def test_list_submission_users_frec_affil(database): """ Test listing users based on frec affiliations """ cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')] frecs = [FRECFactory(frec_code='0000', cgac=cgacs[0]), FRECFactory(frec_code='1111', cgac=cgacs[1])] first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1', email='*****@*****.**') other_user = UserFactory.with_cgacs(cgacs[1], name='Test User', email='*****@*****.**') third_user = UserFactory(name='Frec User', email='*****@*****.**') third_user.affiliations = [UserAffiliation(frec=frecs[0], user_id=third_user.user_id, permission_type_id=PERMISSION_TYPE_DICT['reader'])] database.session.add_all(cgacs + frecs + [first_user, other_user]) database.session.commit() sub_1 = SubmissionFactory(frec_code=frecs[0].frec_code, user_id=first_user.user_id, is_fabs=False) sub_2 = SubmissionFactory(cgac_code=cgacs[1].cgac_code, user_id=other_user.user_id, is_fabs=False) sub_3 = SubmissionFactory(frec_code=frecs[1].frec_code, user_id=other_user.user_id, is_fabs=False) database.session.add_all([sub_1, sub_2, sub_3]) database.session.commit() g.user = third_user response = list_submission_users(False) user_response = json.loads(response.data.decode('UTF-8'))['users'] # List the first user because they have a submission with that frec assert len(user_response) == 1 assert user_response[0]['user_id'] == first_user.user_id assert user_response[0]['name'] == first_user.name assert user_response[0]['email'] == first_user.email
def test_list_submission_users_cgac_affil(database): """ Test listing users based on cgac affiliations """ cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')] first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1') other_user = UserFactory.with_cgacs(cgacs[1], name='Test User') database.session.add_all(cgacs + [first_user, other_user]) database.session.commit() sub_1 = SubmissionFactory(cgac_code=cgacs[0].cgac_code, user_id=first_user.user_id, d2_submission=False) sub_2 = SubmissionFactory(cgac_code=cgacs[0].cgac_code, user_id=other_user.user_id, d2_submission=False) database.session.add_all([sub_1, sub_2]) database.session.commit() g.user = first_user response = list_submission_users(False) user_response = json.loads(response.data.decode('UTF-8'))['users'] # List both users because each has a submission with the cgac assert len(user_response) == 2 assert {user_response[0]['user_id'], user_response[1]['user_id']} == {first_user.user_id, other_user.user_id} assert {user_response[0]['name'], user_response[1]['name']} == {first_user.name, other_user.name} g.user = other_user response = list_submission_users(False) user_response = json.loads(response.data.decode('UTF-8'))['users'] # List only the submissions this user is part of because they have no cgac/frec affiliations with either submission assert len(user_response) == 1 assert user_response[0]['user_id'] == other_user.user_id assert user_response[0]['name'] == other_user.name
def test_list_agencies_limits(monkeypatch, user_constants, domain_app): """List agencies should limit to only the user's agencies""" sess = GlobalDB.db().session user = UserFactory() cgac = CGACFactory() frec_cgac = CGACFactory() frec = FRECFactory(cgac=frec_cgac) sub_tiers = [ SubTierAgencyFactory(sub_tier_agency_code='0', cgac=cgac, frec=None, is_frec=False, sub_tier_agency_name="Test Subtier Agency 0"), SubTierAgencyFactory(sub_tier_agency_code='1', cgac=frec_cgac, frec=frec, is_frec=True, sub_tier_agency_name="Test Subtier Agency 1") ] user.affiliations = [ UserAffiliation(cgac=cgac, frec=None, permission_type_id=2), UserAffiliation(cgac=None, frec=frec, permission_type_id=2) ] sess.add_all([cgac] + [frec_cgac] + [frec] + sub_tiers + [user]) sess.commit() monkeypatch.setattr(domainRoutes, 'g', Mock(user=user)) result = domain_app.get('/v1/list_agencies/').data.decode('UTF-8') res = json.loads(result) assert len(res['cgac_agency_list']) == 1 assert len(res['frec_agency_list']) == 1 assert res['cgac_agency_list'][0]['agency_name'] == cgac.agency_name assert res['cgac_agency_list'][0]['cgac_code'] == cgac.cgac_code assert res['frec_agency_list'][0]['agency_name'] == frec.agency_name assert res['frec_agency_list'][0]['frec_code'] == frec.frec_code
def test_list_submission_users_fabs_dabs(database): """ Test listing DABS vs FABS users """ cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')] first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1') other_user = UserFactory.with_cgacs(cgacs[1], name='Test User') database.session.add_all(cgacs + [first_user, other_user]) database.session.commit() sub_1 = SubmissionFactory(cgac_code=cgacs[0].cgac_code, user_id=first_user.user_id, d2_submission=False) sub_2 = SubmissionFactory(cgac_code=cgacs[0].cgac_code, user_id=other_user.user_id, d2_submission=True) database.session.add_all([sub_1, sub_2]) database.session.commit() g.user = first_user response = list_submission_users(False) user_response = json.loads(response.data.decode('UTF-8'))['users'] # List only the first user because they're the only ones with a DABS submission assert len(user_response) == 1 assert user_response[0]['user_id'] == first_user.user_id assert user_response[0]['name'] == first_user.name response = list_submission_users(True) user_response = json.loads(response.data.decode('UTF-8'))['users'] # List only the other user because they're the only ones with a FABS submission assert len(user_response) == 1 assert user_response[0]['user_id'] == other_user.user_id assert user_response[0]['name'] == other_user.name
def test_list_submissions_permissions(database, monkeypatch): """Verify that the user must be in the same CGAC group, the submission's owner, or website admin to see the submission""" cgac1, cgac2 = CGACFactory(), CGACFactory() user1, user2 = UserFactory.with_cgacs(cgac1), UserFactory() database.session.add_all([cgac1, cgac2, user1, user2]) database.session.commit() sub = SubmissionFactory(user_id=user2.user_id, cgac_code=cgac2.cgac_code, publish_status_id=1) database.session.add(sub) database.session.commit() monkeypatch.setattr(fileHandler, 'g', Mock(user=user1)) assert list_submissions_result()['total'] == 0 user1.affiliations[0].cgac = cgac2 database.session.commit() assert list_submissions_result()['total'] == 1 user1.affiliations = [] database.session.commit() assert list_submissions_result()['total'] == 0 sub.user_id = user1.user_id database.session.commit() assert list_submissions_result()['total'] == 1 sub.user_id = user2.user_id database.session.commit() assert list_submissions_result()['total'] == 0 user1.website_admin = True database.session.commit() assert list_submissions_result()['total'] == 1
def test_list_submission_users_admin(database): """ Test listing all users with a submission (admin called the function) """ cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')] admin_user = UserFactory(website_admin=True, name='Admin User', email='*****@*****.**') other_user = UserFactory.with_cgacs(cgacs[0], name='Test User', email='*****@*****.**') database.session.add_all(cgacs + [admin_user, other_user]) database.session.commit() sub_1 = SubmissionFactory(cgac_code=cgacs[0].cgac_code, user_id=other_user.user_id, d2_submission=False) database.session.add(sub_1) database.session.commit() g.user = admin_user response = list_submission_users(False) user_response = json.loads(response.data.decode('UTF-8'))['users'] # Only lists users with submissions and doesn't care about affiliations because admin assert len(user_response) == 1 assert user_response[0]['user_id'] == other_user.user_id assert user_response[0]['name'] == other_user.name assert user_response[0]['email'] == other_user.email
def test_list_submission_users_owned(database): """ Test listing users based on owned submissions """ cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')] first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1') other_user = UserFactory.with_cgacs(cgacs[0], name='Test User') database.session.add_all(cgacs + [first_user, other_user]) database.session.commit() sub_1 = SubmissionFactory(cgac_code=cgacs[1].cgac_code, user_id=other_user.user_id, d2_submission=False) database.session.add(sub_1) database.session.commit() g.user = first_user response = list_submission_users(False) user_response = json.loads(response.data.decode('UTF-8'))['users'] # Don't list any submissions because they don't own any and have no cgac/frec affiliations assert len(user_response) == 0 g.user = other_user response = list_submission_users(False) user_response = json.loads(response.data.decode('UTF-8'))['users'] # List the user because they have a submission they own (even though it doesn't match the cgac) assert len(user_response) == 1 assert user_response[0]['user_id'] == other_user.user_id assert user_response[0]['name'] == other_user.name
