def test_user_delete_group(self): george = self.george bikers = self.bikers self.assertTrue( is_equal_to_as_set(george.uaccess.view_groups, [bikers])) george.uaccess.delete_group(bikers) self.assertTrue(is_equal_to_as_set(george.uaccess.view_groups, []))
def test_08_discoverable(self): """Discoverable resources show up in discoverable resource listings""" chewies = self.chewies nobody = self.nobody # test making a resource public self.assertFalse(chewies.raccess.immutable) self.assertFalse(chewies.raccess.public) self.assertFalse(chewies.raccess.published) self.assertFalse(chewies.raccess.discoverable) self.assertTrue(chewies.raccess.shareable) chewies.raccess.discoverable = True chewies.raccess.save() self.assertFalse(chewies.raccess.immutable) self.assertFalse(chewies.raccess.public) self.assertFalse(chewies.raccess.published) self.assertTrue(chewies.raccess.discoverable) self.assertTrue(chewies.raccess.shareable) # discoverable doesn't mean public # TODO: get_public_resources and get_discoverable_resources should be # static methods self.assertTrue( is_equal_to_as_set([], GenericResource.public_resources.all())) self.assertTrue( is_equal_to_as_set([chewies], GenericResource.discoverable_resources.all())) # can 'nobody' see the public resource owned by 'dog' but not # explicitly shared with 'nobody'. self.assertFalse(nobody.uaccess.owns_resource(chewies)) self.assertFalse(nobody.uaccess.can_change_resource(chewies)) self.assertFalse(nobody.uaccess.can_view_resource(chewies))
def test_08_public(self): """Public resources show up in public listings""" chewies = self.chewies nobody = self.nobody self.assertFalse(chewies.raccess.immutable) self.assertFalse(chewies.raccess.public) self.assertFalse(chewies.raccess.published) self.assertFalse(chewies.raccess.discoverable) self.assertTrue(chewies.raccess.shareable) chewies.raccess.public = True chewies.raccess.save() self.assertFalse(chewies.raccess.immutable) self.assertTrue(chewies.raccess.public) self.assertFalse(chewies.raccess.published) self.assertFalse(chewies.raccess.discoverable) self.assertTrue(chewies.raccess.shareable) self.assertTrue( is_equal_to_as_set([chewies], GenericResource.public_resources.all())) self.assertTrue( is_equal_to_as_set([chewies], GenericResource.discoverable_resources.all())) # can 'nobody' see the public resource owned by 'dog' # but not explicitly shared with 'nobody'. self.assertTrue(nobody.uaccess.can_view_resource(chewies)) self.assertFalse(nobody.uaccess.can_change_resource(chewies)) self.assertFalse(nobody.uaccess.owns_resource(chewies))
def test_08_public(self): """Public resources show up in public listings""" chewies = self.chewies nobody = self.nobody self.assertFalse(chewies.raccess.immutable) self.assertFalse(chewies.raccess.public) self.assertFalse(chewies.raccess.published) self.assertFalse(chewies.raccess.discoverable) self.assertTrue(chewies.raccess.shareable) chewies.raccess.public = True chewies.raccess.save() self.assertFalse(chewies.raccess.immutable) self.assertTrue(chewies.raccess.public) self.assertFalse(chewies.raccess.published) self.assertFalse(chewies.raccess.discoverable) self.assertTrue(chewies.raccess.shareable) self.assertTrue( is_equal_to_as_set( [chewies], GenericResource.public_resources.all())) self.assertTrue( is_equal_to_as_set( [chewies], GenericResource.discoverable_resources.all())) # can 'nobody' see the public resource owned by 'dog' # but not explicitly shared with 'nobody'. self.assertTrue(nobody.uaccess.can_view_resource(chewies)) self.assertFalse(nobody.uaccess.can_change_resource(chewies)) self.assertFalse(nobody.uaccess.owns_resource(chewies))
def test_public_resources(self): """ public resources contain those resources that are public and discoverable """ self.dog.uaccess.share_community_with_group(self.pets, self.dogs, PrivilegeCodes.VIEW) self.dog.uaccess.share_community_with_group(self.pets, self.cats, PrivilegeCodes.VIEW) res = self.pets.public_resources self.assertTrue(is_equal_to_as_set(res, [])) self.holes.raccess.public = True self.holes.raccess.discoverable = True self.holes.raccess.save( ) # this avoids regular requirements for "public" res = self.pets.public_resources self.assertTrue(is_equal_to_as_set(res, [self.holes])) for r in res: self.assertEqual(r.public, r.raccess.public) self.assertEqual(r.discoverable, r.raccess.discoverable) self.assertEqual(r.published, r.raccess.published) self.assertEqual(r.group_name, self.dogs.name) self.assertEqual(r.group_id, self.dogs.id) self.posts.raccess.discoverable = True self.posts.raccess.save() res = self.pets.public_resources self.assertTrue(is_equal_to_as_set(res, [self.holes, self.posts])) for r in res: self.assertEqual(r.public, r.raccess.public) self.assertEqual(r.discoverable, r.raccess.discoverable) self.assertEqual(r.published, r.raccess.published) if r.id == self.posts.id: self.assertEqual(r.group_name, self.cats.name) self.assertEqual(r.group_id, self.cats.id) else: self.assertEqual(r.group_name, self.dogs.name) self.assertEqual(r.group_id, self.dogs.id)
