def test_user_delete_group(self):
george = self.george
bikers = self.bikers
self.assertTrue(
is_equal_to_as_set(george.uaccess.view_groups, [bikers]))
george.uaccess.delete_group(bikers)
self.assertTrue(is_equal_to_as_set(george.uaccess.view_groups, []))
def test_08_discoverable(self):
"""Discoverable resources show up in discoverable resource listings"""
chewies = self.chewies
nobody = self.nobody
# test making a resource public
self.assertFalse(chewies.raccess.immutable)
self.assertFalse(chewies.raccess.public)
self.assertFalse(chewies.raccess.published)
self.assertFalse(chewies.raccess.discoverable)
self.assertTrue(chewies.raccess.shareable)
chewies.raccess.discoverable = True
chewies.raccess.save()
self.assertFalse(chewies.raccess.immutable)
self.assertFalse(chewies.raccess.public)
self.assertFalse(chewies.raccess.published)
self.assertTrue(chewies.raccess.discoverable)
self.assertTrue(chewies.raccess.shareable)
# discoverable doesn't mean public
# TODO: get_public_resources and get_discoverable_resources should be
# static methods
self.assertTrue(
is_equal_to_as_set([], GenericResource.public_resources.all()))
self.assertTrue(
is_equal_to_as_set([chewies],
GenericResource.discoverable_resources.all()))
# can 'nobody' see the public resource owned by 'dog' but not
# explicitly shared with 'nobody'.
self.assertFalse(nobody.uaccess.owns_resource(chewies))
self.assertFalse(nobody.uaccess.can_change_resource(chewies))
self.assertFalse(nobody.uaccess.can_view_resource(chewies))
def test_08_public(self):
"""Public resources show up in public listings"""
chewies = self.chewies
nobody = self.nobody
self.assertFalse(chewies.raccess.immutable)
self.assertFalse(chewies.raccess.public)
self.assertFalse(chewies.raccess.published)
self.assertFalse(chewies.raccess.discoverable)
self.assertTrue(chewies.raccess.shareable)
chewies.raccess.public = True
chewies.raccess.save()
self.assertFalse(chewies.raccess.immutable)
self.assertTrue(chewies.raccess.public)
self.assertFalse(chewies.raccess.published)
self.assertFalse(chewies.raccess.discoverable)
self.assertTrue(chewies.raccess.shareable)
self.assertTrue(
is_equal_to_as_set([chewies],
GenericResource.public_resources.all()))
self.assertTrue(
is_equal_to_as_set([chewies],
GenericResource.discoverable_resources.all()))
# can 'nobody' see the public resource owned by 'dog'
# but not explicitly shared with 'nobody'.
self.assertTrue(nobody.uaccess.can_view_resource(chewies))
self.assertFalse(nobody.uaccess.can_change_resource(chewies))
self.assertFalse(nobody.uaccess.owns_resource(chewies))
def test_08_public(self):
"""Public resources show up in public listings"""
chewies = self.chewies
nobody = self.nobody
self.assertFalse(chewies.raccess.immutable)
self.assertFalse(chewies.raccess.public)
self.assertFalse(chewies.raccess.published)
self.assertFalse(chewies.raccess.discoverable)
self.assertTrue(chewies.raccess.shareable)
chewies.raccess.public = True
chewies.raccess.save()
self.assertFalse(chewies.raccess.immutable)
self.assertTrue(chewies.raccess.public)
self.assertFalse(chewies.raccess.published)
self.assertFalse(chewies.raccess.discoverable)
self.assertTrue(chewies.raccess.shareable)
self.assertTrue(
is_equal_to_as_set(
[chewies],
GenericResource.public_resources.all()))
self.assertTrue(
is_equal_to_as_set(
[chewies],
GenericResource.discoverable_resources.all()))
# can 'nobody' see the public resource owned by 'dog'
# but not explicitly shared with 'nobody'.
self.assertTrue(nobody.uaccess.can_view_resource(chewies))
self.assertFalse(nobody.uaccess.can_change_resource(chewies))
self.assertFalse(nobody.uaccess.owns_resource(chewies))
def test_public_resources(self):
""" public resources contain those resources that are public and discoverable """
self.dog.uaccess.share_community_with_group(self.pets, self.dogs,
PrivilegeCodes.VIEW)
self.dog.uaccess.share_community_with_group(self.pets, self.cats,
PrivilegeCodes.VIEW)
res = self.pets.public_resources
self.assertTrue(is_equal_to_as_set(res, []))
self.holes.raccess.public = True
self.holes.raccess.discoverable = True
self.holes.raccess.save(
) # this avoids regular requirements for "public"
res = self.pets.public_resources
self.assertTrue(is_equal_to_as_set(res, [self.holes]))
for r in res:
self.assertEqual(r.public, r.raccess.public)
self.assertEqual(r.discoverable, r.raccess.discoverable)
self.assertEqual(r.published, r.raccess.published)
self.assertEqual(r.group_name, self.dogs.name)
self.assertEqual(r.group_id, self.dogs.id)
self.posts.raccess.discoverable = True
self.posts.raccess.save()
res = self.pets.public_resources
self.assertTrue(is_equal_to_as_set(res, [self.holes, self.posts]))
for r in res:
