def test_01_create_state(self):
"""User state is correct after creation"""
# check that privileged user was created correctly
self.assertEqual(self.admin.uaccess.user.username, 'admin')
self.assertEqual(self.admin.uaccess.user.first_name, 'administrator')
self.assertTrue(self.admin.is_active)
# start as privileged user
assertUserResourceState(self, self.admin, [], [], [])
# check that unprivileged user was created correctly
self.assertEqual(self.cat.uaccess.user.username, 'cat')
self.assertEqual(self.cat.uaccess.user.first_name, 'not a dog')
self.assertTrue(self.cat.is_active)
# check that user cat owns and holds nothing
assertUserResourceState(self, self.cat, [], [], [])
assertUserGroupState(self, self.cat, [], [], [])
def test_01_create_state(self):
"""User state is correct after creation"""
# check that privileged user was created correctly
self.assertEqual(self.admin.uaccess.user.username, 'admin')
self.assertEqual(self.admin.uaccess.user.first_name, 'administrator')
self.assertTrue(self.admin.is_active)
# start as privileged user
assertUserResourceState(self, self.admin, [], [], [])
# check that unprivileged user was created correctly
self.assertEqual(self.cat.uaccess.user.username, 'cat')
self.assertEqual(self.cat.uaccess.user.first_name, 'not a dog')
self.assertTrue(self.cat.is_active)
# check that user cat owns and holds nothing
assertUserResourceState(self, self.cat, [], [], [])
assertUserGroupState(self, self.cat, [], [], [])
def test_matrix_testing(self):
""" Test that matrix testing routines function as believed """
george = self.george
alva = self.alva
john = self.john
bikes = self.bikes
bikers = self.bikers
harpers = self.harpers
assertResourceUserState(self, bikes, [george], [], [])
assertUserResourceState(self, george, [bikes], [], [])
assertUserResourceState(self, alva, [], [], [])
assertUserResourceState(self, john, [], [], [])
assertUserGroupState(self, george, [harpers, bikers], [], [])
assertUserGroupState(self, alva, [], [], [])
assertUserGroupState(self, john, [], [], [])
george.uaccess.share_resource_with_user(bikes, alva,
PrivilegeCodes.CHANGE)
assertResourceUserState(self, bikes, [george], [alva], [])
assertUserResourceState(self, george, [bikes], [], [])
assertUserResourceState(self, alva, [], [bikes], [])
assertUserResourceState(self, john, [], [], [])
george.uaccess.share_resource_with_user(bikes, john,
PrivilegeCodes.VIEW)
assertResourceUserState(self, bikes, [george], [alva], [john])
assertUserResourceState(self, george, [bikes], [], [])
assertUserResourceState(self, alva, [], [bikes], [])
assertUserResourceState(self, john, [], [], [bikes])
bikes.raccess.immutable = True
bikes.raccess.save()
assertResourceUserState(self, bikes, [george], [],
[alva, john]) # squashes CHANGE
assertUserResourceState(self, george, [bikes], [], [])
# immutable squashes CHANGE
assertUserResourceState(self, alva, [], [], [bikes])
assertUserResourceState(self, john, [], [], [bikes])
assertGroupUserState(self, bikers, [george], [], [])
assertGroupUserState(self, harpers, [george], [], [])
assertUserGroupState(self, george, [bikers, harpers], [], [])
assertUserGroupState(self, alva, [], [], [])
assertUserGroupState(self, john, [], [], [])
george.uaccess.share_group_with_user(bikers, alva,
PrivilegeCodes.CHANGE)
assertGroupUserState(self, bikers, [george], [alva], [])
assertGroupUserState(self, harpers, [george], [], [])
assertUserGroupState(self, george, [bikers, harpers], [], [])
assertUserGroupState(self, alva, [], [bikers], [])
assertUserGroupState(self, john, [], [], [])
george.uaccess.share_group_with_user(bikers, john, PrivilegeCodes.VIEW)
assertGroupUserState(self, bikers, [george], [alva], [john])
assertGroupUserState(self, harpers, [george], [], [])
assertUserGroupState(self, george, [bikers, harpers], [], [])
assertUserGroupState(self, alva, [], [bikers], [])
assertUserGroupState(self, john, [], [], [bikers])
assertResourceGroupState(self, bikes, [], [])
assertGroupResourceState(self, bikers, [], [])
george.uaccess.share_resource_with_group(bikes, bikers,
PrivilegeCodes.CHANGE)
# immutable squashes state
assertResourceGroupState(self, bikes, [], [bikers])
# immutable squashes state
assertGroupResourceState(self, bikers, [], [bikes])
bikes.raccess.immutable = False
bikes.raccess.save()
# without immutable, CHANGE returns
assertResourceGroupState(self, bikes, [bikers], [])
# without immutable, CHANGE returns
assertGroupResourceState(self, bikers, [bikes], [])
def test_share(self):
bikes = self.bikes
harpers = self.harpers
bikers = self.bikers
george = self.george
alva = self.alva
admin = self.admin
john = self.john
assertResourceUserState(self, bikes, [george], [], [])
assertUserResourceState(self, george, [bikes], [], [])
assertUserResourceState(self, alva, [], [], [])
george.uaccess.share_resource_with_user(bikes, alva,
PrivilegeCodes.OWNER)
assertResourceUserState(self, bikes, [george, alva], [], [])
assertUserResourceState(self, george, [bikes], [], [])
