def test_readonly_set_by_role(self, role_name, expected_readonly): """Test setting Read-only to true under {}.""" role_obj = all_models.Role.query.filter( all_models.Role.name == role_name).one() with factories.single_commit(): user = factories.PersonFactory() rbac_factories.UserRoleFactory(role=role_obj, person=user) response = self.import_data(OrderedDict([ ("object_type", "System"), ("Code*", ""), ("Admin", user.email), ("Assignee", user.email), ("Verifier", user.email), ("Title", "New System"), ("Read-only", True), ]), person=user) expected_warning = { "System": { "row_warnings": { errors.NON_ADMIN_ACCESS_ERROR.format( line=3, object_type="System", column_name="Read-only") } } } if role_name != "Administrator" else {} self._check_csv_response(response, expected_warning) obj = all_models.System.query.filter_by(title="New System").first() self.assertEqual(obj.readonly, expected_readonly)
def test_readonly_unset_by_role(self, role_name, expected_readonly): """Test setting Read-only to false under {}.""" role_obj = all_models.Role.query.filter( all_models.Role.name == role_name).one() with factories.single_commit(): user = factories.PersonFactory() system = factories.SystemFactory(readonly=True) rbac_factories.UserRoleFactory(role=role_obj, person=user) system.add_person_with_role_name(user, "Admin") system_slug = system.slug user_id = user.id response = self.import_data( OrderedDict([ ("object_type", "System"), ("Code*", system_slug), ("Read-only", "no"), ]), person=all_models.Person.query.get(user_id)) expected_warning = { "System": { "row_warnings": { errors.NON_ADMIN_ACCESS_ERROR.format( line=3, object_type="System", column_name="Read-only") } } } if expected_readonly else {} self._check_csv_response(response, expected_warning) obj = all_models.System.query.filter_by(slug=system_slug).first() self.assertEqual(obj.readonly, expected_readonly)
def test_403_if_delete_readonly_without_perms(self, obj_type): """Test {0} with readonly=True DELETE returns 401 This test ensures that user without permission for the object cannot obtain value for flag readonly """ role_obj = all_models.Role.query.filter( all_models.Role.name == "Creator").one() factory = factories.get_model_factory(obj_type) with factories.single_commit(): # create Global Creator person = factories.PersonFactory() person_id = person.id rbac_factories.UserRoleFactory(role=role_obj, person=person) # Create object obj = factory(title='a', readonly=True) obj_id = obj.id self.object_generator.api.set_user( all_models.Person.query.get(person_id)) obj = get_model(obj_type).query.get(obj_id) resp = self.object_generator.api.delete(obj) self.assert403(resp) obj = get_model(obj_type).query.get(obj_id) self.assertIsNotNone(obj)
def test_user_cannot_get_readonly_value_without_perms(self, new): """Test readonly System not updated if new={0!r} and user has no perms This test ensures that user without permission for the object cannot obtain value for flag readonly """ role_obj = all_models.Role.query.filter( all_models.Role.name == "Creator").one() with factories.single_commit(): person = factories.PersonFactory() person_id = person.id rbac_factories.UserRoleFactory(role=role_obj, person=person) obj = factories.SystemFactory(title='a', readonly=True) data = OrderedDict([ ("object_type", "System"), ("Code*", obj.slug), ("Title", "b"), ]) if new is not _NOT_SPECIFIED: data["Read-only"] = new response = self.import_data( data, person=all_models.Person.query.get(person_id)) exp_csv_responsse = { "System": { "row_errors": { errors.PERMISSION_ERROR.format(line=3), }, } } if new is not _NOT_SPECIFIED: exp_csv_responsse['System']['row_warnings'] = { errors.NON_ADMIN_ACCESS_ERROR.format( line=3, object_type="System", column_name="Read-only", ), } self._check_csv_response(response, exp_csv_responsse) obj = get_model("System").query.one() self.assertEqual(obj.readonly, True) self.assertEqual(obj.title, 'a')
def test_readonly_system_not_deleted_without_user_perms(self): """Test System with readonly=True can be deleted This test ensures that user without permission for the object cannot obtain value for flag readonly """ role_obj = all_models.Role.query.filter( all_models.Role.name == "Creator").one() with factories.single_commit(): person = factories.PersonFactory() person_id = person.id rbac_factories.UserRoleFactory(role=role_obj, person=person) obj = factories.SystemFactory(title='a', readonly=True) obj_id = obj.id data = OrderedDict([ ("object_type", "System"), ("Code*", obj.slug), ("Delete", "yes"), ]) response = self.import_data( data, person=all_models.Person.query.get(person_id) ) self._check_csv_response(response, { "System": { "row_errors": { "Line 3: Delete column is temporary disabled, please " "use web interface to delete current object.", errors.PERMISSION_ERROR.format(line=3), }, } }) obj = get_model("System").query.get(obj_id) self.assertIsNotNone(obj)
def test_readonly_remove_folder_with_global_role(self, obj_type, role_name, expected_status): """Test remove_folder read-only {0} by user with global role {1}""" role_obj = all_models.Role.query.filter( all_models.Role.name == role_name).one() factory = factories.get_model_factory(obj_type) with factories.single_commit(): obj_id = factory(folder="a", readonly=True).id person = factories.PersonFactory() rbac_factories.UserRoleFactory(role=role_obj, person=person) person_id = person.id self.api.set_user(all_models.Person.query.get(person_id)) response = self.api.client.post( self.PATH_REMOVE_FOLDER, content_type="application/json", data=self._get_request_data(obj_type, obj_id, folder="a")) self.assertStatus(response, expected_status) obj = get_model(obj_type).query.get(obj_id) self.assertEqual(obj.folder, "a")
def test_readonly_update_by_role(self, role, old_readonly, new_readonly): """Test updating readonly attribute from {1} to {2}.""" role_obj = all_models.Role.query.filter( all_models.Role.name == role ).one() with factories.single_commit(): user = factories.PersonFactory() system = factories.SystemFactory(readonly=old_readonly) rbac_factories.UserRoleFactory(role=role_obj, person=user) system.add_person_with_role_name(user, "Admin") response = self.import_data(OrderedDict([ ("object_type", "System"), ("Code*", system.slug), ("Admin", user.email), ("Read-only", new_readonly), ]), person=user) expected_message = { "System": { "row_warnings": { errors.NON_ADMIN_ACCESS_ERROR.format( line=3, column_name="Read-only", object_type="System", ) } } } if role != "Administrator" else {} self._check_csv_response(response, expected_message) obj = all_models.System.query.get(system.id) self.assertEqual( obj.readonly, new_readonly if role == "Administrator" else old_readonly )