Example #1
0
class TestReader(TestCase):
  """Test that some objects cannot be deleted by anyone."""

  def setUp(self):
    super(TestReader, self).setUp()
    self.api = Api()
    self.object_generator = ObjectGenerator()
    self.init_users()
    self.init_objects()

  def init_users(self):
    """ Init users needed by the test cases """
    users = [("creator", "Creator"), ("reader", "Reader"),
             ("editor", "Editor"), ("admin", "Administrator")]
    self.users = {}
    for (name, role) in users:
      _, user = self.object_generator.generate_person(
          data={"name": name}, user_role=role)
      self.users[name] = user

  def init_objects(self):
    """Creates the objects used by all the tests"""
    self.api.set_user(self.users["admin"])
    _, person = self.object_generator.generate_person()

    self.objects = [person]

  def test_undeletable_objects(self):
    """No user shoud be allowed to delete these objects."""
    for role, user in self.users.iteritems():
      self.api.set_user(user)
      for obj in self.objects:
        response = self.api.delete(obj)
        self.assertEqual(response.status_code, 403,
                         "{} can delete {}".format(role, obj.type))
Example #2
0
class TestResource(TestCase):
  """
  Test /search REST API
  """

  def setUp(self):
    super(TestResource, self).setUp()
    self.api = Api()
    self.object_generator = ObjectGenerator()
    self.create_objects()

  def create_objects(self):
    """Create objects to be searched.

    Creates five Requirements and makes relationships.
    0   1   2   3   4
    |---|   |---|   |
    |-------|-------|
    """
    self.objects = [
        self.object_generator.generate_object(all_models.Requirement)[1].id
        for _ in xrange(5)
    ]
    self.objects = all_models.Requirement.eager_query().filter(
        all_models.Requirement.id.in_(self.objects)
    ).all()
    for src, dst in [(0, 1), (0, 2), (2, 3), (2, 4)]:
      self.object_generator.generate_relationship(
          self.objects[src], self.objects[dst]
      )

  def search(self, *args, **kwargs):
    res, _ = self.api.search(*args, **kwargs)
    return res.json["results"]["entries"]

  def test_search_all(self):
    """Test search for all objects of a type."""
    res, _ = self.api.search("Requirement")
    self.assertEqual(len(res.json["results"]["entries"]), 5)

  def test_search_query(self):
    """Test search with query by title."""
    entries = self.search("Requirement", query=self.objects[0].title)
    self.assertEqual({entry["id"] for entry in entries},
                     {self.objects[0].id})

  def test_search_relevant(self):
    """Test search with 'relevant to' single object."""
    relevant_objects = "Requirement:{}".format(self.objects[0].id)
    entries = self.search("Requirement", relevant_objects=relevant_objects)
    self.assertEqual({entry["id"] for entry in entries},
                     {self.objects[i].id for i in [1, 2]})

  def test_search_relevant_multi(self):
    """Test search with 'relevant to' multiple objects."""
    ids = ",".join("Requirement:{}".format(self.objects[i].id) for i in (0, 3))
    entries = self.search("Requirement", relevant_objects=ids)
    self.assertEqual({entry["id"] for entry in entries},
                     {self.objects[2].id})
Example #3
0
  def set_up_people(self):
    """Set up people with different roles needed by the tests"""
    self.people = {}
    object_generator = ObjectGenerator()

    for name in ["Creator", "Reader", "Editor"]:
      _, user = object_generator.generate_person(
          data={"name": name}, user_role=name)
      self.people[name] = user
Example #4
0
class TestCollection(TestCase, WithQueryApi):

  """Test for collection assessment objects."""

  def setUp(self):
    super(TestCollection, self).setUp()
    self.client.get("/login")
    self.clear_data()
    self.expected_ids = []
    self.api = Api()
    self.generator = ObjectGenerator()
    assessments = [factories.AssessmentFactory() for _ in range(10)]
    random.shuffle(assessments)
    for idx, assessment in enumerate(assessments):
      comment = factories.CommentFactory(description=str(idx))
      factories.RelationshipFactory(source=assessment, destination=comment)
      self.expected_ids.append(assessment.id)

  @data(True, False)
  def test_order_by_test(self, desc):
    """Order by fultext attr"""
    query = self._make_query_dict(
        "Assessment", order_by=[{"name": "comment", "desc": desc}]
    )
    expected_ids = self.expected_ids
    if desc:
      expected_ids = expected_ids[::-1]
    results = self._get_first_result_set(query, "Assessment", "values")
    self.assertEqual(expected_ids, [i['id'] for i in results])

  @data("Assessor", "Creator", "Verifier")
  def test_delete_assessment_by_role(self, role_name):
    """Delete assessment not allowed for based on Assignee Type."""
    with factories.single_commit():
      assessment = factories.AssessmentFactory()
      context = factories.ContextFactory(related_object=assessment)
      assessment.context = context
      person = factories.PersonFactory()
      object_person_rel = factories.RelationshipFactory(
          source=assessment, destination=person)
      factories.RelationshipAttrFactory(
          relationship_id=object_person_rel.id,
          attr_name="AssigneeType",
          attr_value=role_name,
      )
    assessment_id = assessment.id
    role = all_models.Role.query.filter(
        all_models.Role.name == "Creator"
    ).first()
    self.generator.generate_user_role(person, role, context)
    self.api.set_user(person)
    assessment = all_models.Assessment.query.get(assessment_id)
    resp = self.api.delete(assessment)
    self.assert403(resp)
    self.assertTrue(all_models.Assessment.query.filter(
        all_models.Assessment.id == assessment_id).one())
  def setUp(self):
    """Setup stage for each test.

    Generate all required objects and custom attributes for import of csvs
    containing custom attributes. This stage also initializes a http client
    that is used for sending import/export requests.
    """
    if TestCustomAttributeImportExport._set_up:
      super(TestCustomAttributeImportExport, self).setUp()
      self.generator = ObjectGenerator()
      self.create_custom_attributes()
      self.create_people()
    self.client.get("/login")
    self.headers = ObjectGenerator.get_header()
    TestCustomAttributeImportExport._set_up = False
Example #6
0
 def setUp(self):
   super(TestReader, self).setUp()
   self.generator = Generator()
   self.api = Api()
   self.object_generator = ObjectGenerator()
   self.init_users()
   self.init_assignable()
Example #7
0
class TestFilteringByRequest(TestCase):
  """Test filter query by request"""

  def setUp(self):
    super(TestFilteringByRequest, self).setUp()
    self.object_generator = ObjectGenerator()
    self.api = Api()
    self.init_users()

  def init_users(self):
    """ Init users needed by the test cases """
    users = (
        ("creator", "Creator"),
        ("admin", "Administrator"),
        ("john", None),
    )
    self.users = {}
    for (name, role) in users:
      _, user = self.object_generator.generate_person(
          data={"name": name}, user_role=role)
      self.users[name] = user

  def test_no_role_users_filtering(self):
    """Test 'No Role' users filtering"""
    self.api.set_user(self.users['admin'])
    response = self.api.get_query(all_models.Person, "__no_role=true")

    self.assertEqual(response.status_code, 200)
    self.assertEqual(len(response.json['people_collection']['people']), 1)
    self.assertEqual(
        response.json['people_collection']['people'][0]['name'],
        'john'
    )
Example #8
0
class TestBackgroundTask(TestCase):
  """Tests for background task model."""

  def setUp(self):
    """setUp, nothing else to add."""
    super(TestBackgroundTask, self).setUp()
    self.api = api_helper.Api()
    self.object_generator = ObjectGenerator()

  def test_bg_task_from_post(self):
    """Test filtering of GET response for BackgroundTask"""
    from ggrc.models import all_models

    with self.object_generator.api.as_external():
      response, _ = self.object_generator.generate_object(
          all_models.Control, with_background_tasks=True)
    self.assertEqual(response.status_code, 201)
    bg_tasks = all_models.BackgroundTask.query.filter(
        all_models.BackgroundTask.name.like("%POST%")).all()
    self.assertEqual(len(bg_tasks), 1)

    content = self.api.client.get("/api/background_tasks")
    self.assert200(content)
    bg_tasks_content = \
        content.json['background_tasks_collection']['background_tasks']
    self.assertEqual(set(bg_tasks_content[0].keys()),
                     {"id", "selfLink", "status", "type"})

    task_id = bg_tasks[0].id
    content = self.api.client.get("/api/background_tasks/{}".format(task_id))
    self.assert200(content)
    bg_task_content = \
        content.json['background_task']
    self.assertEqual(set(bg_task_content.keys()),
                     {"id", "selfLink", "status", "type"})
Example #9
0
  def setUp(self):
    super(TestPermissionsOnAssessmentRelatedAssignables, self).setUp()
    self.api = Api()
    self.generator = ObjectGenerator()

