def test_get_xform_list_other_user_with_readonly_role(self): request = self.factory.get('/') response = self.view(request) alice_data = {'username': '******', 'email': '*****@*****.**'} alice_profile = self._create_user_profile(alice_data) ReadOnlyRole.add(alice_profile.user, self.xform) self.assertTrue( ReadOnlyRole.user_has_role(alice_profile.user, self.xform) ) auth = DigestAuth('alice', 'bobbob') request.META.update(auth(request.META, response)) response = self.view(request) self.assertEqual(response.status_code, 200) content = response.render().content self.assertNotIn(self.xform.id_string, content) self.assertEqual( content, '<?xml version="1.0" encoding="utf-8"?>\n<xforms ' 'xmlns="http://openrosa.org/xforms/xformsList"></xforms>') self.assertTrue(response.has_header('X-OpenRosa-Version')) self.assertTrue( response.has_header('X-OpenRosa-Accept-Content-Length')) self.assertTrue(response.has_header('Date')) self.assertEqual(response['Content-Type'], 'text/xml; charset=utf-8')
def test_project_users_get_readonly_role_on_add_form(self): self._project_create() alice_data = {'username': '******', 'email': '*****@*****.**'} alice_profile = self._create_user_profile(alice_data) ReadOnlyRole.add(alice_profile.user, self.project) self.assertTrue(ReadOnlyRole.user_has_role(alice_profile.user, self.project)) self._publish_xls_form_to_project() self.assertTrue(ReadOnlyRole.user_has_role(alice_profile.user, self.xform)) self.assertFalse(OwnerRole.user_has_role(alice_profile.user, self.xform))
def save(self, **kwargs): if self.remove: self.remove_user() else: role = ROLES.get(self.role) if role and self.user and self.project: role.add(self.user, self.project) # add readonly role to forms under the project for xform in self.project.xform_set.all(): ReadOnlyRole.add(self.user, xform)
def set_project_perms_to_xform(xform, project): if project.shared != xform.shared: xform.shared = project.shared xform.shared_data = project.shared xform.save() for perm in get_object_users_with_permissions(project): user = perm['user'] if user != xform.created_by: ReadOnlyRole.add(user, xform) else: OwnerRole.add(user, xform)
def test_form_list_filter_by_user(self): # publish bob's form self._publish_xls_form_to_project() previous_user = self.user alice_data = {'username': '******', 'email': '*****@*****.**'} self._login_user_and_profile(extra_post_data=alice_data) self.assertEqual(self.user.username, 'alice') self.assertNotEqual(previous_user, self.user) ReadOnlyRole.add(self.user, self.xform) view = XFormViewSet.as_view({ 'get': 'retrieve' }) request = self.factory.get('/', **self.extra) response = view(request, pk=self.xform.pk) bobs_form_data = response.data # publish alice's form self._publish_xls_form_to_project() request = self.factory.get('/', **self.extra) response = self.view(request) self.assertNotEqual(response.get('Last-Modified'), None) self.assertEqual(response.status_code, 200) # should be both bob's and alice's form self.assertEqual(sorted(response.data), sorted([bobs_form_data, self.form_data])) # apply filter, see only bob's forms request = self.factory.get('/', data={'owner': 'bob'}, **self.extra) response = self.view(request) self.assertNotEqual(response.get('Last-Modified'), None) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [bobs_form_data]) # apply filter, see only alice's forms request = self.factory.get('/', data={'owner': 'alice'}, **self.extra) response = self.view(request) self.assertNotEqual(response.get('Last-Modified'), None) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [self.form_data]) # apply filter, see a non existent user request = self.factory.get('/', data={'owner': 'noone'}, **self.extra) response = self.view(request) self.assertEqual(response.status_code, 200) self.assertNotEqual(response.get('Last-Modified'), None) self.assertEqual(response.data, [])