def test_01_groups(self): "basic function: groups appear and disappear according to access rules " # flag state self.assertFalse(self.posts.raccess.discoverable) groups = GroupAccess.groups_with_public_resources() self.assertTrue(is_equal_to_as_set([], groups)) # override policies for discoverable data self.posts.raccess.discoverable = True self.posts.raccess.save() # group should appear in list groups = GroupAccess.groups_with_public_resources() self.assertTrue(is_equal_to_as_set([self.cats], groups)) # group should contain a public resource resources = self.cats.gaccess.public_resources self.assertTrue(is_equal_to_as_set([self.posts], resources)) self.bones.raccess.discoverable = True self.bones.raccess.save() # Now group dogs should appear in list groups = GroupAccess.groups_with_public_resources() print(groups) self.assertTrue(is_equal_to_as_set([self.cats, self.dogs], groups)) # group should contain a public resource resources = self.dogs.gaccess.public_resources self.assertTrue(is_equal_to_as_set([self.bones], resources))
def test_user_share_group_with_user(self): george = self.george alva = self.alva bikers = self.bikers self.assertTrue(is_equal_to_as_set(bikers.gaccess.members, [george])) george.uaccess.share_group_with_user(bikers, alva, PrivilegeCodes.VIEW) self.assertTrue( is_equal_to_as_set(bikers.gaccess.members, [george, alva]))
def test_user_share_resource_with_user(self): george = self.george alva = self.alva bikes = self.bikes self.assertTrue(is_equal_to_as_set(alva.uaccess.view_resources, [])) george.uaccess.share_resource_with_user(bikes, alva, PrivilegeCodes.VIEW) self.assertTrue( is_equal_to_as_set(alva.uaccess.view_resources, [bikes]))
def test_user_share_resource_with_group(self): george = self.george bikes = self.bikes bikers = self.bikers self.assertTrue(is_equal_to_as_set(bikers.gaccess.view_resources, [])) george.uaccess.share_resource_with_group(bikes, bikers, PrivilegeCodes.VIEW) self.assertTrue( is_equal_to_as_set(bikers.gaccess.view_resources, [bikes]))
def test_resource_edit_groups(self): george = self.george bikes = self.bikes bikers = self.bikers self.assertTrue(is_equal_to_as_set(bikes.raccess.edit_groups, [])) george.uaccess.share_resource_with_group(bikes, bikers, PrivilegeCodes.CHANGE) self.assertTrue(is_equal_to_as_set(bikes.raccess.edit_groups, [bikers]))
def test_resource_owners(self): george = self.george alva = self.alva bikes = self.bikes self.assertTrue(is_equal_to_as_set(bikes.raccess.owners, [george])) george.uaccess.share_resource_with_user(bikes, alva, PrivilegeCodes.OWNER) self.assertTrue( is_equal_to_as_set(bikes.raccess.owners, [george, alva]))
def test_user_delete_group(self): george = self.george bikers = self.bikers self.assertTrue( is_equal_to_as_set( george.uaccess.view_groups, [bikers])) george.uaccess.delete_group(bikers) self.assertTrue(is_equal_to_as_set(george.uaccess.view_groups, []))
def test_user_create_group(self): george = self.george bikers = self.bikers self.assertTrue( is_equal_to_as_set(george.uaccess.view_groups, [bikers])) foo = george.uaccess.create_group(title='Foozball', description="We are the foozball") self.assertTrue( is_equal_to_as_set(george.uaccess.view_groups, [foo, bikers]))
def test_user_share_group_with_user(self): george = self.george alva = self.alva bikers = self.bikers self.assertTrue(is_equal_to_as_set(bikers.gaccess.members, [george])) george.uaccess.share_group_with_user(bikers, alva, PrivilegeCodes.VIEW) self.assertTrue( is_equal_to_as_set( bikers.gaccess.members, [ george, alva]))
def test_user_get_group_unshare_users(self): george = self.george alva = self.alva bikers = self.bikers self.assertTrue( is_equal_to_as_set(george.uaccess.get_group_unshare_users(bikers), [])) george.uaccess.share_group_with_user(bikers, alva, PrivilegeCodes.VIEW) self.assertTrue( is_equal_to_as_set(george.uaccess.get_group_unshare_users(bikers), [alva]))
def test_resource_owners(self): george = self.george alva = self.alva bikes = self.bikes self.assertTrue(is_equal_to_as_set(bikes.raccess.owners, [george])) george.uaccess.share_resource_with_user( bikes, alva, PrivilegeCodes.OWNER) self.assertTrue( is_equal_to_as_set( bikes.raccess.owners, [ george, alva]))
def test_resource_edit_groups(self): george = self.george bikes = self.bikes bikers = self.bikers self.assertTrue(is_equal_to_as_set(bikes.raccess.edit_groups, [])) george.uaccess.share_resource_with_group( bikes, bikers, PrivilegeCodes.CHANGE) self.assertTrue( is_equal_to_as_set( bikes.raccess.edit_groups, [bikers]))
