PyPI - django-minosse - Versions diffs - 1.0.0__tar.gz - Mend

django-minosse 1.0.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

django_minosse-1.0.0/PKG-INFO +12 -0
django_minosse-1.0.0/README.md +4 -0
django_minosse-1.0.0/pyproject.toml +145 -0
django_minosse-1.0.0/setup.cfg +4 -0
django_minosse-1.0.0/src/django_minosse.egg-info/PKG-INFO +12 -0
django_minosse-1.0.0/src/django_minosse.egg-info/SOURCES.txt +17 -0
django_minosse-1.0.0/src/django_minosse.egg-info/dependency_links.txt +1 -0
django_minosse-1.0.0/src/django_minosse.egg-info/requires.txt +1 -0
django_minosse-1.0.0/src/django_minosse.egg-info/top_level.txt +1 -0
django_minosse-1.0.0/src/minosse/__init__.py +0 -0
django_minosse-1.0.0/src/minosse/decorator.py +30 -0
django_minosse-1.0.0/src/minosse/management/__init__.py +0 -0
django_minosse-1.0.0/src/minosse/management/commands/__init__.py +0 -0
django_minosse-1.0.0/src/minosse/management/commands/sync_roles.py +66 -0
django_minosse-1.0.0/src/minosse/mixin.py +30 -0
django_minosse-1.0.0/src/minosse/roles.py +99 -0
django_minosse-1.0.0/tests/test_auth.py +183 -0
django_minosse-1.0.0/tests/test_roles.py +183 -0
django_minosse-1.0.0/tests/test_sync_roles.py +124 -0

django_minosse-1.0.0/PKG-INFO ADDED Viewed

@@ -0,0 +1,12 @@
+Metadata-Version: 2.4
+Name: django-minosse
+Version: 1.0.0
+Summary: Role and permission management for Django projects.
+Requires-Python: >=3.12
+Description-Content-Type: text/markdown
+Requires-Dist: django>=5.0.0
+# django-template
+My personal Django template project.
+This a blank django template for my project. Build around [this post](https://victoria.dev/blog/my-django-project-best-practices-for-happy-developers/) and other find online.

django_minosse-1.0.0/README.md ADDED Viewed

@@ -0,0 +1,4 @@
+# django-template
+My personal Django template project.
+This a blank django template for my project. Build around [this post](https://victoria.dev/blog/my-django-project-best-practices-for-happy-developers/) and other find online.

