From a1989ec4c6f05b5e8884101c3f994244eb0ea418 Mon Sep 17 00:00:00 2001
From: Daniel Mursa <daniel@maykinmedia.nl>
Date: Tue, 17 Dec 2024 12:55:55 +0100
Subject: [PATCH] [#486] New tests

---
 .../token_auth/valid_setup_complete.yaml      |  22 ++-
 .../tests/test_token_auth_config.py           | 161 +++++++++++++++++-
 2 files changed, 181 insertions(+), 2 deletions(-)

diff --git a/src/objects/setup_configuration/tests/files/token_auth/valid_setup_complete.yaml b/src/objects/setup_configuration/tests/files/token_auth/valid_setup_complete.yaml
index 6252d846..163bb90f 100644
--- a/src/objects/setup_configuration/tests/files/token_auth/valid_setup_complete.yaml
+++ b/src/objects/setup_configuration/tests/files/token_auth/valid_setup_complete.yaml
@@ -8,7 +8,16 @@ tokenauth:
       organization: Organization 1
       application: Application 1
       administration: Administration 1
-      is_superuser: True
+      permissions:
+        - object_type: 3a82fb7f-fc9b-4104-9804-993f639d6d0d
+          mode: read_only
+          use_fields: true
+          fields:
+            key1: value1
+            key2: value2
+            key3: value3
+        - object_type: ca754b52-3f37-4c49-837c-130e8149e337
+          mode: read_and_write
 
     - identifier: token-2
       token: e882642bd0ec2482adcdc97258c2e6f98cb06d85
@@ -17,4 +26,15 @@ tokenauth:
       organization: Organization 2
       application: Application 2
       administration: Administration 2
+      permissions:
+        - object_type: feeaa795-d212-4fa2-bb38-2c34996e5702
+          mode: read_only
+
+    - identifier: token-3
+      token: ff835859ecf8df4d541aab09f2d0854d17b41a77
+      contact_person: Person 3
+      email: person-3@example.com
+      organization: Organization 3
+      application: Application 3
+      administration: Administration 3
       is_superuser: True
diff --git a/src/objects/setup_configuration/tests/test_token_auth_config.py b/src/objects/setup_configuration/tests/test_token_auth_config.py
index b55c9ea4..676f8a34 100644
--- a/src/objects/setup_configuration/tests/test_token_auth_config.py
+++ b/src/objects/setup_configuration/tests/test_token_auth_config.py
@@ -7,9 +7,14 @@
     PrerequisiteFailed,
 )
 from django_setup_configuration.test_utils import execute_single_step
+from zgw_consumers.models import Service
+from zgw_consumers.test.factories import ServiceFactory
 
+from objects.core.models import ObjectType
+from objects.core.tests.factories import ObjectTypeFactory
 from objects.setup_configuration.steps.token_auth import TokenAuthConfigurationStep
-from objects.token.models import TokenAuth
+from objects.token.constants import PermissionModes
+from objects.token.models import Permission, TokenAuth
 from objects.token.tests.factories import TokenAuthFactory
 
