def test_showcase_admin_list_correct_creds(self): ''' Calling showcase admin list by a sysadmin doesn't raise NotAuthorized. ''' a_sysadmin = factories.Sysadmin() context = {'user': a_sysadmin['name'], 'model': None} helpers.call_auth('ckanext_showcase_admin_list', context=context)
def test_showcase_package_association_delete_sysadmin(self): ''' Calling showcase package association create by a sysadmin doesn't raise NotAuthorized. ''' a_sysadmin = factories.Sysadmin() context = {'user': a_sysadmin['name'], 'model': None} helpers.call_auth('ckanext_showcase_package_association_delete', context=context)
def test_showcase_package_association_delete_showcase_admin(self): ''' Calling showcase package association create by a showcase admin doesn't raise NotAuthorized. ''' showcase_admin = factories.User() # Make user a showcase admin helpers.call_action('ckanext_showcase_admin_add', context={}, username=showcase_admin['name']) context = {'user': showcase_admin['name'], 'model': None} helpers.call_auth('ckanext_showcase_package_association_delete', context=context)
def test_user_update_with_no_user_in_context(self): # Make a mock ckan.model.User object. mock_user = factories.MockUser(name='fred') # Make a mock ckan.model object. mock_model = mock.MagicMock() # model.User.get(user_id) should return our mock user. mock_model.User.get.return_value = mock_user # Put the mock model in the context. # This is easier than patching import ckan.model. context = {'model': mock_model} # For this test we're going to have no 'user' in the context. context['user'] = None params = { 'id': mock_user.id, 'name': 'updated_user_name', } result = helpers.call_auth('user_update', context=context, **params) assert result['success'] is False # FIXME: Be nice if this error message was a complete sentence. assert result['msg'] == 'Have to be logged in to edit user'
def test_user_update_user_cannot_update_another_user(self): '''Users should not be able to update other users' accounts.''' # 1. Setup. # Make a mock ckan.model.User object, Fred. fred = factories.MockUser(name='fred') # Make a mock ckan.model object. mock_model = mock.MagicMock() # model.User.get(user_id) should return Fred. mock_model.User.get.return_value = fred # Put the mock model in the context. # This is easier than patching import ckan.model. context = {'model': mock_model} # The logged-in user is going to be Bob, not Fred. context['user'] = '******' # 2. Call the function that's being tested, once only. # Make Bob try to update Fred's user account. params = { 'id': fred.id, 'name': 'updated_user_name', } result = helpers.call_auth('user_update', context=context, **params) # 3. Make assertions about the return value and/or side-effects. assert result['success'] is False # FIXME: This error message should contain Fred's user name not his id. assert result['msg'] == ('User bob not authorized to edit user ' 'fred_user_id')
def test_user_update_user_can_update_herself(self): '''Users should be authorized to update their own accounts.''' # Make a mock ckan.model.User object, Fred. fred = factories.MockUser(name='fred') # Make a mock ckan.model object. mock_model = mock.MagicMock() # model.User.get(user_id) should return our mock user. mock_model.User.get.return_value = fred # Put the mock model in the context. # This is easier than patching import ckan.model. context = {'model': mock_model} # The 'user' in the context has to match fred.name, so that the # auth function thinks that the user being updated is the same user as # the user who is logged-in. context['user'] = fred.name # Make Fred try to update his own user name. params = { 'id': fred.id, 'name': 'updated_user_name', } result = helpers.call_auth('user_update', context=context, **params) assert result is True
def test_user_update_visitor_cannot_update_user(self): '''Visitors should not be able to update users' accounts.''' # Make a mock ckan.model.User object, Fred. fred = factories.MockUser(name='fred') # Make a mock ckan.model object. mock_model = mock.MagicMock() # model.User.get(user_id) should return Fred. mock_model.User.get.return_value = fred # Put the mock model in the context. # This is easier than patching import ckan.model. context = {'model': mock_model} # No user is going to be logged-in. context['user'] = '******' # Make the visitor try to update Fred's user account. params = { 'id': fred.id, 'name': 'updated_user_name', } result = helpers.call_auth('user_update', context=context, **params) assert result['success'] is False # FIXME: This is a terrible error message, containing both 127.0.0.1 # and Fred's user id (not his name). assert result['msg'] == ('User 127.0.0.1 not authorized to edit user ' 'fred_user_id')
