class TestIssue(TestCase): """ Test Issue class. """ def setUp(self): super(TestIssue, self).setUp() self.api = Api() with factories.single_commit(): audit = factories.AuditFactory() for status in all_models.Issue.VALID_STATES: factories.IssueFactory(audit=audit, status=status) def test_filter_by_status(self): """Test Issue filtering by status.""" query_request_data = [{ 'fields': [], 'filters': { 'expression': { 'left': { 'left': 'status', 'op': { 'name': '=' }, 'right': 'Fixed' }, 'op': { 'name': 'OR' }, 'right': { 'left': 'status', 'op': { 'name': '=' }, 'right': 'Fixed and Verified' }, }, }, 'object_name': 'Issue', 'permissions': 'read', 'type': 'values', }] response = self.api.send_request(self.api.client.post, data=query_request_data, api_link="/query") self.assertEqual(response.status_code, 200) statuses = {i["status"] for i in response.json[0]["Issue"]["values"]} self.assertEqual(statuses, {"Fixed", "Fixed and Verified"})
class TestIssue(TestCase): """ Test Issue class. """ def setUp(self): super(TestIssue, self).setUp() self.api = Api() with factories.single_commit(): audit = factories.AuditFactory() for status in all_models.Issue.VALID_STATES: factories.IssueFactory(audit=audit, status=status) def test_filter_by_status(self): """Test Issue filtering by status.""" query_request_data = [{ 'fields': [], 'filters': { 'expression': { 'left': { 'left': 'status', 'op': {'name': '='}, 'right': 'Fixed' }, 'op': {'name': 'OR'}, 'right': { 'left': 'status', 'op': {'name': '='}, 'right': 'Fixed and Verified' }, }, }, 'object_name': 'Issue', 'permissions': 'read', 'type': 'values', }] response = self.api.send_request( self.api.client.post, data=query_request_data, api_link="/query" ) self.assertEqual(response.status_code, 200) statuses = {i["status"] for i in response.json[0]["Issue"]["values"]} self.assertEqual(statuses, {"Fixed", "Fixed and Verified"})
class EvidenceRBACFactory(base.BaseRBACFactory): """Evidence RBAC factory class.""" def __init__(self, user_id, acr, parent=None): """Set up objects for Evidence permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ self.setup_program_scope(user_id, acr) with factories.single_commit(): evidence = factories.EvidenceUrlFactory() if parent == "Audit": self.mapping_id = factories.RelationshipFactory( source=self.audit, destination=evidence).id elif parent == "Assessment": self.mapping_id = factories.RelationshipFactory( source=self.assessment, destination=evidence).id self.evidence_id = evidence.id self.parent = parent self.admin_acr_id = all_models.AccessControlRole.query.filter_by( name="Admin", object_type="Evidence", ).one().id self.user_id = user_id self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api if user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user) def create(self): """Create new Evidence object.""" result = self.api.post( all_models.Evidence, { "evidence": { "access_control_list": [{ "ac_role_id": self.admin_acr_id, "person": { "id": self.user_id, "type": "Person", } }], "link": factories.random_str(), "title": factories.random_str(), "context": None, } }) return result def read(self): """Read existing Evidence object.""" res = self.api.get(all_models.Evidence, self.evidence_id) return res def update(self): """Update title of existing Evidence object.""" evidence = all_models.Evidence.query.get(self.evidence_id) return self.api.put(evidence, {"title": factories.random_str()}) def delete(self): """Delete Evidence object.""" evidence = all_models.Evidence.query.get(self.evidence_id) return self.api.delete(evidence) def map(self, evidence=None): """Map Evidence to parent object.""" if self.parent == "Audit": parent = all_models.Audit.query.get(self.audit_id) else: parent = all_models.Assessment.query.get(self.assessment_id) map_evidence = evidence if evidence else factories.EvidenceUrlFactory() return self.api.put( parent, { "actions": { "add_related": [{ "id": map_evidence.id, "type": "Evidence", }] } }) def create_and_map(self): """Create new Evidence and map it to parent.""" response = self.create() evidence_id = None if response.json and response.json.get("evidence"): evidence_id = response.json.get("evidence", {}).get("id") if not evidence_id: return response evidence = all_models.Evidence.query.get(evidence_id) return self.map(evidence) def add_comment(self): """Map new comment to evidence.""" evidence = all_models.Evidence.query.get(self.evidence_id) _, comment = self.objgen.generate_object( all_models.Comment, { "description": factories.random_str(), "context": None, }) return