django_minosse-1.0.0/pyproject.toml ADDED Viewed

@@ -0,0 +1,145 @@
+[project]
+name = "django-minosse"
+version = "1.0.0"
+description = "Role and permission management for Django projects."
+readme = "README.md"
+requires-python = ">=3.12"
+dependencies = ["django>=5.0.0"]
+[dependency-groups]
+dev = [
+    "django-stubs>=6.0.5",
+    "git-cliff>=2.12.0",
+    "pre-commit>=4.3.0",
+    "pylint>=3.3.8",
+    "pylint-django>=2.6.1",
+    "pytest>=8.4.1",
+    "pytest-django>=4.11.1",
+    "zensical>=0.0.45",
+]
+[tool.pytest.ini_options]
+DJANGO_SETTINGS_MODULE = "tests.settings"
+pythonpath = ["src", "."]
+[tool.black]
+line-length = 79
+include = '\.pyi?$'
+exclude = '''
+/(
+    \.git
+  | \.hg
+  | \.mypy_cache
+  | \.tox
+  | \.venv
+  | _build
+  | buck-out
+  | build
+  | dist
+)/
+'''
+[tool.isort]
+profile = "black"
+[tool.skjold]
+sources = ["pyup", "gemnasium"] # Sources to check against.
+report_only = true              # Report only, always exit with zero.
+cache_dir = '.skylt_cache'      # Cache location (default: `~/.skjold/cache`).
+cache_expires = 86400           # Cache max. age.
+verbose = true                  # Be verbose.
+[tool.ruff]
+# Set the maximum line length to 79.
+line-length = 79
+[tool.ruff.lint]
+# Add the `line-too-long` rule to the enforced rule set. By default, Ruff omits rules that
+# overlap with the use of a formatter, like Black, but we can override this behavior by
+# explicitly adding the rule.
+extend-select = [
+    "E501",
+    "UP",   # pyupgrade
+]
+[tool.ruff.lint.pydocstyle]
+convention = "google"
+[tool.flake8]
+# Check that this is aligned with your other tools like Black
+max-line-length = 120
+max-complexity = 18
+exclude = [".git", "*migrations*", ".tox", ".venv", ".env"]
+# Use extend-ignore to add to already ignored checks which are anti-patterns like W503.
+extend-ignore = ["E501", "W503", "F403", "C901", "B904"]
+[tool.git-cliff.changelog]
+# A Tera template to be rendered as the changelog's header.
+# See https://keats.github.io/tera/docs/#introduction
+header = """
+# Changelog\n
+All notable changes to this project will be documented in this file.\n
+"""
+# A Tera template to be rendered for each release in the changelog.
+# See https://keats.github.io/tera/docs/#introduction
+body = """
+{% if version %}\
+    ## [{{ version | trim_start_matches(pat="v") }}] - {{ timestamp | date(format="%Y-%m-%d") }}
+{% else %}\
+    ## 👨🏻‍💻🧋 Unreleased
+{% endif %}\
+{% for group, commits in commits | unique(attribute="message") | group_by(attribute="group")   %}
+    ### {{ group | upper_first }}
+    {% for commit in commits %}
+        - {{ commit.message | split(pat="\n") | first | upper_first | trim_end }}\
+    {% endfor %}
+{% endfor %}
+"""
+# A Tera template to be rendered as the changelog's footer.
+# See https://keats.github.io/tera/docs/#introduction
+footer = """
+<!-- generated by git-cliff -->
+"""
+# Remove leading and trailing whitespaces from the changelog's body.
+trim = true
+[tool.git-cliff.git]
+# Parse commits according to the conventional commits specification.
+# See https://www.conventionalcommits.org
+conventional_commits = true
+# Exclude commits that do not match the conventional commits specification.
+commit_parsers = [
+    { message = ".\\d+\\.\\d+\\.\\d+", skip = true },
+    { message = "^Merge '[^']+' into 'master'", skip = true },
+    { message = "^chore\\(release\\): prepare for", skip = true },
+    { message = ".*format code with Black.*", skip = true },
+    { message = "^feat", group = "🚀 Features" },
+    { message = "^fix", group = "🐛 Bug Fixes" },
+    { message = "^doc", group = "📝 Docs" },
+    { message = "^perf", group = "🧰 Improvements" },
+    { message = "^refactor", group = "🧰 Improvements" },
+    { message = "^style", group = "💄 Style" },
+    { message = "^test", group = "🧪 Testing" },
+    { message = "^chore", group = "Miscellaneous Tasks" },
+    { body = ".*security", group = "🔒 Security" },
+    { body = ".*", group = "❓ Other (unconventional)" },
+]
+# An array of regex based parsers for extracting data from the commit message.filter_unconventional = false
+# Assigns commits to groups.
+# Optionally sets the commit's scope and can decide to exclude commits from further processing.
+# Exclude commits that are not matched by any commit parser.
+filter_commits = true
+# Order releases topologically instead of chronologically.
+topo_order = false
+# Order of commits in each group/release within the changelog.
+# Allowed values: newest, oldest
+sort_commits = "oldest"

django_minosse-1.0.0/setup.cfg ADDED Viewed

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build =
+tag_date = 0

django_minosse-1.0.0/src/django_minosse.egg-info/PKG-INFO ADDED Viewed

@@ -0,0 +1,12 @@
+Metadata-Version: 2.4
+Name: django-minosse
+Version: 1.0.0
+Summary: Role and permission management for Django projects.
+Requires-Python: >=3.12
+Description-Content-Type: text/markdown
+Requires-Dist: django>=5.0.0
+# django-template
+My personal Django template project.
+This a blank django template for my project. Build around [this post](https://victoria.dev/blog/my-django-project-best-practices-for-happy-developers/) and other find online.

