def test_no_reindex_acr_for_same_obj(self):
"""Test that reindex records appear if
acl is populated with current obj's role."""
system_role_name = "Admin"
with factories.single_commit():
person = factories.PersonFactory(name="Test Name")
system = factories.SystemFactory()
audit = factories.AuditFactory()
factories.AccessControlPersonFactory(
ac_list=system.acr_name_acl_map[system_role_name],
person=person,
)
person_id = person.id
person_name = person.name
person_email = person.email
revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == system.id,
all_models.Revision.resource_type == system.type
).one()
revision.content = system.log_json()
db.session.add(revision)
db.session.commit()
self._create_snapshots(audit, [system])
self.assert_indexed_fields(system, system_role_name, {
"{}-email".format(person_id): person_email,
"{}-name".format(person_id): person_name,
"__sort__": person_email,
})
def test_system_acl_update(self):
"""Test updating of SOX system with non empty acl."""
with factories.single_commit():
system = factories.SystemFactory()
person = factories.PersonFactory()
system.add_person_with_role_name(person, "Admin")
response = self.ext_api.put(system,
system.id,
data={
"access_control_list": {
"Admin": [
{
"email":
"*****@*****.**",
"name": "user1",
},
{
"email":
"*****@*****.**",
"name": "user2",
},
]
},
})
self.assert200(response)
system = all_models.System.query.get(system.id)
actual_people_ids = system.get_person_ids_for_rolename("Admin")
expected_people_ids = db.session.query(all_models.Person.id).filter(
all_models.Person.email.in_(
("*****@*****.**", "*****@*****.**"))).all()
self.assertItemsEqual(actual_people_ids,
[i[0] for i in expected_people_ids])
def test_update_ext_user_ext_relationship(self):
"""Validation external app user updates external relationship."""
self.api.set_user(self.person_ext)
with factories.single_commit():
product = factories.ProductFactory()
system = factories.SystemFactory()
self.create_relationship(product, system, True, self.person_ext)
response = self.api.client.post(self.REL_URL,
data=self.build_relationship_json(
product, system, True),
headers=self.HEADERS)
self.assert200(response)
relationship = all_models.Relationship.query.get(
response.json[0][-1]["relationship"]["id"])
self.assertEqual(relationship.source_type, "Product")
self.assertEqual(relationship.source_id, product.id)
self.assertEqual(relationship.destination_type, "System")
self.assertEqual(relationship.destination_id, system.id)
self.assertTrue(relationship.is_external)
self.assertEqual(relationship.modified_by_id, self.person_ext.id)
self.assertIsNone(relationship.parent_id)
self.assertIsNone(relationship.automapping_id)
self.assertIsNone(relationship.context_id)
def test_no_reindex_acr_for_diff_obj(self, logger):
"""Test that no reindex records appear if
acl is populated with other's obj role."""
product_admin = all_models.AccessControlRole.query.filter_by(
object_type="Product", name="Admin").first()
with factories.single_commit():
person = factories.PersonFactory(name="Test Name")
system = factories.SystemFactory()
audit = factories.AuditFactory()
factories.AccessControlListFactory(
ac_role=product_admin,
object=system,
person=person,
)
system_id = system.id
revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == system.id,
all_models.Revision.resource_type == system.type).one()
revision.content = system.log_json()
db.session.add(revision)
db.session.commit()
self._create_snapshots(audit, [system])
fulltext_records = Record.query.filter(
Record.key == system_id,
Record.type == "System",
Record.property == "Admin",
).all()
self.assertEqual(len(fulltext_records), 0)
logger.warning.assert_called_once_with(
"Reindex: role %s, id %s is skipped for %s, id %s, "
"because it relates to %s", product_admin.name, product_admin.id,
system.__class__.__name__, system.id, product_admin.object_type)
def test_delete_ext_user_reg_relationship(self):
"""External app user can delete regular relationship."""
self.api.set_user(self.person_ext)
with factories.single_commit():
product = factories.ProductFactory()
system = factories.SystemFactory()
rel = self.create_relationship(product, system, False, self.person_ext)
response = self.api.delete(rel)
self.assert200(response)
def test_acl_no_reindex_snapshots(self):
"""Test that snapshot reindex is not happened for
acl where person has the same role for
different kind of objects."""