self.objgen.generate_relationship(source=evidence, destination=comment)[0] def read_comments(self): """Read comments mapped to evidence""" evidence = all_models.Evidence.query.get(self.evidence_id) with factories.single_commit(): comment = factories.CommentFactory( description=factories.random_str()) factories.RelationshipFactory(source=evidence, destination=comment) query_request_data = [{ "fields": [], "filters": { "expression": { "object_name": "Evidence", "op": { "name": "relevant" }, "ids": [evidence.id] } }, "object_name": "Comment", }] response = self.api.send_request(self.api.client.post, data=query_request_data, api_link="/query") return response
class TestSnapshot(TestCase): """Basic tests snapshots""" def setUp(self): super(TestSnapshot, self).setUp() self.api = Api() def test_search_by_reference_url(self): """Test search audit related snapshots of control type by reference_url""" expected_ref_url = "xxx" with factories.single_commit(): audit = factories.AuditFactory() audit_id = audit.id doc1 = factories.DocumentReferenceUrlFactory( link=expected_ref_url, title=expected_ref_url) doc_id1 = doc1.id doc2 = factories.DocumentReferenceUrlFactory(link="yyy", title="yyy") doc_id2 = doc2.id control = factories.ControlFactory() control_id = control.id response = self.api.post( all_models.Relationship, { "relationship": { "source": { "id": control_id, "type": control.type }, "destination": { "id": doc_id1, "type": doc1.type }, "context": None }, }) self.assertStatus(response, 201) response = self.api.post( all_models.Relationship, { "relationship": { "source": { "id": control_id, "type": control.type }, "destination": { "id": doc_id2, "type": doc2.type }, "context": None }, }) self.assertStatus(response, 201) response = self.api.post( all_models.Relationship, { "relationship": { "source": { "id": control_id, "type": control.type }, "destination": { "id": audit_id, "type": audit.type }, "context": None }, }) self.assertStatus(response, 201) query_request_data = [{ "object_name": "Snapshot", "filters": { "expression": { "left": { "left": "child_type", "op": { "name": "=" }, "right": "Control" }, "op": { "name": "AND" }, "right": { "left": { "object_name": "Audit", "op": { "name": "relevant" }, "ids": [audit_id] }, "op": { "name": "AND" }, "right": { "left": { "left": "Reference URL", "op": { "name": "~" }, "right": expected_ref_url }, "op": { "name": "AND" }, "right": { "left": "Status", "op": { "name": "IN" }, "right": ["Active", "Draft", "Deprecated"] } } } } }, }] response = self.api.send_request(self.api.client.post, data=query_request_data, api_link="/query") self.assert200(response) self.assertEquals(1, response.json[0]["Snapshot"]["count"])
class DocumentReferenceUrlRBACFactory(base.BaseRBACFactory): """Document Reference Url RBAC factory class.""" def __init__(self, user_id, acr, parent=None): """Set up objects for Document permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api self.acr = acr self.user_id = user_id self.parent_name = parent self.document_id = None self.parent = None self.parent_id = None self.admin_acr_id = all_models.AccessControlRole.query.filter_by( name="Admin", object_type="Document", ).one().id self.setup_models(self.parent_name) self.set_user(user_id) def set_user(self, user_id): """Set user to send requests""" if self.user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user) def setup_models(self, parent_name): """Setup document, parent, relationship""" with factories.single_commit(): document = factories.DocumentReferenceUrlFactory() self.document_id = document.id self.parent = self.build_parent(parent_name) self.parent_id = self.parent.id factories.RelationshipFactory(source=self.parent, destination=document) self.assign_person(self.parent, self.acr, self.user_id) @staticmethod def build_parent(parent_name): """Create parent based on Name""" try: parent = FACTORIES_MAPPING[parent_name]() except KeyError(): raise ValueError("Unknown parent {}".format(parent_name)) return parent def create(self): """Create new Document object.""" result = self.api.post(all_models.Document, { "document": { "access_control_list": [{ "ac_role_id": self.admin_acr_id, "person": { "id": self.user_id, "type": "Person", } }], "link": factories.random_str(), "title": factories.random_str(), "context": None, } }) return result def read(self): """Read existing Document object.""" res = self.api.get(all_models.Document, self.document_id) return res def update(self): """Update title of existing Document object.""" document = all_models.Document.query.get(self.document_id) return self.api.put(document, {"title": factories.random_str()}) def delete(self): """Delete Document object.""" document = all_models.Document.query.get(self.document_id) return self.api.delete(document) def map(self, document=None): """Map Document to parent object.""" parent = self.parent.