def test_get_object_users_with_permission(self):
alice = self._create_user('alice', 'alice')
org_user = tools.create_organization("modilabs", alice).user
self._publish_transportation_form()
EditorRole.add(org_user, self.xform)
users_with_perms = get_object_users_with_permissions(self.xform)
self.assertFalse(org_user in [d['user'] for d in users_with_perms])
def test_get_object_users_with_permission(self):
alice = self._create_user('alice', 'alice')
org_user = tools.create_organization("modilabs", alice).user
self._publish_transportation_form()
EditorRole.add(org_user, self.xform)
users_with_perms = get_object_users_with_permissions(self.xform)
self.assertFalse(org_user in [d['user'] for d in users_with_perms])
def test_get_object_users_with_permission(self):
alice = self._create_user('alice', 'alice')
org_user = tools.create_organization("modilabs", alice).user
self._publish_transportation_form()
EditorRole.add(org_user, self.xform)
users_with_perms = get_object_users_with_permissions(self.xform)
self.assertTrue(org_user in [d['user'] for d in users_with_perms])
self.assertIn('first_name', users_with_perms[0].keys())
self.assertIn('last_name', users_with_perms[0].keys())
self.assertIn('user', users_with_perms[0].keys())
self.assertIn('role', users_with_perms[0].keys())
self.assertIn('gravatar', users_with_perms[0].keys())
self.assertIn('metadata', users_with_perms[0].keys())
self.assertIn('is_org', users_with_perms[0].keys())
def test_reassign_role_owner_to_editor(self):
self._publish_transportation_form()
alice = self._create_user('alice', 'alice')
self.assertFalse(OwnerRole.has_role(alice, self.xform))
OwnerRole.add(alice, self.xform)
self.assertTrue(OwnerRole.has_role(alice, self.xform))
EditorRole.add(alice, self.xform)
self.assertFalse(OwnerRole.has_role(alice, self.xform))
self.assertTrue(EditorRole.has_role(alice, self.xform))
def test_submission_review_permission(self):
"""
Test that submission review access to unauthorized users
"""
data = self._create_submission_review()
form = Instance.objects.get(id=data['instance']).xform
self._create_user_and_login('dave', '1234')
extra = {'HTTP_AUTHORIZATION': 'Token %s' % self.user.auth_token}
# Editors should not be able to create, update, delete
# reviews. Only Admins and Managers should have these permissions
EditorRole.add(self.user, form)
view = SubmissionReviewViewSet.as_view({
'post': 'create',
'get': 'list',
'patch': 'partial_update',
'delete': 'destroy'
})
# `dave` user should not be able to create reviews on
# an xform where he/she has no Admin privileges
review = {
'note': "Hey there!",
'status': SubmissionReview.APPROVED,
'instance': data['instance']
}
request = self.factory.post('/', data=review, **extra)
response = view(request=request)
self.assertEqual(403, response.status_code)
# `dave` user should not be able to update reviews on
# an xform where he/she has no Admin privileges
new_data = {'note': "Hey there!", 'status': SubmissionReview.APPROVED}
request = self.factory.patch('/', data=new_data, **extra)
response = view(request=request, pk=data['id'])
self.assertEqual(403, response.status_code)
# `dave` user should not be able to delete reviews on
# an xform they have no Admin Privileges on
request = self.factory.delete('/', **extra)
response = view(request=request, pk=data['id'])
self.assertEqual(403, response.status_code)
def test_role_update_xform_meta_perms(self):
alice_data = {'username': '******', 'email': '*****@*****.**'}
alice_profile = self._create_user_profile(alice_data)
EditorRole.add(alice_profile.user, self.xform)
view = MetaDataViewSet.as_view({
'post': 'create',
'put': 'update'
})
data = {
'data_type': XFORM_META_PERMS,
'data_value': 'editor-minor|dataentry',
'xform': self.xform.pk
}
request = self.factory.post('/', data, **self.extra)
response = view(request)
self.assertEqual(response.status_code, 201)
self.assertFalse(
EditorRole.user_has_role(alice_profile.user, self.xform))
self.assertTrue(
EditorMinorRole.user_has_role(alice_profile.user, self.xform))
meta = MetaData.xform_meta_permission(self.xform)