def test_user_share_resource_with_user(self): george = self.george alva = self.alva bikes = self.bikes self.assertTrue(is_equal_to_as_set(alva.uaccess.view_resources, [])) george.uaccess.share_resource_with_user( bikes, alva, PrivilegeCodes.VIEW) self.assertTrue( is_equal_to_as_set( alva.uaccess.view_resources, [bikes]))
def test_user_share_resource_with_group(self): george = self.george bikes = self.bikes bikers = self.bikers self.assertTrue(is_equal_to_as_set(bikers.gaccess.view_resources, [])) george.uaccess.share_resource_with_group( bikes, bikers, PrivilegeCodes.VIEW) self.assertTrue( is_equal_to_as_set( bikers.gaccess.view_resources, [bikes]))
def test_user_get_group_unshare_users(self): george = self.george alva = self.alva bikers = self.bikers self.assertTrue( is_equal_to_as_set( george.uaccess.get_group_unshare_users(bikers), [])) george.uaccess.share_group_with_user(bikers, alva, PrivilegeCodes.VIEW) self.assertTrue( is_equal_to_as_set( george.uaccess.get_group_unshare_users(bikers), [alva]))
def test_user_edit_resources(self): george = self.george bikes = self.bikes self.assertTrue( is_equal_to_as_set(george.uaccess.edit_resources, [bikes])) trikes = hydroshare.create_resource( resource_type='GenericResource', owner=self.george, title='Trikes', metadata=[], ) self.assertTrue( is_equal_to_as_set(george.uaccess.edit_resources, [bikes, trikes]))
def test_user_create_group(self): george = self.george bikers = self.bikers self.assertTrue( is_equal_to_as_set( george.uaccess.view_groups, [bikers])) foo = george.uaccess.create_group( title='Foozball', description="We are the foozball") self.assertTrue( is_equal_to_as_set( george.uaccess.view_groups, [ foo, bikers]))
def test_group_get_resources_with_explicit_access(self): george = self.george bikers = self.bikers bikes = self.bikes self.assertTrue( is_equal_to_as_set( bikers.gaccess.get_resources_with_explicit_access( PrivilegeCodes.VIEW), [])) george.uaccess.share_resource_with_group(bikes, bikers, PrivilegeCodes.CHANGE) self.assertTrue( is_equal_to_as_set( bikers.gaccess.get_resources_with_explicit_access( PrivilegeCodes.CHANGE), [bikes]))
def test_02_isolate(self): """A user who didn't create a resource cannot access it""" cat = self.cat dog = self.dog holes = hydroshare.create_resource(resource_type='GenericResource', owner=cat, title='all about dog holes', metadata=[],) # check that resource was created assertUserResourceState(self, cat, [holes], [], []) # check that resource is not accessible to others assertUserResourceState(self, dog, [], [], []) # metadata should be the same as before self.assertFalse(holes.raccess.immutable) self.assertFalse(holes.raccess.published) self.assertFalse(holes.raccess.discoverable) self.assertFalse(holes.raccess.public) self.assertTrue(holes.raccess.shareable) # protection state for non-owner self.assertFalse(dog.uaccess.owns_resource(holes)) self.assertFalse(dog.uaccess.can_change_resource(holes)) self.assertFalse(dog.uaccess.can_view_resource(holes)) # composite django state for non-owner self.assertFalse(dog.uaccess.can_change_resource_flags(holes)) self.assertFalse(dog.uaccess.can_delete_resource(holes)) self.assertFalse( dog.uaccess.can_share_resource( holes, PrivilegeCodes.OWNER)) self.assertFalse( dog.uaccess.can_share_resource( holes, PrivilegeCodes.CHANGE)) self.assertFalse( dog.uaccess.can_share_resource( holes, PrivilegeCodes.VIEW)) # test list access functions for unshare targets # these return empty because allowing this would violate the last owner # rule self.assertTrue( is_equal_to_as_set( [], cat.uaccess.get_resource_unshare_users(holes))) self.assertTrue( is_equal_to_as_set( [], dog.uaccess.get_resource_unshare_users(holes)))
def test_user_get_resources_with_explicit_access(self): george = self.george bikes = self.bikes self.assertTrue( is_equal_to_as_set( george.uaccess.get_resources_with_explicit_access( PrivilegeCodes.OWNER), [bikes])) self.assertTrue( is_equal_to_as_set( george.uaccess.get_resources_with_explicit_access( PrivilegeCodes.CHANGE), [])) self.assertTrue( is_equal_to_as_set( george.uaccess.get_resources_with_explicit_access( PrivilegeCodes.VIEW), []))
def test_user_edit_resources(self): george = self.george bikes = self.bikes self.assertTrue( is_equal_to_as_set( george.uaccess.edit_resources, [bikes])) trikes = hydroshare.create_resource(resource_type='GenericResource', owner=self.george, title='Trikes', metadata=[],) self.assertTrue( is_equal_to_as_set( george.uaccess.edit_resources, [ bikes, trikes]))
def test_group_get_resources_with_explicit_access(self): george = self.george bikers = self.bikers bikes = self.bikes self.assertTrue( is_equal_to_as_set( bikers.gaccess.get_resources_with_explicit_access( PrivilegeCodes.VIEW), [])) george.uaccess.share_resource_with_group( bikes, bikers, PrivilegeCodes.CHANGE) self.assertTrue( is_equal_to_as_set( bikers.gaccess.get_resources_with_explicit_access( PrivilegeCodes.CHANGE), [bikes]))