__class__.query.get(self.parent_id) map_document = document if document \ else factories.DocumentReferenceUrlFactory() return self.objgen.generate_relationship( source=parent, destination=map_document )[0] def create_and_map(self): """Create new Document and map it to parent.""" response = self.create() document_id = None if response.json and response.json.get("document"): document_id = response.json.get("document", {}).get("id") if not document_id: return response document = all_models.Document.query.get(document_id) return self.map(document) def add_comment(self): """Map new comment to document.""" document = all_models.Document.query.get(self.document_id) _, comment = self.objgen.generate_object(all_models.Comment, { "description": factories.random_str(), "context": None, }) return self.objgen.generate_relationship(source=document, destination=comment)[0] def read_comments(self): """Read comments mapped to document""" document = all_models.Document.query.get(self.document_id) with factories.single_commit(): comment = factories.CommentFactory(description=factories.random_str()) factories.RelationshipFactory(source=document, destination=comment) query_request_data = [{ "fields": [], "filters": { "expression": { "object_name": "Document", "op": { "name": "relevant" }, "ids": [document.id] } }, "object_name": "Comment", }] response = self.api.send_request( self.api.client.post, data=query_request_data, api_link="/query" ) return response
class UniversalRBACFactory(base.BaseRBACFactory): """Universal RBAC factory class. Can be used in 'one rank' tests """ # pylint: disable=too-many-instance-attributes def __init__(self, user_id, acr, parent=None): """Set up objects for permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api self.acr = acr self.user_id = user_id self.parent_name = parent self.document_id = None self.parent = None self.parent_id = None self.setup_models(self.parent_name) self.set_user(user_id) def set_user(self, user_id): """Set user to send requests""" if self.user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user) def setup_models(self, parent_name): """Setup document, parent, relationship""" with factories.single_commit(): self.parent = get_model_factory(parent_name)() self.parent_id = self.parent.id self.parent_name = parent_name self.assign_person(self.parent, self.acr, self.user_id) def _setup_document(self): """Crate and map document""" with factories.single_commit(): document = factories.DocumentReferenceUrlFactory() parent = db.session.query(self.parent.__class__).get(self.parent_id) factories.RelationshipFactory(source=parent, destination=document) return document.id def _setup_comment(self): """Crate and map comment""" with factories.single_commit(): comment = factories.CommentFactory(description="Hey!") parent = db.session.query(self.parent.__class__).get(self.parent_id) factories.RelationshipFactory(source=parent, destination=comment) return comment.id def read_parent(self): """Can Read parent info.""" res = self.api.get(self.parent, self.parent_id) return res def create_and_map_document(self): """Create and map document object to parent.""" admin_acr_id = all_models.AccessControlRole.query.filter_by( name="Admin", object_type="Document", ).one().id _, document = self.objgen.generate_object( all_models.Document, { "link": factories.random_str(), "title": factories.random_str(), "context": None, "access_control_list": [ { "ac_role_id": admin_acr_id, "person": { "id": self.user_id, "type": "Person", } } ], } ) parent = db.session.query(self.parent.__class__).get(self.parent_id) return self.objgen.generate_relationship( source=document, destination=parent )[0] def read_document(self): """Read existing Document object.""" doc_id = self._setup_document() res = self.api.get(all_models.Document, doc_id) return res def update_document(self): """Update title of existing Document object.""" doc_id = self._setup_document() document = all_models.Document.query.get(doc_id) return self.api.put(document, {"title": factories.random_str()}) def delete_document(self): """Delete Document object.""" doc_id = self._setup_document() document = all_models.Document.query.get(doc_id) return self.api.delete(document) def create_and_map_comment(self): """Create new Comment object and map to parent.""" _, comment = self.objgen.generate_object( all_models.Comment, { "description": factories.random_str(), "context": None, } ) parent = db.session.query(self.parent.