self.assertEqual(r.public, r.raccess.public)
self.assertEqual(r.discoverable, r.raccess.discoverable)
self.assertEqual(r.published, r.raccess.published)
if r.id == self.posts.id:
self.assertEqual(r.group_name, self.cats.name)
self.assertEqual(r.group_id, self.cats.id)
else:
self.assertEqual(r.group_name, self.dogs.name)
self.assertEqual(r.group_id, self.dogs.id)
def test_01_groups(self):
"basic function: groups appear and disappear according to access rules "
# flag state
self.assertFalse(self.posts.raccess.discoverable)
groups = GroupAccess.groups_with_public_resources()
self.assertTrue(is_equal_to_as_set([], groups))
# override policies for discoverable data
self.posts.raccess.discoverable = True
self.posts.raccess.save()
# group should appear in list
groups = GroupAccess.groups_with_public_resources()
self.assertTrue(is_equal_to_as_set([self.cats], groups))
# group should contain a public resource
resources = self.cats.gaccess.public_resources
self.assertTrue(is_equal_to_as_set([self.posts], resources))
self.bones.raccess.discoverable = True
self.bones.raccess.save()
# Now group dogs should appear in list
groups = GroupAccess.groups_with_public_resources()
print(groups)
self.assertTrue(is_equal_to_as_set([self.cats, self.dogs], groups))
# group should contain a public resource
resources = self.dogs.gaccess.public_resources
self.assertTrue(is_equal_to_as_set([self.bones], resources))
def test_user_share_group_with_user(self):
george = self.george
alva = self.alva
bikers = self.bikers
self.assertTrue(is_equal_to_as_set(bikers.gaccess.members, [george]))
george.uaccess.share_group_with_user(bikers, alva, PrivilegeCodes.VIEW)
self.assertTrue(
is_equal_to_as_set(bikers.gaccess.members, [george, alva]))
def test_user_share_resource_with_user(self):
george = self.george
alva = self.alva
bikes = self.bikes
self.assertTrue(is_equal_to_as_set(alva.uaccess.view_resources, []))
george.uaccess.share_resource_with_user(bikes, alva,
PrivilegeCodes.VIEW)
self.assertTrue(
is_equal_to_as_set(alva.uaccess.view_resources, [bikes]))
def test_user_share_resource_with_group(self):
george = self.george
bikes = self.bikes
bikers = self.bikers
self.assertTrue(is_equal_to_as_set(bikers.gaccess.view_resources, []))
george.uaccess.share_resource_with_group(bikes, bikers,
PrivilegeCodes.VIEW)
self.assertTrue(
is_equal_to_as_set(bikers.gaccess.view_resources, [bikes]))
def test_resource_edit_groups(self):
george = self.george
bikes = self.bikes
bikers = self.bikers
self.assertTrue(is_equal_to_as_set(bikes.raccess.edit_groups, []))
george.uaccess.share_resource_with_group(bikes, bikers,
PrivilegeCodes.CHANGE)
self.assertTrue(is_equal_to_as_set(bikes.raccess.edit_groups,
[bikers]))
def test_resource_owners(self):
george = self.george
alva = self.alva
bikes = self.bikes
self.assertTrue(is_equal_to_as_set(bikes.raccess.owners, [george]))
george.uaccess.share_resource_with_user(bikes, alva,
PrivilegeCodes.OWNER)
self.assertTrue(
is_equal_to_as_set(bikes.raccess.owners, [george, alva]))
def test_user_delete_group(self):
george = self.george
bikers = self.bikers
self.assertTrue(
is_equal_to_as_set(
george.uaccess.view_groups,
[bikers]))
george.uaccess.delete_group(bikers)
self.assertTrue(is_equal_to_as_set(george.uaccess.view_groups, []))
def test_user_create_group(self):
george = self.george
bikers = self.bikers
self.assertTrue(
is_equal_to_as_set(george.uaccess.view_groups, [bikers]))
foo = george.uaccess.create_group(title='Foozball',
description="We are the foozball")
self.assertTrue(
is_equal_to_as_set(george.uaccess.view_groups, [foo, bikers]))
def test_user_share_group_with_user(self):
george = self.george
alva = self.alva
bikers = self.bikers
self.assertTrue(is_equal_to_as_set(bikers.gaccess.members, [george]))
george.uaccess.share_group_with_user(bikers, alva, PrivilegeCodes.VIEW)
self.assertTrue(
is_equal_to_as_set(
bikers.gaccess.members, [
george, alva]))
def test_user_get_group_unshare_users(self):
george = self.george
alva = self.alva
bikers = self.bikers
self.assertTrue(
is_equal_to_as_set(george.uaccess.get_group_unshare_users(bikers),
[]))
george.uaccess.share_group_with_user(bikers, alva, PrivilegeCodes.VIEW)
self.assertTrue(
is_equal_to_as_set(george.uaccess.get_group_unshare_users(bikers),
[alva]))
def test_resource_owners(self):
george = self.george
alva = self.alva
bikes = self.bikes
self.assertTrue(is_equal_to_as_set(bikes.raccess.owners, [george]))
george.uaccess.share_resource_with_user(
bikes, alva, PrivilegeCodes.OWNER)
self.assertTrue(
is_equal_to_as_set(
bikes.raccess.owners, [
george, alva]))
def test_resource_edit_groups(self):
george = self.george
bikes = self.bikes
bikers = self.bikers