def test_user_get_resources_with_explicit_access(self): george = self.george bikes = self.bikes self.assertTrue( is_equal_to_as_set( george.uaccess.get_resources_with_explicit_access( PrivilegeCodes.OWNER), [bikes])) self.assertTrue( is_equal_to_as_set( george.uaccess.get_resources_with_explicit_access( PrivilegeCodes.CHANGE), [])) self.assertTrue( is_equal_to_as_set( george.uaccess.get_resources_with_explicit_access( PrivilegeCodes.VIEW), []))
def test_02_isolate(self): "Groups cannot be changed by non-members" cat = self.cat dog = self.dog polyamory = cat.uaccess.create_group( title='polyamory', description="We are the polyamory") # dog should not have access to the group privilege self.assertFalse(dog.uaccess.owns_group(polyamory)) self.assertFalse(dog.uaccess.can_change_group(polyamory)) self.assertTrue(dog.uaccess.can_view_group(polyamory)) # composite django state self.assertFalse(dog.uaccess.can_change_group_flags(polyamory)) self.assertFalse(dog.uaccess.can_delete_group(polyamory)) self.assertFalse( dog.uaccess.can_share_group(polyamory, PrivilegeCodes.OWNER)) self.assertFalse( dog.uaccess.can_share_group(polyamory, PrivilegeCodes.CHANGE)) self.assertFalse( dog.uaccess.can_share_group(polyamory, PrivilegeCodes.VIEW)) # dog's groups should be unchanged self.assertTrue(is_equal_to_as_set([], dog.uaccess.view_groups)) # dog should not be able to modify group members with self.assertRaises(PermissionDenied) as cm: dog.uaccess.share_group_with_user(polyamory, dog, PrivilegeCodes.CHANGE) self.assertEqual(cm.exception.message, 'User has no privilege over group')
def test_01_create(self): "Initial group state is correct" cat = self.cat polyamory = cat.uaccess.create_group( title='polyamory', description="We are the polyamory") # flag state self.assertTrue(polyamory.gaccess.public) self.assertTrue(polyamory.gaccess.shareable) self.assertTrue(polyamory.gaccess.discoverable) # privilege self.assertTrue(cat.uaccess.owns_group(polyamory)) self.assertTrue(cat.uaccess.can_change_group(polyamory)) self.assertTrue(cat.uaccess.can_view_group(polyamory)) # composite django state self.assertTrue(cat.uaccess.can_change_group_flags(polyamory)) self.assertTrue(cat.uaccess.can_delete_group(polyamory)) self.assertTrue( cat.uaccess.can_share_group(polyamory, PrivilegeCodes.OWNER)) self.assertTrue( cat.uaccess.can_share_group(polyamory, PrivilegeCodes.CHANGE)) self.assertTrue( cat.uaccess.can_share_group(polyamory, PrivilegeCodes.VIEW)) # membership self.assertTrue(cat in polyamory.gaccess.members) # ensure that this group was created and current user is a member self.assertTrue( is_equal_to_as_set([polyamory], cat.uaccess.view_groups))
def test_user_get_groups_with_explicit_access(self): george = self.george alva = self.alva bikers = self.bikers self.assertTrue( is_equal_to_as_set( george.uaccess.get_groups_with_explicit_access( PrivilegeCodes.OWNER), [bikers])) self.assertTrue( is_equal_to_as_set( alva.uaccess.get_groups_with_explicit_access( PrivilegeCodes.CHANGE), [])) self.assertTrue( is_equal_to_as_set( alva.uaccess.get_groups_with_explicit_access( PrivilegeCodes.VIEW), []))
def test_user_owned_groups(self): george = self.george bikers = self.bikers self.assertTrue( is_equal_to_as_set( george.uaccess.owned_groups, [bikers]))
def test_user_get_groups_with_explicit_access(self): george = self.george alva = self.alva bikers = self.bikers self.assertTrue( is_equal_to_as_set( george.uaccess.get_groups_with_explicit_access( PrivilegeCodes.OWNER), [bikers])) self.assertTrue( is_equal_to_as_set( alva.uaccess.get_groups_with_explicit_access( PrivilegeCodes.CHANGE), [])) self.assertTrue( is_equal_to_as_set( alva.uaccess.get_groups_with_explicit_access( PrivilegeCodes.VIEW), []))
def test_02_self_downgrade_resource(self): """can downgrade privilege for a resource to which one has access""" holes = self.holes cat = self.cat dog = self.dog cat.uaccess.share_resource_with_user(holes, dog, PrivilegeCodes.CHANGE) self.assertTrue(dog in holes.raccess.edit_users) self.assertTrue(dog in holes.raccess.view_users) self.assertTrue( is_equal_to_as_set([dog], dog.uaccess.get_resource_unshare_users(holes))) dog.uaccess.share_resource_with_user(holes, dog, PrivilegeCodes.VIEW) self.assertFalse(dog in holes.raccess.edit_users) self.assertTrue(dog in holes.raccess.view_users) self.assertTrue( is_equal_to_as_set([dog], dog.uaccess.get_resource_unshare_users(holes)))
def test_01_self_unshare_resource(self): """A user can unshare a resource with self""" holes = self.holes cat = self.cat dog = self.dog cat.uaccess.share_resource_with_user(holes, dog, PrivilegeCodes.CHANGE) self.assertTrue(dog in holes.raccess.edit_users) self.assertTrue(dog in holes.raccess.view_users) self.assertTrue( is_equal_to_as_set([dog], dog.uaccess.get_resource_unshare_users(holes))) dog.uaccess.unshare_resource_with_user(holes, dog) self.assertFalse(dog in holes.raccess.edit_users) self.assertFalse(dog in holes.raccess.view_users) self.assertTrue( is_equal_to_as_set([], dog.uaccess.get_resource_unshare_users(holes)))
