def test_can_access_his_profile(app): flask.g.user = Employee(id=1, first_name="Alice", last_name="Cooper", username="******", phone_number="1", birth_date=datetime.utcnow(), pin_code=9999, account_status="on", user_status="on", registration_date=datetime.utcnow(), email="*****@*****.**", password="******") assert has_privilege(method=Method.READ, resource="employee", employee_id=1)
def test_can_access_location_tables(app, db_session): """User with Location Admin role can access the tables from a Location owned by the company they work at""" company = Company(id=1, name="Foo Inc.", code="code1", address="addr") location = Location(id=1, name="name", code="123", company_id=company.id, country="US", region="region", city="city", address="address", longitude="123", latitude="123", type="type", status="status") floor = Floor(id=1, description="1st Floor", location_id=location.id) shape = TableShape(id=1, description="Round Table", picture="/path/to/file.jpg") table = Table(id=1, name="some table", floor_id=floor.id, x=40, y=50, width=320, height=150, status=1, max_capacity=12, multiple=False, playstation=False, shape_id=1) db_session.add(company) db_session.add(location) db_session.add(floor) db_session.add(shape) db_session.commit() db_session.add(table) user = Employee(id=1, first_name="Alice", last_name="Cooper", username="******", phone_number="1", birth_date=datetime.utcnow(), pin_code=3333, account_status="on", user_status="on", registration_date=datetime.utcnow(), company_id=company.id, email="*****@*****.**", password="******") flask.g.user = user db_session.add(user) db_session.commit() assert has_privilege(method=Method.READ, resource="tables", id=table.id)
def test_login(db_session): employee = Employee(first_name="Alice", last_name="Cooper", username="******", phone_number="1", account_status="A", birth_date=datetime.utcnow(), pin_code=4567, registration_date=datetime.utcnow(), user_status="U", email="*****@*****.**", password=auth_hash("pass")) db_session.add(employee) db_session.commit() error = login("vgv", "pass") assert not error assert flask.session['user_id'] == employee.id
def create_employee(): return Employee(first_name="John", last_name="Smith", username="******", phone_number="123", birth_date=datetime.utcnow(), registration_date=datetime.utcnow(), account_status="A", user_status="Working", email="*****@*****.**", password="******", pin_code=1234)
def test_can_access_own_employees(app): """ @todo #180:30min We need to clean global object after test finish its execution to prevent collision with other tests. Probably we need to make a pytest fixture for this. """ flask.g.user = Employee(id=1, first_name="Alice", last_name="Cooper", username="******", phone_number="1", birth_date=datetime.utcnow(), registration_date=datetime.utcnow(), email="*****@*****.**", password="******") assert has_privilege(method=Method.READ, resource="employee")
def test_cant_access_other_company_employees(app, db_session): my_company = Company(id=1, name="Foo Inc.", code="code1", address="addr") db_session.add(my_company) me = Employee(id=1, first_name="Alice", last_name="Cooper", username="******", phone_number="1", birth_date=datetime.utcnow(), pin_code=3333, account_status="on", user_status="on", registration_date=datetime.utcnow(), company_id=my_company.id, email="*****@*****.**", password="******") db_session.add(me) flask.g.user = me other_company = Company(id=2, name="Bar Inc.", code="code2", address="addr") db_session.add(other_company) other = Employee(id=2, first_name="Bob", last_name="Cooper", username="******", phone_number="1", birth_date=datetime.utcnow(), pin_code=4444, account_status="on", user_status="on", registration_date=datetime.utcnow(), company_id=other_company.id, email="*****@*****.**", password="******") db_session.add(other) db_session.commit() assert not has_privilege( method=Method.READ, resource="employee", employee_id=other.id)
def test_incorrect_password(db_session): employee = Employee(first_name="Alice", last_name="Cooper", username="******", phone_number="1", birth_date=datetime.utcnow(), registration_date=datetime.utcnow(), email="*****@*****.**", password="******") db_session.add(employee) db_session.commit() error = login("vgv", "unknown") assert (error == "Incorrect password.")