self.assertTrue(is_equal_to_as_set(bikes.raccess.edit_groups, []))
george.uaccess.share_resource_with_group(
bikes, bikers, PrivilegeCodes.CHANGE)
self.assertTrue(
is_equal_to_as_set(
bikes.raccess.edit_groups,
[bikers]))
def test_user_share_resource_with_user(self):
george = self.george
alva = self.alva
bikes = self.bikes
self.assertTrue(is_equal_to_as_set(alva.uaccess.view_resources, []))
george.uaccess.share_resource_with_user(
bikes, alva, PrivilegeCodes.VIEW)
self.assertTrue(
is_equal_to_as_set(
alva.uaccess.view_resources,
[bikes]))
def test_user_share_resource_with_group(self):
george = self.george
bikes = self.bikes
bikers = self.bikers
self.assertTrue(is_equal_to_as_set(bikers.gaccess.view_resources, []))
george.uaccess.share_resource_with_group(
bikes, bikers, PrivilegeCodes.VIEW)
self.assertTrue(
is_equal_to_as_set(
bikers.gaccess.view_resources,
[bikes]))
def test_user_get_group_unshare_users(self):
george = self.george
alva = self.alva
bikers = self.bikers
self.assertTrue(
is_equal_to_as_set(
george.uaccess.get_group_unshare_users(bikers),
[]))
george.uaccess.share_group_with_user(bikers, alva, PrivilegeCodes.VIEW)
self.assertTrue(
is_equal_to_as_set(
george.uaccess.get_group_unshare_users(bikers),
[alva]))
def test_user_edit_resources(self):
george = self.george
bikes = self.bikes
self.assertTrue(
is_equal_to_as_set(george.uaccess.edit_resources, [bikes]))
trikes = hydroshare.create_resource(
resource_type='GenericResource',
owner=self.george,
title='Trikes',
metadata=[],
)
self.assertTrue(
is_equal_to_as_set(george.uaccess.edit_resources, [bikes, trikes]))
def test_user_create_group(self):
george = self.george
bikers = self.bikers
self.assertTrue(
is_equal_to_as_set(
george.uaccess.view_groups,
[bikers]))
foo = george.uaccess.create_group(
title='Foozball', description="We are the foozball")
self.assertTrue(
is_equal_to_as_set(
george.uaccess.view_groups, [
foo, bikers]))
def test_group_get_resources_with_explicit_access(self):
george = self.george
bikers = self.bikers
bikes = self.bikes
self.assertTrue(
is_equal_to_as_set(
bikers.gaccess.get_resources_with_explicit_access(
PrivilegeCodes.VIEW), []))
george.uaccess.share_resource_with_group(bikes, bikers,
PrivilegeCodes.CHANGE)
self.assertTrue(
is_equal_to_as_set(
bikers.gaccess.get_resources_with_explicit_access(
PrivilegeCodes.CHANGE), [bikes]))
def test_02_isolate(self):
"""A user who didn't create a resource cannot access it"""
cat = self.cat
dog = self.dog
holes = hydroshare.create_resource(resource_type='GenericResource',
owner=cat,
title='all about dog holes',
metadata=[],)
# check that resource was created
assertUserResourceState(self, cat, [holes], [], [])
# check that resource is not accessible to others
assertUserResourceState(self, dog, [], [], [])
# metadata should be the same as before
self.assertFalse(holes.raccess.immutable)
self.assertFalse(holes.raccess.published)
self.assertFalse(holes.raccess.discoverable)
self.assertFalse(holes.raccess.public)
self.assertTrue(holes.raccess.shareable)
# protection state for non-owner
self.assertFalse(dog.uaccess.owns_resource(holes))
self.assertFalse(dog.uaccess.can_change_resource(holes))
self.assertFalse(dog.uaccess.can_view_resource(holes))
# composite django state for non-owner
self.assertFalse(dog.uaccess.can_change_resource_flags(holes))
self.assertFalse(dog.uaccess.can_delete_resource(holes))
self.assertFalse(
dog.uaccess.can_share_resource(
holes, PrivilegeCodes.OWNER))
self.assertFalse(
dog.uaccess.can_share_resource(
holes, PrivilegeCodes.CHANGE))
self.assertFalse(
dog.uaccess.can_share_resource(
holes, PrivilegeCodes.VIEW))
# test list access functions for unshare targets
# these return empty because allowing this would violate the last owner
# rule
self.assertTrue(
is_equal_to_as_set(
[], cat.uaccess.get_resource_unshare_users(holes)))
self.assertTrue(
is_equal_to_as_set(
[], dog.uaccess.get_resource_unshare_users(holes)))
def test_user_get_resources_with_explicit_access(self):
george = self.george
bikes = self.bikes
self.assertTrue(
is_equal_to_as_set(
george.uaccess.get_resources_with_explicit_access(
PrivilegeCodes.OWNER), [bikes]))
self.assertTrue(
is_equal_to_as_set(
george.uaccess.get_resources_with_explicit_access(
PrivilegeCodes.CHANGE), []))
self.assertTrue(
is_equal_to_as_set(
george.uaccess.get_resources_with_explicit_access(
PrivilegeCodes.VIEW), []))
def test_user_edit_resources(self):
george = self.george
bikes = self.bikes
self.assertTrue(
is_equal_to_as_set(
george.uaccess.edit_resources,
[bikes]))
trikes = hydroshare.create_resource(resource_type='GenericResource',
owner=self.george,
title='Trikes',
metadata=[],)
self.assertTrue(
is_equal_to_as_set(
