def test_get_layers(self, server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface,
'qgisserver1',
21781,
dbsession
)
test_layers = test_data['layers']
expected = {
'public_group': [test_layers['public_group']],
'public_layer': [test_layers['public_group'],
test_layers['public_layer']],
'private_layer1': [test_layers['private_layer1']],
'private_layer2': [test_layers['private_layer2']],
'pg3': [test_layers['private_group3']],
'pl3': [test_layers['private_group3'],
test_layers['private_layer3']],
}
layers = ogcserver_accesscontrol.get_layers()
assert set(expected.keys()) == set(layers.keys())
for key in expected.keys():
assert set(expected[key]) == set(layers[key])
def test_get_restriction_areas(self, server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface,
'qgisserver1',
21781,
dbsession
)
test_layers = test_data['layers']
test_roles = test_data['roles']
assert (Access.FULL, None) == ogcserver_accesscontrol.get_restriction_areas(
(test_layers['private_layer1'],),
rw=True,
roles='ROOT')
for layer_names, rw, role_names, expected in (
(('private_layer1',), False, ('role1',), (Access.AREA, [area1])),
(('private_layer3',), False, ('role1',), (Access.AREA, [area1])),
):
layers = [test_layers[layer_name] for layer_name in layer_names]
roles = [test_roles[role_name] for role_name in role_names]
ras = ogcserver_accesscontrol.get_restriction_areas(layers, rw, roles)
assert expected == ras, (
'get_restriction_areas with {} should return {}'.
format((layer_names, rw, role_names), expected))
def test_ogc_layer_name(self, server_iface, dbsession):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", 21781, dbsession)
for layer_name, expected in (("private_layer1", "private_layer1"),
("private_layer3", "pl3")):
layer = QgsProject.instance().mapLayersByName(layer_name)[0]
assert expected == ogcserver_accesscontrol.ogc_layer_name(layer)
def test_cache_key(server_iface, DBSession,
test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", "no_project", 21781,
lambda: dbsession)
set_request_parameters(server_iface, {"USER_ID": "0"},
{"HTTP_HOST": "example.com"})
assert "0" == server_iface.requestHandler().parameter("USER_ID")
assert "example.com--1" == ogcserver_accesscontrol.cacheKey()
user = test_data["users"]["user12"]
role1 = test_data["roles"]["role1"]
role2 = test_data["roles"]["role2"]
set_request_parameters(
server_iface,
{
"USER_ID": str(user["id"]),
"ROLE_IDS": "{},{}".format(role1["id"], role2["id"]),
},
{"HTTP_HOST": "example.com"},
)
expected = "example.com-{},{}".format(role1["id"], role2["id"])
assert expected == ogcserver_accesscontrol.cacheKey()
def test_get_layers(self, server_iface, DBSession): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "unavailable", "no_project", 21781,
lambda: dbsession)
assert ogcserver_accesscontrol.get_layers(dbsession) == {}
def test_get_restriction_areas(self, server_iface, DBSession,
test_data): # noqa: ignore=N803
from c2cgeoportal_commons.models.main import LayerWMS, Role
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", "no_project", 21781,
lambda: dbsession)
assert (Access.FULL,
None) == ogcserver_accesscontrol.get_restriction_areas(
dbsession.query(LayerWMS).filter(
LayerWMS.name == "private_layer1").one(),
read_write=True,
roles="ROOT",
)
for layer_names, rw, role_names, expected in (
(("private_layer1", ), False, ("role1", ), (Access.AREA, [area1])),
(("private_layer3", ), False, ("role1", ), (Access.AREA, [area1])),
):
layers = [
dbsession.query(LayerWMS).filter(
LayerWMS.name == layer_name).one()
for layer_name in layer_names
]
roles = [
dbsession.query(Role).filter(Role.name == role_name).one()
for role_name in role_names
]
ras = ogcserver_accesscontrol.get_restriction_areas(
layers, rw, roles)
assert expected == ras, "get_restriction_areas with {} should return {}".format(
(layer_names, rw, role_names), expected)
def test_allow_to_edit(self, server_iface, DBSession,
test_data2): # noqa: ignore=N803
session = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver", "no_project", 21781, lambda: session)
ogcserver_accesscontrol.project = test_data2["project"]
for user_name, expected, geometry in [
["user_no_access", False, geom_in],
["user_full_access", True, geom_in],
["user_area_access", True, geom_in],
["user_no_access", False, geom_intersects],
["user_full_access", True, geom_intersects],
["user_area_access", True, geom_intersects],
["user_no_access", False, geom_out],
