def testMapIdInConfig_DraftMap(self):
"""Verifies the map ID is added to the map_root always."""
with test_utils.RootLogin():
my_map = test_utils.CreateMap()
cfg = maps.GetConfig(
test_utils.SetupRequest('/.maps/' + my_map.id), my_map)
self.assertEqual(my_map.id, cfg['map_root']['id'])
def testPost_NewUser(self):
with test_utils.RootLogin():
self.DoNewUserPost(
'xyz.com', '*****@*****.**', # gets the uid 'recipient'
perms.Role.DOMAIN_ADMIN)
self.assertEqual({perms.Role.DOMAIN_ADMIN},
perms.GetSubjectsForTarget('xyz.com')['recipient'])
def testGet(self):
map_object = test_utils.CreateMap()
map_id = map_object.id
with test_utils.RootLogin():
response = self.DoGet('/.admin/' + map_id)
self.assertTrue('xyz.com' in response.body)
self.assertTrue('title' in response.body)
def testGetAccessibleDomains(self):
privileged = test_utils.SetupUser(test_utils.Login('privileged'))
outsider = test_utils.SetupUser(test_utils.Login('outsider'))
with test_utils.RootLogin():
perms.Grant('privileged', perms.Role.DOMAIN_REVIEWER,
'domain-rev.com')
perms.Grant('privileged', perms.Role.MAP_CREATOR,
'map-creator.com')
perms.Grant('privileged', perms.Role.CATALOG_EDITOR,
'catalog-editor.com')
perms.Grant('privileged', perms.Role.DOMAIN_ADMIN,
'domain-admin.com')
self.assertRaises(ValueError, perms.GetAccessibleDomains, outsider,
'not-a-domain-role')
self.assertEquals({'domain-admin.com'},
perms.GetAccessibleDomains(
privileged, perms.Role.DOMAIN_ADMIN))
self.assertEquals({'domain-admin.com', 'catalog-editor.com'},
perms.GetAccessibleDomains(
privileged, perms.Role.CATALOG_EDITOR))
self.assertEquals(
{'domain-admin.com', 'catalog-editor.com', 'map-creator.com'},
perms.GetAccessibleDomains(privileged, perms.Role.MAP_CREATOR))
self.assertEquals(
{
'domain-admin.com', 'catalog-editor.com',
'map-creator.com', 'domain-rev.com'
},
perms.GetAccessibleDomains(privileged,
perms.Role.DOMAIN_REVIEWER))
def testWipe(self):
map_object = test_utils.CreateMap()
map_id = map_object.id
with test_utils.RootLogin():
self.DoPost('/.admin/' + map_id, 'wipe=1&xsrf_token=XSRF')
self.assertEquals(None, model.Map.Get(map_id))
self.assertEquals(None, model.Map.GetDeleted(map_id))
def testGetCardByIdAndTopic(self):
self.SetForTest(kmlify, 'FetchData', lambda url, host: KML_DATA)
with test_utils.RootLogin():
response = self.DoGet('/.card/%s.t1' % self.map_id)
self.assertTrue('Topic 1' in response.body)
self.assertTrue('Helsinki' in response.body)
self.assertTrue('Columbus' in response.body)
def testPost_NewPermissions(self):
with test_utils.RootLogin():
response = self.DoUserPermissionsPost(
'xyz.com', [('insider', 'DOMAIN_ADMIN', False)])
# Should redirect back to the admin page.
self.assertTrue('/root/xyz.com/.admin' in response.headers['Location'])
self.assertEqual({perms.Role.DOMAIN_ADMIN},
perms.GetSubjectsForTarget('xyz.com')['insider'])
def testDelete(self):
map_object = test_utils.CreateMap()
map_id = map_object.id
with test_utils.RootLogin():
self.DoPost('/.admin/' + map_id, 'delete=1&xsrf_token=XSRF')
self.assertTrue(model.Map.GetDeleted(map_id).is_deleted)
self.DoPost('/.admin/' + map_id, 'undelete=1&xsrf_token=XSRF')
self.assertFalse(model.Map.Get(map_id).is_deleted)
def testPost_SetDomainRole(self):
with test_utils.RootLogin():
perms.Grant('xyz.com', perms.Role.DOMAIN_ADMIN, 'xyz.com')
perms.Grant('xyz.com', perms.Role.MAP_CREATOR, 'xyz.com')
self.DoUserPermissionsPost(
'xyz.com', [], domain_role=perms.Role.CATALOG_EDITOR)
self.assertEqual({perms.Role.CATALOG_EDITOR},
perms.GetSubjectsForTarget('xyz.com')['xyz.com'])
def testRedirectDefault(self):
"""Tests GetDestination with no label parameter."""