def test_05_self_can_downgrade_group(self): """can downgrade privilege for a group of which one is a member """ meowers = self.meowers cat = self.cat dog = self.dog cat.uaccess.share_group_with_user(meowers, dog, PrivilegeCodes.CHANGE) self.assertTrue(dog in meowers.gaccess.edit_users) self.assertTrue(dog in meowers.gaccess.members) self.assertTrue( is_equal_to_as_set([dog], dog.uaccess.get_group_unshare_users(meowers))) dog.uaccess.share_group_with_user(meowers, dog, PrivilegeCodes.VIEW) self.assertFalse(dog in meowers.gaccess.edit_users) self.assertTrue(dog in meowers.gaccess.members) self.assertTrue( is_equal_to_as_set([dog], dog.uaccess.get_group_unshare_users(meowers)))
def test_04_self_unshare_group(self): """A user can unshare a group with self""" meowers = self.meowers cat = self.cat dog = self.dog cat.uaccess.share_group_with_user(meowers, dog, PrivilegeCodes.CHANGE) self.assertTrue(dog in meowers.gaccess.edit_users) self.assertTrue(dog in meowers.gaccess.members) self.assertTrue( is_equal_to_as_set([dog], dog.uaccess.get_group_unshare_users(meowers))) dog.uaccess.unshare_group_with_user(meowers, dog) self.assertFalse(dog in meowers.gaccess.edit_users) self.assertFalse(dog in meowers.gaccess.members) self.assertTrue( is_equal_to_as_set([], dog.uaccess.get_group_unshare_users(meowers)))
def test_04_self_unshare_group(self): """A user can unshare a group with self""" meowers = self.meowers cat = self.cat dog = self.dog cat.uaccess.share_group_with_user(meowers, dog, PrivilegeCodes.CHANGE) self.assertTrue(dog in meowers.gaccess.edit_users) self.assertTrue(dog in meowers.gaccess.members) self.assertTrue( is_equal_to_as_set( [dog], dog.uaccess.get_group_unshare_users(meowers))) dog.uaccess.unshare_group_with_user(meowers, dog) self.assertFalse(dog in meowers.gaccess.edit_users) self.assertFalse(dog in meowers.gaccess.members) self.assertTrue( is_equal_to_as_set( [], dog.uaccess.get_group_unshare_users(meowers)))
def test_01_self_unshare_resource(self): """A user can unshare a resource with self""" holes = self.holes cat = self.cat dog = self.dog cat.uaccess.share_resource_with_user(holes, dog, PrivilegeCodes.CHANGE) self.assertTrue(dog in holes.raccess.edit_users) self.assertTrue(dog in holes.raccess.view_users) self.assertTrue( is_equal_to_as_set( [dog], dog.uaccess.get_resource_unshare_users(holes))) dog.uaccess.unshare_resource_with_user(holes, dog) self.assertFalse(dog in holes.raccess.edit_users) self.assertFalse(dog in holes.raccess.view_users) self.assertTrue( is_equal_to_as_set( [], dog.uaccess.get_resource_unshare_users(holes)))
def test_iteration(self): " iterate over resources in a community " # This tests the mechanism by which we will display a community view self.dog.uaccess.share_community_with_group(self.pets, self.dogs, PrivilegeCodes.VIEW) self.dog.uaccess.share_community_with_group(self.pets, self.bats, PrivilegeCodes.VIEW) self.dog.uaccess.share_community_with_group(self.pets, self.cats, PrivilegeCodes.VIEW) comms = self.dog.uaccess.communities self.assertTrue(is_equal_to_as_set(comms, [self.pets])) comm = comms[0] groupc = comm.get_groups_with_explicit_access(PrivilegeCodes.CHANGE) self.assertTrue(is_equal_to_as_set(groupc, [])) groupv = comm.get_groups_with_explicit_access(PrivilegeCodes.VIEW) self.assertTrue( is_equal_to_as_set(groupv, [self.cats, self.bats, self.dogs])) for group in groupv: change_resources = comm.get_resources_with_explicit_access( self.dog, group, PrivilegeCodes.CHANGE) view_resources = comm.get_resources_with_explicit_access( self.dog, group, PrivilegeCodes.VIEW) self.assertTrue(is_disjoint_from(change_resources, view_resources)) for r in change_resources: self.assertTrue(self.dog.uaccess.can_change_resource(r)) self.assertTrue(self.dog.uaccess.can_view_resource(r)) for r in view_resources: # if a resource can be changed by some other group, it can be changed. # if self has administrative privilege over a group, and that group # has CHANGE, it can be changed. if not self.dog.uaccess.owns_resource(r) and\ not GroupResourcePrivilege.objects.filter( resource=r, privilege=PrivilegeCodes.CHANGE, group__g2ugp__user=self.dog).exists(): self.assertFalse(self.dog.uaccess.can_change_resource(r)) self.assertTrue(self.dog.uaccess.can_view_resource(r))
