WP: toulouse-maelis: ajouter une permission spécial pour les endpoints du panier. (#74152) #81
|
@ -62,6 +62,8 @@ class ToulouseMaelis(BaseResource, HTTPResource):
|
|||
category = 'Connecteurs métiers'
|
||||
_category_ordering = ['Famille', 'Activités']
|
||||
|
||||
_can_manage_basket_description = "La gestion du panier est limitée aux comptes d’API suivants :"
|
||||
|
||||
class Meta:
|
||||
verbose_name = 'Toulouse Maelis'
|
||||
|
||||
|
@ -2599,6 +2601,7 @@ class ToulouseMaelis(BaseResource, HTTPResource):
|
|||
display_category='Inscriptions',
|
||||
description="Ajoute au panier une inscription extra-scolaire ou loisir",
|
||||
name='add-person-basket-subscription',
|
||||
perm='can_access',
|
||||
post={
|
||||
'request_body': {
|
||||
'schema': {
|
||||
|
@ -2670,7 +2673,7 @@ class ToulouseMaelis(BaseResource, HTTPResource):
|
|||
display_category='Inscriptions',
|
||||
description="Suppression d'une ligne du panier",
|
||||
name='delete-basket-line',
|
||||
perm='can_access',
|
||||
perm='can_manage_basket',
|
||||
parameters={
|
||||
'NameID': {'description': 'Publik NameID'},
|
||||
'family_id': {'description': 'Numéro de DUI'},
|
||||
|
@ -2702,7 +2705,7 @@ class ToulouseMaelis(BaseResource, HTTPResource):
|
|||
display_category='Inscriptions',
|
||||
description="Suppression du panier de la famille",
|
||||
name='delete-basket',
|
||||
perm='can_access',
|
||||
perm='can_manage_basket',
|
||||
parameters={
|
||||
'NameID': {'description': 'Publik NameID'},
|
||||
'family_id': {'description': 'Numéro de DUI'},
|
||||
|
@ -2729,7 +2732,7 @@ class ToulouseMaelis(BaseResource, HTTPResource):
|
|||
display_category='Inscriptions',
|
||||
description="Validation du panier de la famille",
|
||||
name='validate-basket',
|
||||
perm='can_access',
|
||||
perm='can_manage_basket',
|
||||
parameters={
|
||||
'NameID': {'description': 'Publik NameID'},
|
||||
'family_id': {'description': 'Numéro de DUI'},
|
||||
|
|
|
@ -21,10 +21,12 @@ from unittest import mock
|
|||
|
||||
import pytest
|
||||
import responses
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.utils.dateparse import parse_date
|
||||
from requests.exceptions import ConnectionError
|
||||
from zeep import Settings
|
||||
|
||||
from passerelle.base.models import AccessRight, ApiUser
|
||||
from passerelle.contrib.toulouse_maelis.models import Link, Referential, ToulouseMaelis
|
||||
from passerelle.contrib.toulouse_maelis.utils import get_public_criterias, json_date_format
|
||||
from passerelle.utils.jsonresponse import APIError
|
||||
|
@ -206,6 +208,15 @@ def con(db):
|
|||
return ToulouseMaelis.objects.get()
|
||||
|
||||
|
||||
@pytest.fixture()
|
||||
def manage_basket_access(con):
|
||||
api = ApiUser.objects.get()
|
||||
obj_type = ContentType.objects.get_for_model(con)
|
||||
AccessRight.objects.create(
|
||||
codename='can_manage_basket', apiuser=api, resource_type=obj_type, resource_pk=con.pk
|
||||
)
|
||||
|
||||
|
||||
@mock.patch('passerelle.utils.Request.get')
|
||||
def test_call_with_wrong_wsdl_url(mocked_get, con):
|
||||
mocked_get.side_effect = CONNECTION_ERROR
|
||||
|
@ -5923,7 +5934,7 @@ def test_update_basket_time_basket_not_found(activity_service, con, app):
|
|||
assert resp.json['err_desc'] == "no basket on '311352' family"
|
||||
|
||||
|
||||
def test_delete_basket_line(activity_service, con, app):
|
||||
def test_delete_basket_line(activity_service, con, app, manage_basket_access):
|
||||
activity_service.add_soap_response('getFamilyBasket', get_xml_file('R_get_family_basket.xml'))
|
||||
activity_service.add_soap_response(
|
||||
'deletePersonUnitBasket', get_xml_file('R_delete_person_unit_basket.xml')
|
||||
|
@ -5940,14 +5951,21 @@ def test_delete_basket_line(activity_service, con, app):
|
|||
assert 'S10053203120' not in [x['id'] for x in resp.json['data']['lignes']]
|
||||
|
||||
|
||||
def test_delete_basket_line_not_linked_error(con, app):
|
||||
def test_delete_basket_line_api_access(con, app):
|
||||
url = get_endpoint('delete-basket-line')
|
||||
resp = app.post(url + '?family_id=311352&line_id=S10053203120', status=403)
|
||||
assert resp.json['err'] == 1
|
||||
assert 'PermissionDenied' in resp.json['err_class']
|
||||
|
||||
|
||||
def test_delete_basket_line_not_linked_error(con, app, manage_basket_access):
|
||||
url = get_endpoint('delete-basket-line')
|
||||