["user_full_access", True, geom_out],
["user_area_access", False, geom_out],
]:
user = test_data2["users"][user_name]
set_request_parameters(
server_iface,
{
"USER_ID": str(user["id"]),
"ROLE_IDS": ",".join([str(e) for e in user["role_ids"]])
},
)
layer = test_data2["project"].mapLayersByName("private_layer")[0]
feature = QgsFeature()
geom = QgsGeometry()
geom.fromWkb(geometry.wkb)
feature.setGeometry(geom)
result = ogcserver_accesscontrol.allowToEdit(layer, feature)
assert expected == result, "allowToEdit with '{}', should return '{}'.".format(
user_name, expected)
def test_get_area(self, server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface,
'qgisserver1',
21781,
dbsession
)
for user_name, layer_name, expected in [
('root', layer_name, (Access.FULL, None))
for layer_name in (
'public_layer',
'private_layer1',
'private_layer2',
'private_layer3',
)
] + [
('user1', 'public_layer', (Access.FULL, None)),
('user1', 'private_layer1', (Access.AREA, area1.wkt)),
('user1', 'private_layer2', (Access.NO, None)),
('user1', 'private_layer3', (Access.AREA, area1.wkt)),
]:
user = test_data['users'][user_name]
set_request_parameters(server_iface, {
'USER_ID': str(user.id)
})
layer = QgsProject.instance().mapLayersByName(layer_name)[0]
result = ogcserver_accesscontrol.get_area(layer)
assert expected == result, (
'get_area with "{}", "{}" should return {}'.
format(user_name, layer_name, expected))
def test_init(self, server_iface, DBSession,
test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", "no_project", 21781,
lambda: dbsession)
assert ogcserver_accesscontrol.ogcserver.name == "qgisserver1"
def test_layer_permissions(self, server_iface, DBSession, test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "unavailable", "no_project", 21781, lambda: dbsession
)
for user_name, layer_name, expected in (
(
"user1",
"public_layer",
{"canDelete": False, "canInsert": False, "canRead": False, "canUpdate": False},
),
(
"user12",
"private_layer2",
{"canDelete": False, "canInsert": False, "canRead": False, "canUpdate": False},
),
):
user = test_data["users"][user_name]
set_request_parameters(server_iface, {"USER_ID": str(user["id"])})
layer = test_data["project"].mapLayersByName(layer_name)[0]
permissions = ogcserver_accesscontrol.layerPermissions(layer)
for key, value in expected.items():
assert value == getattr(permissions, key)
def test_get_roles(self, server_iface, DBSession, test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", "no_project", 21781, lambda: dbsession
)
set_request_parameters(server_iface, {"USER_ID": "0"})
assert "ROOT" == ogcserver_accesscontrol.get_roles(dbsession)
test_users = test_data["users"]
test_roles = test_data["roles"]
for user_name, expected_role_names in (
("user1", ("role1",)),
("user12", ("role1", "role2")),
):
set_request_parameters(
server_iface,
{
"USER_ID": str(test_users[user_name]["id"]),
"ROLE_IDS": ",".join([str(test_roles[r]["id"]) for r in expected_role_names]),
},
)
expected_roles = {
test_roles[expected_role_name]["id"] for expected_role_name in expected_role_names
}
assert expected_roles == {role.id for role in ogcserver_accesscontrol.get_roles(dbsession)}
def test_cache_key(server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface,
'qgisserver1',
21781,
dbsession
)
set_request_parameters(server_iface, {
'Host': 'example.com',
'USER_ID': '0'
})
assert '0' == server_iface.requestHandler().parameter("USER_ID")
assert 'example.com' == server_iface.requestHandler().parameter("Host")
assert 'example.com--1' == ogcserver_accesscontrol.cacheKey()
user = test_data['users']['user12']
set_request_parameters(server_iface, {
'Host': 'example.com',
'USER_ID': str(user.id)
})
role1 = test_data['roles']['role1']
role2 = test_data['roles']['role2']
expected = 'example.com-{}'.format(','.join([str(role1.id), str(role2.id)]))
assert expected == ogcserver_accesscontrol.cacheKey()
def test_ogc_layer_with_wms_use_layer_ids(self, server_iface, DBSession, test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", "no_project", 21781, lambda: dbsession
)
layer = test_data["project"].mapLayersByName("private_layer1")[0]
assert layer.id() == ogcserver_accesscontrol.ogc_layer_name(layer)
def test_get_area(self, server_iface, DBSession,
test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", "no_project", 21781,
lambda: dbsession)
ogcserver_accesscontrol.project = test_data["project"]
for user_name, layer_name, expected in [
