#11 cleanup and update doc

Valbou · Oct 7, 2023 · 71f795c · 71f795c
1 parent 3bfd8cd
commit 71f795c
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 16 deletions.
diff --git a/README.md b/README.md
@@ -9,8 +9,8 @@ You can follow the [Roadmap](https://github.com/Valbou/vtaskr-backend/blob/maste
 
 ![License LGPLv3](https://img.shields.io/badge/license-LGPLv3-blue "License LGPLv3")
 ![Python v3.8](https://img.shields.io/badge/python-v3.8-blue "Python v3.8")
-![Tests 237 passed](https://img.shields.io/badge/tests-237%20passed-green "Tests 237 passed")
-![Coverage 93%](https://img.shields.io/badge/coverage-93%25-green "Coverage 93%")
+![Tests 253 passed](https://img.shields.io/badge/tests-253%20passed-green "Tests 253 passed")
+![Coverage 94%](https://img.shields.io/badge/coverage-94%25-green "Coverage 94%")
 [![CodeFactor](https://www.codefactor.io/repository/github/valbou/vtaskr-backend/badge)](https://www.codefactor.io/repository/github/valbou/vtaskr-backend)
 
 ### Translations

diff --git a/ROADMAP.md b/ROADMAP.md
@@ -23,9 +23,9 @@ As vTaskr is an non profit project without fulltime dev, no release date can be
 - [x] Start a frontend developpement in an other git repository
 
 ## Go to v1.1.0
-- [ ] User can manage groups (create, read, update, delete)
-- [ ] User can manage roles (create, read, update, delete)
-- [ ] User can't access to tasks not owned or not in his groups
+- [ ] User can manage groups (create, read, update, delete and achieve)
+- [ ] User can manage roles (create, read, update, delete and achieve)
+- [x] User can't access to tasks not owned by at least one of his groups
 - [ ] Add Keycloak integration
 
 ## Go to v1.2.0

diff --git a/tests/users/services/test_permissions_service.py b/tests/users/services/test_permissions_service.py
@@ -108,7 +108,7 @@ class TestPermissionControlOnOthersGroups(BaseTestCase, CheckCanMixin):
     def setUp(self) -> None:
         super().setUp()
         self.create_user()
-        first_user = self.user
+        first_user, self.first_group = self.user, self.group
         self.create_user()
 
         self.assertNotEqual(first_user.id, self.user.id)
@@ -177,3 +177,42 @@ def test_user_can_read_and_achieve_only_on_this_shared_group(self):
                 group_id_resource=self.shared_group.id,
             )
         )
+
+    def test_all_tenants_with_read_access_to_group_and_shared(self):
+        with self.app.sql.get_session() as session:
+            self.permissions_service = PermissionControl(session=session)
+            read_roletype_tenant_ids = self.permissions_service.all_tenants_with_access(
+                permission=Permissions.READ,
+                user_id=self.user.id,
+                resource=Resources.ROLETYPE
+            )
+
+            self.assertNotIn(self.first_group, read_roletype_tenant_ids)
+            self.assertIn(self.group.id, read_roletype_tenant_ids)
+            self.assertIn(self.shared_group.id, read_roletype_tenant_ids)
+
+    def test_all_tenants_with_create_access_to_private_group_only(self):
+        with self.app.sql.get_session() as session:
+            self.permissions_service = PermissionControl(session=session)
+            create_roletype_tenant_ids = self.permissions_service.all_tenants_with_access(
+                permission=Permissions.CREATE,
+                user_id=self.user.id,
+                resource=Resources.ROLETYPE
+            )
+
+            self.assertNotIn(self.first_group, create_roletype_tenant_ids)
+            self.assertIn(self.group.id, create_roletype_tenant_ids)
+            self.assertNotIn(self.shared_group.id, create_roletype_tenant_ids)
+
+    def test_all_tenants_with_read_access_on_group_to_private_group_only(self):
+        with self.app.sql.get_session() as session:
+            self.permissions_service = PermissionControl(session=session)
+            create_roletype_tenant_ids = self.permissions_service.all_tenants_with_access(
+                permission=Permissions.READ,
+                user_id=self.user.id,
+                resource=Resources.GROUP
+            )
+
+            self.assertNotIn(self.first_group, create_roletype_tenant_ids)
+            self.assertIn(self.group.id, create_roletype_tenant_ids)
+            self.assertNotIn(self.shared_group.id, create_roletype_tenant_ids)
diff --git a/vtaskr/users/__init__.py b/vtaskr/users/__init__.py
@@ -1,2 +1 @@
 from .models import *
-from .permissions import *
diff --git a/vtaskr/users/permissions/__init__.py b/vtaskr/users/permissions/__init__.py
diff --git a/vtaskr/users/permissions/control.py b/vtaskr/users/permissions/control.py