Exemple #1
0
    def test_no_exc_with_user_permissions(self):
        u = User.testing_create()
        ap = Permission.testing_create()
        dp = Permission.testing_create()
        u.assign_permissions([ap.id], [dp.id])
        db.sess.commit()

        resp = self.tam.get('/users/permissions/{0}'.format(u.id))
        assert b'<h1>Permissions for: ' in resp

        d = resp.pyq
        assert str(d('td.approved a[href="/users/edit/{0}"]'.format(u.id)))
        assert str(d('td.denied a[href="/users/edit/{0}"]'.format(u.id)))
Exemple #2
0
    def test_no_exc_with_group_permissions(self):
        g = Group.testing_create()
        ap = Permission.testing_create()
        dp = Permission.testing_create()
        g.assign_permissions([ap.id], [dp.id])
        u = User.testing_create(groups=g)

        resp = self.tam.get('/users/permissions/{0}'.format(u.id))
        assert b'<h1>Permissions for: ' in resp

        d = resp.pyq
        db.sess.add(g)
        assert str(d('td.approved a[href="/groups/edit/{0}"]'.format(g.id)))
        assert str(d('td.denied a[href="/groups/edit/{0}"]'.format(g.id)))
    def test_ok(self):
        # add another user so that we can be sure we are not deleting the
        # user the Client is currently logged in as, which would cause a 302
        user_id = create_user_with_permissions().id
        # add a group so we get 200s when working with it instead of 302s
        group_id = Group.add(name=u'TestUsersManage.test_ok-group').id
        # get a list of permissions (there should be at least one) so we have a real id
        permission_id = Permission.pairs('id:name', Permission.name)[0][0]

        routes = (
            '/users/add',
            '/users/login',
            '/users/recover-password',
            '/users/change-password',
            '/users/edit/%s' % user_id,
            '/users/manage',
            '/users/permissions/%s' % user_id,
            '/groups/add',
            '/groups/edit/%s' % group_id,
            '/groups/manage',
            '/permissions/manage',
            '/permissions/edit/%s' % permission_id,
        )
        for route in routes:
            yield self.check_code, 200, route

        routes = (
            '/users/delete/%s' % user_id,
            '/groups/delete/%s' % group_id,
        )

        for route in routes:
            yield self.check_code, 302, route
Exemple #4
0
    def testing_create(cls,
                       loginid=None,
                       approved_perms=[],
                       denied_perms=[],
                       reset_required=False,
                       groups=[]):
        # use the hierarchy to find the Permission in case the app has changed
        # it
        from compstack.auth.model.orm import Permission

        login_id = loginid or randchars()
        email_address = '*****@*****.**' % login_id
        password = randchars(15)

        appr_perm_ids = []
        denied_perm_ids = []
        # create the permissions
        for perm in tolist(approved_perms):
            p = Permission.get_by(name=perm)
            if p is None:
                raise ValueError('permission %s does not exist' % perm)
            appr_perm_ids.append(p.id)
        for perm in tolist(denied_perms):
            p = Permission.get_by(name=perm)
            if p is None:
                raise ValueError('permission %s does not exist' % perm)
            denied_perm_ids.append(p.id)

        u = cls.add(
            login_id=login_id,
            email_address=email_address,
            password=password,
            reset_required=reset_required,
            # don't let the update method set reset_required
            pass_reset_ok=False,
            approved_permissions=appr_perm_ids,
            denied_permissions=denied_perm_ids,
            # not quite sure why these are needed, they should default, but I
            # ran into an issue when testing that would throw SAValidation
            # errors up when I leave them out.
            inactive_flag=False,
            super_user=False,
        )
        u.groups.extend(tolist(groups))
        db.sess.commit()
        u.text_password = password
        return u
Exemple #5
0
    def test_fields_saved(self):
        ap = Permission.get_by(name=u'users-test1').id
        dp = Permission.get_by(name=u'users-test2').id
        gp = Group.get_by(name=u'test-group') or Group.add_iu(
            name=u'test-group',
            approved_permissions=[],
            denied_permissions=[],
            assigned_users=[])
        gp = gp.id
        topost = {
            'login_id': 'usersavedsu',
            'password': '******',
            'email_address': '*****@*****.**',
            'password-confirm': 'testtest',
            'email': '*****@*****.**',
            'user-submit-flag': 'submitted',
            'approved_permissions': ap,
            'denied_permissions': dp,
            'assigned_groups': gp,
            'super_user': 1,
            'inactive_flag': False,
            'inactive_date': '',
            'name_first': '',
            'name_last': ''
        }
        req, r = self.c.post('users/add', data=topost, follow_redirects=True)
        assert r.status_code == 200, r.status
        assert b'User added' in r.data
        assert req.url.endswith('users/manage')

