def test_plot_history_shows_all_trees(self): p = Plot(instance=self.instance, geom=self.p) p.save_with_user(self.user) self.assertEqual(len(p.get_tree_history()), 0) t = Tree(plot=p, instance=self.instance) t.save_with_user(self.user) tpk = t.pk self.assertEqual(list(p.get_tree_history()), [tpk]) t.delete_with_user(self.user) self.assertEqual(list(p.get_tree_history()), [tpk]) t2 = Tree(plot=p, instance=self.instance) t2.save_with_user(self.user) self.assertEqual(list(p.get_tree_history()), [t2.pk, tpk]) t3 = Tree(plot=p, instance=self.instance) t3.save_with_user(self.user) self.assertEqual(list(p.get_tree_history()), [t3.pk, t2.pk, tpk])
def test_delete_tree_sets_updated(self): tree = Tree(diameter=10, plot=self.plot, instance=self.instance) tree.save_with_user(self.user) self.plot = Plot.objects.get(pk=self.plot.pk) self.inital_updated = self.plot.updated_at tree.delete_with_user(self.user) self.assertGreater(self.plot.updated_at, self.initial_updated)
def test_delete_tree_sets_updated(self): tree = Tree(diameter=10, plot=self.plot, instance=self.instance) tree.save_with_user(self.user) self.plot.refresh_from_db() self.inital_updated = self.plot.updated_at tree.delete_with_user(self.fellow) self.plot.refresh_from_db() self.assertGreater(self.plot.updated_at, self.initial_updated) self.assertEqual(self.plot.updated_by, self.fellow)
def test_basic_audit(self): p = Point(-8515222.0, 4953200.0) plot = Plot(geom=p, instance=self.instance) plot.save_with_user(self.user1) self.assertAuditsEqual([ self.make_audit(plot.pk, 'id', None, str(plot.pk), model='Plot'), self.make_audit(plot.pk, 'readonly', None, 'False', model='Plot'), self.make_audit( plot.pk, 'geom', None, str(plot.geom), model='Plot') ], plot.audits()) t = Tree(plot=plot, instance=self.instance, readonly=True) t.save_with_user(self.user1) expected_audits = [ self.make_audit(t.pk, 'id', None, str(t.pk)), self.make_audit(t.pk, 'readonly', None, True), self.make_audit(t.pk, 'plot', None, plot.pk) ] self.assertAuditsEqual(expected_audits, t.audits()) t.readonly = False t.save_with_user(self.user2) expected_audits.insert( 0, self.make_audit(t.pk, 'readonly', 'True', 'False', action=Audit.Type.Update, user=self.user2)) self.assertAuditsEqual(expected_audits, t.audits()) old_pk = t.pk t.delete_with_user(self.user1) expected_audits.insert( 0, self.make_audit(old_pk, None, None, None, action=Audit.Type.Delete, user=self.user1)) self.assertAuditsEqual( expected_audits, Audit.audits_for_model('Tree', self.instance, old_pk))
def test_basic_audit(self): p = Point(-8515222.0, 4953200.0) plot = Plot(geom=p, instance=self.instance) plot.save_with_user(self.user1) self.assertAuditsEqual([ self.make_audit(plot.pk, 'id', None, str(plot.pk), model='Plot'), self.make_audit(plot.pk, 'readonly', None, 'False', model='Plot'), self.make_audit(plot.pk, 'geom', None, str(plot.geom), model='Plot')], plot.audits()) t = Tree(plot=plot, instance=self.instance, readonly=True) t.save_with_user(self.user1) expected_audits = [ self.make_audit(t.pk, 'id', None, str(t.pk)), self.make_audit(t.pk, 'readonly', None, True), self.make_audit(t.pk, 'plot', None, plot.pk)] self.assertAuditsEqual(expected_audits, t.audits()) t.readonly = False t.save_with_user(self.user2) expected_audits.insert( 0, self.make_audit(t.pk, 'readonly', 'True', 'False', action=Audit.Type.Update, user=self.user2)) self.assertAuditsEqual(expected_audits, t.audits()) old_pk = t.pk t.delete_with_user(self.user1) expected_audits.insert( 0, self.make_audit(old_pk, None, None, None, action=Audit.Type.Delete, user=self.user1)) self.assertAuditsEqual( expected_audits, Audit.audits_for_model('Tree', self.instance, old_pk))
