✨(backend) add ServiceProvider #522
Conversation
qbey
force-pushed
the
qbey/add-service-provider
branch
7 times, most recently
from
d2f7a96
to
a57a31d
Compare
This adds the ServiceProvider notion to allow to better manage which teams is available for each service provider.
We don't want every Service Provider to be able to request every endpoint if those are not implementing a filtering on the data returned. To prevent any data leak we enforce the developers to manually "whitelist" each endpoint and add the proper filtering when needed.
When updating an Organization in the Django admin, the validator falsly raises a "duplicated" error because it does not exclude the current object from the database lookup.
This allow to display service providers in the frontend. Not used yet, but will allow to manage organization and teams related service providers.
Warning where raised because of the casing change between `FROM` and `as`.
qbey
force-pushed
the
qbey/add-service-provider
branch
from
04c282f
to
03fc56b
Compare
| HTTP_AUTHORIZATION="Bearer b64untestedbearertoken", | ||
| ) | ||
|
|
||
| assert response.status_code == HTTP_404_NOT_FOUND |
There was a problem hiding this comment.
maybe the 404 here is a symptom of a wrong split between filtering/annotating and permission checks? No big deal but it resonates with our discussions on impress.
| client, authenticated_user_with_service_provider | ||
| ): | ||
| """ | ||
| Authenticated users should not be able to delete a team for which they are directly |
There was a problem hiding this comment.
| Authenticated users should not be able to delete a team for which they are directly | |
| Authenticated users should not be able to retrieve a team for which they are directly |
| } | ||
|
|
||
|
|
||
| def test_api_teams_retrieve_authenticated_other_resource_server( |
There was a problem hiding this comment.
should you also test that a team without any service provider can not be retrieved?
| """ | ||
| Authenticated users should be able to list teams | ||
| they are an owner/administrator/member of, and | ||
| the service provider should be filtered to the one |
There was a problem hiding this comment.
| the service provider should be filtered to the one | |
| the service providers should be filtered to the one |
| client, resource_server_settings | ||
| ): | ||
| """ | ||
| Authenticated users should be able to create teams and should automatically be declared |
There was a problem hiding this comment.
Should it be: Users authenticated via a resource server query ?
If yes, update all below tests?
There was a problem hiding this comment.
to differentiate from below's test, precise that the service provider should be created on the fly?
| def test_api_service_providers_retrieve_authenticated_on_teams(client): | ||
| """ | ||
| Authenticated users should not be able to retrieve service providers | ||
| of because of their teams (might change later if needed). |
There was a problem hiding this comment.
| of because of their teams (might change later if needed). | |
| just because it is related to one of their teams if it is not related to their organization (might change later if needed). |
|
|
||
|
|
||
| @responses.activate | ||
| def test_api_teams_update_authenticated_owner_resource_server( |
There was a problem hiding this comment.
I was expecting tests about adding/removing service providers from a team for authenticated admin/owners of the team?
|
|
||
|
|
||
| @pytest.fixture | ||
| def authenticated_user_with_service_provider(client): |
There was a problem hiding this comment.
| def authenticated_user_with_service_provider(client): | |
| def user_authenticated_via_service_provider(client): |
| @@ -0,0 +1,148 @@ | |||
| """Defines fixtures for the tests.""" | |||
There was a problem hiding this comment.
hope we don't abuse this pattern. I like tests to be self understandable without having to jump from file to file to try to understand each fixture.
- the necessity to define edge cases tends to create complicated code when you try to mutualize test code.
Purpose
We want to allow Service Providers to fetch our data but we also need a better management of the data available for each one of them.
Proposal
Not included in this PR: allow Service Provider management from the front.
ServiceProvidermodel