Refactor API tests to include asset and organization endpoints, enhancing coverage for asset-related functionalities.

Maffooch · Maffooch · commit 71ad98dd9c9e · 2026-01-12T14:11:09.000-07:00
diff --git a/unittests/test_apiv2_methods_and_endpoints.py b/unittests/test_apiv2_methods_and_endpoints.py
@@ -49,15 +49,18 @@ def test_is_defined(self):
             "configuration_permissions", "questionnaire_questions",
             "questionnaire_answers", "questionnaire_answered_questionnaires",
             "questionnaire_engagement_questionnaires", "questionnaire_general_questionnaires",
-            "dojo_group_members", "product_members", "product_groups", "product_type_groups",
-            "product_type_members", "asset_members", "asset_groups", "organization_groups",
-            "organization_members",
             # pghistory Event models (should not be exposed via API)
             "dojo_userevents", "endpointevents", "engagementevents", "findingevents",
             "finding_groupevents", "product_typeevents", "productevents", "testevents",
             "risk_acceptanceevents", "finding_templateevents", "cred_userevents",
             "notification_webhooksevents",
         }
+        patch_exempt_list = {
+            "dojo_group_members", "product_members", "product_groups", "product_type_groups",
+            "product_type_members", "asset_members", "asset_groups", "organization_groups",
+            "organization_members",
+        }
+
         for reg, _, _ in sorted(self.registry):
             if reg in exempt_list:
                 continue
@@ -67,7 +70,15 @@ def test_is_defined(self):
                     f"Endpoint: {reg}, Method: {method}",
                 )
 
-            for method in ["get", "put", "patch", "delete"]:
+            for method in ["get", "put", "delete"]:
+                self.assertIsNotNone(
+                    self.schema["paths"][f"{BASE_API_URL}/{reg}" + "/{id}/"].get(method),
+                    f"Endpoint: {reg}, Method: {method}",
+                )
+
+            for method in ["patch"]:
+                if reg in patch_exempt_list:
+                    continue
                 self.assertIsNotNone(
                     self.schema["paths"][f"{BASE_API_URL}/{reg}" + "/{id}/"].get(method),
                     f"Endpoint: {reg}, Method: {method}",
diff --git a/unittests/test_rest_framework.py b/unittests/test_rest_framework.py
@@ -86,6 +86,12 @@
     UserContactInfoViewSet,
     UsersViewSet,
 )
+from dojo.asset.api.views import (
+    AssetAPIScanConfigurationViewSet,
+    AssetGroupViewSet,
+    AssetMemberViewSet,
+    AssetViewSet,
+)
 from dojo.authorization.roles_permissions import Permissions
 from dojo.models import (
     Announcement,
@@ -140,6 +146,11 @@
     User,
     UserContactInfo,
 )
+from dojo.organization.api.views import (
+    OrganizationGroupViewSet,
+    OrganizationMemberViewSet,
+    OrganizationViewSet,
+)
 
 from .dojo_test_case import DojoAPITestCase, get_unit_tests_scans_path
 
@@ -1905,6 +1916,29 @@ def __init__(self, *args, **kwargs):
         BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs)
 
 
+class Asset_API_Scan_ConfigurationTest(BaseClass.BaseClassTest):
+    fixtures = ["dojo_testdata.json"]
+
+    def __init__(self, *args, **kwargs):
+        self.endpoint_model = Product_API_Scan_Configuration
+        self.endpoint_path = "asset_api_scan_configurations"
+        self.viewname = "asset_api_scan_configuration"
+        self.viewset = AssetAPIScanConfigurationViewSet
+        self.payload = {
+            "asset": 2,
+            "service_key_1": "dojo_sonar_key",
+            "tool_configuration": 3,
+        }
+        self.update_fields = {"tool_configuration": 2}
+        self.test_type = TestType.OBJECT_PERMISSIONS
+        self.permission_check_class = Product_API_Scan_Configuration
+        self.permission_create = Permissions.Product_API_Scan_Configuration_Add
+        self.permission_update = Permissions.Product_API_Scan_Configuration_Edit
+        self.permission_delete = Permissions.Product_API_Scan_Configuration_Delete
+        self.deleted_objects = 1
+        BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs)
+
+
 class ProductTest(BaseClass.BaseClassTest):
     fixtures = ["dojo_testdata.json"]
 
