_ids': [role_taxonomies['loc'].id], - } - ) - cloned_role_filter = target_sat.api.Role(id=cloned_role['id']).read().filters[0] - cloned_filter = target_sat.api.Filter(id=cloned_role_filter.id).read() - assert cloned_filter.unlimited - assert cloned_filter.override - - def test_positive_clone_role_having_non_overridden_filter_with_taxonomies( - self, role_taxonomies, target_sat - ): - """When taxonomies assigned to cloned role, Neither unlimited nor - override sets on filter for filter that is not overridden in parent - role - - :id: abc8d419-0c1a-4043-b739-833714663127 - - :steps: - - 1. Create a role with organization A and Location A - 2. Create role filter without overriding - 3. Clone above role and assign Organization A and Location A - while cloning - 4. GET cloned role filter - - :expectedresults: Both unlimited and override flag should be set to - False on filter for filter that is not overridden in parent role - - """ - role = target_sat.api.Role( - name=gen_string('alpha'), - organization=[role_taxonomies['org']], - location=[role_taxonomies['loc']], - ).create() - dom_perm = target_sat.api.Permission().search(query={'search': 'resource_type="Domain"'}) - target_sat.api.Filter(permission=dom_perm, role=role.id).create() - cloned_role = target_sat.api.Role(id=role.id).clone( - data={ - 'name': gen_string('alpha'), - 'organization_ids': [role_taxonomies['org'].id], - 'location_ids': [role_taxonomies['loc'].id], - } - ) - cloned_role_filter = target_sat.api.Role(id=cloned_role['id']).read().filters[0] - cloned_filter = target_sat.api.Filter(id=cloned_role_filter.id).read() - assert not cloned_filter.unlimited - assert not cloned_filter.override - - def test_positive_clone_role_having_unlimited_filter_with_taxonomies( - self, role_taxonomies, target_sat - ): - """When taxonomies assigned to cloned role, Neither unlimited nor - override sets on filter for filter that is unlimited in parent role - - :id: 7cb99401-9af2-40b8-9300-0a6333f8aaa0 - - :steps: - - 1. Create a role with organization A and Location A - 2. Create role filter with unlimited check - 3. Clone above role and assign Organization A and Location A - while cloning - 4. GET cloned role filter - - :expectedresults: Both unlimited and override flags should be set to - False on filter for filter that is unlimited in parent role - - """ - role = target_sat.api.Role( - name=gen_string('alpha'), - organization=[role_taxonomies['org']], - location=[role_taxonomies['loc']], - ).create() - dom_perm = target_sat.api.Permission().search(query={'search': 'resource_type="Domain"'}) - target_sat.api.Filter(permission=dom_perm, role=role.id, unlimited=True).create() - cloned_role = target_sat.api.Role(id=role.id).clone( - data={ - 'name': gen_string('alpha'), - 'organization_ids': [role_taxonomies['org'].id], - 'location_ids': [role_taxonomies['loc'].id], - } - ) - cloned_role_filter = target_sat.api.Role(id=cloned_role['id']).read().filters[0] - cloned_filter = target_sat.api.Filter(id=cloned_role_filter.id).read() - assert not cloned_filter.unlimited - assert not cloned_filter.override - - def test_positive_clone_role_having_overridden_filter_without_taxonomies( - self, role_taxonomies, filter_taxonomies, target_sat - ): # noqa - """When taxonomies not assigned to cloned role, Unlimited and override - flags sets on filter for filter that is overridden in parent role - - :id: 1af58f93-46f8-411a-8468-43abc34ef966 - - :steps: - - 1. Create a role with organization A and Location A - 2. Create overridden role filter in organization B - and Location B - 3. Clone above role without assigning taxonomies - 4. GET cloned role filter - - :expectedresults: Both unlimited and Override flags should be set to - True on filter for filter that is overridden in parent role - - """ - role = target_sat.api.Role( - name=gen_string('alpha'), - organization=[role_taxonomies['org']], - location=[role_taxonomies['loc']], - ).create() - dom_perm = target_sat.api.Permission().search(query={'search': 'resource_type="Domain"'}) - target_sat.api.Filter( - permission=dom_perm, - role=role.id, - override=True, - organization=[filter_taxonomies['org']], - location=[filter_taxonomies['loc']], - ).create() - cloned_role = target_sat.api.Role(id=role.id).clone(data={'name': gen_string('alpha')}) - cloned_role_filter = target_sat.api.Role(id=cloned_role['id']).read().filters[0] - cloned_filter = target_sat.api.Filter(id=cloned_role_filter.id).read() - assert cloned_filter.unlimited - assert cloned_filter.override - - def test_positive_clone_role_without_taxonomies_non_overided_filter( - self, role_taxonomies, target_sat - ): - """When taxonomies not assigned to cloned role, only unlimited but not - override flag sets on filter for filter that is overridden in parent - role - - :id: 85eea70a-482a-487c-affa-dec3891a1388 - - :steps: - - 1. Create a role with organization A and Location A - 2. Create role filter without overriding - 3. Clone above role without assigning taxonomies - 4. GET cloned role filter - - :expectedresults: - - 1. Unlimited flag should be set to True - 2. Override flag should be set to False - - :BZ: 1488908 - """ - role = target_sat.api.Role( - name=gen_string('alpha'), - organization=[role_taxonomies['org']], - location=[role_taxonomies['loc']], - ).create() - dom_perm = target_sat.api.Permission().search(query={'search': 'resource_type="Domain"'}) - target_sat.api.Filter(permission=dom_perm, role=role.id).create() - cloned_role = target_sat.api.Role(id=role.id).clone( - data={'role': {'name': gen_string('alpha'), 'location_ids': [], 'organization_ids': []}} - ) - cloned_role_filter = target_sat.api.Role(id=cloned_role['id']).read().filters[0] - cloned_filter = target_sat.api.Filter(id=cloned_role_filter.id).read() - assert cloned_filter.unlimited - assert not cloned_filter.override - - def test_positive_clone_role_without_taxonomies_unlimited_filter( - self, role_taxonomies, target_sat - ): - """When taxonomies not assigned to cloned role, Unlimited and override - flags sets on filter for filter that is unlimited in parent role - - :id: 8ffc7b34-1a25-4663-b3c8-0bbf5fcb61aa - - :steps: - - 1. Create a role with organization A and Location A - 2. Create role filter with unlimited check - 3. Clone above role without assigning taxonomies - 4. GET cloned role filter - - :expectedresults: - - 1. Unlimited flag should be set to True - 2. Override flag should be set to False - - :BZ: 1488908 - """ - role = target_sat.api.Role( - name=gen_string('alpha'), - organization=[role_taxonomies['org']], - location=[role_taxonomies['loc']], - ).create() - dom_perm = target_sat.api.Permission().search(query={'search': 'resource_type="Domain"'}) - target_sat.api.Filter(permission=dom_perm, role=role.id, unlimited=True).create() - cloned_role = target_sat.api.Role(id=role.id).clone( - data={'role': {'name': gen_string('alpha'), 'location_ids': [], 'organization_ids': []}} - ) - cloned_role_filter = target_sat.api.Role(id=cloned_role['id']).read().filters[0] - cloned_filter = target_sat.api.Filter(id=cloned_role_filter.id).read() - assert cloned_filter.unlimited - assert not cloned_filter.override - @pytest.mark.upgrade def test_positive_user_group_users_access_as_org_admin(self, role_taxonomies, target_sat): """Users in usergroup can have access to the resources in taxonomies if @@ -1021,7 +514,7 @@ def test_positive_user_group_users_access_contradict_as_org_admins(self): """ def test_negative_assign_org_admin_to_user_group( - self, role_taxonomies, filter_taxonomies, target_sat + self, role_taxonomies, another_taxonomies, target_sat ): """Users in usergroup can not have access to the resources in taxonomies if the taxonomies of Org Admin role is not same @@ -1043,8 +536,8 @@ def test_negative_assign_org_admin_to_user_group( org_admin = self.create_org_admin_role( target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] ) - user_one = self.create_simple_user(target_sat, filter_taxos=filter_taxonomies) - user_two = self.create_simple_user(target_sat, filter_taxos=filter_taxonomies) + user_one = self.create_simple_user(target_sat, filter_taxos=another_taxonomies) + user_two = self.create_simple_user(target_sat, filter_taxos=another_taxonomies) ug_name = gen_string('alpha') user_group = target_sat.api.UserGroup( name=ug_name, role=[org_admin.id], user=[user_one.id, user_two.id] @@ -1059,7 +552,7 @@ def test_negative_assign_org_admin_to_user_group( target_sat.api.Domain(server_config=sc, id=dom.id).read() def test_negative_assign_taxonomies_by_org_admin( - self, role_taxonomies, filter_taxonomies, target_sat + self, role_taxonomies, another_taxonomies, target_sat ): """Org Admin doesn't have permissions to assign org to any of its entities @@ -1106,7 +599,7 @@ def test_negative_assign_taxonomies_by_org_admin( ) # Getting the domain from user1 dom = target_sat.api.Domain(server_config=sc, id=dom.id).read() - dom.organization = [filter_taxonomies['org']] + dom.organization = [another_taxonomies['org']] with pytest.raises(HTTPError): dom.update(['organization']) @@ -1418,7 +911,7 @@ def test_positive_access_users_inside_org_admin_taxonomies(self, role_taxonomies pytest.fail(str(err)) def test_negative_access_users_outside_org_admin_taxonomies( - self, role_taxonomies, filter_taxonomies, target_sat + self, role_taxonomies, another_taxonomies, target_sat ): """Org Admin can not access users outside its taxonomies @@ -1441,7 +934,7 @@ def test_negative_access_users_outside_org_admin_taxonomies( user = self.create_org_admin_user( target_sat, role_taxos=role_taxonomies, user_taxos=role_taxonomies ) - test_user = self.create_simple_user(target_sat, filter_taxos=filter_taxonomies) + test_user = self.create_simple_user(target_sat, filter_taxos=another_taxonomies) sc = self.user_config(user, target_sat) with pytest.raises(HTTPError): target_sat.api.User(server_config=sc, id=test_user.id).read() @@ -1490,7 +983,7 @@ def test_negative_create_taxonomies_by_org_admin(self, role_taxonomies, target_s @pytest.mark.upgrade def test_positive_access_all_global_entities_by_org_admin( - self, role_taxonomies, filter_taxonomies, target_sat + self, role_taxonomies, another_taxonomies, target_sat ): """Org Admin can access all global target_sat.api in any taxonomies regardless of its own assigned taxonomies @@ -1516,8 +1009,8 @@ def test_positive_access_all_global_entities_by_org_admin( login=user_login, password=user_pass, role=[org_admin.id], - organization=[role_taxonomies['org'], filter_taxonomies['org']], - location=[role_taxonomies['loc'], filter_taxonomies['loc']], + organization=[role_taxonomies['org'], another_taxonomies['org']], + location=[role_taxonomies['loc'], another_taxonomies['loc']], ).create() assert user_login == user.login sc = ServerConfig( diff --git a/tests/foreman/cli/test_contentview.py b/tests/foreman/cli/test_contentview.py index d45af86f8a0..825bbfd16d9 100644 --- a/tests/foreman/cli/test_contentview.py +++ b/tests/foreman/cli/test_contentview.py @@ -2898,13 +2898,11 @@ def test_negative_user_with_read_only_cv_permission(self, module_org, module_tar ) password = gen_string('alphanumeric') user = module_target_sat.cli_factory.user({'password': password}) - role = module_target_sat.cli_factory.make_role() + role = module_target_sat.cli_factory.make_role({'organization-id': module_org.id}) module_target_sat.cli_factory.make_filter( { - 'organization-ids': module_org.id, 'permissions': 'view_content_views', 'role-id': role['id'], - 'override': 1, } ) module_target_sat.cli.User.add_role({'id': user['id'], 'role-id': role['id']}) diff --git a/tests/foreman/cli/test_filter.py b/tests/foreman/cli/test_filter.py index ebeb7f760b9..87ac93cb14b 100644 --- a/tests/foreman/cli/test_filter.py +++ b/tests/foreman/cli/test_filter.py @@ -50,56 +50,6 @@ def test_positive_create_with_permission(module_perms, function_role, target_sat assert set(filter_['permissions'].split(", ")) == set(module_perms) -def test_positive_create_with_org(module_perms, function_role, target_sat): - """Create a filter and assign it some permissions. - - :id: f6308192-0e1f-427b-a296-b285f6684691 - - :expectedresults: The created filter has the assigned permissions. - - :BZ: 1401469 - - :CaseImportance: Critical - """ - org = target_sat.cli_factory.make_org() - # Assign filter to created role - filter_ = target_sat.cli_factory.make_filter( - { - 'role-id': function_role['id'], - 'permissions': module_perms, - 'organization-ids': org['id'], - 'override': 1, - } - ) - # we expect here only only one organization, i.e. first element - assert filter_['organizations'][0] == org['name'] - - -def test_positive_create_with_loc(module_perms, function_role, module_target_sat): - """Create a filter and assign it some permissions. - - :id: d7d1969a-cb30-4e97-a9a3-3a4aaf608795 - - :expectedresults: The created filter has the assigned permissions. - - :BZ: 1401469 - - :CaseImportance: Critical - """ - loc = module_target_sat.cli_factory.make_location() - # Assign