__class__).get(self.parent_id) return self.objgen.generate_relationship( source=parent, destination=comment )[0] def read_comment(self): """Read existing Comment object.""" comment_id = self._setup_comment() res = self.api.get(all_models.Comment, comment_id) return res def create_and_map_document_comment(self): """Map new comment to document.""" doc_id = self._setup_document() _, comment = self.objgen.generate_object( all_models.Comment, { "description": factories.random_str(), "context": None, } ) document = all_models.Document.query.get(doc_id) return self.objgen.generate_relationship( source=document, destination=comment )[0] def read_document_comment(self): """Read comments mapped to document""" doc_id = self._setup_document() document = all_models.Document.query.get(doc_id) with factories.single_commit(): comment = factories.CommentFactory(description=factories.random_str()) factories.RelationshipFactory(source=document, destination=comment) query_request_data = [ { "fields": [], "filters": { "expression": { "object_name": "Document", "op": { "name": "relevant" }, "ids": [document.id] } }, "object_name": "Comment", } ] response = self.api.send_request( self.api.client.post, data=query_request_data, api_link="/query" ) return response
class DocumentReferenceUrlRBACFactory(base.BaseRBACFactory): """Document Reference Url RBAC factory class.""" def __init__(self, user_id, acr, parent=None): """Set up objects for Document permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api self.acr = acr self.user_id = user_id self.parent_name = parent self.document_id = None self.parent = None self.parent_id = None self.admin_acr_id = all_models.AccessControlRole.query.filter_by( name="Admin", object_type="Document", ).one().id self.setup_models(self.parent_name) self.set_user(user_id) def set_user(self, user_id): """Set user to send requests""" if self.user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user) def setup_models(self, parent_name): """Setup document, parent, relationship""" with factories.single_commit(): document = factories.DocumentReferenceUrlFactory() self.document_id = document.id self.parent = self.build_parent(parent_name) self.parent_id = self.parent.id factories.RelationshipFactory(source=self.parent, destination=document) self.assign_person(self.parent, self.acr, self.user_id) @staticmethod def build_parent(parent_name): """Create parent based on Name""" try: parent = FACTORIES_MAPPING[parent_name]() except KeyError(): raise ValueError("Unknown parent {}".format(parent_name)) return parent def create(self): """Create new Document object.""" result = self.api.post( all_models.Document, { "document": { "access_control_list": [{ "ac_role_id": self.admin_acr_id, "person": { "id": self.user_id, "type": "Person", } }], "link": factories.random_str(), "title": factories.random_str(), "context": None, } }) return result def read(self): """Read existing Document object.""" res = self.api.get(all_models.Document, self.document_id) return res def update(self): """Update title of existing Document object.""" document = all_models.Document.query.get(self.document_id) return self.api.put(document, {"title": factories.random_str()}) def delete(self): """Delete Document object.""" document = all_models.Document.query.get(self.document_id) return self.api.delete(document) def map(self, document=None): """Map Document to parent object.""" parent = self.parent.