def users(db, base_app):
"""Create admin, manager and user."""
base_app.config[
"CIRCULATION_VIEWS_PERMISSIONS_FACTORY"] = test_views_permissions_factory
with db.session.begin_nested():
datastore = base_app.extensions["security"].datastore
# create users
manager = datastore.create_user(email="*****@*****.**",
password="******",
active=True)
admin = datastore.create_user(email="*****@*****.**",
password="******",
active=True)
user = datastore.create_user(email="*****@*****.**",
password="******",
active=True)
# Give role to admin
admin_role = Role(name="admin")
db.session.add(
ActionRoles(action=superuser_access.value, role=admin_role))
datastore.add_role_to_user(admin, admin_role)
# Give role to user
manager_role = Role(name="manager")
db.session.add(
ActionRoles(action=loan_read_access.value, role=manager_role))
datastore.add_role_to_user(manager, manager_role)
db.session.commit()
return {"admin": admin, "manager": manager, "user": user}
def users(db, app):
"""Create users."""
# create users
admin = create_test_user(email='*****@*****.**',
password='******',
active=True)
librarian = create_test_user(email='*****@*****.**',
password='******',
active=True)
patron = create_test_user(email='*****@*****.**',
password='******',
active=True)
with db.session.begin_nested():
datastore = app.extensions['security'].datastore
# Give role to admin
admin_role = Role(name='admin')
db.session.add(
ActionRoles(action=superuser_access.value, role=admin_role))
datastore.add_role_to_user(admin, admin_role)
# Give role to librarian
librarian_role = Role(name='librarian')
db.session.add(
ActionRoles(action=authenticated_user.value, role=librarian_role))
datastore.add_role_to_user(librarian, librarian_role)
db.session.commit()
return {'admin': admin, 'librarian': librarian, 'user': patron}
def test_action_needs(app, db, community, community_curator):
"""Test action needs creation."""
role = current_datastore.find_role('community:comtest:member')
current_datastore.add_role_to_user(community_curator, role)
ar = ActionRoles(action=COMMUNITY_READ, argument=community[1].id, role=role)
db.session.add(ar)
db.session.commit()
login_user(community_curator)
assert Permission(ParameterizedActionNeed(COMMUNITY_READ, community[1].id)).can()
def users(db, base_app):
"""Create admin, manager and user."""
# with Postgresql, when dropping the User table, the sequence is not
# automatically reset to 1, causing issues with the tests demo data.
db.session.execute("ALTER SEQUENCE IF EXISTS accounts_user_id_seq RESTART")
db.session.commit()
base_app.config[
"CIRCULATION_VIEWS_PERMISSIONS_FACTORY"
] = test_views_permissions_factory
with db.session.begin_nested():
datastore = base_app.extensions["security"].datastore
# create users
manager = datastore.create_user(
email="*****@*****.**", password="******", active=True
)
admin = datastore.create_user(
email="*****@*****.**", password="******", active=True
)
user = datastore.create_user(
email="*****@*****.**", password="******", active=True
)
# Give role to admin
admin_role = Role(name="admin")
db.session.add(
ActionRoles(action=superuser_access.value, role=admin_role)
)
datastore.add_role_to_user(admin, admin_role)
# Give role to user
manager_role = Role(name="manager")
db.session.add(
ActionRoles(action=loan_read_access.value, role=manager_role)
)
datastore.add_role_to_user(manager, manager_role)
db.session.commit()
return {"admin": admin, "manager": manager, "user": user}
def admin(app, db):
"""Create admin, librarians and patrons."""