def test_05_self_can_downgrade_group(self): """can downgrade privilege for a group of which one is a member """ meowers = self.meowers cat = self.cat dog = self.dog cat.uaccess.share_group_with_user(meowers, dog, PrivilegeCodes.CHANGE) self.assertTrue(dog in meowers.gaccess.edit_users) self.assertTrue(dog in meowers.gaccess.members) self.assertTrue( is_equal_to_as_set( [dog], dog.uaccess.get_group_unshare_users(meowers))) dog.uaccess.share_group_with_user(meowers, dog, PrivilegeCodes.VIEW) self.assertFalse(dog in meowers.gaccess.edit_users) self.assertTrue(dog in meowers.gaccess.members) self.assertTrue( is_equal_to_as_set( [dog], dog.uaccess.get_group_unshare_users(meowers)))
def test_02_self_downgrade_resource(self): """can downgrade privilege for a resource to which one has access""" holes = self.holes cat = self.cat dog = self.dog cat.uaccess.share_resource_with_user(holes, dog, PrivilegeCodes.CHANGE) self.assertTrue(dog in holes.raccess.edit_users) self.assertTrue(dog in holes.raccess.view_users) self.assertTrue( is_equal_to_as_set( [dog], dog.uaccess.get_resource_unshare_users(holes))) dog.uaccess.share_resource_with_user(holes, dog, PrivilegeCodes.VIEW) self.assertFalse(dog in holes.raccess.edit_users) self.assertTrue(dog in holes.raccess.view_users) self.assertTrue( is_equal_to_as_set( [dog], dog.uaccess.get_resource_unshare_users(holes)))
def test_03_self_cannot_upgrade_resource(self): """cannot upgrade privilege for a resource to which one has access""" holes = self.holes cat = self.cat dog = self.dog cat.uaccess.share_resource_with_user(holes, dog, PrivilegeCodes.VIEW) self.assertFalse(dog in holes.raccess.edit_users) self.assertTrue(dog in holes.raccess.view_users) self.assertTrue( is_equal_to_as_set([dog], dog.uaccess.get_resource_unshare_users(holes))) with self.assertRaises(PermissionDenied): dog.uaccess.share_resource_with_user(holes, dog, PrivilegeCodes.VIEW) with self.assertRaises(PermissionDenied): dog.uaccess.share_resource_with_user(holes, dog, PrivilegeCodes.CHANGE) self.assertTrue(dog in holes.raccess.view_users) self.assertTrue( is_equal_to_as_set([dog], dog.uaccess.get_resource_unshare_users(holes)))
def test_usergroupprivilege_get_undo_users(self): george = self.george bikers = self.bikers alva = self.alva UserGroupProvenance.update(group=bikers, user=alva, privilege=PrivilegeCodes.CHANGE, grantor=george) self.assertTrue( is_equal_to_as_set( UserGroupProvenance.get_undo_users(group=bikers, grantor=george), [alva]))
def test_06_self_cannot_upgrade_group(self): """cannot upgrade privilege for a group of which one is a member """ meowers = self.meowers cat = self.cat dog = self.dog cat.uaccess.share_group_with_user(meowers, dog, PrivilegeCodes.VIEW) self.assertFalse(dog in meowers.gaccess.edit_users) self.assertTrue(dog in meowers.gaccess.members) self.assertTrue( is_equal_to_as_set([dog], dog.uaccess.get_group_unshare_users(meowers))) with self.assertRaises(PermissionDenied): dog.uaccess.share_group_with_user(meowers, dog, PrivilegeCodes.VIEW) with self.assertRaises(PermissionDenied): dog.uaccess.share_group_with_user(meowers, dog, PrivilegeCodes.CHANGE) self.assertTrue(dog in meowers.gaccess.members) self.assertTrue( is_equal_to_as_set([dog], dog.uaccess.get_group_unshare_users(meowers)))
def test_userresourceprivilege_get_undo_users(self): george = self.george bikes = self.bikes alva = self.alva UserResourceProvenance.update(resource=bikes, user=alva, privilege=PrivilegeCodes.CHANGE, grantor=george) self.assertTrue( is_equal_to_as_set( UserResourceProvenance.get_undo_users(resource=bikes, grantor=george), [alva]))
def test_iteration(self): " iterate over resources in a community " # This tests the mechanism by which we will display a community view self.dog.uaccess.share_community_with_group(self.pets, self.dogs, PrivilegeCodes.VIEW) self.dog.uaccess.share_community_with_group(self.pets, self.bats, PrivilegeCodes.VIEW) self.dog.uaccess.share_community_with_group(self.pets, self.cats, PrivilegeCodes.VIEW) comms = self.dog.uaccess.communities self.assertTrue(is_equal_to_as_set(comms, [self.pets])) comm = comms[0] groupc = comm.get_groups_with_explicit_access(PrivilegeCodes.CHANGE) self.assertTrue(is_equal_to_as_set(groupc, [])) groupv = comm.get_groups_with_explicit_access(PrivilegeCodes.VIEW) self.assertTrue(is_equal_to_as_set(groupv, [self.cats, self.bats, self.dogs])) for group in groupv: change_resources = comm.get_resources_with_explicit_access(self.dog, group, PrivilegeCodes.CHANGE) view_resources = comm.get_resources_with_explicit_access(self.dog, group, PrivilegeCodes.VIEW) self.assertTrue(is_disjoint_from(change_resources, view_resources)) for r in change_resources: self.assertTrue(self.dog.uaccess.can_change_resource(r)) self.assertTrue(self.dog.uaccess.can_view_resource(r)) for r in view_resources: # if a resource can be changed by some other group, it can be changed. # if self has administrative privilege over a group, and that group # has CHANGE, it can be changed. if not self.dog.uaccess.owns_resource(r) and\ not GroupResourcePrivilege.objects.filter( resource=r, privilege=PrivilegeCodes.CHANGE, group__g2ugp__user=self.dog).exists(): self.assertFalse(self.dog.uaccess.can_change_resource(r)) self.assertTrue(self.dog.uaccess.can_view_resource(r))
