def test_new_wrong_user(self):
# First we add a Dataset with user 'test_new'
user = Account.by_name('test_new')
assert user.api_key == 'd0610659-627b-4403-8b7f-6e2820ebc95d'
u = url(controller='api/version2', action='create')
params = {
'metadata':
'https://dl.dropbox.com/u/3250791/sample-openspending-model.json',
'csv_file':
'http://mk.ucant.org/info/data/sample-openspending-dataset.csv'
}
apikey_header = 'apikey {0}'.format(user.api_key)
response = self.app.post(u, params, {'Authorization':apikey_header})
#Dataset.by_name('openspending-example').private = False
assert "200" in response.status
assert Dataset.by_name('openspending-example')
# After that we try to update the Dataset with user 'test_new2'
user = Account.by_name('test_new2')
assert user.api_key == 'c011c340-8dad-419c-8138-1c6ded86ead5'
u = url(controller='api/version2', action='create')
params = {
'metadata':
'https://dl.dropbox.com/u/3250791/sample-openspending-model.json',
'csv_file':
'http://mk.ucant.org/info/data/sample-openspending-dataset.csv'
}
apikey_header = 'apikey {0}'.format(user.api_key)
response = self.app.post(u, params, {'Authorization':apikey_header},
expect_errors=True)
assert '403' in response.status
def test_new_wrong_user(self):
# First we add a Dataset with user 'test_new'
user = Account.by_name('test_new')
assert user.api_key == 'd0610659-627b-4403-8b7f-6e2820ebc95d'
u = url(controller='api/version2', action='create')
params = {
'metadata':
'https://dl.dropbox.com/u/3250791/sample-openspending-model.json',
'csv_file':
'http://mk.ucant.org/info/data/sample-openspending-dataset.csv'
}
apikey_header = 'apikey {0}'.format(user.api_key)
response = self.app.post(u, params, {'Authorization': apikey_header})
assert "200" in response.status
assert Dataset.by_name('openspending-example')
# After that we try to update the Dataset with user 'test_new2'
user = Account.by_name('test_new2')
assert user.api_key == 'c011c340-8dad-419c-8138-1c6ded86ead5'
u = url(controller='api/version2', action='create')
params = {
'metadata':
'https://dl.dropbox.com/u/3250791/sample-openspending-model.json',
'csv_file':
'http://mk.ucant.org/info/data/sample-openspending-dataset.csv'
}
apikey_header = 'apikey {0}'.format(user.api_key)
response = self.app.post(u,
params, {'Authorization': apikey_header},
expect_errors=True)
assert '403' in response.status
def setup(self):
super(TestRunController, self).setup()
self.source = csvimport_fixture('import_errors')
self.source.dataset.managers.append(Account.by_name('test'))
self.importer = CSVImporter(self.source)
self.importer.run()
def test_delete_successfully_loaded_source(self):
"""
Test source removal with a source that has been successfully loaded.
Removing a source that has been successfully loaded should not be
possible.
"""
# Add and import source without errors.
# The source is added to a dataset called 'test-csv' (but
# we'll just use source.dataset.name in case it changes)
source = csvimport_fixture('successful_import')
source.dataset.managers.append(Account.by_name('test'))
importer = CSVImporter(source)
importer.run()
# Make sure the source is imported
assert db.session.query(Source).filter_by(id=source.id).count() == 1, \
"Import of csv failed. Source not found"
# Delete the source
response = self.app.post(url(controller='source',
action='delete',
dataset=source.dataset.name,
id=source.id),
extra_environ={'REMOTE_USER': '******'})
# Check if source has been deleted
assert db.session.query(Source).filter_by(id=source.id).count() == 1, \
"Deleting source succeeded. The source is gone."
def test_delete_source(self):
"""
Test source removal with a source that includes errors
"""
# Add and import source with errors (we want to remove it)
# The source is added to a dataset called 'test-csv' (but
# we'll just use source.dataset.name in case it changes)
source = csvimport_fixture('import_errors')
source.dataset.managers.append(Account.by_name('test'))
importer = CSVImporter(source)
importer.run()
# Make sure the source is imported
assert db.session.query(Source).filter_by(id=source.id).count() == 1, \
"Import of csv failed. Source not found"
# Delete the source
response = self.app.post(url(controller='source',
action='delete',
dataset=source.dataset.name,
id=source.id),
extra_environ={'REMOTE_USER': '******'})
# Check if source has been deleted
assert db.session.query(Source).filter_by(id=source.id).count() == 0, \
"Deleting source unsuccessful. Source still exists."
