Fixed #370 -- added CLI tests for app sharing workflow.

Author: mboersma

.coveragerc

@@ -3,7 +3,6 @@ omit =
     */venv/*
     */virtualenv/*
     api/__init__.py
-    api/tests/*
     client/__init__.py
     client/models.py
     client/tests/__init__.py

api/admin.py

@@ -73,7 +73,7 @@ class FlavorAdmin(admin.ModelAdmin):
 admin.site.register(Flavor, FlavorAdmin)
 
 
-class FormationAdmin(GuardedModelAdmin):
+class FormationAdmin(admin.ModelAdmin):
     """Set presentation options for :class:`~api.models.Formation` models
     in the Django admin.
     """

api/models.py

@@ -20,6 +20,7 @@
 from django.dispatch import receiver
 from django.dispatch.dispatcher import Signal
 from django.utils.encoding import python_2_unicode_compatible
+from guardian.shortcuts import get_users_with_perms
 from json_field.fields import JSONField  # @UnusedImport
 
 from api import fields, tasks
@@ -174,7 +175,6 @@ class Formation(UuidAuditedModel):
     nodes = JSONField(default='{}', blank=True)
 
     class Meta:
-        permissions = (('use_formation', 'Can use formation'),)
         unique_together = (('owner', 'id'),)
 
     def __str__(self):
@@ -519,10 +519,10 @@ def calculate(self):
         else:
             for n in self.formation.node_set.filter(layer__proxy=True):
                 d['domains'].append(n.fqdn)
-        # TODO: add proper sharing and access controls
-        d['users'] = {}
-        for u in (self.owner.username,):
-            d['users'][u] = 'admin'
+        # add proper sharing and access controls
+        d['users'] = {self.owner.username: 'owner'}
+        for u in (get_users_with_perms(self)):
+            d['users'][u.username] = 'user'
         return d
 
     def logs(self):
@@ -741,7 +741,7 @@ def push(cls, push):
         username = push.pop('username').split('_')[0]
         # retrieve the user and app instances
         user = User.objects.get(username=username)
-        app = App.objects.get(owner=user, id=push.pop('app'))
+        app = App.objects.get(id=push.pop('app'))
         # merge the push with the required model instances
         push['owner'] = user
         push['app'] = app

api/serializers.py

@@ -91,7 +91,7 @@ class ConfigSerializer(serializers.ModelSerializer):
     """Serialize a :class:`~api.models.Config` model."""
 
     owner = serializers.Field(source='owner.username')
-    app = OwnerSlugRelatedField(slug_field='id')
+    app = serializers.SlugRelatedField(slug_field='id')
     values = serializers.ModelField(
         model_field=models.Config()._meta.get_field('values'), required=False)
 
@@ -105,7 +105,7 @@ class BuildSerializer(serializers.ModelSerializer):
     """Serialize a :class:`~api.models.Build` model."""
 
     owner = serializers.Field(source='owner.username')
-    app = OwnerSlugRelatedField(slug_field='id')
+    app = serializers.SlugRelatedField(slug_field='id')
 
     class Meta:
         """Metadata options for a :class:`BuildSerializer`."""
@@ -117,7 +117,7 @@ class ReleaseSerializer(serializers.ModelSerializer):
     """Serialize a :class:`~api.models.Release` model."""
 
     owner = serializers.Field(source='owner.username')
-    app = OwnerSlugRelatedField(slug_field='id')
+    app = serializers.SlugRelatedField(slug_field='id')
     config = serializers.SlugRelatedField(slug_field='uuid')
     build = serializers.SlugRelatedField(slug_field='uuid', required=False)
 

api/tests/test_key.py

@@ -10,10 +10,12 @@
 import os.path
 
 from django.test import TestCase
+from django.test.utils import override_settings
 
 from deis import settings
 
 
+@override_settings(CELERY_ALWAYS_EAGER=True)
 class KeyTest(TestCase):
 
     """Tests cloud provider credentials"""

api/tests/test_perm.py

@@ -3,8 +3,10 @@
 import json
 
 from django.test import TestCase
+from django.test.utils import override_settings
 
 
+@override_settings(CELERY_ALWAYS_EAGER=True)
 class TestAdminPerms(TestCase):
 
     def test_first_signup(self):
@@ -132,6 +134,7 @@ def test_delete(self):
         self.assertNotIn('two', str(response.data['results']))
 
 
+@override_settings(CELERY_ALWAYS_EAGER=True)
 class TestAppPerms(TestCase):
 
