def test_unauthorized(self):
"""It should return a "Permission Denied" error.
"""
resource = self.factory(workspace=self.workspace, object_permissions_enabled=True)
did = helpers.to_global_id('DatastoreType', resource.pk)
oid = helpers.to_global_id('UserType', self.users['MEMBER'].pk)
privileges = [
'view_datastore',
'change_datastore_metadata',
'change_datastore_settings',
'change_datastore_connection',
'delete_datastore',
]
response = self.execute(variables={
'id': did,
'objectId': oid,
'privileges': privileges,
})
self.assertPermissionDenied(response)
self.assertInstanceDoesNotExist(
audit.Activity,
verb='updated access privileges to',
**serializers.get_audit_kwargs(resource),
)
def test_valid_with_user_object_permission(self):
"""It should update permissions on an object.
"""
resource = self.factory(workspace=self.workspace, object_permissions_enabled=True)
resource.assign_perm(self.user, 'change_datastore_access')
did = helpers.to_global_id('DatastoreType', resource.pk)
oid = helpers.to_global_id('UserType', self.users['OWNER'].pk)
privileges = [
'view_datastore',
'change_datastore_metadata',
'change_datastore_settings',
'change_datastore_connection',
'delete_datastore',
]
response = self.execute(variables={'id': did, 'objectId': oid, 'privileges': privileges})
response = response['data'][self.operation]
self.assertOk(response)
for privilege in privileges:
self.assertTrue(self.users['OWNER'].has_perm(privilege, resource))
self.assertInstanceCreated(
audit.Activity,
verb='updated access privileges to',
**serializers.get_audit_kwargs(resource),
)
def test_valid_with_group_object_permission(self):
"""It should update permissions on an object.
"""
group = factories.GroupFactory(workspace_id=self.workspace.id)
group.user_set.add(self.users['MEMBER'])
resource = self.factory(workspace=self.workspace, object_permissions_enabled=True)
resource.assign_perm(group, 'change_datastore_access')
did = helpers.to_global_id('DatastoreType', resource.pk)
oid = helpers.to_global_id('GroupType', group.pk)
privileges = [
'view_datastore',
'change_datastore',
'change_datastore_access',
]
response = self.execute(variables={'id': did, 'objectId': oid, 'privileges': privileges})
response = response['data'][self.operation]
self.assertOk(response)
for privilege in privileges:
self.assertTrue(self.users['MEMBER'].has_perm(privilege, resource))
self.assertInstanceCreated(
audit.Activity,
verb='updated access privileges to',
**serializers.get_audit_kwargs(resource),
)
def test_when_valid_parent(self, mock_es_update):
"""It should create the comment with a parent.
"""
parent = factories.CommentFactory(content_object=self.resource)
parent_id = helpers.to_global_id('CommentType', parent)
variables = self._get_attributes(parentId=parent_id)
response = self.execute(variables=variables)
response = response['data'][self.operation]
self.assertEqual(
response, {
'comment': {
'html': variables['html'],
'parent': {
'pk': parent.pk,
},
},
'errors': None
})
self.assertInstanceCreated(models.Comment, html=variables['html'])
self.assertInstanceCreated(
audit.Activity,
verb='commented on',
**serializers.get_audit_kwargs(models.Comment.objects.last()),
)
self.assertTrue(mock_es_update.called)
def test_disabled_with_object_permissions(self):
"""It should permanently delete the datastore.
"""
resource = self.factory(workspace=self.workspace, object_permissions_enabled=True)
globalid = helpers.to_global_id('DatastoreType', resource.pk)
resource.assign_perm(self.user, 'change_datastore_access')
response = self.execute(variables={'id': globalid})
response = response['data'][self.operation]
self.assertEqual(response, {
'isEnabled': False,
'errors': None,
})
self.assertInstanceUpdated(
instance=resource,
object_permissions_enabled=False,
)
self.assertInstanceCreated(
audit.Activity,
verb='disabled limited access to',
**serializers.get_audit_kwargs(resource),
)
def test_not_found(self):
variables = {
'id': helpers.to_global_id('DatastoreType', '12345'),
'port': 5432,
}
self.assertPermissionDenied(self.execute(variables=variables))
def test_with_fake_custom_field(self):
"""It should save without the fake field.
