archive/bramw_baserow
1
0
Fork 0
mirror of https://gitlab.com/bramw/baserow.git synced 2025-04-13 16:49:07 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch '1365-fix-500-errors-on-role-assignment-endpoint' into 'develop'

Browse source 
Resolve "Fix 500 Errors on role assignment endpoint"

See merge request
This commit is contained in:
Alexander Haller 2022-11-30 07:52:51 +00:00
commit 50bcc2ee3c
3 changed files with 159 additions and 1 deletions
backend/src/baserow/core
registries.py
enterprise/backend
src/baserow_enterprise/api/role
views.py
tests/baserow_enterprise_tests/api/role
test_role_views.py

2
backend/src/baserow/core/registries.py
View file

@ -12,6 +12,7 @@ from rest_framework.serializers import Serializer
from baserow.contrib.database.constants import IMPORT_SERIALIZED_IMPORTING
from baserow.core.utils import ChildProgressBuilder
from baserow_enterprise.exceptions import SubjectTypeNotExist
from .exceptions import (
ApplicationTypeAlreadyRegistered,
@ -628,6 +629,7 @@ class SubjectTypeRegistry(Registry[SubjectType], ModelRegistryMixin):
"""
name = "subject"
does_not_exist_exception_class = SubjectTypeNotExist
def get_serializer(self, model_instance, **kwargs) -> Serializer:
"""

14
enterprise/backend/src/baserow_enterprise/api/role/views.py
View file

@ -84,12 +84,26 @@ class RoleAssignmentsView(APIView):
"ERROR_REQUEST_BODY_VALIDATION",
]
),
404: get_error_schema(
[
"ERROR_SCOPE_DOES_NOT_EXIST",
"ERROR_GROUP_DOES_NOT_EXIST",
"ERROR_OBJECT_SCOPE_TYPE_DOES_NOT_EXIST",
"ERROR_SUBJECT_TYPE_DOES_NOT_EXIST",
"ERROR_ROLE_DOES_NOT_EXIST",
]
),
},
)
@map_exceptions(
{
GroupDoesNotExist: ERROR_GROUP_DOES_NOT_EXIST,
UserNotInGroup: ERROR_USER_NOT_IN_GROUP,
ObjectScopeTypeDoesNotExist: ERROR_OBJECT_SCOPE_TYPE_DOES_NOT_EXIST,
SubjectTypeNotExist: ERROR_SUBJECT_TYPE_DOES_NOT_EXIST,
SubjectNotExist: ERROR_SUBJECT_DOES_NOT_EXIST,
ScopeNotExist: ERROR_SCOPE_DOES_NOT_EXIST,
RoleNotExist: ERROR_ROLE_DOES_NOT_EXIST,
}
)
@validate_body(CreateRoleAssignmentSerializer, return_validated=True)

144
enterprise/backend/tests/baserow_enterprise_tests/api/role/test_role_views.py
View file

@ -4,7 +4,12 @@ from django.shortcuts import reverse
from django.test.utils import override_settings
import pytest
from rest_framework.status import HTTP_200_OK, HTTP_204_NO_CONTENT
from rest_framework.status import (
HTTP_200_OK,
HTTP_204_NO_CONTENT,
HTTP_400_BAD_REQUEST,
HTTP_404_NOT_FOUND,
)
from baserow.core.subjects import UserSubjectType
from baserow_enterprise.role.handler import RoleAssignmentHandler
@ -139,6 +144,143 @@ def test_create_role_assignment(
assert role_assignment_user_2 is None
def test_create_role_assignment_invalid_requests(api_client, data_fixture):
user, token = data_fixture.create_user_and_token()
user_2 = data_fixture.create_user()
user_3 = data_fixture.create_user()
group = data_fixture.create_group(user=user, members=[user_2])
group_2 = data_fixture.create_group()
role = Role.objects.get(uid="ADMIN")
url = reverse("api:enterprise:role:list", kwargs={"group_id": group.id})
response = api_client.post(
url,
data=json.dumps(
{
"scope_id": 9999,
"scope_type": "group",
"subject_id": user_2.id,
"subject_type": UserSubjectType.type,
"role": role.uid,
}
),
content_type="application/json",
**{"HTTP_AUTHORIZATION": f"JWT {token}"},
)
assert response.status_code == HTTP_404_NOT_FOUND
assert response.json()["error"] == "ERROR_SCOPE_DOES_NOT_EXIST"
response = api_client.post(
url,
data=json.dumps(
{
"scope_id": group.id,
"scope_type": "nonsense",
"subject_id": user_2.id,
"subject_type": UserSubjectType.type,
"role": role.uid,
}
),
content_type="application/json",
**{"HTTP_AUTHORIZATION": f"JWT {token}"},
)
assert response.status_code == HTTP_404_NOT_FOUND
assert response.json()["error"] == "ERROR_OBJECT_SCOPE_TYPE_DOES_NOT_EXIST"
response = api_client.post(
url,
data=json.dumps(
{
"scope_id": group.id,
"scope_type": "group",
"subject_id": 99999,
"subject_type": UserSubjectType.type,
"role": role.uid,
}
),
content_type="application/json",
**{"HTTP_AUTHORIZATION": f"JWT {token}"},
)
assert response.status_code == HTTP_404_NOT_FOUND
assert response.json()["error"] == "ERROR_SUBJECT_DOES_NOT_EXIST"
response = api_client.post(
url,
data=json.dumps(
{
"scope_id": group.id,
"scope_type": "group",
"subject_id": user_2.id,
"subject_type": "nonsense",
"role": role.uid,
}
),
content_type="application/json",
**{"HTTP_AUTHORIZATION": f"JWT {token}"},
)
assert response.status_code == HTTP_404_NOT_FOUND
assert response.json()["error"] == "ERROR_SUBJECT_TYPE_DOES_NOT_EXIST"
response = api_client.post(
url,
data=json.dumps(
{
"scope_id": group.id,
"scope_type": "group",
"subject_id": user_2.id,
"subject_type": UserSubjectType.type,
"role": 999999,
}
),
content_type="application/json",
**{"HTTP_AUTHORIZATION": f"JWT {token}"},
)
assert response.status_code == HTTP_404_NOT_FOUND
assert response.json()["error"] == "ERROR_ROLE_DOES_NOT_EXIST"
response = api_client.post(
reverse("api:enterprise:role:list", kwargs={"group_id": group_2.id}),
data=json.dumps(
{
"scope_id": group_2.id,
"scope_type": "group",
"subject_id": user_3.id,
"subject_type": UserSubjectType.type,
"role": role.uid,
}
),
content_type="application/json",
**{"HTTP_AUTHORIZATION": f"JWT {token}"},
)
assert response.status_code == HTTP_400_BAD_REQUEST
assert response.json()["error"] == "ERROR_USER_NOT_IN_GROUP"
response = api_client.post(
reverse("api:enterprise:role:list", kwargs={"group_id": 999999}),
data=json.dumps(
{
"scope_id": group.id,
"scope_type": "group",
"subject_id": user_2.id,
"subject_type": UserSubjectType.type,
"role": role.uid,
}
),
content_type="application/json",
**{"HTTP_AUTHORIZATION": f"JWT {token}"},
)
assert response.status_code == HTTP_404_NOT_FOUND
assert response.json()["error"] == "ERROR_GROUP_DOES_NOT_EXIST"
@pytest.mark.django_db
@override_settings(DEBUG=True)
def test_get_role_assignments_group_level(data_fixture, api_client):