product_admin = all_models.AccessControlRole.query.filter_by(
object_type="Product",
name="Admin"
).first()
system_admin = all_models.AccessControlRole.query.filter_by(
object_type="System",
name="Admin"
).first()
with factories.single_commit():
person = factories.PersonFactory(name="Test Name")
system = factories.SystemFactory()
audit = factories.AuditFactory()
factories.AccessControlListFactory(
ac_role=product_admin,
object=system,
person=person,
)
system_role = factories.AccessControlListFactory(
ac_role=system_admin,
object=system,
person=person,
)
audit_id = audit.id
system_id = system.id
system_role_name = system_role.ac_role.name
person_id = person.id
person_name = person.name
person_email = person.email
revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == system.id,
all_models.Revision.resource_type == system.type
).one()
revision.content = system.log_json()
db.session.add(revision)
db.session.commit()
self._create_snapshots(audit, [system])
self.client.post("/admin/reindex_snapshots")
snapshot = all_models.Snapshot.query.filter(
all_models.Snapshot.parent_id == audit_id,
all_models.Snapshot.parent_type == 'Audit',
all_models.Snapshot.child_id == system_id,
all_models.Snapshot.child_type == 'System',
).one()
self.assert_indexed_fields(snapshot, system_role_name, {
"{}-email".format(person_id): person_email,
"{}-name".format(person_id): person_name,
"__sort__": person_email,
})
def test_delete_reg_user_ext_relationship(self):
"""Validation regular user deletes external relationship."""
with factories.single_commit():
product = factories.ProductFactory()
system = factories.SystemFactory()
self.create_relationship(product, system, True, self.person_ext)
self.api.set_user(self.person)
rel = all_models.Relationship.query.first()
response = self.api.delete(rel)
self.assert200(response)
relationship = all_models.Relationship.query.get(rel.id)
self.assertIsNone(relationship)
def test_update_reg_user_ext_relationship(self):
"""Validation regular app user updates external relationship."""
self.api.set_user(self.person)
with factories.single_commit():
product = factories.ProductFactory()
system = factories.SystemFactory()
self.create_relationship(product, system, True, self.person)
response = self.api.client.post(self.REL_URL,
data=self.build_relationship_json(
product, system, False),
headers=self.HEADERS)
self.assert200(response)
def test_create_ext_user_reg_relationship(self):
"""Validation external app user creates regular relationship."""
self.api.set_user(self.person_ext)
with factories.single_commit():
product = factories.ProductFactory()
system = factories.SystemFactory()
response = self.api.client.post(self.REL_URL,
data=self.build_relationship_json(
product, system, False),
headers=self.HEADERS)
self.assert400(response)
self.assertEqual(response.json[0], [
400, "External application can create only external relationships."
])
def test_delete_ext_user_reg_relationship(self):
"""Validation external app user deletes regular relationship."""
self.api.set_user(self.person_ext)
with factories.single_commit():
product = factories.ProductFactory()
system = factories.SystemFactory()
rel = self.create_relationship(product, system, False, self.person_ext)
response = self.api.delete(rel)
self.assert400(response)
self.assertEqual(
response.json, {
'message': 'External application can delete only external '
'relationships.',
'code': 400
})
def test_update_ext_user_reg_relationship(self):
"""External app user can update regular relationship."""
self.api.set_user(self.person_ext)
with factories.single_commit():
product = factories.ProductFactory()
system = factories.SystemFactory()
self.create_relationship(product, system, False, self.person_ext)
response = self.api.client.post(self.REL_URL,
data=self.build_relationship_json(
product, system, True),
headers=self.HEADERS)
self.assert200(response)
self.assertEqual(response.json[0][1]["relationship"]["is_external"],
True)
def test_relationship_creation(self):
"""Test external relationship post on behalf of external user."""