def test_groupresourceprivilege_get_undo_groups(self): george = self.george bikes = self.bikes bikers = self.bikers GroupResourceProvenance.update(resource=bikes, group=bikers, privilege=PrivilegeCodes.CHANGE, grantor=george) self.assertTrue( is_equal_to_as_set( GroupResourceProvenance.get_undo_groups(resource=bikes, grantor=george), [bikers]))
def test_03_self_cannot_upgrade_resource(self): """cannot upgrade privilege for a resource to which one has access""" holes = self.holes cat = self.cat dog = self.dog cat.uaccess.share_resource_with_user(holes, dog, PrivilegeCodes.VIEW) self.assertFalse(dog in holes.raccess.edit_users) self.assertTrue(dog in holes.raccess.view_users) self.assertTrue( is_equal_to_as_set( [dog], dog.uaccess.get_resource_unshare_users(holes))) with self.assertRaises(PermissionDenied): dog.uaccess.share_resource_with_user( holes, dog, PrivilegeCodes.VIEW) with self.assertRaises(PermissionDenied): dog.uaccess.share_resource_with_user( holes, dog, PrivilegeCodes.CHANGE) self.assertTrue(dog in holes.raccess.view_users) self.assertTrue( is_equal_to_as_set( [dog], dog.uaccess.get_resource_unshare_users(holes)))
def test_06_self_cannot_upgrade_group(self): """cannot upgrade privilege for a group of which one is a member """ meowers = self.meowers cat = self.cat dog = self.dog cat.uaccess.share_group_with_user(meowers, dog, PrivilegeCodes.VIEW) self.assertFalse(dog in meowers.gaccess.edit_users) self.assertTrue(dog in meowers.gaccess.members) self.assertTrue( is_equal_to_as_set( [dog], dog.uaccess.get_group_unshare_users(meowers))) with self.assertRaises(PermissionDenied): dog.uaccess.share_group_with_user( meowers, dog, PrivilegeCodes.VIEW) with self.assertRaises(PermissionDenied): dog.uaccess.share_group_with_user( meowers, dog, PrivilegeCodes.CHANGE) self.assertTrue(dog in meowers.gaccess.members) self.assertTrue( is_equal_to_as_set( [dog], dog.uaccess.get_group_unshare_users(meowers)))
def test_08_discoverable(self): """Discoverable resources show up in discoverable resource listings""" chewies = self.chewies nobody = self.nobody # test making a resource public self.assertFalse(chewies.raccess.immutable) self.assertFalse(chewies.raccess.public) self.assertFalse(chewies.raccess.published) self.assertFalse(chewies.raccess.discoverable) self.assertTrue(chewies.raccess.shareable) chewies.raccess.discoverable = True chewies.raccess.save() self.assertFalse(chewies.raccess.immutable) self.assertFalse(chewies.raccess.public) self.assertFalse(chewies.raccess.published) self.assertTrue(chewies.raccess.discoverable) self.assertTrue(chewies.raccess.shareable) # discoverable doesn't mean public # TODO: get_public_resources and get_discoverable_resources should be # static methods self.assertTrue( is_equal_to_as_set( [], GenericResource.public_resources.all())) self.assertTrue( is_equal_to_as_set( [chewies], GenericResource.discoverable_resources.all())) # can 'nobody' see the public resource owned by 'dog' but not # explicitly shared with 'nobody'. self.assertFalse(nobody.uaccess.owns_resource(chewies)) self.assertFalse(nobody.uaccess.can_change_resource(chewies)) self.assertFalse(nobody.uaccess.can_view_resource(chewies))
def test_02_share_rw(self): """An owner can share with CHANGE privileges""" scratching = self.scratching felines = self.felines dog = self.dog cat = self.cat nobody = self.nobody self.assertTrue( dog.uaccess.can_share_resource_with_group( scratching, felines, PrivilegeCodes.CHANGE)) dog.uaccess.share_resource_with_group( scratching, felines, PrivilegeCodes.CHANGE) # is the resource just shared with this group? self.assertEqual(felines.gaccess.view_resources.count(), 1) self.assertTrue( is_equal_to_as_set( [scratching], felines.gaccess.view_resources)) # check that flags haven't changed self.assertTrue(felines.gaccess.discoverable) self.assertTrue(felines.gaccess.public) self.assertTrue(cat.uaccess.can_view_group(felines)) self.assertFalse(cat.uaccess.can_change_group(felines)) self.assertFalse(cat.uaccess.owns_group(felines)) self.assertFalse(cat.uaccess.owns_resource(scratching)) self.assertTrue(cat.uaccess.can_change_resource(scratching)) self.assertTrue(cat.uaccess.can_view_resource(scratching)) # should be able to unshare anything one shared. with self.assertRaises(PermissionDenied) as cm: nobody.uaccess.unshare_resource_with_group(scratching, felines) self.assertEqual(cm.exception.message, 'Insufficient privilege to unshare resource') assertGroupResourceUnshareCoherence(self) self.assertTrue( dog.uaccess.can_unshare_resource_with_group( scratching, felines)) dog.uaccess.unshare_resource_with_group(scratching, felines) self.assertEqual(felines.gaccess.view_resources.count(), 0) assertGroupResourceUnshareCoherence(self)