george.uaccess.edit_resources, [
bikes, trikes]))
def test_group_get_resources_with_explicit_access(self):
george = self.george
bikers = self.bikers
bikes = self.bikes
self.assertTrue(
is_equal_to_as_set(
bikers.gaccess.get_resources_with_explicit_access(
PrivilegeCodes.VIEW), []))
george.uaccess.share_resource_with_group(
bikes, bikers, PrivilegeCodes.CHANGE)
self.assertTrue(
is_equal_to_as_set(
bikers.gaccess.get_resources_with_explicit_access(
PrivilegeCodes.CHANGE),
[bikes]))
def test_user_get_resources_with_explicit_access(self):
george = self.george
bikes = self.bikes
self.assertTrue(
is_equal_to_as_set(
george.uaccess.get_resources_with_explicit_access(
PrivilegeCodes.OWNER),
[bikes]))
self.assertTrue(
is_equal_to_as_set(
george.uaccess.get_resources_with_explicit_access(
PrivilegeCodes.CHANGE), []))
self.assertTrue(
is_equal_to_as_set(
george.uaccess.get_resources_with_explicit_access(
PrivilegeCodes.VIEW), []))
def test_02_isolate(self):
"Groups cannot be changed by non-members"
cat = self.cat
dog = self.dog
polyamory = cat.uaccess.create_group(
title='polyamory', description="We are the polyamory")
# dog should not have access to the group privilege
self.assertFalse(dog.uaccess.owns_group(polyamory))
self.assertFalse(dog.uaccess.can_change_group(polyamory))
self.assertTrue(dog.uaccess.can_view_group(polyamory))
# composite django state
self.assertFalse(dog.uaccess.can_change_group_flags(polyamory))
self.assertFalse(dog.uaccess.can_delete_group(polyamory))
self.assertFalse(
dog.uaccess.can_share_group(polyamory, PrivilegeCodes.OWNER))
self.assertFalse(
dog.uaccess.can_share_group(polyamory, PrivilegeCodes.CHANGE))
self.assertFalse(
dog.uaccess.can_share_group(polyamory, PrivilegeCodes.VIEW))
# dog's groups should be unchanged
self.assertTrue(is_equal_to_as_set([], dog.uaccess.view_groups))
# dog should not be able to modify group members
with self.assertRaises(PermissionDenied) as cm:
dog.uaccess.share_group_with_user(polyamory, dog,
PrivilegeCodes.CHANGE)
self.assertEqual(cm.exception.message,
'User has no privilege over group')
def test_01_create(self):
"Initial group state is correct"
cat = self.cat
polyamory = cat.uaccess.create_group(
title='polyamory', description="We are the polyamory")
# flag state
self.assertTrue(polyamory.gaccess.public)
self.assertTrue(polyamory.gaccess.shareable)
self.assertTrue(polyamory.gaccess.discoverable)
# privilege
self.assertTrue(cat.uaccess.owns_group(polyamory))
self.assertTrue(cat.uaccess.can_change_group(polyamory))
self.assertTrue(cat.uaccess.can_view_group(polyamory))
# composite django state
self.assertTrue(cat.uaccess.can_change_group_flags(polyamory))
self.assertTrue(cat.uaccess.can_delete_group(polyamory))
self.assertTrue(
cat.uaccess.can_share_group(polyamory, PrivilegeCodes.OWNER))
self.assertTrue(
cat.uaccess.can_share_group(polyamory, PrivilegeCodes.CHANGE))
self.assertTrue(
cat.uaccess.can_share_group(polyamory, PrivilegeCodes.VIEW))
# membership
self.assertTrue(cat in polyamory.gaccess.members)
# ensure that this group was created and current user is a member
self.assertTrue(
is_equal_to_as_set([polyamory], cat.uaccess.view_groups))
def test_user_get_groups_with_explicit_access(self):
george = self.george
alva = self.alva
bikers = self.bikers
self.assertTrue(
is_equal_to_as_set(
george.uaccess.get_groups_with_explicit_access(
PrivilegeCodes.OWNER), [bikers]))
self.assertTrue(
is_equal_to_as_set(
alva.uaccess.get_groups_with_explicit_access(
PrivilegeCodes.CHANGE), []))
self.assertTrue(
is_equal_to_as_set(
alva.uaccess.get_groups_with_explicit_access(
PrivilegeCodes.VIEW), []))
def test_user_owned_groups(self):
george = self.george
bikers = self.bikers
self.assertTrue(
is_equal_to_as_set(
george.uaccess.owned_groups,
[bikers]))
def test_user_get_groups_with_explicit_access(self):
george = self.george
alva = self.alva
bikers = self.bikers
self.assertTrue(
is_equal_to_as_set(
george.uaccess.get_groups_with_explicit_access(
PrivilegeCodes.OWNER),
[bikers]))
self.assertTrue(
is_equal_to_as_set(
alva.uaccess.get_groups_with_explicit_access(
PrivilegeCodes.CHANGE), []))
self.assertTrue(
is_equal_to_as_set(
alva.uaccess.get_groups_with_explicit_access(
PrivilegeCodes.VIEW), []))
def test_02_self_downgrade_resource(self):
"""can downgrade privilege for a resource to which one has access"""
holes = self.holes
cat = self.cat
dog = self.dog
cat.uaccess.share_resource_with_user(holes, dog, PrivilegeCodes.CHANGE)
self.assertTrue(dog in holes.raccess.edit_users)
self.assertTrue(dog in holes.raccess.view_users)
self.assertTrue(
is_equal_to_as_set([dog],
dog.uaccess.get_resource_unshare_users(holes)))
