def test_commcare_user_as_user_in_location(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.commcare_user,
self.location_user.username,
)
self.assertTrue(is_permitted)
self.assertIsNone(message)
is_permitted, message = is_permitted_to_restore(
self.domain,
self.commcare_user,
self.wrong_location_user.username,
)
self.assertFalse(is_permitted)
self.assertRegexpMatches(message, 'not in allowed locations')
def test_web_user_as_user_permitted(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.web_user,
self.commcare_user,
)
self.assertTrue(is_permitted)
def test_web_user_as_user_in_location(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.web_location_user,
self.location_user,
)
self.assertTrue(is_permitted)
self.assertIsNone(message)
is_permitted, message = is_permitted_to_restore(
self.domain,
self.web_location_user,
self.wrong_location_user,
)
self.assertFalse(is_permitted)
self.assertRegex(message, 'not in allowed locations')
def test_web_user_as_user_permitted(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.web_user,
self.commcare_user.username,
True,
)
self.assertTrue(is_permitted)
def test_web_user_as_user_bad_username(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.web_user,
self.commcare_user.raw_username, # Malformed, should include domain
)
self.assertFalse(is_permitted)
self.assertRegexpMatches(message, 'Invalid restore as user')
def test_commcare_user_permitted(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.commcare_user,
None,
)
self.assertTrue(is_permitted)
self.assertIsNone(message)
def test_web_user_as_self(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.web_user,
self.web_user,
)
self.assertTrue(is_permitted)
self.assertIsNone(message)
def test_web_user_as_user_bad_domain(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.web_user,
u'{}@wrong-domain'.format(self.commcare_user.raw_username),
)
self.assertFalse(is_permitted)
self.assertRegexpMatches(message, 'Invalid restore as user')
def test_commcare_user_as_user_disallow_no_edit_data(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.no_edit_commcare_user,
self.location_user,
)
self.assertFalse(is_permitted)
self.assertRegex(message, 'does not have permission')
def test_commcare_user_wrong_domain(self):
is_permitted, message = is_permitted_to_restore(
'wrong-domain',
self.commcare_user,
None,
)
self.assertFalse(is_permitted)
self.assertRegex(message, 'was not in the domain')
def test_user_limited_login_as_permitted(self):
with patch("corehq.apps.ota.utils._limit_login_as", return_value=True):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.restore_user,
self.commcare_user_login_as,
)
self.assertIsNone(message)
self.assertTrue(is_permitted)
def test_web_user_as_other_web_user(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.web_user,
self.web_user.username,
True,
)
self.assertTrue(is_permitted)
self.assertIsNone(message)
def test_web_user_as_user_bad_username(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.web_user,
self.commcare_user.raw_username, # Malformed, should include domain
True,
)
self.assertFalse(is_permitted)
self.assertRegexpMatches(message, 'Invalid restore as user')
def test_web_user_as_user_bad_username(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.web_user,
self.commcare_user.raw_username, # Malformed, should include domain
True,
)
self.assertFalse(is_permitted)
self.assertIsNotNone(message)
def test_commcare_user_permitted(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.commcare_user,
None,
False,
)
self.assertTrue(is_permitted)
self.assertIsNone(message)
def test_web_user_as_user_in_location(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.web_location_user,
self.location_user.username,
True,
)
self.assertTrue(is_permitted)
self.assertIsNone(message)
is_permitted, message = is_permitted_to_restore(
self.domain,
self.web_location_user,
self.wrong_location_user.username,
True,
)
self.assertFalse(is_permitted)
self.assertRegexpMatches(message, 'not in allowed locations')
def test_commcare_user_as_user_disallow_no_edit_data(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.no_edit_commcare_user,
self.location_user.username,
True,
)
self.assertFalse(is_permitted)
self.assertRegexpMatches(message, 'does not have permission')
def test_web_user_as_self(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.web_user,
self.web_user.username,
True,
)
self.assertTrue(is_permitted)
self.assertIsNone(message)
def test_web_user_as_user_bad_domain(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.web_user,
u'{}@wrong-domain'.format(self.commcare_user.raw_username),
True,
)
self.assertFalse(is_permitted)
self.assertRegexpMatches(message, 'Invalid restore as user')
def test_user_limited_login_as_permitted_case_insensitive_match_multiple_users(self):
with patch("corehq.apps.ota.utils._limit_login_as", return_value=True):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.restore_user,
self.commcare_user_login_as_multiple_upper_case,
)
self.assertIsNone(message)
self.assertTrue(is_permitted)
def test_commcare_user_wrong_domain(self):
is_permitted, message = is_permitted_to_restore(
'wrong-domain',
self.commcare_user,
None,
False,
)
self.assertFalse(is_permitted)
self.assertRegexpMatches(message, 'was not in the domain')
def test_user_limited_login_as_default_denied(self):
with patch("corehq.apps.ota.utils._limit_login_as", return_value=True):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.restore_user,
self.commcare_user_default_login_as,
)
self.assertFalse(is_permitted)
self.assertRegex(message, "not available as login-as user")
def test_commcare_user_wrong_domain(self):
is_permitted, message = is_permitted_to_restore(
'wrong-domain',
self.commcare_user,
None,
False,
)
self.assertFalse(is_permitted)
self.assertIsNotNone(message)
def test_web_user_as_user_bad_privelege(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.web_user,
u'{}@{}'.format(self.commcare_user.raw_username, self.domain),
False,
)
self.assertFalse(is_permitted)
self.assertIsNotNone(message)
def test_web_user_as_user_bad_privilege(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.web_user,
self.commcare_user.username,
False,
)
self.assertFalse(is_permitted)
self.assertRegexpMatches(message, 'does not have permissions')
def test_web_user_as_user_bad_domain(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.web_user,
u'{}@wrong-domain'.format(self.commcare_user.raw_username),
True,
)
self.assertFalse(is_permitted)
self.assertIsNotNone(message)
def test_web_user_as_user_bad_privilege(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.web_user,
self.commcare_user.username,
False,
)
self.assertFalse(is_permitted)
self.assertRegexpMatches(message, 'does not have permissions')
def test_web_user_as_user_permitted(self):
is_permitted, message = is_permitted_to_restore(
self.domain,
self.web_user,
u'{}@{}'.format(self.commcare_user.raw_username, self.domain),
True,
)
self.assertTrue(is_permitted)
self.assertIsNone(message)
def test_super_user_as_user_other_domain(self):
"""
Superusers should be able to restore as other mobile users even if it's the wrong domain
"""
is_permitted, message = is_permitted_to_restore(
self.domain,
self.super_user,
self.commcare_user,
)
self.assertTrue(is_permitted)
self.assertIsNone(message)
def test_super_user_as_user_other_domain(self):
"""
Superusers should be able to restore as other mobile users even if it's the wrong domain
"""
is_permitted, message = is_permitted_to_restore(
self.domain,
self.super_user,
self.commcare_user.username,
False,
)
self.assertTrue(is_permitted)
self.assertIsNone(message)