def test_login(db_session): employee = Employee(first_name="Alice", last_name="Cooper", username="******", phone_number="1", account_status="A", birth_date=datetime.utcnow(), pin_code=4567, registration_date=datetime.utcnow(), user_status="U", email="*****@*****.**", password="******") db_session.add(employee) db_session.commit() """error = login("vgv", "pass")""" error = login("unknown", "unknown"); db_session.delete(employee) db_session.commit() db_session.remove() assert (error == "login.failed")
def test_insert_employee(db_session): """Integration test for adding and selecting Employee""" employee = Employee(first_name="Alice", last_name="Cooper", username="******", phone_number="1", birth_date=datetime.utcnow(), registration_date=datetime.utcnow(), email="*****@*****.**", password="******") db_session.add(employee) db_session.commit() row = db_session.query(Employee).get(employee.id) assert row.username == "alice"
def create_employee(): """ Create new instance of Employee to reuse it in other tests """ return Employee(first_name="John", last_name="Smith", username="******", phone_number="123", birth_date=datetime.utcnow(), registration_date=datetime.utcnow(), account_status="A", user_status="Working", email="*****@*****.**", password="******", pin_code=1234, comment="No comments", )
def test_login(db_session): employee = Employee(first_name="Alice", last_name="Cooper", username="******", phone_number="1", birth_date=datetime.utcnow(), registration_date=datetime.utcnow(), email="*****@*****.**", password="******") db_session.add(employee) db_session.commit() error = login("vgv", "pass") db_session.delete(employee) db_session.commit() db_session.remove() assert (error is None)
def test_can_not_manage_locations_from_different_company( clean_app, db_session): my_company = Company(id=1, name="Foo Inc.", code="code1", address="addr") db_session.add(my_company) me = Employee(id=1, first_name="Bob", last_name="Cooper", username="******", phone_number="1", birth_date=datetime.utcnow(), pin_code=1111, account_status="on", user_status="on", registration_date=datetime.utcnow(), company_id=my_company.id, email="*****@*****.**", password="******") db_session.add(me) flask.g.user = me other_company = Company(id=2, name="Bar Inc.", code="code2", address="addr") db_session.add(other_company) location = Location(name="name", code="123", company_id=other_company.id, country="US", region="region", city="city", address="address", longitude="123", latitude="123", type="type", status="status") db_session.add(location) db_session.commit() assert not has_privilege( method=Method.READ, resource="location", id=location.id) assert not has_privilege( method=Method.CREATE, resource="location", id=location.id) assert not has_privilege( method=Method.UPDATE, resource="location", id=location.id) assert not has_privilege( method=Method.DELETE, resource="location", id=location.id)
def setup_class(cls, mocked_auth): cls.port = free_port() start_server(cls.port, locations=cls.locations) cls.company = Company( name="Any company", code="Cpny", employees=[ Employee(username="******", password="******", first_name="Richard", last_name="Myers", phone_number="112233", birth_date=datetime.datetime.utcnow(), pin_code=4567, email="*****@*****.**") ], locations=[ Location(id=40, name="Tapper", code="T", company_id=50, poster_id=2, synchronized_on=datetime.datetime(1983, 5, 10)), Location(id=150, name="Hard Rock", code="H", company_id=50, poster_id=10, synchronized_on=datetime.datetime(1983, 5, 10)) ]) access_token = Authenticated( PosterAuthData( application_id="test_application_id", application_secret="test_application_secret", redirect_uri="test_redirect_uri", code="test_code", )) cls.poster_sync = PosterSync cls.poster = Poster(url="http://localhost:{port}".format( port=cls.port))
def test_item_assign(): """ Test item assign """ company = Company(id=223, name="Bad Company", code="Bad Cmpny", address="addr") item = Item(id=1, name="Duck Eggs", stock_date=datetime.utcnow, comment="Eggs from ducks", company_id=company.id, created_on=datetime.utcnow, updated_on=datetime.utcnow, company=company) assignee = Employee(id=15, first_name="Johnny", last_name="Cash", username="******", phone_number="555-5555", birth_date=datetime.utcnow(), registration_date=datetime.utcnow(), account_status="active", user_status="active", email="*****@*****.**", password="******", pin_code=55, comment="A famous american country singer", company_id=223) assert not item.employee_id item.assign(employee=assignee) assert (item.employee_id == assignee.id, "Item assigned to wrong employee") assert (item.item_history()[0].employee_id == assignee.id, "ItemHistory with wrong employee")
def test_can_not_manage_employees_from_different_company( clean_app, db_session): boss_company = Company(name="Mothers Of Invention Inc.", code="code1", address="addr") db_session.add(boss_company) db_session.commit() owner_role = Role(id=1, name="owner", works_on_shifts=False, company_id=boss_company.id) db_session.add(owner_role) db_session.commit() boss = Employee(first_name="Frank", last_name="Zappa", username="******", phone_number="1", birth_date=datetime.utcnow(), pin_code=6547, account_status="on", user_status="on", registration_date=datetime.utcnow(), company_id=boss_company.id, email="*****@*****.**", password="******", role_id=owner_role.id) db_session.add(boss) flask.g.user = boss employee_company = Company(name="Damage Inc.", code="code2", address="addr") db_session.add(employee_company) db_session.commit() employee_role = Role(id=2, name="employee", works_on_shifts=False, company_id=employee_company.id) db_session.add(employee_role) db_session.commit() employee = Employee(first_name="James", last_name="Hetfield", username="******", phone_number="1", birth_date=datetime.utcnow(), pin_code=7777, account_status="on", user_status="on", registration_date=datetime.utcnow(), company_id=employee_company.id, email="*****@*****.**", password="******", role_id=employee_role.id) db_session.add(employee) db_session.commit() assert not has_privilege( method=Method.READ, resource="employee", employee_id=employee.id) assert not has_privilege(method=Method.CREATE, resource="employee") assert not has_privilege( method=Method.UPDATE, resource="employee", employee_id=employee.id) assert not has_privilege( method=Method.DELETE, resource="employee", employee_id=employee.id)