@@ -1932,6 +1966,33 @@ def __init__(self, *args, **kwargs):
         BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs)
 
 
+class AssetTest(BaseClass.BaseClassTest):
+    fixtures = ["dojo_testdata.json"]
+
+    def __init__(self, *args, **kwargs):
+        self.endpoint_model = Product
+        self.endpoint_path = "assets"
+        self.viewname = "asset"
+        self.viewset = AssetViewSet
+        self.payload = {
+            "product_manager": 2,
+            "technical_contact": 3,
+            "team_manager": 2,
+            "organization": 1,
+            "name": "Test Product",
+            "description": "test product",
+            "tags": ["mytag", "yourtag"],
+        }
+        self.update_fields = {"organization": 2}
+        self.test_type = TestType.OBJECT_PERMISSIONS
+        self.permission_check_class = Product
+        self.permission_create = Permissions.Product_Type_Add_Product
+        self.permission_update = Permissions.Product_Edit
+        self.permission_delete = Permissions.Product_Delete
+        self.deleted_objects = 25
+        BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs)
+
+
 class StubFindingsTest(BaseClass.BaseClassTest):
     fixtures = ["dojo_testdata.json"]
 
@@ -2873,6 +2934,47 @@ def test_create_authorized_owner(self):
         self.assertEqual(201, response.status_code, response.content[:1000])
 
 
+class OrganizationTest(BaseClass.BaseClassTest):
+    fixtures = ["dojo_testdata.json"]
+
+    def __init__(self, *args, **kwargs):
+        self.endpoint_model = Product_Type
+        self.endpoint_path = "organizations"
+        self.viewname = "organization"
+        self.viewset = OrganizationViewSet
+        self.payload = {
+            "name": "Test Organization",
+            "description": "Test",
+            "key_product": True,
+            "critical_product": False,
+        }
+        self.update_fields = {"description": "changed"}
+        self.test_type = TestType.OBJECT_PERMISSIONS
+        self.permission_check_class = Product_Type
+        self.permission_update = Permissions.Product_Type_Edit
+        self.permission_delete = Permissions.Product_Type_Delete
+        self.deleted_objects = 25
+        BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs)
+
+    def test_create_object_not_authorized(self):
+        self.setUp_not_authorized()
+
+        response = self.client.post(self.url, self.payload)
+        self.assertEqual(403, response.status_code, response.content[:1000])
+
+    def test_create_not_authorized_reader(self):
+        self.setUp_global_reader()
+
+        response = self.client.post(self.url, self.payload)
+        self.assertEqual(403, response.status_code, response.content[:1000])
+
+    def test_create_authorized_owner(self):
+        self.setUp_global_owner()
+
+        response = self.client.post(self.url, self.payload)
+        self.assertEqual(201, response.status_code, response.content[:1000])
+
+
 class DojoGroupsTest(BaseClass.BaseClassTest):
     fixtures = ["dojo_testdata.json"]
 
@@ -3016,6 +3118,29 @@ def __init__(self, *args, **kwargs):
         BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs)
 