("root", layer_name, (Access.FULL, None))
for layer_name in ("public_layer", "private_layer1",
"private_layer2", "private_layer3")
] + [
("user1", "public_layer", (Access.FULL, None)),
("user1", "private_layer1", (Access.AREA, area1.wkt)),
("user1", "private_layer2", (Access.NO, None)),
("user1", "private_layer3", (Access.AREA, area1.wkt)),
]:
user = test_data["users"][user_name]
set_request_parameters(
server_iface,
{
"USER_ID": str(user["id"]),
"ROLE_IDS": ",".join([str(r) for r in user["role_ids"]])
},
)
layer = test_data["project"].mapLayersByName(layer_name)[0]
access, area = ogcserver_accesscontrol.get_area(layer, dbsession)
assert expected == (
access,
area.wkt if area else None,
), 'get_area with "{}", "{}" should return {}'.format(
user_name, layer_name, expected)
def test_layer_permissions(server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, 'qgisserver1', 21781, dbsession)
for user_name, layer_name, expected in (
('user1', 'public_layer', {
'canDelete': False,
'canInsert': False,
'canRead': True,
'canUpdate': False
}),
('user1', 'private_layer1', {
'canDelete': False,
'canInsert': False,
'canRead': True,
'canUpdate': False
}),
('user12', 'private_layer2', {
'canDelete': True,
'canInsert': True,
'canRead': True,
'canUpdate': True
}),
):
user = test_data['users'][user_name]
set_request_parameters(server_iface, {'USER_ID': str(user.id)})
layer = QgsProject.instance().mapLayersByName(layer_name)[0]
permissions = ogcserver_accesscontrol.layerPermissions(layer)
for key, value in expected.items():
assert value == getattr(permissions, key)
def test_init(self, server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface,
'qgisserver1',
21781,
dbsession
)
assert ogcserver_accesscontrol.ogcserver is test_data['ogc_servers']['qgisserver1']
def test_ogc_layer_with_wms_use_layer_ids(self, server_iface, dbsession):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface,
'qgisserver1',
21781,
dbsession
)
layer = QgsProject.instance().mapLayersByName('private_layer1')[0]
assert layer.id() == ogcserver_accesscontrol.ogc_layer_name(layer)
def test_ogc_layer_name(self, server_iface, DBSession, test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", "no_project", 21781, lambda: dbsession
)
for layer_name, expected in (
("private_layer1", "private_layer1"),
("private_layer3", "pl3"),
):
layer = test_data["project"].mapLayersByName(layer_name)[0]
assert expected == ogcserver_accesscontrol.ogc_layer_name(layer)
def test_layer_filter_subset_string(self, server_iface, DBSession, test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "unavailable", "no_project", 21781, lambda: dbsession
)
for user_name, layer_name, expected in (
("user1", "public_layer", "FALSE"),
("user12", "private_layer2", "FALSE"),
):
user = test_data["users"][user_name]
set_request_parameters(server_iface, {"USER_ID": str(user["id"])})
layer = test_data["project"].mapLayersByName(layer_name)[0]
assert ogcserver_accesscontrol.layerFilterSubsetString(layer) == expected
def test_get_roles(self, server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", 21781, dbsession)
set_request_parameters(server_iface, {"USER_ID": "0"})
assert "ROOT" == ogcserver_accesscontrol.get_roles()
test_users = test_data["users"]
test_roles = test_data["roles"]
for user_name, expected_role_names in (("user1", ("role1", )),
("user12", ("role1", "role2"))):
set_request_parameters(server_iface,
{"USER_ID": str(test_users[user_name].id)})
expected_roles = {
test_roles[expected_role_name]
for expected_role_name in expected_role_names
}
assert expected_roles == set(ogcserver_accesscontrol.get_roles())
def test_layer_permissions(server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", 21781, dbsession)
for user_name, layer_name, expected in (
(
"user1",
"public_layer",
{
"canDelete": False,
"canInsert": False,
"canRead": True,
"canUpdate": False
},
),
(
"user1",
"private_layer1",
{
"canDelete": False,
"canInsert": False,
"canRead": True,
"canUpdate": False
},
),
(
"user12",
"private_layer2",
{
"canDelete": True,
"canInsert": True,
"canRead": True,
"canUpdate": True
},
),
):
user = test_data["users"][user_name]
set_request_parameters(server_iface, {"USER_ID": str(user.id)})
layer = QgsProject.instance().mapLayersByName(layer_name)[0]
permissions = ogcserver_accesscontrol.layerPermissions(layer)
for key, value in expected.items():
assert value == getattr(permissions, key)
