def test_list_submission_users_frec_affil(database):
""" Test listing users based on frec affiliations """
cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')]
frecs = [FRECFactory(frec_code='0000', cgac=cgacs[0]), FRECFactory(frec_code='1111', cgac=cgacs[1])]
first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1', email='*****@*****.**')
other_user = UserFactory.with_cgacs(cgacs[1], name='Test User', email='*****@*****.**')
third_user = UserFactory(name='Frec User', email='*****@*****.**')
third_user.affiliations = [UserAffiliation(frec=frecs[0], user_id=third_user.user_id,
permission_type_id=PERMISSION_TYPE_DICT['reader'])]
database.session.add_all(cgacs + frecs + [first_user, other_user])
database.session.commit()
sub_1 = SubmissionFactory(frec_code=frecs[0].frec_code, user_id=first_user.user_id, is_fabs=False)
sub_2 = SubmissionFactory(cgac_code=cgacs[1].cgac_code, user_id=other_user.user_id, is_fabs=False)
sub_3 = SubmissionFactory(frec_code=frecs[1].frec_code, user_id=other_user.user_id, is_fabs=False)
database.session.add_all([sub_1, sub_2, sub_3])
database.session.commit()
g.user = third_user
response = list_submission_users(False)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# List the first user because they have a submission with that frec
assert len(user_response) == 1
assert user_response[0]['user_id'] == first_user.user_id
assert user_response[0]['name'] == first_user.name
assert user_response[0]['email'] == first_user.email
def test_list_submission_users_cgac_affil(database):
""" Test listing users based on cgac affiliations """
cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')]
first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1')
other_user = UserFactory.with_cgacs(cgacs[1], name='Test User')
database.session.add_all(cgacs + [first_user, other_user])
database.session.commit()
sub_1 = SubmissionFactory(cgac_code=cgacs[0].cgac_code, user_id=first_user.user_id, d2_submission=False)
sub_2 = SubmissionFactory(cgac_code=cgacs[0].cgac_code, user_id=other_user.user_id, d2_submission=False)
database.session.add_all([sub_1, sub_2])
database.session.commit()
g.user = first_user
response = list_submission_users(False)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# List both users because each has a submission with the cgac
assert len(user_response) == 2
assert {user_response[0]['user_id'], user_response[1]['user_id']} == {first_user.user_id, other_user.user_id}
assert {user_response[0]['name'], user_response[1]['name']} == {first_user.name, other_user.name}
g.user = other_user
response = list_submission_users(False)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# List only the submissions this user is part of because they have no cgac/frec affiliations with either submission
assert len(user_response) == 1
assert user_response[0]['user_id'] == other_user.user_id
assert user_response[0]['name'] == other_user.name
def test_list_agencies_limits(monkeypatch, user_constants, domain_app):
"""List agencies should limit to only the user's agencies"""
sess = GlobalDB.db().session
user = UserFactory()
cgac = CGACFactory()
frec_cgac = CGACFactory()
frec = FRECFactory(cgac=frec_cgac)
sub_tiers = [
SubTierAgencyFactory(sub_tier_agency_code='0',
cgac=cgac,
frec=None,
is_frec=False,
sub_tier_agency_name="Test Subtier Agency 0"),
SubTierAgencyFactory(sub_tier_agency_code='1',
cgac=frec_cgac,
frec=frec,
is_frec=True,
sub_tier_agency_name="Test Subtier Agency 1")
]
user.affiliations = [
UserAffiliation(cgac=cgac, frec=None, permission_type_id=2),
UserAffiliation(cgac=None, frec=frec, permission_type_id=2)
]
sess.add_all([cgac] + [frec_cgac] + [frec] + sub_tiers + [user])
sess.commit()
monkeypatch.setattr(domainRoutes, 'g', Mock(user=user))
result = domain_app.get('/v1/list_agencies/').data.decode('UTF-8')
res = json.loads(result)
assert len(res['cgac_agency_list']) == 1
assert len(res['frec_agency_list']) == 1
assert res['cgac_agency_list'][0]['agency_name'] == cgac.agency_name
assert res['cgac_agency_list'][0]['cgac_code'] == cgac.cgac_code
assert res['frec_agency_list'][0]['agency_name'] == frec.agency_name
assert res['frec_agency_list'][0]['frec_code'] == frec.frec_code
def test_list_submission_users_fabs_dabs(database):
""" Test listing DABS vs FABS users """
cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')]
first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1')
other_user = UserFactory.with_cgacs(cgacs[1], name='Test User')
database.session.add_all(cgacs + [first_user, other_user])
database.session.commit()
sub_1 = SubmissionFactory(cgac_code=cgacs[0].cgac_code, user_id=first_user.user_id, d2_submission=False)
sub_2 = SubmissionFactory(cgac_code=cgacs[0].cgac_code, user_id=other_user.user_id, d2_submission=True)
database.session.add_all([sub_1, sub_2])
database.session.commit()
g.user = first_user
response = list_submission_users(False)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# List only the first user because they're the only ones with a DABS submission
assert len(user_response) == 1
assert user_response[0]['user_id'] == first_user.user_id
assert user_response[0]['name'] == first_user.name
response = list_submission_users(True)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# List only the other user because they're the only ones with a FABS submission
assert len(user_response) == 1
assert user_response[0]['user_id'] == other_user.user_id
assert user_response[0]['name'] == other_user.name
def test_list_submissions_permissions(database, monkeypatch):
"""Verify that the user must be in the same CGAC group, the submission's
owner, or website admin to see the submission"""
cgac1, cgac2 = CGACFactory(), CGACFactory()
user1, user2 = UserFactory.with_cgacs(cgac1), UserFactory()
database.session.add_all([cgac1, cgac2, user1, user2])
database.session.commit()
sub = SubmissionFactory(user_id=user2.user_id,
cgac_code=cgac2.cgac_code,
publish_status_id=1)
database.session.add(sub)
database.session.commit()
monkeypatch.setattr(fileHandler, 'g', Mock(user=user1))
assert list_submissions_result()['total'] == 0
user1.affiliations[0].cgac = cgac2
database.session.commit()
assert list_submissions_result()['total'] == 1
user1.affiliations = []
database.session.commit()
assert list_submissions_result()['total'] == 0
sub.user_id = user1.user_id
database.session.commit()
assert list_submissions_result()['total'] == 1
sub.user_id = user2.user_id
database.session.commit()
assert list_submissions_result()['total'] == 0
user1.website_admin = True
database.session.commit()
assert list_submissions_result()['total'] == 1
def test_list_submission_users_admin(database):
""" Test listing all users with a submission (admin called the function) """
cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')]
admin_user = UserFactory(website_admin=True,
name='Admin User',
email='*****@*****.**')
other_user = UserFactory.with_cgacs(cgacs[0],
name='Test User',
email='*****@*****.**')
database.session.add_all(cgacs + [admin_user, other_user])
database.session.commit()
sub_1 = SubmissionFactory(cgac_code=cgacs[0].cgac_code,
user_id=other_user.user_id,
d2_submission=False)
database.session.add(sub_1)
database.session.commit()
g.user = admin_user
response = list_submission_users(False)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# Only lists users with submissions and doesn't care about affiliations because admin
assert len(user_response) == 1
assert user_response[0]['user_id'] == other_user.user_id
assert user_response[0]['name'] == other_user.name
assert user_response[0]['email'] == other_user.email
def test_list_submission_users_owned(database):
""" Test listing users based on owned submissions """
cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')]
first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1')
other_user = UserFactory.with_cgacs(cgacs[0], name='Test User')
database.session.add_all(cgacs + [first_user, other_user])
database.session.commit()
sub_1 = SubmissionFactory(cgac_code=cgacs[1].cgac_code, user_id=other_user.user_id, d2_submission=False)
database.session.add(sub_1)
database.session.commit()
g.user = first_user
response = list_submission_users(False)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# Don't list any submissions because they don't own any and have no cgac/frec affiliations
assert len(user_response) == 0
g.user = other_user
response = list_submission_users(False)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# List the user because they have a submission they own (even though it doesn't match the cgac)
assert len(user_response) == 1
assert user_response[0]['user_id'] == other_user.user_id
assert user_response[0]['name'] == other_user.name
def test_list_submissions_failure(database, monkeypatch):
user = UserFactory(user_id=1)
sub = SubmissionFactory(user_id=1, submission_id=1, number_of_errors=1, publish_status_id=1)
add_models(database, [user, sub])
monkeypatch.setattr(fileHandler, 'g', Mock(user=user))
result = list_submissions_result()