dog.uaccess.share_resource_with_user(holes, dog, PrivilegeCodes.VIEW)
self.assertFalse(dog in holes.raccess.edit_users)
self.assertTrue(dog in holes.raccess.view_users)
self.assertTrue(
is_equal_to_as_set([dog],
dog.uaccess.get_resource_unshare_users(holes)))
def test_01_self_unshare_resource(self):
"""A user can unshare a resource with self"""
holes = self.holes
cat = self.cat
dog = self.dog
cat.uaccess.share_resource_with_user(holes, dog, PrivilegeCodes.CHANGE)
self.assertTrue(dog in holes.raccess.edit_users)
self.assertTrue(dog in holes.raccess.view_users)
self.assertTrue(
is_equal_to_as_set([dog],
dog.uaccess.get_resource_unshare_users(holes)))
dog.uaccess.unshare_resource_with_user(holes, dog)
self.assertFalse(dog in holes.raccess.edit_users)
self.assertFalse(dog in holes.raccess.view_users)
self.assertTrue(
is_equal_to_as_set([],
dog.uaccess.get_resource_unshare_users(holes)))
def test_05_self_can_downgrade_group(self):
"""can downgrade privilege for a group of which one is a member """
meowers = self.meowers
cat = self.cat
dog = self.dog
cat.uaccess.share_group_with_user(meowers, dog, PrivilegeCodes.CHANGE)
self.assertTrue(dog in meowers.gaccess.edit_users)
self.assertTrue(dog in meowers.gaccess.members)
self.assertTrue(
is_equal_to_as_set([dog],
dog.uaccess.get_group_unshare_users(meowers)))
dog.uaccess.share_group_with_user(meowers, dog, PrivilegeCodes.VIEW)
self.assertFalse(dog in meowers.gaccess.edit_users)
self.assertTrue(dog in meowers.gaccess.members)
self.assertTrue(
is_equal_to_as_set([dog],
dog.uaccess.get_group_unshare_users(meowers)))
def test_04_self_unshare_group(self):
"""A user can unshare a group with self"""
meowers = self.meowers
cat = self.cat
dog = self.dog
cat.uaccess.share_group_with_user(meowers, dog, PrivilegeCodes.CHANGE)
self.assertTrue(dog in meowers.gaccess.edit_users)
self.assertTrue(dog in meowers.gaccess.members)
self.assertTrue(
is_equal_to_as_set([dog],
dog.uaccess.get_group_unshare_users(meowers)))
dog.uaccess.unshare_group_with_user(meowers, dog)
self.assertFalse(dog in meowers.gaccess.edit_users)
self.assertFalse(dog in meowers.gaccess.members)
self.assertTrue(
is_equal_to_as_set([],
dog.uaccess.get_group_unshare_users(meowers)))
def test_04_self_unshare_group(self):
"""A user can unshare a group with self"""
meowers = self.meowers
cat = self.cat
dog = self.dog
cat.uaccess.share_group_with_user(meowers, dog, PrivilegeCodes.CHANGE)
self.assertTrue(dog in meowers.gaccess.edit_users)
self.assertTrue(dog in meowers.gaccess.members)
self.assertTrue(
is_equal_to_as_set(
[dog],
dog.uaccess.get_group_unshare_users(meowers)))
dog.uaccess.unshare_group_with_user(meowers, dog)
self.assertFalse(dog in meowers.gaccess.edit_users)
self.assertFalse(dog in meowers.gaccess.members)
self.assertTrue(
is_equal_to_as_set(
[], dog.uaccess.get_group_unshare_users(meowers)))
def test_01_self_unshare_resource(self):
"""A user can unshare a resource with self"""
holes = self.holes
cat = self.cat
dog = self.dog
cat.uaccess.share_resource_with_user(holes, dog, PrivilegeCodes.CHANGE)
self.assertTrue(dog in holes.raccess.edit_users)
self.assertTrue(dog in holes.raccess.view_users)
self.assertTrue(
is_equal_to_as_set(
[dog],
dog.uaccess.get_resource_unshare_users(holes)))
dog.uaccess.unshare_resource_with_user(holes, dog)
self.assertFalse(dog in holes.raccess.edit_users)
self.assertFalse(dog in holes.raccess.view_users)
self.assertTrue(
is_equal_to_as_set(
[], dog.uaccess.get_resource_unshare_users(holes)))
def test_iteration(self):
" iterate over resources in a community "
# This tests the mechanism by which we will display a community view
self.dog.uaccess.share_community_with_group(self.pets, self.dogs,
PrivilegeCodes.VIEW)
self.dog.uaccess.share_community_with_group(self.pets, self.bats,
PrivilegeCodes.VIEW)
self.dog.uaccess.share_community_with_group(self.pets, self.cats,
PrivilegeCodes.VIEW)
comms = self.dog.uaccess.communities
self.assertTrue(is_equal_to_as_set(comms, [self.pets]))
comm = comms[0]
groupc = comm.get_groups_with_explicit_access(PrivilegeCodes.CHANGE)
self.assertTrue(is_equal_to_as_set(groupc, []))
groupv = comm.get_groups_with_explicit_access(PrivilegeCodes.VIEW)
self.assertTrue(
is_equal_to_as_set(groupv, [self.cats, self.bats, self.dogs]))
for group in groupv:
change_resources = comm.get_resources_with_explicit_access(
self.dog, group, PrivilegeCodes.CHANGE)
view_resources = comm.get_resources_with_explicit_access(
self.dog, group, PrivilegeCodes.VIEW)
self.assertTrue(is_disjoint_from(change_resources, view_resources))
for r in change_resources:
self.assertTrue(self.dog.uaccess.can_change_resource(r))
self.assertTrue(self.dog.uaccess.can_view_resource(r))
for r in view_resources:
