Test throttling behavior for user in group

Signed-off-by: Keshav Priyadarshi <git@keshav.space>

Author: keshav-space

vulnerabilities/tests/test_throttling.py

@@ -9,6 +9,7 @@
 
 import json
 
+from django.contrib.auth.models import Group
 from django.contrib.auth.models import Permission
 from django.core.cache import cache
 from rest_framework import status
@@ -77,6 +78,16 @@ def setUp(self):
             HTTP_AUTHORIZATION=self.th_unrestricted_user_auth
         )
 
+        # unrestricted throttling for group user
+        group, _ = Group.objects.get_or_create(name="Test Unrestricted")
+        group.permissions.add(permission_unrestricted)
+
+        self.th_group_user = ApiUser.objects.create_api_user(username="g@mail.com")
+        self.th_group_user.groups.add(group)
+        self.th_group_user_auth = f"Token {self.th_group_user.auth_token.key}"
+        self.th_group_user_csrf_client = APIClient(enforce_csrf_checks=True)
+        self.th_group_user_csrf_client.credentials(HTTP_AUTHORIZATION=self.th_group_user_auth)
+
         self.csrf_client_anon = APIClient(enforce_csrf_checks=True)
         self.csrf_client_anon_1 = APIClient(enforce_csrf_checks=True)
 
@@ -147,6 +158,17 @@ def test_user_with_unrestricted_perm_throttling(self):
         response = self.th_unrestricted_user_csrf_client.get("/api/packages")
         self.assertEqual(response.status_code, status.HTTP_200_OK)
 
+    def test_user_in_group_with_unrestricted_perm_throttling(self):
+        simulate_throttle_usage(
+            url="/api/packages",
+            client=self.th_group_user_csrf_client,
+            mock_use_count=20000,
+        )
+
+        # no throttling for user in group with unrestricted perm.
+        response = self.th_group_user_csrf_client.get("/api/packages")
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
     def test_anon_throttling(self):
         simulate_throttle_usage(
             url="/api/packages",