assert result['total'] == 1
assert result['submissions'][0]['status'] == "validation_errors"
delete_models(database, [user, sub])
user = UserFactory(user_id=1)
sub = SubmissionFactory(user_id=1, submission_id=1, publish_status_id=1)
job = JobFactory(submission_id=1, job_status_id=JOB_STATUS_DICT['failed'],
job_type_id=JOB_TYPE_DICT['csv_record_validation'], file_type_id=FILE_TYPE_DICT['award'])
add_models(database, [user, sub, job])
result = list_submissions_result()
assert result['total'] == 1
assert result['submissions'][0]['status'] == "failed"
delete_models(database, [user, sub, job])
user = UserFactory(user_id=1)
sub = SubmissionFactory(user_id=1, submission_id=1, publish_status_id=1)
job = JobFactory(submission_id=1, job_status_id=JOB_STATUS_DICT['invalid'],
job_type_id=JOB_TYPE_DICT['csv_record_validation'], file_type_id=FILE_TYPE_DICT['award'])
add_models(database, [user, sub, job])
result = list_submissions_result()
assert result['total'] == 1
assert result['submissions'][0]['status'] == "file_errors"
delete_models(database, [user, sub, job])
def test_list_submission_users_frec_affil(database):
""" Test listing users based on frec affiliations """
cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')]
frecs = [FRECFactory(frec_code='0000', cgac=cgacs[0]), FRECFactory(frec_code='1111', cgac=cgacs[1])]
first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1')
other_user = UserFactory.with_cgacs(cgacs[1], name='Test User')
third_user = UserFactory(name='Frec User')
third_user.affiliations = [UserAffiliation(frec=frecs[0], user_id=third_user.user_id,
permission_type_id=PERMISSION_TYPE_DICT['reader'])]
database.session.add_all(cgacs + frecs + [first_user, other_user])
database.session.commit()
sub_1 = SubmissionFactory(frec_code=frecs[0].frec_code, user_id=first_user.user_id, d2_submission=False)
sub_2 = SubmissionFactory(cgac_code=cgacs[1].cgac_code, user_id=other_user.user_id, d2_submission=False)
sub_3 = SubmissionFactory(frec_code=frecs[1].frec_code, user_id=other_user.user_id, d2_submission=False)
database.session.add_all([sub_1, sub_2, sub_3])
database.session.commit()
g.user = third_user
response = list_submission_users(False)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# List the first user because they have a submission with that frec
assert len(user_response) == 1
assert user_response[0]['user_id'] == first_user.user_id
assert user_response[0]['name'] == first_user.name
def test_active_user_can_dabs_cgac_writer(database, monkeypatch,
user_constants):
user_cgac, other_cgac = [CGACFactory() for _ in range(2)]
user_writer = UserFactory(affiliations=[
UserAffiliation(cgac=user_cgac,
permission_type_id=PERMISSION_TYPE_DICT['writer'])
])
database.session.add_all([user_cgac, other_cgac, user_writer])
database.session.commit()
monkeypatch.setattr(permissions, 'g', Mock(user=user_writer))
# has permission level, but wrong agency
assert not permissions.active_user_can('reader',
cgac_code=other_cgac.cgac_code)
assert not permissions.active_user_can('writer',
cgac_code=other_cgac.cgac_code)
# has agency, but not permission level
assert not permissions.active_user_can('submitter',
cgac_code=user_cgac.cgac_code)
assert not permissions.active_user_can('editfabs',
cgac_code=user_cgac.cgac_code)
assert not permissions.active_user_can('fabs',
cgac_code=user_cgac.cgac_code)
# right agency, right permission
assert permissions.active_user_can('reader', cgac_code=user_cgac.cgac_code)
assert permissions.active_user_can('writer', cgac_code=user_cgac.cgac_code)
# wrong permission level, wrong agency, but superuser
user_writer.website_admin = True
assert permissions.active_user_can('submitter',
cgac_code=other_cgac.cgac_code)
def test_list_submission_users_fabs_dabs(database):
""" Test listing DABS vs FABS users """
cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')]
first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1')
other_user = UserFactory.with_cgacs(cgacs[1], name='Test User')
database.session.add_all(cgacs + [first_user, other_user])
database.session.commit()
sub_1 = SubmissionFactory(cgac_code=cgacs[0].cgac_code,
user_id=first_user.user_id,
d2_submission=False)
sub_2 = SubmissionFactory(cgac_code=cgacs[0].cgac_code,
user_id=other_user.user_id,
d2_submission=True)
database.session.add_all([sub_1, sub_2])
database.session.commit()
g.user = first_user
response = list_submission_users(False)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# List only the first user because they're the only ones with a DABS submission
assert len(user_response) == 1
assert user_response[0]['user_id'] == first_user.user_id
assert user_response[0]['name'] == first_user.name
response = list_submission_users(True)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# List only the other user because they're the only ones with a FABS submission
assert len(user_response) == 1
assert user_response[0]['user_id'] == other_user.user_id
assert user_response[0]['name'] == other_user.name
def test_list_agencies_limits(domain_app, database):
""" List agencies should limit to only the user's agencies and should not duplicate the same agency even if there
are multiple instances of the same agency in the user permissions.
"""
user = UserFactory()
cgac = CGACFactory()
frec_cgac = CGACFactory()
frec = FRECFactory(cgac=frec_cgac)
sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code='0', cgac=cgac, frec=None, is_frec=False,
sub_tier_agency_name="Test Subtier Agency 0"),
SubTierAgencyFactory(sub_tier_agency_code='1', cgac=frec_cgac, frec=frec, is_frec=True,
sub_tier_agency_name="Test Subtier Agency 1")]
user.affiliations = [UserAffiliation(cgac=cgac, frec=None, permission_type_id=PERMISSION_SHORT_DICT['w']),
UserAffiliation(cgac=cgac, frec=None, permission_type_id=PERMISSION_SHORT_DICT['f']),
UserAffiliation(cgac=None, frec=frec, permission_type_id=PERMISSION_SHORT_DICT['w']),
UserAffiliation(cgac=None, frec=frec, permission_type_id=PERMISSION_SHORT_DICT['f'])]
database.session.add_all([cgac] + [frec_cgac] + [frec] + sub_tiers + [user])
database.session.commit()
g.user = user
result = domain_app.get('/v1/list_agencies/').data.decode('UTF-8')
res = json.loads(result)
assert len(res['cgac_agency_list']) == 1
assert len(res['frec_agency_list']) == 1
assert res['cgac_agency_list'][0]['agency_name'] == cgac.agency_name
assert res['cgac_agency_list'][0]['cgac_code'] == cgac.cgac_code
assert res['frec_agency_list'][0]['agency_name'] == frec.agency_name
assert res['frec_agency_list'][0]['frec_code'] == frec.frec_code
def test_list_submission_users_cgac_affil(database):
""" Test listing users based on cgac affiliations """
cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')]
first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1', email='*****@*****.**')
other_user = UserFactory.with_cgacs(cgacs[1], name='Test User', email='*****@*****.**')
database.session.add_all(cgacs + [first_user, other_user])
database.session.commit()
sub_1 = SubmissionFactory(cgac_code=cgacs[0].cgac_code, user_id=first_user.user_id, is_fabs=False)
sub_2 = SubmissionFactory(cgac_code=cgacs[0].cgac_code, user_id=other_user.user_id, is_fabs=False)
database.session.add_all([sub_1, sub_2])
database.session.commit()
g.user = first_user
response = list_submission_users(False)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# List both users because each has a submission with the cgac
assert len(user_response) == 2
assert {user_response[0]['user_id'], user_response[1]['user_id']} == {first_user.user_id, other_user.user_id}
assert {user_response[0]['name'], user_response[1]['name']} == {first_user.name, other_user.name}
assert {user_response[0]['email'], user_response[1]['email']} == {first_user.email, other_user.email}
g.user = other_user
response = list_submission_users(False)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# List only the submissions this user is part of because they have no cgac/frec affiliations with either submission
assert len(user_response) == 1
assert user_response[0]['user_id'] == other_user.user_id
assert user_response[0]['name'] == other_user.name
assert user_response[0]['email'] == other_user.email
def test_list_submission_users_cgac_frec_affil(database):
""" Test listing users based on both cgac and frec affiliations """
cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')]
frecs = [FRECFactory(frec_code='0000', cgac=cgacs[0]), FRECFactory(frec_code='1111', cgac=cgacs[1])]
first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1', email='*****@*****.**')
other_user = UserFactory.with_cgacs(cgacs[1], name='Test User', email='*****@*****.**')
third_user = UserFactory.with_cgacs(cgacs[1], name='Frec User', email='*****@*****.**')
third_user.affiliations =\
third_user.affiliations + [UserAffiliation(frec=frecs[0], user_id=third_user.user_id,
permission_type_id=PERMISSION_TYPE_DICT['reader'])]
database.session.add_all(cgacs + frecs + [first_user, other_user])
database.session.commit()
