def test_project_rules():
anonymous = AnonymousUser()
admin_collaborator = UserFactory()
edit_collaborator = UserFactory()
view_collaborator = UserFactory()
public_project = ProjectFactory(
admin_collaborators=[admin_collaborator],
edit_collaborators=[edit_collaborator],
collaborators=[view_collaborator],
private=False,
)
private_project = ProjectFactory(
admin_collaborators=[admin_collaborator],
edit_collaborators=[edit_collaborator],
collaborators=[view_collaborator],
private=True,
)
for user, project, can_view, can_change in [
(anonymous, public_project, True, False),
(anonymous, private_project, False, False),
(admin_collaborator, public_project, True, True),
(admin_collaborator, private_project, True, True),
(edit_collaborator, public_project, True, False),
(edit_collaborator, private_project, True, False),
(view_collaborator, public_project, True, False),
(view_collaborator, private_project, True, False),
]:
assert user.has_perm("projects.view_project", project) is can_view
assert user.has_perm("projects.change_project", project) is can_change
assert user.has_perm("projects.delete_project", project) is can_change
def test_retrieve_staff(self, client):
"""Test retrieving as staff exposes `is_staff`"""
user = UserFactory(is_staff=True)
client.force_authenticate(user=user)
response = client.get("/api/users/me/")
assert response.status_code == status.HTTP_200_OK
response_json = json.loads(response.content)
assert "is_staff" in response_json
def test_retrieve(self, client):
"""Test retrieving a user"""
users = UserFactory.create_batch(2)
OrganizationFactory(members=users)
client.force_authenticate(user=users[0])
response = client.get(f"/api/users/{users[1].pk}/")
assert response.status_code == status.HTTP_200_OK
response_json = json.loads(response.content)
serializer = UserSerializer(users[1])
assert response_json == serializer.data
def test_list_queries(self, client, expand):
"""Queries should be constant"""
small_size = 1
users = UserFactory.create_batch(small_size)
organization = OrganizationFactory(members=users)
client.force_authenticate(user=users[0])
reset_queries()
client.get(f"/api/users/?expand={expand}")
num_queries = len(connection.queries)
size = 10
users = UserFactory.create_batch(size)
for user in users:
Membership.objects.create(user=user, organization=organization)
client.force_authenticate(user=users[0])
reset_queries()
response = client.get(f"/api/users/?expand={expand}")
assert num_queries == len(connection.queries)
assert len(response.json()["results"]) == size + small_size
def test_list(self, client):
"""List users"""
size = 10
users = UserFactory.create_batch(size)
OrganizationFactory(members=users)
client.force_authenticate(user=users[0])
response = client.get("/api/users/")
assert response.status_code == status.HTTP_200_OK
response_json = json.loads(response.content)
assert len(response_json["results"]) == size
def test_create_bad_edit_collaborator(self, client, user):
"""You may not add a collaborator to a project you are just an edit
collaborator on
"""
project = ProjectFactory(edit_collaborators=[user])
other_user = UserFactory()
client.force_authenticate(user=user)
response = client.post(f"/api/projects/{project.pk}/users/",
{"email": other_user.email})
assert response.status_code == status.HTTP_403_FORBIDDEN
def test_list(self, client):
"""List users in a project"""
size = 10
project = ProjectFactory(collaborators=UserFactory.create_batch(size))
client.force_authenticate(user=project.user)
response = client.get(f"/api/projects/{project.pk}/users/")
assert response.status_code == status.HTTP_200_OK
response_json = json.loads(response.content)
# add one for the projects owner
assert len(response_json["results"]) == size + 1
def test_rules():
anonymous = AnonymousUser()
myself = UserFactory()
organization_user = UserFactory()
collaborator = UserFactory()
unknown_user = UserFactory()
OrganizationFactory(members=[myself, organization_user])
ProjectFactory(collaborators=[myself, collaborator])
for user, user_, can_view, can_change in [
(anonymous, organization_user, False, False),
(myself, myself, True, True),
(myself, organization_user, True, False),
(myself, collaborator, True, False),
(myself, unknown_user, False, False),
]:
assert user.has_perm("users.view_user", user_) is can_view
assert user.has_perm("users.change_user", user_) is can_change
def test_rules():
anonymous = AnonymousUser()
public_member = UserFactory()
private_member = UserFactory()
public_organization = OrganizationFactory(private=False,
members=[public_member])
private_organization = OrganizationFactory(private=True,
members=[private_member])
for user, organization, can_view in [
(anonymous, public_organization, True),
(public_member, public_organization, True),