assertUserResourceState(self, alva, [bikes], [], [])
# test a user can downgrade (e.g., from OWNER to CHANGE) his/her access
# privilege
alva.uaccess.share_resource_with_user(bikes, alva,
PrivilegeCodes.CHANGE)
assertResourceUserState(self, bikes, [george], [alva], [])
assertUserResourceState(self, george, [bikes], [], [])
assertUserResourceState(self, alva, [], [bikes], [])
# unshare bikes
george.uaccess.unshare_resource_with_user(bikes, alva)
assertResourceUserState(self, bikes, [george], [], [])
assertUserResourceState(self, george, [bikes], [], [])
assertUserResourceState(self, alva, [], [], [])
assertGroupResourceState(self, bikers, [], [])
george.uaccess.share_resource_with_group(bikes, bikers,
PrivilegeCodes.VIEW)
assertGroupResourceState(self, bikers, [], [bikes])
george.uaccess.share_resource_with_group(bikes, harpers,
PrivilegeCodes.CHANGE)
assertGroupResourceState(self, harpers, [bikes], [])
george.uaccess.share_group_with_user(harpers, alva,
PrivilegeCodes.CHANGE)
assertUserGroupState(self, alva, [], [harpers], [])
# isolated from group privilege CHANGE
assertUserResourceState(self, alva, [], [], [])
assertGroupResourceState(self, harpers, [bikes], [])
george.uaccess.unshare_group_with_user(harpers, alva)
# isolated from group privilege CHANGE
assertUserResourceState(self, alva, [], [], [])
george.uaccess.unshare_resource_with_group(bikes, harpers)
assertGroupResourceState(self, harpers, [], [])
# test upgrade privilege by non owners
# let george (owner) grant change privilege to alva (non owner)
george.uaccess.share_resource_with_user(bikes, alva,
PrivilegeCodes.CHANGE)
assertUserResourceState(self, alva, [], [bikes], [])
# let alva (non owner) grant view privilege to john (non owner)
alva.uaccess.share_resource_with_user(bikes, self.john,
PrivilegeCodes.VIEW)
assertUserResourceState(self, john, [], [], [bikes])
assertResourceUserState(self, bikes, [george], [alva], [john])
# let alva (non owner) grant change privilege (upgrade) to john (non
# owner)
alva.uaccess.share_resource_with_user(bikes, self.john,
PrivilegeCodes.CHANGE)
assertUserResourceState(self, john, [], [bikes], [])
assertResourceUserState(self, bikes, [george], [alva, john], [])
# test django admin has ownership permission over any resource when not
# owning a resource
self.assertFalse(admin.uaccess.owns_resource(bikes))
self.assertEqual(bikes.raccess.get_effective_privilege(admin),
PrivilegeCodes.OWNER)
# test django admin can always view/change or delete any resource
self.assertTrue(admin.uaccess.can_view_resource(bikes))
self.assertTrue(admin.uaccess.can_change_resource(bikes))
self.assertTrue(admin.uaccess.can_delete_resource(bikes))
# test django admin can change resource flags
self.assertTrue(admin.uaccess.can_change_resource_flags(bikes))
# test django admin can share any resource with all possible permission
# types
self.assertTrue(
admin.uaccess.can_share_resource(bikes, PrivilegeCodes.OWNER))
self.assertTrue(
admin.uaccess.can_share_resource(bikes, PrivilegeCodes.CHANGE))
self.assertTrue(
admin.uaccess.can_share_resource(bikes, PrivilegeCodes.VIEW))
# test django admin can share a resource with a specific user
admin.uaccess.share_resource_with_user(bikes, alva,
PrivilegeCodes.OWNER)
assertResourceUserState(self, bikes, [george, alva], [john], [])
admin.uaccess.share_resource_with_user(bikes, alva,
PrivilegeCodes.CHANGE)
assertResourceUserState(self, bikes, [george], [john, alva], [])
admin.uaccess.share_resource_with_user(bikes, alva,
PrivilegeCodes.VIEW)
assertResourceUserState(self, bikes, [george], [john], [alva])
# test django admin can unshare a resource with a specific user
admin.uaccess.unshare_resource_with_user(bikes, alva)
assertResourceUserState(self, bikes, [george], [john], [])
# test django admin can share a group with a user
self.assertEqual(bikers.gaccess.members.count(), 1)
self.assertFalse(admin.uaccess.owns_group(bikers))
admin.uaccess.share_group_with_user(bikers, alva, PrivilegeCodes.OWNER)
self.assertEqual(alva.uaccess.owned_groups.count(), 1)
self.assertEqual(bikers.gaccess.members.count(), 2)
# test django admin can share resource with a group
self.assertFalse(
admin.uaccess.can_share_resource_with_group(
bikes, harpers, PrivilegeCodes.OWNER))
self.assertTrue(
admin.uaccess.can_share_resource_with_group(
bikes, harpers, PrivilegeCodes.CHANGE))
admin.uaccess.share_resource_with_group(bikes, harpers,
PrivilegeCodes.CHANGE)
self.assertTrue(bikes in harpers.gaccess.edit_resources)
self.assertTrue(
admin.uaccess.can_share_resource_with_group(
bikes, harpers, PrivilegeCodes.VIEW))
admin.uaccess.share_resource_with_group(bikes, harpers,
PrivilegeCodes.VIEW)
self.assertTrue(bikes in harpers.gaccess.view_resources)
# test django admin can unshare a user with a group
self.assertTrue(admin.uaccess.can_unshare_group_with_user(
bikers, alva))
admin.uaccess.unshare_group_with_user(bikers, alva)
self.assertTrue(bikers.gaccess.members.count(), 1)
self.assertEqual(alva.uaccess.owned_groups.count(), 0)