with db.session.begin_nested():
datastore = app.extensions["security"].datastore
admin = datastore.create_user(email="*****@*****.**",
password="******",
active=True)
# Give role to admin
admin_role = Role(name="admin")
db.session.add(
ActionRoles(action=superuser_access.value, role=admin_role))
datastore.add_role_to_user(admin, admin_role)
db.session.commit()
return admin
def test_cli_action_deny(app, community, authenticated_user, db):
runner = CliRunner()
script_info = ScriptInfo(create_app=lambda info: app)
app.config['SQLALCHEMY_DATABASE_URI'] = os.getenv(
'SQLALCHEMY_DATABASE_URI', 'sqlite://')
role = community[1].roles[0]
current_datastore.add_role_to_user(authenticated_user, role)
login_user(authenticated_user)
db.session.add(
ActionRoles(action=COMMUNITY_READ, argument=community[0], role=role))
assert Permission(ParameterizedActionNeed(COMMUNITY_READ,
community[0])).allows(g.identity)
def permissions(db, community, sample_records):
"""Permission for users."""
users = {None: None}
user_roles = ['author', 'curator', 'publisher', 'member']
community_roles = {r.name.split(':')[-1]: r for r in community[1].roles}
for role in user_roles:
users[role] = create_test_user(
email='{0}@invenio-software.org'.format(role),
password='******',
active=True
)
if role == 'author':
current_datastore.add_role_to_user(users[role], community_roles['member'])
else:
current_datastore.add_role_to_user(users[role], community_roles['member'])
current_datastore.add_role_to_user(users[role], community_roles[role])
perms = [
(COMMUNITY_REQUEST_APPROVAL, ['author']),
(COMMUNITY_APPROVE, ['curator']),
(COMMUNITY_REQUEST_CHANGES, ['curator']),
(COMMUNITY_REVERT_APPROVE, ['curator', 'publisher']),
(COMMUNITY_PUBLISH, ['publisher']),
(COMMUNITY_UNPUBLISH, ['publisher'])
]
for action, roles in perms:
for r in roles:
if r == 'author':
db.session.add(ActionUsers(
action=action,
argument=community[1].id,
user=users[r]))
else:
role_name = current_oarepo_communities.role_name_factory(community[1], r)['name']
role = current_datastore.find_role(role_name)
db.session.add(ActionRoles(action=action, argument=community[1].id, role=role))
db.session.commit()
yield users
def allow_action(self, role, action, system=False):
"""Allow action for a role."""
self._validate_role_action(role, action, system)
with db.session.begin_nested():
if system:
ar = ActionSystemRoles.query.filter_by(
action=action, argument=self.id,
role_name=role.value).first()
if not ar:
ar = ActionSystemRoles(action=action,
argument=self.id,
role_name=role.value)
else:
ar = ActionRoles.query.filter_by(action=action,
argument=self.id,
role_id=role.id).first()
if not ar:
ar = ActionRoles(action=action,
argument=self.id,
role=role)
db.session.add(ar)
return ar
def test_records_get(db, app, community, client, users, es, sample_records,
test_blueprint):
# Non-community members cannot read on primary neither secondary community
resp = client.get('https://localhost/B/7')
assert resp.status_code == 401
resp = client.get('https://localhost/comtest/7')
assert resp.status_code == 401
role = Role.query.all()[0]
user = User.query.all()[0]
community[1].allow_action(role, COMMUNITY_READ)
db.session.add(ActionRoles(action=COMMUNITY_READ, argument='B', role=role))
db.session.commit()
current_datastore.add_role_to_user(user, role)
with app.test_client() as client:
resp = client.get(
url_for('_tests.test_login_{}'.format(user.id),
_scheme='https',
_external=True))
assert resp.status_code == 200
# Record should be accessible in the primary community collection
resp = client.get('https://localhost/comtest/7')
assert resp.status_code == 200
assert resp.json['links']['self'] == 'https://localhost/comtest/7'
# Record should also be readable in the secondary community collection
resp = client.get('https://localhost/B/7')
assert resp.status_code == 200
assert resp.json['links']['self'] == 'https://localhost/comtest/7'
# Record get should return 404 on any other community
resp = client.get('https://localhost/C/7')
assert resp.status_code == 404