def test_list_submissions_failure(database, monkeypatch): user = UserFactory(user_id=1) sub = SubmissionFactory(user_id=1, submission_id=1, number_of_errors=1, publish_status_id=1) add_models(database, [user, sub]) monkeypatch.setattr(fileHandler, 'g', Mock(user=user)) result = list_submissions_result() assert result['total'] == 1 assert result['submissions'][0]['status'] == "validation_errors" delete_models(database, [user, sub]) user = UserFactory(user_id=1) sub = SubmissionFactory(user_id=1, submission_id=1, publish_status_id=1) job = JobFactory(submission_id=1, job_status_id=JOB_STATUS_DICT['failed'], job_type_id=JOB_TYPE_DICT['csv_record_validation'], file_type_id=FILE_TYPE_DICT['award']) add_models(database, [user, sub, job]) result = list_submissions_result() assert result['total'] == 1 assert result['submissions'][0]['status'] == "failed" delete_models(database, [user, sub, job]) user = UserFactory(user_id=1) sub = SubmissionFactory(user_id=1, submission_id=1, publish_status_id=1) job = JobFactory(submission_id=1, job_status_id=JOB_STATUS_DICT['invalid'], job_type_id=JOB_TYPE_DICT['csv_record_validation'], file_type_id=FILE_TYPE_DICT['award']) add_models(database, [user, sub, job]) result = list_submissions_result() assert result['total'] == 1 assert result['submissions'][0]['status'] == "file_errors" delete_models(database, [user, sub, job])
def test_list_submission_users_frec_affil(database): """ Test listing users based on frec affiliations """ cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')] frecs = [FRECFactory(frec_code='0000', cgac=cgacs[0]), FRECFactory(frec_code='1111', cgac=cgacs[1])] first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1') other_user = UserFactory.with_cgacs(cgacs[1], name='Test User') third_user = UserFactory(name='Frec User') third_user.affiliations = [UserAffiliation(frec=frecs[0], user_id=third_user.user_id, permission_type_id=PERMISSION_TYPE_DICT['reader'])] database.session.add_all(cgacs + frecs + [first_user, other_user]) database.session.commit() sub_1 = SubmissionFactory(frec_code=frecs[0].frec_code, user_id=first_user.user_id, d2_submission=False) sub_2 = SubmissionFactory(cgac_code=cgacs[1].cgac_code, user_id=other_user.user_id, d2_submission=False) sub_3 = SubmissionFactory(frec_code=frecs[1].frec_code, user_id=other_user.user_id, d2_submission=False) database.session.add_all([sub_1, sub_2, sub_3]) database.session.commit() g.user = third_user response = list_submission_users(False) user_response = json.loads(response.data.decode('UTF-8'))['users'] # List the first user because they have a submission with that frec assert len(user_response) == 1 assert user_response[0]['user_id'] == first_user.user_id assert user_response[0]['name'] == first_user.name
def test_active_user_can_dabs_cgac_writer(database, monkeypatch, user_constants): user_cgac, other_cgac = [CGACFactory() for _ in range(2)] user_writer = UserFactory(affiliations=[ UserAffiliation(cgac=user_cgac, permission_type_id=PERMISSION_TYPE_DICT['writer']) ]) database.session.add_all([user_cgac, other_cgac, user_writer]) database.session.commit() monkeypatch.setattr(permissions, 'g', Mock(user=user_writer)) # has permission level, but wrong agency assert not permissions.active_user_can('reader', cgac_code=other_cgac.cgac_code) assert not permissions.active_user_can('writer', cgac_code=other_cgac.cgac_code) # has agency, but not permission level assert not permissions.active_user_can('submitter', cgac_code=user_cgac.cgac_code) assert not permissions.active_user_can('editfabs', cgac_code=user_cgac.cgac_code) assert not permissions.active_user_can('fabs', cgac_code=user_cgac.cgac_code) # right agency, right permission assert permissions.active_user_can('reader', cgac_code=user_cgac.cgac_code) assert permissions.active_user_can('writer', cgac_code=user_cgac.cgac_code) # wrong permission level, wrong agency, but superuser user_writer.website_admin = True assert permissions.active_user_can('submitter', cgac_code=other_cgac.cgac_code)
def test_list_submission_users_fabs_dabs(database): """ Test listing DABS vs FABS users """ cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')] first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1') other_user = UserFactory.with_cgacs(cgacs[1], name='Test User') database.session.add_all(cgacs + [first_user, other_user]) database.session.commit() sub_1 = SubmissionFactory(cgac_code=cgacs[0].cgac_code, user_id=first_user.user_id, d2_submission=False) sub_2 = SubmissionFactory(cgac_code=cgacs[0].cgac_code, user_id=other_user.user_id, d2_submission=True) database.session.add_all([sub_1, sub_2]) database.session.commit() g.user = first_user response = list_submission_users(False) user_response = json.loads(response.data.decode('UTF-8'))['users'] # List only the first user because they're the only ones with a DABS submission assert len(user_response) == 1 assert user_response[0]['user_id'] == first_user.user_id assert user_response[0]['name'] == first_user.name response = list_submission_users(True) user_response = json.loads(response.data.decode('UTF-8'))['users'] # List only the other user because they're the only ones with a FABS submission assert len(user_response) == 1 assert user_response[0]['user_id'] == other_user.user_id assert user_response[0]['name'] == other_user.name
def test_list_agencies_limits(domain_app, database): """ List agencies should limit to only the user's agencies and should not duplicate the same agency even if there are multiple instances of the same agency in the user permissions. """ user = UserFactory() cgac = CGACFactory() frec_cgac = CGACFactory() frec = FRECFactory(cgac=frec_cgac) sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code='0', cgac=cgac, frec=None, is_frec=False, sub_tier_agency_name="Test Subtier Agency 0"), SubTierAgencyFactory(sub_tier_agency_code='1', cgac=frec_cgac, frec=frec, is_frec=True, sub_tier_agency_name="Test Subtier Agency 1")] user.affiliations = [UserAffiliation(cgac=cgac, frec=None, permission_type_id=PERMISSION_SHORT_DICT['w']), UserAffiliation(cgac=cgac, frec=None, permission_type_id=PERMISSION_SHORT_DICT['f']), UserAffiliation(cgac=None, frec=frec, permission_type_id=PERMISSION_SHORT_DICT['w']), UserAffiliation(cgac=None, frec=frec, permission_type_id=PERMISSION_SHORT_DICT['f'])] database.session.add_all([cgac] + [frec_cgac] + [frec] + sub_tiers + [user]) database.session.commit() g.user = user result = domain_app.get('/v1/list_agencies/').data.decode('UTF-8') res = json.loads(result) assert len(res['cgac_agency_list']) == 1 assert len(res['frec_agency_list']) == 1 assert res['cgac_agency_list'][0]['agency_name'] == cgac.agency_name assert res['cgac_agency_list'][0]['cgac_code'] == cgac.cgac_code assert res['frec_agency_list'][0]['agency_name'] == frec.agency_name assert res['frec_agency_list'][0]['frec_code'] == frec.frec_code