# Third user now has cgac 111 and frec 0000
sub_1 = SubmissionFactory(frec_code=frecs[0].frec_code, user_id=first_user.user_id, is_fabs=False)
sub_2 = SubmissionFactory(cgac_code=cgacs[1].cgac_code, user_id=other_user.user_id, is_fabs=False)
sub_3 = SubmissionFactory(frec_code=frecs[1].frec_code, user_id=other_user.user_id, is_fabs=False)
database.session.add_all([sub_1, sub_2, sub_3])
database.session.commit()
g.user = third_user
response = list_submission_users(False)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# List both other users because one has a frec agency and one has a cgac
assert len(user_response) == 2
assert {user_response[0]['user_id'], user_response[1]['user_id']} == {first_user.user_id, other_user.user_id}
assert {user_response[0]['name'], user_response[1]['name']} == {first_user.name, other_user.name}
assert {user_response[0]['email'], user_response[1]['email']} == {first_user.email, other_user.email}
def test_current_user_can_dabs_frec_reader(database, monkeypatch, user_constants):
user_cgac, other_cgac = [CGACFactory() for _ in range(2)]
user_frec, other_frec = FRECFactory(cgac=user_cgac), FRECFactory(cgac=other_cgac)
user_reader = UserFactory(affiliations=[
UserAffiliation(frec=user_frec, permission_type_id=PERMISSION_TYPE_DICT['reader'])
])
database.session.add_all([user_cgac, other_cgac, user_frec, other_frec, user_reader])
database.session.commit()
monkeypatch.setattr(permissions, 'g', Mock(user=user_reader))
# has permission level, but wrong agency
assert not permissions.current_user_can('reader', frec_code=other_frec.frec_code)
# has agency, but not permission level
assert not permissions.current_user_can('writer', frec_code=user_frec.frec_code)
assert not permissions.current_user_can('submitter', frec_code=user_frec.frec_code)
assert not permissions.current_user_can('editfabs', cgac_code=user_frec.frec_code)
assert not permissions.current_user_can('fabs', cgac_code=user_frec.frec_code)
# right agency, right permission
assert permissions.current_user_can('reader', frec_code=user_frec.frec_code)
# wrong permission level, wrong agency, but superuser
user_reader.website_admin = True
assert permissions.current_user_can('submitter', frec_code=other_frec.frec_code)
def test_list_submission_users_cgac_frec_affil(database):
""" Test listing users based on both cgac and frec affiliations """
cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')]
frecs = [FRECFactory(frec_code='0000', cgac=cgacs[0]), FRECFactory(frec_code='1111', cgac=cgacs[1])]
first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1')
other_user = UserFactory.with_cgacs(cgacs[1], name='Test User')
third_user = UserFactory.with_cgacs(cgacs[1], name='Frec User')
third_user.affiliations =\
third_user.affiliations + [UserAffiliation(frec=frecs[0], user_id=third_user.user_id,
permission_type_id=PERMISSION_TYPE_DICT['reader'])]
database.session.add_all(cgacs + frecs + [first_user, other_user])
database.session.commit()
# Third user now has cgac 111 and frec 0000
sub_1 = SubmissionFactory(frec_code=frecs[0].frec_code, user_id=first_user.user_id, d2_submission=False)
sub_2 = SubmissionFactory(cgac_code=cgacs[1].cgac_code, user_id=other_user.user_id, d2_submission=False)
sub_3 = SubmissionFactory(frec_code=frecs[1].frec_code, user_id=other_user.user_id, d2_submission=False)
database.session.add_all([sub_1, sub_2, sub_3])
database.session.commit()
g.user = third_user
response = list_submission_users(False)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# List both other users because one has a frec agency and one has a cgac
assert len(user_response) == 2
assert {user_response[0]['user_id'], user_response[1]['user_id']} == {first_user.user_id, other_user.user_id}
assert {user_response[0]['name'], user_response[1]['name']} == {first_user.name, other_user.name}
def test_current_user_can_multiple_fabs_permissions(database, monkeypatch, user_constants):
user_cgac, other_cgac = [CGACFactory() for _ in range(2)]
user_fabs = UserFactory(affiliations=[
UserAffiliation(cgac=user_cgac, permission_type_id=ALL_PERMISSION_TYPES_DICT['editfabs']),
UserAffiliation(cgac=user_cgac, permission_type_id=ALL_PERMISSION_TYPES_DICT['fabs'])
])
database.session.add_all([user_cgac, other_cgac, user_fabs])
database.session.commit()
monkeypatch.setattr(permissions, 'g', Mock(user=user_fabs))
# has permission level, but wrong agency
assert not permissions.current_user_can('reader', cgac_code=other_cgac.cgac_code)
assert not permissions.current_user_can('editfabs', cgac_code=other_cgac.cgac_code)
assert not permissions.current_user_can('fabs', cgac_code=other_cgac.cgac_code)
# has agency, but not permission level
assert not permissions.current_user_can('writer', cgac_code=user_cgac.cgac_code)
assert not permissions.current_user_can('submitter', cgac_code=user_cgac.cgac_code)
# right agency, right permission
assert permissions.current_user_can('reader', cgac_code=user_cgac.cgac_code)
assert permissions.current_user_can('editfabs', cgac_code=user_cgac.cgac_code)
assert permissions.current_user_can('fabs', cgac_code=user_cgac.cgac_code)
# wrong agency, but superuser
user_fabs.website_admin = True
assert permissions.current_user_can('fabs', cgac_code=other_cgac.cgac_code)
def test_list_submission_users_owned(database):
""" Test listing users based on owned submissions """
cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')]
first_user = UserFactory.with_cgacs(cgacs[0],
name='Test User 1',
email='*****@*****.**')
other_user = UserFactory.with_cgacs(cgacs[0],
name='Test User',
email='*****@*****.**')
database.session.add_all(cgacs + [first_user, other_user])
database.session.commit()
sub_1 = SubmissionFactory(cgac_code=cgacs[1].cgac_code,
user_id=other_user.user_id,
d2_submission=False)
database.session.add(sub_1)
database.session.commit()
g.user = first_user
response = list_submission_users(False)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# Don't list any submissions because they don't own any and have no cgac/frec affiliations
assert len(user_response) == 0
g.user = other_user
response = list_submission_users(False)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# List the user because they have a submission they own (even though it doesn't match the cgac)
assert len(user_response) == 1
assert user_response[0]['user_id'] == other_user.user_id
assert user_response[0]['name'] == other_user.name
assert user_response[0]['email'] == other_user.email
def add_user(email, name, username, website_admin=False):
user = UserFactory(
email=email, website_admin=website_admin,
name=name, username=username,
affiliations=[UserAffiliation(
cgac=cgac,
permission_type_id=PERMISSION_TYPE_DICT['writer']
)]
)
user.salt, user.password_hash = get_password_hash(user_password, Bcrypt())
sess.add(user)
def test_list_submissions_failure(database, job_constants, monkeypatch):
fh = fileHandler.FileHandler(Mock())
mock_value = Mock()
mock_value.getName.return_value = 1
monkeypatch.setattr(fileHandler, 'LoginSession', mock_value)
user = UserFactory(user_id=1, cgac_code='cgac')
sub = SubmissionFactory(user_id=1,
submission_id=1,
number_of_errors=1,
cgac_code='cgac')
add_models(database, [user, sub])
json_response = fh.list_submissions(PAGE, LIMIT, CERTIFIED)
assert json.loads(json_response.get_data().decode("utf-8"))['total'] == 1
assert json.loads(json_response.get_data().decode(
"utf-8"))['submissions'][0]['status'] == "validation_errors"
delete_models(database, [user, sub])
sess = database.session
user = UserFactory(user_id=1, cgac_code='cgac')
sub = SubmissionFactory(user_id=1, submission_id=1, cgac_code='cgac')
job = JobFactory(
submission_id=1,
job_status=sess.query(JobStatus).filter_by(name='failed').one(),
job_type=sess.query(JobType).filter_by(
name='csv_record_validation').one(),
file_type=sess.query(FileType).filter_by(name='award').one())
add_models(database, [user, sub, job])
json_response = fh.list_submissions(PAGE, LIMIT, CERTIFIED)
assert json.loads(json_response.get_data().decode("utf-8"))['total'] == 1
assert json.loads(json_response.get_data().decode(
"utf-8"))['submissions'][0]['status'] == "failed"
delete_models(database, [user, sub, job])
sess = database.session
user = UserFactory(user_id=1, cgac_code='cgac')
sub = SubmissionFactory(user_id=1, submission_id=1, cgac_code='cgac')
job = JobFactory(
submission_id=1,
job_status=sess.query(JobStatus).filter_by(name='invalid').one(),
job_type=sess.query(JobType).filter_by(
name='csv_record_validation').one(),
file_type=sess.query(FileType).filter_by(name='award').one())
add_models(database, [user, sub, job])
json_response = fh.list_submissions(PAGE, LIMIT, CERTIFIED)
assert json.loads(json_response.get_data().decode("utf-8"))['total'] == 1
assert json.loads(json_response.get_data().decode(
"utf-8"))['submissions'][0]['status'] == "file_errors"
delete_models(database, [user, sub, job])
def add_user(email, name, username, permission_type=ALL_PERMISSION_TYPES_DICT['writer'],
website_admin=False):
user = UserFactory(
email=email, website_admin=website_admin,