        user = User.get_by_email(u'*****@*****.**')
        assert user.login_id == 'usersavedsu'
        assert user.reset_required
        assert user.super_user
        assert user.pass_hash
        assert user.groups[0].name == 'test-group'
        assert len(user.groups) == 1

        found = 3
        for permrow in user.permission_map:
            if permrow['permission_name'] == u'users-test1':
                assert permrow['resulting_approval']
                found -= 1
            if permrow['permission_name'] in (u'users-test2', u'auth-manage'):
                assert not permrow['resulting_approval']
                found -= 1
        assert found == 0
Exemple #6
0
    def test_perm_changes(self):
        p1 = Permission.get_by(name=u'prof-test-1').id
        p2 = Permission.get_by(name=u'prof-test-2').id

        # add user to group
        user = User.get(self.userid)
        gp = Group.add_iu(name=u'test-group',
                          approved_permissions=[],
                          denied_permissions=[],
                          assigned_users=[user.id]).id

        r = self.c.post('users/profile', data=self.get_to_post())
        assert r.status_code == 200, r.status
        user = User.get(self.userid)
        approved, denied = user.assigned_permission_ids
        assert p1 in approved
        assert p2 in denied
        assert gp in [g.id for g in user.groups]
Exemple #7
0
    def test_user_permission_map_groups(self):
        # test group perms map
        perm_map = User.get(self.user.id).permission_map_groups

        assert not Permission.get_by(name=u'ugp_approved').id in perm_map
        assert not Permission.get_by(name=u'ugp_not_approved').id in perm_map

        assert len(perm_map[self.perm_approved_grp.id]['approved']) == 1
        assert perm_map[self.perm_approved_grp.id]['approved'][0]['id'] == self.g1.id
        assert len(perm_map[self.perm_approved_grp.id]['denied']) == 0

        assert len(perm_map[self.perm_denied.id]['approved']) == 1
        assert perm_map[self.perm_denied.id]['approved'][0]['id'] == self.g1.id
        assert len(perm_map[self.perm_denied.id]['denied']) == 0

        assert len(perm_map[self.perm_denied_grp.id]['approved']) == 1
        assert perm_map[self.perm_denied_grp.id]['approved'][0]['id'] == self.g1.id
        assert len(perm_map[self.perm_denied_grp.id]['denied']) == 1
        assert perm_map[self.perm_denied_grp.id]['denied'][0]['id'] == self.g2.id
Exemple #8
0
 def assign_permissions_by_name(cls,
                                group_name,
                                approved_perm_list=[],
                                denied_perm_list=[]):
     # Note: this function is a wrapper for assign_permissions and will commit db trans
     from compstack.auth.model.orm import Permission
     group = cls.get_by(name=six.text_type(group_name))
     approved_perm_ids = [
         item.id for item in [
             Permission.get_by(name=six.text_type(perm))
             for perm in tolist(approved_perm_list)
         ]
     ]
     denied_perm_ids = [
         item.id for item in [
             Permission.get_by(name=six.text_type(perm))
             for perm in tolist(denied_perm_list)
         ]
     ]
     group.assign_permissions(approved_perm_ids, denied_perm_ids)
Exemple #9
0
    def setup_class(cls):
        permissions = [
            'ugp_approved_grp', 'ugp_not_approved', 'ugp_denied_grp']

        for permission in permissions:
            Permission.add(name=six.text_type(permission))

        cls.user = create_user_with_permissions(u'ugp_approved', u'ugp_denied')
        cls.user2 = create_user_with_permissions(u'ugp_approved')
        cls.g1 = Group.add(name=u'ugp_g1')
        cls.g2 = Group.add(name=u'ugp_g2')
        Group.assign_permissions_by_name(u'ugp_g1', (u'ugp_approved_grp', u'ugp_denied',
                                                     u'ugp_denied_grp'))
        Group.assign_permissions_by_name(u'ugp_g2', None, u'ugp_denied_grp')
        cls.user.groups.append(cls.g1)
        cls.user.groups.append(cls.g2)
        db.sess.commit()

        cls.perm_approved_grp = Permission.get_by(name=u'ugp_approved_grp')
        cls.perm_denied = Permission.get_by(name=u'ugp_denied')
        cls.perm_denied_grp = Permission.get_by(name=u'ugp_denied_grp')
Exemple #10
0
 def add_user_permissions_section(self):
     hel = self.add_header('user_permissions_header', 'User Permissions')
     perm_opts = orm_Permission.pairs('id:name', orm_Permission.name)
     gel = self.add_mselect('approved_permissions',
                            perm_opts,
                            'Approved',
                            choose=None)
     gel = self.add_mselect('denied_permissions',
                            perm_opts,
                            'Denied',
                            choose=None)
     return hel, gel
Exemple #11
0
    def add_group_permissions_section(self):
        self.add_header('group_permissions_header', 'Group Permissions')

