def test_cannot_access_tables_from_other_locations(app, db_session):
"""User with Location Admin role cannot access the tables
from a Location which is not owned by the company they work at"""
company = Company(id=1, name="Foo Inc.", code="code1", address="addr")
other = Company(id=2, name="Other Foo Inc.", code="code2", address="addr2")
location = Location(id=1,
name="name",
code="123",
company_id=other.id,
country="US",
region="region",
city="city",
address="address",
longitude="123",
latitude="123",
type="type",
status="status")
floor = Floor(id=1, description="1st Floor", location_id=location.id)
shape = TableShape(id=1,
description="Round Table",
picture="/path/to/file.jpg")
table = Table(id=1,
name="some table",
floor_id=floor.id,
x=40,
y=50,
width=320,
height=150,
status=1,
max_capacity=12,
multiple=False,
playstation=False,
shape_id=1)
db_session.add(company)
db_session.add(other)
db_session.add(location)
db_session.add(floor)
db_session.add(shape)
db_session.commit()
db_session.add(table)
user = Employee(id=1,
first_name="Alice",
last_name="Cooper",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
pin_code=3333,
account_status="on",
user_status="on",
registration_date=datetime.utcnow(),
company_id=company.id,
email="*****@*****.**",
password="******")
flask.g.user = user
db_session.add(user)
db_session.commit()
assert not has_privilege(
method=Method.READ, resource="tables", id=table.id)
def setup_class(cls, mocked_auth):
cls.port = free_port()
start_server(cls.port, locations=cls.locations)
cls.company = Company(
name="Any company",
code="Cpny",
employees=[
Employee(username="******",
password="******",
first_name="Richard",
last_name="Myers",
phone_number="112233",
user_status="U",
birth_date=datetime.datetime.utcnow(),
pin_code=4567,
email="*****@*****.**",
account_status="A",
registration_date=datetime.datetime(2019, 1, 1))
],
locations=[
Location(id=40,
name="Tapper",
code="T",
company_id=50,
poster_id=2,
country="United States",
region="Nay",
city="South",
type="L",
address="Delta Park, 145",
longitude=640,
latitude=480,
status="open",
synchronized_on=datetime.datetime(1983, 5, 10)),
Location(id=150,
name="Hard Rock",
code="H",
company_id=50,
poster_id=10,
country="United States",
region="Manhattan",
city="New York",
type="C",
address="5th Avenue 145",
longitude=1024,
latitude=720,
status="open",
synchronized_on=datetime.datetime(1983, 5, 10))
])
access_token = Authenticated(
PosterAuthData(
application_id="test_application_id",
application_secret="test_application_secret",
redirect_uri="test_redirect_uri",
code="test_code",
))
cls.poster_sync = PosterSync
cls.poster = Poster(url="http://localhost:{port}".format(
port=cls.port))
def test_can_not_manage_locations_from_different_company(
clean_app, db_session):
my_company = Company(id=1, name="Foo Inc.", code="code1", address="addr")
db_session.add(my_company)
me = Employee(id=1,
first_name="Bob",
last_name="Cooper",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
pin_code=1111,
account_status="on",
user_status="on",
registration_date=datetime.utcnow(),
company_id=my_company.id,
email="*****@*****.**",
password="******")
db_session.add(me)
flask.g.user = me
other_company = Company(id=2,
name="Bar Inc.",
code="code2",
address="addr")
db_session.add(other_company)
location = Location(name="name",
code="123",
company_id=other_company.id,
country="US",
region="region",
city="city",
address="address",
longitude="123",
latitude="123",
type="type",
status="status")
db_session.add(location)
db_session.commit()
assert not has_privilege(
method=Method.READ, resource="location", id=location.id)
assert not has_privilege(
method=Method.CREATE, resource="location", id=location.id)
assert not has_privilege(
method=Method.UPDATE, resource="location", id=location.id)
assert not has_privilege(
method=Method.DELETE, resource="location", id=location.id)
def test_sync_location(db_session):
port = free_port()
start_server(port,
locations=[{
"id": 100,
"name": "Coco Bongo",
"code": "C",
"company_id": 50,
"country": "United States",
"region": "East Coast",
"city": "Edge City",
"address": "Blvd. Kukulcan Km 9.5 #30, Plaza Forum",
"longitude": 21.1326063,
"latitude": -86.7473191,
"type": "L",
"status": "open",
"comment": "Nightclub from a famous movie"
}])
company = Company(id=50,
name="Company of Heroes",
code="Cpny",
address="Somewhere in the bermuda triangle")
db_session.add(company)
db_session.commit()
location = Location(id=100,
name="Coconut Bongolive",
code="C",
company_id=50,
country="United States of America",
region="West Coast",
city="Another city",
address="Some address in Another City",
longitude=42.2642026,
latitude=-172.148146,
type="L",
status="closed",
comment="A location with ")
db_session.add(location)
db_session.commit()
SyncedLocation(
location=location,
poster_sync=Poster(url="http://localhost:{port}".format(port=port)),