def test_form_list_filter_by_user(self): # publish bob's form self._publish_xls_form_to_project() previous_user = self.user alice_data = {'username': '******', 'email': '*****@*****.**'} self._login_user_and_profile(extra_post_data=alice_data) self.assertEqual(self.user.username, 'alice') self.assertNotEqual(previous_user, self.user) ReadOnlyRole.add(self.user, self.xform) view = XFormViewSet.as_view({'get': 'retrieve'}) request = self.factory.get('/', **self.extra) response = view(request, pk=self.xform.pk) bobs_form_data = response.data # publish alice's form self._publish_xls_form_to_project() request = self.factory.get('/', **self.extra) response = self.view(request) self.assertNotEqual(response.get('Last-Modified'), None) self.assertEqual(response.status_code, 200) # should be both bob's and alice's form self.assertEqual(sorted(response.data), sorted([bobs_form_data, self.form_data])) # apply filter, see only bob's forms request = self.factory.get('/', data={'owner': 'bob'}, **self.extra) response = self.view(request) self.assertNotEqual(response.get('Last-Modified'), None) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [bobs_form_data]) # apply filter, see only alice's forms request = self.factory.get('/', data={'owner': 'alice'}, **self.extra) response = self.view(request) self.assertNotEqual(response.get('Last-Modified'), None) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [self.form_data]) # apply filter, see a non existent user request = self.factory.get('/', data={'owner': 'noone'}, **self.extra) response = self.view(request) self.assertEqual(response.status_code, 200) self.assertNotEqual(response.get('Last-Modified'), None) self.assertEqual(response.data, [])
def test_data_list_filter_by_user(self): self._make_submissions() view = DataViewSet.as_view({'get': 'list'}) formid = self.xform.pk bobs_data = _data_list(formid)[0] previous_user = self.user self._create_user_and_login('alice', 'alice') self.assertEqual(self.user.username, 'alice') self.assertNotEqual(previous_user, self.user) ReadOnlyRole.add(self.user, self.xform) # publish alice's form self._publish_transportation_form() self.extra = { 'HTTP_AUTHORIZATION': 'Token %s' % self.user.auth_token} formid = self.xform.pk alice_data = _data_list(formid)[0] request = self.factory.get('/', **self.extra) response = view(request) self.assertEqual(response.status_code, 200) # should be both bob's and alice's form self.assertEqual(sorted(response.data), sorted([bobs_data, alice_data])) # apply filter, see only bob's forms request = self.factory.get('/', data={'owner': 'bob'}, **self.extra) response = view(request) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [bobs_data]) # apply filter, see only alice's forms request = self.factory.get('/', data={'owner': 'alice'}, **self.extra) response = view(request) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [alice_data]) # apply filter, see a non existent user request = self.factory.get('/', data={'owner': 'noone'}, **self.extra) response = view(request) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [])
def test_data_list_filter_by_user(self): self._make_submissions() view = DataViewSet.as_view({'get': 'list'}) formid = self.xform.pk bobs_data = _data_list(formid)[0] previous_user = self.user self._create_user_and_login('alice', 'alice') self.assertEqual(self.user.username, 'alice') self.assertNotEqual(previous_user, self.user) ReadOnlyRole.add(self.user, self.xform) # publish alice's form self._publish_transportation_form() self.extra = {'HTTP_AUTHORIZATION': 'Token %s' % self.user.auth_token} formid = self.xform.pk alice_data = _data_list(formid)[0] request = self.factory.get('/', **self.extra) response = view(request) self.assertEqual(response.status_code, 200) # should be both bob's and alice's form self.assertEqual(sorted(response.data), sorted([bobs_data, alice_data])) # apply filter, see only bob's forms request = self.factory.get('/', data={'owner': 'bob'}, **self.extra) response = view(request) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [bobs_data]) # apply filter, see only alice's forms request = self.factory.get('/', data={'owner': 'alice'}, **self.extra) response = view(request) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [alice_data]) # apply filter, see a non existent user request = self.factory.get('/', data={'owner': 'noone'}, **self.extra) response = view(request) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [])
