def test_enforce(self):
     """
     Check a user has a permission manually added to them.
     Check a user no longer has a permission removed from them.
     """
     permission = "delete"
     auth.add_permission(self.user.id, self.project.id, permission)
     self.assertTrue(
         auth.check_permission(self.user.id, self.project.id, permission))
     auth.remove_permission(self.user.id, self.project.id, permission)
     self.assertFalse(
         auth.check_permission(self.user.id, self.project.id, permission))
 def test_permission_removed_with_roled_removed(self):
     """
     Check if permission is assigned if a role is assigned. 
     Check if permission is removed if the role is removed.
     """
     role = Role.OWNER
     auth.add_role(self.user.id, self.project.id, role)
     self.assertTrue(
         auth.check_permission(self.user.id, self.project.id,
                               DELETE_PERMISSION))
     auth._remove_role(self.user.id, self.project.id, role)
     self.assertFalse(
         auth.check_permission(self.user.id, self.project.id,
                               DELETE_PERMISSION))
Beispiel #3
0
 def check_project_cannot_be_created(self, row: RowT, unauthorized_project: Project) -> None:
     assert not auth.check_permission(self.user_id, unauthorized_project.id, CREATE_OR_UPDATE_PERMISSION)
     row[PROJECT] = unauthorized_project.name
     row[MEASUREMENT_NUMBER] = "some"
     with self.assertRaises(PermissionError):
         MeasurementImporter(row, self.user_id).import_measurement()
     self.check_row_is_not_in_database(row)
Beispiel #4
0
 def create_project_without_permission(self, user: User,
                                       permission: str) -> Project:
     """Create a project for which there will be no 'permission' for a user."""
     project = Project.objects.create(name="unauthorized")
     if auth.check_permission(user.id, project.id, permission):
         auth.remove_permission(user.id, project.id, permission)
     return project
 def _check_permission_on_project(self, permission: str) -> None:
     """Check whether a user is authorized to do an action on measurements within a project from this row."""
     project = self.get_project()
     if not auth.check_permission(self.user_id, project.id, permission):
         raise PermissionError(
             f"User does not have {permission} permission on the project {project.name}"
         )
Beispiel #6
0
 def get_projects_with_viewing_permissions(self) -> List[Project]:
     """Return a list of projects for which a user has viewing permissions."""
     res = []
     for project in Project.objects.all():
         if auth.check_permission(self.user.id, project.id,
                                  VIEW_PERMISSION):
             res.append(project)
     return res
Beispiel #7
0
 def try_deleting_row_and_check_it_was_not_deleted(self, user: User, project_id: int, row: RowT):
     assert not auth.check_permission(user.id, project_id, DELETE_PERMISSION)
     with self.assertRaises(PermissionError):
         MeasurementImporter(row, user.id).delete_measurement()
     self.check_row_is_in_database(row)