db_session=db_session).sync()
row = Location.query.filter_by(id=location.id).one()
assert row.id == 100
assert row.name == "Coco Bongo"
assert row.code == "C"
assert row.company_id == 50
assert row.country == "United States"
assert row.region == "East Coast"
assert row.city == "Edge City"
assert row.address == "Blvd. Kukulcan Km 9.5 #30, Plaza Forum"
assert row.longitude == 21.1326063
assert row.latitude == -86.7473191
assert row.type == "L"
assert row.status == "open"
assert row.comment == "Nightclub from a famous movie"
def test_item_assign_history():
""" Test item assign history """
company = Company(id=223,
name="Bad Company",
code="Bad Cmpny",
address="addr")
first_employee = Employee(
id=20,
first_name="Elvis",
last_name="Presley",
username="******",
phone_number="555-5555",
birth_date=datetime.utcnow(),
registration_date=datetime.utcnow(),
account_status="active",
user_status="active",
email="*****@*****.**",
password="******",
pin_code=100,
comment="Famous artist known as The King of Rock and Roll",
company_id=company.id)
second_employee = Employee(
id=60,
first_name="Frank",
last_name="Sinatra",
username="******",
phone_number="555-5555",
birth_date=datetime.utcnow(),
registration_date=datetime.utcnow(),
account_status="active",
user_status="active",
email="*****@*****.**",
password="******",
pin_code=55,
comment="One of the most popular musical artists of the 20th century",
company_id=company.id)
item = Item(id=1,
name="Duck Eggs",
stock_date=datetime.utcnow,
comment="Eggs from ducks",
company_id=company.id,
employee_id=first_employee.id,
created_on=datetime.utcnow,
updated_on=datetime.utcnow,
company=company)
item.assign(employee=first_employee)
item.assign(employee=second_employee)
assert (item.item_history()[0].employee_id == second_employee,
"Last ItemHistory with wrong employee")
assert (item.item_history()[1].employee_id == first_employee.id,
"First ItemHistory with wrong employee")
assert (item.item_history()[1].end_time
is not None, "First ItemHistory end_time not set")
def test_new_company():
"""
@todo #31:30min We need to move tests in this file
to the appropriate module tests folder, for example
test_companies test_locations test_tables and so on
"""
"""
Test creating new company
"""
new_company = Company(name="First company", code="C")
assert (new_company.name is not None and new_company.code is not None)
def test_cant_access_other_company_employees(app, db_session):
my_company = Company(id=1, name="Foo Inc.", code="code1", address="addr")
db_session.add(my_company)
me = Employee(id=1,
first_name="Alice",
last_name="Cooper",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
pin_code=3333,
account_status="on",
user_status="on",
registration_date=datetime.utcnow(),
company_id=my_company.id,
email="*****@*****.**",
password="******")
db_session.add(me)
flask.g.user = me
other_company = Company(id=2,
name="Bar Inc.",
code="code2",
address="addr")
db_session.add(other_company)
other = Employee(id=2,
first_name="Bob",
last_name="Cooper",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
pin_code=4444,
account_status="on",
user_status="on",
registration_date=datetime.utcnow(),
company_id=other_company.id,
email="*****@*****.**",
password="******")
db_session.add(other)
db_session.commit()
assert not has_privilege(
method=Method.READ, resource="employee", employee_id=other.id)
def test_can_manage_employees_from_same_company(clean_app, db_session):
my_company = Company(name="Mothers Of Invention Inc.",
code="code1",
address="addr")
db_session.add(my_company)
db_session.commit()
role = Role(id=1,
name="owner",
works_on_shifts=False,
company_id=my_company.id)
db_session.add(role)
db_session.commit()
boss = Employee(first_name="Frank",
last_name="Zappa",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
pin_code=1248,
account_status="on",
user_status="on",
registration_date=datetime.utcnow(),
company_id=my_company.id,
email="*****@*****.**",
password="******",
role_id=role.id)
db_session.add(boss)
db_session.commit()
flask.g.user = boss
employee = Employee(first_name="Jack",
last_name="Black",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
pin_code=5648,
account_status="on",
user_status="on",
registration_date=datetime.utcnow(),
company_id=my_company.id,
email="*****@*****.**",
password="******")
db_session.add(employee)
db_session.commit()
assert has_privilege(method=Method.READ,
resource="employee",
employee_id=employee.id)
assert has_privilege(method=Method.CREATE, resource="employee")
assert has_privilege(method=Method.UPDATE,
resource="employee",
employee_id=employee.id)
assert has_privilege(method=Method.DELETE,
resource="employee",
employee_id=employee.id)
def test_manager_cant_access_director(app, db_session):
"""
@todo #298:30min Add check that users with Manager role can only access or
modify employees that have role of master or interns. Then remove skip
annotation from this test.
