[tests] Added tests for multi-tenant admin

pandafy · pandafy · commit a8616ab42785 · 2025-07-04T19:27:37.000+05:30
diff --git a/openwisp_controller/config/tests/test_admin.py b/openwisp_controller/config/tests/test_admin.py
@@ -506,17 +506,64 @@ def test_template_vpn_fk_autocomplete_view(self):
             hidden=[data["vpn2"].name, data["vpn_inactive"].name],
         )
 
+    def test_org_admin_create_template_with_shared_vpn(self):
+        vpn = self._create_vpn(organization=None)
+        org = self._create_org()
+        administrator = self._create_administrator(organizations=[org])
+        path = reverse(f'admin:{self.app_label}_template_add')
+        payload = {
+            'organization': '',
+            'name': 'Test',
+            'type': 'vpn',
+            'vpn': str(vpn.id),
+            'backend': 'netjsonconfig.OpenWrt',
+            'config': '',
+            'default_values': '',
+            'tags': '',
+        }
+        self.assertEqual(Template.objects.count(), 2)
+
+        with self.subTest('Should not allow creating shared template'):
+            self._test_org_admin_create_shareable_object(
+                path=path,
+                payload=payload,
+                model=Template,
+                expected_count=2,
+                user=administrator,
+            )
+
+        with self.subTest('Should allow creating non-shared template'):
+            payload['organization'] = str(org.pk)
+            self._test_org_admin_create_shareable_object(
+                path=path,
+                payload=payload,
+                model=Template,
+                expected_count=3,
+                user=administrator,
+                raises_error=False,
+            )
+
+    def test_org_admin_view_shared_template(self):
+        vpn = self._create_vpn(organization=None)
+        template = self._create_template(type='vpn', vpn=vpn)
+        self._test_org_admin_view_shareable_object(
+            path=reverse(f'admin:{self.app_label}_template_change', args=[template.pk]),
+        )
+
     def test_vpn_queryset(self):
         data = self._create_multitenancy_test_env(vpn=True)
         self._test_multitenant_admin(
-            url=reverse(f"admin:{self.app_label}_vpn_changelist"),
-            visible=[data["org1"].name, data["vpn1"].name],
+            url=reverse(f'admin:{self.app_label}_vpn_changelist'),
+            visible=[
+                data['org1'].name,
+                data['vpn1'].name,
+                data['vpn_shared'].name,
+            ],
             hidden=[
-                data["org2"].name,
-                data["inactive"],
-                data["vpn2"].name,
-                data["vpn_shared"].name,
-                data["vpn_inactive"].name,
+                data['org2'].name,
+                data['inactive'],
+                data['vpn2'].name,
+                data['vpn_inactive'].name,
             ],
         )
 
@@ -561,6 +608,39 @@ def test_recoverlist_operator_403(self):
         self._test_recoverlist_operator_403(self.app_label, "template")
         self._test_recoverlist_operator_403(self.app_label, "vpn")
 
+    def test_org_admin_create_shared_vpn(self):
+        org = self._get_org()
+        ca = self._create_ca(organization=org)
+        self._test_org_admin_create_shareable_object(
+            path=reverse(f'admin:{self.app_label}_vpn_add'),
+            model=Vpn,
+            payload={
+                'organization': '',
+                'name': 'Test',
+                'host': 'vpn1.test.com',
+                'key': 'vZFUV5FqYt4WW9nerc23BofQH51gHNNy',
+                'backend': 'openwisp_controller.vpn_backends.OpenVPN',
+                'ca': ca.pk,
+                'config': {
+                    'openvpn': [
+                        {
+                            'server_bridge': '10.8.0.0 255.255.255.0',
+                            'name': 'tun0',
+                            'mode': 'server',
+                            'proto': 'udp',
+                            'dev': 'tun0',
+                        }
+                    ]
+                },
+            },
+        )
+
+    def test_org_admin_view_shared_vpn(self):
+        vpn = self._create_vpn(organization=None)
+        self._test_org_admin_view_shareable_object(
+            path=reverse(f'admin:{self.app_label}_vpn_change', args=[vpn.pk]),
+        )
+
     def test_device_template_filter(self):
         org = self._get_org(org_name="test-org")
         t = self._create_template(name="test-template", organization=org)
diff --git a/openwisp_controller/pki/tests/test_admin.py b/openwisp_controller/pki/tests/test_admin.py
@@ -57,13 +57,16 @@ def _create_multitenancy_test_env(self, cert=False):
     def test_ca_queryset(self):
         data = self._create_multitenancy_test_env()
         self._test_multitenant_admin(
-            url=reverse(f"admin:{self.app_label}_ca_changelist"),
-            visible=[data["ca1"].name, data["org1"].name],
+            url=reverse(f'admin:{self.app_label}_ca_changelist'),
+            visible=[
+                data['ca1'].name,
+                data['org1'].name,
+                data['ca_shared'].name,
+            ],
             hidden=[
-                data["ca2"].name,
-                data["org2"].name,
-                data["ca_inactive"].name,
-                data["ca_shared"].name,
+                data['ca2'].name,
+                data['org2'].name,
+                data['ca_inactive'].name,
             ],
         )
 