filter to created role - filter_ = module_target_sat.cli_factory.make_filter( - { - 'role-id': function_role['id'], - 'permissions': module_perms, - 'location-ids': loc['id'], - 'override': 1, - } - ) - # we expect here only only one location, i.e. first element - assert filter_['locations'][0] == loc['name'] - - def test_positive_delete(module_perms, function_role, module_target_sat): """Create a filter and delete it afterwards. @@ -180,43 +130,3 @@ def test_positive_update_role(module_perms, function_role, target_sat): target_sat.cli.Filter.update({'id': filter_['id'], 'role-id': new_role['id']}) filter_ = target_sat.cli.Filter.info({'id': filter_['id']}) assert filter_['role'] == new_role['name'] - - -def test_positive_update_org_loc(module_perms, function_role, target_sat): - """Create a filter and assign it to another organization and location. - - :id: 9bb59109-9701-4ef3-95c6-81f387d372da - - :expectedresults: Filter is created and assigned to new org and loc. - - :BZ: 1401469 - - :CaseImportance: Critical - """ - org = target_sat.cli_factory.make_org() - loc = target_sat.cli_factory.make_location() - filter_ = target_sat.cli_factory.make_filter( - { - 'role-id': function_role['id'], - 'permissions': module_perms, - 'organization-ids': org['id'], - 'location-ids': loc['id'], - 'override': 1, - } - ) - # Update org and loc - new_org = target_sat.cli_factory.make_org() - new_loc = target_sat.cli_factory.make_location() - target_sat.cli.Filter.update( - { - 'id': filter_['id'], - 'permissions': module_perms, - 'organization-ids': new_org['id'], - 'location-ids': new_loc['id'], - 'override': 1, - } - ) - filter_ = target_sat.cli.Filter.info({'id': filter_['id']}) - # We expect here only one organization and location - assert filter_['organizations'][0] == new_org['name'] - assert filter_['locations'][0] == new_loc['name'] diff --git a/tests/foreman/ui/test_activationkey.py b/tests/foreman/ui/test_activationkey.py index dd0d663cf0c..615536c9bbe 100644 --- a/tests/foreman/ui/test_activationkey.py +++ b/tests/foreman/ui/test_activationkey.py @@ -662,11 +662,10 @@ def test_positive_access_non_admin_user(session, test_name, target_sat): } ) # Create new role - role = target_sat.api.Role().create() + role = target_sat.api.Role(organization=[org]).create() # Create filter with predefined activation keys search criteria envs_condition = ' or '.join(['environment = ' + s for s in envs_list]) target_sat.api.Filter( - organization=[org], permission=target_sat.api.Permission().search( filters={'name': 'view_activation_keys'}, query={'search': 'resource_type="Katello::ActivationKey"'}, diff --git a/tests/foreman/ui/test_errata.py b/tests/foreman/ui/test_errata.py index ccd7e749e04..188bc0c523a 100644 --- a/tests/foreman/ui/test_errata.py +++ b/tests/foreman/ui/test_errata.py @@ -796,9 +796,8 @@ def test_positive_list_permission( ).create() custom_repo.sync() # create role with access only to 'RHEL8' RedHat product - role = module_target_sat.api.Role().create() + role = module_target_sat.api.Role(organization=[function_sca_manifest_org]).create() module_target_sat.api.Filter( - organization=[function_sca_manifest_org], permission=module_target_sat.api.Permission().search( query={'search': 'resource_type="Katello::Product"'} ), diff --git a/tests/foreman/ui/test_role.py b/tests/foreman/ui/test_role.py index 6e151443e80..455b07557ca 100644 --- a/tests/foreman/ui/test_role.py +++ b/tests/foreman/ui/test_role.py @@ -151,9 +151,7 @@ def test_positive_delete_cloned_builtin(session): assert not session.role.search(cloned_role_name) -def test_positive_create_filter_without_override( - session, module_org, module_location, test_name, module_target_sat -): +def test_positive_create_filter(session, module_org, module_location, test_name, module_target_sat): """Create filter in role w/o overriding it :id: a7f76f6e-6c13-4b34-b38c-19501b65786f @@ -162,14 +160,14 @@ def test_positive_create_filter_without_override( 1. Create a role with taxonomies (location and organization) assigned - 2. Create filter in role without overriding it + 2. Create filter in role 3. Create user and assign new role to it 4. Re-login into application using new user with a role :expectedresults: - 1. Filter w/o override is created in role - 2. The taxonomies of role