def testGetAccessibleDomains(self):
privileged = test_utils.SetupUser(test_utils.Login('privileged'))
outsider = test_utils.SetupUser(test_utils.Login('outsider'))
with test_utils.RootLogin():
perms.Grant('privileged', perms.Role.DOMAIN_REVIEWER,
'domain-rev.com')
perms.Grant('privileged', perms.Role.MAP_CREATOR,
'map-creator.com')
perms.Grant('privileged', perms.Role.CATALOG_EDITOR,
'catalog-editor.com')
perms.Grant('privileged', perms.Role.DOMAIN_ADMIN,
'domain-admin.com')
self.assertRaises(ValueError, perms.GetAccessibleDomains, outsider,
'not-a-domain-role')
self.assertEquals({'domain-admin.com'},
perms.GetAccessibleDomains(
privileged, perms.Role.DOMAIN_ADMIN))
self.assertEquals({'domain-admin.com', 'catalog-editor.com'},
perms.GetAccessibleDomains(
privileged, perms.Role.CATALOG_EDITOR))
self.assertEquals(
{'domain-admin.com', 'catalog-editor.com', 'map-creator.com'},
perms.GetAccessibleDomains(privileged, perms.Role.MAP_CREATOR))
self.assertEquals(
{
'domain-admin.com', 'catalog-editor.com',
'map-creator.com', 'domain-rev.com'
},
perms.GetAccessibleDomains(privileged,
perms.Role.DOMAIN_REVIEWER))
def testSharePostSuccess(self):
"""Shares the map with another person successfully."""
user1 = test_utils.SetupUser(test_utils.Login('owner'))
user4 = test_utils.SetupUser(test_utils.Login('friend'))
expected_url = 'http://app.com/root/.maps/' + self.m.id
self.mox.StubOutWithMock(mail, 'send_mail')
for role in ['MAP_VIEWER', 'MAP_EDITOR', 'MAP_OWNER']:
mail.send_mail(
user1.email, user4.email,
mox.Func(lambda subject: self.m.title in subject),
mox.Func(
lambda body: MESSAGE in body and expected_url in body))
self.mox.ReplayAll()
for role in ['MAP_VIEWER', 'MAP_EDITOR', 'MAP_OWNER']:
with test_utils.Login('owner'):
self.DoPost(
'/.share/' + self.m.id,
'role=%s&recipient=%s&message=%s&xsrf_token=XSRF' %
(role, user4.email, MESSAGE))
# Refetch map because the object changed underneath.
model.Map.Get(self.m.id).AssertAccess(role, user4)
self.mox.VerifyAll()
def testSharePostFailureMissingParameter(self):
"""Sharing should fail if the role or recipient parameter is missing."""
# Try with missing recipient email.
with test_utils.Login('owner'):
self.DoPost('/.share/%s' % self.m.id,
'role=MAP_VIEWER&xsrf_token=XSRF', 400)
# Try with missing role.
with test_utils.Login('owner'):
self.DoPost('/.share/%s' % self.m.id,
'[email protected]&xsrf_token=XSRF', 400)
def testGetWithReviewed(self):
model.CrowdReport.MarkAsReviewed(self.cr1.id)
with test_utils.Login('reviewer'):
response = self.DoGet('/.maps/%s/review' % self.map_id)
self.assertFalse(self.cr1.id in response.body)
self.assertTrue(self.cr2.id in response.body)
with test_utils.Login('reviewer'):
response = self.DoGet('/.maps/%s/review?reviewed=true' %
self.map_id)
self.assertTrue(self.cr1.id in response.body)
self.assertTrue(self.cr2.id in response.body)
def testGetWithHidden(self):
model.CrowdVote.Put(self.cr1.id, 'voter1', 'ANONYMOUS_DOWN')
model.CrowdVote.Put(self.cr1.id, 'voter2', 'ANONYMOUS_DOWN')
with test_utils.Login('reviewer'):
response = self.DoGet('/.maps/%s/review' % self.map_id)
self.assertTrue(self.cr1.id in response.body)
self.assertTrue(self.cr2.id in response.body)
with test_utils.Login('reviewer'):
response = self.DoGet('/.maps/%s/review?hidden=true' % self.map_id)
self.assertTrue(self.cr1.id in response.body)
self.assertFalse(self.cr2.id in response.body)
def testPostMap(self):
"""Posts a new version of a map."""