        perm_opts = orm_Permission.pairs('id:name', orm_Permission.name)
        self.add_mselect('approved_permissions',
                         perm_opts,
                         'Approved',
                         choose=None)

        self.add_mselect('denied_permissions',
                         perm_opts,
                         'Denied',
                         choose=None)
Exemple #12
0
def create_user_with_permissions(approved_perms=None,
                                 denied_perms=None,
                                 super_user=False):
    from compstack.auth.model.orm import User, Permission

    appr_perm_ids = []
    denied_perm_ids = []
    # create the permissions
    for perm in tolist(approved_perms):
        p = Permission.get_by(name=perm)
        if p is None:
            raise ValueError('permission %s does not exist' % perm)
        appr_perm_ids.append(p.id)
    for perm in tolist(denied_perms):
        p = Permission.get_by(name=perm)
        if p is None:
            raise ValueError('permission %s does not exist' % perm)
        denied_perm_ids.append(p.id)

    # create the user
    username = u'user_for_testing_%s' % randchars(15)
    password = randchars(15)
    user = User.add(login_id=username,
                    email_address=u'*****@*****.**' % username,
                    password=password,
                    super_user=super_user,
                    assigned_groups=[],
                    approved_permissions=appr_perm_ids,
                    denied_permissions=denied_perm_ids)

    # turn login flag off
    user.reset_required = False
    db.sess.commit()

    # make text password available
    user.text_password = password

    return user
Exemple #13
0
 def test_perms_legit(self):
     p = Permission.get_by(name=u'users-test1')
     perm = [str(p.id)]
     topost = {
         'login_id': 'newuser',
         'password': '******',
         'email_address': '*****@*****.**',
         'password-confirm': 'testtest',
         'email': '*****@*****.**',
         'user-submit-flag': 'submitted',
         'approved_permissions': perm,
         'denied_permissions': perm
     }
     r = self.c.post('users/add', data=topost)
     assert r.status_code == 200, r.status
     assert b'Denied: you can not approve and deny the same permission' in r.data
     assert b'Approved: you can not approve and deny the same permission' in r.data
Exemple #14
0
    def test_permissions_manage_paging(self):
        x = Permission.testing_create()
        y = Permission.testing_create()

        r = self.c.get('/permissions/manage?onpage=2&perpage=1')

        db.sess.add(x)
        db.sess.add(y)
        Permission.delete(x.id)
        Permission.delete(y.id)

        assert b'<h2>Manage Permissions</h2>' in r.data
Exemple #15
0
def action_30_base_data():
    if Permission:
        Permission.add_iu(name=u'webapp-controlpanel')
Exemple #16
0
def action_30_perms():
    Permission.add_iu(name=u'widget-delete')
Exemple #17
0
def action_40_test_data():
    Permission.add_iu(name=u'ugp_approved')
    Permission.add_iu(name=u'ugp_denied')
    Permission.add_iu(name=u'users-test1')
    Permission.add_iu(name=u'users-test2')
    Permission.add_iu(name=u'prof-test-1')
    Permission.add_iu(name=u'prof-test-2')
Exemple #18
0
def test_permission_get_by_name():
    p = Permission.add_iu(name=u'permission_for_testing_%s' % randchars(15))
    assert Permission.get_by(name=p.name).id == p.id
Exemple #19
0
def test_permission_unique():
    p1 = Permission.add_iu(name=u'test unique permission name')
    p2 = Permission.add_iu(name=u'test unique permission name')
    assert p1 and p2 is None
Exemple #20
0
def action_30_base_data():
    Permission.add_iu(name=u'auth-manage')
Exemple #21
0
    def test_fields_saved(self):
        ap = Permission.get_by(name=u'users-test1').id
        dp = Permission.get_by(name=u'users-test2').id
        gp = Group.get_by(name=u'test-group') or Group.add_iu(
            name=u'test-group',
            approved_permissions=[],
            denied_permissions=[],
            assigned_users=[])
        gp = gp.id
        topost = {
            'login_id': 'usersaved',
            'email_address': '*****@*****.**',
            'user-submit-flag': 'submitted',
            'approved_permissions': ap,
            'denied_permissions': dp,
            'assigned_groups': gp,
            'super_user': 1,
            'inactive_flag': False,
            'inactive_date': '10/11/2010',
            'name_first': 'test',
            'name_last': 'user',
            'email_notify': 1
        }

