graphene-django/graphene_django/tests/test_auth_mixins.py

import graphene
from graphene import Schema, relay, ObjectType
from graphene_django.filter import DjangoFilterConnectionField
from django.test import TestCase, RequestFactory
from graphene_django import DjangoObjectType
from graphene_django.auth.mixins import AuthNodeMixin, AuthMutationMixin
from .models import Pet


class PetNode(AuthNodeMixin, DjangoObjectType):
    _permission = 'app.view_pet'

    class Meta:
        model = Pet
        interfaces = (relay.Node, )


class CreatePet(AuthMutationMixin, graphene.Mutation):
    """
    Mutation for create user
    example mutation:
        mutation {
            createPet(name: "Mila") {
                pet {
                    id
                    name
                }
            }
        }
    """
    _permission = 'app.create_pet'
    pet = graphene.Field(PetNode)

    class Input:
        name = graphene.String(required=True)

    @classmethod
    def mutate(cls, root, input, context, info):
        if cls.has_permision(context) is not True:
            return cls.has_permision(context)
        pet_name = input.get('name')
        pet = Pet.objects.create(name=pet_name)
        return CreatePet(pet=pet)


class QueryRoot(ObjectType):
    pet = relay.Node.Field(PetNode)


class MutationRoot(ObjectType):
    create_pet = CreatePet.Field()

schema = Schema(query=QueryRoot, mutation=MutationRoot)


class MockUserContext(object):

    def __init__(self, authenticated=True, is_staff=False, superuser=False, perms=()):
        self.user = self
        self.authenticated = authenticated
        self.is_staff = is_staff
        self.is_superuser = superuser
        self.perms = perms

    def is_authenticated(self):
        return self.authenticated

    def has_perm(self, check_perms):
        if check_perms not in self.perms:
            return False
        return True


class AuthorizationTests(TestCase):
    """
    This TestCase auth.
    """

    @classmethod
    def setUpClass(cls):
        super(AuthorizationTests, cls).setUpClass()
        cls.schema = schema
        cls.query_mutation = '''
            mutation {{
                createPet(name: "{name}") {{
                    pet{{
                        id
                        name
                    }}
                }}
            }}
        '''
        cls.query_node = '''
            query {
              pet(id: "UGV0Tm9kZTox"){
                id
                name
              }
            }
        '''

    def setUp(self):
        self.factory = RequestFactory()
        pet_names = ['Mila', 'Kira']
        for name in pet_names:
            Pet.objects.create(name=name)
        self.anonymous = MockUserContext(
            authenticated=False
        )
        self.luke = MockUserContext(
            authenticated=True,
            perms=('app.view_pet', 'app.create_pet',)
        )
        self.anakin = MockUserContext(
            authenticated=True,
            perms=('app.view_pet',)
        )
        self.storm_tropper = MockUserContext(
            authenticated=True,
            perms=()
        )

    def test_mutation_anonymous(self):
        """
        Making mutation with anonymous user
        """
        print(self.luke.user)
        result = self.schema.execute(self.query_mutation.format(name='Mila'), context_value={'user': self.anonymous})
        self.assertNotEqual(result.errors, [])
        self.assertEqual(result.errors[0].message, 'Permission Denied')

    def test_mutation_non_permission(self):
        """
        Making mutation with an user who does not have the permission
        """
        result = self.schema.execute(self.query_mutation.format(name='Mila'), context_value={'user': self.anakin})
        self.assertNotEqual(result.errors, [])
        self.assertEqual(result.errors[0].message, 'Permission Denied')

    def test_mutation_has_permission(self):
        """
        Making mutation with an user who has the permission
        """
        result = self.schema.execute(self.query_mutation.format(name='Mila'), context_value={'user': self.luke})
        self.assertEqual(result.errors, [])

    def test_query_anonymous(self):
        """
        Making query with anonymous user
        """
        result = self.schema.execute(self.query_node, context_value={'user': self.anonymous})
        print(result.errors)
        print(result.data)
        self.assertNotEqual(result.errors, [])
        self.assertEqual(result.errors[0].message, 'Permission Denied')

    def test_query_non_permission(self):
        """
        Making query with an user who does not have the permission
        """
        result = self.schema.execute(self.query_node, context_value={'user': self.storm_tropper})
        self.assertNotEqual(result.errors, [])
        self.assertEqual(result.errors[0].message, 'Permission Denied')

    def test_query_has_permission(self):
        """
        Making query with an user who has the permission
        """
        result = self.schema.execute(self.query_node, context_value={'user': self.luke})
        self.assertEqual(result.errors, [])
Django permissions required at Nodes and Mutations 2017-03-05 19:59:21 +03:00			`import graphene`
			`from graphene import Schema, relay, ObjectType`
Update imports 2017-03-06 04:08:39 +03:00			`from graphene_django.filter import DjangoFilterConnectionField`
Django permissions required at Nodes and Mutations 2017-03-05 19:59:21 +03:00			`from django.test import TestCase, RequestFactory`
Change import from DjangoObjectType to fix tests 2017-03-06 03:42:42 +03:00			`from graphene_django import DjangoObjectType`
Update imports 2017-03-06 04:08:39 +03:00			`from graphene_django.auth.mixins import AuthNodeMixin, AuthMutationMixin`
Django permissions required at Nodes and Mutations 2017-03-05 19:59:21 +03:00			`from .models import Pet`