def test_get_layers(self, server_iface, DBSession, test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", "no_project", 21781, lambda: dbsession
)
expected = {
"public_group": ["public_group"],
"public_layer": ["public_group", "public_layer"],
"private_layer1": ["private_layer1"],
"private_layer2": ["private_layer2"],
"pg3": ["private_group3"],
"pl3": ["private_group3", "private_layer3"],
}
layers = ogcserver_accesscontrol.get_layers(dbsession)
assert set(expected.keys()) == set(layers.keys())
for key in expected.keys():
assert set(expected[key]) == {layer.name for layer in layers[key]}
def test_get_area(self, server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", 21781, dbsession)
for user_name, layer_name, expected in [
("root", layer_name, (Access.FULL, None))
for layer_name in ("public_layer", "private_layer1",
"private_layer2", "private_layer3")
] + [
("user1", "public_layer", (Access.FULL, None)),
("user1", "private_layer1", (Access.AREA, area1.wkt)),
("user1", "private_layer2", (Access.NO, None)),
("user1", "private_layer3", (Access.AREA, area1.wkt)),
]:
user = test_data["users"][user_name]
set_request_parameters(server_iface, {"USER_ID": str(user.id)})
layer = QgsProject.instance().mapLayersByName(layer_name)[0]
result = ogcserver_accesscontrol.get_area(layer)
assert expected == result, 'get_area with "{}", "{}" should return {}'.format(
user_name, layer_name, expected)
def test_get_roles(self, server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, 'qgisserver1', 21781, dbsession)
set_request_parameters(server_iface, {'USER_ID': '0'})
assert 'ROOT' == ogcserver_accesscontrol.get_roles()
test_users = test_data['users']
test_roles = test_data['roles']
for user_name, expected_role_names in (
('user1', ('role1', )),
('user12', ('role1', 'role2')),
):
set_request_parameters(server_iface,
{'USER_ID': str(test_users[user_name].id)})
expected_roles = {
test_roles[expected_role_name]
for expected_role_name in expected_role_names
}
assert expected_roles == set(ogcserver_accesscontrol.get_roles())
def test_get_layers(self, server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", 21781, dbsession)
test_layers = test_data["layers"]
expected = {
"public_group": [test_layers["public_group"]],
"public_layer":
[test_layers["public_group"], test_layers["public_layer"]],
"private_layer1": [test_layers["private_layer1"]],
"private_layer2": [test_layers["private_layer2"]],
"pg3": [test_layers["private_group3"]],
"pl3":
[test_layers["private_group3"], test_layers["private_layer3"]],
}
layers = ogcserver_accesscontrol.get_layers()
assert set(expected.keys()) == set(layers.keys())
for key in expected.keys():
assert set(expected[key]) == set(layers[key])
def test_get_restriction_areas(self, server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", 21781, dbsession)
test_layers = test_data["layers"]
test_roles = test_data["roles"]
assert (Access.FULL,
None) == ogcserver_accesscontrol.get_restriction_areas(
(test_layers["private_layer1"], ), rw=True, roles="ROOT")
for layer_names, rw, role_names, expected in (
(("private_layer1", ), False, ("role1", ), (Access.AREA, [area1])),
(("private_layer3", ), False, ("role1", ), (Access.AREA, [area1])),
):
layers = [test_layers[layer_name] for layer_name in layer_names]
roles = [test_roles[role_name] for role_name in role_names]
ras = ogcserver_accesscontrol.get_restriction_areas(
layers, rw, roles)
assert expected == ras, "get_restriction_areas with {} should return {}".format(
(layer_names, rw, role_names), expected)
def test_cache_key(server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", 21781, dbsession)
set_request_parameters(server_iface, {
"Host": "example.com",
"USER_ID": "0"
})
assert "0" == server_iface.requestHandler().parameter("USER_ID")
assert "example.com" == server_iface.requestHandler().parameter("Host")
assert "example.com--1" == ogcserver_accesscontrol.cacheKey()
user = test_data["users"]["user12"]
set_request_parameters(server_iface, {
"Host": "example.com",
"USER_ID": str(user.id)
})
role1 = test_data["roles"]["role1"]
role2 = test_data["roles"]["role2"]
expected = "example.com-{}".format(",".join(
[str(role1.id), str(role2.id)]))
assert expected == ogcserver_accesscontrol.cacheKey()
def test_init(self, server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", 21781, dbsession)
assert ogcserver_accesscontrol.ogcserver is test_data["ogc_servers"][
"qgisserver1"]