"""
resource = resource = self.factory(workspace=self.workspace)
globalid = helpers.to_global_id('DatastoreType', resource.pk)
t_customfield = self.workspace.custom_fields.filter(
content_type__model="table",
).first()
variables = {
'id': globalid,
'disabledTableProperties': [
t_customfield.pk,
"abcdefghijklmnop",
],
}
response = self.execute(variables=variables)
response = response['data'][self.operation]
self.assertEqual(response, {
'datastore': {
'id': globalid,
'disabledDatastoreProperties': [],
'disabledTableProperties': [t_customfield.pk],
},
'errors': None,
})
self.assertInstanceUpdated(
resource,
disable_table_properties=[t_customfield.pk],
)
def test_unauthorized(self):
"""It should return a "Permission Denied" error.
"""
owner = self.resource.owners.create(workspace=self.workspace, owner=self.user)
node_id = helpers.to_global_id('AssetOwnerType', owner.pk)
self.assertPermissionDenied(self.execute(variables={'id': node_id}))
def test_when_valid_html(self, mock_es_update):
"""It should update the HTML of a comment.
"""
resource = factories.CommentFactory(content_object=self.resource,
author=self.user)
globalid = helpers.to_global_id('CommentType', resource.pk)
response = self.execute(variables={
'id': globalid,
'html': '<p>This is valid html</p>'
})
response = response['data'][self.operation]
self.assertInstanceUpdated(resource, html='<p>This is valid html</p>')
self.assertEqual(
response, {
'comment': {
'pk': resource.pk,
'html': '<p>This is valid html</p>',
},
'errors': None,
})
self.assertInstanceCreated(
audit.Activity,
verb='updated comment on',
**serializers.get_audit_kwargs(resource),
)
self.assertTrue(mock_es_update.called)
def test_query_excludes_object_id_changes(self):
"""Test that the query exclude changes to the objectId field.
"""
table = Table.objects.filter(
schema__datastore__id='x1nEp57xLm4N'
).first()
revision = Revision(
revision_id=uuid.uuid4(),
run=self._run,
workspace_id=self._run.workspace_id,
resource=table,
parent_resource=table.schema,
action=Revision.MODIFIED,
metadata={'field': 'object_id', 'old_value': 1000, 'new_value': 2000},
)
revision.set_first_seen_run(self._run)
revision.save()
node_id = helpers.to_global_id('TableType', table.pk)
results = self.execute(self.statement, variables={'tableId': node_id})
results = results['data'][self.operation]
self.assertEqual(
first=len(results['edges']),
second=11,
msg="Node count should equal number of revisions."
)
for edge in results['edges']:
self.assertNotEqual(edge['node']['revisionId'], revision.revision_id)
def test_query_with_orphan_membership(self):
"""Tests when an email is invited that does not have an associated User.
"""
email = '*****@*****.**'
membership, created = self.workspace.grant_membership(email, 'MEMBER')
node_id = helpers.to_global_id('WorkspaceType', self.workspace.pk)
results = self.execute(self.statement,
variables={'workspaceId': node_id})
results = results['data'][self.operation]
members = self.workspace.memberships.all()
self.assertEqual(
first=len(results['edges']),
second=members.count(),
msg="Node count should equal the number of team members.")
self.assertEqual(first=results['totalCount'],
second=len(results['edges']),
msg="Node count should equal totalCount field.")
output = next(
filter(lambda m: m['node']['email'] == email, results['edges']))
self.assertIsNone(output['node']['name'],
msg="Output should contain User without a name.")
def test_does_not_exist(self):
"""It should return a "Resource Not Found" error.
"""
globalid = helpers.to_global_id('CustomFieldType', '12345')
response = self.execute(variables={'id': globalid})
self.assertNotFound(response)
def test_valid_for_table(self):
"""It should update a CustomField scoped to Table models.