resp = app.post(url + '?NameID=local&line_id=S10053203120')
|
||||
assert resp.json['err'] == 1
|
||||
assert resp.json['err_desc'] == 'User not linked to family'
|
||||
|
||||
|
||||
def test_update_basket_line_basket_not_found(activity_service, con, app):
|
||||
def test_delete_basket_line_basket_not_found(activity_service, con, app, manage_basket_access):
|
||||
activity_service.add_soap_response('getFamilyBasket', get_xml_file('R_get_family_basket_empty.xml'))
|
||||
url = get_endpoint('delete-basket-line')
|
||||
resp = app.post(url + '?family_id=311352&line_id=S10053203120')
|
||||
|
@ -5955,7 +5973,7 @@ def test_update_basket_line_basket_not_found(activity_service, con, app):
|
|||
assert resp.json['err_desc'] == "no basket on '311352' family"
|
||||
|
||||
|
||||
def test_delete_basket_line_line_not_found(activity_service, con, app):
|
||||
def test_delete_basket_line_line_not_found(activity_service, con, app, manage_basket_access):
|
||||
activity_service.add_soap_response('getFamilyBasket', get_xml_file('R_get_family_basket.xml'))
|
||||
url = get_endpoint('delete-basket-line')
|
||||
resp = app.post(url + '?family_id=311352&line_id=plop')
|
||||
|
@ -5963,7 +5981,7 @@ def test_delete_basket_line_line_not_found(activity_service, con, app):
|
|||
assert resp.json['err_desc'] == "no 'plop' basket line on '311352' family"
|
||||
|
||||
|
||||
def test_delete_basket(activity_service, con, app):
|
||||
def test_delete_basket(activity_service, con, app, manage_basket_access):
|
||||
def request_check(request):
|
||||
assert request.idUtilisat in ('local', 'Middle-office')
|
||||
|
||||
|
@ -5984,14 +6002,21 @@ def test_delete_basket(activity_service, con, app):
|
|||
assert resp.json['data'] == 'ok'
|
||||
|
||||
|
||||
def test_delete_basket_not_linked_error(con, app):
|
||||
def test_delete_basket_api_access(con, app):
|
||||
url = get_endpoint('delete-basket')
|
||||
resp = app.post(url + '?family_id=311352', status=403)
|
||||
assert resp.json['err'] == 1
|
||||
assert 'PermissionDenied' in resp.json['err_class']
|
||||
|
||||
|
||||
def test_delete_basket_not_linked_error(con, app, manage_basket_access):
|
||||
url = get_endpoint('delete-basket')
|
||||
resp = app.post(url + '?NameID=local')
|
||||
assert resp.json['err'] == 1
|
||||
assert resp.json['err_desc'] == 'User not linked to family'
|
||||
|
||||
|
||||
def test_delete_basket_not_found(activity_service, con, app):
|
||||
def test_delete_basket_not_found(activity_service, con, app, manage_basket_access):
|
||||
activity_service.add_soap_response('getFamilyBasket', get_xml_file('R_get_family_basket_empty.xml'))
|
||||
url = get_endpoint('delete-basket')
|
||||
resp = app.post(url + '?family_id=311352')
|
||||
|
@ -5999,7 +6024,7 @@ def test_delete_basket_not_found(activity_service, con, app):
|
|||
assert resp.json['err_desc'] == "no basket on '311352' family"
|
||||
|
||||
|
||||
def test_validate_basket(activity_service, con, app):
|
||||
def test_validate_basket(activity_service, con, app, manage_basket_access):
|
||||
activity_service.add_soap_response('getFamilyBasket', get_xml_file('R_get_family_basket.xml'))
|
||||
activity_service.add_soap_response('validateBasket', get_xml_file('R_validate_basket.xml'))
|
||||
url = get_endpoint('validate-basket')
|
||||
|
@ -6018,14 +6043,21 @@ def test_validate_basket(activity_service, con, app):
|
|||
}
|
||||
|
||||
|
||||
def test_validate_basket_not_linked_error(con, app):
|
||||
def test_validate_basket_api_access(con, app):
|
||||
url = get_endpoint('validate-basket')
|
||||
resp = app.post(url + '?family_id=311352', status=403)
|
||||
assert resp.json['err'] == 1
|
||||
assert 'PermissionDenied' in resp.json['err_class']
|
||||
|
||||
|
||||
def test_validate_basket_not_linked_error(con, app, manage_basket_access):
|
||||
url = get_endpoint('validate-basket')
|
||||
resp = app.post(url + '?NameID=local')
|
||||
assert resp.json['err'] == 1
|
||||
assert resp.json['err_desc'] == 'User not linked to family'
|
||||
|
||||
|
||||
def test_validate_basket_not_found(activity_service, con, app):
|
||||
def test_validate_basket_not_found(activity_service, con, app, manage_basket_access):
|
||||
activity_service.add_soap_response('getFamilyBasket', get_xml_file('R_get_family_basket_empty.xml'))
|
||||
url = get_endpoint('validate-basket')
|
||||
resp = app.post(url + '?family_id=311352')
|
||||
|
|
Loading…
Reference in New Issue