def test_project_filter_by_owner(self): self._project_create() alice_data = {'username': '******', 'email': '*****@*****.**'} self._login_user_and_profile(alice_data) ReadOnlyRole.add(self.user, self.project) view = ProjectViewSet.as_view({ 'get': 'retrieve' }) request = self.factory.get('/', **self.extra) response = view(request, pk=self.project.pk) updated_project_data = response.data self._project_create({'name': 'another project'}) # both bob's and alice's projects request = self.factory.get('/', **self.extra) response = self.view(request) self.assertEqual(response.status_code, 200) self.assertIn(updated_project_data, response.data) self.assertIn(self.project_data, response.data) # only bob's project request = self.factory.get('/', {'owner': 'bob'}, **self.extra) response = self.view(request) self.assertEqual(response.status_code, 200) self.assertIn(updated_project_data, response.data) self.assertNotIn(self.project_data, response.data) # only alice's project request = self.factory.get('/', {'owner': 'alice'}, **self.extra) response = self.view(request) self.assertEqual(response.status_code, 200) self.assertNotIn(updated_project_data, response.data) self.assertIn(self.project_data, response.data) # none existent user request = self.factory.get('/', {'owner': 'noone'}, **self.extra) response = self.view(request) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [])
def test_reassign_role(self): self._publish_transportation_form() alice = self._create_user('alice', 'alice') self.assertFalse(ManagerRole.user_has_role(alice, self.xform)) ManagerRole.add(alice, self.xform) self.assertTrue(ManagerRole.user_has_role(alice, self.xform)) self.assertTrue( ManagerRole.has_role(perms_for(alice, self.xform), self.xform)) ReadOnlyRole.add(alice, self.xform) self.assertFalse(ManagerRole.user_has_role(alice, self.xform)) self.assertTrue(ReadOnlyRole.user_has_role(alice, self.xform)) self.assertFalse( ManagerRole.has_role(perms_for(alice, self.xform), self.xform)) self.assertTrue( ReadOnlyRole.has_role(perms_for(alice, self.xform), self.xform))
def test_reassign_role(self): self._publish_transportation_form() alice = self._create_user('alice', 'alice') self.assertFalse(ManagerRole.user_has_role(alice, self.xform)) ManagerRole.add(alice, self.xform) self.assertTrue(ManagerRole.user_has_role(alice, self.xform)) self.assertTrue(ManagerRole.has_role( perms_for(alice, self.xform), self.xform)) ReadOnlyRole.add(alice, self.xform) self.assertFalse(ManagerRole.user_has_role(alice, self.xform)) self.assertTrue(ReadOnlyRole.user_has_role(alice, self.xform)) self.assertFalse(ManagerRole.has_role( perms_for(alice, self.xform), self.xform)) self.assertTrue(ReadOnlyRole.has_role( perms_for(alice, self.xform), self.xform))
def test_get_xform_list_other_user_with_readonly_role(self): request = self.factory.get('/') response = self.view(request) alice_data = {'username': '******', 'email': '*****@*****.**'} alice_profile = self._create_user_profile(alice_data) ReadOnlyRole.add(alice_profile.user, self.xform) self.assertTrue( ReadOnlyRole.user_has_role(alice_profile.user, self.xform)) auth = DigestAuth('alice', 'bobbob') request.META.update(auth(request.META, response)) response = self.view(request) self.assertEqual(response.status_code, 200) content = response.render().content self.assertNotIn(self.xform.id_string, content) self.assertEqual( content, '<?xml version="1.0" encoding="utf-8"?>\n<xforms ' 'xmlns="http://openrosa.org/xforms/xformsList"></xforms>') self.assertTrue(response.has_header('X-OpenRosa-Version')) self.assertTrue( response.has_header('X-OpenRosa-Accept-Content-Length')) self.assertTrue(response.has_header('Date')) self.assertEqual(response['Content-Type'], 'text/xml; charset=utf-8')
def test_project_share_endpoint(self, mock_send_mail): # create project and publish form to project self._publish_xls_form_to_project() alice_data = {'username': '******', 'email': '*****@*****.**'} alice_profile = self._create_user_profile(alice_data) projectid = self.project.pk ROLES = [ReadOnlyRole, DataEntryRole, EditorRole, ManagerRole, OwnerRole] for role_class in ROLES: self.assertFalse(role_class.user_has_role(alice_profile.user, self.project)) data = {'username': '******', 'role': role_class.name, 'email_msg': 'I have shared the project with you'} request = self.factory.post('/', data=data, **self.extra) view = ProjectViewSet.as_view({ 'post': 'share' }) response = view(request, pk=projectid) self.assertEqual(response.status_code, 204) self.assertTrue(mock_send_mail.called) self.assertTrue(role_class.user_has_role(alice_profile.user, self.project)) self.assertTrue(ReadOnlyRole.user_has_role(alice_profile.user, self.xform)) # Reset the mock called value to False mock_send_mail.called = False data = {'username': '******', 'role': ''} request = self.factory.post('/', data=data, **self.extra) response = view(request, pk=projectid) self.assertEqual(response.status_code, 400) self.assertEqual(response.get('Last-Modified'), None) self.assertFalse(mock_send_mail.called) role_class._remove_obj_permissions(alice_profile.user, self.project)