Ejemplo n.º 1
0
 def test_listing_users(self):
     headers = dict(Authorization='Bearer %s' % self.admin_token())
     # add a dozen users
     session = self.storage.make_session(namespace='unittest')
     for i in range(12):
         session.add(
             User(userid='user_%s' % i,
                  credentials='user_%s' % i,
                  user_group=10))
     session.flush()
     transaction.commit()
     # admin user can retrieve all users
     out = self.api.get('/api/v1/user/records?limit=10', headers=headers)
     assert len(out.json['records']) == 10
     assert out.json['total'] == 13
     # lets retrieve the next page with the remaining users
     out = self.api.get('/api/v1/user/records?offset=10', headers=headers)
     assert len(out.json['records']) == 3
     assert out.json['total'] == 13
     # non admin users can only retrieve themselves
     token = self.api.post_json('/api/v1/auth/login', {
         'user': '******',
         'password': '******'
     }).json['token']
     out = self.api.get('/api/v1/user/records',
                        headers={'Authorization': 'Bearer %s' % token})
     assert len(out.json['records']) == 1
     assert out.json['records'][0]['userid'] == 'user_4'
Ejemplo n.º 2
0
    def test_resource_methods_with_specified_principals(self):
        # this tests the explicity passing of principals into the
        # resource methods (get, put, delete).
        # With normal webrequests, this is evaluated before executing the
        # view by pyramid, so the principals do not need to be passed.

        session = self.storage.make_session(namespace='unittest')
        context = UserResource(self.storage.registry, session)
        # let's try to retrieve the admin user as user john
        with pytest.raises(HTTPForbidden):
            context.get(1, principals=['user:john'])
        # create user john as editor
        john = context.put(User(userid='john',
                                credentials='j0hn',
                                user_group=10),
                           principals=['group:admin'])
        # user john should be retrievable by user john
        user = context.get(john.id, principals=['user:john'])
        assert user is not None
        assert user.id == john.id
        # john can not delete himself
        with pytest.raises(HTTPForbidden):
            context.delete(john, principals=['user:john'])
        # but an admin can
        context.delete(john, principals=['group:admin'])
Ejemplo n.º 3
0
 def generate_test_token(self, user_group_password, owners=None):
     """Returns a token for owner / editor / admin / viewer
     If the user does not exist, a new user is created
     """
     response = self.api.post_json(
             '/api/v1/auth/login',
             {'user': user_group_password,
              'password': user_group_password}
             ,status=[200, 401])
     if response.status_code == 401:
         context = UserResource(self.storage.registry, self.session)
         context.put(
             User(userid=user_group_password,
                  credentials=user_group_password,
                  owns=[Owner(**d) for d in (owners or [])],
                  user_group={'admin': 100,
                              'manager': 80,
                              'editor': 60,
                              'owner': 40,
                              'viewer': 10}[user_group_password]),
             principals=['group:admin'])
         transaction.commit()
         response = self.api.post_json(
             '/api/v1/auth/login',
             {'user': user_group_password, 'password': user_group_password})
     return response.json['token']
Ejemplo n.º 4
0
 def collection_post(self):
     "Create a new User"
     user = User.from_dict(self.request.validated)
     self.context.put(user)
     # force reload the user from db to retrieve the credentials hash
     self.context.session.refresh(user)
     user = self.context.get(user.id)
     self.request.response.status = 201
     return UserSchema().to_json(user.to_dict())
Ejemplo n.º 5
0
    def initialize_repository(self, session, namespace, admin_userid, admin_credentials):
        session.execute('SET search_path TO %s, public' % namespace);
        user_groups = DEFAULTS['user_groups']
        for id, label in user_groups.items():
            session.add(UserGroup(id=id, label=label))
        session.flush()
        session.add(User(userid=admin_userid,
                         credentials=admin_credentials,
                         user_group=100))
        session.flush()
        group_types = DEFAULTS['group_types']
        for key, label in group_types.items():
            session.add(GroupType(key=key, label=label))
        person_account_types = DEFAULTS['person_account_types']
        for key, label in person_account_types.items():
            session.add(PersonAccountType(key=key, label=label))
        group_account_types = DEFAULTS['group_account_types']
        for key, label in group_account_types.items():
            session.add(GroupAccountType(key=key, label=label))
        work_types = DEFAULTS['work_types']
        for key, label in work_types.items():