(private_member, public_organization, True),
(anonymous, private_organization, False),
(public_member, private_organization, False),
(private_member, private_organization, True),
]:
assert (user.has_perm("organizations.view_organization", organization)
is can_view)
def test_list_queries(self, client, expand):
"""Queries should be constant"""
small_size = 1
users = UserFactory.create_batch(small_size)
project = ProjectFactory(collaborators=users)
client.force_authenticate(user=project.user)
reset_queries()
client.get(f"/api/projects/{project.pk}/users/?expand={expand}")
num_queries = len(connection.queries)
size = 10
users = UserFactory.create_batch(size)
for user_ in users:
Collaboration.objects.create(user=user_, project=project)
client.force_authenticate(user=project.user)
reset_queries()
response = client.get(
f"/api/projects/{project.pk}/users/?expand={expand}")
assert num_queries == len(connection.queries)
assert len(response.json()["results"]) == size + small_size + 1
def test_list_permissions(self, client):
"""List users you can view"""
# the current user, a user in the same organization, a user in the same
# project, a user with a public document, a user with a private document
users = UserFactory.create_batch(5)
OrganizationFactory(members=users[:2])
ProjectFactory(user=users[0], collaborators=[users[2]])
DocumentFactory(user=users[3], access=Access.public)
DocumentFactory(user=users[4], access=Access.private)
client.force_authenticate(user=users[0])
response = client.get("/api/users/")
assert response.status_code == status.HTTP_200_OK
response_json = json.loads(response.content)
# you can see all users except for the user with a private document
assert len(response_json["results"]) == 4
def setup_solr(django_db_setup, django_db_blocker):
"""Set up the models for the search tests
`django_db_setup` causes pytest to initiate the test database
"""
# pylint: disable=unused-argument
solr = pysolr.Solr(settings.SOLR_URL, auth=settings.SOLR_AUTH)
with django_db_blocker.unblock():
try:
organizations = {}
users = {}
documents = {}
notes = {}
# this enables searching through notes for users in that org
entitlement = OrganizationEntitlementFactory()
for org in ORGANIZATIONS:
if org.pop("entitlement", None) == "org":
org["entitlement"] = entitlement
organizations[org["id"]] = OrganizationFactory(**org)
for user in USERS:
user = user.copy()
org = user.pop("organization")
users[user["id"]] = UserFactory(
membership__organization=organizations[org], **user)
for doc in DOCUMENTS:
doc = doc.copy()
user = doc.pop("user")
org = doc.pop("organization")
documents[doc["id"]] = DocumentFactory(
user=users[user], organization=organizations[org], **doc)
for note in NOTES:
note = note.copy()
user = note.pop("user")
org = note.pop("organization")
doc = note.pop("document")
notes[note["id"]] = NoteFactory(
user=users[user],
organization=organizations[org],
document=documents[doc],
**note,
)
for proj in PROJECTS:
ProjectFactory(
id=proj["id"],
title=proj["title"],
user=users[proj["user"]],
edit_documents=[documents[d] for d in proj["documents"]],
collaborators=[users[a] for a in proj["collaborators"]],
edit_collaborators=[
users[a] for a in proj["edit_collaborators"]
],
)
for doc in documents.values():
solr.add([doc.solr()])
solr.commit()
yield
finally:
Document.objects.all().delete()
Project.objects.all().delete()
User.objects.all().delete()
Organization.objects.all().delete()
solr.delete(q="*:*")
def test_document_rules():
# pylint: disable=too-many-locals
anonymous = AnonymousUser()
owner = UserFactory()
edit_collaborator = UserFactory()
view_collaborator = UserFactory()
no_access_collaborator = UserFactory()
organization_member = UserFactory()
organization = OrganizationFactory(members=[owner, organization_member])
organization_member.organization = organization
public_document = DocumentFactory(user=owner,
organization=organization,
access=Access.public,
title="public")
public_pending_document = DocumentFactory(
user=owner,
organization=organization,
access=Access.public,
status=Status.pending,
title="pending",
)
organization_document = DocumentFactory(user=owner,
organization=organization,
access=Access.organization,
title="org")
private_document = DocumentFactory(user=owner,
organization=organization,
access=Access.private,
title="private")
invisible_document = DocumentFactory(
user=owner,
organization=organization,
access=Access.invisible,
title="invisible",
)
documents = [
public_document,
public_pending_document,
private_document,
organization_document,
invisible_document,
]
ProjectFactory(edit_collaborators=[edit_collaborator],
edit_documents=documents)
ProjectFactory(collaborators=[view_collaborator], edit_documents=documents)