"""
my_company = Company(id=1, name="Acme Inc.", code="code1", address="addr")
db_session.add(my_company)
manager_role = Role(name="Manager",
works_on_shifts=False,
company_id=my_company.id)
director_role = Role(name="Director",
works_on_shifts=False,
company_id=my_company.id)
me = Employee(id=1,
first_name="Alice",
last_name="Cooper",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
pin_code=7777,
account_status="on",
user_status="on",
registration_date=datetime.utcnow(),
company_id=my_company.id,
email="*****@*****.**",
password="******",
role_id=manager_role.id)
db_session.add(me)
flask.g.user = me
other = Employee(id=2,
first_name="Bob",
last_name="Cooper",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
pin_code=6666,
account_status="on",
user_status="on",
registration_date=datetime.utcnow(),
company_id=my_company.id,
email="*****@*****.**",
password="******",
role_id=director_role.id)
db_session.add(other)
db_session.commit()
assert not has_privilege(
method=Method.READ, resource="employee", employee_id=other.id)
def test_can_access_same_company_employees(app, db_session):
my_company = Company(id=1, name="Acme Inc.", code="code1", address="addr")
db_session.add(my_company)
manager_role = Role(name="Manager",
works_on_shifts=False,
company_id=my_company.id)
master_role = Role(name="Master",
works_on_shifts=False,
company_id=my_company.id)
me = Employee(id=1,
first_name="Alice",
last_name="Cooper",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
pin_code=7777,
account_status="on",
user_status="on",
registration_date=datetime.utcnow(),
company_id=my_company.id,
email="*****@*****.**",
password="******",
role_id=manager_role.id)
db_session.add(me)
flask.g.user = me
other = Employee(id=2,
first_name="Bob",
last_name="Cooper",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
pin_code=6666,
account_status="on",
user_status="on",
registration_date=datetime.utcnow(),
company_id=my_company.id,
email="*****@*****.**",
password="******",
role_id=master_role.id)
db_session.add(other)
db_session.commit()
assert has_privilege(method=Method.READ,
resource="employee",
employee_id=other.id)
def test_sync_location(locations_mock, auth_mock, db_session):
company = Company(id=50,
name="Company of Heroes",
code="Cpny",
address="Somewhere in the bermuda triangle")
db_session.add(company)
db_session.commit()
auth_mock.return_value = 'token'
locations_mock.return_value = {
"response": [{
"id": 100,
"name": "Coco Bongo",
"code": "C",
"company_id": company.id,
"country": "United States",
"region": "East Coast",
"city": "Edge City",
"address": "Blvd. Kukulcan Km 9.5 #30, Plaza Forum",
"longitude": 21.1326063,
"latitude": -86.7473191,
"type": "L",
"status": "open",
"comment": "Nightclub from a famous movie"
}]
}
sync_locations()
row = Location.query.filter_by(id=100).one()
assert row.id == 100
assert row.name == "Coco Bongo"
assert row.code == "C"
assert row.company_id == 50
assert row.country == "United States"
assert row.region == "East Coast"
assert row.city == "Edge City"
assert row.address == "Blvd. Kukulcan Km 9.5 #30, Plaza Forum"
assert row.longitude == 21.1326063
assert row.latitude == -86.7473191
assert row.type == "L"
assert row.status == "open"
assert row.comment == "Nightclub from a famous movie"
def setup_class(cls, mocked_auth):
cls.port = free_port()
start_server(cls.port, locations=cls.locations)
cls.company = Company(
name="Any company",
code="Cpny",
employees=[
Employee(username="******",
password="******",
first_name="Richard",
last_name="Myers",
phone_number="112233",
birth_date=datetime.datetime.utcnow(),
pin_code=4567,