def test_dataset_owner_can_delete_issue(self): user = factories.User() org = factories.Organization(user=user) dataset = factories.Dataset(owner_org=org['name']) issue = issue_factories.Issue(user=user, user_id=user['id'], dataset_id=dataset['id']) context = { 'user': user['name'], 'auth_user_obj': user, 'model': model, 'session': model.Session, } helpers.call_auth('issue_delete', context, issue_id=issue['id'], dataset_id=dataset['id'])
def test_user_update_user_can_update_herself(self): '''Users should be authorized to update their own accounts.''' # Make a mock ckan.model.User object, Fred. fred = factories.MockUser(name='fred') # Make a mock ckan.model object. mock_model = mock.MagicMock() # model.User.get(user_id) should return our mock user. mock_model.User.get.return_value = fred # Put the mock model in the context. # This is easier than patching import ckan.model. context = {'model': mock_model} # The 'user' in the context has to match fred.name, so that the # auth function thinks that the user being updated is the same user as # the user who is logged-in. context['user'] = fred.name # Make Fred try to update his own user name. params = { 'id': fred.id, 'name': 'updated_user_name', } result = helpers.call_auth('user_update', context=context, **params) assert result['success'] is True
def test_any_user_can_report_an_issue(object): user = factories.User() context = { 'user': user['name'], 'model': model, } assert_true(helpers.call_auth('issue_report', context=context))
def test_sysadmin_user_can_clear(self): user = factories.User(sysadmin=True) context = {'user': user['name'], 'model': model} response = helpers.call_auth('resource_view_clear', context=context) assert_equals(response, True)
def test_any_user_can_report_spam(object): user = factories.User() context = { 'user': user['name'], 'model': model, } assert_true(helpers.call_auth('issue_report_spam', context=context))
def test_group_show__deleted_group_is_visible_to_its_member(self): fred = factories.User(name='fred') org = factories.Group(users=[fred]) context = {'model': model} context['user'] = '******' ret = helpers.call_auth('group_show', context=context, id=org['name']) assert ret
def test_group_show__deleted_org_is_visible_to_its_member(self): fred = factories.User(name='fred') fred['capacity'] = 'editor' org = factories.Organization(users=[fred]) context = {'model': model} context['user'] = '******' ret = helpers.call_auth('group_show', context=context, id=org['name']) assert ret
def test_authorized_if_user_has_permissions_on_dataset(self): user = factories.User() dataset = factories.Dataset(user=user) context = {'user': user['name'], 'model': core_model} response = helpers.call_auth('package_create_default_resource_views', context=context, package=dataset) assert_equals(response, True)
def test_sysadmin_is_authorized(self): sysadmin = factories.Sysadmin() resource = {'title': 'Resource', 'url': 'http://test', 'format': 'csv'} context = {'user': sysadmin['name'], 'model': core_model} response = helpers.call_auth('resource_create', context=context, **resource) assert_equals(response, True)
def test_package_show__deleted_dataset_is_visible_to_editor(self): fred = factories.User(name='fred') fred['capacity'] = 'editor' org = factories.Organization(users=[fred]) dataset = factories.Dataset(owner_org=org['id'], state='deleted') context = {'model': model} context['user'] = '******' ret = helpers.call_auth('package_show', context=context, id=dataset['name']) assert ret
def test_user_generate_own_apikey(self): fred = factories.MockUser(name='fred') mock_model = mock.MagicMock() mock_model.User.get.return_value = fred # auth_user_obj shows user as logged in for non-anonymous auth # functions context = {'model': mock_model, 'auth_user_obj': fred} context['user'] = fred.name params = { 'id': fred.id, } result = helpers.call_auth('user_generate_apikey', context=context, **params) assert result is True
def test_authorized_if_user_has_permissions_on_dataset(self): user = factories.User() dataset = factories.Dataset(user=user) resource = {'package_id': dataset['id'], 'title': 'Resource', 'url': 'http://test', 'format': 'csv'} context = {'user': user['name'], 'model': core_model} response = helpers.call_auth('resource_create', context=context, **resource) assert_equals(response, True)
def test_issue_owner_can_update_issue(self): issue_owner = factories.User() org = factories.Organization() dataset = factories.Dataset(owner_org=org['name']) issue = issue_factories.Issue(user=issue_owner, user_id=issue_owner['id'], dataset_id=dataset['id']) context = { 'user': issue_owner['name'], 'model': model, } assert_true(helpers.call_auth('issue_update', context, id=issue['id'], dataset_id=dataset['id'], status='open'))