django_minosse-1.0.0/src/django_minosse.egg-info/SOURCES.txt ADDED Viewed

@@ -0,0 +1,17 @@
+README.md
+pyproject.toml
+src/django_minosse.egg-info/PKG-INFO
+src/django_minosse.egg-info/SOURCES.txt
+src/django_minosse.egg-info/dependency_links.txt
+src/django_minosse.egg-info/requires.txt
+src/django_minosse.egg-info/top_level.txt
+src/minosse/__init__.py
+src/minosse/decorator.py
+src/minosse/mixin.py
+src/minosse/roles.py
+src/minosse/management/__init__.py
+src/minosse/management/commands/__init__.py
+src/minosse/management/commands/sync_roles.py
+tests/test_auth.py
+tests/test_roles.py
+tests/test_sync_roles.py

django_minosse-1.0.0/src/django_minosse.egg-info/dependency_links.txt ADDED Viewed

	@@ -0,0 +1 @@
1	+

django_minosse-1.0.0/src/django_minosse.egg-info/requires.txt ADDED Viewed

	@@ -0,0 +1 @@
1	+ django>=5.0.0

django_minosse-1.0.0/src/django_minosse.egg-info/top_level.txt ADDED Viewed

	@@ -0,0 +1 @@
1	+ minosse

django_minosse-1.0.0/src/minosse/__init__.py ADDED Viewed

File without changes

django_minosse-1.0.0/src/minosse/decorator.py ADDED Viewed

@@ -0,0 +1,30 @@
+from functools import wraps
+from django.core.exceptions import PermissionDenied
+from minosse.roles import AbstractRole
+def role_required(role_class: AbstractRole):
+    def decorator(view_func):
+        @wraps(view_func)
+        def _wrapped_view(request, *args, **kwargs):
+            if not role_class.user_has_role(request.user):
+                raise PermissionDenied
+            return view_func(request, *args, **kwargs)
+        return _wrapped_view
+    return decorator
+def permission_required(permission_codename: str):
+    def decorator(view_func):
+        @wraps(view_func)
+        def _wrapped_view(request, *args, **kwargs):
+            if not request.user.has_perm(permission_codename):
+                raise PermissionDenied
+            return view_func(request, *args, **kwargs)
+        return _wrapped_view
+    return decorator

django_minosse-1.0.0/src/minosse/management/__init__.py ADDED Viewed

File without changes

django_minosse-1.0.0/src/minosse/management/commands/__init__.py ADDED Viewed

File without changes

django_minosse-1.0.0/src/minosse/management/commands/sync_roles.py ADDED Viewed

@@ -0,0 +1,66 @@
+from django.conf import settings
+from django.core.management.base import BaseCommand
+from django.core.management.base import CommandError
+from django.utils.module_loading import import_string
+from minosse.roles import RoleRegistry
+class Command(BaseCommand):
+    help = (
+        "Create or update Django groups and permissions for all registered"
+        " AbstractRole subclasses."
+    )
+    def add_arguments(self, parser):
+        parser.add_argument(
+            "--registry",
+            dest="registry",
+            default=None,
+            help=(
+                "Dotted path to a RoleRegistry instance. "
+                "Overrides MINOSSE_ROLE_REGISTRY from settings."
+            ),
+        )
+    def handle(self, *args, **options):
+        registry_path = options.get("registry") or getattr(
+            settings, "MINOSSE_ROLE_REGISTRY", None
+        )
+        if not registry_path:
+            raise CommandError(
+                "No registry configured. Set MINOSSE_ROLE_REGISTRY in "
+                "settings or pass --registry <dotted.path>."
+            )
+        try:
+            registry = import_string(registry_path)
+        except ImportError as exc:
+            raise CommandError(
+                f"Could not import registry '{registry_path}': {exc}"
+            ) from exc
+        if not isinstance(registry, RoleRegistry):
+            raise CommandError(
+                f"'{registry_path}' must be a RoleRegistry instance, "
+                f"got {type(registry).__name__}."
+            )
+        roles = registry.get_roles()
+        if not roles:
+            self.stdout.write(
+                self.style.WARNING("No roles registered. Nothing to sync.")
+            )
+            return
+        self.stdout.write(f"Syncing {len(roles)} role(s)...")
+        for role in roles:
+            group = role.get_group()
+            perm_count = group.permissions.count()
+            self.stdout.write(
+                self.style.SUCCESS(
+                    f"  OK  {role._get_group_name()!r} "
+                    f"({perm_count} permission(s))"
+                )
+            )
+        self.stdout.write(self.style.SUCCESS("Done."))