def test_list_submission_users_cgac_affil(database): """ Test listing users based on cgac affiliations """ cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')] first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1', email='*****@*****.**') other_user = UserFactory.with_cgacs(cgacs[1], name='Test User', email='*****@*****.**') database.session.add_all(cgacs + [first_user, other_user]) database.session.commit() sub_1 = SubmissionFactory(cgac_code=cgacs[0].cgac_code, user_id=first_user.user_id, is_fabs=False) sub_2 = SubmissionFactory(cgac_code=cgacs[0].cgac_code, user_id=other_user.user_id, is_fabs=False) database.session.add_all([sub_1, sub_2]) database.session.commit() g.user = first_user response = list_submission_users(False) user_response = json.loads(response.data.decode('UTF-8'))['users'] # List both users because each has a submission with the cgac assert len(user_response) == 2 assert {user_response[0]['user_id'], user_response[1]['user_id']} == {first_user.user_id, other_user.user_id} assert {user_response[0]['name'], user_response[1]['name']} == {first_user.name, other_user.name} assert {user_response[0]['email'], user_response[1]['email']} == {first_user.email, other_user.email} g.user = other_user response = list_submission_users(False) user_response = json.loads(response.data.decode('UTF-8'))['users'] # List only the submissions this user is part of because they have no cgac/frec affiliations with either submission assert len(user_response) == 1 assert user_response[0]['user_id'] == other_user.user_id assert user_response[0]['name'] == other_user.name assert user_response[0]['email'] == other_user.email
def test_list_submission_users_cgac_frec_affil(database): """ Test listing users based on both cgac and frec affiliations """ cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')] frecs = [FRECFactory(frec_code='0000', cgac=cgacs[0]), FRECFactory(frec_code='1111', cgac=cgacs[1])] first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1', email='*****@*****.**') other_user = UserFactory.with_cgacs(cgacs[1], name='Test User', email='*****@*****.**') third_user = UserFactory.with_cgacs(cgacs[1], name='Frec User', email='*****@*****.**') third_user.affiliations =\ third_user.affiliations + [UserAffiliation(frec=frecs[0], user_id=third_user.user_id, permission_type_id=PERMISSION_TYPE_DICT['reader'])] database.session.add_all(cgacs + frecs + [first_user, other_user]) database.session.commit() # Third user now has cgac 111 and frec 0000 sub_1 = SubmissionFactory(frec_code=frecs[0].frec_code, user_id=first_user.user_id, is_fabs=False) sub_2 = SubmissionFactory(cgac_code=cgacs[1].cgac_code, user_id=other_user.user_id, is_fabs=False) sub_3 = SubmissionFactory(frec_code=frecs[1].frec_code, user_id=other_user.user_id, is_fabs=False) database.session.add_all([sub_1, sub_2, sub_3]) database.session.commit() g.user = third_user response = list_submission_users(False) user_response = json.loads(response.data.decode('UTF-8'))['users'] # List both other users because one has a frec agency and one has a cgac assert len(user_response) == 2 assert {user_response[0]['user_id'], user_response[1]['user_id']} == {first_user.user_id, other_user.user_id} assert {user_response[0]['name'], user_response[1]['name']} == {first_user.name, other_user.name} assert {user_response[0]['email'], user_response[1]['email']} == {first_user.email, other_user.email}
def test_current_user_can_dabs_frec_reader(database, monkeypatch, user_constants): user_cgac, other_cgac = [CGACFactory() for _ in range(2)] user_frec, other_frec = FRECFactory(cgac=user_cgac), FRECFactory(cgac=other_cgac) user_reader = UserFactory(affiliations=[ UserAffiliation(frec=user_frec, permission_type_id=PERMISSION_TYPE_DICT['reader']) ]) database.session.add_all([user_cgac, other_cgac, user_frec, other_frec, user_reader]) database.session.commit() monkeypatch.setattr(permissions, 'g', Mock(user=user_reader)) # has permission level, but wrong agency assert not permissions.current_user_can('reader', frec_code=other_frec.frec_code) # has agency, but not permission level assert not permissions.current_user_can('writer', frec_code=user_frec.frec_code) assert not permissions.current_user_can('submitter', frec_code=user_frec.frec_code) assert not permissions.current_user_can('editfabs', cgac_code=user_frec.frec_code) assert not permissions.current_user_can('fabs', cgac_code=user_frec.frec_code) # right agency, right permission assert permissions.current_user_can('reader', frec_code=user_frec.frec_code) # wrong permission level, wrong agency, but superuser user_reader.website_admin = True assert permissions.current_user_can('submitter', frec_code=other_frec.frec_code)
def test_list_submission_users_cgac_frec_affil(database): """ Test listing users based on both cgac and frec affiliations """ cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')] frecs = [FRECFactory(frec_code='0000', cgac=cgacs[0]), FRECFactory(frec_code='1111', cgac=cgacs[1])] first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1') other_user = UserFactory.with_cgacs(cgacs[1], name='Test User') third_user = UserFactory.with_cgacs(cgacs[1], name='Frec User') third_user.affiliations =\ third_user.affiliations + [UserAffiliation(frec=frecs[0], user_id=third_user.user_id, permission_type_id=PERMISSION_TYPE_DICT['reader'])] database.session.add_all(cgacs + frecs + [first_user, other_user]) database.session.commit() # Third user now has cgac 111 and frec 0000 sub_1 = SubmissionFactory(frec_code=frecs[0].frec_code, user_id=first_user.user_id, d2_submission=False) sub_2 = SubmissionFactory(cgac_code=cgacs[1].cgac_code, user_id=other_user.user_id, d2_submission=False) sub_3 = SubmissionFactory(frec_code=frecs[1].frec_code, user_id=other_user.user_id, d2_submission=False) database.session.add_all([sub_1, sub_2, sub_3]) database.session.commit() g.user = third_user response = list_submission_users(False) user_response = json.loads(response.data.decode('UTF-8'))['users'] # List both other users because one has a frec agency and one has a cgac assert len(user_response) == 2 assert {user_response[0]['user_id'], user_response[1]['user_id']} == {first_user.user_id, other_user.user_id} assert {user_response[0]['name'], user_response[1]['name']} == {first_user.name, other_user.name}
def test_current_user_can_multiple_fabs_permissions(database, monkeypatch, user_constants): user_cgac, other_cgac = [CGACFactory() for _ in range(2)] user_fabs = UserFactory(affiliations=[ UserAffiliation(cgac=user_cgac, permission_type_id=ALL_PERMISSION_TYPES_DICT['editfabs']), UserAffiliation(cgac=user_cgac, permission_type_id=ALL_PERMISSION_TYPES_DICT['fabs']) ]) database.session.add_all([user_cgac, other_cgac, user_fabs]) database.session.commit() monkeypatch.setattr(permissions, 'g', Mock(user=user_fabs)) # has permission level, but wrong agency assert not permissions.current_user_can('reader', cgac_code=other_cgac.cgac_code) assert not permissions.current_user_can('editfabs', cgac_code=other_cgac.cgac_code) assert not permissions.current_user_can('fabs', cgac_code=other_cgac.cgac_code) # has agency, but not permission level assert not permissions.current_user_can('writer', cgac_code=user_cgac.cgac_code) assert not permissions.current_user_can('submitter', cgac_code=user_cgac.cgac_code) # right agency, right permission assert permissions.current_user_can('reader', cgac_code=user_cgac.cgac_code) assert permissions.current_user_can('editfabs', cgac_code=user_cgac.cgac_code) assert permissions.current_user_can('fabs', cgac_code=user_cgac.cgac_code) # wrong agency, but superuser user_fabs.website_admin = True assert permissions.current_user_can('fabs', cgac_code=other_cgac.cgac_code)
def test_list_submission_users_owned(database): """ Test listing users based on owned submissions """ cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')] first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1', email='*****@*****.**') other_user = UserFactory.with_cgacs(cgacs[0], name='Test User', email='*****@*****.**') database.session.add_all(cgacs + [first_user, other_user]) database.session.commit() sub_1 = SubmissionFactory(cgac_code=cgacs[1].cgac_code, user_id=other_user.user_id, d2_submission=False) database.session.add(sub_1) database.session.commit() g.user = first_user response = list_submission_users(False) user_response = json.loads(response.data.decode('UTF-8'))['users'] # Don't list any submissions because they don't own any and have no cgac/frec affiliations assert len(user_response) == 0 g.user = other_user response = list_submission_users(False) user_response = json.loads(response.data.decode('UTF-8'))['users'] # List the user because they have a submission they own (even though it doesn't match the cgac) assert len(user_response) == 1 assert user_response[0]['user_id'] == other_user.user_id assert user_response[0]['name'] == other_user.name assert user_response[0]['email'] == other_user.email