__class__.query.get(self.parent_id) map_document = document if document \ else factories.DocumentReferenceUrlFactory() return self.objgen.generate_relationship(source=parent, destination=map_document)[0] def create_and_map(self): """Create new Document and map it to parent.""" response = self.create() document_id = None if response.json and response.json.get("document"): document_id = response.json.get("document", {}).get("id") if not document_id: return response document = all_models.Document.query.get(document_id) return self.map(document) def add_comment(self): """Map new comment to document.""" document = all_models.Document.query.get(self.document_id) _, comment = self.objgen.generate_object( all_models.Comment, { "description": factories.random_str(), "context": None, }) return self.objgen.generate_relationship(source=document, destination=comment)[0] def read_comments(self): """Read comments mapped to document""" document = all_models.Document.query.get(self.document_id) with factories.single_commit(): comment = factories.CommentFactory( description=factories.random_str()) factories.RelationshipFactory(source=document, destination=comment) query_request_data = [{ "fields": [], "filters": { "expression": { "object_name": "Document", "op": { "name": "relevant" }, "ids": [document.id] } }, "object_name": "Comment", }] response = self.api.send_request(self.api.client.post, data=query_request_data, api_link="/query") return response
class EvidenceRBACFactory(base.BaseRBACFactory): """Evidence RBAC factory class.""" def __init__(self, user_id, acr, parent=None): """Set up objects for Evidence permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ self.setup_program_scope(user_id, acr) with factories.single_commit(): evidence = factories.EvidenceUrlFactory() if parent == "Audit": self.mapping_id = factories.RelationshipFactory( source=self.audit, destination=evidence ).id elif parent == "Assessment": self.mapping_id = factories.RelationshipFactory( source=self.assessment, destination=evidence ).id self.evidence_id = evidence.id self.parent = parent self.admin_acr_id = all_models.AccessControlRole.query.filter_by( name="Admin", object_type="Evidence", ).one().id self.user_id = user_id self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api if user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user) def create(self): """Create new Evidence object.""" result = self.api.post(all_models.Evidence, { "evidence": { "access_control_list": [{ "ac_role_id": self.admin_acr_id, "person": { "id": self.user_id, "type": "Person", } }], "link": factories.random_str(), "title": factories.random_str(), "context": None, } }) return result def read(self): """Read existing Evidence object.""" res = self.api.get(all_models.Evidence, self.evidence_id) return res def update(self): """Update title of existing Evidence object.""" evidence = all_models.Evidence.query.get(self.evidence_id) return self.api.put(evidence, {"title": factories.random_str()}) def delete(self): """Delete Evidence object.""" evidence = all_models.Evidence.query.get(self.evidence_id) return self.api.delete(evidence) def map(self, evidence=None): """Map Evidence to parent object.""" if self.parent == "Audit": parent = all_models.Audit.query.get(self.audit_id) else: parent = all_models.Assessment.query.get(self.assessment_id) map_evidence = evidence if evidence else factories.EvidenceUrlFactory() return self.api.put(parent, { "actions": { "add_related": [{ "id": map_evidence.id, "type": "Evidence", }] } }) def create_and_map(self): """Create new Evidence and map it to parent.""" response = self.create() evidence_id = None if response.json and response.json.get("evidence"): evidence_id = response.json.get("evidence", {}).get("id") if not evidence_id: return response evidence = all_models.Evidence.query.get(evidence_id) return self.map(evidence) def add_comment(self): """Map new comment to evidence.""" evidence = all_models.Evidence.query.get(self.evidence_id) _, comment = self.objgen.generate_object(all_models.Comment, { "description": factories.random_str(), "context": None, }) return self.objgen.generate_relationship(source=evidence, destination=comment)[0] def read_comments(self): """Read comments mapped to evidence""" evidence = all_models.Evidence.query.get(self.evidence_id) with factories.single_commit(): comment = factories.CommentFactory(description=factories.random_str()) factories.RelationshipFactory(source=evidence, destination=comment) query_request_data = [{ "fields": [], "filters": { "expression": { "object_name": "Evidence", "op": { "name": "relevant" }, "ids": [evidence.id] } }, "object_name": "Comment", }] response = self.api.send_request( self.api.client.post, data=query_request_data, api_link="/query" ) return response