"""
resource = self.factory(workspace=self.workspace,
field_type=models.CustomField.ENUM)
globalid = helpers.to_global_id('CustomFieldType', resource.pk)
variables = {
'id': globalid,
'fieldName': helpers.faker.name(),
'validators': {
'choices': ['red', 'blue', 'yellow']
}
}
response = self.execute(variables=variables)
response = response['data'][self.operation]
self.assertEqual(
response, {
'customField': {
'fieldName': variables['fieldName'],
'fieldType': models.CustomField.ENUM,
'validators': variables['validators'],
},
'errors': None
})
self.assertInstanceUpdated(
instance=resource,
field_name=variables['fieldName'],
validators=variables['validators'],
)
def test_invalid_validators(self):
"""It should throw a validation error when a validators are invalid.
"""
resource = self.factory(workspace=self.workspace,
field_type=models.CustomField.ENUM)
globalid = helpers.to_global_id('CustomFieldType', resource.pk)
variables = {
'id': globalid,
'validators': {
'choices': None,
},
}
response = self.execute(variables=variables)
response = response['data'][self.operation]
self.assertEqual(
response, {
'customField':
None,
'errors': [{
'resource': 'CustomField',
'field': 'choices',
'code': 'nulled',
}],
})
def execute_success_test_case(self, owner_type, owner, order):
"""It should create the data asset owner.
"""
variables = {
'id': helpers.to_global_id(owner_type, owner.id),
'order': order,
}
response = self.execute(variables=variables)
response = response['data'][self.operation]
owner_instance = owner.owner
self.assertEqual(response, {
'assetOwner': {
'type': owner_instance.__class__.__name__.upper(),
'order': order,
'owner': {
'name': owner_instance.name,
},
},
'errors': None
})
self.assertInstanceUpdated(self.asset_owner, order=order)
def test_query_when_not_authenticated(self):
"""Outside users should not be able to access this resource.
"""
node_id = helpers.to_global_id('RunType', self.run_id)
results = self.execute(self.statement, variables={'runId': node_id})
self.assertNotFound(results)
def test_query(self):
"""Test the query.
"""
node_id = helpers.to_global_id('RunType', self.run_id)
results = self.execute(self.statement, variables={'runId': node_id})
results = results['data'][self.operation]
run = Run.objects.get(pk=self.run_id)
self.assertEqual(
first=len(results['edges']),
second=run.revision_count,
msg="Node count should equal number of revisions."
)
self.assertEqual(
first=len(results['edges']),
second=results['totalCount'],
msg="Node count should equal totalCount field."
)
types = set()
for result in results['edges']:
types.add(result['node']['relatedResource']['type'])
self.assertEqual(len(types), 4)
def test_unauthorized(self):
"""It should return a "Permission Denied" error.
"""
resource = self.factory(workspace=self.workspace)
globalid = helpers.to_global_id('SSOConnectionType', resource.pk)
response = self.execute(variables={'id': globalid})
self.assertPermissionDenied(response)
def test_valid_for_table(self):
"""It should update the custom properties.
"""
resource = factories.TableFactory(workspace=self.workspace)
globalid = helpers.to_global_id('TableType', resource.pk)
self.execute_success_test_case(resource, globalid)
def test_not_found(self):
"""It should permanently delete the sso connection.
"""
globalid = helpers.to_global_id('SSOConnectionType', '12345')
response = self.execute(variables={'id': globalid})
self.assertPermissionDenied(response)
def execute_success_test_case(self, owner_type, owner):
"""It should create the data asset owner.
"""
variables = {
'objectId': self.object_id,
'ownerId': helpers.to_global_id(owner_type, owner.id),
}
response = self.execute(variables=variables)
response = response['data'][self.operation]
self.assertEqual(response, {
'assetOwner': {
'type': owner.__class__.__name__.upper(),
'owner': {
'id': variables['ownerId'],
'name': owner.name,
},
},
'errors': None
})
resource = models.AssetOwner.objects.get(owner_id=owner.id, object_id=self.resource.id)
self.assertInstanceCreated(
audit.Activity,
verb='created',
**serializers.get_asset_owner_audit_kwargs(resource),
)
def test_delete(self):
node_id = helpers.to_global_id('WorkspaceType', self.workspace.id)
results = self.execute(variables={'id': node_id})
results = results['data'][self.operation]
self.assertOk(results)
self.assertInstanceDeleted(models.Workspace, id=self.workspace.id)
def test_not_found(self):
"""If the datastore does not exist, we return a 404 – Not Found message.