def add_user(email, name, username, website_admin=False): user = UserFactory( email=email, website_admin=website_admin, name=name, username=username, affiliations=[UserAffiliation( cgac=cgac, permission_type_id=PERMISSION_TYPE_DICT['writer'] )] ) user.salt, user.password_hash = get_password_hash(user_password, Bcrypt()) sess.add(user)
def test_list_submissions_failure(database, job_constants, monkeypatch): fh = fileHandler.FileHandler(Mock()) mock_value = Mock() mock_value.getName.return_value = 1 monkeypatch.setattr(fileHandler, 'LoginSession', mock_value) user = UserFactory(user_id=1, cgac_code='cgac') sub = SubmissionFactory(user_id=1, submission_id=1, number_of_errors=1, cgac_code='cgac') add_models(database, [user, sub]) json_response = fh.list_submissions(PAGE, LIMIT, CERTIFIED) assert json.loads(json_response.get_data().decode("utf-8"))['total'] == 1 assert json.loads(json_response.get_data().decode( "utf-8"))['submissions'][0]['status'] == "validation_errors" delete_models(database, [user, sub]) sess = database.session user = UserFactory(user_id=1, cgac_code='cgac') sub = SubmissionFactory(user_id=1, submission_id=1, cgac_code='cgac') job = JobFactory( submission_id=1, job_status=sess.query(JobStatus).filter_by(name='failed').one(), job_type=sess.query(JobType).filter_by( name='csv_record_validation').one(), file_type=sess.query(FileType).filter_by(name='award').one()) add_models(database, [user, sub, job]) json_response = fh.list_submissions(PAGE, LIMIT, CERTIFIED) assert json.loads(json_response.get_data().decode("utf-8"))['total'] == 1 assert json.loads(json_response.get_data().decode( "utf-8"))['submissions'][0]['status'] == "failed" delete_models(database, [user, sub, job]) sess = database.session user = UserFactory(user_id=1, cgac_code='cgac') sub = SubmissionFactory(user_id=1, submission_id=1, cgac_code='cgac') job = JobFactory( submission_id=1, job_status=sess.query(JobStatus).filter_by(name='invalid').one(), job_type=sess.query(JobType).filter_by( name='csv_record_validation').one(), file_type=sess.query(FileType).filter_by(name='award').one()) add_models(database, [user, sub, job]) json_response = fh.list_submissions(PAGE, LIMIT, CERTIFIED) assert json.loads(json_response.get_data().decode("utf-8"))['total'] == 1 assert json.loads(json_response.get_data().decode( "utf-8"))['submissions'][0]['status'] == "file_errors" delete_models(database, [user, sub, job])
def add_user(email, name, username, permission_type=ALL_PERMISSION_TYPES_DICT['writer'], website_admin=False): user = UserFactory( email=email, website_admin=website_admin, name=name, username=username, affiliations=[UserAffiliation( cgac=cgac, permission_type_id=permission_type )] ) user.salt, user.password_hash = get_password_hash(user_password, Bcrypt()) sess.add(user)
def test_certify_dabs_submission(database, monkeypatch): """ Tests the certify_dabs_submission function """ with Flask('test-app').app_context(): now = datetime.datetime.utcnow() sess = database.session user = UserFactory() cgac = CGACFactory(cgac_code='001', agency_name='CGAC Agency') submission = SubmissionFactory(created_at=now, updated_at=now, cgac_code=cgac.cgac_code, reporting_fiscal_period=3, reporting_fiscal_year=2017, is_quarter_format=True, publishable=True, publish_status_id=PUBLISH_STATUS_DICT['unpublished'], d2_submission=False, number_of_errors=0, number_of_warnings=200, certifying_user_id=None) sess.add_all([user, cgac, submission]) sess.commit() g.user = user file_handler = fileHandler.FileHandler({}, is_local=True) monkeypatch.setattr(file_handler, 'move_certified_files', Mock(return_value=True)) monkeypatch.setattr(fileHandler.GlobalDB, 'db', Mock(return_value=database)) certify_dabs_submission(submission, file_handler) sess.refresh(submission) certify_history = sess.query(CertifyHistory).filter_by(submission_id=submission.submission_id).one_or_none() assert certify_history is not None assert submission.certifying_user_id == user.user_id assert submission.publish_status_id == PUBLISH_STATUS_DICT['published']
def test_list_agencies_superuser(domain_app, database): """ All agencies should be visible to website admins """ user = UserFactory(website_admin=True) cgacs = [CGACFactory(cgac_code=str(i)) for i in range(3)] frec_cgac = CGACFactory() frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)] cgac_sub_tiers = [ SubTierAgencyFactory(sub_tier_agency_code=str(i), cgac=cgacs[i], frec=None, is_frec=False, sub_tier_agency_name="Test Subtier Agency " + str(i)) for i in range(3) ] frec_sub_tiers = [ SubTierAgencyFactory(sub_tier_agency_code=str(3 + i), cgac=frec_cgac, frec=frecs[i], is_frec=True, sub_tier_agency_name="Test Subtier Agency " + str(3 + i)) for i in range(3) ] database.session.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers + frec_sub_tiers + [user]) database.session.commit() g.user = user result = domain_app.get('/v1/list_agencies/').data.decode('UTF-8') response = json.loads(result) result = {el['cgac_code'] for el in response['cgac_agency_list']} assert result == {'0', '1', '2'} # i.e. all of them result = {el['frec_code'] for el in response['frec_agency_list']} assert result == {'0', '1', '2'} # i.e. all of them
def test_certify_dabs_submission_quarterly_revalidation_multiple_thresholds(database): """ Tests that a DABS submission is not affected by a different quarterly revalidation threshold than the one that matches its reporting_start_date. """ with Flask('test-app').app_context(): now = datetime.datetime.utcnow() earlier = now - datetime.timedelta(days=1) sess = database.session user = UserFactory() cgac = CGACFactory(cgac_code='001', agency_name='CGAC Agency') submission = SubmissionFactory(created_at=earlier, updated_at=earlier, cgac_code=cgac.cgac_code, reporting_fiscal_period=3, reporting_fiscal_year=2017, reporting_start_date='2016-10-01', is_quarter_format=True, publishable=True, publish_status_id=PUBLISH_STATUS_DICT['unpublished'], d2_submission=False, number_of_errors=0, number_of_warnings=200, certifying_user_id=None) quarter_reval = QuarterlyRevalidationThresholdFactory(year=2017, quarter=1, window_start=earlier) quarter_reval_2 = QuarterlyRevalidationThresholdFactory(year=2017, quarter=2, window_start=now + datetime.timedelta(days=10)) sess.add_all([user, cgac, submission, quarter_reval, quarter_reval_2]) sess.commit() job = JobFactory(submission_id=submission.submission_id, last_validated=now, job_type_id=JOB_TYPE_DICT['csv_record_validation']) sess.add(job) sess.commit() g.user = user file_handler = fileHandler.FileHandler({}, is_local=True) response = certify_dabs_submission(submission, file_handler) assert response.status_code == 200
def test_create_session_and_response(database, monkeypatch): cgacs = [ CGACFactory(cgac_code=str(i) * 3, agency_name=str(i)) for i in range(3) ] user = UserFactory( name="my name", title="my title", affiliations=[ UserAffiliation(cgac=cgacs[1], permission_type_id=PERMISSION_TYPE_DICT['reader']), UserAffiliation(cgac=cgacs[2], permission_type_id=PERMISSION_TYPE_DICT['writer']), ]) database.session.add_all(cgacs + [user]) database.session.commit() monkeypatch.setattr(account_handler, 'LoginSession', Mock()) mock_session = {'sid': 'test sid'} result = account_handler.AccountHandler.create_session_and_response( mock_session, user) result = json.loads(result.data.decode('utf-8')) assert result['message'] == 'Login successful' assert result['user_id'] == user.user_id assert result['name'] == 'my name' assert result['title'] == 'my title' assert result['session_id'] == 'test sid' assert dict(agency_name='1', permission='reader') in result['affiliations'] assert dict(agency_name='2', permission='writer') in result['affiliations']
def test_list_submissions_permissions(database, monkeypatch): """Verify that the user must be in the same CGAC group, the submission's owner, or website admin to see the submission""" cgac1, cgac2 = CGACFactory(), CGACFactory() user1, user2 = UserFactory.with_cgacs(cgac1), UserFactory() database.session.add_all([cgac1, cgac2, user1, user2]) database.session.commit() sub = SubmissionFactory(user_id=user2.user_id, cgac_code=cgac2.cgac_code, publish_status_id=1) database.session.add(sub) database.session.commit() monkeypatch.setattr(fileHandler, 'g', Mock(user=user1)) assert list_submissions_result()['total'] == 0 user1.affiliations[0].cgac = cgac2 database.session.commit() assert list_submissions_result()['total'] == 1 user1.affiliations = [] database.session.commit() assert list_submissions_result()['total'] == 0 sub.user_id = user1.user_id database.session.commit() assert list_submissions_result()['total'] == 1 sub.user_id = user2.user_id database.session.commit() assert list_submissions_result()['total'] == 0 user1.website_admin = True database.session.commit() assert list_submissions_result()['total'] == 1