class TestSnapshot(TestCase): """Basic tests snapshots""" def setUp(self): super(TestSnapshot, self).setUp() self.api = Api() self.generator = generator.ObjectGenerator() def test_search_by_reference_url(self): """Test search audit related snapshots of control type by reference_url""" expected_ref_url = "xxx" with factories.single_commit(): audit = factories.AuditFactory() audit_id = audit.id doc1 = factories.DocumentReferenceUrlFactory(link=expected_ref_url, title=expected_ref_url) doc_id1 = doc1.id doc2 = factories.DocumentReferenceUrlFactory(link="yyy", title="yyy") doc_id2 = doc2.id control = factories.ControlFactory() control_id = control.id response = self.api.post(all_models.Relationship, { "relationship": { "source": {"id": control_id, "type": control.type}, "destination": {"id": doc_id1, "type": doc1.type}, "context": None }, }) self.assertStatus(response, 201) response = self.api.post(all_models.Relationship, { "relationship": { "source": {"id": control_id, "type": control.type}, "destination": {"id": doc_id2, "type": doc2.type}, "context": None }, }) self.assertStatus(response, 201) response = self.api.post(all_models.Relationship, { "relationship": { "source": {"id": control_id, "type": control.type}, "destination": {"id": audit_id, "type": audit.type}, "context": None }, }) self.assertStatus(response, 201) query_request_data = [{ "object_name": "Snapshot", "filters": { "expression": { "left": { "left": "child_type", "op": {"name": "="}, "right": "Control" }, "op": {"name": "AND"}, "right": { "left": { "object_name": "Audit", "op": {"name": "relevant"}, "ids": [audit_id] }, "op": {"name": "AND"}, "right": { "left": { "left": "Reference URL", "op": {"name": "~"}, "right": expected_ref_url }, "op": {"name": "AND"}, "right": { "left": "Status", "op": {"name": "IN"}, "right": ["Active", "Draft", "Deprecated"] } } } } }, }] response = self.api.send_request( self.api.client.post, data=query_request_data, api_link="/query" ) self.assert200(response) self.assertEquals(1, response.json[0]["Snapshot"]["count"]) # pylint: disable=invalid-name def test_identity_revision_after_adding_comment(self): """Test checks identity of revisions after adding comment""" with factories.single_commit(): audit = factories.AuditFactory() standard = factories.StandardFactory() snapshot = self._create_snapshots(audit, [standard])[0] snapshot_id = snapshot.id self.generator.generate_comment(standard, "", "some comment") response = self.api.get(snapshot.__class__, snapshot_id) self.assertStatus(response, 200) self.assertTrue(response.json['snapshot']['is_identical_revision']) def test_is_identical_revision(self): """Test checks correctly work of is_identical_revision flag""" with factories.single_commit(): audit = factories.AuditFactory() standard = factories.StandardFactory() standard_id = standard.id snapshot = self._create_snapshots(audit, [standard])[0] snapshot_id = snapshot.id standard = all_models.Standard.query.get(standard_id) self.api.put(standard, {"title": "Test standard 1"}) snapshot = all_models.Snapshot.query.get(snapshot_id) self.assertFalse(snapshot.is_identical_revision)
class CycleTaskRBACFactory(base.BaseRBACFactory): """Cycle Task RBAC factory class.""" def __init__(self, user_id, acr, parent=None): """Set up objects for Cycle Task permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ # pylint: disable=unused-argument self.setup_workflow_scope(user_id, acr) self.admin_control_id = { name: id for id, name in access_control.role.get_custom_roles_for( "Control").items() }["Admin"] self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api if user_id: self.user_id = user_id user = all_models.Person.query.get(user_id) self.api.set_user(user) def create(self): """Create new Cycle Task object.""" cycle_tg = all_models.CycleTaskGroup.query.first() return self.api.post( all_models.CycleTaskGroupObjectTask, { "cycle_task_group_object_task": { "title": "New Cycle Task", "start_date": datetime.now().strftime("%Y-%m-%d"), "end_date": datetime.now().strftime("%Y-%m-%d"), "context": None, "task_type": "text", "cycle_task_group": { "id": cycle_tg.id, "type": "Task Group", }, "cycle": { "id": cycle_tg.cycle.id, "type": "Cycle", }, } }) def read(self): """Read existing Cycle Task object.""" cycle_task = all_models.CycleTaskGroupObjectTask.query.first() return self.api.get(cycle_task, cycle_task.id) def update(self): """Update title of existing Cycle Task object.""" cycle_task = all_models.CycleTaskGroupObjectTask.query.first() return self.api.put(cycle_task, {"title": factories.random_str()}) def delete(self): """Delete Cycle Task object.""" cycle_task = all_models.CycleTaskGroupObjectTask.query.first() return self.api.delete(cycle_task) def read_revisions(self): """Read revisions for Cycle Task object.""" responses = [] cycle_task = all_models.CycleTaskGroupObjectTask.query.first() for