map_root = {'id': self.map.id, 'stuff': [0, 1]}
with test_utils.Login('editor'):
self.DoPost('/.api/maps/' + self.map.id, {
'json': json.dumps(map_root),
'xsrf_token': 'XSRF'
})
# Now we refetch the map because the object changed underneath us.
with test_utils.Login('viewer'):
# Verify that the edited content was saved properly.
map_object = model.Map.Get(self.map.id)
self.assertEquals(map_root, map_object.map_root)
def testLoginAccessList(self):
"""Ensures that the login_access_list config setting is enforced."""
config.Set('login_access_list', ['*****@*****.**', '*****@*****.**'])
_, response = self.RunTestHandler('GET', '/test', 302)
self.assertRegexpMatches(response.headers['Location'], r'/\.login')
with test_utils.Login('1'):
_, response = self.RunTestHandler('GET', '/test', 200)
self.assertEquals('test', response.body)
with test_utils.Login('7'):
_, response = self.RunTestHandler('GET', '/test', 403)
self.assertTrue("you don't have permission" in response.body)
def testPostMarkAsReviewed(self):
with test_utils.Login('reviewer'):
self.DoPost(
'/.maps/%s/review' % self.map_id,
'xsrf_token=XSRF&accept=%s&accept=%s' %
(self.cr1.id, self.cr2.id))
self.assertTrue(model.CrowdReport.Get(self.cr1.id).reviewed)
self.assertTrue(model.CrowdReport.Get(self.cr2.id).reviewed)
# Both reports get marked as reviewed and should not show up by default
# on the review page
with test_utils.Login('reviewer'):
response = self.DoGet('/.maps/%s/review' % self.map_id)
self.assertFalse(self.cr1.id in response.body)
self.assertFalse(self.cr2.id in response.body)
def testRevoke(self):
subject, role, target = 'subject', perms.Role.CATALOG_EDITOR, 'xyz.com'
perms.Grant(subject, role, target)
with test_utils.Login('subject'):
self.assertTrue(perms.CheckAccess(role, target))
perms.Revoke(subject, role, target)
self.assertFalse(perms.CheckAccess(role, target))
def testGetWithReportId(self):
cr_id = self.cr1.id
with test_utils.Login('reviewer'):
response = self.DoGet('/.maps/%s/review?id=%s' %
(self.map_id, cr_id))
self.assertTrue(self.cr1.id in response.body)
self.assertFalse(self.cr2.id in response.body)
def testPost(self):
"""Tests the Prefs POST handler."""
with test_utils.Login('test'):
# The first request of any kind should store the UserModel entity, but
# requests should not affect the preference flags unless save_keys is set.
self.DoPost('/.prefs', 'marketing_consent=on&xsrf_token=XSRF')
self.assertFalse(users.Get('test').marketing_consent_answered)
# save_keys indicates which keys to save, even if the POST data doesn't
# contain a particular key's name because its checkbox is off.
self.DoPost('/.prefs',
'save_keys=marketing_consent&xsrf_token=XSRF')
self.assertFalse(users.Get('test').marketing_consent)
self.assertTrue(users.Get('test').marketing_consent_answered)
# With no save_keys, there should be no effect.
self.DoPost('/.prefs', 'marketing_consent=on&xsrf_token=XSRF')
self.assertFalse(users.Get('test').marketing_consent)
self.assertTrue(users.Get('test').marketing_consent_answered)
# With save_keys, this should turn marketing_consent on.
self.DoPost(
'/.prefs', 'save_keys=marketing_consent'
'&marketing_consent=on&xsrf_token=XSRF')
self.assertTrue(users.Get('test').marketing_consent)
self.assertTrue(users.Get('test').marketing_consent_answered)
def testSharePostFailureInvalidId(self):
"""Sharing should fail if the map ID is invalid."""
with test_utils.Login('owner'):
self.DoPost(
'/.share/xxx',
'role=MAP_VIEWER&[email protected]&xsrf_token=XSRF',
404)
def testSharePostFailureNotOwner(self):
"""Non-owners of a map should not be able to share it."""
with test_utils.Login('editor'):
self.DoPost(
'/.share/' + self.m.id,
'role=MAP_VIEWER&[email protected]&xsrf_token=XSRF',
403)
def testPost(self):
"""Tests the Publish handler."""