self.assertEquals('http://app.com/root/empty',
self.DoGet('', 302).headers['Location'])
self.assertEquals('http://app.com/root/empty?layers=x',
self.DoGet('/?layers=x', 302).headers['Location'])
with test_utils.RootLogin():
domains.Domain.Put('xyz.com', default_label='qwerty')
self.assertEquals('http://app.com/root/qwerty?layers=x',
self.DoGet('/?layers=x', 302).headers['Location'])
with test_utils.RootLogin():
domains.Domain.Put('foo.org', default_label='fancy-label')
response = self.DoGet('/foo.org/?layers=x', 302)
self.assertEquals('http://app.com/root/foo.org/fancy-label?layers=x',
response.headers['Location'])
def testMapIdInConfig_PublishedMap(self):
with test_utils.RootLogin():
my_map = test_utils.CreateMap()
my_entry = model.CatalogEntry.Create(test_utils.PRIMARY_DOMAIN,
'label', my_map)
cfg = maps.GetConfig(test_utils.SetupRequest(
'/a/%s/label' % test_utils.PRIMARY_DOMAIN),
catalog_entry=my_entry)
self.assertEqual(my_map.id, cfg['map_root']['id'])
def testRemove(self):
"""Tests removal of a catalog entry."""
with test_utils.RootLogin():
model.CatalogEntry.Create('xyz.com', 'abc', self.map_object)
self.assertNotEqual(None, model.CatalogEntry.Get('xyz.com', 'abc'))
with test_utils.Login('owner'):
self.DoPost('/xyz.com/.publish',
'label=abc&remove=1&xsrf_token=XSRF')
self.assertEquals(None, model.CatalogEntry.Get('xyz.com', 'abc'))
def testMapRegion(self):
"""Verifies that the 'region' property affects the Maps API URL."""
m1 = test_utils.CreateMap({'title': 'no region'})
m2 = test_utils.CreateMap({'title': 'has region', 'region': 'in'})
with test_utils.RootLogin():
cm_config = maps.GetConfig(
test_utils.SetupRequest('/.maps/' + m1.id), m1)
self.assertTrue('region=' not in cm_config['maps_api_url'])
cm_config = maps.GetConfig(
test_utils.SetupRequest('/.maps/' + m2.id), m2)
self.assertTrue('region=in' in cm_config['maps_api_url'])
def testDomainAdminRole(self):
with test_utils.RootLogin():
perms.Grant('xyz.com', perms.Role.DOMAIN_ADMIN, 'xyz.com')
perms.Grant('outside_friend', perms.Role.DOMAIN_ADMIN, 'xyz.com')
with test_utils.DomainLogin('insider', 'xyz.com'):
self.assertTrue(
perms.CheckAccess(perms.Role.DOMAIN_ADMIN, 'xyz.com'))
with test_utils.DomainLogin('outside_friend', 'not-xyz.com'):
self.assertTrue(
perms.CheckAccess(perms.Role.DOMAIN_ADMIN, 'xyz.com'))
with test_utils.Login('stranger'):
self.assertFalse(
perms.CheckAccess(perms.Role.DOMAIN_ADMIN, 'xyz.com'))
with test_utils.DomainLogin('stranger_with_ga_domain', 'not-xyz.com'):
self.assertFalse(
perms.CheckAccess(perms.Role.DOMAIN_ADMIN, 'xyz.com'))
with test_utils.RootLogin():
self.assertTrue(
perms.CheckAccess(perms.Role.DOMAIN_ADMIN, 'xyz.com'))
def testUserPermissionsPost_NoSuchDomain(self):
self.assertIsNone(domains.Domain.Get('nosuchdomain.com'))
with test_utils.RootLogin():