query in [ "source_type={}&source_id={}", "destination_type={}&destination_id={}", "resource_type={}&resource_id={}" ]: responses.append( self.api.get_query( all_models.CycleTaskGroupObjectTask, query.format("cycle_task_group_object_task", cycle_task.id))) return responses def add_comment(self): """Map new comment to cycle task.""" cycle_task = all_models.CycleTaskGroupObjectTask.query.get( self.cycle_task_id) _, comment = self.objgen.generate_object( all_models.Comment, { "description": factories.random_str(), "context": None, }) return self.objgen.generate_relationship(source=cycle_task, destination=comment)[0] def read_comment(self): """Read comments mapped to cycle task""" cycle_task = all_models.CycleTaskGroupObjectTask.query.get( self.cycle_task_id) with factories.single_commit(): comment = factories.CommentFactory( description=factories.random_str()) factories.RelationshipFactory(source=cycle_task, destination=comment) query_request_data = [{ "fields": [], "filters": { "expression": { "object_name": "CycleTaskGroupObjectTask", "op": { "name": "relevant" }, "ids": [cycle_task.id] } }, "object_name": "Comment", }] response = self.api.send_request(self.api.client.post, data=query_request_data, api_link="/query") return response def map_control(self): """Map Control on which user don't have any rights to Cycle Task.""" cycle_task = all_models.CycleTaskGroupObjectTask.query.first() control = factories.ControlFactory() return self.objgen.generate_relationship( source=cycle_task, destination=control, )[0] def map_created_control(self): """Map Control that was created by user to Cycle Task.""" cycle_task = all_models.CycleTaskGroupObjectTask.query.first() control = factories.ControlFactory() # pylint: disable=protected-access for acl in control._access_control_list: if acl.ac_role_id == self.admin_control_id: factories.AccessControlPersonFactory( person_id=self.user_id, ac_list=acl, ) return self.objgen.generate_relationship( source=cycle_task, destination=control, )[0] def read_mapped_control(self): """Read Control object mapped to Cycle Task.""" cycle_task = all_models.CycleTaskGroupObjectTask.query.first() with factories.single_commit(): control = factories.ControlFactory() factories.RelationshipFactory(source=cycle_task, destination=control) return self.api.get(control, control.id) def upmap_control(self): """Unmap Control from Task Group.""" cycle_task = all_models.CycleTaskGroupObjectTask.query.first() with factories.single_commit(): control = factories.ControlFactory() rel = factories.RelationshipFactory(source=cycle_task, destination=control) return self.api.delete(rel) def start(self): """Start Cycle Task.""" cycle_task = all_models.CycleTaskGroupObjectTask.query.first() return self.api.put(cycle_task, {"status": "InProgress"}) def end(self): """End Cycle Task.""" cycle_task = all_models.CycleTaskGroupObjectTask.query.first() return self.api.put(cycle_task, {"status": "Finished"}) def verify(self): """Verify Cycle Task.""" cycle_task = all_models.CycleTaskGroupObjectTask.query.first() return self.api.put(cycle_task, {"status": "Verified"}) def decline(self): """Decline Cycle Task.""" cycle_task = all_models.CycleTaskGroupObjectTask.query.first() return self.api.put(cycle_task, {"status": "Declined"}) def deprecate(self): """Deprecate Cycle Task.""" cycle_task = all_models.CycleTaskGroupObjectTask.query.first() return self.api.put(cycle_task, {"status": "Deprecated"}) def restore(self): """Restore Cycle Task.""" cycle_task = all_models.CycleTaskGroupObjectTask.query.first() return self.api.put(cycle_task, {"status": "Assigned"})
class TestSnapshot(TestCase): """Basic tests snapshots""" def setUp(self): super(TestSnapshot, self).setUp() self.api = Api() def test_search_by_reference_url(self): """Test search audit related snapshots of control type by reference_url""" expected_ref_url = "xxx" with factories.single_commit(): audit = factories.AuditFactory() audit_id = audit.id doc1 = factories.DocumentReferenceUrlFactory(link=expected_ref_url, title=expected_ref_url) doc_id1 = doc1.id doc2 = factories.DocumentReferenceUrlFactory(link="yyy", title="yyy") doc_id2 = doc2.id control = factories.ControlFactory() control_id = control.id response = self.api.post(all_models.Relationship, { "relationship": { "source": {"id": control_id, "type": control.type}, "destination": {"id": doc_id1, "type": doc1.type}, "context": None }, }) self.assertStatus(response, 201) response = self.api.post(all_models.Relationship, { "relationship": { "source": {"id": control_id, "type": control.type}, "destination": {"id": doc_id2, "type": doc2.type}, "context": None }, }) self.assertStatus(response, 201) response = self.api.post(all_models.Relationship, { "relationship": { "source": {"id": control_id, "type": control.type}, "destination": {"id": audit_id, "type": audit.type}, "context": None }, }) self.assertStatus(response, 201) query_request_data = [{ "object_name": "Snapshot", "filters": { "expression": { "left": { "left": "child_type", "op": {"name": "="}, "right": "Control" }, "op": {"name": "AND"}, "right": { "left": { "object_name": "Audit", "op": {"name": "relevant"}, "ids": [audit_id] }, "op": {"name": "AND"}, "right": { "left": { "left": "Reference URL", "op": {"name": "~"}, "right": expected_ref_url }, "op": {"name": "AND"}, "right": { "left": "Status", "op": {"name": "IN"}, "right": ["Active", "Draft", "Deprecated"] } } } } }, }] response = self.api.send_request( self.api.client.post, data=query_request_data, api_link="/query" ) self.assert200(response) self.assertEquals(1, response.json[0]["Snapshot"]["count"])
class TestManualAudit(TestCase): """ Test Audit with manual snapshot mapping""" # pylint: disable=invalid-name def setUp(self): super(TestManualAudit, self).setUp() self.api = Api() self.gen = generator.ObjectGenerator() def assertSnapshotCount(self, count): """Assert snapshots count""" snapshot_count = all_models.Snapshot.query.count() self.assertEqual(snapshot_count, count) def count_related_objectives(self, snapshot_id): """Returns related objectives count for control snapshot""" query_data = [{ "object_name": "Snapshot", "filters": { "expression": { "left": { "left": "child_type", "op": { "name": "=" }, "right": "Objective" }, "op": { "name": "AND" }, "right": { "object_name": "Snapshot", "op": { "name": "relevant" }, "ids": [str(snapshot_id)] } } }, "fields": ["child_id", "child_type", "revision", "parent"] }] response = self.api.send_request(self.api.client.post, data=query_data, api_link="/query") self.assert200(response) return response.json[0]["Snapshot"]["count"] def test_audit_upsert(self): """Test upsert audit with manual mapping Audit with manual mapping should not add new snapshots after calling "Update objects to latest version" """ with factories.single_commit(): program = factories.ProgramFactory() control = factories.ControlFactory() factories.RelationshipFactory(source=program, destination=control) self.api.post(all_models.Audit, [{ "audit": { "title": "New Audit", "program": { "id": program.id, "type": program.type }, "status": "Planned", "context": None, "manual_snapshots": True, } }]) self.assertSnapshotCount(0) audit = all_models.Audit.query.first() self.api.put(audit, data={"snapshots": {"operation": "upsert"}}) self.assertSnapshotCount(0) def test_audit_manual_snapshots(self): """Test audit with manual snapshot mapping""" with factories.single_commit(): program = factories.ProgramFactory() control = factories.ControlFactory() control_id = control.id control2 = factories.ControlFactory( ) # wouldn't be mapped to objective control2_id = control2.id objective = factories.ObjectiveFactory() factories.RelationshipFactory(source=program, destination=control) factories.RelationshipFactory(source=program, destination=control2) factories.RelationshipFactory(source=program, destination=objective) factories.RelationshipFactory(source=control, destination=objective) self.api.post(all_models.Audit, [{ "audit": { "title": "New Audit", "program": { "id": program.id, "type": program.type }, "status": "Planned", "context": None, "manual_snapshots": True, } }]) self.assertSnapshotCount(0) audit = all_models.Audit.query.first() control = all_models.Control.query.get(control_id) control2 = all_models.Control.query.get(control2_id) objective = all_models.Objective.query.first() self.gen.generate_relationship(audit, control) control_snapshot_id = all_models.Snapshot.query.filter_by( child_id=control_id, child_type="Control").first().id self.assertEqual(self.count_related_objectives(control_snapshot_id), 0) self.gen.generate_relationship(audit, objective) self.assertEqual(self.count_related_objectives(control_snapshot_id), 1) self.gen.generate_relationship(audit, control2) control2_snapshot_id = all_models.Snapshot.query.filter_by( child_id=control2_id, child_type="Control").first().id self.assertEqual(self.count_related_objectives(control2_snapshot_id), 0) self.assertSnapshotCount(3)