def test_plot_history_shows_all_trees(self):
p = Plot(instance=self.instance, geom=self.p)
p.save_with_user(self.user)
self.assertEqual(len(p.get_tree_history()), 0)
t = Tree(plot=p, instance=self.instance)
t.save_with_user(self.user)
tpk = t.pk
self.assertEqual(list(p.get_tree_history()), [tpk])
t.delete_with_user(self.user)
self.assertEqual(list(p.get_tree_history()), [tpk])
t2 = Tree(plot=p, instance=self.instance)
t2.save_with_user(self.user)
self.assertEqual(list(p.get_tree_history()), [t2.pk, tpk])
t3 = Tree(plot=p, instance=self.instance)
t3.save_with_user(self.user)
self.assertEqual(list(p.get_tree_history()), [t3.pk, t2.pk, tpk])
def test_plot_history_shows_all_trees(self):
p = Plot(instance=self.instance, geom=self.p)
p.save_with_user(self.user)
self.assertEqual(len(p.get_tree_history()), 0)
t = Tree(plot=p, instance=self.instance)
t.save_with_user(self.user)
tpk = t.pk
self.assertEqual(list(p.get_tree_history()), [tpk])
t.delete_with_user(self.user)
self.assertEqual(list(p.get_tree_history()), [tpk])
t2 = Tree(plot=p, instance=self.instance)
t2.save_with_user(self.user)
self.assertEqual(list(p.get_tree_history()), [t2.pk, tpk])
t3 = Tree(plot=p, instance=self.instance)
t3.save_with_user(self.user)
self.assertEqual(list(p.get_tree_history()), [t3.pk, t2.pk, tpk])
def test_delete_tree_sets_updated(self):
tree = Tree(diameter=10, plot=self.plot, instance=self.instance)
tree.save_with_user(self.user)
self.plot = Plot.objects.get(pk=self.plot.pk)
self.inital_updated = self.plot.updated_at
tree.delete_with_user(self.user)
self.assertGreater(self.plot.updated_at, self.initial_updated)
def test_delete_tree_sets_updated(self):
tree = Tree(diameter=10, plot=self.plot, instance=self.instance)
tree.save_with_user(self.user)
self.plot = Plot.objects.get(pk=self.plot.pk)
self.inital_updated = self.plot.updated_at
tree.delete_with_user(self.user)
self.assertGreater(self.plot.updated_at, self.initial_updated)
def test_delete_tree_sets_updated(self):
tree = Tree(diameter=10, plot=self.plot, instance=self.instance)
tree.save_with_user(self.user)
self.plot.refresh_from_db()
self.inital_updated = self.plot.updated_at
tree.delete_with_user(self.fellow)
self.plot.refresh_from_db()
self.assertGreater(self.plot.updated_at, self.initial_updated)
self.assertEqual(self.plot.updated_by, self.fellow)
def test_delete_tree_sets_updated(self):
tree = Tree(diameter=10, plot=self.plot, instance=self.instance)
tree.save_with_user(self.user)
self.plot.refresh_from_db()
self.inital_updated = self.plot.updated_at
tree.delete_with_user(self.fellow)
self.plot.refresh_from_db()
self.assertGreater(self.plot.updated_at, self.initial_updated)
self.assertEqual(self.plot.updated_by, self.fellow)
def test_basic_audit(self):
p = Point(-8515222.0, 4953200.0)
plot = Plot(geom=p, instance=self.instance)
plot.save_with_user(self.user1)
self.assertAuditsEqual([
self.make_audit(plot.pk, 'id', None, str(plot.pk), model='Plot'),
self.make_audit(plot.pk, 'readonly', None, 'False', model='Plot'),
self.make_audit(
plot.pk, 'geom', None, str(plot.geom), model='Plot')
], plot.audits())
t = Tree(plot=plot, instance=self.instance, readonly=True)
t.save_with_user(self.user1)
expected_audits = [
self.make_audit(t.pk, 'id', None, str(t.pk)),
self.make_audit(t.pk, 'readonly', None, True),
self.make_audit(t.pk, 'plot', None, plot.pk)
]
self.assertAuditsEqual(expected_audits, t.audits())
t.readonly = False
t.save_with_user(self.user2)
expected_audits.insert(
0,
self.make_audit(t.pk,
'readonly',
'True',
'False',
action=Audit.Type.Update,
user=self.user2))
self.assertAuditsEqual(expected_audits, t.audits())
old_pk = t.pk
t.delete_with_user(self.user1)
expected_audits.insert(
0,
self.make_audit(old_pk,
None,
None,
None,
action=Audit.Type.Delete,
user=self.user1))
self.assertAuditsEqual(
expected_audits,
Audit.audits_for_model('Tree', self.instance, old_pk))
def test_basic_audit(self):
p = Point(-8515222.0, 4953200.0)