def setup(self):
super(TestRunController, self).setup()
self.source = csvimport_fixture('import_errors')
self.source.dataset.managers.append(Account.by_name('test'))
self.importer = CSVImporter(self.source)
self.importer.run()
def create_view(dataset, view_config):
"""
Create view for a provided dataset from a view provided as dict
"""
# Check if it exists (if not we create it)
existing = View.by_name(dataset, view_config['name'])
if existing is None:
# Create the view
view = View()
# Set saved configurations
view.widget = view_config['widget']
view.state = view_config['state']
view.name = view_config['name']
view.label = view_config['label']
view.description = view_config['description']
view.public = view_config['public']
# Set the dataset as the current dataset
view.dataset = dataset
# Try and set the account provided but if it doesn't exist
# revert to shell account
view.account = Account.by_name(view_config['account'])
if view.account is None:
view.account = shell_account()
# Commit view to database
db.session.add(view)
db.session.commit()
def test_delete_source(self):
"""
Test source removal with a source that includes errors
"""
# Add and import source with errors (we want to remove it)
# The source is added to a dataset called 'test-csv' (but
# we'll just use source.dataset.name in case it changes)
source = csvimport_fixture('import_errors')
source.dataset.managers.append(Account.by_name('test'))
importer = CSVImporter(source)
importer.run()
# Make sure the source is imported
assert db.session.query(Source).filter_by(id=source.id).count() == 1, \
"Import of csv failed. Source not found"
# Delete the source
response = self.app.post(url(controller='source',
action='delete',
dataset=source.dataset.name,
id=source.id),
extra_environ={'REMOTE_USER': '******'})
# Check if source has been deleted
assert db.session.query(Source).filter_by(id=source.id).count() == 0, \
"Deleting source unsuccessful. Source still exists."
def create_view(dataset, view_config):
"""
Create view for a provided dataset from a view provided as dict
"""
# Check if it exists (if not we create it)
existing = View.by_name(dataset, view_config['name'])
if existing is None:
# Create the view
view = View()
# Set saved configurations
view.widget = view_config['widget']
view.state = view_config['state']
view.name = view_config['name']
view.label = view_config['label']
view.description = view_config['description']
view.public = view_config['public']
# Set the dataset as the current dataset
view.dataset = dataset
# Try and set the account provided but if it doesn't exist
# revert to shell account
view.account = Account.by_name(view_config['account'])
if view.account is None:
view.account = shell_account()
# Commit view to database
db.session.add(view)
db.session.commit()
def test_delete_successfully_loaded_source(self):
"""
Test source removal with a source that has been successfully loaded.
Removing a source that has been successfully loaded should not be
possible.
"""
# Add and import source without errors.
# The source is added to a dataset called 'test-csv' (but
# we'll just use source.dataset.name in case it changes)
source = csvimport_fixture('successful_import')
source.dataset.managers.append(Account.by_name('test'))
importer = CSVImporter(source)
importer.run()
# Make sure the source is imported
assert db.session.query(Source).filter_by(id=source.id).count() == 1, \
"Import of csv failed. Source not found"
# Delete the source
response = self.app.post(url(controller='source',
action='delete',
dataset=source.dataset.name,
id=source.id),
extra_environ={'REMOTE_USER': '******'})
# Check if source has been deleted
assert db.session.query(Source).filter_by(id=source.id).count() == 1, \
"Deleting source succeeded. The source is gone."