django_minosse-1.0.0/src/minosse/mixin.py ADDED Viewed

@@ -0,0 +1,30 @@
+from django.contrib.auth.mixins import LoginRequiredMixin
+from minosse.roles import AbstractRole
+class RoleRequiredMixin(LoginRequiredMixin):
+    required_role_class: type[AbstractRole] | None = None
+    def dispatch(self, request, *args, **kwargs):
+        if self.required_role_class is None:
+            raise ValueError(
+                "required_role_class must be set to a subclass of "
+                "AbstractRole."
+            )
+        if not self.required_role_class.user_has_role(request.user):
+            return self.handle_no_permission()
+        return super().dispatch(request, *args, **kwargs)
+class PermissionRequiredMixin(LoginRequiredMixin):
+    required_permission_codename: str | None = None
+    def dispatch(self, request, *args, **kwargs):
+        if self.required_permission_codename is None:
+            raise ValueError(
+                "required_permission_codename must be set to a valid "
+                "permission codename."
+            )
+        if not request.user.has_perm(self.required_permission_codename):
+            return self.handle_no_permission()
+        return super().dispatch(request, *args, **kwargs)

django_minosse-1.0.0/src/minosse/roles.py ADDED Viewed

@@ -0,0 +1,99 @@
+from typing import Any
+from django.contrib.auth.models import Group
+from django.contrib.auth.models import Permission
+from django.contrib.contenttypes.models import ContentType
+class RoleRegistry:
+    """Registry that collects AbstractRole subclasses for bulk sync."""
+    def __init__(self):
+        self._roles: list[type] = []
+    def register(self, role_class: type) -> type:
+        if role_class not in self._roles:
+            self._roles.append(role_class)
+        return role_class
+    def get_roles(self) -> list[type]:
+        return list(self._roles)
+    def sync(self) -> list[Group]:
+        return [role.get_group() for role in self._roles]
+class AbstractRole:
+    @classmethod
+    def get_permissions_list(cls):
+        available_permissions: dict[str, bool] = getattr(
+            cls, "available_permissions", {}
+        )
+        available_permissions = {
+            k: v for k, v in available_permissions.items() if v is True
+        }
+        return available_permissions.keys()
+    @classmethod
+    def _get_group_name(cls) -> str:
+        name: Any | str = getattr(cls, "group_name", cls.__name__)
+        return name
+    @classmethod
+    def _get_permission(
+        cls, all_permissions_flag: bool = False
+    ) -> list[Permission]:
+        available_permissions = getattr(cls, "available_permissions", {})
+        if all_permissions_flag is False:
+            available_permissions = {
+                k: v for k, v in available_permissions.items() if v is True
+            }
+        permissions = []
+        for perm in cls.get_permissions_list():
+            content_type, _ = ContentType.objects.get_or_create(
+                app_label="minosse",
+                model="role",
+            )
+            permission, _ = Permission.objects.get_or_create(
+                codename=perm,
+                content_type=content_type,
+                defaults={"name": available_permissions.get(perm, perm)},
+            )
+            permissions.append(permission)
+        return permissions
+    @classmethod
+    def _set_group_permissions(cls, group: Group):
+        group.permissions.clear()
+        group.permissions.add(*cls._get_permission())
+    @classmethod
+    def get_group(cls) -> Group:
+        group_name = cls._get_group_name()
+        group, _ = Group.objects.get_or_create(name=group_name)
+        cls._set_group_permissions(group)
+        return group
+    @classmethod
+    def add_user_to_role(cls, user):
+        group = cls.get_group()
+        if group:
+            user.groups.add(group)
+    @classmethod
+    def remove_user_from_role(cls, user):
+        group = cls.get_group()
+        if group:
+            user.groups.remove(group)
+    @classmethod
+    def user_has_role(cls, user):
+        if not user.is_authenticated:
+            return False
+        group_name = getattr(cls, "group_name", cls.__name__)
+        return user.groups.filter(name=group_name).exists()
+    class Meta:
+        abstract = True