def test_certify_dabs_submission_revalidation_needed(database): """ Tests the certify_dabs_submission function preventing certification when revalidation threshold isn't met """ with Flask('test-app').app_context(): now = datetime.datetime.utcnow() earlier = now - datetime.timedelta(days=1) sess = database.session user = UserFactory() cgac = CGACFactory(cgac_code='001', agency_name='CGAC Agency') submission = SubmissionFactory(created_at=earlier, updated_at=earlier, cgac_code=cgac.cgac_code, reporting_fiscal_period=3, reporting_fiscal_year=2017, is_quarter_format=True, publishable=True, publish_status_id=PUBLISH_STATUS_DICT['unpublished'], d2_submission=False, number_of_errors=0, number_of_warnings=200, certifying_user_id=None) reval = RevalidationThresholdFactory(revalidation_date=now) sess.add_all([user, cgac, submission, reval]) sess.commit() job = JobFactory(submission_id=submission.submission_id, last_validated=earlier, job_type_id=JOB_TYPE_DICT['csv_record_validation']) sess.add(job) sess.commit() g.user = user file_handler = fileHandler.FileHandler({}, is_local=True) response = certify_dabs_submission(submission, file_handler) response_json = json.loads(response.data.decode('UTF-8')) assert response.status_code == 400 assert response_json['message'] == "This submission has not been validated since before the revalidation " \ "threshold ({}), it must be revalidated before certifying.". \ format(now.strftime('%Y-%m-%d %H:%M:%S'))
def test_certify_dabs_submission_quarterly_revalidation_not_in_db(database): """ Tests that a DABS submission that doesnt have its year/quarter in the system won't be able to certify. """ with Flask('test-app').app_context(): now = datetime.datetime.utcnow() sess = database.session user = UserFactory() cgac = CGACFactory(cgac_code='001', agency_name='CGAC Agency') submission = SubmissionFactory(created_at=now, updated_at=now, cgac_code=cgac.cgac_code, reporting_fiscal_period=3, reporting_fiscal_year=2017, is_quarter_format=True, publishable=True, publish_status_id=PUBLISH_STATUS_DICT['unpublished'], d2_submission=False, number_of_errors=0, number_of_warnings=200, certifying_user_id=None) sess.add_all([user, cgac, submission]) sess.commit() job = JobFactory(submission_id=submission.submission_id, last_validated=now, job_type_id=JOB_TYPE_DICT['csv_record_validation']) sess.add(job) sess.commit() g.user = user file_handler = fileHandler.FileHandler({}, is_local=True) response = certify_dabs_submission(submission, file_handler) response_json = json.loads(response.data.decode('UTF-8')) assert response.status_code == 400 assert response_json['message'] == "No submission window for this year and quarter was found. If this is an " \ "error, please contact the Service Desk."
def test_certify_dabs_submission_quarterly_revalidation_too_early(database): """ Tests that a DABS submission that was last validated before the window start cannot be certified. """ with Flask('test-app').app_context(): now = datetime.datetime.utcnow() earlier = now - datetime.timedelta(days=1) sess = database.session user = UserFactory() cgac = CGACFactory(cgac_code='001', agency_name='CGAC Agency') submission = SubmissionFactory(created_at=earlier, updated_at=earlier, cgac_code=cgac.cgac_code, reporting_fiscal_period=3, reporting_fiscal_year=2017, is_quarter_format=True, publishable=True, publish_status_id=PUBLISH_STATUS_DICT['unpublished'], d2_submission=False, number_of_errors=0, number_of_warnings=200, certifying_user_id=None) quarter_reval = QuarterlyRevalidationThresholdFactory(year=2017, quarter=1, window_start=now) sess.add_all([user, cgac, submission, quarter_reval]) sess.commit() job = JobFactory(submission_id=submission.submission_id, last_validated=earlier, job_type_id=JOB_TYPE_DICT['csv_record_validation']) sess.add(job) sess.commit() g.user = user file_handler = fileHandler.FileHandler({}, is_local=True) response = certify_dabs_submission(submission, file_handler) response_json = json.loads(response.data.decode('UTF-8')) assert response.status_code == 400 assert response_json['message'] == "This submission was last validated or its D files generated before the " \ "start of the submission window ({}). Please revalidate before " \ "certifying.".\ format(quarter_reval.window_start.strftime('%m/%d/%Y'))
def test_list_data_sources(domain_app, database): """ List all data sources that have a load date """ user = UserFactory() now = datetime.datetime.now() external_loads = [ ExternalDataLoadDate( external_data_load_date_id=-1, last_load_date_start=now - datetime.timedelta(days=1), last_load_date_end=now, external_data_type_id=EXTERNAL_DATA_TYPE_DICT['usps_download']), ExternalDataLoadDate( external_data_load_date_id=-2, last_load_date_start=now - datetime.timedelta(weeks=4), last_load_date_end=now - datetime.timedelta(weeks=3), external_data_type_id=EXTERNAL_DATA_TYPE_DICT[ 'program_activity_upload']) ] database.session.add_all(external_loads + [user]) database.session.commit() g.user = user result = domain_app.get('/v1/list_data_sources/').data.decode('UTF-8') response = json.loads(result) assert len(response.keys()) == 2 assert response['usps_download'] == now.strftime("%m/%d/%Y %H:%M:%S") assert response['program_activity_upload'] == ( now - datetime.timedelta(weeks=3)).strftime("%m/%d/%Y %H:%M:%S")
def test_list_submissions(file_app, database, user_constants, job_constants): """Test listing user's submissions. The expected values here correspond to the number of submissions within the agency of the user that is logged in """ cgacs = [CGACFactory() for _ in range(5)] user1 = UserFactory.with_cgacs(cgacs[0], cgacs[1]) user2 = UserFactory.with_cgacs(cgacs[2]) user3 = UserFactory.with_cgacs(*cgacs) database.session.add_all(cgacs + [user1, user2, user3]) database.session.commit() submissions = [ # one submission per CGAC SubmissionFactory(cgac_code=cgac.cgac_code, publish_status_id=PUBLISH_STATUS_DICT['unpublished']) for cgac in cgacs ] database.session.add_all(submissions) g.user = user1 response = file_app.get("/v1/list_submissions/?certified=mixed") assert sub_ids(response) == {sub.submission_id for sub in submissions[:2]} response = file_app.get("/v1/list_submissions/?certified=false") assert sub_ids(response) == {sub.submission_id for sub in submissions[:2]} response = file_app.get("/v1/list_submissions/?certified=true") assert sub_ids(response) == set() submissions[0].publish_status_id = PUBLISH_STATUS_DICT['published'] database.session.commit() response = file_app.get("/v1/list_submissions/?certified=true") assert sub_ids(response) == {submissions[0].submission_id} g.user = user2 response = file_app.get("/v1/list_submissions/?certified=mixed") assert sub_ids(response) == {submissions[2].submission_id} g.user = user3 submissions[3].d2_submission = True submissions[4].d2_submission = True database.session.commit() response = file_app.get( "/v1/list_submissions/?certified=mixed&d2_submission=true") assert sub_ids(response) == {sub.submission_id for sub in submissions[3:]} response = file_app.get("/v1/list_submissions/?certified=mixed") assert sub_ids(response) == {sub.submission_id for sub in submissions[:3]}