    _, self.reader = self.generator.generate_person(
        user_role="Reader"
    )
    audit = factories.AuditFactory()
    assessment = factories.AssessmentFactory(audit=audit)
    object_person_rel = factories.RelationshipFactory(
        source=assessment,
        destination=self.reader
    )
    factories.RelationshipAttrFactory(
        relationship_id=object_person_rel.id,
        attr_name="AssigneeType",
        attr_value="Assessor"
    )

    factories.RelationshipFactory(source=audit, destination=assessment)
    document = factories.DocumentFactory()
    document_id = document.id
    doc_rel = factories.RelationshipFactory(source=assessment,
                                            destination=document)
    doc_rel_id = doc_rel.id

    self.api.set_user(self.reader)
    self.document = all_models.Document.query.get(document_id)
    self.doc_relationship = all_models.Relationship.query.get(doc_rel_id)
Example #10
0
  def setUp(self):
    super(WorkflowTestCase, self).setUp()
    self.api = Api()
    self.generator = WorkflowsGenerator()
    self.object_generator = ObjectGenerator()

    self.random_objects = self.object_generator.generate_random_objects()
Example #11
0
  def setUp(self):
    super(TestPermissionsOnAssessmentRelatedAssignables, self).setUp()
    self.api = Api()
    self.generator = ObjectGenerator()

    _, self.reader = self.generator.generate_person(
        user_role="Reader"
    )
    audit = factories.AuditFactory()
    assessment = factories.AssessmentFactory(audit=audit)
    ac_role = all_models.AccessControlRole.query.filter_by(
        object_type=assessment.type, name="Assignees"
    ).first()
    factories.AccessControlListFactory(
        ac_role=ac_role,
        object=assessment,
        person=self.reader
    )
    factories.RelationshipFactory(source=audit, destination=assessment)
    evidence = factories.EvidenceUrlFactory()
    evidence_id = evidence.id
    evid_rel = factories.RelationshipFactory(source=assessment,
                                             destination=evidence)
    evid_rel_id = evid_rel.id

    self.api.set_user(self.reader)
    self.evidence = all_models.Evidence.query.get(evidence_id)
    self.evid_relationship = all_models.Relationship.query.get(evid_rel_id)
  def setUp(self):
    super(TestBasicWorkflowActions, self).setUp()
    self.api = Api()
    self.generator = WorkflowsGenerator()
    self.object_generator = ObjectGenerator()

    self.random_objects = self.object_generator.generate_random_objects()
    self.create_test_cases()
  def setUp(self):  # noqa
    super(TestBacklogWorkflow, self).setUp()
    self.api = Api()
    self.generator = WorkflowsGenerator()
    self.object_generator = ObjectGenerator()

    self.random_objects = self.object_generator.generate_random_objects()
    self.create_backlog_workflow()
Example #14
0
 def setUp(self):
   super(TestReader, self).setUp()
   self.audit_id = factories.AuditFactory().id
   self.generator = Generator()
   self.api = Api()
   self.object_generator = ObjectGenerator()
   self.init_users()
   self.init_assignable()
Example #15
0
 def setUp(self):
   super(TestCreatorAudit, self).setUp()
   self.generator = Generator()
   self.api = Api()
   self.object_generator = ObjectGenerator()
   self.init_users()
   self.init_test_cases()
   self.objects = {}
Example #16
0
  def setUp(self):
    """Set up."""
    super(TestNotificationsHistory, self).setUp()
    self.wf_generator = WorkflowsGenerator()
    self.object_generator = ObjectGenerator()
    _, self.user = self.object_generator.generate_person(
        user_role="Administrator")

    self._create_test_cases()
 def setUp(self):
   super(TestAccessControlRole, self).setUp()
   self.api = Api()
   self.object_generator = ObjectGenerator()
   self.people = {}
   for name in ["Creator", "Reader", "Editor"]:
     _, user = self.object_generator.generate_person(
         data={"name": name}, user_role=name)
     self.people[name] = user
Example #18
0
  def setUp(self):
    super(TestRecurringCycleNotifications, self).setUp()
    self.api = Api()
    self.generator = WorkflowsGenerator()
    self.object_generator = ObjectGenerator()

    _, self.assignee = self.object_generator.generate_person(
        user_role="Administrator")

    self.create_test_cases()
Example #19
0
 def setUp(self):
   super(TestFilterByAuditor, self).setUp()
   self.api = Api()
   self.generator = ObjectGenerator()
   _, self.auditor = self.generator.generate_person(user_role="Creator")
   with factories.single_commit():
     self.audit = factories.AuditFactory(status="In Progress")
     self.audit_id = self.audit.id
     audit_context = factories.ContextFactory()
     self.audit.context = audit_context
     self.audit.add_person_with_role_name(self.auditor, "Auditors")
   self.api.set_user(self.auditor)
Example #20
0
  def test_add_comment(self):
    """Test add comment action."""
    generator = ObjectGenerator()

    _, reader = generator.generate_person(user_role="Administrator")
    self.api.set_user(reader)

    assessment = factories.AssessmentFactory()
    context = factories.ContextFactory(related_object=assessment)
    assessment.context = context

    acrs = all_models.AccessControlRole.query.filter(
        all_models.AccessControlRole.object_type == "Assessment",
        all_models.AccessControlRole.name.in_(["Assignees", "Creators"]),
    )

    for acr in acrs:
      factories.AccessControlListFactory(
          ac_role=acr,
          object=assessment,
          person=reader
      )

    response = self.api.put(assessment, {"actions": {"add_related": [
        {
            "id": None,
            "type": "Comment",
            "description": "comment",
            "custom_attribute_definition_id": None,
        }
    ]}})
    self.assert200(response)
    # last relationship id (newly created relationship)
    relationship = _get_relationship(
        "Assessment", response.json["assessment"]["id"])
    self.assertIsNotNone(relationship)
    comment = all_models.Comment.query.get(relationship.destination_id)
    self.assertEqual(comment.description, "comment")
    self.assertEqual(comment.assignee_type, "Assignees,Creators")
    self.assertEqual(comment.context_id, assessment.context_id)
  def setUp(self):
    super(TestRecurringWorkflowRevisions, self).setUp()
    self.wf_generator = WorkflowsGenerator()
    self.object_generator = ObjectGenerator()

    self.random_objects = self.object_generator.generate_random_objects()
    _, self.person_1 = self.object_generator.generate_person(
        user_role="Administrator")
    _, self.person_2 = self.object_generator.generate_person(
        user_role="Administrator")

    def person_dict(person_id):
      return {
          "href": "/api/people/%d" % person_id,
          "id": person_id,
          "type": "Person"
      }
    self.monthly_workflow = {
        "title": "test monthly wf notifications",
        "notify_on_change": True,
        "description": "some test workflow",
        "owners": [person_dict(self.person_2.id)],
        "unit": "month",
        "repeat_every": 1,
        "task_groups": [{
            "title": "one time task group",
            "contact": person_dict(self.person_1.id),
            "task_group_tasks": [{
                "title": "task 1",
                "description": "some task",
                "contact": person_dict(self.person_1.id),
            }, {
                "title": "task 2",
                "description": "some task",
                "contact": person_dict(self.person_1.id),
            }],
            "task_group_objects": self.random_objects[:2]
        }, {
            "title": "another one time task group",
            "contact": person_dict(self.person_1.id),
            "task_group_tasks": [{
                "title": "task 1 in tg 2",
                "description": "some task",
                "contact": person_dict(self.person_1.id),
            }, {
                "title": "task 2 in tg 2",
                "description": "some task",
                "contact": person_dict(self.person_2.id),
            }],
            "task_group_objects": []
        }]
    }
Example #22
0
 def setUp(self):
   super(TestCollection, self).setUp()
   self.client.get("/login")
   self.clear_data()
   self.expected_ids = []
   self.api = Api()
   self.generator = ObjectGenerator()
   assessments = [factories.AssessmentFactory() for _ in range(10)]
   random.shuffle(assessments)
   for idx, assessment in enumerate(assessments):
     comment = factories.CommentFactory(description=str(idx))
     factories.RelationshipFactory(source=assessment, destination=comment)
     self.expected_ids.append(assessment.id)
Example #23
0
  def test_add_comment(self):
    """Test add comment action."""
    generator = ObjectGenerator()