django_minosse-1.0.0/tests/test_auth.py ADDED Viewed

@@ -0,0 +1,183 @@
+import pytest
+from django.contrib.auth.models import AnonymousUser
+from django.contrib.auth.models import User
+from django.core.exceptions import PermissionDenied
+from django.http import HttpResponse
+from django.test import RequestFactory
+from django.views import View
+from minosse.decorator import permission_required
+from minosse.decorator import role_required
+from minosse.mixin import PermissionRequiredMixin
+from minosse.mixin import RoleRequiredMixin
+from minosse.roles import AbstractRole
+class AdminRole(AbstractRole):
+    available_permissions = {"can_admin": True}
+class EditorRole(AbstractRole):
+    available_permissions = {"can_edit_content": True}
+def simple_view(request):
+    return HttpResponse("ok")
+class SimpleView(View):
+    def get(self, request, *args, **kwargs):
+        return HttpResponse("ok")
+@pytest.mark.django_db
+class TestRoleRequiredDecorator:
+    def setup_method(self):
+        self.factory = RequestFactory()
+        self.view = role_required(AdminRole)(simple_view)
+    def test_allows_user_with_role(self):
+        user = User.objects.create_user(username="admin", password="pass")
+        AdminRole.add_user_to_role(user)
+        request = self.factory.get("/")
+        request.user = user
+        assert self.view(request).status_code == 200
+    def test_raises_permission_denied_for_authenticated_without_role(self):
+        user = User.objects.create_user(username="other", password="pass")
+        request = self.factory.get("/")
+        request.user = user
+        with pytest.raises(PermissionDenied):
+            self.view(request)
+    def test_raises_permission_denied_for_anonymous(self):
+        request = self.factory.get("/")
+        request.user = AnonymousUser()
+        with pytest.raises(PermissionDenied):
+            self.view(request)
+    def test_preserves_view_function_name(self):
+        assert role_required(AdminRole)(simple_view).__name__ == "simple_view"
+@pytest.mark.django_db
+class TestPermissionRequiredDecorator:
+    def setup_method(self):
+        self.factory = RequestFactory()
+        self.view = permission_required("minosse.can_edit_content")(
+            simple_view
+        )
+    def test_allows_user_with_permission(self):
+        user = User.objects.create_user(username="editor", password="pass")
+        EditorRole.add_user_to_role(user)
+        user = User.objects.get(pk=user.pk)  # clear Django's permission cache
+        request = self.factory.get("/")
+        request.user = user
+        assert self.view(request).status_code == 200
+    def test_raises_permission_denied_without_permission(self):
+        user = User.objects.create_user(username="viewer", password="pass")
+        request = self.factory.get("/")
+        request.user = user
+        with pytest.raises(PermissionDenied):
+            self.view(request)
+    def test_raises_permission_denied_for_anonymous(self):
+        request = self.factory.get("/")
+        request.user = AnonymousUser()
+        with pytest.raises(PermissionDenied):
+            self.view(request)
+    def test_preserves_view_function_name(self):
+        assert (
+            permission_required("any.perm")(simple_view).__name__
+            == "simple_view"
+        )
+@pytest.mark.django_db
+class TestRoleRequiredMixin:
+    def setup_method(self):
+        self.factory = RequestFactory()
+    def _make_view(self, role_class):
+        class TestView(RoleRequiredMixin, SimpleView):
+            required_role_class = role_class
+        return TestView.as_view()
+    def test_allows_user_with_role(self):
+        user = User.objects.create_user(username="admin2", password="pass")
+        AdminRole.add_user_to_role(user)
+        request = self.factory.get("/")
+        request.user = user
+        assert self._make_view(AdminRole)(request).status_code == 200
+    def test_raises_permission_denied_for_authenticated_without_role(self):
+        user = User.objects.create_user(username="norole", password="pass")
+        request = self.factory.get("/")
+        request.user = user
+        with pytest.raises(PermissionDenied):
+            self._make_view(AdminRole)(request)
+    def test_redirects_anonymous_user(self):
+        request = self.factory.get("/protected/")
+        request.user = AnonymousUser()
+        response = self._make_view(AdminRole)(request)
+        assert response.status_code == 302
+    def test_raises_value_error_when_role_class_not_set(self):
+        class MisconfiguredView(RoleRequiredMixin, SimpleView):
+            pass
+        request = self.factory.get("/")
+        request.user = AnonymousUser()
+        with pytest.raises(ValueError):
+            MisconfiguredView.as_view()(request)
+@pytest.mark.django_db
+class TestPermissionRequiredMixin:
+    def setup_method(self):
+        self.factory = RequestFactory()
+    def _make_view(self, perm):
+        class TestView(PermissionRequiredMixin, SimpleView):
+            required_permission_codename = perm
+        return TestView.as_view()
+    def test_allows_user_with_permission(self):
+        user = User.objects.create_user(username="editor2", password="pass")
+        EditorRole.add_user_to_role(user)
+        user = User.objects.get(pk=user.pk)  # clear Django's permission cache
+        request = self.factory.get("/")
+        request.user = user
+        assert (
+            self._make_view("minosse.can_edit_content")(request).status_code
+            == 200
+        )
+    def test_raises_permission_denied_for_authenticated_without_permission(
+        self,
+    ):
+        user = User.objects.create_user(username="noperm", password="pass")
+        request = self.factory.get("/")
+        request.user = user
+        with pytest.raises(PermissionDenied):
+            self._make_view("minosse.can_edit_content")(request)
+    def test_redirects_anonymous_user(self):
+        request = self.factory.get("/protected/")
+        request.user = AnonymousUser()
+        response = self._make_view("minosse.can_edit_content")(request)
+        assert response.status_code == 302
+    def test_raises_value_error_when_codename_not_set(self):
+        class MisconfiguredView(PermissionRequiredMixin, SimpleView):
+            pass
+        request = self.factory.get("/")
+        request.user = AnonymousUser()
+        with pytest.raises(ValueError):
+            MisconfiguredView.as_view()(request)

