def users(db, base_app): """Create admin, manager and user.""" base_app.config[ "CIRCULATION_VIEWS_PERMISSIONS_FACTORY"] = test_views_permissions_factory with db.session.begin_nested(): datastore = base_app.extensions["security"].datastore # create users manager = datastore.create_user(email="*****@*****.**", password="******", active=True) admin = datastore.create_user(email="*****@*****.**", password="******", active=True) user = datastore.create_user(email="*****@*****.**", password="******", active=True) # Give role to admin admin_role = Role(name="admin") db.session.add( ActionRoles(action=superuser_access.value, role=admin_role)) datastore.add_role_to_user(admin, admin_role) # Give role to user manager_role = Role(name="manager") db.session.add( ActionRoles(action=loan_read_access.value, role=manager_role)) datastore.add_role_to_user(manager, manager_role) db.session.commit() return {"admin": admin, "manager": manager, "user": user}
def users(db, app): """Create users.""" # create users admin = create_test_user(email='*****@*****.**', password='******', active=True) librarian = create_test_user(email='*****@*****.**', password='******', active=True) patron = create_test_user(email='*****@*****.**', password='******', active=True) with db.session.begin_nested(): datastore = app.extensions['security'].datastore # Give role to admin admin_role = Role(name='admin') db.session.add( ActionRoles(action=superuser_access.value, role=admin_role)) datastore.add_role_to_user(admin, admin_role) # Give role to librarian librarian_role = Role(name='librarian') db.session.add( ActionRoles(action=authenticated_user.value, role=librarian_role)) datastore.add_role_to_user(librarian, librarian_role) db.session.commit() return {'admin': admin, 'librarian': librarian, 'user': patron}
def test_action_needs(app, db, community, community_curator): """Test action needs creation.""" role = current_datastore.find_role('community:comtest:member') current_datastore.add_role_to_user(community_curator, role) ar = ActionRoles(action=COMMUNITY_READ, argument=community[1].id, role=role) db.session.add(ar) db.session.commit() login_user(community_curator) assert Permission(ParameterizedActionNeed(COMMUNITY_READ, community[1].id)).can()
def users(db, base_app): """Create admin, manager and user.""" # with Postgresql, when dropping the User table, the sequence is not # automatically reset to 1, causing issues with the tests demo data. db.session.execute("ALTER SEQUENCE IF EXISTS accounts_user_id_seq RESTART") db.session.commit() base_app.config[ "CIRCULATION_VIEWS_PERMISSIONS_FACTORY" ] = test_views_permissions_factory with db.session.begin_nested(): datastore = base_app.extensions["security"].datastore # create users manager = datastore.create_user( email="*****@*****.**", password="******", active=True ) admin = datastore.create_user( email="*****@*****.**", password="******", active=True ) user = datastore.create_user( email="*****@*****.**", password="******", active=True ) # Give role to admin admin_role = Role(name="admin") db.session.add( ActionRoles(action=superuser_access.value, role=admin_role) ) datastore.add_role_to_user(admin, admin_role) # Give role to user manager_role = Role(name="manager") db.session.add( ActionRoles(action=loan_read_access.value, role=manager_role) ) datastore.add_role_to_user(manager, manager_role) db.session.commit() return {"admin": admin, "manager": manager, "user": user}
def admin(app, db): """Create admin, librarians and patrons.""" with db.session.begin_nested(): datastore = app.extensions["security"].datastore admin = datastore.create_user(email="*****@*****.**", password="******", active=True) # Give role to admin admin_role = Role(name="admin") db.session.add( ActionRoles(action=superuser_access.value, role=admin_role)) datastore.add_role_to_user(admin, admin_role) db.session.commit() return admin
def test_cli_action_deny(app, community, authenticated_user, db): runner = CliRunner() script_info = ScriptInfo(create_app=lambda info: app) app.config['SQLALCHEMY_DATABASE_URI'] = os.getenv( 'SQLALCHEMY_DATABASE_URI', 'sqlite://') role = community[1].roles[0] current_datastore.add_role_to_user(authenticated_user, role) login_user(authenticated_user) db.session.add( ActionRoles(action=COMMUNITY_READ, argument=community[0], role=role)) assert Permission(ParameterizedActionNeed(COMMUNITY_READ, community[0])).allows(g.identity)
def permissions(db, community, sample_records): """Permission for users.""" users = {None: None} user_roles = ['author', 'curator', 'publisher', 'member'] community_roles = {r.name.split(':')[-1]: r for r in community[1].roles} for role in user_roles: users[role] = create_test_user( email='{0}@invenio-software.org'.format(role), password='******', active=True ) if role == 'author': current_datastore.add_role_to_user(users[role], community_roles['member']) else: current_datastore.add_role_to_user(users[role], community_roles['member']) current_datastore.add_role_to_user(users[role], community_roles[role]) perms = [ (COMMUNITY_REQUEST_APPROVAL, ['author']), (COMMUNITY_APPROVE, ['curator']), (COMMUNITY_REQUEST_CHANGES, ['curator']), (COMMUNITY_REVERT_APPROVE, ['curator', 'publisher']), (COMMUNITY_PUBLISH, ['publisher']), (COMMUNITY_UNPUBLISH, ['publisher']) ] for action, roles in perms: for r in roles: if r == 'author': db.session.add(ActionUsers( action=action, argument=community[1].id, user=users[r])) else: role_name = current_oarepo_communities.role_name_factory(community[1], r)['name'] role = current_datastore.find_role(role_name) db.session.add(ActionRoles(action=action, argument=community[1].id, role=role)) db.session.commit() yield users
def allow_action(self, role, action, system=False): """Allow action for a role.""" self._validate_role_action(role, action, system) with db.session.begin_nested(): if system: ar = ActionSystemRoles.query.filter_by( action=action, argument=self.id, role_name=role.value).first() if not ar: ar = ActionSystemRoles(action=action, argument=self.id, role_name=role.value) else: ar = ActionRoles.query.filter_by(action=action, argument=self.id, role_id=role.id).first() if not ar: ar = ActionRoles(action=action, argument=self.id, role=role) db.session.add(ar) return ar
def test_records_get(db, app, community, client, users, es, sample_records, test_blueprint): # Non-community members cannot read on primary neither secondary community resp = client.get('https://localhost/B/7') assert resp.status_code == 401 resp = client.get('https://localhost/comtest/7') assert resp.status_code == 401 role = Role.query.all()[0] user = User.query.all()[0] community[1].allow_action(role, COMMUNITY_READ) db.session.add(ActionRoles(action=COMMUNITY_READ, argument='B', role=role)) db.session.commit() current_datastore.add_role_to_user(user, role) with app.test_client() as client: resp = client.get( url_for('_tests.test_login_{}'.format(user.id), _scheme='https', _external=True)) assert resp.status_code == 200 # Record should be accessible in the primary community collection resp = client.get('https://localhost/comtest/7') assert resp.status_code == 200 assert resp.json['links']['self'] == 'https://localhost/comtest/7' # Record should also be readable in the secondary community collection resp = client.get('https://localhost/B/7') assert resp.status_code == 200 assert resp.json['links']['self'] == 'https://localhost/comtest/7' # Record get should return 404 on any other community resp = client.get('https://localhost/C/7') assert resp.status_code == 404