plot = Plot(geom=p, instance=self.instance)
plot.save_with_user(self.user1)
self.assertAuditsEqual([
self.make_audit(plot.pk, 'id', None, str(plot.pk), model='Plot'),
self.make_audit(plot.pk, 'readonly', None, 'False',
model='Plot'),
self.make_audit(plot.pk, 'geom', None, str(plot.geom),
model='Plot')], plot.audits())
t = Tree(plot=plot, instance=self.instance, readonly=True)
t.save_with_user(self.user1)
expected_audits = [
self.make_audit(t.pk, 'id', None, str(t.pk)),
self.make_audit(t.pk, 'readonly', None, True),
self.make_audit(t.pk, 'plot', None, plot.pk)]
self.assertAuditsEqual(expected_audits, t.audits())
t.readonly = False
t.save_with_user(self.user2)
expected_audits.insert(
0, self.make_audit(t.pk, 'readonly', 'True', 'False',
action=Audit.Type.Update, user=self.user2))
self.assertAuditsEqual(expected_audits, t.audits())
old_pk = t.pk
t.delete_with_user(self.user1)
expected_audits.insert(
0, self.make_audit(old_pk, None, None, None,
action=Audit.Type.Delete, user=self.user1))
self.assertAuditsEqual(
expected_audits,
Audit.audits_for_model('Tree', self.instance, old_pk))
class UserRoleModelPermissionTest(MultiUserTestCase):
def setUp(self):
super(UserRoleModelPermissionTest, self).setUp()
self.plot = Plot(geom=self.p1, instance=self.instance)
self.plot.save_with_user(self.direct_user)
self.tree = Tree(plot=self.plot, instance=self.instance)
self.tree.save_with_user(self.direct_user)
def _change_user_role(self, user, role):
iuser = user.get_instance_user(self.instance)
iuser.role = role
iuser.save_with_user(self.commander_user)
def test_save_new_object_authorized_officer(self):
''' Save two new objects with authorized user,
nothing should happen'''
plot = Plot(geom=self.p1, instance=self.instance)
plot.save_with_user(self.direct_user)
tree = Tree(plot=plot, instance=self.instance)
tree.save_with_user(self.direct_user)
def test_save_new_object_authorized_conjurer(self):
''' Save two new objects with authorized user,
nothing should happen'''
plot = Plot(geom=self.p1, instance=self.instance)
plot.save_with_user(self.conjurer_user)
tree = Tree(plot=plot, instance=self.instance)
tree.save_with_user(self.conjurer_user)
def test_save_new_object_unauthorized_outlaw(self):
plot = Plot(geom=self.p1, instance=self.instance)
self.assertRaises(AuthorizeException,
plot.save_with_user, self.outlaw_user)
plot.save_base()
tree = Tree(plot=plot, instance=self.instance)
self.assertRaises(AuthorizeException,
tree.save_with_user, self.outlaw_user)
def test_save_new_object_unauthorized_tweaker(self):
plot = Plot(geom=self.p1, instance=self.instance)
self.assertRaises(AuthorizeException,
plot.save_with_user, self.tweaker_user)
plot.save_base()
tree = Tree(plot=plot, instance=self.instance)
self.assertRaises(AuthorizeException,
tree.save_with_user, self.tweaker_user)
def test_assign_commander_role_can_delete(self):
with self.assertRaises(AuthorizeException):
self.tree.delete_with_user(self.outlaw_user)
self._change_user_role(
self.outlaw_user, make_commander_role(self.tree.get_instance()))
self.tree.delete_with_user(self.outlaw_user)
self.assertEqual(Tree.objects.count(), 0)
def test_delete_object(self):
with self.assertRaises(AuthorizeException):
self.tree.delete_with_user(self.outlaw_user)
self.tree.delete_with_user(self.commander_user)
with self.assertRaises(AuthorizeException):
self.plot.delete_with_user(self.outlaw_user, cascade=True)
self.plot.delete_with_user(self.commander_user, cascade=True)
def test_delete_object_you_created(self):
outlaw_role = self.outlaw_user.get_role(self.instance)
self._change_user_role(self.direct_user, outlaw_role)
self.tree.delete_with_user(self.direct_user)
self.plot.delete_with_user(self.direct_user, cascade=True)
class UserRoleFieldPermissionTest(OTMTestCase):
def setUp(self):
self.p1 = Point(-8515941.0, 4953519.0)
self.instance = make_instance(point=self.p1)
self.commander = make_commander_user(self.instance)