django_minosse-1.0.0/tests/test_roles.py ADDED Viewed

@@ -0,0 +1,183 @@
+import pytest
+from django.contrib.auth.models import AnonymousUser
+from django.contrib.auth.models import Group
+from django.contrib.auth.models import Permission
+from django.contrib.auth.models import User
+from django.contrib.contenttypes.models import ContentType
+from minosse.roles import AbstractRole
+class SampleRole(AbstractRole):
+    available_permissions = {
+        "can_view": True,
+        "can_edit": False,
+        "not a_permission": "True",
+        "info": "This is just an informational entry, not a permission",
+    }
+class NamedRole(AbstractRole):
+    group_name = "custom_group"
+    available_permissions = {"can_manage": True}
+class TestGetPermissionsList:
+    def test_returns_permission_keys(self):
+        assert set(SampleRole.get_permissions_list()) == {
+            "can_view",
+        }
+    def test_empty_when_no_permissions_defined(self):
+        class EmptyRole(AbstractRole):
+            available_permissions = {}
+        assert list(EmptyRole.get_permissions_list()) == []
+    def test_uses_class_available_permissions(self):
+        assert "can_manage" in NamedRole.get_permissions_list()
+class TestGetGroupName:
+    def test_returns_class_name_by_default(self):
+        assert SampleRole._get_group_name() == "SampleRole"
+    def test_returns_custom_group_name(self):
+        assert NamedRole._get_group_name() == "custom_group"
+@pytest.mark.django_db
+class TestGetPermission:
+    def test_returns_permission_objects_for_true_permissions(self):
+        perms = SampleRole._get_permission()
+        assert {p.codename for p in perms} == {"can_view"}
+    def test_excludes_false_and_non_bool_values(self):
+        perms = SampleRole._get_permission()
+        codenames = {p.codename for p in perms}
+        assert "can_edit" not in codenames
+        assert "info" not in codenames
+    def test_returns_empty_list_when_all_permissions_are_false(self):
+        class AllFalseRole(AbstractRole):
+            available_permissions = {"can_view": False, "can_edit": False}
+        assert AllFalseRole._get_permission() == []
+    def test_all_permissions_flag_true_yields_same_result(self):
+        default = {p.codename for p in SampleRole._get_permission()}
+        with_flag = {
+            p.codename
+            for p in SampleRole._get_permission(all_permissions_flag=True)
+        }
+        assert default == with_flag
+@pytest.mark.django_db
+class TestGetGroup:
+    def test_creates_group_on_first_call(self):
+        SampleRole.get_group()
+        assert Group.objects.filter(name="SampleRole").exists()
+    def test_creates_group_with_permissions(self):
+        SampleRole.get_group()
+        group = Group.objects.get(name="SampleRole")
+        codenames = set(group.permissions.values_list("codename", flat=True))
+        assert codenames == {"can_view"}
+    def test_false_permissions_excluded_from_group(self):
+        SampleRole.get_group()
+        group = Group.objects.get(name="SampleRole")
+        codenames = set(group.permissions.values_list("codename", flat=True))
+        assert "can_edit" not in codenames
+        assert "info" not in codenames
+    def test_idempotent_when_called_multiple_times(self):
+        SampleRole.get_group()
+        SampleRole.get_group()