    _, reader = generator.generate_person(user_role="Reader")
    self.api.set_user(reader)

    assessment = factories.AssessmentFactory()
    context = factories.ContextFactory(related_object=assessment)
    assessment.context = context

    object_person_rel = factories.RelationshipFactory(
        source=assessment,
        destination=reader
    )
    factories.RelationshipAttrFactory(
        relationship_id=object_person_rel.id,
        attr_name="AssigneeType",
        attr_value="Creator,Assessor"
    )

    response = self.api.put(assessment, {"actions": {"add_related": [
        {
            "id": None,
            "type": "Comment",
            "description": "comment",
            "custom_attribute_definition_id": None,
        }
    ]}})
    self.assert200(response)
    # last relationship id (newly created relationship)
    rel_id = max(i["id"] for i in
                 response.json["assessment"]["related_destinations"])
    relationship = all_models.Relationship.query.get(rel_id)
    self.assertIsNotNone(relationship)
    comment = all_models.Comment.query.get(relationship.destination_id)
    self.assertEqual(comment.description, "comment")
    self.assertEqual(comment.assignee_type, "Creator,Assessor")
    self.assertEqual(comment.context_id, assessment.context_id)
Example #24
0
class TestPermissions(TestCase):
  """Test permissions for background tasks"""

  def setUp(self):
    super(TestPermissions, self).setUp()
    self.api = api_helper.Api()
    self.object_generator = ObjectGenerator()
    self.init_users()

  def init_users(self):
    """ Init users needed by the test cases """
    users = [("reader", "Reader"),
             ("admin", "Administrator"),
             ("creator", "Creator")]
    self.users = {}
    for (name, role) in users:
      _, user = self.object_generator.generate_person(
          data={"name": name}, user_role=role)
      self.users[name] = user

  def test_bg_tasks_access(self):
    """Only admin can use admin requirement"""
    from ggrc.models import all_models

    with self.object_generator.api.as_external():
      response, _ = self.object_generator.generate_object(
          all_models.Control, with_background_tasks=True)
    self.assertEqual(response.status_code, 201)

    for role in ("reader", "creator", "admin"):
      self.api.set_user(self.users[role])
      content = self.api.client.get("/api/background_tasks")
      self.assert200(content)
      bg_tasks_content = \
          content.json['background_tasks_collection']['background_tasks']
      for bg_task_content in bg_tasks_content:
        self.assertEqual(set(bg_task_content.keys()),
                         {"id", "selfLink", "status", "type"})
      self.assertTrue(len(bg_tasks_content) >= 1)
  def setUp(self):
    super(TestTaskOverdueNotificationsUsingAPI, self).setUp()
    self.api = Api()
    self.wf_generator = WorkflowsGenerator()
    self.object_generator = ObjectGenerator()
    models.Notification.query.delete()

    self._fix_notification_init()

    self.random_objects = self.object_generator.generate_random_objects(2)
    _, self.user = self.object_generator.generate_person(
        user_role="Administrator")
    self._create_test_cases()
Example #26
0
class TestPersonProfilePermissions(TestCase):
  """Test PersonProfile."""

  def setUp(self):
    super(TestPersonProfilePermissions, self).setUp()
    self.generator = Generator()
    self.api = Api()
    self.object_generator = ObjectGenerator()
    self.init_users()

  def init_users(self):
    """Init user with different roles."""
    users = [("reader", "Reader"),
             ("editor", "Editor"),
             ("admin", "Administrator"),
             ("creator", "Creator")]
    self.users = {}
    for (name, role) in users:
      _, user = self.object_generator.generate_person(
          data={"name": name},
          user_role=role
      )
      self.users[name] = user

  @ddt.data("reader", "editor", "admin", "creator")
  def test_permissions(self, name):
    """Test permissions for user roles."""
    user = all_models.Person.query.get(self.users[name].id)
    profile = all_models.PersonProfile.query.join(
        all_models.PersonProfile.person
    ).filter_by(
        email=user.email
    ).one()
    self.api.set_user(self.users[name])
    response = self.api.get(all_models.PersonProfile, profile.id)
    self.assert200(response)

    new_date = "2018-05-20 22:05:17"
    response = self.api.put(profile, {
        "people_profiles": {
            "id": profile.id,
            "last_seen_whats_new": new_date,
        },
    })
    self.assert200(response)

    response = self.api.delete(profile)
    if name == "admin":
      self.assert200(response)
    else:
      self.assert403(response)
class TestPermissions(TestCase):
  """Test permissions for background tasks"""

  def setUp(self):
    super(TestPermissions, self).setUp()
    self.api = api_helper.Api()
    self.object_generator = ObjectGenerator()
    self.init_users()

  def init_users(self):
    """ Init users needed by the test cases """
    users = [("reader", "Reader"),
             ("admin", "Administrator"),
             ("creator", "Creator")]
    self.users = {}
    for (name, role) in users:
      _, user = self.object_generator.generate_person(
          data={"name": name}, user_role=role)
      self.users[name] = user

  def test_bg_tasks_access(self):
    """Only admin can use admin requirement"""
    from ggrc.models import all_models

    response, _ = self.object_generator.generate_object(
        all_models.Control, with_background_tasks=True)
    self.assertEqual(response.status_code, 201)

    for role in ("reader", "creator", "admin"):
      self.api.set_user(self.users[role])
      content = self.api.client.get("/api/background_tasks")
      self.assert200(content)
      bg_tasks_content = \
          content.json['background_tasks_collection']['background_tasks']
      for bg_task_content in bg_tasks_content:
        self.assertEqual(set(bg_task_content.keys()),
                         {"id", "selfLink", "status", "type"})
      self.assertTrue(len(bg_tasks_content) >= 1)
Example #28
0
  def setUp(self):
    super(TestPermissionsOnAssessmentTemplate, self).setUp()
    self.api = Api()
    editor = all_models.AccessControlRole.query.filter(
        all_models.AccessControlRole.name == "Program Editors"
    ).one()
    self.generator = ObjectGenerator()
    _, self.editor = self.generator.generate_person(
        user_role="Creator"
    )
    _, program = self.generator.generate_object(all_models.Program, {
        "access_control_list": [
            acl_helper.get_acl_json(editor.id,
                                    self.editor.id)
        ]
    })
    program_id = program.id
    _, audit = self.generator.generate_object(
        all_models.Audit,
        {
            "title": "Assessment Template test Audit",
            "program": {"id": program_id},
            "status": "Planned"
        },
    )
    audit_id = audit.id

    generated_at = self.generator.generate_object(
        all_models.AssessmentTemplate,
        self._get_assessment_template_base("Template", audit)
    )
    self.assessment_template_resp, assessment_template = generated_at
    assessment_template_id = assessment_template.id
    self.api.set_user(self.editor)
    self.perms_data = self.api.client.get("/permissions").json
    self.audit = all_models.Audit.query.get(audit_id)
    self.assessment_template = all_models.AssessmentTemplate.query.get(
        assessment_template_id)
Example #29
0
  def setUp(self):
    super(TestPermissionsOnAssessmentTemplate, self).setUp()
    self.api = Api()
    self.generator = ObjectGenerator()
    _, program = self.generator.generate_object(all_models.Program)
    program_id = program.id
    _, self.editor = self.generator.generate_person(
        user_role="Creator"
    )
    role = perms.all_models.Role.query.filter(
        perms.all_models.Role.name == "ProgramEditor"
    ).first()
    self.generator.generate_user_role(
        self.editor,
        role,
        all_models.Program.query.get(program_id)
    )
    _, audit = self.generator.generate_object(
        all_models.Audit,
        {
            "title": "Audit",
            "program": {"id": program_id},
            "status": "Planned"
        },
    )
    audit_id = audit.id

    generated_at = self.generator.generate_object(
        all_models.AssessmentTemplate,
        {
            "title": "Template",
            "_NON_RELEVANT_OBJ_TYPES": {},
            "_objectTypes": {},
            "audit": {"id": audit.id},
            "audit_title": audit.title,
            "people_value": [],
            "default_people": {
                "assessors": "Object Owners",
                "verifiers": "Object Owners",
            },
            "context": {"id": audit.context.id},
        }
    )
    self.assessment_template_resp, assessment_template = generated_at
    assessment_template_id = assessment_template.id
    self.api.set_user(self.editor)
    self.perms_data = self.api.client.get("/permissions").json
    self.audit = all_models.Audit.query.get(audit_id)
    self.assessment_template = all_models.AssessmentTemplate.query.get(
        assessment_template_id)
Example #30
0
class TestPermissionsOnAssessmentRelatedAssignables(TestCase):
  """Test check Reader permissions for Assessment related assignables

  Global Reader once assigned to Assessment as Assessor, should have
  permissions to read/update/delete URLs(Documents) related to this Assessment
  """
  def setUp(self):
    super(TestPermissionsOnAssessmentRelatedAssignables, self).setUp()
    self.api = Api()
    self.generator = ObjectGenerator()

