def test_readonly_set_by_role(self, role_name, expected_readonly):
"""Test setting Read-only to true under {}."""
role_obj = all_models.Role.query.filter(
all_models.Role.name == role_name).one()
with factories.single_commit():
user = factories.PersonFactory()
rbac_factories.UserRoleFactory(role=role_obj, person=user)
response = self.import_data(OrderedDict([
("object_type", "System"),
("Code*", ""),
("Admin", user.email),
("Assignee", user.email),
("Verifier", user.email),
("Title", "New System"),
("Read-only", True),
]),
person=user)
expected_warning = {
"System": {
"row_warnings": {
errors.NON_ADMIN_ACCESS_ERROR.format(
line=3, object_type="System", column_name="Read-only")
}
}
} if role_name != "Administrator" else {}
self._check_csv_response(response, expected_warning)
obj = all_models.System.query.filter_by(title="New System").first()
self.assertEqual(obj.readonly, expected_readonly)
def test_readonly_unset_by_role(self, role_name, expected_readonly):
"""Test setting Read-only to false under {}."""
role_obj = all_models.Role.query.filter(
all_models.Role.name == role_name).one()
with factories.single_commit():
user = factories.PersonFactory()
system = factories.SystemFactory(readonly=True)
rbac_factories.UserRoleFactory(role=role_obj, person=user)
system.add_person_with_role_name(user, "Admin")
system_slug = system.slug
user_id = user.id
response = self.import_data(
OrderedDict([
("object_type", "System"),
("Code*", system_slug),
("Read-only", "no"),
]),
person=all_models.Person.query.get(user_id))
expected_warning = {
"System": {
"row_warnings": {
errors.NON_ADMIN_ACCESS_ERROR.format(
line=3, object_type="System", column_name="Read-only")
}
}
} if expected_readonly else {}
self._check_csv_response(response, expected_warning)
obj = all_models.System.query.filter_by(slug=system_slug).first()
self.assertEqual(obj.readonly, expected_readonly)
def test_403_if_delete_readonly_without_perms(self, obj_type):
"""Test {0} with readonly=True DELETE returns 401
This test ensures that user without permission for the object
cannot obtain value for flag readonly
"""
role_obj = all_models.Role.query.filter(
all_models.Role.name == "Creator").one()
factory = factories.get_model_factory(obj_type)
with factories.single_commit():
# create Global Creator
person = factories.PersonFactory()
person_id = person.id
rbac_factories.UserRoleFactory(role=role_obj, person=person)
# Create object
obj = factory(title='a', readonly=True)
obj_id = obj.id
self.object_generator.api.set_user(
all_models.Person.query.get(person_id))
obj = get_model(obj_type).query.get(obj_id)
resp = self.object_generator.api.delete(obj)
self.assert403(resp)
obj = get_model(obj_type).query.get(obj_id)
self.assertIsNotNone(obj)
def test_user_cannot_get_readonly_value_without_perms(self, new):
"""Test readonly System not updated if new={0!r} and user has no perms
This test ensures that user without permission for the object
cannot obtain value for flag readonly
"""
role_obj = all_models.Role.query.filter(
all_models.Role.name == "Creator").one()
with factories.single_commit():
person = factories.PersonFactory()
person_id = person.id
rbac_factories.UserRoleFactory(role=role_obj, person=person)
obj = factories.SystemFactory(title='a', readonly=True)
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Title", "b"),
])
if new is not _NOT_SPECIFIED:
data["Read-only"] = new
response = self.import_data(
data, person=all_models.Person.query.get(person_id))
exp_csv_responsse = {
"System": {
"row_errors": {
errors.PERMISSION_ERROR.format(line=3),
},
}
}
if new is not _NOT_SPECIFIED:
exp_csv_responsse['System']['row_warnings'] = {
errors.NON_ADMIN_ACCESS_ERROR.format(
line=3,
object_type="System",
column_name="Read-only",
),
}
self._check_csv_response(response, exp_csv_responsse)
obj = get_model("System").query.one()
self.assertEqual(obj.readonly, True)
self.assertEqual(obj.title, 'a')
def test_readonly_system_not_deleted_without_user_perms(self):
"""Test System with readonly=True can be deleted
This test ensures that user without permission for the object
cannot obtain value for flag readonly
"""
role_obj = all_models.Role.query.filter(
all_models.Role.name == "Creator").one()
with factories.single_commit():
person = factories.PersonFactory()
person_id = person.id
rbac_factories.UserRoleFactory(role=role_obj, person=person)
obj = factories.SystemFactory(title='a', readonly=True)
obj_id = obj.id
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Delete", "yes"),
])
response = self.import_data(
data,
person=all_models.Person.query.get(person_id)
)
self._check_csv_response(response, {
"System": {
"row_errors": {
"Line 3: Delete column is temporary disabled, please "
"use web interface to delete current object.",
errors.PERMISSION_ERROR.format(line=3),
},
}
})
obj = get_model("System").query.get(obj_id)
self.assertIsNotNone(obj)
def test_readonly_remove_folder_with_global_role(self, obj_type, role_name,
expected_status):
"""Test remove_folder read-only {0} by user with global role {1}"""
role_obj = all_models.Role.query.filter(
all_models.Role.name == role_name).one()
factory = factories.get_model_factory(obj_type)
with factories.single_commit():
obj_id = factory(folder="a", readonly=True).id
person = factories.PersonFactory()
rbac_factories.UserRoleFactory(role=role_obj, person=person)
person_id = person.id
self.api.set_user(all_models.Person.query.get(person_id))
response = self.api.client.post(
self.PATH_REMOVE_FOLDER, content_type="application/json",
data=self._get_request_data(obj_type, obj_id, folder="a"))
self.assertStatus(response, expected_status)
obj = get_model(obj_type).query.get(obj_id)
self.assertEqual(obj.folder, "a")
def test_readonly_update_by_role(self, role, old_readonly, new_readonly):
"""Test updating readonly attribute from {1} to {2}."""
role_obj = all_models.Role.query.filter(
all_models.Role.name == role
).one()
with factories.single_commit():
user = factories.PersonFactory()
system = factories.SystemFactory(readonly=old_readonly)
rbac_factories.UserRoleFactory(role=role_obj, person=user)
system.add_person_with_role_name(user, "Admin")
response = self.import_data(OrderedDict([
("object_type", "System"),
("Code*", system.slug),
("Admin", user.email),
("Read-only", new_readonly),
]), person=user)
expected_message = {
"System": {
"row_warnings": {
errors.NON_ADMIN_ACCESS_ERROR.format(
line=3,
column_name="Read-only",
object_type="System",
)
}
}
} if role != "Administrator" else {}
self._check_csv_response(response, expected_message)
obj = all_models.System.query.get(system.id)
self.assertEqual(
obj.readonly,
new_readonly if role == "Administrator" else old_readonly
)