def shell_account():
account = Account.by_name(SHELL_USER)
if account is not None:
return account
account = Account()
account.name = SHELL_USER
db.session.add(account)
return account
def shell_account():
account = Account.by_name(SHELL_USER)
if account is not None:
return account
account = Account()
account.name = SHELL_USER
db.session.add(account)
return account
def authenticate(self, environ, identity):
if not 'login' in identity or not 'password' in identity:
return None
account = Account.by_name(identity['login'])
if account is None:
return None
if check_password_hash(account.password, identity['password']):
return account.name
return None
def authenticate(self, environ, identity):
if not 'login' in identity or not 'password' in identity:
return None
account = Account.by_name(identity['login'])
if account is None:
return None
if check_password_hash(account.password, identity['password']):
return account.name
return None
def grantadmin(username):
""" Grant admin privileges to given user """
from openspending.core import db
from openspending.model import Account
a = Account.by_name(username)
if a is None:
raise CommandException("Account `%s` not found." % username)
a.admin = True
db.session.add(a)
db.session.commit()
def test_new_dataset(self):
user = Account.by_name('test_new')
assert user.api_key == 'd0610659-627b-4403-8b7f-6e2820ebc95d'
u = url(controller='api/version2', action='create')
params = {
'metadata':
'https://dl.dropbox.com/u/3250791/sample-openspending-model.json',
'csv_file':
'http://mk.ucant.org/info/data/sample-openspending-dataset.csv'
}
apikey_header = 'apikey {0}'.format(user.api_key)
response = self.app.post(u, params, {'Authorization': apikey_header})
assert "200" in response.status
assert Dataset.by_name('openspending-example')
def test_new_dataset(self):
user = Account.by_name('test_new')
assert user.api_key == 'd0610659-627b-4403-8b7f-6e2820ebc95d'
u = url(controller='api/version2', action='create')
params = {
'metadata':
'https://dl.dropbox.com/u/3250791/sample-openspending-model.json',
'csv_file':
'http://mk.ucant.org/info/data/sample-openspending-dataset.csv'
}
apikey_header = 'apikey {0}'.format(user.api_key)
response = self.app.post(u, params, {'Authorization': apikey_header})
assert "200" in response.status
assert Dataset.by_name('openspending-example')
def team_update(self, dataset, format='html'):
self._get_dataset(dataset)
require.dataset.update(c.dataset)
errors, accounts = {}, []
for account_name in request.params.getall('accounts'):
account = Account.by_name(account_name)
if account is None:
errors[account_name] = _("User account cannot be found.")
else:
accounts.append(account)
if c.account not in accounts:
accounts.append(c.account)
if not len(errors):
c.dataset.managers = accounts
c.dataset.updated_at = datetime.utcnow()
db.session.commit()
h.flash_success(_("The team has been updated."))
return self.team_edit(dataset, errors=errors, accounts=accounts)
def team_update(self, dataset, format='html'):
self._get_dataset(dataset)
require.dataset.update(c.dataset)
errors, accounts = {}, []
for account_name in request.params.getall('accounts'):
account = Account.by_name(account_name)
if account is None:
errors[account_name] = _("User account cannot be found.")
else:
accounts.append(account)
if not c.account in accounts:
accounts.append(c.account)
if not len(errors):
c.dataset.managers = accounts
c.dataset.updated_at = datetime.utcnow()
db.session.commit()
h.flash_success(_("The team has been updated."))
return self.team_edit(dataset, errors=errors, accounts=accounts)
def make_account(name="test", fullname="Test User", email="*****@*****.**", twitter="testuser", admin=False):
from openspending.model import Account
# First see if the account already exists and if so, return it
account = Account.by_name(name)
if account:
return account
# Account didn't exist so we create it and return it
account = Account()
account.name = name
account.fullname = fullname
account.email = email
account.twitter_handle = twitter
account.admin = admin
db.session.add(account)
db.session.commit()
return account
def make_account(name='test',
fullname='Test User',
email='*****@*****.**',
twitter='testuser',
admin=False):
from openspending.model import Account
# First see if the account already exists and if so, return it
account = Account.by_name(name)
if account:
return account
# Account didn't exist so we create it and return it
account = Account()
account.name = name
account.fullname = fullname
account.email = email
account.twitter_handle = twitter
account.admin = admin
db.session.add(account)
db.session.commit()
return account
def test_account_lookup_by_name(self):
res = Account.by_name('Joe Bloggs')
assert res == self.acc
def test_user_scoreboard(self):
"""
Test if the user scoreboard works and is only accessible by
administrators
"""
# Create dataset and users and make normal user owner of dataset
admin_user = h.make_account('test_admin', admin=True)