 
+class OrganizationMemberTest(BaseClass.MemberEndpointTest):
+    fixtures = ["dojo_testdata.json"]
+
+    def __init__(self, *args, **kwargs):
+        self.endpoint_model = Product_Type_Member
+        self.endpoint_path = "organization_members"
+        self.viewname = "organization_member"
+        self.viewset = OrganizationMemberViewSet
+        self.payload = {
+            "organization": 1,
+            "user": 3,
+            "role": 2,
+        }
+        self.update_fields = {"role": 3}
+        self.test_type = TestType.OBJECT_PERMISSIONS
+        self.permission_check_class = Product_Type_Member
+        self.permission_create = Permissions.Product_Type_Manage_Members
+        self.permission_update = Permissions.Product_Type_Manage_Members
+        self.permission_delete = Permissions.Product_Type_Member_Delete
+        self.deleted_objects = 1
+        BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs)
+
+
 class ProductMemberTest(BaseClass.MemberEndpointTest):
     fixtures = ["dojo_testdata.json"]
 
@@ -3039,6 +3164,29 @@ def __init__(self, *args, **kwargs):
         BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs)
 
 
+class AssetMemberTest(BaseClass.MemberEndpointTest):
+    fixtures = ["dojo_testdata.json"]
+
+    def __init__(self, *args, **kwargs):
+        self.endpoint_model = Product_Member
+        self.endpoint_path = "asset_members"
+        self.viewname = "asset_member"
+        self.viewset = AssetMemberViewSet
+        self.payload = {
+            "asset": 3,
+            "user": 2,
+            "role": 2,
+        }
+        self.update_fields = {"role": 3}
+        self.test_type = TestType.OBJECT_PERMISSIONS
+        self.permission_check_class = Product_Member
+        self.permission_create = Permissions.Product_Manage_Members
+        self.permission_update = Permissions.Product_Manage_Members
+        self.permission_delete = Permissions.Product_Member_Delete
+        self.deleted_objects = 1
+        BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs)
+
+
 class ProductTypeGroupTest(BaseClass.MemberEndpointTest):
     fixtures = ["dojo_testdata.json"]
 
@@ -3062,6 +3210,29 @@ def __init__(self, *args, **kwargs):
         BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs)
 
 
+class OrganiazationGroupTest(BaseClass.MemberEndpointTest):
+    fixtures = ["dojo_testdata.json"]
+
+    def __init__(self, *args, **kwargs):
+        self.endpoint_model = Product_Type_Group
+        self.endpoint_path = "organization_groups"
+        self.viewname = "organization_group"
+        self.viewset = OrganizationGroupViewSet
+        self.payload = {
+            "organization": 1,
+            "group": 2,
+            "role": 2,
+        }
+        self.update_fields = {"role": 3}
+        self.test_type = TestType.OBJECT_PERMISSIONS
+        self.permission_check_class = Product_Type_Group
+        self.permission_create = Permissions.Product_Type_Group_Add
+        self.permission_update = Permissions.Product_Type_Group_Edit
+        self.permission_delete = Permissions.Product_Type_Group_Delete
+        self.deleted_objects = 1
+        BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs)
+
+
 class ProductGroupTest(BaseClass.MemberEndpointTest):
     fixtures = ["dojo_testdata.json"]
 
@@ -3085,6 +3256,29 @@ def __init__(self, *args, **kwargs):
         BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs)
 
 
+class AssetGroupTest(BaseClass.MemberEndpointTest):
+    fixtures = ["dojo_testdata.json"]
+
+    def __init__(self, *args, **kwargs):
+        self.endpoint_model = Product_Group
+        self.endpoint_path = "asset_groups"
+        self.viewname = "asset_group"
+        self.viewset = AssetGroupViewSet
+        self.payload = {
+            "asset": 1,
+            "group": 2,
+            "role": 2,
+        }
+        self.update_fields = {"role": 3}
+        self.test_type = TestType.OBJECT_PERMISSIONS
+        self.permission_check_class = Product_Group
+        self.permission_create = Permissions.Product_Group_Add
+        self.permission_update = Permissions.Product_Group_Edit
+        self.permission_delete = Permissions.Product_Group_Delete
+        self.deleted_objects = 1
+        BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs)
+
+
 class LanguageTypeTest(BaseClass.BaseClassTest):
     fixtures = ["dojo_testdata.json"]
 