def test_02_share_rw(self): """An owner can share with CHANGE privileges""" scratching = self.scratching felines = self.felines dog = self.dog cat = self.cat nobody = self.nobody self.assertTrue( dog.uaccess.can_share_resource_with_group( scratching, felines, PrivilegeCodes.CHANGE)) dog.uaccess.share_resource_with_group( scratching, felines, PrivilegeCodes.CHANGE) # is the resource just shared with this group? self.assertEqual(felines.gaccess.view_resources.count(), 1) self.assertTrue( is_equal_to_as_set( [scratching], felines.gaccess.view_resources)) # check that flags haven't changed self.assertTrue(felines.gaccess.discoverable) self.assertTrue(felines.gaccess.public) self.assertTrue(cat.uaccess.can_view_group(felines)) self.assertFalse(cat.uaccess.can_change_group(felines)) self.assertFalse(cat.uaccess.owns_group(felines)) self.assertFalse(cat.uaccess.owns_resource(scratching)) self.assertTrue(cat.uaccess.can_change_resource(scratching)) self.assertTrue(cat.uaccess.can_view_resource(scratching)) # should be able to unshare anything one shared. with self.assertRaises(PermissionDenied) as cm: nobody.uaccess.unshare_resource_with_group(scratching, felines) self.assertEqual(str(cm.exception), 'Insufficient privilege to unshare resource') assertGroupResourceUnshareCoherence(self) self.assertTrue( dog.uaccess.can_unshare_resource_with_group( scratching, felines)) dog.uaccess.unshare_resource_with_group(scratching, felines) self.assertEqual(felines.gaccess.view_resources.count(), 0) assertGroupResourceUnshareCoherence(self)
def test_groupcommunityprivilege_get_undo_groups(self): george = self.george rebels = self.rebels bikers = self.bikers GroupCommunityProvenance.update( community=rebels, group=bikers, privilege=PrivilegeCodes.CHANGE, grantor=george) self.assertTrue( is_equal_to_as_set( GroupCommunityProvenance.get_undo_groups( community=rebels, grantor=george), [bikers]))
def test_usercommunityprivilege_get_undo_users(self): george = self.george rebels = self.rebels alva = self.alva UserCommunityProvenance.update( community=rebels, user=alva, privilege=PrivilegeCodes.CHANGE, grantor=george) self.assertTrue( is_equal_to_as_set( UserCommunityProvenance.get_undo_users( community=rebels, grantor=george), [alva, george]))
def test_userresourceprivilege_get_undo_users(self): george = self.george bikes = self.bikes alva = self.alva UserResourceProvenance.update( resource=bikes, user=alva, privilege=PrivilegeCodes.CHANGE, grantor=george) self.assertTrue( is_equal_to_as_set( UserResourceProvenance.get_undo_users( resource=bikes, grantor=george), [alva]))
def test_groupresourceprivilege_get_undo_groups(self): george = self.george bikes = self.bikes bikers = self.bikers GroupResourceProvenance.update( resource=bikes, group=bikers, privilege=PrivilegeCodes.CHANGE, grantor=george) self.assertTrue( is_equal_to_as_set( GroupResourceProvenance.get_undo_groups( resource=bikes, grantor=george), [bikers]))
def test_usergroupprivilege_get_undo_users(self): george = self.george bikers = self.bikers alva = self.alva UserGroupProvenance.update( group=bikers, user=alva, privilege=PrivilegeCodes.CHANGE, grantor=george) self.assertTrue( is_equal_to_as_set( UserGroupProvenance.get_undo_users( group=bikers, grantor=george), [alva]))
def test_01_create(self): """Resource creator has appropriate access""" cat = self.cat # check that user cat owns and holds nothing assertUserResourceState(self, cat, [], [], []) # create a resource holes = hydroshare.create_resource(resource_type='GenericResource', owner=cat, title='all about dog holes', metadata=[],) assertUserResourceState(self, cat, [holes], [], []) # metadata state self.assertFalse(holes.raccess.immutable) self.assertFalse(holes.raccess.published) self.assertFalse(holes.raccess.discoverable) self.assertFalse(holes.raccess.public) self.assertTrue(holes.raccess.shareable) # protection state for owner self.assertTrue(cat.uaccess.owns_resource(holes)) self.assertTrue(cat.uaccess.can_change_resource(holes)) self.assertTrue(cat.uaccess.can_view_resource(holes)) # composite django state self.assertTrue(cat.uaccess.can_change_resource_flags(holes)) self.assertTrue(cat.uaccess.can_delete_resource(holes)) self.assertTrue( cat.uaccess.can_share_resource( holes, PrivilegeCodes.OWNER)) self.assertTrue( cat.uaccess.can_share_resource( holes, PrivilegeCodes.CHANGE)) self.assertTrue( cat.uaccess.can_share_resource( holes, PrivilegeCodes.VIEW)) # unsharing with cat would violate owner constraint self.assertTrue( is_equal_to_as_set( [], cat.uaccess.get_resource_unshare_users(holes))) self.assertFalse( cat.uaccess.can_unshare_resource_with_user( holes, cat))