# if a resource can be changed by some other group, it can be changed.
# if self has administrative privilege over a group, and that group
# has CHANGE, it can be changed.
if not self.dog.uaccess.owns_resource(r) and\
not GroupResourcePrivilege.objects.filter(
resource=r,
privilege=PrivilegeCodes.CHANGE,
group__g2ugp__user=self.dog).exists():
self.assertFalse(self.dog.uaccess.can_change_resource(r))
self.assertTrue(self.dog.uaccess.can_view_resource(r))
def test_05_self_can_downgrade_group(self):
"""can downgrade privilege for a group of which one is a member """
meowers = self.meowers
cat = self.cat
dog = self.dog
cat.uaccess.share_group_with_user(meowers, dog, PrivilegeCodes.CHANGE)
self.assertTrue(dog in meowers.gaccess.edit_users)
self.assertTrue(dog in meowers.gaccess.members)
self.assertTrue(
is_equal_to_as_set(
[dog],
dog.uaccess.get_group_unshare_users(meowers)))
dog.uaccess.share_group_with_user(meowers, dog, PrivilegeCodes.VIEW)
self.assertFalse(dog in meowers.gaccess.edit_users)
self.assertTrue(dog in meowers.gaccess.members)
self.assertTrue(
is_equal_to_as_set(
[dog],
dog.uaccess.get_group_unshare_users(meowers)))
def test_02_self_downgrade_resource(self):
"""can downgrade privilege for a resource to which one has access"""
holes = self.holes
cat = self.cat
dog = self.dog
cat.uaccess.share_resource_with_user(holes, dog, PrivilegeCodes.CHANGE)
self.assertTrue(dog in holes.raccess.edit_users)
self.assertTrue(dog in holes.raccess.view_users)
self.assertTrue(
is_equal_to_as_set(
[dog],
dog.uaccess.get_resource_unshare_users(holes)))
dog.uaccess.share_resource_with_user(holes, dog, PrivilegeCodes.VIEW)
self.assertFalse(dog in holes.raccess.edit_users)
self.assertTrue(dog in holes.raccess.view_users)
self.assertTrue(
is_equal_to_as_set(
[dog],
dog.uaccess.get_resource_unshare_users(holes)))
def test_03_self_cannot_upgrade_resource(self):
"""cannot upgrade privilege for a resource to which one has access"""
holes = self.holes
cat = self.cat
dog = self.dog
cat.uaccess.share_resource_with_user(holes, dog, PrivilegeCodes.VIEW)
self.assertFalse(dog in holes.raccess.edit_users)
self.assertTrue(dog in holes.raccess.view_users)
self.assertTrue(
is_equal_to_as_set([dog],
dog.uaccess.get_resource_unshare_users(holes)))
with self.assertRaises(PermissionDenied):
dog.uaccess.share_resource_with_user(holes, dog,
PrivilegeCodes.VIEW)
with self.assertRaises(PermissionDenied):
dog.uaccess.share_resource_with_user(holes, dog,
PrivilegeCodes.CHANGE)
self.assertTrue(dog in holes.raccess.view_users)
self.assertTrue(
is_equal_to_as_set([dog],
dog.uaccess.get_resource_unshare_users(holes)))
def test_usergroupprivilege_get_undo_users(self):
george = self.george
bikers = self.bikers
alva = self.alva
UserGroupProvenance.update(group=bikers,
user=alva,
privilege=PrivilegeCodes.CHANGE,
grantor=george)
self.assertTrue(
is_equal_to_as_set(
UserGroupProvenance.get_undo_users(group=bikers,
grantor=george), [alva]))
def test_06_self_cannot_upgrade_group(self):
"""cannot upgrade privilege for a group of which one is a member """
meowers = self.meowers
cat = self.cat
dog = self.dog
cat.uaccess.share_group_with_user(meowers, dog, PrivilegeCodes.VIEW)
self.assertFalse(dog in meowers.gaccess.edit_users)
self.assertTrue(dog in meowers.gaccess.members)
self.assertTrue(
is_equal_to_as_set([dog],
dog.uaccess.get_group_unshare_users(meowers)))
with self.assertRaises(PermissionDenied):
dog.uaccess.share_group_with_user(meowers, dog,
PrivilegeCodes.VIEW)
with self.assertRaises(PermissionDenied):
dog.uaccess.share_group_with_user(meowers, dog,
PrivilegeCodes.CHANGE)
self.assertTrue(dog in meowers.gaccess.members)
self.assertTrue(
is_equal_to_as_set([dog],
dog.uaccess.get_group_unshare_users(meowers)))
def test_userresourceprivilege_get_undo_users(self):
george = self.george
bikes = self.bikes
alva = self.alva
UserResourceProvenance.update(resource=bikes,
user=alva,
privilege=PrivilegeCodes.CHANGE,
grantor=george)
self.assertTrue(
is_equal_to_as_set(
UserResourceProvenance.get_undo_users(resource=bikes,
grantor=george), [alva]))
def test_iteration(self):
" iterate over resources in a community "
# This tests the mechanism by which we will display a community view
self.dog.uaccess.share_community_with_group(self.pets, self.dogs, PrivilegeCodes.VIEW)
self.dog.uaccess.share_community_with_group(self.pets, self.bats, PrivilegeCodes.VIEW)
self.dog.uaccess.share_community_with_group(self.pets, self.cats, PrivilegeCodes.VIEW)
comms = self.dog.uaccess.communities
self.assertTrue(is_equal_to_as_set(comms, [self.pets]))
comm = comms[0]
groupc = comm.get_groups_with_explicit_access(PrivilegeCodes.CHANGE)
self.assertTrue(is_equal_to_as_set(groupc, []))
groupv = comm.get_groups_with_explicit_access(PrivilegeCodes.VIEW)
self.assertTrue(is_equal_to_as_set(groupv, [self.cats, self.bats, self.dogs]))
for group in groupv:
change_resources = comm.get_resources_with_explicit_access(self.dog, group,
PrivilegeCodes.CHANGE)
view_resources = comm.get_resources_with_explicit_access(self.dog, group,
PrivilegeCodes.VIEW)
self.assertTrue(is_disjoint_from(change_resources, view_resources))
for r in change_resources:
self.assertTrue(self.dog.uaccess.can_change_resource(r))
self.assertTrue(self.dog.uaccess.can_view_resource(r))
for r in view_resources:
# if a resource can be changed by some other group, it can be changed.
# if self has administrative privilege over a group, and that group
# has CHANGE, it can be changed.
if not self.dog.uaccess.owns_resource(r) and\
not GroupResourcePrivilege.objects.filter(
resource=r,
privilege=PrivilegeCodes.CHANGE,
group__g2ugp__user=self.dog).exists():
self.assertFalse(self.dog.uaccess.can_change_resource(r))
self.assertTrue(self.dog.uaccess.can_view_resource(r))
def test_groupresourceprivilege_get_undo_groups(self):
george = self.george
bikes = self.bikes
bikers = self.bikers
GroupResourceProvenance.update(resource=bikes,
group=bikers,
privilege=PrivilegeCodes.CHANGE,
grantor=george)
self.assertTrue(
is_equal_to_as_set(
GroupResourceProvenance.get_undo_groups(resource=bikes,
grantor=george),
[bikers]))
def test_03_self_cannot_upgrade_resource(self):
"""cannot upgrade privilege for a resource to which one has access"""
holes = self.holes
cat = self.cat
dog = self.dog
cat.uaccess.share_resource_with_user(holes, dog, PrivilegeCodes.VIEW)
self.assertFalse(dog in holes.raccess.edit_users)
self.assertTrue(dog in holes.raccess.view_users)
self.assertTrue(
is_equal_to_as_set(
[dog],
dog.uaccess.get_resource_unshare_users(holes)))
with self.assertRaises(PermissionDenied):
dog.uaccess.share_resource_with_user(
holes, dog, PrivilegeCodes.VIEW)
with self.assertRaises(PermissionDenied):
dog.uaccess.share_resource_with_user(
holes, dog, PrivilegeCodes.CHANGE)
self.assertTrue(dog in holes.raccess.view_users)
self.assertTrue(
is_equal_to_as_set(
[dog],
dog.uaccess.get_resource_unshare_users(holes)))
def test_06_self_cannot_upgrade_group(self):
"""cannot upgrade privilege for a group of which one is a member """
meowers = self.meowers
cat = self.cat
dog = self.dog
cat.uaccess.share_group_with_user(meowers, dog, PrivilegeCodes.VIEW)
self.assertFalse(dog in meowers.gaccess.edit_users)
self.assertTrue(dog in meowers.gaccess.members)
self.assertTrue(
is_equal_to_as_set(
[dog],
dog.uaccess.get_group_unshare_users(meowers)))
with self.assertRaises(PermissionDenied):
dog.uaccess.share_group_with_user(
meowers, dog, PrivilegeCodes.VIEW)
with self.assertRaises(PermissionDenied):
dog.uaccess.share_group_with_user(
meowers, dog, PrivilegeCodes.CHANGE)
self.assertTrue(dog in meowers.gaccess.members)
self.assertTrue(
is_equal_to_as_set(
[dog],
dog.uaccess.get_group_unshare_users(meowers)))
def test_08_discoverable(self):
"""Discoverable resources show up in discoverable resource listings"""
chewies = self.chewies
nobody = self.nobody
# test making a resource public
self.assertFalse(chewies.raccess.immutable)
self.assertFalse(chewies.raccess.public)
self.assertFalse(chewies.raccess.published)
self.assertFalse(chewies.raccess.discoverable)
self.assertTrue(chewies.raccess.shareable)
chewies.raccess.discoverable = True
chewies.raccess.save()
self.assertFalse(chewies.raccess.immutable)
self.assertFalse(chewies.raccess.public)
self.assertFalse(chewies.raccess.published)
self.assertTrue(chewies.raccess.discoverable)
self.assertTrue(chewies.raccess.shareable)
# discoverable doesn't mean public
# TODO: get_public_resources and get_discoverable_resources should be
# static methods
self.assertTrue(
is_equal_to_as_set(
[], GenericResource.public_resources.all()))
self.assertTrue(
is_equal_to_as_set(
[chewies],
GenericResource.discoverable_resources.all()))
# can 'nobody' see the public resource owned by 'dog' but not
# explicitly shared with 'nobody'.
self.assertFalse(nobody.uaccess.owns_resource(chewies))
self.assertFalse(nobody.uaccess.can_change_resource(chewies))
self.assertFalse(nobody.uaccess.can_view_resource(chewies))
def test_02_share_rw(self):
"""An owner can share with CHANGE privileges"""
scratching = self.scratching
felines = self.felines
dog = self.dog
cat = self.cat
nobody = self.nobody
self.assertTrue(
dog.uaccess.can_share_resource_with_group(
scratching,
felines,
PrivilegeCodes.CHANGE))
dog.uaccess.share_resource_with_group(
scratching, felines, PrivilegeCodes.CHANGE)
# is the resource just shared with this group?
self.assertEqual(felines.gaccess.view_resources.count(), 1)
self.assertTrue(
is_equal_to_as_set(
[scratching],
felines.gaccess.view_resources))
# check that flags haven't changed
self.assertTrue(felines.gaccess.discoverable)
self.assertTrue(felines.gaccess.public)
self.assertTrue(cat.uaccess.can_view_group(felines))
self.assertFalse(cat.uaccess.can_change_group(felines))
self.assertFalse(cat.uaccess.owns_group(felines))
self.assertFalse(cat.uaccess.owns_resource(scratching))
self.assertTrue(cat.uaccess.can_change_resource(scratching))
self.assertTrue(cat.uaccess.can_view_resource(scratching))
