def test_allow_to_edit(self, server_iface, DBSession,
                           test_data2):  # noqa: ignore=N803
        session = DBSession()
        ogcserver_accesscontrol = OGCServerAccessControl(
            server_iface, "qgisserver", "no_project", 21781, lambda: session)
        ogcserver_accesscontrol.project = test_data2["project"]

        for user_name, expected, geometry in [
            ["user_no_access", False, geom_in],
            ["user_full_access", True, geom_in],
            ["user_area_access", True, geom_in],
            ["user_no_access", False, geom_intersects],
            ["user_full_access", True, geom_intersects],
            ["user_area_access", True, geom_intersects],
            ["user_no_access", False, geom_out],
            ["user_full_access", True, geom_out],
            ["user_area_access", False, geom_out],
        ]:
            user = test_data2["users"][user_name]
            set_request_parameters(
                server_iface,
                {
                    "USER_ID": str(user["id"]),
                    "ROLE_IDS": ",".join([str(e) for e in user["role_ids"]])
                },
            )

            layer = test_data2["project"].mapLayersByName("private_layer")[0]
            feature = QgsFeature()
            geom = QgsGeometry()
            geom.fromWkb(geometry.wkb)
            feature.setGeometry(geom)
            result = ogcserver_accesscontrol.allowToEdit(layer, feature)
            assert expected == result, "allowToEdit with '{}', should return '{}'.".format(
                user_name, expected)
    def test_get_area(self, server_iface, DBSession,
                      test_data):  # noqa: ignore=N803
        dbsession = DBSession()
        ogcserver_accesscontrol = OGCServerAccessControl(
            server_iface, "qgisserver1", "no_project", 21781,
            lambda: dbsession)
        ogcserver_accesscontrol.project = test_data["project"]

        for user_name, layer_name, expected in [
            ("root", layer_name, (Access.FULL, None))
                for layer_name in ("public_layer", "private_layer1",
                                   "private_layer2", "private_layer3")
        ] + [
            ("user1", "public_layer", (Access.FULL, None)),
            ("user1", "private_layer1", (Access.AREA, area1.wkt)),
            ("user1", "private_layer2", (Access.NO, None)),
            ("user1", "private_layer3", (Access.AREA, area1.wkt)),
        ]:
            user = test_data["users"][user_name]
            set_request_parameters(
                server_iface,
                {
                    "USER_ID": str(user["id"]),
                    "ROLE_IDS": ",".join([str(r) for r in user["role_ids"]])
                },
            )
            layer = test_data["project"].mapLayersByName(layer_name)[0]
            access, area = ogcserver_accesscontrol.get_area(layer, dbsession)
            assert expected == (
                access,
                area.wkt if area else None,
            ), 'get_area with "{}", "{}" should return {}'.format(
                user_name, layer_name, expected)
 def test_ogc_layer_with_wms_use_layer_ids(self, server_iface, DBSession,
                                           test_data):  # noqa: ignore=N803
     dbsession = DBSession()
     ogcserver_accesscontrol = OGCServerAccessControl(
         server_iface, "qgisserver1", "no_project", 21781,
         lambda: dbsession)
     ogcserver_accesscontrol.project = test_data["project"]
     layer = test_data["project"].mapLayersByName("private_layer1")[0]
     assert layer.id() == ogcserver_accesscontrol.ogc_layer_name(layer)
    def test_layer_permissions(server_iface, DBSession,
                               test_data):  # noqa: ignore=N803
        dbsession = DBSession()
        ogcserver_accesscontrol = OGCServerAccessControl(
            server_iface, "qgisserver1", "no_project", 21781,
            lambda: dbsession)
        ogcserver_accesscontrol.project = test_data["project"]

        for user_name, layer_name, expected in (
            (
                "user1",
                "public_layer",
                {
                    "canDelete": False,
                    "canInsert": False,
                    "canRead": True,
                    "canUpdate": False
                },
            ),
            (
                "user1",
                "private_layer1",
                {
                    "canDelete": False,
                    "canInsert": False,
                    "canRead": True,
                    "canUpdate": False
                },
            ),
            (
                "user12",
                "private_layer2",
                {
                    "canDelete": True,
                    "canInsert": True,
                    "canRead": True,
                    "canUpdate": True
                },
            ),
        ):
            user = test_data["users"][user_name]
            set_request_parameters(
                server_iface,
                {
                    "USER_ID": str(user["id"]),
                    "ROLE_IDS": ",".join([str(r) for r in user["role_ids"]])
                },
            )
            layer = test_data["project"].mapLayersByName(layer_name)[0]
            permissions = ogcserver_accesscontrol.layerPermissions(layer)
            for key, value in expected.items():
                assert value == getattr(permissions, key)
 def test_ogc_layer_name(self, server_iface, DBSession,
                         test_data):  # noqa: ignore=N803
     dbsession = DBSession()
     ogcserver_accesscontrol = OGCServerAccessControl(
         server_iface, "qgisserver1", "no_project", 21781,
         lambda: dbsession)
     ogcserver_accesscontrol.project = test_data["project"]
     for layer_name, expected in (
         ("private_layer1", "private_layer1"),
         ("private_layer3", "pl3"),
     ):
         layer = test_data["project"].mapLayersByName(layer_name)[0]
         assert expected == ogcserver_accesscontrol.ogc_layer_name(layer)
    def test_get_layers(self, server_iface, DBSession,
                        test_data):  # noqa: ignore=N803
        dbsession = DBSession()
        ogcserver_accesscontrol = OGCServerAccessControl(
            server_iface, "qgisserver1", "no_project", 21781,
            lambda: dbsession)
        ogcserver_accesscontrol.project = test_data["project"]

        expected = {
            "public_group": ["public_group"],
            "public_layer": ["public_group", "public_layer"],
            "private_layer1": ["private_layer1"],
            "private_layer2": ["private_layer2"],
            "pg3": ["private_group3"],
            "pl3": ["private_group3", "private_layer3"],
        }

        layers = ogcserver_accesscontrol.get_layers(dbsession)

        assert set(expected.keys()) == set(layers.keys())
        for key in expected.keys():
            assert set(expected[key]) == {layer.name for layer in layers[key]}