def test_list_submissions_sort_success(database, monkeypatch): user1 = UserFactory(user_id=1, name='Oliver Queen', website_admin=True) user2 = UserFactory(user_id=2, name='Barry Allen') sub1 = SubmissionFactory(user_id=1, submission_id=1, number_of_warnings=1, reporting_start_date=date(2010, 1, 1), publish_status_id=1) sub2 = SubmissionFactory(user_id=1, submission_id=2, number_of_warnings=1, reporting_start_date=date(2010, 1, 2), publish_status_id=1) sub3 = SubmissionFactory(user_id=2, submission_id=3, number_of_warnings=1, reporting_start_date=date(2010, 1, 3), publish_status_id=1) sub4 = SubmissionFactory(user_id=2, submission_id=4, number_of_warnings=1, reporting_start_date=date(2010, 1, 4), publish_status_id=1) sub5 = SubmissionFactory(user_id=2, submission_id=5, number_of_warnings=1, reporting_start_date=date(2010, 1, 5), publish_status_id=1) add_models(database, [user1, user2, sub1, sub2, sub3, sub4, sub5]) monkeypatch.setattr(fileHandler, 'g', Mock(user=user1)) result = list_submissions_sort('reporting', 'desc') assert result['total'] == 5 sub = result['submissions'][0] index = 0 for subit in result['submissions']: index += 1 assert subit['reporting_start_date'] <= sub['reporting_start_date'] sub = subit result = list_submissions_sort('reporting', 'asc') assert result['total'] == 5 sub = result['submissions'][0] for subit in result['submissions']: assert subit['reporting_start_date'] >= sub['reporting_start_date'] sub = subit result = list_submissions_sort('submitted_by', 'asc') assert result['total'] == 5 sub = result['submissions'][0] for subit in result['submissions']: assert subit['user']['name'] >= sub['user']['name'] sub = subit result = list_submissions_sort('submitted_by', 'desc') assert result['total'] == 5 sub = result['submissions'][0] for subit in result['submissions']: assert subit['user']['name'] <= sub['user']['name'] sub = subit delete_models(database, [user1, user2, sub1, sub2, sub3, sub4, sub5])
def test_list_submissions_failure(database, monkeypatch): user = UserFactory(user_id=1) sub = SubmissionFactory(user_id=1, submission_id=1, number_of_errors=1, publish_status_id=1) add_models(database, [user, sub]) monkeypatch.setattr(fileHandler, 'g', Mock(user=user)) result = list_submissions_result() assert result['total'] == 1 assert result['submissions'][0]['status'] == "validation_errors" delete_models(database, [user, sub]) sess = database.session user = UserFactory(user_id=1) sub = SubmissionFactory(user_id=1, submission_id=1, publish_status_id=1) job = JobFactory( submission_id=1, job_status=sess.query(JobStatus).filter_by(name='failed').one(), job_type=sess.query(JobType).filter_by( name='csv_record_validation').one(), file_type=sess.query(FileType).filter_by(name='award').one()) add_models(database, [user, sub, job]) result = list_submissions_result() assert result['total'] == 1 assert result['submissions'][0]['status'] == "failed" delete_models(database, [user, sub, job]) sess = database.session user = UserFactory(user_id=1) sub = SubmissionFactory(user_id=1, submission_id=1, publish_status_id=1) job = JobFactory( submission_id=1, job_status=sess.query(JobStatus).filter_by(name='invalid').one(), job_type=sess.query(JobType).filter_by( name='csv_record_validation').one(), file_type=sess.query(FileType).filter_by(name='award').one()) add_models(database, [user, sub, job]) result = list_submissions_result() assert result['total'] == 1 assert result['submissions'][0]['status'] == "file_errors" delete_models(database, [user, sub, job])
def test_list_submissions(file_app, database, user_constants, job_constants): """Test listing user's submissions. The expected values here correspond to the number of submissions within the agency of the user that is logged in """ cgacs = [CGACFactory() for _ in range(5)] user1 = UserFactory.with_cgacs(cgacs[0], cgacs[1]) user2 = UserFactory.with_cgacs(cgacs[2]) user3 = UserFactory.with_cgacs(*cgacs) database.session.add_all(cgacs + [user1, user2, user3]) database.session.commit() submissions = [ # one submission per CGAC SubmissionFactory(cgac_code=cgac.cgac_code, publish_status_id=PUBLISH_STATUS_DICT['unpublished']) for cgac in cgacs ] database.session.add_all(submissions) g.user = user1 response = file_app.get("/v1/list_submissions/?certified=mixed") assert sub_ids(response) == {sub.submission_id for sub in submissions[:2]} response = file_app.get("/v1/list_submissions/?certified=false") assert sub_ids(response) == {sub.submission_id for sub in submissions[:2]} response = file_app.get("/v1/list_submissions/?certified=true") assert sub_ids(response) == set() submissions[0].publish_status_id = PUBLISH_STATUS_DICT['published'] database.session.commit() response = file_app.get("/v1/list_submissions/?certified=true") assert sub_ids(response) == {submissions[0].submission_id} g.user = user2 response = file_app.get("/v1/list_submissions/?certified=mixed") assert sub_ids(response) == {submissions[2].submission_id} g.user = user3 submissions[3].d2_submission = True submissions[4].d2_submission = True database.session.commit() response = file_app.get("/v1/list_submissions/?certified=mixed&d2_submission=true") assert sub_ids(response) == {sub.submission_id for sub in submissions[3:]} response = file_app.get("/v1/list_submissions/?certified=mixed") assert sub_ids(response) == {sub.submission_id for sub in submissions[:3]}
def test_get_accessible_agencies(database): """ Test listing all the agencies (CGAC and FREC) that are accessible based on permissions given """ # The first cgac/frec don't have sub tiers associated, they should still show up when affiliations are present cgacs = [CGACFactory(cgac_code=str(i), agency_name="Test Agency " + str(i)) for i in range(3)] frec_cgac = CGACFactory() frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)] cgac_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(i), cgac=cgacs[i], frec=None, is_frec=False, sub_tier_agency_name="Test Subtier Agency C" + str(i)) for i in range(1, 3)] frec_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(3 + i), cgac=frec_cgac, frec=frecs[i], is_frec=True, sub_tier_agency_name="Test Subtier Agency F" + str(i)) for i in range(1, 3)] database.session.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers + frec_sub_tiers) database.session.commit() user = UserFactory(affiliations=[ UserAffiliation(user_affiliation_id=1, cgac=cgacs[0], frec=None, permission_type_id=PERMISSION_TYPE_DICT['writer']), UserAffiliation(user_affiliation_id=2, cgac=None, frec=frecs[1], permission_type_id=PERMISSION_TYPE_DICT['reader']), UserAffiliation(user_affiliation_id=3, cgac=None, frec=frecs[2], permission_type_id=PERMISSION_TYPE_DICT['reader']) ]) database.session.add(user) database.session.commit() g.user = user # Test one CGAC and 2 FRECs, have to decode it because we send it back as a response already results = get_accessible_agencies() frec_code_result = {el["frec_code"] for el in results["frec_agency_list"]} frec_name_result = {el["agency_name"] for el in results["frec_agency_list"]} assert len(results["cgac_agency_list"]) == 1 assert len(results["frec_agency_list"]) == 2 assert results["cgac_agency_list"][0]["agency_name"] == cgacs[0].agency_name assert results["cgac_agency_list"][0]["cgac_code"] == cgacs[0].cgac_code assert frec_name_result == {frecs[1].agency_name, frecs[2].agency_name} assert frec_code_result == {frecs[1].frec_code, frecs[2].frec_code} # Test when user is website admin, should return everything, but only 2 frecs because only 2 of the 3 have the # frec flag user.affiliations = [] user.website_admin = True results = get_accessible_agencies() assert len(results["cgac_agency_list"]) == 3 assert len(results["frec_agency_list"]) == 2
def test_list_sub_tier_agencies_admin(domain_app, database): """ List all sub tiers that a user has FABS permissions for """ user = UserFactory(website_admin=True) cgacs = [CGACFactory(cgac_code=str(i)) for i in range(3)] frec_cgac = CGACFactory() frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)] cgac_sub_tiers = [ SubTierAgencyFactory(sub_tier_agency_code=str(i), cgac=cgacs[i], frec=None, is_frec=False, sub_tier_agency_name="Test Subtier Agency " + str(i)) for i in range(3) ] frec_sub_tiers = [ SubTierAgencyFactory(sub_tier_agency_code=str(3 + i), cgac=frec_cgac, frec=frecs[i], is_frec=True, sub_tier_agency_name="Test Subtier Agency " + str(3 + i)) for i in range(3) ] user.affiliations = [ UserAffiliation(cgac=cgacs[0], frec=None, permission_type_id=PERMISSION_SHORT_DICT['f']), UserAffiliation(cgac=None, frec=frecs[2], permission_type_id=PERMISSION_SHORT_DICT['f']) ] database.session.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers + frec_sub_tiers + [user]) database.session.commit() g.user = user result = domain_app.get('/v1/list_sub_tier_agencies/').data.decode('UTF-8') response = json.loads(result) result = {el['agency_code'] for el in response['sub_tier_agency_list']} assert len(response["sub_tier_agency_list"] ) == 6 # All of them, ignores affiliations assert result == {'0', '1', '2', '3', '4', '5'} # All of them, ignores affiliations