+        assert Group.objects.filter(name="SampleRole").count() == 1
+    def test_removes_extra_permissions_from_group(self):
+        group = SampleRole.get_group()
+        ct, _ = ContentType.objects.get_or_create(
+            app_label="auth", model="user"
+        )
+        extra, _ = Permission.objects.get_or_create(
+            codename="extra_perm",
+            content_type=ct,
+            defaults={"name": "Extra Permission"},
+        )
+        group.permissions.add(extra)
+        assert group.permissions.filter(codename="extra_perm").exists()
+        SampleRole.get_group()
+        group.refresh_from_db()
+        codenames = set(group.permissions.values_list("codename", flat=True))
+        assert codenames == {"can_view"}
+    def test_returns_group_object(self):
+        group = SampleRole.get_group()
+        assert group is not None
+        assert group.name == "SampleRole"
+    def test_creates_group_implicitly(self):
+        class FreshRole(AbstractRole):
+            available_permissions = {}
+        group = FreshRole.get_group()
+        assert group is not None
+        assert group.name == "FreshRole"
+    def test_returns_named_group(self):
+        group = NamedRole.get_group()
+        assert group is not None
+        assert group.name == "custom_group"
+@pytest.mark.django_db
+class TestAddRemoveUserFromRole:
+    def test_add_user_to_role(self):
+        user = User.objects.create_user(username="user1", password="pass")
+        SampleRole.add_user_to_role(user)
+        assert SampleRole.get_group() in user.groups.all()
+    def test_remove_user_from_role(self):
+        user = User.objects.create_user(username="user2", password="pass")
+        SampleRole.add_user_to_role(user)
+        assert SampleRole.get_group() in user.groups.all()
+        SampleRole.remove_user_from_role(user)
+        assert SampleRole.get_group() not in user.groups.all()
+    def test_add_user_creates_group_if_needed(self):
+        class OrphanRole(AbstractRole):
+            available_permissions = {}
+        user = User.objects.create_user(username="user3", password="pass")
+        OrphanRole.add_user_to_role(user)
+        assert user.groups.filter(name="OrphanRole").exists()
+@pytest.mark.django_db
+class TestUserHasRole:
+    def test_returns_true_for_user_with_role(self):
+        user = User.objects.create_user(username="member", password="pass")
+        SampleRole.add_user_to_role(user)
+        assert SampleRole.user_has_role(user) is True
+    def test_returns_false_for_user_without_role(self):
+        user = User.objects.create_user(username="outsider", password="pass")
+        assert SampleRole.user_has_role(user) is False
+    def test_returns_false_for_anonymous_user(self):
+        assert SampleRole.user_has_role(AnonymousUser()) is False
+    def test_role_check_is_group_specific(self):
+        user = User.objects.create_user(username="manager", password="pass")
+        NamedRole.add_user_to_role(user)
+        assert NamedRole.user_has_role(user) is True
+        assert SampleRole.user_has_role(user) is False
+    def test_returns_false_after_remove(self):
+        user = User.objects.create_user(username="ex_member", password="pass")
+        SampleRole.add_user_to_role(user)
+        SampleRole.remove_user_from_role(user)
+        assert SampleRole.user_has_role(user) is False