with test_utils.Login('owner'):
self.DoPost('/xyz.com/.publish',
'label=abc&map=%s&xsrf_token=XSRF' % self.map_id)
entry = model.CatalogEntry.Get('xyz.com', 'abc')
self.assertEquals(self.map_id, entry.map_id)
self.assertFalse(entry.is_listed)
def testGetWithComplexSearch(self):
with test_utils.Login('reviewer'):
response = self.DoGet(
'/.maps/%s/review?query=%s' %
(self.map_id,
urllib.quote('here author:"http://foo.com/abc"')))
self.assertFalse(self.cr1.id in response.body)
self.assertTrue(self.cr2.id in response.body)
def testGetPublishedMap(self):
model.CatalogEntryModel(key_name='xyz.com:zz',
domain='xyz.com',
label='zz',
title='Map 1',
map_id=self.map_id).put()
with test_utils.Login('reviewer'):
self.DoGet('/xyz.com/zz/review')
def testInvalidLabels(self):
"""Tests to makes sure invalid labels don't get published."""
with test_utils.Login('owner'):
for label in ['', '!', 'f#oo', '?a', 'qwerty!', '9 3']:
self.DoPost(
'/xyz.com/.publish',
'label=%s&map=%s&xsrf_token=XSRF' % (label, self.map_id),
400)
def testModify(self):
# Overwriting a domain should require DOMAIN_ADMIN access.
self.assertTrue(domains.Domain.Get('xyz.com'))
self.assertRaises(perms.AuthorizationError, domains.Domain.Put, 'xyz.com')
# After Put(), the domain should come back with the new values.
perms.Grant('manager', perms.Role.DOMAIN_ADMIN, 'xyz.com')
with test_utils.Login('manager'):
domains.Domain.Put('xyz.com', default_label='fancy-map',
has_sticky_catalog_entries=True,
initial_domain_role=perms.Role.MAP_EDITOR)
self.AssertDomain('xyz.com', 'fancy-map', True, perms.Role.MAP_EDITOR)
# TODO(kpy): Check that DOMAIN_CREATED is not logged in this case.
# Specifying just one property should leave the rest unchanged.
with test_utils.Login('manager'):
domains.Domain.Put('xyz.com', default_label='another-map')
self.AssertDomain('xyz.com', 'another-map', True, perms.Role.MAP_EDITOR)
def testGet_WithPermissions(self):
with test_utils.Login('manager'):
response = self.DoGet('/xyz.com/.admin')
# All users with any kind of permissions should be present
self.assertTrue('*****@*****.**' in response.body)
self.assertTrue('*****@*****.**' in response.body)
self.assertTrue('*****@*****.**' in response.body)
# Navigation bar should be present; "cm-navbar" is the class of its div.
self.assertTrue('cm-navbar' in response.body)
def testRemove(self):
"""Tests removal of a catalog entry."""
with test_utils.RootLogin():
model.CatalogEntry.Create('xyz.com', 'abc', self.map_object)
self.assertNotEqual(None, model.CatalogEntry.Get('xyz.com', 'abc'))
with test_utils.Login('owner'):
self.DoPost('/xyz.com/.publish',
'label=abc&remove=1&xsrf_token=XSRF')
self.assertEquals(None, model.CatalogEntry.Get('xyz.com', 'abc'))
def testValidLabels(self):
"""Tests to makes sure valid labels do get published."""
with test_utils.Login('owner'):
for label in ['a', 'B', '2', 'a2', 'q-w_e-r_t-y', '93']:
self.DoPost(
'/xyz.com/.publish',
'label=%s&map=%s&xsrf_token=XSRF' % (label, self.map_id))
entry = model.CatalogEntry.Get('xyz.com', label)
self.assertEquals(self.map_id, entry.map_id)
self.assertFalse(entry.is_listed)
def testGetMap(self):
"""Fetches a map through the API."""
