def test_manager_cant_access_director(method, app, db_session): manager = factories.EmployeeFactory(role=factories.RoleFactory( role_type=RoleType.Manager)) director = factories.EmployeeFactory(role=factories.RoleFactory( role_type=RoleType.Director)) master = factories.EmployeeFactory(role=factories.RoleFactory( role_type=RoleType.Master)) flask.g.user = manager assert not has_privilege( method=method, resource="employee", employee_id=director.id) assert has_privilege(method=method, resource="employee", employee_id=master.id)
def test_cannot_access_other_company_employees(method, app, db_session): """ Even though the authenticated user is a director, they cannot access a manager's profile because the manager works for another company. """ director = factories.EmployeeFactory( company=factories.CompanyFactory(), role=factories.RoleFactory(name="Director")) manager = factories.EmployeeFactory( company=factories.CompanyFactory(), role=factories.RoleFactory(name="Manager")) flask.g.user = director assert not has_privilege( method=Method.READ, resource="employee", employee_id=manager.id)
def test_insert_employee(db_session): """Integration test for adding and selecting Employee""" company = factories.CompanyFactory() manager_role = factories.RoleFactory() employee = factories.EmployeeFactory(company=company, role=manager_role) row = db_session.query(Employee).get(employee.id) assert row.username == employee.username
def test_cannot_access_list(client, db_session): """ Show 403 - Forbidden when user cannot access employee list """ company = factories.CompanyFactory() manager_role = factories.RoleFactory() employee = factories.EmployeeFactory(company=company, role=manager_role) response = client.get(url_for("employee.list")) assert response.status_code == HTTPStatus.FORBIDDEN
def test_list(client, db_session): """ List all employees """ company = factories.CompanyFactory() manager_role = factories.RoleFactory() employee = factories.EmployeeFactory(company=company, role=manager_role) response = client.get(url_for("employee.list")) assert response.status_code == HTTPStatus.OK assert str.encode(employee.username) in response.data
def test_can_access_same_company_employees(app, db_session): company = factories.CompanyFactory() manager_role = factories.RoleFactory() me = factories.EmployeeFactory(company=company, role=manager_role) colleague = factories.EmployeeFactory(company=company, role=manager_role) flask.g.user = me assert has_privilege( method=Method.READ, resource="employee", employee_id=colleague.id)
def test_can_access_subalterns(method, app, db_session): """ A director of a company should be able to access the profiles of employees with a lower role. """ company = factories.CompanyFactory() director = factories.EmployeeFactory( company=company, role=factories.RoleFactory(name="Director")) master = factories.EmployeeFactory( company=company, role=factories.RoleFactory(name="Master")) manager = factories.EmployeeFactory( company=company, role=factories.RoleFactory(name="Manager")) intern = factories.EmployeeFactory( company=company, role=factories.RoleFactory(name="Intern")) flask.g.user = director assert has_privilege(resource="employee", employee_id=manager.id) assert has_privilege(resource="employee", employee_id=master.id) assert has_privilege(resource="employee", employee_id=intern.id)
def test_list(client): """ Test list is okay """ role = factories.RoleFactory(name=RoleType.Intern.name) company = factories.CompanyFactory() employee = factories.EmployeeFactory(company=company, role_id=role.id) location = factories.LocationFactory(company=company) floor = factories.FloorFactory(location=location) with client.session_transaction() as session: session["user_id"] = employee.id g.user = employee factories.TableFactory(floor_id=floor.id, name="Table 01") factories.TableFactory(floor_id=floor.id, name="Table 02") factories.TableFactory(floor_id=floor.id, name="Table 03") response = client.get(url_for("/tables/")) assert response.status_code == HTTPStatus.OK assert b"<div><h1>Table 01</h1></div>" in response.data assert b"<div><h1>Table 02</h1></div>" in response.data assert b"<div><h1>Table 03</h1></div>" in response.data assert b"<div><h1>Table " in response.data.count == 3
def data(): m = type("Models", (object, ), {}) m.registered_user = f.UserFactory.create() m.project_member_with_perms = f.UserFactory.create() m.project_member_without_perms = f.UserFactory.create() m.project_owner = f.UserFactory.create() m.other_user = f.UserFactory.create() m.superuser = f.UserFactory.create(is_superuser=True) m.public_project = f.ProjectFactory(is_private=False, anon_permissions=['view_project'], public_permissions=['view_project']) m.public_project = attach_extra_info( project_models.Project.objects.all()).get(id=m.public_project.id) m.private_project1 = f.ProjectFactory(is_private=True, anon_permissions=['view_project'], public_permissions=['view_project'], owner=m.project_owner) m.private_project1 = attach_extra_info( project_models.Project.objects.all()).get(id=m.private_project1.id) m.private_project2 = f.ProjectFactory(is_private=True, anon_permissions=[], public_permissions=[], owner=m.project_owner) m.private_project2 = attach_extra_info( project_models.Project.objects.all()).get(id=m.private_project2.id) m.blocked_project = f.ProjectFactory( is_private=True, anon_permissions=[], public_permissions=[], owner=m.project_owner, blocked_code=project_choices.BLOCKED_BY_STAFF) m.blocked_project = attach_extra_info( project_models.Project.objects.all()).get(id=m.blocked_project.id) f.RoleFactory(project=m.public_project) m.membership = f.MembershipFactory(project=m.private_project1, user=m.project_member_with_perms, role__project=m.private_project1, role__permissions=list( map(lambda x: x[0], MEMBERS_PERMISSIONS))) m.membership = f.MembershipFactory(project=m.private_project1, user=m.project_member_without_perms, role__project=m.private_project1, role__permissions=[]) m.membership = f.MembershipFactory(project=m.private_project2, user=m.project_member_with_perms, role__project=m.private_project2, role__permissions=list( map(lambda x: x[0], MEMBERS_PERMISSIONS))) m.membership = f.MembershipFactory(project=m.private_project2, user=m.project_member_without_perms, role__project=m.private_project2, role__permissions=[]) m.membership = f.MembershipFactory(project=m.blocked_project, user=m.project_member_with_perms, role__project=m.blocked_project, role__permissions=list( map(lambda x: x[0], MEMBERS_PERMISSIONS))) m.membership = f.MembershipFactory(project=m.blocked_project, user=m.project_member_without_perms, role__project=m.blocked_project, role__permissions=[]) f.MembershipFactory(project=m.public_project, user=m.project_owner, is_admin=True) f.MembershipFactory(project=m.private_project1, user=m.project_owner, is_admin=True) f.MembershipFactory(project=m.private_project2, user=m.project_owner, is_admin=True) f.MembershipFactory(project=m.blocked_project, user=m.project_owner, is_admin=True) ContentType = apps.get_model("contenttypes", "ContentType") Project = apps.get_model("projects", "Project") project_ct = ContentType.objects.get_for_model(Project) f.LikeFactory(content_type=project_ct, object_id=m.public_project.pk, user=m.project_member_with_perms) f.LikeFactory(content_type=project_ct, object_id=m.public_project.pk, user=m.project_owner) f.LikeFactory(content_type=project_ct, object_id=m.private_project1.pk, user=m.project_member_with_perms) f.LikeFactory(content_type=project_ct, object_id=m.private_project1.pk, user=m.project_owner) f.LikeFactory(content_type=project_ct, object_id=m.private_project2.pk, user=m.project_member_with_perms) f.LikeFactory(content_type=project_ct, object_id=m.private_project2.pk, user=m.project_owner) f.LikeFactory(content_type=project_ct, object_id=m.blocked_project.pk, user=m.project_member_with_perms) f.LikeFactory(content_type=project_ct, object_id=m.blocked_project.pk, user=m.project_owner) return m
def data(): m = type("Models", (object,), {}) m.registered_user = f.UserFactory.create() m.project_member_with_perms = f.UserFactory.create() m.project_member_without_perms = f.UserFactory.create() m.project_owner = f.UserFactory.create() m.other_user = f.UserFactory.create() m.superuser = f.UserFactory.create(is_superuser=True) m.public_project = f.ProjectFactory(is_private=False, anon_permissions=['view_project'], public_permissions=['view_project']) m.private_project1 = f.ProjectFactory(is_private=True, anon_permissions=['view_project'], public_permissions=['view_project'], owner=m.project_owner) m.private_project2 = f.ProjectFactory(is_private=True, anon_permissions=[], public_permissions=[], owner=m.project_owner) f.RoleFactory(project=m.public_project) m.membership = f.MembershipFactory(project=m.private_project1, user=m.project_member_with_perms, role__project=m.private_project1, role__permissions=list(map(lambda x: x[0], MEMBERS_PERMISSIONS))) m.membership = f.MembershipFactory(project=m.private_project1, user=m.project_member_without_perms, role__project=m.private_project1, role__permissions=[]) m.membership = f.MembershipFactory(project=m.private_project2, user=m.project_member_with_perms, role__project=m.private_project2, role__permissions=list(map(lambda x: x[0], MEMBERS_PERMISSIONS))) m.membership = f.MembershipFactory(project=m.private_project2, user=m.project_member_without_perms, role__project=m.private_project2, role__permissions=[]) f.MembershipFactory(project=m.public_project, user=m.project_owner, is_owner=True) f.MembershipFactory(project=m.private_project1, user=m.project_owner, is_owner=True) f.MembershipFactory(project=m.private_project2, user=m.project_owner, is_owner=True) ContentType = apps.get_model("contenttypes", "ContentType") Project = apps.get_model("projects", "Project") project_ct = ContentType.objects.get_for_model(Project) f.LikeFactory(content_type=project_ct, object_id=m.public_project.pk, user=m.project_member_with_perms) f.LikeFactory(content_type=project_ct, object_id=m.public_project.pk, user=m.project_owner) f.LikeFactory(content_type=project_ct, object_id=m.private_project1.pk, user=m.project_member_with_perms) f.LikeFactory(content_type=project_ct, object_id=m.private_project1.pk, user=m.project_owner) f.LikeFactory(content_type=project_ct, object_id=m.private_project2.pk, user=m.project_member_with_perms) f.LikeFactory(content_type=project_ct, object_id=m.private_project2.pk, user=m.project_owner) f.LikesFactory(content_type=project_ct, object_id=m.public_project.pk, count=2) f.LikesFactory(content_type=project_ct, object_id=m.private_project1.pk, count=2) f.LikesFactory(content_type=project_ct, object_id=m.private_project2.pk, count=2) return m