    _, self.reader = self.generator.generate_person(
        user_role="Reader"
    )
    audit = factories.AuditFactory()
    assessment = factories.AssessmentFactory(audit=audit)
    object_person_rel = factories.RelationshipFactory(
        source=assessment,
        destination=self.reader
    )
    factories.RelationshipAttrFactory(
        relationship_id=object_person_rel.id,
        attr_name="AssigneeType",
        attr_value="Assessor"
    )

    factories.RelationshipFactory(source=audit, destination=assessment)
    document = factories.DocumentFactory()
    document_id = document.id
    doc_rel = factories.RelationshipFactory(source=assessment,
                                            destination=document)
    doc_rel_id = doc_rel.id

    self.api.set_user(self.reader)
    self.document = all_models.Document.query.get(document_id)
    self.doc_relationship = all_models.Relationship.query.get(doc_rel_id)

  def test_delete_action(self):
    """Test permissions for delete action on Document"""
    resp = self.api.delete(self.document)
    self.assert200(resp)
    self.assertFalse(all_models.Document.query.filter(
        all_models.Document.id == self.document.id).all())

  def test_unmap_action(self):
    """Test permissions for unmap action on Document"""
    resp = self.api.delete(self.doc_relationship)
    self.assert200(resp)
    self.assertFalse(all_models.Relationship.query.filter(
        all_models.Relationship.id == self.doc_relationship.id).all())
Example #31
0
class TestFilteringByRequest(TestCase):
  """Test filter query by request"""

  def setUp(self):
    super(TestFilteringByRequest, self).setUp()
    self.object_generator = ObjectGenerator()
    self.api = Api()
    self.init_users()

  def init_users(self):
    """ Init users needed by the test cases """
    users = (
        ("creator", "Creator"),
        ("admin", "Administrator"),
        ("john", "WorkflowOwner")
    )
    self.users = {}
    for (name, role) in users:
      _, user = self.object_generator.generate_person(
          data={"name": name}, user_role=role)
      self.users[name] = user
    context = (
        db.session.query(all_models.Context).filter(
            all_models.Context.id != 0
        ).first()
    )
    user_role = (
        db.session.query(all_models.UserRole).join(all_models.Person).
        filter(
            and_(
                all_models.UserRole.person_id == all_models.Person.id,
                all_models.Person.name == "john"
            )
        ).first()
    )
    user_role.context_id = context.id
    db.session.commit()
    db.session.flush()

  def test_no_role_users_filtering(self):
    """Test 'No Role' users filtering"""
    self.api.set_user(self.users['admin'])
    response = self.api.get_query(all_models.Person, "__no_role=true")

    self.assertEqual(response.status_code, 200)
    self.assertEqual(len(response.json['people_collection']['people']), 1)
    self.assertEqual(
        response.json['people_collection']['people'][0]['name'],
        'john'
    )
class TestAccessControlRole(TestCase):
  """TestAccessControlRole"""

  def setUp(self):
    super(TestAccessControlRole, self).setUp()
    self.api = Api()
    self.object_generator = ObjectGenerator()
    self.people = {}
    for name in ["Creator", "Reader", "Editor"]:
      _, user = self.object_generator.generate_person(
          data={"name": name}, user_role=name)
      self.people[name] = user

  def _post_role(self):
    """Helper function for POSTing roles"""
    name = random_str(prefix="Access Control Role - ")
    return self.api.post(AccessControlRole, {
        "access_control_role": {
            "name": name,
            "object_type": "Control",
            "context": None,
            "read": True
        },
    })

  def test_create(self):
    """Test Access Control Role creation"""
    response = self._post_role()
    assert response.status_code == 201, \
        "Failed to create a new access control role, response was {}".format(
            response.status)

    id_ = response.json['access_control_role']['id']
    role = AccessControlRole.query.filter(AccessControlRole.id == id_).first()
    assert role.read == 1, \
        "Read permission not correctly saved {}".format(role.read)
    assert role.update == 1, \
        "Update permission not correctly saved {}".format(role.update)
    assert role.delete == 1, \
        "Update permission not correctly saved {}".format(role.delete)

  def test_only_admin_can_post(self):
    """Only admin users should be able to POST access control roles"""
    for name in ("Creator", "Reader", "Editor"):
      person = self.people.get(name)
      self.api.set_user(person)
      response = self._post_role()
      assert response.status_code == 403, \
          "Non admins should get forbidden error when POSTing role. {}".format(
              response.status)
Example #33
0
class TestFilteringByRequest(TestCase):
  """Test filter query by request"""

  def setUp(self):
    super(TestFilteringByRequest, self).setUp()
    self.object_generator = ObjectGenerator()
    self.api = Api()
    self.init_users()

  def init_users(self):
    """ Init users needed by the test cases """
    users = (
        ("creator", "Creator"),
        ("admin", "Administrator"),
        ("john", "WorkflowOwner")
    )
    self.users = {}
    for (name, role) in users:
      _, user = self.object_generator.generate_person(
          data={"name": name}, user_role=role)
      self.users[name] = user
    context = (
        db.session.query(all_models.Context).filter(
            all_models.Context.id != 0
        ).first()
    )
    user_role = (
        db.session.query(all_models.UserRole).join(all_models.Person).
        filter(
            and_(
                all_models.UserRole.person_id == all_models.Person.id,
                all_models.Person.name == "john"
            )
        ).first()
    )
    user_role.context_id = context.id
    db.session.commit()
    db.session.flush()

  def test_no_role_users_filtering(self):
    """Test 'No Role' users filtering"""
    self.api.set_user(self.users['admin'])
    response = self.api.get_query(all_models.Person, "__no_role=true")

    self.assertEqual(response.status_code, 200)
    self.assertEqual(len(response.json['people_collection']['people']), 1)
    self.assertEqual(
        response.json['people_collection']['people'][0]['name'],
        'john'
    )
Example #34
0
  def setUp(self):
    TestCase.setUp(self)
    self.generator = ObjectGenerator()
    self.client.get("/login")

    self.create_custom_attributes()
    filename = "comprehensive_sheet1.csv"
    self.import_file(filename)

    gen = WorkflowsGenerator()
    wfs = all_models.Workflow.eager_query().filter_by(status='Draft').all()
    for workflow in wfs:
      _, cycle = gen.generate_cycle(workflow)
      self.assertIsNotNone(cycle)
Example #35
0
  def test_import_lcad_changed(self, status):
    """Test notifications for '{}' Assessment if LCAD changed in import."""
    object_generator = ObjectGenerator()
    _, user = object_generator.generate_person(user_role="Creator")
    with factories.single_commit():
      assessment = factories.AssessmentFactory()
      factories.CustomAttributeDefinitionFactory(
          title="Test LCAD",
          definition_type="assessment",
          definition_id=assessment.id,
          attribute_type="Text",
      )
    assessment.add_person_with_role_name(user, "Verifiers")
    assessment.status = status
    db.session.commit()

    response = self.import_data(collections.OrderedDict([
        ("object_type", "Assessment"),
        ("Code*", assessment.slug),
        ("Test LCAD", "some value"),
    ]))
    self._check_csv_response(response, {})
    self.assert_asmnt_notifications()
Example #36
0
    def setUp(self):
        super(TestPermissionsOnAssessmentRelatedAssignables, self).setUp()
        self.api = Api()
        self.generator = ObjectGenerator()

        _, self.reader = self.generator.generate_person(user_role="Reader")
        audit = factories.AuditFactory()
        assessment = factories.AssessmentFactory(audit=audit)
        ac_role = all_models.AccessControlRole.query.filter_by(
            object_type=assessment.type, name="Assignees").first()
        factories.AccessControlListFactory(ac_role=ac_role,
                                           object=assessment,
                                           person=self.reader)
        factories.RelationshipFactory(source=audit, destination=assessment)
        document = factories.DocumentFactory()
        document_id = document.id
        doc_rel = factories.RelationshipFactory(source=assessment,
                                                destination=document)
        doc_rel_id = doc_rel.id

        self.api.set_user(self.reader)
        self.document = all_models.Document.query.get(document_id)
        self.doc_relationship = all_models.Relationship.query.get(doc_rel_id)
    def setUp(self):
        super(TestComprehensiveSheets, self).setUp()
        self.client.get("/login")
        self.generator = ObjectGenerator()

        self.create_custom_attributes()
        # TODO: use here such a CSV that doesn't have errors or warnings
        self.import_file("comprehensive_sheet1.csv", safe=False)

        gen = WorkflowsGenerator()
        wfs = all_models.Workflow.eager_query().filter_by(status='Draft').all()
        for workflow in wfs:
            _, cycle = gen.generate_cycle(workflow)
            self.assertIsNotNone(cycle)
Example #38
0
    def setUp(self):
        super(TestPermissionsOnAssessmentRelatedAssignables, self).setUp()
        self.api = Api()
        self.generator = ObjectGenerator()

        _, self.reader = self.generator.generate_person(user_role="Reader")
        audit = factories.AuditFactory()
        assessment = factories.AssessmentFactory(audit=audit)
        object_person_rel = factories.RelationshipFactory(
            source=assessment, destination=self.reader)
        factories.RelationshipAttrFactory(relationship_id=object_person_rel.id,
                                          attr_name="AssigneeType",
                                          attr_value="Assessor")

        factories.RelationshipFactory(source=audit, destination=assessment)
        document = factories.DocumentFactory()
        document_id = document.id
        doc_rel = factories.RelationshipFactory(source=assessment,
                                                destination=document)
        doc_rel_id = doc_rel.id

        self.api.set_user(self.reader)
        self.document = all_models.Document.query.get(document_id)
        self.doc_relationship = all_models.Relationship.query.get(doc_rel_id)
  def setUp(self):
    self.client.get("/login")
    self.generator = ObjectGenerator()
    if TestComprehensiveSheets.first_run:
      TestComprehensiveSheets.first_run = False
      super(TestComprehensiveSheets, self).setUp()

      self.create_custom_attributes()
      self.import_file("comprehensive_sheet1.csv")

      gen = WorkflowsGenerator()
      wfs = all_models.Workflow.eager_query().filter_by(status='Draft').all()
      for workflow in wfs:
        _, cycle = gen.generate_cycle(workflow)
        self.assertIsNotNone(cycle)
Example #40
0
  def setUp(self):
    super(TestPermissionsOnAssessmentRelatedAssignables, self).setUp()
    self.api = Api()
    self.generator = ObjectGenerator()