name=name, username=username,
affiliations=[UserAffiliation(
cgac=cgac,
permission_type_id=permission_type
)]
)
user.salt, user.password_hash = get_password_hash(user_password, Bcrypt())
sess.add(user)
def test_certify_dabs_submission(database, monkeypatch):
""" Tests the certify_dabs_submission function """
with Flask('test-app').app_context():
now = datetime.datetime.utcnow()
sess = database.session
user = UserFactory()
cgac = CGACFactory(cgac_code='001', agency_name='CGAC Agency')
submission = SubmissionFactory(created_at=now, updated_at=now, cgac_code=cgac.cgac_code,
reporting_fiscal_period=3, reporting_fiscal_year=2017, is_quarter_format=True,
publishable=True, publish_status_id=PUBLISH_STATUS_DICT['unpublished'],
d2_submission=False, number_of_errors=0, number_of_warnings=200,
certifying_user_id=None)
sess.add_all([user, cgac, submission])
sess.commit()
g.user = user
file_handler = fileHandler.FileHandler({}, is_local=True)
monkeypatch.setattr(file_handler, 'move_certified_files', Mock(return_value=True))
monkeypatch.setattr(fileHandler.GlobalDB, 'db', Mock(return_value=database))
certify_dabs_submission(submission, file_handler)
sess.refresh(submission)
certify_history = sess.query(CertifyHistory).filter_by(submission_id=submission.submission_id).one_or_none()
assert certify_history is not None
assert submission.certifying_user_id == user.user_id
assert submission.publish_status_id == PUBLISH_STATUS_DICT['published']
def test_list_agencies_superuser(domain_app, database):
""" All agencies should be visible to website admins """
user = UserFactory(website_admin=True)
cgacs = [CGACFactory(cgac_code=str(i)) for i in range(3)]
frec_cgac = CGACFactory()
frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)]
cgac_sub_tiers = [
SubTierAgencyFactory(sub_tier_agency_code=str(i),
cgac=cgacs[i],
frec=None,
is_frec=False,
sub_tier_agency_name="Test Subtier Agency " +
str(i)) for i in range(3)
]
frec_sub_tiers = [
SubTierAgencyFactory(sub_tier_agency_code=str(3 + i),
cgac=frec_cgac,
frec=frecs[i],
is_frec=True,
sub_tier_agency_name="Test Subtier Agency " +
str(3 + i)) for i in range(3)
]
database.session.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers +
frec_sub_tiers + [user])
database.session.commit()
g.user = user
result = domain_app.get('/v1/list_agencies/').data.decode('UTF-8')
response = json.loads(result)
result = {el['cgac_code'] for el in response['cgac_agency_list']}
assert result == {'0', '1', '2'} # i.e. all of them
result = {el['frec_code'] for el in response['frec_agency_list']}
assert result == {'0', '1', '2'} # i.e. all of them
def test_certify_dabs_submission_quarterly_revalidation_multiple_thresholds(database):
""" Tests that a DABS submission is not affected by a different quarterly revalidation threshold than the one that
matches its reporting_start_date.
"""
with Flask('test-app').app_context():
now = datetime.datetime.utcnow()
earlier = now - datetime.timedelta(days=1)
sess = database.session
user = UserFactory()
cgac = CGACFactory(cgac_code='001', agency_name='CGAC Agency')
submission = SubmissionFactory(created_at=earlier, updated_at=earlier, cgac_code=cgac.cgac_code,
reporting_fiscal_period=3, reporting_fiscal_year=2017,
reporting_start_date='2016-10-01', is_quarter_format=True, publishable=True,
publish_status_id=PUBLISH_STATUS_DICT['unpublished'], d2_submission=False,
number_of_errors=0, number_of_warnings=200, certifying_user_id=None)
quarter_reval = QuarterlyRevalidationThresholdFactory(year=2017, quarter=1, window_start=earlier)
quarter_reval_2 = QuarterlyRevalidationThresholdFactory(year=2017, quarter=2,
window_start=now + datetime.timedelta(days=10))
sess.add_all([user, cgac, submission, quarter_reval, quarter_reval_2])
sess.commit()
job = JobFactory(submission_id=submission.submission_id, last_validated=now,
job_type_id=JOB_TYPE_DICT['csv_record_validation'])
sess.add(job)
sess.commit()
g.user = user
file_handler = fileHandler.FileHandler({}, is_local=True)
response = certify_dabs_submission(submission, file_handler)
assert response.status_code == 200
def test_create_session_and_response(database, monkeypatch):
cgacs = [
CGACFactory(cgac_code=str(i) * 3, agency_name=str(i)) for i in range(3)
]
user = UserFactory(
name="my name",
title="my title",
affiliations=[
UserAffiliation(cgac=cgacs[1],
permission_type_id=PERMISSION_TYPE_DICT['reader']),
UserAffiliation(cgac=cgacs[2],
permission_type_id=PERMISSION_TYPE_DICT['writer']),
])
database.session.add_all(cgacs + [user])
database.session.commit()
monkeypatch.setattr(account_handler, 'LoginSession', Mock())
mock_session = {'sid': 'test sid'}
result = account_handler.AccountHandler.create_session_and_response(
mock_session, user)
result = json.loads(result.data.decode('utf-8'))
assert result['message'] == 'Login successful'
assert result['user_id'] == user.user_id
assert result['name'] == 'my name'
assert result['title'] == 'my title'
assert result['session_id'] == 'test sid'
assert dict(agency_name='1', permission='reader') in result['affiliations']
assert dict(agency_name='2', permission='writer') in result['affiliations']
def test_list_submissions_permissions(database, monkeypatch):
"""Verify that the user must be in the same CGAC group, the submission's
owner, or website admin to see the submission"""
cgac1, cgac2 = CGACFactory(), CGACFactory()
user1, user2 = UserFactory.with_cgacs(cgac1), UserFactory()
database.session.add_all([cgac1, cgac2, user1, user2])
database.session.commit()
sub = SubmissionFactory(user_id=user2.user_id, cgac_code=cgac2.cgac_code, publish_status_id=1)
database.session.add(sub)
database.session.commit()
monkeypatch.setattr(fileHandler, 'g', Mock(user=user1))
assert list_submissions_result()['total'] == 0
user1.affiliations[0].cgac = cgac2
database.session.commit()
assert list_submissions_result()['total'] == 1
user1.affiliations = []
database.session.commit()
assert list_submissions_result()['total'] == 0
sub.user_id = user1.user_id
database.session.commit()
assert list_submissions_result()['total'] == 1
sub.user_id = user2.user_id
database.session.commit()
assert list_submissions_result()['total'] == 0
user1.website_admin = True
database.session.commit()
assert list_submissions_result()['total'] == 1
def test_certify_dabs_submission_revalidation_needed(database):
""" Tests the certify_dabs_submission function preventing certification when revalidation threshold isn't met """
with Flask('test-app').app_context():
now = datetime.datetime.utcnow()
earlier = now - datetime.timedelta(days=1)
sess = database.session
user = UserFactory()
cgac = CGACFactory(cgac_code='001', agency_name='CGAC Agency')
submission = SubmissionFactory(created_at=earlier, updated_at=earlier, cgac_code=cgac.cgac_code,
reporting_fiscal_period=3, reporting_fiscal_year=2017, is_quarter_format=True,
publishable=True, publish_status_id=PUBLISH_STATUS_DICT['unpublished'],
d2_submission=False, number_of_errors=0, number_of_warnings=200,
certifying_user_id=None)
reval = RevalidationThresholdFactory(revalidation_date=now)
sess.add_all([user, cgac, submission, reval])
sess.commit()
job = JobFactory(submission_id=submission.submission_id, last_validated=earlier,
job_type_id=JOB_TYPE_DICT['csv_record_validation'])
sess.add(job)
sess.commit()
g.user = user
file_handler = fileHandler.FileHandler({}, is_local=True)
response = certify_dabs_submission(submission, file_handler)
response_json = json.loads(response.data.decode('UTF-8'))
assert response.status_code == 400
assert response_json['message'] == "This submission has not been validated since before the revalidation " \
"threshold ({}), it must be revalidated before certifying.". \
format(now.strftime('%Y-%m-%d %H:%M:%S'))
def test_certify_dabs_submission_quarterly_revalidation_not_in_db(database):
""" Tests that a DABS submission that doesnt have its year/quarter in the system won't be able to certify. """
with Flask('test-app').app_context():
now = datetime.datetime.utcnow()
sess = database.session
user = UserFactory()
cgac = CGACFactory(cgac_code='001', agency_name='CGAC Agency')
submission = SubmissionFactory(created_at=now, updated_at=now, cgac_code=cgac.cgac_code,
reporting_fiscal_period=3, reporting_fiscal_year=2017, is_quarter_format=True,
publishable=True, publish_status_id=PUBLISH_STATUS_DICT['unpublished'],
d2_submission=False, number_of_errors=0, number_of_warnings=200,
certifying_user_id=None)
sess.add_all([user, cgac, submission])
sess.commit()
job = JobFactory(submission_id=submission.submission_id, last_validated=now,
job_type_id=JOB_TYPE_DICT['csv_record_validation'])
sess.add(job)
sess.commit()
g.user = user
file_handler = fileHandler.FileHandler({}, is_local=True)
response = certify_dabs_submission(submission, file_handler)
response_json = json.loads(response.data.decode('UTF-8'))
assert response.status_code == 400
assert response_json['message'] == "No submission window for this year and quarter was found. If this is an " \
"error, please contact the Service Desk."
