def test_no_lookup_user(self):
"""Calling get_person_for_user with a Django user with no corresponding lookup user
fails.
"""
self.user_lookup.delete()
with self.assertRaises(lookup.LookupError):
lookup.get_person_for_user(self.user)
def get_queryset(self):
"""
get_queryset is patched to only return those assets that are not private or that are
private but the user doing the request belongs to department that owns the asset.
Also, if the user is not in :py:attr:`~assets.defaultsettings.IAR_USERS_LOOKUP_GROUP`,
they can't see assets.
"""
lookup_response = get_person_for_user(self.request.user)
in_iar_group = [
group for group in lookup_response['groups']
if group['name'] == settings.IAR_USERS_LOOKUP_GROUP
]
if not in_iar_group:
return Asset.objects.none()
queryset = super(AssetViewSet, self).get_queryset()
institutions = [
institution['instid']
for institution in lookup_response['institutions']
]
return queryset.filter(
Q(private=False) | Q(private=True, department__in=institutions))
def has_permission(self, user):
"""Only a user belonging to the 'instid' lookup institution can see the media"""
if user.is_anonymous:
return False
lookup_response = get_person_for_user(user)
for institution in lookup_response.get('institutions', []):
if self.instid == institution.get('instid', None):
return True
return False
def test_results_are_cached(self):
"""Two calls to get_person_for_user succeeds only results in one lookup API call."""
mock_response = {
'url': 'http://lookupproxy.invalid/people/xxx',
'institutions': [{
'instid': 'INSTA'
}, {
'instid': 'INSTB'
}],
}
with self.mocked_session():
self.session.request.return_value.json.return_value = mock_response
lookup.get_person_for_user(self.user)
lookup.get_person_for_user(self.user)
self.session.request.assert_called_once_with(
url=
'http://lookupproxy.invalid/people/mock/test0001?fetch=all_insts%2Call_groups',
method='GET')
def has_permission(self, user):
"""Only a user belonging to the 'groupid' lookup group can see the media"""
if user.is_anonymous:
return False
lookup_response = get_person_for_user(user)
for institution in lookup_response.get('groups', []):
if self.groupid == institution.get('groupid') or \
self.groupid == institution.get('name'):
return True
return False
def has_permission(self, request, view):
lookup_response = get_person_for_user(request.user)
if lookup_response is None:
LOG.error('No cached lookup response for %s', request.user)
return False
if lookup_response.get('groups') is None:
LOG.error('No groups in cached lookup response for %s',
request.user)
return False
for group in lookup_response['groups']:
if group['name'] == settings.IAR_USERS_LOOKUP_GROUP:
return True
return False
def _validate_asset_user_institution(user, department):
"""Validates that the user is member of the department that the asset belongs to
(asset_department)."""
lookup_response = get_person_for_user(user)
if lookup_response is None:
LOG.error('No cached lookup response for %s', user)
return False
if lookup_response.get('institutions') is None:
LOG.error('No institutions in cached lookup response for %s', user)
return False
for institution in lookup_response['institutions']:
if department == institution['instid']:
return True
return False
def test_simple_call(self):
"""A simple call to get_person_for_user succeeds."""
mock_response = {
'url': 'http://lookupproxy.invalid/people/xxx',
'institutions': [{
'instid': 'INSTA'
}, {
'instid': 'INSTB'
}],
}
with self.mocked_session():
self.session.request.return_value.json.return_value = mock_response
response = lookup.get_person_for_user(self.user)
self.assertEqual(response, mock_response)
self.session.request.assert_called_once_with(
url=
'http://lookupproxy.invalid/people/mock/test0001?fetch=all_insts%2Call_groups',
method='GET')
def test_anonymous_user(self):
"""Calling get_person_for_user with the anonymous user fails."""
with self.assertRaises(lookup.LookupError):
lookup.get_person_for_user(self.anonymous_user)