    _, self.reader = self.generator.generate_person(
        user_role="Reader"
    )
    audit = factories.AuditFactory()
    assessment = factories.AssessmentFactory(audit=audit)
    factories.AccessControlPersonFactory(
        ac_list=assessment.acr_name_acl_map["Assignees"],
        person=self.reader,
    )
    factories.RelationshipFactory(source=audit, destination=assessment)
    evidence = factories.EvidenceUrlFactory()
    evidence_id = evidence.id
    evid_rel = factories.RelationshipFactory(source=assessment,
                                             destination=evidence)
    evid_rel_id = evid_rel.id

    self.api.set_user(self.reader)
    self.evidence = all_models.Evidence.query.get(evidence_id)
    self.evid_relationship = all_models.Relationship.query.get(evid_rel_id)
Example #41
0
    def test_add_comment(self):
        """Test add comment action."""
        generator = ObjectGenerator()

        _, reader = generator.generate_person(user_role="Reader")
        self.api.set_user(reader)

        assessment = factories.AssessmentFactory()
        context = factories.ContextFactory(related_object=assessment)
        assessment.context = context

        object_person_rel = factories.RelationshipFactory(source=assessment,
                                                          destination=reader)
        factories.RelationshipAttrFactory(relationship_id=object_person_rel.id,
                                          attr_name="AssigneeType",
                                          attr_value="Creator,Assessor")

        response = self.api.put(
            assessment, {
                "actions": {
                    "add_related": [{
                        "id": None,
                        "type": "Comment",
                        "description": "comment",
                        "custom_attribute_definition_id": None,
                    }]
                }
            })
        self.assert200(response)
        rel_id = response.json["assessment"]["related_destinations"][0]["id"]
        relationship = all_models.Relationship.query.get(rel_id)
        self.assertIsNotNone(relationship)
        comment = all_models.Comment.query.get(relationship.destination_id)
        self.assertEqual(comment.description, "comment")
        self.assertEqual(comment.assignee_type, "Creator,Assessor")
        self.assertEqual(comment.context_id, assessment.context_id)
Example #42
0
    def setUp(self):
        super(TestWorkflowCycleStatePropagation, self).setUp()
        self.api = Api()
        self.generator = WorkflowsGenerator()
        self.object_generator = ObjectGenerator()

        self.weekly_wf = {
            "title": "weekly thingy",
            "description": "start this many a time",
            "unit": "week",
            "repeat_every": 1,
            "task_groups": [{
                "title": "weekly task group",
            }]
        }
  def setUp(self):
    super(TestOneTimeWorkflowNotification, self).setUp()
    self.api = Api()
    self.wf_generator = WorkflowsGenerator()
    self.object_generator = ObjectGenerator()

    self.random_objects = self.object_generator.generate_random_objects()
    self.random_people = [
        self.object_generator.generate_person(user_role="Administrator")[1]
        for _ in range(5)]
    self.create_test_cases()

    self.create_users()

    db.session.query(Notification).delete()

    def init_decorator(init):
      def new_init(self, *args, **kwargs):
        init(self, *args, **kwargs)
        if hasattr(self, "created_at"):
          self.created_at = datetime.now()
      return new_init

    Notification.__init__ = init_decorator(Notification.__init__)
Example #44
0
class TestPermissionsOnAssessmentRelatedAssignables(TestCase):
    """Test check Reader permissions for Assessment related assignables

  Global Reader once assigned to Assessment as Assessor, should have
  permissions to read/update/delete URLs(Documents) related to this Assessment
  """
    def setUp(self):
        super(TestPermissionsOnAssessmentRelatedAssignables, self).setUp()
        self.api = Api()
        self.generator = ObjectGenerator()

        _, self.reader = self.generator.generate_person(user_role="Reader")
        audit = factories.AuditFactory()
        assessment = factories.AssessmentFactory(audit=audit)
        object_person_rel = factories.RelationshipFactory(
            source=assessment, destination=self.reader)
        factories.RelationshipAttrFactory(relationship_id=object_person_rel.id,
                                          attr_name="AssigneeType",
                                          attr_value="Assessor")

        factories.RelationshipFactory(source=audit, destination=assessment)
        document = factories.DocumentFactory()
        document_id = document.id
        doc_rel = factories.RelationshipFactory(source=assessment,
                                                destination=document)
        doc_rel_id = doc_rel.id

        self.api.set_user(self.reader)
        self.document = all_models.Document.query.get(document_id)
        self.doc_relationship = all_models.Relationship.query.get(doc_rel_id)

    def test_delete_action(self):
        """Test permissions for delete action on Document"""
        resp = self.api.delete(self.document)
        self.assert200(resp)
        self.assertFalse(
            all_models.Document.query.filter(
                all_models.Document.id == self.document.id).all())

    def test_unmap_action(self):
        """Test permissions for unmap action on Document"""
        resp = self.api.delete(self.doc_relationship)
        self.assert200(resp)
        self.assertFalse(
            all_models.Relationship.query.filter(
                all_models.Relationship.id == self.doc_relationship.id).all())
class TestPersonProfilePermissions(TestCase):
    """Test PersonProfile."""
    def setUp(self):
        super(TestPersonProfilePermissions, self).setUp()
        self.generator = Generator()
        self.api = Api()
        self.object_generator = ObjectGenerator()
        self.init_users()

    def init_users(self):
        """Init user with different roles."""
        users = [("reader", "Reader"), ("editor", "Editor"),
                 ("admin", "Administrator"), ("creator", "Creator")]
        self.users = {}
        for (name, role) in users:
            _, user = self.object_generator.generate_person(
                data={"name": name}, user_role=role)
            self.users[name] = user

    @ddt.data("reader", "editor", "admin", "creator")
    def test_permissions(self, name):
        """Test permissions for user roles."""
        user = all_models.Person.query.get(self.users[name].id)
        profile = all_models.PersonProfile.query.join(
            all_models.PersonProfile.person).filter_by(email=user.email).one()
        self.api.set_user(self.users[name])
        response = self.api.get(all_models.PersonProfile, profile.id)
        self.assert200(response)

        new_date = "2018-05-20 22:05:17"
        response = self.api.put(
            profile, {
                "people_profiles": {
                    "id": profile.id,
                    "last_seen_whats_new": new_date,
                },
            })
        self.assert200(response)

        response = self.api.delete(profile)
        if name == "admin":
            self.assert200(response)
        else:
            self.assert403(response)
Example #46
0
  def test_validate_rich_text_ca(self):
    """Test validator for Rich Text CA value."""
    generator = ObjectGenerator()
    with factories.single_commit():
      prog = factories.ProgramFactory()
      cad1 = factories.CustomAttributeDefinitionFactory(
          definition_type="program",
          definition_id=prog.id,
          attribute_type="Rich Text",
          title="CA 1",
      )
      cad2 = factories.CustomAttributeDefinitionFactory(
          definition_type="program",
          definition_id=prog.id,
          attribute_type="Rich Text",
          title="CA 2",
      )

    generator.api.modify_object(
        prog,
        {
            "custom_attribute_values": [
                {
                    "attribute_value": " http://www.some.url",
                    "attributable_id": prog.id,
                    "attributable_type": "program",
                    "custom_attribute_id": cad1.id,
                },
                {
                    "attribute_value": "<a>http://www.some.url</a>",
                    "attributable_id": prog.id,
                    "attributable_type": "program",
                    "custom_attribute_id": cad2.id,
                }
            ],
        },
    )

    prog = prog.__class__.query.get(prog.id)
    self.assertEqual(prog.custom_attribute_values[0].attribute_value,
                     (' <a href="http://www.some.url">'
                      'http://www.some.url</a>'))
    self.assertEqual(prog.custom_attribute_values[1].attribute_value,
                     '<a>http://www.some.url</a>')
Example #47
0
class TestPermissions(TestCase):
    """Test permissions for background tasks"""
    def setUp(self):
        super(TestPermissions, self).setUp()
        self.generator = Generator()
        self.api = api_helper.Api()
        self.object_generator = ObjectGenerator()
        self.init_users()

    def init_users(self):
        """ Init users needed by the test cases """
        users = [("reader", "Reader"), ("admin", "Administrator"),
                 ("creator", "Creator")]
        self.users = {}
        for (name, role) in users:
            _, user = self.object_generator.generate_person(
                data={"name": name}, user_role=role)
            self.users[name] = user

    def test_bg_tasks_access(self):
        """Only admin can use admin requirement"""
        from ggrc.models import all_models

        control_dict = {
            "control": {
                "title": "Control title",
                "context": None,
            },
        }
        response = self.api.send_request(
            self.api.client.post,
            all_models.Control,
            control_dict,
            {"X-GGRC-BackgroundTask": "true"},
        )
        self.assertEqual(response.status_code, 201)

        for role in ("reader", "creator", "admin"):
            self.api.set_user(self.users[role])
            content = self.api.client.get("/api/background_tasks")
            self.assert200(content)
            bg_tasks_content = \
                content.json['background_tasks_collection']['background_tasks']
            self.assertEqual(len(bg_tasks_content), 1)
Example #48
0
class TestPermissionsOnAssessmentRelatedAssignables(TestCase):
  """Test check Reader permissions for Assessment related assignables