def test_certify_dabs_submission_quarterly_revalidation_too_early(database):
""" Tests that a DABS submission that was last validated before the window start cannot be certified. """
with Flask('test-app').app_context():
now = datetime.datetime.utcnow()
earlier = now - datetime.timedelta(days=1)
sess = database.session
user = UserFactory()
cgac = CGACFactory(cgac_code='001', agency_name='CGAC Agency')
submission = SubmissionFactory(created_at=earlier, updated_at=earlier, cgac_code=cgac.cgac_code,
reporting_fiscal_period=3, reporting_fiscal_year=2017, is_quarter_format=True,
publishable=True, publish_status_id=PUBLISH_STATUS_DICT['unpublished'],
d2_submission=False, number_of_errors=0, number_of_warnings=200,
certifying_user_id=None)
quarter_reval = QuarterlyRevalidationThresholdFactory(year=2017, quarter=1, window_start=now)
sess.add_all([user, cgac, submission, quarter_reval])
sess.commit()
job = JobFactory(submission_id=submission.submission_id, last_validated=earlier,
job_type_id=JOB_TYPE_DICT['csv_record_validation'])
sess.add(job)
sess.commit()
g.user = user
file_handler = fileHandler.FileHandler({}, is_local=True)
response = certify_dabs_submission(submission, file_handler)
response_json = json.loads(response.data.decode('UTF-8'))
assert response.status_code == 400
assert response_json['message'] == "This submission was last validated or its D files generated before the " \
"start of the submission window ({}). Please revalidate before " \
"certifying.".\
format(quarter_reval.window_start.strftime('%m/%d/%Y'))
def test_list_data_sources(domain_app, database):
""" List all data sources that have a load date """
user = UserFactory()
now = datetime.datetime.now()
external_loads = [
ExternalDataLoadDate(
external_data_load_date_id=-1,
last_load_date_start=now - datetime.timedelta(days=1),
last_load_date_end=now,
external_data_type_id=EXTERNAL_DATA_TYPE_DICT['usps_download']),
ExternalDataLoadDate(
external_data_load_date_id=-2,
last_load_date_start=now - datetime.timedelta(weeks=4),
last_load_date_end=now - datetime.timedelta(weeks=3),
external_data_type_id=EXTERNAL_DATA_TYPE_DICT[
'program_activity_upload'])
]
database.session.add_all(external_loads + [user])
database.session.commit()
g.user = user
result = domain_app.get('/v1/list_data_sources/').data.decode('UTF-8')
response = json.loads(result)
assert len(response.keys()) == 2
assert response['usps_download'] == now.strftime("%m/%d/%Y %H:%M:%S")
assert response['program_activity_upload'] == (
now - datetime.timedelta(weeks=3)).strftime("%m/%d/%Y %H:%M:%S")
def test_list_submissions(file_app, database, user_constants, job_constants):
"""Test listing user's submissions. The expected values here correspond to
the number of submissions within the agency of the user that is logged in
"""
cgacs = [CGACFactory() for _ in range(5)]
user1 = UserFactory.with_cgacs(cgacs[0], cgacs[1])
user2 = UserFactory.with_cgacs(cgacs[2])
user3 = UserFactory.with_cgacs(*cgacs)
database.session.add_all(cgacs + [user1, user2, user3])
database.session.commit()
submissions = [ # one submission per CGAC
SubmissionFactory(cgac_code=cgac.cgac_code,
publish_status_id=PUBLISH_STATUS_DICT['unpublished'])
for cgac in cgacs
]
database.session.add_all(submissions)
g.user = user1
response = file_app.get("/v1/list_submissions/?certified=mixed")
assert sub_ids(response) == {sub.submission_id for sub in submissions[:2]}
response = file_app.get("/v1/list_submissions/?certified=false")
assert sub_ids(response) == {sub.submission_id for sub in submissions[:2]}
response = file_app.get("/v1/list_submissions/?certified=true")
assert sub_ids(response) == set()
submissions[0].publish_status_id = PUBLISH_STATUS_DICT['published']
database.session.commit()
response = file_app.get("/v1/list_submissions/?certified=true")
assert sub_ids(response) == {submissions[0].submission_id}
g.user = user2
response = file_app.get("/v1/list_submissions/?certified=mixed")
assert sub_ids(response) == {submissions[2].submission_id}
g.user = user3
submissions[3].d2_submission = True
submissions[4].d2_submission = True
database.session.commit()
response = file_app.get(
"/v1/list_submissions/?certified=mixed&d2_submission=true")
assert sub_ids(response) == {sub.submission_id for sub in submissions[3:]}
response = file_app.get("/v1/list_submissions/?certified=mixed")
assert sub_ids(response) == {sub.submission_id for sub in submissions[:3]}
def test_list_submissions_sort_success(database, monkeypatch):
user1 = UserFactory(user_id=1, name='Oliver Queen', website_admin=True)
user2 = UserFactory(user_id=2, name='Barry Allen')
sub1 = SubmissionFactory(user_id=1, submission_id=1, number_of_warnings=1, reporting_start_date=date(2010, 1, 1),
publish_status_id=1)
sub2 = SubmissionFactory(user_id=1, submission_id=2, number_of_warnings=1, reporting_start_date=date(2010, 1, 2),
publish_status_id=1)
sub3 = SubmissionFactory(user_id=2, submission_id=3, number_of_warnings=1, reporting_start_date=date(2010, 1, 3),
publish_status_id=1)
sub4 = SubmissionFactory(user_id=2, submission_id=4, number_of_warnings=1, reporting_start_date=date(2010, 1, 4),
publish_status_id=1)
sub5 = SubmissionFactory(user_id=2, submission_id=5, number_of_warnings=1, reporting_start_date=date(2010, 1, 5),
publish_status_id=1)
add_models(database, [user1, user2, sub1, sub2, sub3, sub4, sub5])
monkeypatch.setattr(fileHandler, 'g', Mock(user=user1))
result = list_submissions_sort('reporting', 'desc')
assert result['total'] == 5
sub = result['submissions'][0]
index = 0
for subit in result['submissions']:
index += 1
assert subit['reporting_start_date'] <= sub['reporting_start_date']
sub = subit
result = list_submissions_sort('reporting', 'asc')
assert result['total'] == 5
sub = result['submissions'][0]
for subit in result['submissions']:
assert subit['reporting_start_date'] >= sub['reporting_start_date']
sub = subit
result = list_submissions_sort('submitted_by', 'asc')
assert result['total'] == 5
sub = result['submissions'][0]
for subit in result['submissions']:
assert subit['user']['name'] >= sub['user']['name']
sub = subit
result = list_submissions_sort('submitted_by', 'desc')
assert result['total'] == 5
sub = result['submissions'][0]
for subit in result['submissions']:
assert subit['user']['name'] <= sub['user']['name']
sub = subit
delete_models(database, [user1, user2, sub1, sub2, sub3, sub4, sub5])
def test_list_submissions_failure(database, monkeypatch):
user = UserFactory(user_id=1)
sub = SubmissionFactory(user_id=1,
submission_id=1,
number_of_errors=1,
publish_status_id=1)
add_models(database, [user, sub])
monkeypatch.setattr(fileHandler, 'g', Mock(user=user))
result = list_submissions_result()
assert result['total'] == 1
assert result['submissions'][0]['status'] == "validation_errors"
delete_models(database, [user, sub])
sess = database.session
user = UserFactory(user_id=1)
sub = SubmissionFactory(user_id=1, submission_id=1, publish_status_id=1)
job = JobFactory(
submission_id=1,
job_status=sess.query(JobStatus).filter_by(name='failed').one(),
job_type=sess.query(JobType).filter_by(
name='csv_record_validation').one(),
file_type=sess.query(FileType).filter_by(name='award').one())
add_models(database, [user, sub, job])
result = list_submissions_result()
assert result['total'] == 1
assert result['submissions'][0]['status'] == "failed"
delete_models(database, [user, sub, job])
sess = database.session
user = UserFactory(user_id=1)