"""
results = self.execute(self.statement, variables={
'datastoreId': helpers.to_global_id('DatastoreType', '123456'),
})
self.assertNotFound(results)
def test_query_with_object_permissions(self):
"""It returns the datastore object.
"""
self.group.user_set.add(self.user)
datastore, variables = self._setup_and_get_variables(object_permissions_enabled=True)
datastore.assign_perm(self.user, 'definitions.view_datastore')
results = self.execute(self.statement, variables=variables)
results = results['data'][self.operation]
self.assertEqual(results, [
{
'id': helpers.to_global_id('GroupType', self.group.pk),
'name': self.group.name,
'privileges': [
'add_datastore',
'change_datastore',
'change_datastore_access',
'change_datastore_connection',
'change_datastore_metadata',
'change_datastore_settings',
'comment_on_datastore',
'delete_datastore',
'view_datastore',
]
}
])
def test_query(self):
"""It returns the table definition object.
"""
_, variables = self._setup_and_get_variables()
results = self.execute(self.statement, variables=variables)
results = results['data'][self.operation]
self.assertEqual(results, [
{
'id': helpers.to_global_id('GroupType', self.group.pk),
'name': self.group.name,
'privileges': [
'add_datastore',
'change_datastore',
'change_datastore_access',
'change_datastore_connection',
'change_datastore_metadata',
'change_datastore_settings',
'comment_on_datastore',
'delete_datastore',
'view_datastore',
]
}
])
def test_object_permissions(self):
"""It should return the requested resource if object-level permissions are granted.
"""
datastore = self.factory(workspace=self.workspace, object_permissions_enabled=True)
global_id = helpers.to_global_id('DatastoreType', datastore.pk)
results = self.execute(self.statement, variables={'id': global_id})
self.assertPermissionDenied(results)
datastore.assign_perm(self.user, 'definitions.view_datastore')
results = self.execute(self.statement, variables={'id': global_id})
results = results['data'][self.operation]
self.assertEqual(results, {
'name': datastore.name,
'tags': datastore.tags,
'version': datastore.version,
'isEnabled': datastore.is_enabled,
'jdbcConnection': {
'engine': datastore.engine,
'host': datastore.host,
'username': datastore.username,
'database': datastore.database,
'port': datastore.port,
},
'sshConfig': {
'isEnabled': datastore.ssh_enabled,
'host': datastore.ssh_host,
'user': datastore.ssh_user,
'port': datastore.ssh_port,
'publicKey': self.workspace.ssh_public_key,
}
})
def test_query_when_not_authorized(self):
"""Outside users should not be able to access this resource.
"""
table = factories.TableFactory(workspace=self.workspace)
global_id = helpers.to_global_id('TableType', table.pk)
variables = {'objectId': global_id}
results = self.execute(self.statement, variables=variables)
self.assertPermissionDenied(results)
def test_query_when_not_authorized(self):
"""Outside users should not be able to access this resource.
"""
resource = self.factory(workspace_id=self.workspace.pk,
author=self.user)
globalid = helpers.to_global_id('CommentType', resource.pk)
response = self.execute(variables={'id': globalid})
self.assertPermissionDenied(response)
def test_valid_with_object_permission_as_owner(self):
"""It should update the datastore.
"""
resource = factories.DatastoreFactory(workspace=self.workspace,
object_permissions_enabled=True)
globalid = helpers.to_global_id('DatastoreType', resource.pk)
self.execute_success_test_case(resource, globalid)
def test_when_not_exists(self, mock_es_remove):
"""It should return a 404 error.
"""
globalid = helpers.to_global_id('CommentType', '1234')
response = self.execute(variables={'id': globalid, 'html': 'Test'})
self.assertPermissionDenied(response)
self.assertFalse(mock_es_remove.called)