DataEntryRole.add(alice_profile.user, self.xform)
data = {
'data_type': XFORM_META_PERMS,
'data_value': 'editor|dataentry-only',
'xform': self.xform.pk
}
request = self.factory.put('/', data, **self.extra)
response = view(request, pk=meta.pk)
self.assertEqual(response.status_code, 200)
self.assertFalse(
DataEntryRole.user_has_role(alice_profile.user, self.xform))
self.assertTrue(
DataEntryOnlyRole.user_has_role(alice_profile.user, self.xform))
def test_role_update_xform_meta_perms(self):
alice_data = {'username': '******', 'email': '*****@*****.**'}
alice_profile = self._create_user_profile(alice_data)
EditorRole.add(alice_profile.user, self.xform)
view = MetaDataViewSet.as_view({
'post': 'create',
'put': 'update'
})
data = {
'data_type': XFORM_META_PERMS,
'data_value': 'editor-minor|dataentry',
'xform': self.xform.pk
}
request = self.factory.post('/', data, **self.extra)
response = view(request)
self.assertEqual(response.status_code, 201)
self.assertFalse(
EditorRole.user_has_role(alice_profile.user, self.xform))
self.assertTrue(
EditorMinorRole.user_has_role(alice_profile.user, self.xform))
meta = MetaData.xform_meta_permission(self.xform)
DataEntryRole.add(alice_profile.user, self.xform)
data = {
'data_type': XFORM_META_PERMS,
'data_value': 'editor|dataentry-only',
'xform': self.xform.pk
}
request = self.factory.put('/', data, **self.extra)
response = view(request, pk=meta.pk)
self.assertEqual(response.status_code, 200)
self.assertFalse(
DataEntryRole.user_has_role(alice_profile.user, self.xform))
self.assertTrue(
DataEntryOnlyRole.user_has_role(alice_profile.user, self.xform))
def test_reassign_role_owner_to_editor(self):
self._publish_transportation_form()
alice = self._create_user('alice', 'alice')
self.assertFalse(OwnerRole.user_has_role(alice, self.xform))
OwnerRole.add(alice, self.xform)
self.assertTrue(OwnerRole.user_has_role(alice, self.xform))
self.assertTrue(
OwnerRole.has_role(perms_for(alice, self.xform), self.xform))
EditorRole.add(alice, self.xform)
self.assertFalse(OwnerRole.user_has_role(alice, self.xform))
self.assertTrue(EditorRole.user_has_role(alice, self.xform))
self.assertFalse(
OwnerRole.has_role(perms_for(alice, self.xform), self.xform))
self.assertTrue(
EditorRole.has_role(perms_for(alice, self.xform), self.xform))
def test_reassign_role_owner_to_editor(self):
"""
Test role reassignment owner to editor.
"""
self._publish_transportation_form()
alice = self._create_user('alice', 'alice')
self.assertFalse(OwnerRole.user_has_role(alice, self.xform))
OwnerRole.add(alice, self.xform)
self.assertTrue(OwnerRole.user_has_role(alice, self.xform))
self.assertTrue(
OwnerRole.has_role(perms_for(alice, self.xform), self.xform))
EditorRole.add(alice, self.xform)
self.assertFalse(OwnerRole.user_has_role(alice, self.xform))
self.assertTrue(EditorRole.user_has_role(alice, self.xform))
self.assertFalse(
OwnerRole.has_role(perms_for(alice, self.xform), self.xform))
self.assertTrue(
EditorRole.has_role(perms_for(alice, self.xform), self.xform))
def test_get_object_users_with_permission(self):
"""
Test get_object_users_with_permissions()
"""
alice = self._create_user('alice', 'alice')
UserProfile.objects.get_or_create(user=alice)
org_user = tools.create_organization("modilabs", alice).user
demo_grp = Group.objects.create(name='demo')
alice.groups.add(demo_grp)
self._publish_transportation_form()
EditorRole.add(org_user, self.xform)
EditorRole.add(demo_grp, self.xform)
users_with_perms = get_object_users_with_permissions(
self.xform, with_group_users=True)
self.assertTrue(org_user in [d['user'] for d in users_with_perms])
self.assertTrue(alice in [d['user'] for d in users_with_perms])
users_with_perms_first_keys = list(users_with_perms[0])
self.assertIn('first_name', users_with_perms_first_keys)
self.assertIn('last_name', users_with_perms_first_keys)
self.assertIn('user', users_with_perms_first_keys)
self.assertIn('role', users_with_perms_first_keys)
self.assertIn('gravatar', users_with_perms_first_keys)
self.assertIn('metadata', users_with_perms_first_keys)
self.assertIn('is_org', users_with_perms_first_keys)