are inherited to filter + 1. Filter is created in role + 2. The taxonomies of role are implicitly inherited to filter 3. User can access application sections specified in a filter """ role_name = gen_string('alpha') @@ -191,8 +189,6 @@ def test_positive_create_filter_without_override( role_name, {'resource_type': 'Subnet', 'permission.assigned': ['view_subnets', 'create_subnets']}, ) - filter_values = session.filter.read(role_name, 'Subnet') - assert filter_values['override'] is False session.filter.create( role_name, { @@ -298,117 +294,6 @@ def test_positive_create_non_overridable_filter( session.organization.create({'name': gen_string('alpha'), 'label': gen_string('alpha')}) -@pytest.mark.upgrade -def test_positive_create_overridable_filter( - session, module_org, module_location, test_name, module_target_sat -): - """Create overridden filter in role - - :id: 325e7e3e-60fc-4182-9585-0449d9660e8d - - :steps: - - 1. Create a role with some taxonomies (organizations and locations) - 2. Create a filter in role to which taxonomies can be associated - e.g Subnet filter - 3. Override a filter with some taxonomies which doesn't match the - taxonomies of role - 4. Create user with taxonomies including filter taxonomies and - assign role to it - 5. Login with user and attempt to access the resources - - :expectedresults: - - 1. Filter is created with taxonomies - 2. User can access resources, permissions specified in filter - 3. User have access only in taxonomies specified in filter - """ - role_name = gen_string('alpha') - username = gen_string('alpha') - password = gen_string('alpha') - role_org = module_target_sat.api.Organization().create() - role_loc = module_target_sat.api.Location().create() - subnet = module_target_sat.api.Subnet() - subnet.create_missing() - subnet_name = subnet.name - new_subnet_name = gen_string('alpha') - with session: - session.role.create( - { - 'name': role_name, - 'organizations.assigned': [role_org.name, module_org.name], - 'locations.assigned': [role_loc.name, module_location.name], - } - ) - assert session.role.search(role_name)[0]['Name'] == role_name - session.filter.create( - role_name, - { - 'resource_type': 'Subnet', - 'permission.assigned': ['view_subnets', 'create_subnets'], - 'override': True, - 'taxonomies_tabs.locations.resources.assigned': [module_location.name], - 'taxonomies_tabs.organizations.resources.assigned': [module_org.name], - }, - ) - session.filter.create( - role_name, - { - 'resource_type': 'Organization', - 'permission.assigned': ['assign_organizations', 'view_organizations'], - }, - ) - session.filter.create( - role_name, - { - 'resource_type': 'Location', - 'permission.assigned': ['assign_locations', 'view_locations'], - }, - ) - session.user.create( - { - 'user.login': username, - 'user.auth': 'INTERNAL', - 'user.password': password, - 'user.confirm': password, - 'user.mail': 'test@example.com', - 'roles.resources.assigned': [role_name], - 'organizations.resources.assigned': [role_org.name, module_org.name], - 'locations.resources.assigned': [role_loc.name, module_location.name], - } - ) - with module_target_sat.ui_session(test_name, user=username, password=password) as session: - session.organization.select(org_name=module_org.name) - session.location.select(loc_name=module_location.name) - session.subnet.create( - { - 'subnet.name': subnet_name, - 'subnet.protocol': 'IPv4', - 'subnet.network_address': subnet.network, - 'subnet.network_mask': subnet.mask, - 'subnet.boot_mode': 'Static', - } - ) - assert session.subnet.search(subnet_name)[0]['Name'] == subnet_name - session.organization.select(org_name=role_org.name) - session.location.select(loc_name=role_loc.name) - with pytest.raises(AssertionError) as context: - session.subnet.create( - { - 'subnet.name': new_subnet_name, - 'subnet.protocol': 'IPv4', - 'subnet.network_address': subnet.network, - 'subnet.network_mask': subnet.mask, - 'subnet.boot_mode': 'Static', - } - ) - assert ( - "You don't have permission create_subnets with attributes" - " that you have specified or you don't have access to" - " specified organizations or locations" in str(context.value) - ) - - def test_positive_create_with_21_filters(session): """Make sure it's possible to create more than 20 filters inside single role diff --git a/tests/new_upgrades/test_role.py