sub = SubmissionFactory(user_id=1, submission_id=1, publish_status_id=1)
job = JobFactory(
submission_id=1,
job_status=sess.query(JobStatus).filter_by(name='invalid').one(),
job_type=sess.query(JobType).filter_by(
name='csv_record_validation').one(),
file_type=sess.query(FileType).filter_by(name='award').one())
add_models(database, [user, sub, job])
result = list_submissions_result()
assert result['total'] == 1
assert result['submissions'][0]['status'] == "file_errors"
delete_models(database, [user, sub, job])
def test_list_submissions(file_app, database, user_constants, job_constants):
"""Test listing user's submissions. The expected values here correspond to
the number of submissions within the agency of the user that is logged in
"""
cgacs = [CGACFactory() for _ in range(5)]
user1 = UserFactory.with_cgacs(cgacs[0], cgacs[1])
user2 = UserFactory.with_cgacs(cgacs[2])
user3 = UserFactory.with_cgacs(*cgacs)
database.session.add_all(cgacs + [user1, user2, user3])
database.session.commit()
submissions = [ # one submission per CGAC
SubmissionFactory(cgac_code=cgac.cgac_code, publish_status_id=PUBLISH_STATUS_DICT['unpublished'])
for cgac in cgacs
]
database.session.add_all(submissions)
g.user = user1
response = file_app.get("/v1/list_submissions/?certified=mixed")
assert sub_ids(response) == {sub.submission_id for sub in submissions[:2]}
response = file_app.get("/v1/list_submissions/?certified=false")
assert sub_ids(response) == {sub.submission_id for sub in submissions[:2]}
response = file_app.get("/v1/list_submissions/?certified=true")
assert sub_ids(response) == set()
submissions[0].publish_status_id = PUBLISH_STATUS_DICT['published']
database.session.commit()
response = file_app.get("/v1/list_submissions/?certified=true")
assert sub_ids(response) == {submissions[0].submission_id}
g.user = user2
response = file_app.get("/v1/list_submissions/?certified=mixed")
assert sub_ids(response) == {submissions[2].submission_id}
g.user = user3
submissions[3].d2_submission = True
submissions[4].d2_submission = True
database.session.commit()
response = file_app.get("/v1/list_submissions/?certified=mixed&d2_submission=true")
assert sub_ids(response) == {sub.submission_id for sub in submissions[3:]}
response = file_app.get("/v1/list_submissions/?certified=mixed")
assert sub_ids(response) == {sub.submission_id for sub in submissions[:3]}
def test_get_accessible_agencies(database):
""" Test listing all the agencies (CGAC and FREC) that are accessible based on permissions given """
# The first cgac/frec don't have sub tiers associated, they should still show up when affiliations are present
cgacs = [CGACFactory(cgac_code=str(i), agency_name="Test Agency " + str(i)) for i in range(3)]
frec_cgac = CGACFactory()
frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)]
cgac_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(i), cgac=cgacs[i], frec=None, is_frec=False,
sub_tier_agency_name="Test Subtier Agency C" + str(i)) for i in range(1, 3)]
frec_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(3 + i), cgac=frec_cgac, frec=frecs[i], is_frec=True,
sub_tier_agency_name="Test Subtier Agency F" + str(i)) for i in range(1, 3)]
database.session.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers + frec_sub_tiers)
database.session.commit()
user = UserFactory(affiliations=[
UserAffiliation(user_affiliation_id=1, cgac=cgacs[0], frec=None,
permission_type_id=PERMISSION_TYPE_DICT['writer']),
UserAffiliation(user_affiliation_id=2, cgac=None, frec=frecs[1],
permission_type_id=PERMISSION_TYPE_DICT['reader']),
UserAffiliation(user_affiliation_id=3, cgac=None, frec=frecs[2],
permission_type_id=PERMISSION_TYPE_DICT['reader'])
])
database.session.add(user)
database.session.commit()
g.user = user
# Test one CGAC and 2 FRECs, have to decode it because we send it back as a response already
results = get_accessible_agencies()
frec_code_result = {el["frec_code"] for el in results["frec_agency_list"]}
frec_name_result = {el["agency_name"] for el in results["frec_agency_list"]}
assert len(results["cgac_agency_list"]) == 1
assert len(results["frec_agency_list"]) == 2
assert results["cgac_agency_list"][0]["agency_name"] == cgacs[0].agency_name
assert results["cgac_agency_list"][0]["cgac_code"] == cgacs[0].cgac_code
assert frec_name_result == {frecs[1].agency_name, frecs[2].agency_name}
assert frec_code_result == {frecs[1].frec_code, frecs[2].frec_code}
# Test when user is website admin, should return everything, but only 2 frecs because only 2 of the 3 have the
# frec flag
user.affiliations = []
user.website_admin = True
results = get_accessible_agencies()
assert len(results["cgac_agency_list"]) == 3
assert len(results["frec_agency_list"]) == 2
def test_list_sub_tier_agencies_admin(domain_app, database):
""" List all sub tiers that a user has FABS permissions for """
user = UserFactory(website_admin=True)
cgacs = [CGACFactory(cgac_code=str(i)) for i in range(3)]
frec_cgac = CGACFactory()
frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)]
cgac_sub_tiers = [
SubTierAgencyFactory(sub_tier_agency_code=str(i),
cgac=cgacs[i],
frec=None,
is_frec=False,
sub_tier_agency_name="Test Subtier Agency " +
str(i)) for i in range(3)
]
frec_sub_tiers = [
SubTierAgencyFactory(sub_tier_agency_code=str(3 + i),
cgac=frec_cgac,
frec=frecs[i],
is_frec=True,
sub_tier_agency_name="Test Subtier Agency " +
str(3 + i)) for i in range(3)
]
user.affiliations = [
UserAffiliation(cgac=cgacs[0],
frec=None,
permission_type_id=PERMISSION_SHORT_DICT['f']),
UserAffiliation(cgac=None,
frec=frecs[2],
permission_type_id=PERMISSION_SHORT_DICT['f'])
]
database.session.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers +
frec_sub_tiers + [user])
database.session.commit()
g.user = user
result = domain_app.get('/v1/list_sub_tier_agencies/').data.decode('UTF-8')
response = json.loads(result)
result = {el['agency_code'] for el in response['sub_tier_agency_list']}
assert len(response["sub_tier_agency_list"]
) == 6 # All of them, ignores affiliations
assert result == {'0', '1', '2', '3', '4',
'5'} # All of them, ignores affiliations
def test_list_user_emails(database, user_constants, user_app):
cgacs = [CGACFactory() for _ in range(3)]
users = [UserFactory.with_cgacs(cgacs[0]),
UserFactory.with_cgacs(cgacs[0], cgacs[1]),
UserFactory.with_cgacs(cgacs[1]),
UserFactory.with_cgacs(cgacs[2])]
database.session.add_all(users)
database.session.commit()
def user_ids():
result = user_app.get('/v1/list_user_emails/').data.decode('UTF-8')
return {user['id'] for user in json.loads(result)['users']}
g.user = users[0]
assert user_ids() == {users[0].user_id, users[1].user_id}
g.user = users[3]
assert user_ids() == {users[3].user_id}
g.user.website_admin = True
database.session.commit()
assert user_ids() == {user.user_id for user in users}
def test_list_agencies_all(domain_app, database):
"""All agencies should be visible to website admins"""
user = UserFactory()
cgacs = [CGACFactory(cgac_code=str(i)) for i in range(3)]
frec_cgac = CGACFactory()
frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)]
cgac_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(i), cgac=cgacs[i], frec=None, is_frec=False,
sub_tier_agency_name="Test Subtier Agency "+str(i)) for i in range(3)]
frec_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(3+i), cgac=frec_cgac, frec=frecs[i], is_frec=True,
sub_tier_agency_name="Test Subtier Agency "+str(3+i)) for i in range(3)]
user.affiliations = [UserAffiliation(cgac=cgacs[0], frec=frecs[0], permission_type_id=PERMISSION_SHORT_DICT['w'])]
