def __init__(self, *args, **kwargs): for ac_role in role.get_ac_roles_for(self.type).values(): AccessControlList( object=self, ac_role=ac_role, ) super(Roleable, self).__init__(*args, **kwargs)
def _check_propagated_acl(self, exp_admin_ids, exp_member_ids): """Check that roles were propagated properly. Args: exp_admin_ids: Test people data indexes who should get Admin role. exp_member_ids: Test people data indexes who should get Member role. """ workflow = Workflow.query.filter(Workflow.slug == self.wf_slug).one() task_group = TaskGroup.query.filter( TaskGroup.workflow_id == workflow.id, TaskGroup.slug == self.tg_slug).one() acl = AccessControlList.eager_query().filter( AccessControlList.object_type == TaskGroup.__name__, AccessControlList.object_id == task_group.id).all() actual_admins = [ a.person.email for a in acl if a.ac_role.name.startswith("Admin*") ] expected_admins = [self.user_emails[i] for i in exp_admin_ids] self.assertItemsEqual(actual_admins, expected_admins) actual_members = [ a.person.email for a in acl if a.ac_role.name.startswith("Workflow Member*") ] expected_members = [self.user_emails[i] for i in exp_member_ids] self.assertItemsEqual(actual_members, expected_members)
def _check_propagated_acl(self, exp_admin_ids, exp_member_ids): """Check that roles were propagated properly. Args: exp_admin_ids: Test people data indexes who should get Admin role. exp_member_ids: Test people data indexes who should get Member role. """ workflow = Workflow.query.filter(Workflow.slug == self.wf_slug).one() task_group = TaskGroup.query.filter( TaskGroup.workflow_id == workflow.id, TaskGroup.slug == self.tg_slug ).one() acl = AccessControlList.eager_query().filter( AccessControlList.object_type == TaskGroup.__name__, AccessControlList.object_id == task_group.id ).all() actual_admins = [a.person.email for a in acl if a.ac_role.name == "Admin Mapped"] expected_admins = [self.user_emails[i] for i in exp_admin_ids] self.assertItemsEqual(actual_admins, expected_admins) actual_members = [a.person.email for a in acl if a.ac_role.name == "Workflow Member Mapped"] expected_members = [self.user_emails[i] for i in exp_member_ids] self.assertItemsEqual(actual_members, expected_members)
def _add_values(self, values): """Attach new custom role values to current object.""" for ac_role, person in values: AccessControlList( object=self, person=person, ac_role=ac_role )
def clone_acls(self, audit): """Clone acl roles like auditors and audit captains Args: audit: Audit instance """ for acl in audit.access_control_list: data = { "person": acl.person, "ac_role": acl.ac_role, "object": self, "context": acl.context, } new_acl = AccessControlList(**data) db.session.add(new_acl)
def _check_propagated_acl(self, exp_admin_ids, exp_member_ids): """Check that roles were propagated properly. Args: exp_admin_ids: Test people data indexes who should get Admin role. exp_member_ids: Test people data indexes who should get Member role. """ workflow = Workflow.query.filter(Workflow.slug == self.wf_slug).one() task_group = TaskGroup.query.filter( TaskGroup.workflow_id == workflow.id, TaskGroup.slug == self.tg_slug ).one() acl = AccessControlList.eager_query().filter( AccessControlList.object_type == TaskGroup.__name__, AccessControlList.object_id == task_group.id ).all() propagated_admins = [acl for a in acl if a.ac_role.name.startswith("Admin*")] self.assertEqual(len(propagated_admins), 1) propagated_members = [acl for a in acl if a.ac_role.name.startswith("Workflow Member*")] self.assertEqual(len(propagated_members), 1)