def test_list_user_emails(database, user_constants, user_app): cgacs = [CGACFactory() for _ in range(3)] users = [UserFactory.with_cgacs(cgacs[0]), UserFactory.with_cgacs(cgacs[0], cgacs[1]), UserFactory.with_cgacs(cgacs[1]), UserFactory.with_cgacs(cgacs[2])] database.session.add_all(users) database.session.commit() def user_ids(): result = user_app.get('/v1/list_user_emails/').data.decode('UTF-8') return {user['id'] for user in json.loads(result)['users']} g.user = users[0] assert user_ids() == {users[0].user_id, users[1].user_id} g.user = users[3] assert user_ids() == {users[3].user_id} g.user.website_admin = True database.session.commit() assert user_ids() == {user.user_id for user in users}
def test_list_agencies_all(domain_app, database): """All agencies should be visible to website admins""" user = UserFactory() cgacs = [CGACFactory(cgac_code=str(i)) for i in range(3)] frec_cgac = CGACFactory() frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)] cgac_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(i), cgac=cgacs[i], frec=None, is_frec=False, sub_tier_agency_name="Test Subtier Agency "+str(i)) for i in range(3)] frec_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(3+i), cgac=frec_cgac, frec=frecs[i], is_frec=True, sub_tier_agency_name="Test Subtier Agency "+str(3+i)) for i in range(3)] user.affiliations = [UserAffiliation(cgac=cgacs[0], frec=frecs[0], permission_type_id=PERMISSION_SHORT_DICT['w'])] database.session.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers + frec_sub_tiers + [user]) database.session.commit() g.user = user result = domain_app.get('/v1/list_all_agencies/').data.decode('UTF-8') response = json.loads(result) result = {el['cgac_code'] for el in response['agency_list']} assert result == {'0', '1', '2'} # i.e. all of them result = {el['frec_code'] for el in response['shared_agency_list']} assert result == {'0', '1', '2'} # i.e. all of them
def test_list_sub_tier_agencies(domain_app, database): """ List all sub tiers that a user has FABS permissions for """ user = UserFactory() cgacs = [CGACFactory(cgac_code=str(i)) for i in range(3)] frec_cgac = CGACFactory() frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)] cgac_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(i), cgac=cgacs[i], frec=None, is_frec=False, sub_tier_agency_name="Test Subtier Agency " + str(i)) for i in range(3)] frec_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(3 + i), cgac=frec_cgac, frec=frecs[i], is_frec=True, sub_tier_agency_name="Test Subtier Agency " + str(3 + i)) for i in range(3)] user.affiliations = [UserAffiliation(cgac=cgacs[0], frec=None, permission_type_id=PERMISSION_SHORT_DICT['f']), UserAffiliation(cgac=None, frec=frecs[2], permission_type_id=PERMISSION_SHORT_DICT['f'])] database.session.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers + frec_sub_tiers + [user]) database.session.commit() g.user = user result = domain_app.get('/v1/list_sub_tier_agencies/').data.decode('UTF-8') response = json.loads(result) result = {el['agency_code'] for el in response['sub_tier_agency_list']} assert len(response["sub_tier_agency_list"]) == 2 # Only one cgac and one frec assert result == {'0', '5'} # Only subtiers created from the relevant cgacs
def test_requires_submission_perm_no_submission(database, test_app): """If no submission exists, we should see an exception""" sub = SubmissionFactory(user=UserFactory()) database.session.add(sub) database.session.commit() g.user = sub.user fn = permissions.requires_submission_perms('writer')(Mock()) # Does not raise exception fn(sub.submission_id) with pytest.raises(ResponseException): fn(sub.submission_id + 1) # different submission id
def test_certify_dabs_submission(database, monkeypatch): """ Tests the certify_dabs_submission function """ with Flask('test-app').app_context(): now = datetime.datetime.utcnow() sess = database.session user = UserFactory() cgac = CGACFactory(cgac_code='001', agency_name='CGAC Agency') submission = SubmissionFactory(created_at=now, updated_at=now, cgac_code=cgac.cgac_code, reporting_fiscal_period=3, reporting_fiscal_year=2017, is_quarter_format=True, publishable=True, publish_status_id=PUBLISH_STATUS_DICT['unpublished'], d2_submission=False, number_of_errors=0, number_of_warnings=200, certifying_user_id=None) quarter_reval = QuarterlyRevalidationThresholdFactory(year=2017, quarter=1, window_start=now - datetime.timedelta(days=1)) sess.add_all([user, cgac, submission, quarter_reval]) sess.commit() comment = CommentFactory(file_type_id=FILE_TYPE_DICT['appropriations'], comment='Test', submission_id=submission.submission_id) job_1 = JobFactory(submission_id=submission.submission_id, last_validated=now, job_type_id=JOB_TYPE_DICT['csv_record_validation']) job_2 = JobFactory(submission_id=submission.submission_id, last_validated=now + datetime.timedelta(days=1), job_type_id=JOB_TYPE_DICT['csv_record_validation']) sess.add_all([job_1, job_2, comment]) sess.commit() flex_field = FlexField(file_type_id=FILE_TYPE_DICT['appropriations'], header='flex_test', job_id=job_1.job_id, submission_id=submission.submission_id, row_number=2, cell=None) sess.add(flex_field) sess.commit() g.user = user file_handler = fileHandler.FileHandler({}, is_local=True) monkeypatch.setattr(file_handler, 'move_certified_files', Mock(return_value=True)) monkeypatch.setattr(fileHandler.GlobalDB, 'db', Mock(return_value=database)) certify_dabs_submission(submission, file_handler) sess.refresh(submission) certify_history = sess.query(CertifyHistory).filter_by(submission_id=submission.submission_id).one_or_none() assert certify_history is not None assert submission.certifying_user_id == user.user_id assert submission.publish_status_id == PUBLISH_STATUS_DICT['published'] # Make sure certified comments are created certified_comment = sess.query(CertifiedComment).filter_by(submission_id=submission.submission_id).one_or_none() assert certified_comment is not None # Make sure certified flex fields are created certified_flex = sess.query(CertifiedFlexField).filter_by(submission_id=submission.submission_id).one_or_none() assert certified_flex is not None
def test_permissions_filter_admin(database, monkeypatch): sess = database.session db_objects = [] # Setup admin user admin_user = UserFactory(name='Administrator', website_admin=True) db_objects.append(admin_user) monkeypatch.setattr(filters_helper, 'g', Mock(user=admin_user)) # admin user queries should be identical to the provided query base_query = sess.query(Submission) query = filters_helper.permissions_filter(base_query) assert query == base_query
def test_delete_user(database): user_handler = UserHandler() # Create user with email user_to_be_deleted = UserFactory() email = user_to_be_deleted.email other_user = UserFactory() database.session.add_all([user_to_be_deleted, other_user]) database.session.commit() # Create two submissions for this user and one for a different user sub_one = SubmissionFactory(user_id=user_to_be_deleted.user_id) sub_two = SubmissionFactory(user_id=user_to_be_deleted.user_id) other_sub = SubmissionFactory(user_id=other_user.user_id) database.session.add_all([sub_one, sub_two, other_sub]) database.session.commit() # Delete a user user_handler.deleteUser(email) # Confirm user has been deleted and that user's submissions have no user_id assert database.session.query(User).filter_by(email=email).count() == 0 assert sub_one.user_id is None assert sub_two.user_id is None # Confirm that other submission was not affected assert other_sub.user_id == other_user.user_id