email="*****@*****.**")
],
locations=[
Location(id=40,
name="Tapper",
code="T",
company_id=50,
poster_id=2,
synchronized_on=datetime.datetime(1983, 5, 10)),
Location(id=150,
name="Hard Rock",
code="H",
company_id=50,
poster_id=10,
synchronized_on=datetime.datetime(1983, 5, 10))
])
access_token = Authenticated(
PosterAuthData(
application_id="test_application_id",
application_secret="test_application_secret",
redirect_uri="test_redirect_uri",
code="test_code",
))
cls.poster_sync = PosterSync
cls.poster = Poster(url="http://localhost:{port}".format(
port=cls.port))
def test_item_assign():
""" Test item assign """
company = Company(id=223,
name="Bad Company",
code="Bad Cmpny",
address="addr")
item = Item(id=1,
name="Duck Eggs",
stock_date=datetime.utcnow,
comment="Eggs from ducks",
company_id=company.id,
created_on=datetime.utcnow,
updated_on=datetime.utcnow,
company=company)
assignee = Employee(id=15,
first_name="Johnny",
last_name="Cash",
username="******",
phone_number="555-5555",
birth_date=datetime.utcnow(),
registration_date=datetime.utcnow(),
account_status="active",
user_status="active",
email="*****@*****.**",
password="******",
pin_code=55,
comment="A famous american country singer",
company_id=223)
assert not item.employee_id
item.assign(employee=assignee)
assert (item.employee_id == assignee.id, "Item assigned to wrong employee")
assert (item.item_history()[0].employee_id == assignee.id,
"ItemHistory with wrong employee")
def create_location(db_session):
company = Company(
name="Krusty Inc.",
code="KI",
address="Springfield Lane,12"
)
location = Location(
name="Krusty Burger",
code="KB",
company_id=company.id,
country="United States",
region="Middle East",
city="Springfield",
address="Jebediah Street, NN",
longitude=23,
latitude=25,
type="B",
status="open",
comment="Fast food restaurant from a famous animated sitcom."
)
db_session.add(company)
db_session.add(location)
db_session.commit()
return location
def test_can_not_manage_employees_from_different_company(
clean_app, db_session):
boss_company = Company(name="Mothers Of Invention Inc.",
code="code1",
address="addr")
db_session.add(boss_company)
db_session.commit()
owner_role = Role(id=1,
name="owner",
works_on_shifts=False,
company_id=boss_company.id)
db_session.add(owner_role)
db_session.commit()
boss = Employee(first_name="Frank",
last_name="Zappa",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
pin_code=6547,
account_status="on",
user_status="on",
registration_date=datetime.utcnow(),
company_id=boss_company.id,
email="*****@*****.**",
password="******",
role_id=owner_role.id)
db_session.add(boss)
flask.g.user = boss
employee_company = Company(name="Damage Inc.",
code="code2",
address="addr")
db_session.add(employee_company)
db_session.commit()
employee_role = Role(id=2,
name="employee",
works_on_shifts=False,
company_id=employee_company.id)
db_session.add(employee_role)
db_session.commit()
employee = Employee(first_name="James",
last_name="Hetfield",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
pin_code=7777,
account_status="on",
user_status="on",
registration_date=datetime.utcnow(),
company_id=employee_company.id,
email="*****@*****.**",
password="******",
role_id=employee_role.id)
db_session.add(employee)
db_session.commit()
assert not has_privilege(
method=Method.READ, resource="employee", employee_id=employee.id)
assert not has_privilege(method=Method.CREATE, resource="employee")
assert not has_privilege(
method=Method.UPDATE, resource="employee", employee_id=employee.id)
assert not has_privilege(
method=Method.DELETE, resource="employee", employee_id=employee.id)