dataset = h.load_fixture('cra')
normal_user = h.make_account('test_user')
normal_user.datasets.append(dataset)
db.session.add(normal_user)
db.session.commit()
# Refetch the accounts into scope after the commit
admin_user = Account.by_name('test_admin')
normal_user = Account.by_name('test_user')
# Get the URL to user scoreboard
scoreboard_url = url(controller='account', action='scoreboard')
# Get the home page (could be just any page
user_response = self.app.get(url(controller='home', action='index'),
extra_environ={'REMOTE_USER':
str(normal_user.name)})
admin_response = self.app.get(url(controller='home', action='index'),
extra_environ={'REMOTE_USER':
str(admin_user.name)})
# Admin user should be the only one to see a link
# to the user scoreboard (not the normal user)
assert scoreboard_url not in user_response.body, \
"Normal user can see scoreboard url on the home page"
assert scoreboard_url in admin_response.body, \
"Admin user cannot see the scoreboard url on the home page"
# Normal user should not be able to access the scoreboard url
user_response = self.app.get(scoreboard_url,
expect_errors=True,
extra_environ={'REMOTE_USER':
str(normal_user.name)})
assert '403' in user_response.status, \
"Normal user is authorized to see user scoreboard"
# Administrator should see scoreboard and users should be there in
# in the following order normal user - admin user (with 10 and 0 points
# respectively)
admin_response = self.app.get(scoreboard_url,
extra_environ={'REMOTE_USER':
str(admin_user.name)})
assert '200' in admin_response.status, \
"Administrator did not get a 200 status for user scoreboard"
# We need to remove everything before an 'Dataset Maintainers' because
# the admin user name comes first because of the navigational bar
heading_index = admin_response.body.find('Dataset Maintainers')
check_body = admin_response.body[heading_index:]
admin_index = check_body.find(admin_user.name)
user_index = check_body.find(normal_user.name)
assert admin_index > user_index, \
"Admin index comes before normal user index"
# Same thing as with the username we check for the scores
# they are represented as <p>10</p> and <p>0</p>
admin_index = check_body.find('<p>0</p>')
user_index = check_body.find('<p>10</p>')
assert admin_index > user_index, \
"Admin score does not come before the user score"
def test_user_scoreboard(self):
"""
Test if the user scoreboard works and is only accessible by
administrators
"""
# Create dataset and users and make normal user owner of dataset
admin_user = make_account('test_admin', admin=True)
dataset = load_fixture('cra')
normal_user = make_account('test_user')
normal_user.datasets.append(dataset)
db.session.add(normal_user)
db.session.commit()
# Refetch the accounts into scope after the commit
admin_user = Account.by_name('test_admin')
normal_user = Account.by_name('test_user')
# Get the URL to user scoreboard
scoreboard_url = url(controller='account', action='scoreboard')
# Get the home page (could be just any page
user_response = self.app.get(url(controller='home', action='index'),
extra_environ={'REMOTE_USER':
str(normal_user.name)})
admin_response = self.app.get(url(controller='home', action='index'),
extra_environ={'REMOTE_USER':
str(admin_user.name)})
# Admin user should be the only one to see a link
# to the user scoreboard (not the normal user)
assert scoreboard_url not in user_response.body, \
"Normal user can see scoreboard url on the home page"
assert scoreboard_url in admin_response.body, \
"Admin user cannot see the scoreboard url on the home page"
# Normal user should not be able to access the scoreboard url
user_response = self.app.get(scoreboard_url,
expect_errors=True,
extra_environ={'REMOTE_USER':
str(normal_user.name)})
assert '403' in user_response.status, \
"Normal user is authorized to see user scoreboard"
# Administrator should see scoreboard and users should be there in
# in the following order normal user - admin user (with 10 and 0 points
# respectively)
admin_response = self.app.get(scoreboard_url,
extra_environ={'REMOTE_USER':
str(admin_user.name)})
assert '200' in admin_response.status, \
"Administrator did not get a 200 status for user scoreboard"
# We need to remove everything before an 'Dataset Maintainers' because
# the admin user name comes first because of the navigational bar
heading_index = admin_response.body.find('Dataset Maintainers')
check_body = admin_response.body[heading_index:]
admin_index = check_body.find(admin_user.name)
user_index = check_body.find(normal_user.name)
assert admin_index > user_index, \
"Admin index comes before normal user index"
# Same thing as with the username we check for the scores
# they are represented as <p>10</p> and <p>0</p>
admin_index = check_body.find('<p>0</p>')
user_index = check_body.find('<p>10</p>')
assert admin_index > user_index, \
"Admin score does not come before the user score"