        # setup the mock objects so we can test the email getting sent out
        tt = minimock.TraceTracker()
        smtplib.SMTP = minimock.Mock('smtplib.SMTP', tracker=None)
        smtplib.SMTP.mock_returns = minimock.Mock('smtp_connection',
                                                  tracker=tt)

        req, r = self.c.post('users/add', data=topost, follow_redirects=True)
        assert r.status_code == 200, r.status
        assert b'User added' in r.data
        assert req.url.endswith('users/manage')

        mmdump = tt.dump()
        assert 'To: [email protected]' in mmdump
        assert 'You have been added to our system of registered users.' in mmdump
        assert 'user name: usersaved' in mmdump
        assert re.search(r'password: [a-zA-Z0-9]*', mmdump) is not None
        assert re.search(r'password: None', mmdump) is None
        minimock.restore()

        user = User.get_by_email(u'*****@*****.**')
        assert user.login_id == 'usersaved'
        assert user.reset_required
        assert not user.super_user
        assert user.pass_hash
        assert user.groups[0].name == 'test-group'
        assert len(user.groups) == 1
        assert user.inactive_date == datetime.datetime(2010, 10,
                                                       11), user.inactive_date
        assert user.name_first == 'test'
        assert user.name_last == 'user'

        found = 3
        for permrow in user.permission_map:
            if permrow['permission_name'] == u'users-test1':
                assert permrow['resulting_approval']
                found -= 1
            if permrow['permission_name'] in (u'users-test2', u'auth-manage'):
                assert not permrow['resulting_approval']
                found -= 1
        assert found == 0

        # now test an edit
        topost = {
            'login_id': 'usersaved',
            'email_address': '*****@*****.**',
            'user-submit-flag': 'submitted',
            'approved_permissions': dp,
            'denied_permissions': ap,
            'assigned_groups': None,
            'super_user': 1,
            'inactive_flag': False,
            'inactive_date': '10/10/2010',
            'name_first': 'test2',
            'name_last': 'user2',
            'email_notify': 1,
            'password': '******',
            'password-confirm': 'test_new_password'
        }

        # setup the mock objects so we can test the email getting sent out
        tt = minimock.TraceTracker()
        smtplib.SMTP = minimock.Mock('smtplib.SMTP', tracker=None)
        smtplib.SMTP.mock_returns = minimock.Mock('smtp_connection',
                                                  tracker=tt)

        req, r = self.c.post('users/edit/%s' % user.id,
                             data=topost,
                             follow_redirects=True)
        assert b'User edited successfully' in r.data
        assert req.url.endswith('users/manage')

        assert tt.check(
            'Called smtp_connection.sendmail([email protected] '
            'password for this site has been reset'
            '...first successful login...')
        # restore the mocked objects
        minimock.restore()

        mmdump = tt.dump()
        assert 'To: [email protected]' in mmdump
        assert 'Your password for this site has been reset by an administrator.' in mmdump
        assert 'user name: usersaved' in mmdump
        assert re.search(r'password: [a-zA-Z0-9]*', mmdump) is not None
        assert re.search(r'password: None', mmdump) is None
        minimock.restore()

        db.sess.expire(user)
        assert user.login_id == 'usersaved'
        assert user.reset_required
        assert not user.super_user
        assert user.pass_hash
        assert len(user.groups) == 0
        assert user.inactive_date == datetime.datetime(2010, 10,
                                                       10), user.inactive_date
        assert user.name_first == 'test2'
        assert user.name_last == 'user2'

        found = 3
        for permrow in user.permission_map:
            if permrow['permission_name'] == u'users-test2':
                assert permrow['resulting_approval']
                found -= 1
            if permrow['permission_name'] in (u'users-test1', u'auth-manage'):
                assert not permrow['resulting_approval']
                found -= 1
        assert found == 0

        # test edit w/ reset required and email notify (no email sent)
        topost = {
            'login_id': 'usersaved',
            'email_address': '*****@*****.**',
            'user-submit-flag': 'submitted',
            'approved_permissions': dp,
            'denied_permissions': ap,
            'assigned_groups': None,
            'super_user': 1,
            'reset_required': 1,
            'inactive_flag': False,
            'inactive_date': '',
            'name_first': '',
            'name_last': '',
            'email_notify': 1
        }
        req, r = self.c.post('users/edit/%s' % user.id,
                             data=topost,
                             follow_redirects=True)
        assert b'User edited successfully' in r.data
        assert req.url.endswith('users/manage')

        db.sess.expire(user)
        assert user.login_id == 'usersaved'
        assert user.reset_required
        assert not user.super_user
        assert user.pass_hash
        assert len(user.groups) == 0

        # now test a delete
        req, r = self.c.get('users/delete/%s' % user.id, follow_redirects=True)
        assert r.status_code == 200, r.status
        assert b'User deleted' in r.data
        assert req.url.endswith('users/manage')