b/tests/new_upgrades/test_role.py index 2c1f3bde890..04d555e9947 100644 --- a/tests/new_upgrades/test_role.py +++ b/tests/new_upgrades/test_role.py @@ -62,7 +62,6 @@ def default_role_permission_with_filter_setup(search_upgrade_shared_satellite, u permission=target_sat.api.Permission().search( filters={'name': 'view_domains'}, query={'search': 'resource_type="Domain"'} ), - unlimited=False, role=default_role, search='name ~ a', ).create() @@ -113,63 +112,6 @@ def test_default_role_added_permission_with_filter(default_role_permission_with_ domain_filter[0].delete() -@pytest.mark.stubbed -class TestOverriddenFilter: - """Filter associated with taxonomies becomes overridden filter post upgrade - - :steps: - - 1. In Preupgrade Satellite, Create a role - 2. Add filter in a role to which taxonomies can be assigned - 3. Assign taxonomies to above filter - 4. Upgrade the satellite to next/latest version - 5. Postupgrade, View the above role filter - - :expectedresults: - - 1. The Filter should be have set override flag postupgrade - 2. The locations and organizations of filter should be unchanged - postupgrade - - :CaseAutomation: NotAutomated - """ - - @pytest.mark.pre_upgrade - def test_pre_existing_overriden_filter(self): - """Role with taxonomies associated filter can be created - - :id: preupgrade-e8ecf446-375e-45fa-8e2c-558a40a7d8d0 - - :steps: - - 1. In Preupgrade Satellite, Create a role - 2. Add filter in a role to which taxonomies can be assigned - 3. Assign taxonomies to above filter - - :expectedresults: The role with taxonomies associated to them should - be created - """ - - @pytest.mark.post_upgrade - def test_post_existing_overriden_filter(self): - """Filter associated with taxonomies becomes overridden filter post - upgrade - - :id: postupgrade-e8ecf446-375e-45fa-8e2c-558a40a7d8d0 - - :steps: - - 1. Postupgrade, view the role filter created in preupgraded - satellite - - :expectedresults: - - 1. The Filter should be have set override flag postupgrade - 2. The locations and organizations of filter should be unchanged - postupgrade - """ - - @pytest.mark.stubbed class TestBuiltInRolesLocked: """Builtin roles in satellite gets locked post upgrade diff --git a/tests/upgrades/test_role.py b/tests/upgrades/test_role.py index 373876e2dc5..550bcb61ca9 100644 --- a/tests/upgrades/test_role.py +++ b/tests/upgrades/test_role.py @@ -15,63 +15,6 @@ import pytest -@pytest.mark.stubbed -class TestOverriddenFilter: - """Filter associated with taxonomies becomes overridden filter post upgrade - - :steps: - - 1. In Preupgrade Satellite, Create a role - 2. Add filter in a role to which taxonomies can be assigned - 3. Assign taxonomies to above filter - 4. Upgrade the satellite to next/latest version - 5. Postupgrade, View the above role filter - - :expectedresults: - - 1. The Filter should be have set override flag postupgrade - 2. The locations and organizations of filter should be unchanged - postupgrade - - :CaseAutomation: NotAutomated - """ - - @pytest.mark.pre_upgrade - def test_pre_existing_overriden_filter(self): - """Role with taxonomies associated filter can be created - - :id: preupgrade-e8ecf446-375e-45fa-8e2c-558a40a7d8d0 - - :steps: - - 1. In Preupgrade Satellite, Create a role - 2. Add filter in a role to which taxonomies can be assigned - 3. Assign taxonomies to above filter - - :expectedresults: The role with taxonomies associated to them should - be created - """ - - @pytest.mark.post_upgrade - def test_post_existing_overriden_filter(self): - """Filter associated with taxonomies becomes overridden filter post - upgrade - - :id: postupgrade-e8ecf446-375e-45fa-8e2c-558a40a7d8d0 - - :steps: - - 1. Postupgrade, view the role filter created in preupgraded - satellite - - :expectedresults: - - 1. The Filter should be have set override flag postupgrade - 2. The locations and organizations of filter should be unchanged - postupgrade - """ - - @pytest.mark.stubbed class TestBuiltInRolesLocked: """Builtin roles in satellite gets locked post upgrade @@ -231,7 +174,6 @@ def test_pre_default_role_added_permission_with_filter(self, target_sat): permission=target_sat.api.Permission().search( filters={'name': 'view_domains'}, query={'search': 'resource_type="Domain"'} ), - unlimited=False, role=default_role, search='name ~ a', ).create()