self.officer = make_officer_user(self.instance)
self.observer = make_observer_user(self.instance)
self.outlaw = make_user_with_default_role(self.instance, 'outlaw')
self.plot = Plot(geom=self.p1, instance=self.instance)
self.plot.save_with_user(self.officer)
self.tree = Tree(plot=self.plot, instance=self.instance)
self.tree.save_with_user(self.officer)
def test_no_permission_cant_edit_object(self):
self.plot.length = 10
self.assertRaises(AuthorizeException,
self.plot.save_with_user, self.outlaw)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.tree.diameter = 10
self.assertRaises(AuthorizeException,
self.tree.save_with_user, self.outlaw)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
def test_readonly_cant_edit_object(self):
self.plot.length = 10
self.assertRaises(AuthorizeException,
self.plot.save_with_user, self.observer)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.tree.diameter = 10
self.assertRaises(AuthorizeException,
self.tree.save_with_user, self.observer)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
def test_writeperm_allows_write(self):
self.plot.length = 10
self.plot.save_with_user(self.officer)
self.assertEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.tree.diameter = 10
self.tree.save_with_user(self.officer)
self.assertEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
def test_save_new_object_authorized(self):
'''Save two new objects with authorized user, nothing should happen'''
plot = Plot(geom=self.p1, instance=self.instance)
plot.save_with_user(self.officer)
tree = Tree(plot=plot, instance=self.instance)
tree.save_with_user(self.officer)
def test_save_new_object_unauthorized(self):
plot = Plot(geom=self.p1, instance=self.instance)
self.assertRaises(AuthorizeException,
plot.save_with_user, self.outlaw)
plot.save_base()
tree = Tree(plot=plot, instance=self.instance)
self.assertRaises(AuthorizeException,
tree.save_with_user, self.outlaw)
def test_make_administrator_can_delete(self):
with self.assertRaises(AuthorizeException):
self.tree.delete_with_user(self.outlaw)
iuser = self.outlaw.get_instance_user(self.instance)
role = Role.objects.create(instance=self.instance,
name=Role.ADMINISTRATOR,
rep_thresh=0)
iuser.role = role
iuser.save_with_user(self.commander)
self.tree.delete_with_user(self.outlaw)
self.assertEqual(Tree.objects.count(), 0)
def test_delete_object(self):
with self.assertRaises(AuthorizeException):
self.tree.delete_with_user(self.outlaw)
with self.assertRaises(AuthorizeException):
self.plot.delete_with_user(self.outlaw, cascade=True)
with self.assertRaises(AuthorizeException):
self.tree.delete_with_user(self.officer)
with self.assertRaises(AuthorizeException):
self.plot.delete_with_user(self.officer, cascade=True)
self.tree.delete_with_user(self.commander)
self.plot.delete_with_user(self.commander, cascade=True)
def test_masking_authorized(self):
"When masking with a superuser, nothing should happen"
self.plot.width = 5
self.plot.save_with_user(self.commander)
plot = Plot.objects.get(pk=self.plot.pk)
plot.mask_unauthorized_fields(self.commander)
self.assertEqual(self.plot.width, plot.width)
def test_masking_unauthorized(self):
"Masking changes an unauthorized field to None"
self.plot.width = 5
self.plot.save_base()
plot = Plot.objects.get(pk=self.plot.pk)
plot.mask_unauthorized_fields(self.observer)
self.assertEqual(None, plot.width)
plot = Plot.objects.get(pk=self.plot.pk)
plot.mask_unauthorized_fields(self.outlaw)
self.assertEqual(None, plot.width)
def test_masking_whole_queryset(self):
"Masking also works on entire querysets"
self.plot.width = 5
self.plot.save_base()
plots = Plot.objects.filter(pk=self.plot.pk)
plot = Plot.mask_queryset(plots, self.observer)[0]
self.assertEqual(None, plot.width)
def test_write_fails_if_any_fields_cant_be_written(self):
""" If a user tries to modify several fields simultaneously,
only some of which s/he has access to, the write will fail
for all fields."""