database.session.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers + frec_sub_tiers + [user])
database.session.commit()
g.user = user
result = domain_app.get('/v1/list_all_agencies/').data.decode('UTF-8')
response = json.loads(result)
result = {el['cgac_code'] for el in response['agency_list']}
assert result == {'0', '1', '2'} # i.e. all of them
result = {el['frec_code'] for el in response['shared_agency_list']}
assert result == {'0', '1', '2'} # i.e. all of them
def test_list_sub_tier_agencies(domain_app, database):
""" List all sub tiers that a user has FABS permissions for """
user = UserFactory()
cgacs = [CGACFactory(cgac_code=str(i)) for i in range(3)]
frec_cgac = CGACFactory()
frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)]
cgac_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(i), cgac=cgacs[i], frec=None, is_frec=False,
sub_tier_agency_name="Test Subtier Agency " + str(i)) for i in range(3)]
frec_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(3 + i), cgac=frec_cgac, frec=frecs[i], is_frec=True,
sub_tier_agency_name="Test Subtier Agency " + str(3 + i)) for i in range(3)]
user.affiliations = [UserAffiliation(cgac=cgacs[0], frec=None, permission_type_id=PERMISSION_SHORT_DICT['f']),
UserAffiliation(cgac=None, frec=frecs[2], permission_type_id=PERMISSION_SHORT_DICT['f'])]
database.session.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers + frec_sub_tiers + [user])
database.session.commit()
g.user = user
result = domain_app.get('/v1/list_sub_tier_agencies/').data.decode('UTF-8')
response = json.loads(result)
result = {el['agency_code'] for el in response['sub_tier_agency_list']}
assert len(response["sub_tier_agency_list"]) == 2 # Only one cgac and one frec
assert result == {'0', '5'} # Only subtiers created from the relevant cgacs
def test_requires_submission_perm_no_submission(database, test_app):
"""If no submission exists, we should see an exception"""
sub = SubmissionFactory(user=UserFactory())
database.session.add(sub)
database.session.commit()
g.user = sub.user
fn = permissions.requires_submission_perms('writer')(Mock())
# Does not raise exception
fn(sub.submission_id)
with pytest.raises(ResponseException):
fn(sub.submission_id + 1) # different submission id
def test_certify_dabs_submission(database, monkeypatch):
""" Tests the certify_dabs_submission function """
with Flask('test-app').app_context():
now = datetime.datetime.utcnow()
sess = database.session
user = UserFactory()
cgac = CGACFactory(cgac_code='001', agency_name='CGAC Agency')
submission = SubmissionFactory(created_at=now, updated_at=now, cgac_code=cgac.cgac_code,
reporting_fiscal_period=3, reporting_fiscal_year=2017, is_quarter_format=True,
publishable=True, publish_status_id=PUBLISH_STATUS_DICT['unpublished'],
d2_submission=False, number_of_errors=0, number_of_warnings=200,
certifying_user_id=None)
quarter_reval = QuarterlyRevalidationThresholdFactory(year=2017, quarter=1,
window_start=now - datetime.timedelta(days=1))
sess.add_all([user, cgac, submission, quarter_reval])
sess.commit()
comment = CommentFactory(file_type_id=FILE_TYPE_DICT['appropriations'], comment='Test',
submission_id=submission.submission_id)
job_1 = JobFactory(submission_id=submission.submission_id, last_validated=now,
job_type_id=JOB_TYPE_DICT['csv_record_validation'])
job_2 = JobFactory(submission_id=submission.submission_id, last_validated=now + datetime.timedelta(days=1),
job_type_id=JOB_TYPE_DICT['csv_record_validation'])
sess.add_all([job_1, job_2, comment])
sess.commit()
flex_field = FlexField(file_type_id=FILE_TYPE_DICT['appropriations'], header='flex_test', job_id=job_1.job_id,
submission_id=submission.submission_id, row_number=2, cell=None)
sess.add(flex_field)
sess.commit()
g.user = user
file_handler = fileHandler.FileHandler({}, is_local=True)
monkeypatch.setattr(file_handler, 'move_certified_files', Mock(return_value=True))
monkeypatch.setattr(fileHandler.GlobalDB, 'db', Mock(return_value=database))
certify_dabs_submission(submission, file_handler)
sess.refresh(submission)
certify_history = sess.query(CertifyHistory).filter_by(submission_id=submission.submission_id).one_or_none()
assert certify_history is not None
assert submission.certifying_user_id == user.user_id
assert submission.publish_status_id == PUBLISH_STATUS_DICT['published']
# Make sure certified comments are created
certified_comment = sess.query(CertifiedComment).filter_by(submission_id=submission.submission_id).one_or_none()
assert certified_comment is not None
# Make sure certified flex fields are created
certified_flex = sess.query(CertifiedFlexField).filter_by(submission_id=submission.submission_id).one_or_none()
assert certified_flex is not None
def test_permissions_filter_admin(database, monkeypatch):
sess = database.session
db_objects = []
# Setup admin user
admin_user = UserFactory(name='Administrator', website_admin=True)
db_objects.append(admin_user)
monkeypatch.setattr(filters_helper, 'g', Mock(user=admin_user))
# admin user queries should be identical to the provided query
base_query = sess.query(Submission)
query = filters_helper.permissions_filter(base_query)
assert query == base_query
def test_delete_user(database):
user_handler = UserHandler()
# Create user with email
user_to_be_deleted = UserFactory()
email = user_to_be_deleted.email
other_user = UserFactory()
database.session.add_all([user_to_be_deleted, other_user])
database.session.commit()
# Create two submissions for this user and one for a different user
sub_one = SubmissionFactory(user_id=user_to_be_deleted.user_id)
sub_two = SubmissionFactory(user_id=user_to_be_deleted.user_id)
other_sub = SubmissionFactory(user_id=other_user.user_id)
database.session.add_all([sub_one, sub_two, other_sub])
database.session.commit()
# Delete a user
user_handler.deleteUser(email)
# Confirm user has been deleted and that user's submissions have no user_id
assert database.session.query(User).filter_by(email=email).count() == 0
assert sub_one.user_id is None
assert sub_two.user_id is None
# Confirm that other submission was not affected
assert other_sub.user_id == other_user.user_id
def test_list_agencies_limits(domain_app, database):
"""List agencies should limit to only the user's agencies"""
user = UserFactory()
cgac = CGACFactory()
frec_cgac = CGACFactory()
frec = FRECFactory(cgac=frec_cgac)
sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code='0', cgac=cgac, frec=None, is_frec=False,
sub_tier_agency_name="Test Subtier Agency 0"),
SubTierAgencyFactory(sub_tier_agency_code='1', cgac=frec_cgac, frec=frec, is_frec=True,
sub_tier_agency_name="Test Subtier Agency 1")]
user.affiliations = [UserAffiliation(cgac=cgac, frec=None, permission_type_id=PERMISSION_SHORT_DICT['w']),
UserAffiliation(cgac=None, frec=frec, permission_type_id=PERMISSION_SHORT_DICT['w'])]
database.session.add_all([cgac] + [frec_cgac] + [frec] + sub_tiers + [user])
database.session.commit()
g.user = user
result = domain_app.get('/v1/list_agencies/').data.decode('UTF-8')
res = json.loads(result)
assert len(res['cgac_agency_list']) == 1
assert len(res['frec_agency_list']) == 1
assert res['cgac_agency_list'][0]['agency_name'] == cgac.agency_name
assert res['cgac_agency_list'][0]['cgac_code'] == cgac.cgac_code
assert res['frec_agency_list'][0]['agency_name'] == frec.agency_name
assert res['frec_agency_list'][0]['frec_code'] == frec.frec_code
def test_list_submission_users_admin(database):