# should be able to unshare anything one shared.
with self.assertRaises(PermissionDenied) as cm:
nobody.uaccess.unshare_resource_with_group(scratching, felines)
self.assertEqual(cm.exception.message,
'Insufficient privilege to unshare resource')
assertGroupResourceUnshareCoherence(self)
self.assertTrue(
dog.uaccess.can_unshare_resource_with_group(
scratching, felines))
dog.uaccess.unshare_resource_with_group(scratching, felines)
self.assertEqual(felines.gaccess.view_resources.count(), 0)
assertGroupResourceUnshareCoherence(self)
def test_02_share_rw(self):
"""An owner can share with CHANGE privileges"""
scratching = self.scratching
felines = self.felines
dog = self.dog
cat = self.cat
nobody = self.nobody
self.assertTrue(
dog.uaccess.can_share_resource_with_group(
scratching,
felines,
PrivilegeCodes.CHANGE))
dog.uaccess.share_resource_with_group(
scratching, felines, PrivilegeCodes.CHANGE)
# is the resource just shared with this group?
self.assertEqual(felines.gaccess.view_resources.count(), 1)
self.assertTrue(
is_equal_to_as_set(
[scratching],
felines.gaccess.view_resources))
# check that flags haven't changed
self.assertTrue(felines.gaccess.discoverable)
self.assertTrue(felines.gaccess.public)
self.assertTrue(cat.uaccess.can_view_group(felines))
self.assertFalse(cat.uaccess.can_change_group(felines))
self.assertFalse(cat.uaccess.owns_group(felines))
self.assertFalse(cat.uaccess.owns_resource(scratching))
self.assertTrue(cat.uaccess.can_change_resource(scratching))
self.assertTrue(cat.uaccess.can_view_resource(scratching))
# should be able to unshare anything one shared.
with self.assertRaises(PermissionDenied) as cm:
nobody.uaccess.unshare_resource_with_group(scratching, felines)
self.assertEqual(str(cm.exception),
'Insufficient privilege to unshare resource')
assertGroupResourceUnshareCoherence(self)
self.assertTrue(
dog.uaccess.can_unshare_resource_with_group(
scratching, felines))
dog.uaccess.unshare_resource_with_group(scratching, felines)
self.assertEqual(felines.gaccess.view_resources.count(), 0)
assertGroupResourceUnshareCoherence(self)
def test_groupcommunityprivilege_get_undo_groups(self):
george = self.george
rebels = self.rebels
bikers = self.bikers
GroupCommunityProvenance.update(
community=rebels,
group=bikers,
privilege=PrivilegeCodes.CHANGE,
grantor=george)
self.assertTrue(
is_equal_to_as_set(
GroupCommunityProvenance.get_undo_groups(
community=rebels,
grantor=george),
[bikers]))
def test_usercommunityprivilege_get_undo_users(self):
george = self.george
rebels = self.rebels
alva = self.alva
UserCommunityProvenance.update(
community=rebels,
user=alva,
privilege=PrivilegeCodes.CHANGE,
grantor=george)
self.assertTrue(
is_equal_to_as_set(
UserCommunityProvenance.get_undo_users(
community=rebels,
grantor=george),
[alva, george]))
def test_userresourceprivilege_get_undo_users(self):
george = self.george
bikes = self.bikes
alva = self.alva
UserResourceProvenance.update(
resource=bikes,
user=alva,
privilege=PrivilegeCodes.CHANGE,
grantor=george)
self.assertTrue(
is_equal_to_as_set(
UserResourceProvenance.get_undo_users(
resource=bikes,
grantor=george),
[alva]))
def test_groupresourceprivilege_get_undo_groups(self):
george = self.george
bikes = self.bikes
bikers = self.bikers
GroupResourceProvenance.update(
resource=bikes,
group=bikers,
privilege=PrivilegeCodes.CHANGE,
grantor=george)
self.assertTrue(
is_equal_to_as_set(
GroupResourceProvenance.get_undo_groups(
resource=bikes,
grantor=george),
[bikers]))
def test_usergroupprivilege_get_undo_users(self):
george = self.george
bikers = self.bikers
alva = self.alva
UserGroupProvenance.update(
group=bikers,
user=alva,
privilege=PrivilegeCodes.CHANGE,
grantor=george)
self.assertTrue(
is_equal_to_as_set(
UserGroupProvenance.get_undo_users(
group=bikers,
grantor=george),
[alva]))
def test_01_create(self):
"""Resource creator has appropriate access"""
cat = self.cat
# check that user cat owns and holds nothing
assertUserResourceState(self, cat, [], [], [])
# create a resource
holes = hydroshare.create_resource(resource_type='GenericResource',
owner=cat,
title='all about dog holes',
metadata=[],)
assertUserResourceState(self, cat, [holes], [], [])
# metadata state
self.assertFalse(holes.raccess.immutable)
self.assertFalse(holes.raccess.published)
self.assertFalse(holes.raccess.discoverable)
self.assertFalse(holes.raccess.public)
self.assertTrue(holes.raccess.shareable)
# protection state for owner
self.assertTrue(cat.uaccess.owns_resource(holes))
self.assertTrue(cat.uaccess.can_change_resource(holes))
self.assertTrue(cat.uaccess.can_view_resource(holes))
# composite django state
self.assertTrue(cat.uaccess.can_change_resource_flags(holes))
self.assertTrue(cat.uaccess.can_delete_resource(holes))
self.assertTrue(
cat.uaccess.can_share_resource(
holes, PrivilegeCodes.OWNER))
self.assertTrue(
cat.uaccess.can_share_resource(
holes, PrivilegeCodes.CHANGE))
self.assertTrue(
cat.uaccess.can_share_resource(
holes, PrivilegeCodes.VIEW))
# unsharing with cat would violate owner constraint
self.assertTrue(
is_equal_to_as_set(
[], cat.uaccess.get_resource_unshare_users(holes)))
self.assertFalse(
cat.uaccess.can_unshare_resource_with_user(
holes, cat))