            session.add(WorkType(key=key, label=label))
        contributor_roles = DEFAULTS['contributor_roles']
        for key, label in contributor_roles.items():
            session.add(ContributorRole(key=key, label=label))
        identifier_types = DEFAULTS['identifier_types']
        for key, label in identifier_types.items():
            session.add(IdentifierType(key=key, label=label))
        relation_types = DEFAULTS['relation_types']
        for key, label in relation_types.items():
            session.add(RelationType(key=key, label=label))
        description_types = DEFAULTS['description_types']
        for key, label in description_types.items():
            session.add(DescriptionType(key=key, label=label))
        description_formats = DEFAULTS['description_formats']
        for key, label in description_formats.items():
            session.add(DescriptionFormat(key=key, label=label))
        measure_types = DEFAULTS['measure_types']
        for key, label in measure_types.items():
            session.add(MeasureType(key=key, label=label))
        position_types = DEFAULTS['position_types']
        for key, label in position_types.items():
            session.add(PositionType(key=key, label=label))

        session.flush()
        session.execute('SET search_path TO public');
        session.flush()
Ejemplo n.º 6
0
 def test_crud_groups_by_user_groups(self):
     super(GroupAuthorzationWebTest, self).setUp()
     # add some users
     test_users = [('test_admin', 100), ('test_manager', 80),
                   ('test_editor', 60)]
     session = self.storage.make_session(namespace='unittest')
     for user, user_group in test_users:
         session.add(
             User(userid=user, credentials=user, user_group=user_group))
     session.flush()
     transaction.commit()
     for user, user_group in test_users:
         token = self.api.post_json('/api/v1/auth/login', {
             'user': user,
             'password': user
         }).json['token']
         headers = dict(Authorization='Bearer %s' % token)
         out = self.api.post_json('/api/v1/group/records', {
             'international_name': user,
             'type': 'organisation'
         },
                                  headers=headers,
                                  status=201)
         last_id = out.json['id']
         out = self.api.get('/api/v1/group/records/%s' % last_id,
                            headers=headers)
         assert out.json['international_name'] == user
         out = self.api.put_json('/api/v1/group/records/%s' % last_id, {
             'id': last_id,
             'international_name': user,
             'abbreviated_name': 'C.',
             'type': 'organisation'
         },
                                 headers=headers,
                                 status=200)
         assert out.json['abbreviated_name'] == 'C.'
         out = self.api.delete('/api/v1/group/records/%s' % last_id,
                               headers=headers)
         self.api.get('/api/v1/group/records/%s' % last_id,
                      headers=headers,
                      status=404)
Ejemplo n.º 7
0
 def test_crud_memberships_by_user_memberships(self):
     super(MembershipAuthorzationWebTest, self).setUp()
     # add some users
     test_users = [('test_admin', 100),
                   ('test_manager', 80),
                   ('test_editor',  60)]
     session = self.storage.make_session(namespace='unittest')
     for user, user_group in test_users:
         session.add(
             User(userid=user, credentials=user, user_group=user_group))
     session.flush()
     transaction.commit()
     for user, user_membership in test_users:
         token = self.api.post_json(
         '/api/v1/auth/login',
         {'user': user, 'password': user}).json['token']
         headers = dict(Authorization='Bearer %s' % token)
         out = self.api.post_json('/api/v1/membership/records',
                                  {'person_id': self.john_id,
                                   'group_id': self.corp_id,
                                   'start_date': '2017-01-01',
                                   'end_date': '2017-12-31'},
                                  headers=headers,
                                  status=201)
         last_id = out.json['id']
         out = self.api.get('/api/v1/membership/records/%s' % last_id,
                            headers=headers)
         assert out.json['person_id'] == self.john_id
         out = self.api.put_json('/api/v1/membership/records/%s' % last_id,
                                 {'id': last_id,
                                  'person_id': self.jane_id,
                                  'group_id': self.corp_id},
                                 headers=headers,
                                 status=200)
         assert out.json['person_id'] == self.jane_id
         out = self.api.delete('/api/v1/membership/records/%s' % last_id,
                               headers=headers)
         self.api.get('/api/v1/membership/records/%s' % last_id,
                      headers=headers,
                      status=404)