self.plot.length = 10
self.plot.width = 110
self.assertRaises(AuthorizeException,
self.plot.save_with_user, self.officer)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).width, 110)
self.tree.diameter = 10
self.tree.canopy_height = 110
self.assertRaises(AuthorizeException, self.tree.save_with_user,
self.officer)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter,
10)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).canopy_height,
110)
class UserRoleModelPermissionTest(MultiUserTestCase):
def setUp(self):
super(UserRoleModelPermissionTest, self).setUp()
self.plot = Plot(geom=self.p1, instance=self.instance)
self.plot.save_with_user(self.direct_user)
self.tree = Tree(plot=self.plot, instance=self.instance)
self.tree.save_with_user(self.direct_user)
def _change_user_role(self, user, role):
iuser = user.get_instance_user(self.instance)
iuser.role = role
iuser.save_with_user(self.commander_user)
def test_save_new_object_authorized_officer(self):
''' Save two new objects with authorized user,
nothing should happen'''
plot = Plot(geom=self.p1, instance=self.instance)
plot.save_with_user(self.direct_user)
tree = Tree(plot=plot, instance=self.instance)
tree.save_with_user(self.direct_user)
def test_save_new_object_authorized_conjurer(self):
''' Save two new objects with authorized user,
nothing should happen'''
plot = Plot(geom=self.p1, instance=self.instance)
plot.save_with_user(self.conjurer_user)
tree = Tree(plot=plot, instance=self.instance)
tree.save_with_user(self.conjurer_user)
def test_save_new_object_unauthorized_outlaw(self):
plot = Plot(geom=self.p1, instance=self.instance)
self.assertRaises(AuthorizeException,
plot.save_with_user, self.outlaw_user)
plot.save_base()
tree = Tree(plot=plot, instance=self.instance)
self.assertRaises(AuthorizeException,
tree.save_with_user, self.outlaw_user)
def test_save_new_object_unauthorized_tweaker(self):
plot = Plot(geom=self.p1, instance=self.instance)
self.assertRaises(AuthorizeException,
plot.save_with_user, self.tweaker_user)
plot.save_base()
tree = Tree(plot=plot, instance=self.instance)
self.assertRaises(AuthorizeException,
tree.save_with_user, self.tweaker_user)
def test_assign_commander_role_can_delete(self):
with self.assertRaises(AuthorizeException):
self.tree.delete_with_user(self.outlaw_user)
self._change_user_role(
self.outlaw_user, make_commander_role(self.tree.get_instance()))
self.tree.delete_with_user(self.outlaw_user)
self.assertEqual(Tree.objects.count(), 0)
def test_delete_object(self):
with self.assertRaises(AuthorizeException):
self.tree.delete_with_user(self.outlaw_user)
self.tree.delete_with_user(self.commander_user)
with self.assertRaises(AuthorizeException):
self.plot.delete_with_user(self.outlaw_user, cascade=True)
self.plot.delete_with_user(self.commander_user, cascade=True)
def test_delete_object_you_created(self):
outlaw_role = self.outlaw_user.get_role(self.instance)
self._change_user_role(self.direct_user, outlaw_role)
self.tree.delete_with_user(self.direct_user)
self.plot.delete_with_user(self.direct_user, cascade=True)
class UserRoleFieldPermissionTest(OTMTestCase):
def setUp(self):
self.p1 = Point(-8515941.0, 4953519.0)
self.instance = make_instance(point=self.p1)
self.commander = make_commander_user(self.instance)
self.officer = make_officer_user(self.instance)
self.observer = make_observer_user(self.instance)
self.outlaw = make_user_with_default_role(self.instance, 'outlaw')
self.plot = Plot(geom=self.p1, instance=self.instance)
self.plot.save_with_user(self.officer)
self.tree = Tree(plot=self.plot, instance=self.instance)
self.tree.save_with_user(self.officer)
def test_no_permission_cant_edit_object(self):
self.plot.length = 10
self.assertRaises(AuthorizeException, self.plot.save_with_user,
self.outlaw)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.tree.diameter = 10
