[qa] Document database queries in permission class tests #256

komaleswar · komaleswar · commit a88299e6cf04 · 2025-12-27T09:26:43.000+05:30
Add assertNumQueries to the organization manager permission test to document the expected database queries triggered by permission and object-level access checks. These queries are intentional and required for security and multi-tenancy, and documenting them helps prevent confusion and accidental regressions. Fixes #256 Please enter the commit message for your changes. Lines starting
diff --git a/tests/testapp/tests/test_permission_classes.py b/tests/testapp/tests/test_permission_classes.py
@@ -36,33 +36,6 @@ def test_operator_none(self):
             response = self.client.get(self.owner_url, **auth)
             self.assertEqual(response.status_code, 403)
 
-    def test_operator_manager(self):
-    operator = self._get_operator()
-    # First user is automatically owner, so created dummy
-    # user to keep operator as manager only.
-    self._create_org_user(user=self._get_user(), is_admin=True)
-    self._create_org_user(user=operator, is_admin=True)
-    token = self._obtain_auth_token()
-    auth = dict(HTTP_AUTHORIZATION=f"Bearer {token}")
-
-    with self.subTest("Organization Member"):
-        response = self.client.get(self.member_url, **auth)
-        self.assertEqual(response.status_code, 200)
-
-    # Organization Manager
-    # Query breakdown for IsOrganizationManager permission check:
-    # 1 query for IsOrganizationManager.has_permission() checking
-    # organizations_managed. Remaining queries are for object
-    # creation/get and object-level permission checks
-    with self.assertNumQueries(5):
-        response = self.client.get(self.manager_url, **auth)
-    self.assertEqual(response.status_code, 200)
-
-    with self.subTest("Organization Owner"):
-        response = self.client.get(self.owner_url, **auth)
-        self.assertEqual(response.status_code, 403)
-
-
     def test_operator_manager(self):
         operator = self._get_operator()
         # First user is automatically owner, so created dummy
@@ -71,17 +44,20 @@ def test_operator_manager(self):
         self._create_org_user(user=operator, is_admin=True)
         token = self._obtain_auth_token()
         auth = dict(HTTP_AUTHORIZATION=f"Bearer {token}")
+
         with self.subTest("Organization Member"):
             response = self.client.get(self.member_url, **auth)
             self.assertEqual(response.status_code, 200)
-        with self.subTest("Organization Manager"):
-            # Query breakdown for IsOrganizationManager permission check:
-            # 1 query for IsOrganizationManager.has_permission() checking
-            # organizations_managed. Remaining queries are for object
-            # creation/get and object-level permission checks
-            with self.assertNumQueries(5):
-                response = self.client.get(self.manager_url, **auth)
-            self.assertEqual(response.status_code, 200)
+
+        # Organization Manager
+        # Query breakdown for IsOrganizationManager permission check:
+        # 1 query for IsOrganizationManager.has_permission() checking
+        # organizations_managed. Remaining queries are for object
+        # creation/get and object-level permission checks
+        with self.assertNumQueries(4):
+            response = self.client.get(self.manager_url, **auth)
+        self.assertEqual(response.status_code, 200)
+
         with self.subTest("Organization Owner"):
             response = self.client.get(self.owner_url, **auth)
             self.assertEqual(response.status_code, 403)