# All POSTs other than the "create domain" operation should give a 404.
response = self.DoUserPermissionsPost(
'nosuchdomain.com', [('*****@*****.**', perms.Role.DOMAIN_ADMIN, False)],
status=404)
self.assertIn('nosuchdomain.com', response.body)
response = self.DoNewUserPost('nosuchdomain.com', '*****@*****.**',
perms.Role.DOMAIN_ADMIN, 404)
self.assertIn('nosuchdomain.com', response.body)
response = self.DoDomainSettingsPost('nosuchdomain.com', 'empty', False,
perms.Role.MAP_VIEWER, 404)
self.assertIn('nosuchdomain.com', response.body)
def testPost_MultipleChangesDontInterfere(self):
with test_utils.RootLogin():
# Demote insider to MAP_CREATOR; revoke all permissions for outsider;
# add recipient as a catalog editor
self.DoUserPermissionsPost(
'xyz.com', [('insider', perms.Role.MAP_CREATOR, False),
('outsider', perms.Role.DOMAIN_ADMIN, True)],
new_user=('*****@*****.**', perms.Role.CATALOG_EDITOR),
domain_role=perms.Role.DOMAIN_ADMIN)
new_perms = perms.GetSubjectsForTarget('xyz.com')
self.assertEqual({perms.Role.MAP_CREATOR}, new_perms['insider'])
self.assertNotIn('outsider', new_perms)
self.assertEqual({perms.Role.CATALOG_EDITOR}, new_perms['recipient'])
self.assertEqual({perms.Role.DOMAIN_ADMIN}, new_perms['xyz.com'])
def testInitialDomainRole(self):
# Start with no initial_domain_role for our domain.
with test_utils.RootLogin():
domains.Domain.Put('xyz.com', initial_domain_role=perms.Role.NONE)
perms.Grant('creator', perms.Role.MAP_CREATOR, 'xyz.com')
# Newly created maps should get a domain_role of perms.Role.NONE.
with test_utils.Login('creator'):
response = self.DoPost('/xyz.com/.create', 'xsrf_token=XSRF', 302)
map_object = model.Map.Get(
response.headers['Location'].split('/')[-1])
self.assertEquals(perms.Role.NONE, map_object.domain_role)
# Now set the initial_domain_role for xyz.com.
with test_utils.RootLogin():
domains.Domain.Put('xyz.com',
initial_domain_role=perms.Role.MAP_EDITOR)
# Newly created maps should pick up the new domain_role.
with test_utils.Login('creator'):
response = self.DoPost('/xyz.com/.create', 'xsrf_token=XSRF', 302)
map_object = model.Map.Get(
response.headers['Location'].split('/')[-1])
self.assertEquals(perms.Role.MAP_EDITOR, map_object.domain_role)
def testGetMapPickerItems(self):
"""Tests GetMapPickerItems()."""
with test_utils.RootLogin():
model.CatalogEntryModel(key_name='foo.com:m1',
domain='foo.com',
label='m1',
title='Map 1',
is_listed=True).put()
model.CatalogEntryModel(key_name='primary.com:m2',
domain='primary.com',
label='m2',
title='Map 2',
is_listed=True).put()
self.assertEquals([{
'title': 'Map 1',
'url': '/root/foo.com/m1'
}], maps.GetMapPickerItems('foo.com', '/root'))
self.assertEquals([{
'title': 'Map 2',
'url': '/root/m2'
}], maps.GetMapPickerItems('primary.com', '/root'))
def testDomainRoles(self):
"""Verifies that domain access permissions restrict actions correctly."""
with test_utils.RootLogin():
domains.Domain.Put('foo.com',
initial_domain_role=perms.Role.MAP_OWNER)
m = model.Map.Create({}, 'foo.com')
# Verify that a user in foo.com gets the domain role for foo.com.
with test_utils.DomainLogin('insider', 'foo.com'):
self.assertEquals(
{'MAP_OWNER', 'MAP_EDITOR', 'MAP_REVIEWER', 'MAP_VIEWER'},
GetRolesForMap(m))
m.model.domain_role = perms.Role.MAP_EDITOR
self.assertEquals({'MAP_EDITOR', 'MAP_REVIEWER', 'MAP_VIEWER'},
GetRolesForMap(m))
m.model.domain_role = perms.Role.MAP_REVIEWER
self.assertEquals({'MAP_REVIEWER', 'MAP_VIEWER'},
GetRolesForMap(m))
m.model.domain_role = perms.Role.MAP_VIEWER
self.assertEquals({'MAP_VIEWER'}, GetRolesForMap(m))
def testDiff(self):
"""Test that a map's versions are diffed against new maproot JSON."""