self.assertRaises(AuthorizeException, self.tree.save_with_user,
self.outlaw)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
def test_readonly_cant_edit_object(self):
self.plot.length = 10
self.assertRaises(AuthorizeException, self.plot.save_with_user,
self.observer)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.tree.diameter = 10
self.assertRaises(AuthorizeException, self.tree.save_with_user,
self.observer)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
def test_writeperm_allows_write(self):
self.plot.length = 10
self.plot.save_with_user(self.officer)
self.assertEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.tree.diameter = 10
self.tree.save_with_user(self.officer)
self.assertEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
def test_save_new_object_authorized(self):
'''Save two new objects with authorized user, nothing should happen'''
plot = Plot(geom=self.p1, instance=self.instance)
plot.save_with_user(self.officer)
tree = Tree(plot=plot, instance=self.instance)
tree.save_with_user(self.officer)
def test_save_new_object_unauthorized(self):
plot = Plot(geom=self.p1, instance=self.instance)
self.assertRaises(AuthorizeException, plot.save_with_user, self.outlaw)
plot.save_base()
tree = Tree(plot=plot, instance=self.instance)
self.assertRaises(AuthorizeException, tree.save_with_user, self.outlaw)
def test_make_administrator_can_delete(self):
with self.assertRaises(AuthorizeException):
self.tree.delete_with_user(self.outlaw)
iuser = self.outlaw.get_instance_user(self.instance)
role = Role.objects.create(instance=self.instance,
name=Role.ADMINISTRATOR,
rep_thresh=0)
iuser.role = role
iuser.save_with_user(self.commander)
self.tree.delete_with_user(self.outlaw)
self.assertEqual(Tree.objects.count(), 0)
def test_delete_object(self):
with self.assertRaises(AuthorizeException):
self.tree.delete_with_user(self.outlaw)
with self.assertRaises(AuthorizeException):
self.plot.delete_with_user(self.outlaw, cascade=True)
with self.assertRaises(AuthorizeException):
self.tree.delete_with_user(self.officer)
with self.assertRaises(AuthorizeException):
self.plot.delete_with_user(self.officer, cascade=True)
self.tree.delete_with_user(self.commander)
self.plot.delete_with_user(self.commander, cascade=True)
def test_masking_authorized(self):
"When masking with a superuser, nothing should happen"
self.plot.width = 5
self.plot.save_with_user(self.commander)
plot = Plot.objects.get(pk=self.plot.pk)
plot.mask_unauthorized_fields(self.commander)
self.assertEqual(self.plot.width, plot.width)
def test_masking_unauthorized(self):
"Masking changes an unauthorized field to None"
self.plot.width = 5
self.plot.save_base()
plot = Plot.objects.get(pk=self.plot.pk)
plot.mask_unauthorized_fields(self.observer)
self.assertEqual(None, plot.width)
plot = Plot.objects.get(pk=self.plot.pk)
plot.mask_unauthorized_fields(self.outlaw)
self.assertEqual(None, plot.width)
def test_masking_whole_queryset(self):
"Masking also works on entire querysets"
self.plot.width = 5
self.plot.save_base()
plots = Plot.objects.filter(pk=self.plot.pk)
plot = Plot.mask_queryset(plots, self.observer)[0]
self.assertEqual(None, plot.width)
def test_write_fails_if_any_fields_cant_be_written(self):
""" If a user tries to modify several fields simultaneously,
only some of which s/he has access to, the write will fail
for all fields."""
self.plot.length = 10
self.plot.width = 110
self.assertRaises(AuthorizeException, self.plot.save_with_user,
self.officer)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).width, 110)
self.tree.diameter = 10
self.tree.canopy_height = 110
self.assertRaises(AuthorizeException, self.tree.save_with_user,
self.officer)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
self.assertNotEqual(
Tree.objects.get(pk=self.tree.pk).canopy_height, 110)