  Global Reader once assigned to Assessment as Assignee, should have
  permissions to read/update/delete URLs(Documents) related to this Assessment
  """

  def setUp(self):
    super(TestPermissionsOnAssessmentRelatedAssignables, self).setUp()
    self.api = Api()
    self.generator = ObjectGenerator()

    _, self.reader = self.generator.generate_person(
        user_role="Reader"
    )
    audit = factories.AuditFactory()
    assessment = factories.AssessmentFactory(audit=audit)
    factories.AccessControlPersonFactory(
        ac_list=assessment.acr_name_acl_map["Assignees"],
        person=self.reader,
    )
    factories.RelationshipFactory(source=audit, destination=assessment)
    evidence = factories.EvidenceUrlFactory()
    evidence_id = evidence.id
    evid_rel = factories.RelationshipFactory(source=assessment,
                                             destination=evidence)
    evid_rel_id = evid_rel.id

    self.api.set_user(self.reader)
    self.evidence = all_models.Evidence.query.get(evidence_id)
    self.evid_relationship = all_models.Relationship.query.get(evid_rel_id)

  def test_delete_action(self):
    """Test permissions for delete action on Evidence

    Allow only Global Admin to delete Documents.
    """
    resp = self.api.delete(self.evidence)
    self.assert200(resp)
    self.assertEquals(len(all_models.Evidence.query.filter(
        all_models.Evidence.id == self.evidence.id).all()), 0)
Example #49
0
  def test_validate_text_ca_value(self):
    """Test validator for Text CA value."""
    generator = ObjectGenerator()
    prog = factories.ProgramFactory()
    cad1 = factories.CustomAttributeDefinitionFactory(
        definition_type="program",
        definition_id=prog.id,
        attribute_type="Text",
        title="CA 1",
    )
    val1 = factories.CustomAttributeValueFactory(
        attributable=prog,
        attribute_value=" http://www.some.url",
        custom_attribute=cad1,
    )
    prog.custom_attribute_values = [val1]
    generator.api.modify_object(prog, {})

    prog = prog.__class__.query.get(prog.id)
    self.assertEqual(prog.custom_attribute_values[0].attribute_value,
                     "http://www.some.url")
Example #50
0
  def test_validate_checkbox_ca(self, value):
    """Test validator for Checkbox CA value."""
    generator = ObjectGenerator()
    with factories.single_commit():
      prog = factories.ProgramFactory()
      cad = factories.CustomAttributeDefinitionFactory(
          definition_type="program",
          definition_id=prog.id,
          attribute_type="Checkbox",
          title="CA",
      )

    generator.api.modify_object(
        prog, {
            "custom_attribute_values": [{
                "attribute_value": value,
                "attributable_id": prog.id,
                "attributable_type": "program",
                "custom_attribute_id": cad.id,
            }, ],
        },
    )
    prog = prog.__class__.query.get(prog.id)
    self.assertEqual(prog.custom_attribute_values[0].attribute_value, "0")
 def setUp(self):
     super(TestEvidenceRolePropagation, self).setUp()
     self.api = Api()
     self.generator = ObjectGenerator()
class TestEvidenceRolePropagation(TestCase):
    """Evidence role propagation test case"""

    # pylint: disable=invalid-name

    def setUp(self):
        super(TestEvidenceRolePropagation, self).setUp()
        self.api = Api()
        self.generator = ObjectGenerator()

    # Propagation isn't work for 'Primary Contacts', 'Secondary Contacts'
    # just add them to data list to check if fix works.

    @ddt.data("Assignees", "Creators", "Verifiers")
    def test_assessment_role_propagation_edit(self, role_name):
        """Asses user with role '{0}' should be able to edit related evidence"""

        _, reader = self.generator.generate_person(user_role="Creator")
        with factories.single_commit():
            assessment = factories.AssessmentFactory()
            assessment.add_person_with_role_name(reader, role_name)
            evidence = factories.EvidenceFactory()
            evidence_id = evidence.id
            factories.RelationshipFactory(source=assessment,
                                          destination=evidence)

        self.api.set_user(reader)

        evidence = all_models.Evidence.query.get(evidence_id)
        new_description = 'new description'
        resp = self.api.modify_object(evidence,
                                      {'description': new_description})
        evidence = self.refresh_object(evidence)
        self.assert200(resp)
        self.assertEquals(new_description, evidence.description)
        self.assertEquals(reader.id, evidence.modified_by_id)

    @ddt.data(
        ("Creator", "Audit Captains", 200),
        ("Creator", "Auditors", 403),
        ("Reader", "Audit Captains", 200),
        ("Reader", "Auditors", 403),
        ("Editor", "Audit Captains", 200),
        ("Editor", "Auditors", 200),
    )
    @ddt.unpack
    def test_audit_role_propagation_edit(self, user_role, audit_role,
                                         status_code):
        """'{0}' assigned as '{1}' should get '{2}' when editing audit evidence"""
        _, user = self.generator.generate_person(user_role=user_role)
        with factories.single_commit():
            audit = factories.AuditFactory()
            audit.add_person_with_role_name(user, audit_role)
            evidence = factories.EvidenceFactory()
            evidence_id = evidence.id

        factories.RelationshipFactory(source=audit, destination=evidence)

        self.api.set_user(user)

        evidence = all_models.Evidence.query.get(evidence_id)
        new_description = 'new description'
        resp = self.api.modify_object(evidence,
                                      {'description': new_description})
        evidence = self.refresh_object(evidence)

        if status_code == 200:
            self.assert200(resp)
            self.assertEquals(new_description, evidence.description)
            self.assertEquals(user.id, evidence.modified_by_id)
        else:
            self.assertStatus(resp, status_code)

    def test_audit_role_propagation_not_delete(self):
        """Audit user with role Auditors can NOT delete related evidence"""
        role_name = "Auditors"
        _, reader = self.generator.generate_person(user_role="Reader")
        with factories.single_commit():
            audit = factories.AuditFactory()
            audit.add_person_with_role_name(reader, role_name)
            evidence = factories.EvidenceFactory()
            evidence_id = evidence.id

        factories.RelationshipFactory(source=audit, destination=evidence)

        self.api.set_user(reader)
        evidence = all_models.Evidence.query.get(evidence_id)

        resp = self.api.delete(evidence)
        self.assertStatus(resp, 403)
        evidence = all_models.Evidence.query.get(evidence_id)
        self.assertTrue(evidence)
Example #53
0
class TestOneTimeWfEndDateChange(TestCase):

  """ This class contains simple one time workflow tests that are not
  in the gsheet test grid
  """

  def setUp(self):
    super(TestOneTimeWfEndDateChange, self).setUp()
    self.api = Api()
    self.wf_generator = WorkflowsGenerator()
    self.object_generator = ObjectGenerator()
    Notification.query.delete()

    self.random_objects = self.object_generator.generate_random_objects(2)
    _, self.user = self.object_generator.generate_person(
        user_role="Administrator")
    self.create_test_cases()

    def init_decorator(init):
      def new_init(self, *args, **kwargs):
        init(self, *args, **kwargs)
        if hasattr(self, "created_at"):
          self.created_at = datetime.now()
      return new_init

    Notification.__init__ = init_decorator(Notification.__init__)

  @patch("ggrc.notifications.common.send_email")
  def test_no_date_change(self, mock_mail):
    def get_person(person_id):
      return db.session.query(Person).filter(Person.id == person_id).one()

    with freeze_time("2015-04-10 03:21:34"):
      _, workflow = self.wf_generator.generate_workflow(
          self.one_time_workflow_1)

      _, cycle = self.wf_generator.generate_cycle(workflow)
      self.wf_generator.activate_workflow(workflow)

    with freeze_time("2015-04-11 03:21:34"):
      user = get_person(self.user.id)
      _, notif_data = common.get_daily_notifications()
      self.assertIn("cycle_started", notif_data[user.email])

    with freeze_time("2015-05-02 03:21:34"):
      _, notif_data = common.get_daily_notifications()
      self.assertIn(user.email, notif_data)
      self.assertIn("cycle_started", notif_data[user.email])
      self.assertNotIn("due_in", notif_data[user.email])
      self.assertNotIn("due_today", notif_data[user.email])

    with freeze_time("2015-05-02 03:21:34"):
      common.send_daily_digest_notifications()
      _, notif_data = common.get_daily_notifications()
      self.assertEqual(notif_data, {})