@@ -76,16 +79,39 @@ def test_ca_organization_fk_autocomplete_view(self):
             administrator=True,
         )
 
+    def test_org_create_shared_ca(self):
+        self._test_org_admin_create_shareable_object(
+            path=reverse(f'admin:{self.app_label}_ca_add'),
+            model=Ca,
+            payload={
+                'name': 'ca-shared',
+                'organization': '',
+                'key_length': 2048,
+                'digest': 'sha256',
+                'operation_type': 'new',
+                'extensions': '',
+            },
+        )
+
+    def test_org_admin_view_shared_ca(self):
+        ca = self._create_ca(organization=None)
+        self._test_org_admin_view_shareable_object(
+            path=reverse(f'admin:{self.app_label}_ca_change', args=[ca.pk]),
+        )
+
     def test_cert_queryset(self):
         data = self._create_multitenancy_test_env(cert=True)
         self._test_multitenant_admin(
-            url=reverse(f"admin:{self.app_label}_cert_changelist"),
-            visible=[data["cert1"].name, data["org1"].name],
+            url=reverse(f'admin:{self.app_label}_cert_changelist'),
+            visible=[
+                data['cert1'].name,
+                data['org1'].name,
+                data['cert_shared'].name,
+            ],
             hidden=[
-                data["cert2"].name,
-                data["org2"].name,
-                data["cert_inactive"].name,
-                data["cert_shared"].name,
+                data['cert2'].name,
+                data['org2'].name,
+                data['cert_inactive'].name,
             ],
         )
 
@@ -109,6 +135,45 @@ def test_cert_ca_fk_autocomplete_view(self):
             administrator=True,
         )
 
+    def test_org_admin_create_cert_with_shared_ca(self):
+        org = self._get_org()
+        administrator = self._create_administrator(organizations=[org])
+        shared_ca = self._create_ca(organization=None)
+        payload = {
+            'name': 'Test',
+            'organization': '',
+            'ca': str(shared_ca.pk),
+            'operation_type': 'new',
+            'key_length': 2048,
+            'digest': 'sha256',
+            'extensions': '[]',
+        }
+        with self.subTest('Should not allow creating shared certificate'):
+            self._test_org_admin_create_shareable_object(
+                path=reverse(f'admin:{self.app_label}_cert_add'),
+                model=Cert,
+                payload=payload,
+                user=administrator,
+            )
+
+        with self.subTest('Should allow creating non-shared certificate'):
+            payload['organization'] = str(org.pk)
+            self._test_org_admin_create_shareable_object(
+                path=reverse(f'admin:{self.app_label}_cert_add'),
+                model=Cert,
+                payload=payload,
+                user=administrator,
+                raises_error=False,
+                expected_count=1,
+            )
+
+    def test_org_admin_view_shared_cert(self):
+        shared_ca = self._create_ca(organization=None)
+        shared_cert = self._create_cert(ca=shared_ca, organization=None)
+        self._test_org_admin_view_shareable_object(
+            path=reverse(f'admin:{self.app_label}_cert_change', args=[shared_cert.pk]),
+        )
+
     def test_cert_changeform_200(self):
         org = self._create_org(name="test-org")
         self._create_operator(organizations=[org])