     fixtures = ['test_sharing.json']
@@ -215,120 +218,3 @@ def test_list(self):
         response = self.client.get(
             "/api/apps/{}/perms".format(app_id), content_type='application/json')
         self.assertEqual(response.data, {'users': ['autotest-2']})
-
-
-class TestFormationPerms(TestCase):
-
-    fixtures = ['test_sharing.json']
-
-    def setUp(self):
-        self.assertTrue(
-            self.client.login(username='autotest-1', password='password'))
-
-    def test_create(self):
-        # check that user 1 sees her lone formation
-        response = self.client.get('/api/formations')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(len(response.data['results']), 1)
-        formation_id = response.data['results'][0]['id']
-        # check that user 2 can't see any formations
-        self.assertTrue(
-            self.client.login(username='autotest-2', password='password'))
-        response = self.client.get('/api/formations')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(len(response.data['results']), 0)
-        # give user 2 permission to user 1's formation
-        self.assertTrue(
-            self.client.login(username='autotest-1', password='password'))
-        url = '/api/formations/{formation_id}/perms'.format(**locals())
-        body = {'username': 'autotest-2'}
-        response = self.client.post(
-            url, json.dumps(body), content_type='application/json')
-        self.assertEqual(response.status_code, 201)
-        # check that user 1 can see a formation
-        self.assertTrue(
-            self.client.login(username='autotest-2', password='password'))
-        response = self.client.get('/api/formations')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(len(response.data['results']), 1)
-        self.assertEqual(response.data['results'][0]['id'], formation_id)
-        # revoke user 2's permission to user 1's formation
-        self.assertTrue(
-            self.client.login(username='autotest-1', password='password'))
-        username = 'autotest-2'
-        url = '/api/formations/{formation_id}/perms/{username}/'.format(**locals())
-        response = self.client.delete(url)
-        self.assertEqual(response.status_code, 204)
-
-    def test_create_errors(self):
-        response = self.client.get('/api/formations')
-        formation_id = response.data['results'][0]['id']
-        # try to give user 2 permission to user 1's formation as user 2
-        self.assertTrue(
-            self.client.login(username='autotest-2', password='password'))
-        url = '/api/formations/{formation_id}/perms'.format(**locals())
-        body = {'username': 'autotest-2'}
-        response = self.client.post(
-            url, json.dumps(body), content_type='application/json')
-        self.assertEqual(response.status_code, 403)
-        # try to give user 1 permission to user 1's formation as user 2
-        url = '/api/formations/{formation_id}/perms'.format(**locals())
-        body = {'username': 'autotest-1'}
-        response = self.client.post(
-            url, json.dumps(body), content_type='application/json')
-        self.assertEqual(response.status_code, 403)
-
-    def test_delete(self):
-        # give user 2 permission to user 1's formation
-        response = self.client.get('/api/formations')
-        formation_id = response.data['results'][0]['id']
-        url = '/api/formations/{formation_id}/perms'.format(**locals())
-        body = {'username': 'autotest-2'}
-        response = self.client.post(
-            url, json.dumps(body), content_type='application/json')
-        self.assertEqual(response.status_code, 201)
-        # check that user 1 can see a formation
-        self.assertTrue(
-            self.client.login(username='autotest-2', password='password'))
-        response = self.client.get('/api/formations')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(len(response.data['results']), 1)
-        self.assertEqual(response.data['results'][0]['id'], formation_id)
-        # revoke user 2's permission to user 1's formation
-        self.assertTrue(
-            self.client.login(username='autotest-1', password='password'))
-        username = 'autotest-2'
-        url = '/api/formations/{formation_id}/perms/{username}/'.format(**locals())
-        response = self.client.delete(url)
-        self.assertEqual(response.status_code, 204)
-        # check that user 1 can't see any formations
-        self.assertTrue(
-            self.client.login(username='autotest-2', password='password'))
-        response = self.client.get('/api/formations')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(len(response.data['results']), 0)
-
-    def test_delete_errors(self):
-        # revoke user 2's permission to user 1's formation
-        response = self.client.get('/api/formations')
-        formation_id = response.data['results'][0]['id']
-        username = 'autotest-2'
-        url = '/api/formations/{formation_id}/perms/{username}/'.format(**locals())
-        response = self.client.delete(url)
-        self.assertEqual(response.status_code, 404)
-
-    def test_list(self):
-        # check that user 1 sees her lone formation
-        response = self.client.get('/api/formations')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(len(response.data['results']), 1)
-        formation_id = response.data['results'][0]['id']
-        # create a new object permission
-        url = "/api/formations/{}/perms".format(formation_id)
-        body = {'username': 'autotest-2'}
-        response = self.client.post(url, json.dumps(body), content_type='application/json')
-        self.assertEqual(response.status_code, 201)
-        # list perms on the app
-        response = self.client.get(
-            "/api/formations/{}/perms".format(formation_id), content_type='application/json')
-        self.assertEqual(response.data, {'users': ['autotest-2']})

api/urls.py

@@ -166,22 +166,6 @@
   :meth:`FormationViewSet.converge() <api.views.FormationViewSet.converge>`
 
 
-Formation Sharing
------------------
-
-.. http:delete:: /api/formations/(string:id)/perms/(string:username)/
-
-  Destroy a formation permission by its `username`.
-
-.. http:get:: /api/formations/(string:id)/perms/
-
-  List all permissions granted to this formation.
-
-.. http:post:: /api/formations/(string:id)/perms/
-
-  Create a new formation permission.
-
-
 Applications
 ============
 
@@ -410,11 +394,6 @@
         views.FormationViewSet.as_view({'post': 'calculate'})),
     url(r'^formations/(?P<id>[-_\w]+)/converge/?',
         views.FormationViewSet.as_view({'post': 'converge'})),
-    # formation sharing
-    url(r'^formations/(?P<id>[-_\w]+)/perms/(?P<username>[-_\w]+)/?',
-        views.FormationPermsViewSet.as_view({'delete': 'destroy'})),
-    url(r'^formations/(?P<id>[-_\w]+)/perms/?',
-        views.FormationPermsViewSet.as_view({'get': 'list', 'post': 'create'})),
     # formation base endpoint
     url(r'^formations/(?P<id>[-_\w]+)/?',
         views.FormationViewSet.as_view({