ProjectFactory(collaborators=[no_access_collaborator], documents=documents)
for user, document, can_view, can_change, can_share in [
(anonymous, public_document, True, False, False),
(anonymous, public_pending_document, False, False, False),
(anonymous, organization_document, False, False, False),
(anonymous, private_document, False, False, False),
(anonymous, invisible_document, False, False, False),
(owner, public_document, True, True, True),
(owner, public_pending_document, True, True, True),
(owner, organization_document, True, True, True),
(owner, private_document, True, True, True),
(owner, invisible_document, False, False, False),
(edit_collaborator, public_document, True, False, False),
(edit_collaborator, public_pending_document, True, False, False),
(edit_collaborator, organization_document, True, True, False),
(edit_collaborator, private_document, True, True, False),
(edit_collaborator, invisible_document, False, False, False),
(view_collaborator, public_document, True, False, False),
(view_collaborator, public_pending_document, True, False, False),
(view_collaborator, organization_document, True, False, False),
(view_collaborator, private_document, True, False, False),
(view_collaborator, invisible_document, False, False, False),
(no_access_collaborator, public_document, True, False, False),
(no_access_collaborator, public_pending_document, False, False, False),
(no_access_collaborator, organization_document, False, False, False),
(no_access_collaborator, private_document, False, False, False),
(no_access_collaborator, invisible_document, False, False, False),
(organization_member, public_document, True, True, True),
(organization_member, public_pending_document, True, True, True),
(organization_member, organization_document, True, True, True),
(organization_member, private_document, False, False, False),
(organization_member, invisible_document, False, False, False),
]:
assert (user.has_perm("documents.view_document", document) is
can_view), f"{user.get_full_name()} - {document.title}"
assert (user.has_perm("documents.change_document", document) is
can_change), f"{user.get_full_name()} - {document.title}"
assert (user.has_perm("documents.share_document", document) is
can_share), f"{user.get_full_name()} - {document.title}"
assert (user.has_perm("documents.delete_document", document) is
can_share), f"{user.get_full_name()} - {document.title}"
def test_note_rules():
anonymous = AnonymousUser()
owner = UserFactory(name="owner")
organization_member = UserFactory(name="org")
edit_collaborator = UserFactory(name="edit")
view_collaborator = UserFactory(name="view")
organization = OrganizationFactory(members=[owner, organization_member])
organization_member.organization = organization
public_note = NoteFactory(user=owner,
organization=organization,
access=Access.public,
title="public")
organization_note = NoteFactory(user=owner,
organization=organization,
access=Access.organization,
title="org")
private_note = NoteFactory(user=owner,
organization=organization,
access=Access.private,
title="private")
invisible_note = NoteFactory(
user=owner,
organization=organization,
access=Access.invisible,
title="invisible",
)
documents = [
public_note.document,
organization_note.document,
private_note.document,
invisible_note.document,
]
ProjectFactory(edit_collaborators=[edit_collaborator],
edit_documents=documents)
ProjectFactory(collaborators=[view_collaborator], documents=documents)
for user, note, can_view, can_change in [
(anonymous, public_note, True, False),
(anonymous, organization_note, False, False),
(anonymous, private_note, False, False),
(anonymous, invisible_note, False, False),
(owner, public_note, True, True),
(owner, organization_note, True, True),
(owner, private_note, True, True),
(owner, invisible_note, False, False),
(organization_member, public_note, True, False),
(organization_member, organization_note, False, False),
(organization_member, private_note, False, False),
(organization_member, invisible_note, False, False),
(edit_collaborator, public_note, True, False),
(edit_collaborator, organization_note, False, False),
(edit_collaborator, private_note, False, False),
(edit_collaborator, invisible_note, False, False),
(view_collaborator, public_note, True, False),
(view_collaborator, organization_note, False, False),
(view_collaborator, private_note, False, False),
(view_collaborator, invisible_note, False, False),
]:
assert (user.has_perm("documents.view_note", note) is
can_view), f"{user.get_full_name()} - {note.title}"
assert (user.has_perm("documents.change_note", note) is
can_change), f"{user.get_full_name()} - {note.title}"
assert (user.has_perm("documents.delete_note", note) is
can_change), f"{user.get_full_name()} - {note.title}"
def user():
return UserFactory()