""" Test listing all users with a submission (admin called the function) """
cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')]
admin_user = UserFactory(website_admin=True, name='Admin User')
other_user = UserFactory.with_cgacs(cgacs[0], name='Test User')
database.session.add_all(cgacs + [admin_user, other_user])
database.session.commit()
sub_1 = SubmissionFactory(cgac_code=cgacs[0].cgac_code, user_id=other_user.user_id, d2_submission=False)
database.session.add(sub_1)
database.session.commit()
g.user = admin_user
response = list_submission_users(False)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# Only lists users with submissions and doesn't care about affiliations because admin
assert len(user_response) == 1
assert user_response[0]['user_id'] == other_user.user_id
assert user_response[0]['name'] == other_user.name
def test_current_user_can(database, monkeypatch, user_constants):
# Test CGAC DABS permissions
user_cgac, other_cgac = [CGACFactory() for _ in range(2)]
user_one = UserFactory(affiliations=[
UserAffiliation(cgac=user_cgac, permission_type_id=PERMISSION_TYPE_DICT['writer'])
])
database.session.add_all([user_cgac, other_cgac, user_one])
database.session.commit()
monkeypatch.setattr(permissions, 'g', Mock(user=user_one))
# has permission level, but wrong agency
assert not permissions.current_user_can('reader', other_cgac.cgac_code, None)
# has agency, but not permission level
assert not permissions.current_user_can('submitter', user_cgac.cgac_code, None)
# right agency, right permission
assert permissions.current_user_can('writer', user_cgac.cgac_code, None)
assert permissions.current_user_can('reader', user_cgac.cgac_code, None)
# wrong permission level, wrong agency, but superuser
user_one.website_admin = True
assert permissions.current_user_can('submitter', other_cgac.cgac_code, None)
# Test FREC DABS permissions
user_frec, other_frec = [FRECFactory(cgac=user_cgac) for _ in range(2)]
user_two = UserFactory(affiliations=[
UserAffiliation(frec=user_frec, permission_type_id=PERMISSION_TYPE_DICT['writer'])
])
database.session.add_all([user_frec, other_frec, user_two])
database.session.commit()
monkeypatch.setattr(permissions, 'g', Mock(user=user_two))
# has permission level, but wrong agency
assert not permissions.current_user_can('reader', None, other_frec.frec_code)
# has agency, but not permission level
assert not permissions.current_user_can('submitter', None, user_frec.frec_code)
# right agency, right permission
assert permissions.current_user_can('writer', None, user_frec.frec_code)
assert permissions.current_user_can('reader', None, user_frec.frec_code)
# wrong permission level, wrong agency, but superuser
user_two.website_admin = True
assert permissions.current_user_can('submitter', None, other_frec.frec_code)
# Test FABS permissions
user_three = UserFactory(affiliations=[
UserAffiliation(cgac=user_cgac, permission_type_id=PERMISSION_SHORT_DICT['f'])
])
database.session.add(user_three)
database.session.commit()
monkeypatch.setattr(permissions, 'g', Mock(user=user_three))
# has permission level, but wrong agency
assert not permissions.current_user_can('fabs', other_cgac.cgac_code, None)
# has agency, but not permission level
assert not permissions.current_user_can('submitter', user_cgac.cgac_code, None)
# right agency, right permission
assert permissions.current_user_can('fabs', user_cgac.cgac_code, None)
# wrong permission level, wrong agency, but superuser
user_three.website_admin = True
assert permissions.current_user_can('submitter', other_cgac.cgac_code, None)
def test_current_page(file_app, database):
"""Test the route to check what the current progress of the submission is at
the correct page
"""
cgac = CGACFactory()
user = UserFactory.with_cgacs(cgac)
user.user_id = 1
user.name = 'Oliver Queen'
user.website_admin = True
database.session.add(user)
database.session.commit()
g.user = user
sub = SubmissionFactory(user_id=1, cgac_code=cgac.cgac_code)
database.session.add(sub)
database.session.commit()
csv_validation = JOB_TYPE_DICT['csv_record_validation']
upload = JOB_TYPE_DICT['file_upload']
validation = JOB_TYPE_DICT['validation']
finished_job = JOB_STATUS_DICT['finished']
waiting = JOB_STATUS_DICT['waiting']
job_a = JobFactory(submission_id=sub.submission_id, file_type_id=FILE_TYPE_DICT['appropriations'],
job_type_id=csv_validation, number_of_errors=0, file_size=123, job_status_id=finished_job)
job_b = JobFactory(submission_id=sub.submission_id, file_type_id=FILE_TYPE_DICT['program_activity'],
job_type_id=csv_validation, number_of_errors=0, file_size=123, job_status_id=finished_job)
job_c = JobFactory(submission_id=sub.submission_id, file_type_id=FILE_TYPE_DICT['award_financial'],
job_type_id=csv_validation, number_of_errors=0, file_size=123, job_status_id=finished_job)
job_d1 = JobFactory(submission_id=sub.submission_id, file_type_id=FILE_TYPE_DICT['award_procurement'],
job_type_id=csv_validation, number_of_errors=0, file_size=123, job_status_id=finished_job)
job_d2 = JobFactory(submission_id=sub.submission_id, file_type_id=FILE_TYPE_DICT['award'],
job_type_id=csv_validation, number_of_errors=0, file_size=123, job_status_id=finished_job)
job_e = JobFactory(submission_id=sub.submission_id, file_type_id=FILE_TYPE_DICT['executive_compensation'],
job_type_id=upload, number_of_errors=0, file_size=123, job_status_id=finished_job)
job_f = JobFactory(submission_id=sub.submission_id, file_type_id=FILE_TYPE_DICT['sub_award'], job_type_id=upload,
number_of_errors=0, file_size=123, job_status_id=finished_job)
job_cross_file = JobFactory(submission_id=sub.submission_id, file_type_id=None, job_type_id=validation,
number_of_errors=0, file_size=123, job_status_id=finished_job)
database.session.add_all([job_a, job_b, job_c, job_d1, job_d2, job_e, job_f, job_cross_file])
database.session.commit()
# Everything ok
response = file_app.get("/v1/check_current_page/?submission_id=" + str(sub.submission_id))
response_json = json.loads(response.data.decode('UTF-8'))
assert response_json['step'] == '5'
job_e.job_status_id = 6
database.session.commit()
# E or F failed
response = file_app.get("/v1/check_current_page/?submission_id=" + str(sub.submission_id))
response_json = json.loads(response.data.decode('UTF-8'))
assert response_json['step'] == '4'
job_e.job_status_id = 4
job_cross_file.number_of_errors = 6
database.session.commit()
# Restore job_e and create errors for cross_file
response = file_app.get("/v1/check_current_page/?submission_id=" + str(sub.submission_id))
response_json = json.loads(response.data.decode('UTF-8'))
assert response_json['step'] == '3'
job_d1.number_of_errors = 6
database.session.commit()
# D file has errors
response = file_app.get("/v1/check_current_page/?submission_id=" + str(sub.submission_id))
response_json = json.loads(response.data.decode('UTF-8'))
assert response_json['step'] == '2'
job_c.number_of_errors = 6
database.session.commit()
# Fail C file validation
response = file_app.get("/v1/check_current_page/?submission_id=" + str(sub.submission_id))
response_json = json.loads(response.data.decode('UTF-8'))
assert response_json['step'] == '1'
job_cross_file.job_status_id = waiting
job_d1.number_of_errors = 0
database.session.commit()
# E and F generated with C file errors
response = file_app.get("/v1/check_current_page/?submission_id=" + str(sub.submission_id))
response_json = json.loads(response.data.decode('UTF-8'))
assert response_json['step'] == '1'