def test_list_agencies_limits(domain_app, database): """List agencies should limit to only the user's agencies""" user = UserFactory() cgac = CGACFactory() frec_cgac = CGACFactory() frec = FRECFactory(cgac=frec_cgac) sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code='0', cgac=cgac, frec=None, is_frec=False, sub_tier_agency_name="Test Subtier Agency 0"), SubTierAgencyFactory(sub_tier_agency_code='1', cgac=frec_cgac, frec=frec, is_frec=True, sub_tier_agency_name="Test Subtier Agency 1")] user.affiliations = [UserAffiliation(cgac=cgac, frec=None, permission_type_id=PERMISSION_SHORT_DICT['w']), UserAffiliation(cgac=None, frec=frec, permission_type_id=PERMISSION_SHORT_DICT['w'])] database.session.add_all([cgac] + [frec_cgac] + [frec] + sub_tiers + [user]) database.session.commit() g.user = user result = domain_app.get('/v1/list_agencies/').data.decode('UTF-8') res = json.loads(result) assert len(res['cgac_agency_list']) == 1 assert len(res['frec_agency_list']) == 1 assert res['cgac_agency_list'][0]['agency_name'] == cgac.agency_name assert res['cgac_agency_list'][0]['cgac_code'] == cgac.cgac_code assert res['frec_agency_list'][0]['agency_name'] == frec.agency_name assert res['frec_agency_list'][0]['frec_code'] == frec.frec_code
def test_list_submission_users_admin(database): """ Test listing all users with a submission (admin called the function) """ cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')] admin_user = UserFactory(website_admin=True, name='Admin User') other_user = UserFactory.with_cgacs(cgacs[0], name='Test User') database.session.add_all(cgacs + [admin_user, other_user]) database.session.commit() sub_1 = SubmissionFactory(cgac_code=cgacs[0].cgac_code, user_id=other_user.user_id, d2_submission=False) database.session.add(sub_1) database.session.commit() g.user = admin_user response = list_submission_users(False) user_response = json.loads(response.data.decode('UTF-8'))['users'] # Only lists users with submissions and doesn't care about affiliations because admin assert len(user_response) == 1 assert user_response[0]['user_id'] == other_user.user_id assert user_response[0]['name'] == other_user.name
def test_current_user_can(database, monkeypatch, user_constants): # Test CGAC DABS permissions user_cgac, other_cgac = [CGACFactory() for _ in range(2)] user_one = UserFactory(affiliations=[ UserAffiliation(cgac=user_cgac, permission_type_id=PERMISSION_TYPE_DICT['writer']) ]) database.session.add_all([user_cgac, other_cgac, user_one]) database.session.commit() monkeypatch.setattr(permissions, 'g', Mock(user=user_one)) # has permission level, but wrong agency assert not permissions.current_user_can('reader', other_cgac.cgac_code, None) # has agency, but not permission level assert not permissions.current_user_can('submitter', user_cgac.cgac_code, None) # right agency, right permission assert permissions.current_user_can('writer', user_cgac.cgac_code, None) assert permissions.current_user_can('reader', user_cgac.cgac_code, None) # wrong permission level, wrong agency, but superuser user_one.website_admin = True assert permissions.current_user_can('submitter', other_cgac.cgac_code, None) # Test FREC DABS permissions user_frec, other_frec = [FRECFactory(cgac=user_cgac) for _ in range(2)] user_two = UserFactory(affiliations=[ UserAffiliation(frec=user_frec, permission_type_id=PERMISSION_TYPE_DICT['writer']) ]) database.session.add_all([user_frec, other_frec, user_two]) database.session.commit() monkeypatch.setattr(permissions, 'g', Mock(user=user_two)) # has permission level, but wrong agency assert not permissions.current_user_can('reader', None, other_frec.frec_code) # has agency, but not permission level assert not permissions.current_user_can('submitter', None, user_frec.frec_code) # right agency, right permission assert permissions.current_user_can('writer', None, user_frec.frec_code) assert permissions.current_user_can('reader', None, user_frec.frec_code) # wrong permission level, wrong agency, but superuser user_two.website_admin = True assert permissions.current_user_can('submitter', None, other_frec.frec_code) # Test FABS permissions user_three = UserFactory(affiliations=[ UserAffiliation(cgac=user_cgac, permission_type_id=PERMISSION_SHORT_DICT['f']) ]) database.session.add(user_three) database.session.commit() monkeypatch.setattr(permissions, 'g', Mock(user=user_three)) # has permission level, but wrong agency assert not permissions.current_user_can('fabs', other_cgac.cgac_code, None) # has agency, but not permission level assert not permissions.current_user_can('submitter', user_cgac.cgac_code, None) # right agency, right permission assert permissions.current_user_can('fabs', user_cgac.cgac_code, None) # wrong permission level, wrong agency, but superuser user_three.website_admin = True assert permissions.current_user_can('submitter', other_cgac.cgac_code, None)
def test_current_page(file_app, database): """Test the route to check what the current progress of the submission is at the correct page """ cgac = CGACFactory() user = UserFactory.with_cgacs(cgac) user.user_id = 1 user.name = 'Oliver Queen' user.website_admin = True database.session.add(user) database.session.commit() g.user = user sub = SubmissionFactory(user_id=1, cgac_code=cgac.cgac_code) database.session.add(sub) database.session.commit() csv_validation = JOB_TYPE_DICT['csv_record_validation'] upload = JOB_TYPE_DICT['file_upload'] validation = JOB_TYPE_DICT['validation'] finished_job = JOB_STATUS_DICT['finished'] waiting = JOB_STATUS_DICT['waiting'] job_a = JobFactory(submission_id=sub.submission_id, file_type_id=FILE_TYPE_DICT['appropriations'], job_type_id=csv_validation, number_of_errors=0, file_size=123, job_status_id=finished_job) job_b = JobFactory(submission_id=sub.submission_id, file_type_id=FILE_TYPE_DICT['program_activity'], job_type_id=csv_validation, number_of_errors=0, file_size=123, job_status_id=finished_job) job_c = JobFactory(submission_id=sub.submission_id, file_type_id=FILE_TYPE_DICT['award_financial'], job_type_id=csv_validation, number_of_errors=0, file_size=123, job_status_id=finished_job) job_d1 = JobFactory(submission_id=sub.submission_id, file_type_id=FILE_TYPE_DICT['award_procurement'], job_type_id=csv_validation, number_of_errors=0, file_size=123, job_status_id=finished_job) job_d2 = JobFactory(submission_id=sub.submission_id, file_type_id=FILE_TYPE_DICT['award'], job_type_id=csv_validation, number_of_errors=0, file_size=123, job_status_id=finished_job) job_e = JobFactory(submission_id=sub.submission_id, file_type_id=FILE_TYPE_DICT['executive_compensation'], job_type_id=upload, number_of_errors=0, file_size=123, job_status_id=finished_job) job_f = JobFactory(submission_id=sub.submission_id, file_type_id=FILE_TYPE_DICT['sub_award'], job_type_id=upload, number_of_errors=0, file_size=123, job_status_id=finished_job) job_cross_file = JobFactory(submission_id=sub.submission_id, file_type_id=None, job_type_id=validation, number_of_errors=0, file_size=123, job_status_id=finished_job) database.session.add_all([job_a, job_b, job_c, job_d1, job_d2, job_e, job_f, job_cross_file]) database.session.commit() # Everything ok response = file_app.get("/v1/check_current_page/?submission_id=" + str(sub.submission_id)) response_json = json.loads(response.data.decode('UTF-8')) assert response_json['step'] == '5' job_e.job_status_id = 6 database.session.commit() # E or F failed response = file_app.get("/v1/check_current_page/?submission_id=" + str(sub.submission_id)) response_json = json.loads(response.data.decode('UTF-8')) assert response_json['step'] == '4' job_e.job_status_id = 4 job_cross_file.number_of_errors = 6 database.session.commit() # Restore job_e and create errors for cross_file response = file_app.get("/v1/check_current_page/?submission_id=" + str(sub.submission_id)) response_json = json.loads(response.data.decode('UTF-8')) assert response_json['step'] == '3' job_d1.number_of_errors = 6 database.session.commit() # D file has errors response = file_app.get("/v1/check_current_page/?submission_id=" + str(sub.submission_id)) response_json = json.loads(response.data.decode('UTF-8')) assert response_json['step'] == '2' job_c.number_of_errors = 6 database.session.commit() # Fail C file validation response = file_app.get("/v1/check_current_page/?submission_id=" + str(sub.submission_id)) response_json = json.loads(response.data.decode('UTF-8')) assert response_json['step'] == '1' job_cross_file.job_status_id = waiting job_d1.number_of_errors = 0 database.session.commit() # E and F generated with C file errors response = file_app.get("/v1/check_current_page/?submission_id=" + str(sub.submission_id)) response_json = json.loads(response.data.decode('UTF-8')) assert response_json['step'] == '1'