django_minosse-1.0.0/tests/test_sync_roles.py ADDED Viewed

@@ -0,0 +1,124 @@
+from io import StringIO
+import pytest
+from django.contrib.auth.models import Group
+from django.core.management import call_command
+from django.core.management.base import CommandError
+from minosse.roles import AbstractRole
+from minosse.roles import RoleRegistry
+class EditorRole(AbstractRole):
+    group_name = "editors"
+    available_permissions = {"can_publish": True, "can_draft": True}
+class ViewerRole(AbstractRole):
+    group_name = "viewers"
+    available_permissions = {"can_read": True}
+test_registry = RoleRegistry()
+test_registry.register(EditorRole)
+test_registry.register(ViewerRole)
+empty_registry = RoleRegistry()
+class TestRoleRegistry:
+    def test_register_adds_role(self):
+        reg = RoleRegistry()
+        reg.register(EditorRole)
+        assert EditorRole in reg.get_roles()
+    def test_register_is_idempotent(self):
+        reg = RoleRegistry()
+        reg.register(EditorRole)
+        reg.register(EditorRole)
+        assert reg.get_roles().count(EditorRole) == 1
+    def test_register_returns_class(self):
+        reg = RoleRegistry()
+        result = reg.register(EditorRole)
+        assert result is EditorRole
+    def test_get_roles_returns_all(self):
+        reg = RoleRegistry()
+        reg.register(EditorRole)
+        reg.register(ViewerRole)
+        assert set(reg.get_roles()) == {EditorRole, ViewerRole}
+    @pytest.mark.django_db
+    def test_sync_creates_all_groups(self):
+        reg = RoleRegistry()
+        reg.register(EditorRole)
+        reg.register(ViewerRole)
+        groups = reg.sync()
+        assert {g.name for g in groups} == {"editors", "viewers"}
+    def test_register_as_decorator(self):
+        reg = RoleRegistry()
+        @reg.register
+        class TempRole(AbstractRole):
+            available_permissions = {}
+        assert TempRole in reg.get_roles()
+@pytest.mark.django_db
+class TestSyncRolesCommand:
+    def _run(self, registry_path=None):
+        out = StringIO()
+        kwargs = {"stdout": out}
+        if registry_path:
+            kwargs["registry"] = registry_path
+        call_command("sync_roles", **kwargs)
+        return out.getvalue()
+    def test_syncs_all_registered_roles(self, settings):
+        settings.MINOSSE_ROLE_REGISTRY = "tests.test_sync_roles.test_registry"
+        output = self._run()
+        assert Group.objects.filter(name="editors").exists()
+        assert Group.objects.filter(name="viewers").exists()
+        assert "Done." in output
+    def test_output_shows_permission_count(self, settings):
+        settings.MINOSSE_ROLE_REGISTRY = "tests.test_sync_roles.test_registry"
+        output = self._run()
+        assert "'editors'" in output
+        assert "'viewers'" in output
+    def test_registry_flag_overrides_settings(self, settings):
+        settings.MINOSSE_ROLE_REGISTRY = "tests.test_sync_roles.empty_registry"
+        self._run(registry_path="tests.test_sync_roles.test_registry")
+        assert Group.objects.filter(name="editors").exists()
+    def test_empty_registry_prints_warning(self, settings):
+        settings.MINOSSE_ROLE_REGISTRY = "tests.test_sync_roles.empty_registry"
+        output = self._run()
+        assert "No roles registered" in output
+    def test_raises_when_no_registry_configured(self, settings):
+        if hasattr(settings, "MINOSSE_ROLE_REGISTRY"):
+            del settings.MINOSSE_ROLE_REGISTRY
+        with pytest.raises(CommandError, match="No registry configured"):
+            self._run()
+    def test_raises_on_invalid_import_path(self, settings):
+        settings.MINOSSE_ROLE_REGISTRY = "nonexistent.module.registry"
+        with pytest.raises(CommandError, match="Could not import registry"):
+            self._run()
+    def test_raises_when_object_is_not_registry(self, settings):
+        settings.MINOSSE_ROLE_REGISTRY = "tests.test_sync_roles.EditorRole"
+        with pytest.raises(
+            CommandError, match="must be a RoleRegistry instance"
+        ):
+            self._run()
+    def test_sync_is_idempotent(self, settings):
+        settings.MINOSSE_ROLE_REGISTRY = "tests.test_sync_roles.test_registry"
+        self._run()
+        self._run()
+        assert Group.objects.filter(name="editors").count() == 1