map_root = {'id': self.map.id, 'json': True, 'stuff': [0, 1]}
with test_utils.Login('editor'):
self.map.PutNewVersion(map_root)
with test_utils.Login('viewer'):
response = self.DoGet('/.api/maps/%s' % self.map.id)
self.assertEquals(map_root, json.loads(response.body))
# Map should not be accessible to a not-signed-in user, or an outsider
self.DoGet('/.api/maps/%s' % self.map.id, 403)
with test_utils.Login('outsider'):
self.DoGet('/.api/maps/%s' % self.map.id, 403)
# Map should be accessible by a properly configured auth key.
auth = model.Authorization.Create(map_read_permission=True,
map_ids=[self.map.id])
response = self.DoGet('/.api/maps/%s?key=%s' % (self.map.id, auth.id),
https=True)
self.assertEquals(map_root, json.loads(response.body))
def setUp(self):
super(AdminDomainTest, self).setUp()
test_utils.SetupUser(test_utils.Login('manager'))
test_utils.SetupUser(test_utils.DomainLogin('insider', 'xyz.com'))
test_utils.SetupUser(test_utils.DomainLogin('reviewer', 'xyz.com'))
test_utils.SetupUser(test_utils.DomainLogin('outsider', 'not-xyz.com'))
# TODO(kpy): Consider moving this setup into the tests that use it.
perms.Grant('xyz.com', perms.Role.MAP_CREATOR, 'xyz.com')
perms.Grant('manager', perms.Role.DOMAIN_ADMIN, 'xyz.com')
perms.Grant('reviewer', perms.Role.DOMAIN_REVIEWER, 'xyz.com')
perms.Grant('insider', perms.Role.CATALOG_EDITOR, 'xyz.com')
perms.Grant('outsider', perms.Role.MAP_CREATOR, 'xyz.com')
def testDomainSettingsPost(self):
domains.Domain.Put(
'foo.com', has_sticky_catalog_entries=True, default_label='label-a',
initial_domain_role=perms.Role.MAP_VIEWER)
perms.Grant('manager', perms.Role.DOMAIN_ADMIN, 'foo.com')
with test_utils.Login('manager'):
self.DoDomainSettingsPost(
'foo.com', 'label-b', False, perms.Role.MAP_EDITOR)
domain = domains.Domain.Get('foo.com')
self.assertEqual('label-b', domain.default_label)
self.assertFalse(domain.has_sticky_catalog_entries)
self.assertEqual(perms.Role.MAP_EDITOR, domain.initial_domain_role)
def testInitialDomainRole(self):
# Start with no initial_domain_role for our domain.
with test_utils.RootLogin():
domains.Domain.Put('xyz.com', initial_domain_role=perms.Role.NONE)
perms.Grant('creator', perms.Role.MAP_CREATOR, 'xyz.com')
# Newly created maps should get a domain_role of perms.Role.NONE.
with test_utils.Login('creator'):
response = self.DoPost('/xyz.com/.create', 'xsrf_token=XSRF', 302)
map_object = model.Map.Get(
response.headers['Location'].split('/')[-1])
self.assertEquals(perms.Role.NONE, map_object.domain_role)
# Now set the initial_domain_role for xyz.com.
with test_utils.RootLogin():
domains.Domain.Put('xyz.com',
initial_domain_role=perms.Role.MAP_EDITOR)
# Newly created maps should pick up the new domain_role.
with test_utils.Login('creator'):
response = self.DoPost('/xyz.com/.create', 'xsrf_token=XSRF', 302)
map_object = model.Map.Get(
response.headers['Location'].split('/')[-1])
self.assertEquals(perms.Role.MAP_EDITOR, map_object.domain_role)
def testCreate(self):
perms.Grant('creator', perms.Role.MAP_CREATOR, 'xyz.com')
self.CaptureLog()
with test_utils.Login('creator'):
response = self.DoPost('/xyz.com/.create', 'xsrf_token=XSRF', 302)
map_object = model.Map.Get(
response.headers['Location'].split('/')[-1])