			`class PetNode(AuthNodeMixin, DjangoObjectType):`
			`_permission = 'app.view_pet'`

			`class Meta:`
			`model = Pet`
			`interfaces = (relay.Node, )`


			`class CreatePet(AuthMutationMixin, graphene.Mutation):`
			`"""`
			`Mutation for create user`
			`example mutation:`
			`mutation {`
			`createPet(name: "Mila") {`
			`pet {`
			`id`
			`name`
			`}`
			`}`
			`}`
			`"""`
			`_permission = 'app.create_pet'`
			`pet = graphene.Field(PetNode)`

			`class Input:`
			`name = graphene.String(required=True)`

			`@classmethod`
			`def mutate(cls, root, input, context, info):`
			`if cls.has_permision(context) is not True:`
			`return cls.has_permision(context)`
			`pet_name = input.get('name')`
			`pet = Pet.objects.create(name=pet_name)`
			`return CreatePet(pet=pet)`


			`class QueryRoot(ObjectType):`
			`pet = relay.Node.Field(PetNode)`


			`class MutationRoot(ObjectType):`
			`create_pet = CreatePet.Field()`

			`schema = Schema(query=QueryRoot, mutation=MutationRoot)`


			`class MockUserContext(object):`

			`def __init__(self, authenticated=True, is_staff=False, superuser=False, perms=()):`
			`self.user = self`
			`self.authenticated = authenticated`
			`self.is_staff = is_staff`
			`self.is_superuser = superuser`
			`self.perms = perms`

			`def is_authenticated(self):`
			`return self.authenticated`

			`def has_perm(self, check_perms):`
			`if check_perms not in self.perms:`
			`return False`
			`return True`


			`class AuthorizationTests(TestCase):`
			`"""`
			`This TestCase auth.`
			`"""`

			`@classmethod`
			`def setUpClass(cls):`
			`super(AuthorizationTests, cls).setUpClass()`
			`cls.schema = schema`
			`cls.query_mutation = '''`
			`mutation {{`
			`createPet(name: "{name}") {{`
			`pet{{`
			`id`
			`name`
			`}}`
			`}}`
			`}}`
			`'''`
			`cls.query_node = '''`
			`query {`
			`pet(id: "UGV0Tm9kZTox"){`
			`id`
			`name`
			`}`
			`}`
			`'''`

			`def setUp(self):`
			`self.factory = RequestFactory()`
			`pet_names = ['Mila', 'Kira']`
			`for name in pet_names:`
			`Pet.objects.create(name=name)`
			`self.anonymous = MockUserContext(`
			`authenticated=False`
			`)`
			`self.luke = MockUserContext(`
			`authenticated=True,`
			`perms=('app.view_pet', 'app.create_pet',)`
			`)`
			`self.anakin = MockUserContext(`
			`authenticated=True,`
			`perms=('app.view_pet',)`
			`)`
			`self.storm_tropper = MockUserContext(`
			`authenticated=True,`
			`perms=()`
			`)`

			`def test_mutation_anonymous(self):`
			`"""`
			`Making mutation with anonymous user`
			`"""`
			`print(self.luke.user)`
			`result = self.schema.execute(self.query_mutation.format(name='Mila'), context_value={'user': self.anonymous})`
			`self.assertNotEqual(result.errors, [])`
			`self.assertEqual(result.errors[0].message, 'Permission Denied')`

			`def test_mutation_non_permission(self):`
			`"""`
			`Making mutation with an user who does not have the permission`
			`"""`
			`result = self.schema.execute(self.query_mutation.format(name='Mila'), context_value={'user': self.anakin})`
			`self.assertNotEqual(result.errors, [])`
			`self.assertEqual(result.errors[0].message, 'Permission Denied')`

			`def test_mutation_has_permission(self):`
			`"""`
			`Making mutation with an user who has the permission`
			`"""`
			`result = self.schema.execute(self.query_mutation.format(name='Mila'), context_value={'user': self.luke})`
			`self.assertEqual(result.errors, [])`

			`def test_query_anonymous(self):`
			`"""`
			`Making query with anonymous user`
			`"""`
			`result = self.schema.execute(self.query_node, context_value={'user': self.anonymous})`
			`print(result.errors)`
			`print(result.data)`
			`self.assertNotEqual(result.errors, [])`
			`self.assertEqual(result.errors[0].message, 'Permission Denied')`

			`def test_query_non_permission(self):`
			`"""`
			`Making query with an user who does not have the permission`
			`"""`
			`result = self.schema.execute(self.query_node, context_value={'user': self.storm_tropper})`
			`self.assertNotEqual(result.errors, [])`
			`self.assertEqual(result.errors[0].message, 'Permission Denied')`

			`def test_query_has_permission(self):`
			`"""`
			`Making query with an user who has the permission`
			`"""`
			`result = self.schema.execute(self.query_node, context_value={'user': self.luke})`
			`self.assertEqual(result.errors, [])`