      # one email to owner and one to assigne
      self.assertEqual(mock_mail.call_count, 2)

    with freeze_time("2015-05-04 03:21:34"):  # one day before due date
      _, notif_data = common.get_daily_notifications()
      user = get_person(self.user.id)
      self.assertIn("due_in", notif_data[user.email])
      self.assertEqual(len(notif_data[user.email]["due_in"]), 2)

    with freeze_time("2015-05-04 03:21:34"):  # one day before due date
      common.send_daily_digest_notifications()
      _, notif_data = common.get_daily_notifications()
      self.assertEqual(notif_data, {})

      # one email to owner and one to assigne
      self.assertEqual(mock_mail.call_count, 3)

    with freeze_time("2015-05-05 03:21:34"):  # due date
      _, notif_data = common.get_daily_notifications()
      self.assertIn("due_today", notif_data[user.email])
      self.assertEqual(len(notif_data[user.email]["due_today"]), 2)

  @patch("ggrc.notifications.common.send_email")
  def test_move_end_date_to_future(self, mock_mail):
    """
    test moving the end date to the future, befor due_in and due_today
    notifications have been sent
    """
    def get_person(person_id):
      return db.session.query(Person).filter(Person.id == person_id).one()

    with freeze_time("2015-04-10 03:21:34"):
      _, workflow = self.wf_generator.generate_workflow(
          self.one_time_workflow_1)

      _, cycle = self.wf_generator.generate_cycle(workflow)
      self.wf_generator.activate_workflow(workflow)

    with freeze_time("2015-04-11 03:21:34"):
      user = get_person(self.user.id)
      _, notif_data = common.get_daily_notifications()
      self.assertIn("cycle_started", notif_data[user.email])

    with freeze_time("2015-05-02 03:21:34"):
      _, notif_data = common.get_daily_notifications()
      self.assertIn(user.email, notif_data)
      self.assertIn("cycle_started", notif_data[user.email])
      self.assertNotIn("due_in", notif_data[user.email])
      self.assertNotIn("due_today", notif_data[user.email])

    with freeze_time("2015-05-02 03:21:34"):
      common.send_daily_digest_notifications()
      _, notif_data = common.get_daily_notifications()
      self.assertEqual(notif_data, {})

      # one email to owner and one to assigne
      self.assertEqual(mock_mail.call_count, 2)

    with freeze_time("2015-05-03 03:21:34"):
      cycle = Cycle.query.get(cycle.id)
      task1 = CycleTaskGroupObjectTask.query.get(
          cycle.cycle_task_group_object_tasks[0].id)
      task2 = CycleTaskGroupObjectTask.query.get(
          cycle.cycle_task_group_object_tasks[1].id)

      self.wf_generator.modify_object(
          task1, data={"end_date": date(2015, 5, 15)})
      self.wf_generator.modify_object(
          task2, data={"end_date": date(2015, 5, 15)})

    with freeze_time("2015-05-04 03:21:34"):  # one day befor due date
      _, notif_data = common.get_daily_notifications()
      user = get_person(self.user.id)
      self.assertEqual(notif_data, {})

    with freeze_time("2015-05-05 03:21:34"):  # due date
      _, notif_data = common.get_daily_notifications()
      self.assertEqual(notif_data, {})

    with freeze_time("2015-05-14 03:21:34"):  # due date
      _, notif_data = common.get_daily_notifications()
      self.assertIn(user.email, notif_data)
      self.assertIn("due_in", notif_data[user.email])
      self.assertEqual(len(notif_data[user.email]["due_in"]),
                       len(self.random_objects))

    with freeze_time("2015-05-15 03:21:34"):  # due date
      _, notif_data = common.get_daily_notifications()
      self.assertIn(user.email, notif_data)

      # yesterdays mail has not been sent
      self.assertIn("due_in", notif_data[user.email])

      self.assertIn("due_today", notif_data[user.email])
      self.assertEqual(len(notif_data[user.email]["due_today"]),
                       len(self.random_objects))

  @patch("ggrc.notifications.common.send_email")
  def test_move_end_date_to_past(self, mock_mail):
    def get_person(person_id):
      return db.session.query(Person).filter(Person.id == person_id).one()

    with freeze_time("2015-04-10 03:21:34"):
      _, workflow = self.wf_generator.generate_workflow(
          self.one_time_workflow_1)

      _, cycle = self.wf_generator.generate_cycle(workflow)
      self.wf_generator.activate_workflow(workflow)

    with freeze_time("2015-05-02 03:21:34"):
      common.send_daily_digest_notifications()
      _, notif_data = common.get_daily_notifications()
      self.assertEqual(notif_data, {})

      # one email to owner and one to assigne
      self.assertEqual(mock_mail.call_count, 2)

    with freeze_time("2015-05-03 03:21:34"):
      cycle = Cycle.query.get(cycle.id)
      task1 = CycleTaskGroupObjectTask.query.get(
          cycle.cycle_task_group_object_tasks[0].id)
      task2 = CycleTaskGroupObjectTask.query.get(
          cycle.cycle_task_group_object_tasks[1].id)

      self.wf_generator.modify_object(
          task1, data={"end_date": date(2015, 5, 1)})
      self.wf_generator.modify_object(
          task2, data={"end_date": date(2015, 5, 1)})

    with freeze_time("2015-05-03 03:21:34"):  # one day befor due date
      _, notif_data = common.get_daily_notifications()
      self.assertEqual(notif_data, {})

    with freeze_time("2015-05-04 03:21:34"):  # due date
      _, notif_data = common.get_daily_notifications()
      self.assertEqual(notif_data, {})

    with freeze_time("2015-05-05 03:21:34"):  # due date
      _, notif_data = common.get_daily_notifications()
      self.assertEqual(notif_data, {})

  @patch("ggrc.notifications.common.send_email")
  def test_move_end_date_to_today(self, mock_mail):
    def get_person(person_id):
      return db.session.query(Person).filter(Person.id == person_id).one()

    with freeze_time("2015-04-10 03:21:34"):
      _, workflow = self.wf_generator.generate_workflow(
          self.one_time_workflow_1)

      _, cycle = self.wf_generator.generate_cycle(workflow)
      self.wf_generator.activate_workflow(workflow)

    with freeze_time("2015-05-02 03:21:34"):
      common.send_daily_digest_notifications()
      _, notif_data = common.get_daily_notifications()
      self.assertEqual(notif_data, {})

      # one email to owner and one to assigne
      self.assertEqual(mock_mail.call_count, 2)

    with freeze_time("2015-05-03 03:21:34"):
      cycle = Cycle.query.get(cycle.id)
      task1 = CycleTaskGroupObjectTask.query.get(
          cycle.cycle_task_group_object_tasks[0].id)
      task2 = CycleTaskGroupObjectTask.query.get(
          cycle.cycle_task_group_object_tasks[1].id)

      self.wf_generator.modify_object(
          task1, data={"end_date": date(2015, 5, 3)})
      self.wf_generator.modify_object(
          task2, data={"end_date": date(2015, 5, 4)})

    with freeze_time("2015-05-03 03:21:34"):  # one day befor due date
      user = get_person(self.user.id)
      _, notif_data = common.get_daily_notifications()

      self.assertNotEquals(notif_data, {})
      self.assertIn(user.email, notif_data)
      self.assertIn("due_today", notif_data[user.email])
      self.assertIn("due_in", notif_data[user.email])
      self.assertEqual(len(notif_data[user.email]["due_today"]), 1)

      common.send_daily_digest_notifications()

    with freeze_time("2015-05-04 03:21:34"):  # due date
      user = get_person(self.user.id)
      _, notif_data = common.get_daily_notifications()
      self.assertIn(user.email, notif_data)
      self.assertIn("due_today", notif_data[user.email])
      self.assertNotIn("due_in", notif_data[user.email])
      common.send_daily_digest_notifications()

    with freeze_time("2015-05-05 03:21:34"):  # due date
      _, notif_data = common.get_daily_notifications()
      self.assertEqual(notif_data, {})

  def create_test_cases(self):
    def person_dict(person_id):
      return {
          "href": "/api/people/%d" % person_id,
          "id": person_id,
          "type": "Person"
      }