saved_map = {'id': 'random_id_1', 'a': 'b', 'c': 'd'}
new_map = {'id': 'random_id_1', 'a': 'b', 'x': 'y'}
catalog_map = {'id': 'random_id_1', 'x': 'y', 'c': 'd'}
# Create a saved map and a catalog entry to diff against.
with test_utils.RootLogin():
map_object = model.Map.Create(catalog_map,
'xyz.com',
owners=['owner'])
model.CatalogEntry.Create('xyz.com', 'Published', map_object)
map_object.PutNewVersion(saved_map)
# Exercise the diff endpoint.
saved_diff = 'saved diff'
catalog_diff = 'catalog diff'
html_diff = self.mox.CreateMock(difflib.HtmlDiff)
self.mox.StubOutWithMock(difflib, 'HtmlDiff')
difflib.HtmlDiff(wrapcolumn=mox.IgnoreArg()).AndReturn(html_diff)
html_diff.make_file(diff.ToNormalizedJson(saved_map).splitlines(),
diff.ToNormalizedJson(new_map).splitlines(),
fromdesc='Saved',
todesc='Current',
context=mox.IgnoreArg()).AndReturn(saved_diff)
html_diff.make_file(diff.ToNormalizedJson(catalog_map).splitlines(),
diff.ToNormalizedJson(new_map).splitlines(),
fromdesc='xyz.com/Published',
todesc='Current',
context=mox.IgnoreArg()).AndReturn(catalog_diff)
self.mox.ReplayAll()
with test_utils.Login('owner'):
self.DoPost('/.diff/' + map_object.id, {
'new_json': json.dumps(new_map),
'xsrf_token': 'XSRF'
})
def testGet(self):
"""Tests the map listing page."""
with test_utils.RootLogin():
domains.Domain.Put('cows.net')
domains.Domain.Put('dogs.org')
m1 = model.Map.Create({'title': 'Moo'},
'cows.net',
viewers=['viewer'])
m2 = model.Map.Create({'title': 'Arf'},
'dogs.org',
viewers=['viewer'])
with test_utils.Login('viewer'):
result = self.DoGet('/.maps').body
self.assertTrue('Moo' in result, result)
self.assertTrue('.maps/' + m1.id in result, result)
self.assertTrue('Arf' in result, result)
self.assertTrue('.maps/' + m2.id in result, result)
result = self.DoGet('/dogs.org/.maps').body
self.assertTrue('Moo' not in result, result)
self.assertTrue('.maps/' + m1.id not in result, result)
self.assertTrue('Arf' in result, result)
self.assertTrue('.maps/' + m2.id in result, result)
def testPost_DeleteUser(self):
with test_utils.RootLogin():
self.DoUserPermissionsPost('xyz.com',
[('outsider', 'DOMAIN_ADMIN', True)])
self.assertNotIn('outsider', perms.GetSubjectsForTarget('xyz.com'))
def testGet_NoSuchDomain(self):
self.assertIsNone(domains.Domain.Get('nosuchdomain.com'))
with test_utils.RootLogin():
response = self.DoGet(AdminUrl('nosuchdomain.com'), 404)
self.assertIn('nosuchdomain.com', response.status)
def testGeneralAdminGet(self):
with test_utils.Login('manager'):
self.DoGet('/.admin', 403) # only allowed for ADMIN users
with test_utils.RootLogin():
self.DoGet('/.admin')
def testNavigate(self):
with test_utils.RootLogin():
response = self.DoGet('/.admin?map=http://app.com/root/.maps/x', 302)
self.assertEquals(
'http://app.com/root/.admin/x', response.headers['Location'])
def testDomainSettingsPost_NoInitialDomainRole(self):
with test_utils.RootLogin():
domains.Domain.Put('xyz.com', initial_domain_role=perms.Role.MAP_EDITOR)
self.DoDomainSettingsPost('xyz.com', 'label', False, perms.Role.NONE)
self.assertEqual(
perms.Role.NONE, domains.Domain.Get('xyz.com').initial_domain_role)
def testCreateDomain_DomainAlreadyExists(self):
with test_utils.RootLogin():
domains.Domain.Put('foo.com')
response = self.DoCreateDomainPost('foo.com', 403)
self.assertIn('foo.com', response.status)
def testPost_NonexistentDomain(self):
self.assertIsNone(domains.Domain.Get('bar.com'))
with test_utils.RootLogin():
self.DoNewUserPost('bar.com', '*****@*****.**', perms.Role.DOMAIN_ADMIN, 404)
def testPost_NewUserInvalidEmail(self):
with test_utils.RootLogin():
response = self.DoNewUserPost(
'xyz.com', 'bad@email@address', perms.Role.DOMAIN_ADMIN, 400)
self.assertIn('bad@email@address', response.body)
def testPost_SetDomainRoleNone(self):
with test_utils.RootLogin():
perms.Grant('xyz.com', perms.Role.CATALOG_EDITOR, 'xyz.com')
self.DoUserPermissionsPost('xyz.com', [], domain_role=perms.Role.NONE)
self.assertNotIn('xyz.com', perms.GetSubjectsForTarget('xyz.com'))