destination = factories.SystemFactory()
source = factories.MarketFactory()
relationship_data = json.dumps([{
"relationship": {
"source": {
"id": source.id,
"type": source.type
},
"destination": {
"id": destination.id,
"type": destination.type
},
"context": {
"id": None
},
"is_external": True
}
}])
response = self._post("/api/relationships",
data=relationship_data,
headers=self.headers)
self.assert200(response)
ext_person = all_models.Person.query.filter_by(
email="*****@*****.**").first()
ext_person_id = ext_person.id
relationship = all_models.Relationship.query.get(
response.json[0][-1]["relationship"]["id"])
self.assertEqual(relationship.source_type, source.type)
self.assertEqual(relationship.source_id, source.id)
self.assertEqual(relationship.destination_type, "System")
self.assertEqual(relationship.destination_id, destination.id)
self.assertTrue(relationship.is_external)
self.assertEqual(relationship.modified_by_id, ext_person_id)
self.assertIsNone(relationship.parent_id)
self.assertIsNone(relationship.automapping_id)
self.assertIsNone(relationship.context_id)
# check that POST on creation of existing relation return 200 code
response = self._post("/api/relationships",
data=relationship_data,
headers=self.headers)
self.assert200(response)
def test_system_external_put(self):
"""Test updating of System without If-Match/If-Unmodified-Since headers."""
system = factories.SystemFactory()
data = {
"system": {
"id": system.id,
"title": "updated system",
"test_plan": "test plan",
"notes": "test notes",
"description": "test description",
"slug": "SYSTEM-{}".format(system.id),
}
}
response = self.ext_api.put(system, system.id, data=data)
self.assert200(response, response.data)
system = all_models.System.query.get(system.id)
self.assertEqual(system.title, "updated system")
def test_post_modifier(self, model):
"""Test modifier of models when working as external user."""
headers = {
"Content-Type": "application/json",
"X-requested-by": "GGRC",
"X-appengine-inbound-appid": self.allowed_appid,
"X-ggrc-user": json.dumps({"email": "*****@*****.**"}),
"X-external-user":
json.dumps({"email": "*****@*****.**"})
}
model_plural = model._inflector.table_plural
model_singular = model._inflector.table_singular
with mock.patch.multiple(PersonClient, _post=self._mock_post):
self.client.get("/login", headers=headers)
response = self._post("api/{}".format(model_plural),
data=json.dumps({
model_singular: {
"title":
"{}1".format(model_singular),
"context": 0
}
}),
headers=headers)
self.assertEqual(response.status_code, 201)
# check object modifier
person = all_models.Person.query.filter_by(
email="*****@*****.**").first()
person_id = person.id
model_json = response.json[model_singular]
self.assertEqual(model_json['modified_by']['id'], person_id)
self.assertEqual(person.system_wide_role, "Creator")
# check revision modifier
revision = all_models.Revision.query.filter(
all_models.Revision.resource_type == model.__name__).order_by(
all_models.Revision.id.desc()).first()
self.assertEqual(revision.modified_by_id, person_id)
# check event modifier
event = all_models.Event.query.filter(
all_models.Event.resource_type == model.__name__).order_by(
all_models.Event.id.desc()).first()
self.assertEqual(event.modified_by_id, person_id)
# check relationship post
destination = factories.SystemFactory()
with mock.patch.multiple(PersonClient, _post=self._mock_post):
response = self._post("/api/relationships",
data=json.dumps([{
"relationship": {
"source": {
"id": model_json['id'],
"type": model_json['type']
},
"destination": {
"id": destination.id,
"type": destination.type
},
"context": {
"id": None
},
"is_external": True
}
}]),
headers=headers)
self.assert200(response)
relationship = all_models.Relationship.query.get(
response.json[0][-1]["relationship"]["id"])
self.assertEqual(relationship.source_type, model_json['type'])
self.assertEqual(relationship.source_id, model_json['id'])
self.assertEqual(relationship.destination_type, "System")
self.assertEqual(relationship.destination_id, destination.id)
self.assertTrue(relationship.is_external)
self.assertEqual(relationship.modified_by_id, person_id)
self.assertIsNone(relationship.parent_id)
self.assertIsNone(relationship.automapping_id)
self.assertIsNone(relationship.context_id)