# Confirm that a map was created.
self.assertTrue(map_object)
self.assertEquals('xyz.com', map_object.domain)
self.assertTrue('Untitled' in map_object.map_root['title'])
self.AssertLog(logs.Event.MAP_CREATED,
uid='creator',
map_id=map_object.id,
domain_name='xyz.com')
def testGet(self):
with test_utils.Login('reviewer'):
response = self.DoGet('/.maps/%s/review' % self.map_id)
self.assertTrue('>shelter<' in response.body)
self.assertTrue('>water<' in response.body)
self.assertTrue('>flooding<' in response.body)
self.assertTrue(self.cr1.id in response.body)
self.assertTrue(self.cr2.id in response.body)
self.assertTrue('[space]' in response.body)
self.assertTrue('[no water]' in response.body)
self.assertTrue('Beds: 26' in response.body)
self.assertTrue('Phone: 555-1234' in response.body)
self.assertTrue('bottled water here </script>' in response.body)
self.assertTrue('name="accept"' in response.body)
self.assertTrue(map_review._ICON_URL_TEMPLATE % 'aaa' in response.body)
def testPostUpvoteDownvoteFromPublishedMap(self):
model.CatalogEntryModel(key_name='xyz.com:zz',
domain='xyz.com',
label='zz',
title='Map 1',
map_id=self.map_id).put()
model.CrowdVote.Put(self.cr1.id, 'voter1', 'ANONYMOUS_DOWN')
model.CrowdVote.Put(self.cr1.id, 'voter2', 'ANONYMOUS_DOWN')
self.assertTrue(model.CrowdReport.Get(self.cr1.id).hidden)
with test_utils.Login('reviewer'):
self.DoPost(
'/xyz.com/zz/review', 'xsrf_token=XSRF&upvote=%s&downvote=%s' %
(self.cr1.id, self.cr2.id))
self.assertFalse(model.CrowdReport.Get(self.cr1.id).hidden)
self.assertTrue(model.CrowdReport.Get(self.cr2.id).hidden)
# Both reports get marked as reviewed and should not show up by default
# on the review page
with test_utils.Login('reviewer'):
response = self.DoGet('/xyz.com/zz/review')
self.assertFalse(self.cr1.id in response.body)
self.assertFalse(self.cr2.id in response.body)
def testGet(self):
"""Tests CrowdReport.GetWithoutLocation."""
now = datetime.datetime.utcnow()
def TimeAgo(days=0, hours=0):
return now - datetime.timedelta(days=days, hours=hours)
self.SetTime(
utils.UtcToTimestamp(
TimeAgo(days=crowd_report_tasks.CROWD_REPORT_TTL_DAYS - 1)))
cr1 = test_utils.NewCrowdReport(topic_ids=['foo'])
self.SetTime(
utils.UtcToTimestamp(
TimeAgo(days=crowd_report_tasks.CROWD_REPORT_TTL_DAYS)))
cr2 = test_utils.NewCrowdReport(topic_ids=['foo'])
self.SetTime(
utils.UtcToTimestamp(
TimeAgo(days=crowd_report_tasks.CROWD_REPORT_TTL_DAYS,
hours=1)))
cr3 = test_utils.NewCrowdReport(topic_ids=['foo'])
self.SetTime(
utils.UtcToTimestamp(
TimeAgo(days=crowd_report_tasks.CROWD_REPORT_TTL_DAYS + 1)))
cr4 = test_utils.NewCrowdReport(topic_ids=['foo'])
self.SetTime(utils.UtcToTimestamp(now))
self.assertEquals([cr1.key, cr2.key, cr3.key, cr4.key], [
x.key
for x in model.CrowdReport.GetWithoutLocation(topic_ids=['foo'],
count=10)
])
with test_utils.Login('owner'):
self.DoGet('/.crowd_report_cleanup')
# Should have deleted the two reports older than CROWD_REPORT_TTL_DAYS
self.assertEquals([cr1.key, cr2.key], [
x.key
for x in model.CrowdReport.GetWithoutLocation(topic_ids=['foo'],
count=10)
])
def testDomainAdminRole(self):
with test_utils.RootLogin():
perms.Grant('xyz.com', perms.Role.DOMAIN_ADMIN, 'xyz.com')
perms.Grant('outside_friend', perms.Role.DOMAIN_ADMIN, 'xyz.com')
with test_utils.DomainLogin('insider', 'xyz.com'):
self.assertTrue(
perms.CheckAccess(perms.Role.DOMAIN_ADMIN, 'xyz.com'))
with test_utils.DomainLogin('outside_friend', 'not-xyz.com'):
self.assertTrue(
perms.CheckAccess(perms.Role.DOMAIN_ADMIN, 'xyz.com'))
with test_utils.Login('stranger'):
self.assertFalse(
perms.CheckAccess(perms.Role.DOMAIN_ADMIN, 'xyz.com'))
with test_utils.DomainLogin('stranger_with_ga_domain', 'not-xyz.com'):
self.assertFalse(
perms.CheckAccess(perms.Role.DOMAIN_ADMIN, 'xyz.com'))
with test_utils.RootLogin():
self.assertTrue(
perms.CheckAccess(perms.Role.DOMAIN_ADMIN, 'xyz.com'))