 DIR_FILES = (Path(__file__).parent / "files/token_auth").resolve()
@@ -388,3 +393,157 @@ def test_invalid_empty_identifier(self):
             execute_single_step(TokenAuthConfigurationStep, object_source=object_source)
         self.assertTrue("String should match pattern" in str(command_error.exception))
         self.assertEqual(TokenAuth.objects.count(), 0)
+
+
+class TokenAuthConfigurationStepWithPermissionsTests(TestCase):
+    def setUp(self):
+        self.service = ServiceFactory(slug="service")
+        ObjectTypeFactory(
+            service=self.service,
+            uuid="3a82fb7f-fc9b-4104-9804-993f639d6d0d",
+            _name="Object Type 001",
+        )
+        ObjectTypeFactory(
+            service=self.service,
+            uuid="ca754b52-3f37-4c49-837c-130e8149e337",
+            _name="Object Type 002",
+        )
+        ObjectTypeFactory(
+            service=self.service,
+            uuid="feeaa795-d212-4fa2-bb38-2c34996e5702",
+            _name="Object Type 003",
+        )
+
+        # superuser settato
+        # permission con diversi valori
+        #   UUID -> sbagliato
+        #   UUID -> vuoto
+        #   mode
+        #   mode- > sbagliat con valori fuori dalle choice
+        #   use_fields
+        #   fields
+        #   fields ->sbagliati
+        #
+
+        return super().setUp()
+
+    def test_valid_setup_default_without_permissions(self):
+        self.assertEqual(TokenAuth.objects.count(), 0)
+        self.assertEqual(Permission.objects.count(), 0)
+        self.assertEqual(Service.objects.count(), 1)
+        self.assertEqual(ObjectType.objects.count(), 3)
+
+        execute_single_step(
+            TokenAuthConfigurationStep,
+            yaml_source=str(DIR_FILES / "valid_setup_default.yaml"),
+        )
+        tokens = TokenAuth.objects.all()
+        self.assertEqual(tokens.count(), 2)
+
+        token = tokens.get(identifier="token-1")
+        self.assertEqual(token.token, "18b2b74ef994314b84021d47b9422e82b685d82f")
+        self.assertEqual(token.contact_person, "Person 1")
+        self.assertEqual(token.email, "person-1@example.com")
+        self.assertEqual(token.organization, "")
+        self.assertEqual(token.application, "")
+        self.assertEqual(token.administration, "")
+        self.assertFalse(token.is_superuser)
+        self.assertEqual(token.permissions.count(), 0)
+        self.assertEqual(token.object_types.count(), 0)
+
+        token = tokens.get(identifier="token-2")
+        self.assertEqual(token.contact_person, "Person 2")
+        self.assertEqual(token.token, "e882642bd0ec2482adcdc97258c2e6f98cb06d85")
+        self.assertEqual(token.email, "person-2@example.com")
+        self.assertEqual(token.organization, "")
+        self.assertEqual(token.application, "")
+        self.assertEqual(token.administration, "")
+        self.assertFalse(token.is_superuser)
+        self.assertEqual(token.permissions.count(), 0)
+        self.assertEqual(token.object_types.count(), 0)
+
+    def test_valid_setup_complete(self):
+        self.assertEqual(TokenAuth.objects.count(), 0)
+        self.assertEqual(Permission.objects.count(), 0)
+        self.assertEqual(Service.objects.count(), 1)
+        self.assertEqual(ObjectType.objects.count(), 3)
+
+        execute_single_step(
+            TokenAuthConfigurationStep,
+            yaml_source=str(DIR_FILES / "valid_setup_complete.yaml"),
+        )
+
+        tokens = TokenAuth.objects.all()
+        self.assertEqual(tokens.count(), 3)
+        self.assertEqual(Permission.objects.count(), 3)
+
+        token = tokens.get(identifier="token-1")
+        token_permissions = token.permissions.all()
+        self.assertEqual(token.token, "18b2b74ef994314b84021d47b9422e82b685d82f")
+        self.assertEqual(token.contact_person, "Person 1")
+        self.assertEqual(token.email, "person-1@example.com")
+        self.assertEqual(token.organization, "Organization 1")
+        self.assertEqual(token.application, "Application 1")
+        self.assertEqual(token.administration, "Administration 1")
+        self.assertFalse(token.is_superuser)
+        self.assertEqual(token.object_types.count(), 2)
+        self.assertEqual(token_permissions.count(), 2)
+        object_type = ObjectType.objects.get(
+            uuid="3a82fb7f-fc9b-4104-9804-993f639d6d0d", service=self.service
+        )
+        permission = token_permissions.get(object_type=object_type)
+        self.assertTrue(object_type in token.object_types.all())
+        self.assertTrue(permission in token.permissions.all())
+        self.assertEqual(permission.mode, PermissionModes.read_only)
+        self.assertTrue(permission.use_fields)
+        self.assertTrue(isinstance(permission.fields, dict))
+        self.assertTrue(
+            all(key in permission.fields.keys() for key in ["key1", "key2", "key3"])
+        )
+        self.assertTrue(
+            all(
+                value in permission.fields.values()
+                for value in ["value1", "value2", "value3"]
+            )
+        )
+        object_type = ObjectType.objects.get(
+            uuid="ca754b52-3f37-4c49-837c-130e8149e337", service=self.service
+        )
+        permission = token_permissions.get(object_type=object_type)
+        self.assertTrue(object_type in token.object_types.all())
+        self.assertTrue(permission in token.permissions.all())
+        self.assertEqual(permission.mode, PermissionModes.read_and_write)
+        self.assertFalse(permission.use_fields)
+        self.assertIsNone(permission.fields)
+
+        token = tokens.get(identifier="token-2")
+        token_permissions = token.permissions.all()
+        self.assertEqual(token.contact_person, "Person 2")
+        self.assertEqual(token.token, "e882642bd0ec2482adcdc97258c2e6f98cb06d85")
+        self.assertEqual(token.email, "person-2@example.com")
+        self.assertEqual(token.organization, "Organization 2")
+        self.assertEqual(token.application, "Application 2")
+        self.assertEqual(token.administration, "Administration 2")
+        self.assertFalse(token.is_superuser)
+        self.assertEqual(token.permissions.count(), 1)
+        self.assertEqual(token.object_types.count(), 1)
+        object_type = ObjectType.objects.get(
+            uuid="feeaa795-d212-4fa2-bb38-2c34996e5702", service=self.service
+        )
+        permission = token_permissions.get(object_type=object_type)
+        self.assertTrue(object_type in token.object_types.all())
+        self.assertTrue(permission in token.permissions.all())
+        self.assertEqual(permission.mode, PermissionModes.read_only)
+        self.assertFalse(permission.use_fields)
+        self.assertIsNone(permission.fields)
+
+        token = tokens.get(identifier="token-3")
+        self.assertEqual(token.contact_person, "Person 3")
+        self.assertEqual(token.token, "ff835859ecf8df4d541aab09f2d0854d17b41a77")
+        self.assertEqual(token.email, "person-3@example.com")
+        self.assertEqual(token.organization, "Organization 3")
+        self.assertEqual(token.application, "Application 3")
+        self.assertEqual(token.administration, "Administration 3")
+        self.assertTrue(token.is_superuser)
+        self.assertEqual(token.permissions.count(), 0)
+        self.assertEqual(token.object_types.count(), 0)