def test_user_invite_delegates_correctly_to_group_member_create(self, gmc): user = factories.User() context = {'user': user['name'], 'model': None, 'auth_user_obj': user} data_dict = {'group_id': 42} gmc.return_value = {'success': False} nose.tools.assert_raises(logic.NotAuthorized, helpers.call_auth, 'user_invite', context=context, **data_dict) gmc.return_value = {'success': True} result = helpers.call_auth('user_invite', context=context, **data_dict) assert result is True
def test_org_editor_can_update_an_issue(self): org_editor = factories.User() org = factories.Organization() helpers.call_action('member_create', object=org_editor['name'], id=org['id'], object_type='user', capacity='editor') dataset = factories.Dataset(owner_org=org['name'], private=True) user = helpers.call_action('get_site_user') issue = issue_factories.Issue(user=user, dataset_id=dataset['id']) context = { 'user': org_editor['name'], 'model': model, } assert_true(helpers.call_auth('issue_update', context, dataset_id=dataset['id']))
def test_user_invite_delegates_correctly_to_group_member_create(self, gmc): user = factories.User() context = { 'user': user['name'], 'model': None, 'auth_user_obj': user } data_dict = {'group_id': 42} gmc.return_value = {'success': False} nose.tools.assert_raises(logic.NotAuthorized, helpers.call_auth, 'user_invite', context=context, **data_dict) gmc.return_value = {'success': True} result = helpers.call_auth('user_invite', context=context, **data_dict) assert result is True
def test_authorized_if_user_has_permissions_on_dataset(self): user = factories.User() dataset = factories.Dataset(user=user) resource = factories.Resource(user=user, package_id=dataset['id']) resource_view = {'resource_id': resource['id'], 'title': u'Resource View', 'view_type': u'image_view', 'image_url': 'url'} context = {'user': user['name'], 'model': core_model} response = helpers.call_auth('resource_view_create', context=context, **resource_view) assert_equals(response, True)
def test_issue_owner_can_update_issue(self): issue_owner = factories.User() org = factories.Organization() dataset = factories.Dataset(owner_org=org['name']) issue = issue_factories.Issue(user=issue_owner, user_id=issue_owner['id'], dataset_id=dataset['id']) context = { 'user': issue_owner['name'], 'model': model, } assert_true( helpers.call_auth('issue_update', context, id=issue['id'], dataset_id=dataset['id'], status='open'))
def test_org_user_can_delete(self): user = factories.User() org_users = [{'name': user['name'], 'capacity': 'editor'}] org = factories.Organization(users=org_users) dataset = factories.Dataset(owner_org=org['id'], resources=[factories.Resource()], user=user) resource_view = factories.ResourceView( resource_id=dataset['resources'][0]['id'] ) context = {'user': user['name'], 'model': model} response = helpers.call_auth('resource_view_delete', context=context, id=resource_view['id']) assert_equals(response, True)
def test_org_editor_can_update_an_issue(self): org_editor = factories.User() org = factories.Organization() helpers.call_action('member_create', object=org_editor['name'], id=org['id'], object_type='user', capacity='editor') dataset = factories.Dataset(owner_org=org['name'], private=True) user = helpers.call_action('get_site_user') issue = issue_factories.Issue(user=user, dataset_id=dataset['id']) context = { 'user': org_editor['name'], 'model': model, } assert_true( helpers.call_auth('issue_update', context, dataset_id=dataset['id']))
def test_org_editor_can_update_an_issue(self): org_editor = factories.User() org = factories.Organization(users=[{ 'name': org_editor['id'], 'capacity': 'editor' }]) dataset = factories.Dataset(owner_org=org['name'], private=True) user = helpers.call_action('get_site_user') issue = issue_factories.Issue(user=user, dataset_id=dataset['id']) context = { 'user': org_editor['name'], 'model': model, } assert_true( helpers.call_auth('issue_update', context, issue_number=issue['number'], dataset_id=dataset['id'], status='open'))
def test_org_editor_can_update_an_issue(self): org_editor = factories.User() org = factories.Organization( users=[{'name': org_editor['id'], 'capacity': 'editor'}] ) dataset = factories.Dataset(owner_org=org['name'], private=True) user = helpers.call_action('get_site_user') issue = issue_factories.Issue(user=user, dataset_id=dataset['id']) context = { 'user': org_editor['name'], 'model': model, } assert_true( helpers.call_auth( 'issue_update', context, issue_number=issue['number'], dataset_id=dataset['id'], status='open' ) )
def test_esd_service_show(self): context = {'user': None, 'model': core_model} response = helpers.call_auth('esd_service_show', context=context, id=1512) assert_equals(response, True)
def test_esd_service_autocomplete(self): context = {'user': None, 'model': core_model} response = helpers.call_auth('esd_service_autocomplete', context=context, q='a') assert_equals(response, True)