    self.one_time_workflow_1 = {
        "title": "one time test workflow",
        "notify_on_change": True,
        "description": "some test workflow",
        "owners": [person_dict(self.user.id)],
        "task_groups": [{
            "title": "one time task group",
            "contact": person_dict(self.user.id),
            "task_group_tasks": [{
                "title": "task 1",
                "description": "some task",
                "contact": person_dict(self.user.id),
                "start_date": date(2015, 5, 1),  # friday
                "end_date": date(2015, 5, 5),
            }, {
                "title": "task 2",
                "description": "some task 2",
                "contact": person_dict(self.user.id),
                "start_date": date(2015, 5, 1),  # friday
                "end_date": date(2015, 5, 5),
            }],
            "task_group_objects": self.random_objects
        }]
    }
 def setUp(self):
     super(TestPersonProfilePermissions, self).setUp()
     self.generator = Generator()
     self.api = Api()
     self.object_generator = ObjectGenerator()
     self.init_users()
 def setUp(self):
     super(TestComprehensiveSheets, self).setUp()
     self.generator = ObjectGenerator()
     self.client.get("/login")
 def setUp(self):
   super(TestCsvImport, self).setUp()
   self.generator = ObjectGenerator()
   self.client.get("/login")
class TestCsvImport(TestCase):

  def setUp(self):
    super(TestCsvImport, self).setUp()
    self.generator = ObjectGenerator()
    self.client.get("/login")

  def tearDown(self):
    pass

  def generate_people(self, people):
    for person in people:
      self.generator.generate_person({
          "name": person,
          "email": "{}@reciprocitylabs.com".format(person),
      }, "Administrator")

  def test_multi_basic_policy_orggroup_product(self):
    filename = "multi_basic_policy_orggroup_product.csv"
    response_json = self.import_file(filename)

    object_counts = {
        "Org Group": (4, 0, 0),
        "Policy": (4, 0, 0),
        "Product": (5, 0, 0),
    }

    for row in response_json:
      created, updated, ignored = object_counts[row["name"]]
      self.assertEqual(created, row["created"])
      self.assertEqual(updated, row["updated"])
      self.assertEqual(ignored, row["ignored"])
      self.assertEqual(set(), set(row["row_warnings"]))

    self.assertEqual(Policy.query.count(), 4)
    self.assertEqual(OrgGroup.query.count(), 4)
    self.assertEqual(Product.query.count(), 5)

  def test_multi_basic_policy_orggroup_product_with_warnings(self):
    filename = "multi_basic_policy_orggroup_product_with_warnings.csv"
    response_json = self.import_file(filename)

    row_messages = []
    object_counts = {
        "Policy": (3, 0, 2),
        "Org Group": (0, 0, 4),
        "Product": (5, 0, 2),
    }
    for row in response_json:
      created, updated, ignored = object_counts[row["name"]]
      self.assertEqual(created, row["created"])
      self.assertEqual(updated, row["updated"])
      self.assertEqual(ignored, row["ignored"])
      row_messages.extend(row["row_warnings"])
      row_messages.extend(row["row_errors"])

    expected_warnings = set([
        errors.DUPLICATE_VALUE_IN_CSV.format(
            line_list="5, 6", column_name="Title", value="dolor",
            s="", ignore_lines="6"),
        errors.DUPLICATE_VALUE_IN_CSV.format(
            line_list="6, 7", column_name="Code", value="p-4",
            s="", ignore_lines="7"),
        errors.DUPLICATE_VALUE_IN_CSV.format(
            line_list="21, 26", column_name="Title", value="meatloaf",
            s="", ignore_lines="26"),
        errors.DUPLICATE_VALUE_IN_CSV.format(
            line_list="21, 26, 27", column_name="Code", value="pro 1",
            s="s", ignore_lines="26, 27"),
        errors.OWNER_MISSING.format(line=26, column_name="Owner"),
        errors.MISSING_COLUMN.format(line=13, column_names="Owner", s=""),
        errors.MISSING_COLUMN.format(line=14, column_names="Owner", s=""),
        errors.MISSING_COLUMN.format(line=15, column_names="Owner", s=""),
        errors.MISSING_COLUMN.format(line=16, column_names="Owner", s=""),
    ])

    self.assertEqual(expected_warnings, set(row_messages))
    self.assertEqual(Policy.query.count(), 3)
    self.assertEqual(OrgGroup.query.count(), 0)
    self.assertEqual(Product.query.count(), 5)

  def test_multi_basic_policy_orggroup_product_with_mappings(self):

    def get_relationships_for(obj):
      return Relationship.query.filter(or_(
          and_(Relationship.source_id == obj.id,
               Relationship.source_type == obj.type),
          and_(Relationship.destination_id == obj.id,
               Relationship.destination_type == obj.type),
      ))

    filename = "multi_basic_policy_orggroup_product_with_mappings.csv"
    response_json = self.import_file(filename)

    object_counts = {
        "Policy": (4, 0, 0),
        "Org Group": (4, 0, 0),
        "Product": (5, 0, 0),
    }
    for row in response_json:
      created, updated, ignored = object_counts[row["name"]]
      self.assertEqual(created, row["created"])
      self.assertEqual(updated, row["updated"])
      self.assertEqual(ignored, row["ignored"])
      self.assertEqual(set(), set(row["row_warnings"]))

    self.assertEqual(Policy.query.count(), 4)
    self.assertEqual(OrgGroup.query.count(), 4)
    self.assertEqual(Product.query.count(), 5)
    p1 = Policy.query.filter_by(slug="p-1").first()
    org1 = OrgGroup.query.filter_by(slug="org-1").first()

    self.assertEqual(get_relationships_for(p1).count(), 3)
    self.assertEqual(get_relationships_for(org1).count(), 5)

  def test_big_import_with_mappings(self):
    response = self.import_file("data_for_export_testing.csv")
    self._check_csv_response(response, {})
class TestCustomAttributesDefinitions(TestCase):
    """Test for custom attribute definition columns."""
    def setUp(self):
        super(TestCustomAttributesDefinitions, self).setUp()
        self.generator = ObjectGenerator()

    def test_policy_definitions(self):
        """Test custom attribute definitions on Policy model."""
        self.generator.generate_custom_attribute("policy",
                                                 title="My Attribute")
        self.generator.generate_custom_attribute("policy",
                                                 title="Mandatory Attribute",
                                                 mandatory=True)
        definitions = get_object_column_definitions(all_models.Policy)
        mapping_names = get_mapping_names(all_models.Policy.__name__)
        display_names = {
            val["display_name"]
            for val in definitions.itervalues()
        }
        element_names = {
            "Code",
            "Title",
            "Description",
            "Notes",
            "Admin",
            "Reference URL",
            "Kind/Type",
            "Effective Date",
            "Last Deprecated Date",
            "State",
            "My Attribute",
            "Mandatory Attribute",
            "Review State",
            "Reviewers",
            "Delete",
            "Primary Contacts",
            "Secondary Contacts",
            "Recipients",
            "Send by default",
            "Comments",
            "Assessment Procedure",
            "Created Date",
            "Last Updated Date",
            "Last Updated By",
            "Gdrive Folder ID",
        }
        expected_names = element_names.union(mapping_names)
        self.assertEqual(expected_names, display_names)
        vals = {val["display_name"]: val for val in definitions.itervalues()}
        self.assertTrue(vals["Title"]["mandatory"])
        self.assertTrue(vals["Admin"]["mandatory"])
        self.assertTrue(vals["Title"]["unique"])
        self.assertTrue(vals["Mandatory Attribute"]["mandatory"])

    def test_program_definitions(self):
        """ test custom attribute headers for Program."""

        self.generator.generate_custom_attribute("program",
                                                 title="My Attribute")
        self.generator.generate_custom_attribute("program",
                                                 title="Mandatory Attribute",
                                                 mandatory=True)
        self.generator.generate_custom_attribute(
            "program",
            title="Choose",
            mandatory=True,
            attribute_type="Dropdown",
            multi_choice="hello,world,what's,up")
        definitions = get_object_column_definitions(all_models.Program)
        mapping_names = get_mapping_names(all_models.Program.__name__)
        display_names = {
            val["display_name"]
            for val in definitions.itervalues()
        }
        element_names = {
            "Title",
            "Description",
            "Notes",
            "Reference URL",
            "Code",
            "Effective Date",
            "Last Deprecated Date",
            "State",
            "My Attribute",
            "Mandatory Attribute",
            "Choose",
            "Review State",
            "Reviewers",
            "Delete",
            "Primary Contacts",
            "Secondary Contacts",
            "Program Managers",
            "Program Editors",
            "Program Readers",
            "Created Date",
            "Last Updated Date",
            "Last Updated By",
            "Gdrive Folder ID",
            "Send by default",
            "Recipients",
            "Comments",
        }
        expected_names = element_names.union(mapping_names)
        self.assertEqual(expected_names, display_names)
        vals = {val["display_name"]: val for val in definitions.itervalues()}
        self.assertTrue(vals["Title"]["mandatory"])
        self.assertTrue(vals["Title"]["unique"])
        self.assertTrue(vals["Mandatory Attribute"]["mandatory"])
        self.assertTrue(vals["Choose"]["mandatory"])
 def setUp(self):
     super(TestCustomAttributesDefinitions, self).setUp()
     self.generator = ObjectGenerator()
Example #60
0
 def setUp(self):
     super(TestResource, self).setUp()
     self.api = Api()
     self.object_generator = ObjectGenerator()
     self.create_objects()