class UserRoleModelPermissionTest(MultiUserTestCase): def setUp(self): super(UserRoleModelPermissionTest, self).setUp() self.plot = Plot(geom=self.p1, instance=self.instance) self.plot.save_with_user(self.direct_user) self.tree = Tree(plot=self.plot, instance=self.instance) self.tree.save_with_user(self.direct_user) def _change_user_role(self, user, role): iuser = user.get_instance_user(self.instance) iuser.role = role iuser.save_with_user(self.commander_user) def test_save_new_object_authorized_officer(self): ''' Save two new objects with authorized user, nothing should happen''' plot = Plot(geom=self.p1, instance=self.instance) plot.save_with_user(self.direct_user) tree = Tree(plot=plot, instance=self.instance) tree.save_with_user(self.direct_user) def test_save_new_object_authorized_conjurer(self): ''' Save two new objects with authorized user, nothing should happen''' plot = Plot(geom=self.p1, instance=self.instance) plot.save_with_user(self.conjurer_user) tree = Tree(plot=plot, instance=self.instance) tree.save_with_user(self.conjurer_user) def test_save_new_object_unauthorized_outlaw(self): plot = Plot(geom=self.p1, instance=self.instance) self.assertRaises(AuthorizeException, plot.save_with_user, self.outlaw_user) plot.save_base() tree = Tree(plot=plot, instance=self.instance) self.assertRaises(AuthorizeException, tree.save_with_user, self.outlaw_user) def test_save_new_object_unauthorized_tweaker(self): plot = Plot(geom=self.p1, instance=self.instance) self.assertRaises(AuthorizeException, plot.save_with_user, self.tweaker_user) plot.save_base() tree = Tree(plot=plot, instance=self.instance) self.assertRaises(AuthorizeException, tree.save_with_user, self.tweaker_user) def test_assign_commander_role_can_delete(self): with self.assertRaises(AuthorizeException): self.tree.delete_with_user(self.outlaw_user) self._change_user_role( self.outlaw_user, make_commander_role(self.tree.get_instance())) self.tree.delete_with_user(self.outlaw_user) self.assertEqual(Tree.objects.count(), 0) def test_delete_object(self): with self.assertRaises(AuthorizeException): self.tree.delete_with_user(self.outlaw_user) self.tree.delete_with_user(self.commander_user) with self.assertRaises(AuthorizeException): self.plot.delete_with_user(self.outlaw_user, cascade=True) self.plot.delete_with_user(self.commander_user, cascade=True) def test_delete_object_you_created(self): outlaw_role = self.outlaw_user.get_role(self.instance) self._change_user_role(self.direct_user, outlaw_role) self.tree.delete_with_user(self.direct_user) self.plot.delete_with_user(self.direct_user, cascade=True)
class UserRoleFieldPermissionTest(OTMTestCase): def setUp(self): self.p1 = Point(-8515941.0, 4953519.0) self.instance = make_instance(point=self.p1) self.commander = make_commander_user(self.instance) self.officer = make_officer_user(self.instance) self.observer = make_observer_user(self.instance) self.outlaw = make_user_with_default_role(self.instance, 'outlaw') self.plot = Plot(geom=self.p1, instance=self.instance) self.plot.save_with_user(self.officer) self.tree = Tree(plot=self.plot, instance=self.instance) self.tree.save_with_user(self.officer) def test_no_permission_cant_edit_object(self): self.plot.length = 10 self.assertRaises(AuthorizeException, self.plot.save_with_user, self.outlaw) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.tree.diameter = 10 self.assertRaises(AuthorizeException, self.tree.save_with_user, self.outlaw) self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) def test_readonly_cant_edit_object(self): self.plot.length = 10 self.assertRaises(AuthorizeException, self.plot.save_with_user, self.observer) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.tree.diameter = 10 self.assertRaises(AuthorizeException, self.tree.save_with_user, self.observer) self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) def test_writeperm_allows_write(self): self.plot.length = 10 self.plot.save_with_user(self.officer) self.assertEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.tree.diameter = 10 self.tree.save_with_user(self.officer) self.assertEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) def test_save_new_object_authorized(self): '''Save two new objects with authorized user, nothing should happen''' plot = Plot(geom=self.p1, instance=self.instance) plot.save_with_user(self.officer) tree = Tree(plot=plot, instance=self.instance) tree.save_with_user(self.officer) def test_save_new_object_unauthorized(self): plot = Plot(geom=self.p1, instance=self.instance) self.assertRaises(AuthorizeException, plot.save_with_user, self.outlaw) plot.save_base() tree = Tree(plot=plot, instance=self.instance) self.assertRaises(AuthorizeException, tree.save_with_user, self.outlaw) def test_make_administrator_can_delete(self): with self.assertRaises(AuthorizeException): self.tree.delete_with_user(self.outlaw) iuser = self.outlaw.get_instance_user(self.instance) role = Role.objects.create(instance=self.instance, name=Role.ADMINISTRATOR, rep_thresh=0) iuser.role = role iuser.save_with_user(self.commander) self.tree.delete_with_user(self.outlaw) self.assertEqual(Tree.objects.count(), 0) def test_delete_object(self): with self.assertRaises(AuthorizeException): self.tree.delete_with_user(self.outlaw) with self.assertRaises(AuthorizeException): self.plot.delete_with_user(self.outlaw, cascade=True) with self.assertRaises(AuthorizeException): self.tree.delete_with_user(self.officer) with self.assertRaises(AuthorizeException): self.plot.delete_with_user(self.officer, cascade=True) self.tree.delete_with_user(self.commander) self.plot.delete_with_user(self.commander, cascade=True) def test_masking_authorized(self): "When masking with a superuser, nothing should happen" self.plot.width = 5 self.plot.save_with_user(self.commander) plot = Plot.objects.get(pk=self.plot.pk) plot.mask_unauthorized_fields(self.commander) self.assertEqual(self.plot.width, plot.width) def test_masking_unauthorized(self): "Masking changes an unauthorized field to None" self.plot.width = 5 self.plot.save_base() plot = Plot.objects.get(pk=self.plot.pk) plot.mask_unauthorized_fields(self.observer) self.assertEqual(None, plot.width) plot = Plot.objects.get(pk=self.plot.pk) plot.mask_unauthorized_fields(self.outlaw) self.assertEqual(None, plot.width) def test_masking_whole_queryset(self): "Masking also works on entire querysets" self.plot.width = 5 self.plot.save_base() plots = Plot.objects.filter(pk=self.plot.pk) plot = Plot.mask_queryset(plots, self.observer)[0] self.assertEqual(None, plot.width) def test_write_fails_if_any_fields_cant_be_written(self): """ If a user tries to modify several fields simultaneously, only some of which s/he has access to, the write will fail for all fields.""" self.plot.length = 10 self.plot.width = 110 self.assertRaises(AuthorizeException, self.plot.save_with_user, self.officer) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).width, 110) self.tree.diameter = 10 self.tree.canopy_height = 110 self.assertRaises(AuthorizeException, self.tree.save_with_user, self.officer) self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).canopy_height, 110)
class UserRoleFieldPermissionTest(OTMTestCase): def setUp(self): self.p1 = Point(-8515941.0, 4953519.0) self.instance = make_instance(point=self.p1) self.commander = make_commander_user(self.instance) self.officer = make_officer_user(self.instance) self.observer = make_observer_user(self.instance) self.outlaw = make_user_with_default_role(self.instance, 'outlaw') self.plot = Plot(geom=self.p1, instance=self.instance) self.plot.save_with_user(self.officer) self.tree = Tree(plot=self.plot, instance=self.instance) self.tree.save_with_user(self.officer) def test_no_permission_cant_edit_object(self): self.plot.length = 10 self.assertRaises(AuthorizeException, self.plot.save_with_user, self.outlaw) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.tree.diameter = 10 self.assertRaises(AuthorizeException, self.tree.save_with_user, self.outlaw) self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) def test_readonly_cant_edit_object(self): self.plot.length = 10 self.assertRaises(AuthorizeException, self.plot.save_with_user, self.observer) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.tree.diameter = 10 self.assertRaises(AuthorizeException, self.tree.save_with_user, self.observer) self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) def test_writeperm_allows_write(self): self.plot.length = 10 self.plot.save_with_user(self.officer) self.assertEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.tree.diameter = 10 self.tree.save_with_user(self.officer) self.assertEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) def test_save_new_object_authorized(self): '''Save two new objects with authorized user, nothing should happen''' plot = Plot(geom=self.p1, instance=self.instance) plot.save_with_user(self.officer) tree = Tree(plot=plot, instance=self.instance) tree.save_with_user(self.officer) def test_save_new_object_unauthorized(self): plot = Plot(geom=self.p1, instance=self.instance) self.assertRaises(AuthorizeException, plot.save_with_user, self.outlaw) plot.save_base() tree = Tree(plot=plot, instance=self.instance) self.assertRaises(AuthorizeException, tree.save_with_user, self.outlaw) def test_make_administrator_can_delete(self): with self.assertRaises(AuthorizeException): self.tree.delete_with_user(self.outlaw) iuser = self.outlaw.get_instance_user(self.instance) role = Role.objects.create(instance=self.instance, name=Role.ADMINISTRATOR, rep_thresh=0) iuser.role = role iuser.save_with_user(self.commander) self.tree.delete_with_user(self.outlaw) self.assertEqual(Tree.objects.count(), 0) def test_delete_object(self): with self.assertRaises(AuthorizeException): self.tree.delete_with_user(self.outlaw) with self.assertRaises(AuthorizeException): self.plot.delete_with_user(self.outlaw, cascade=True) with self.assertRaises(AuthorizeException): self.tree.delete_with_user(self.officer) with self.assertRaises(AuthorizeException): self.plot.delete_with_user(self.officer, cascade=True) self.tree.delete_with_user(self.commander) self.plot.delete_with_user(self.commander, cascade=True) def test_masking_authorized(self): "When masking with a superuser, nothing should happen" self.plot.width = 5 self.plot.save_with_user(self.commander) plot = Plot.objects.get(pk=self.plot.pk) plot.mask_unauthorized_fields(self.commander) self.assertEqual(self.plot.width, plot.width) def test_masking_unauthorized(self): "Masking changes an unauthorized field to None" self.plot.width = 5 self.plot.save_base() plot = Plot.objects.get(pk=self.plot.pk) plot.mask_unauthorized_fields(self.observer) self.assertEqual(None, plot.width) plot = Plot.objects.get(pk=self.plot.pk) plot.mask_unauthorized_fields(self.outlaw) self.assertEqual(None, plot.width) def test_masking_whole_queryset(self): "Masking also works on entire querysets" self.plot.width = 5 self.plot.save_base() plots = Plot.objects.filter(pk=self.plot.pk) plot = Plot.mask_queryset(plots, self.observer)[0] self.assertEqual(None, plot.width) def test_write_fails_if_any_fields_cant_be_written(self): """ If a user tries to modify several fields simultaneously, only some of which s/he has access to, the write will fail for all fields.""" self.plot.length = 10 self.plot.width = 110 self.assertRaises(AuthorizeException, self.plot.save_with_user, self.officer) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).width, 110) self.tree.diameter = 10 self.tree.canopy_height = 110 self.assertRaises(AuthorizeException, self.tree.save_with_user, self.officer) self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) self.assertNotEqual( Tree.objects.get(pk=self.tree.pk).canopy_height, 110)