def get_authenticated_idx_and_idx_types(user=None, idx_keys=None, idx_type_keys=None):
''' Check permissions on elastic indexes and returns indexes that the given user can see'''
# get all public idx_keys and idx_type_keys
(idx_keys_public, idx_type_keys_public) = elastic_factory.get_idx_and_idx_type_keys(auth_public=True)
# get all the private idx_keys and idx_type_keys
(idx_keys_private, idx_type_keys_private) = elastic_factory.get_idx_and_idx_type_keys(auth_public=False)
# user is None...return all public keys
if user is None:
return idx_keys_public, idx_type_keys_public
idx_keys_auth = []
idx_type_keys_auth = []
# idx_keys or idx_type_keys is None, first fetch and add public keys
# if idx_keys is None or idx_type_keys is None:
if idx_keys is None:
# First add all the public idx keys
idx_keys_auth.extend(idx_keys_public)
# Assign the idx keys that need to be checked
idx_keys = idx_keys_private
else:
# don't add all, limit the one that the user has passed
idx_keys_auth = [idx_key for idx_key in idx_keys if idx_key in idx_keys_public]
if idx_type_keys is None:
# First add all the public idx type keys
idx_type_keys_auth.extend(idx_type_keys_public)
# Assign the idx type keys that need to be checked
idx_type_keys = idx_type_keys_private
else:
# don't add all, limit the one that the user has passed
idx_type_keys_auth = [idx_key for idx_key in idx_type_keys if idx_key in idx_type_keys_public]
# get elastic model names for the idx_keys and types
(model_names_idx, model_names_idx_types) = elastic_factory.get_elastic_model_names(idx_keys=idx_keys,
idx_type_keys=idx_type_keys) # @IgnorePep8
# check if the user has permissions to see the idx model
model_names_idx_auth = _check_content_type_perms(model_names_idx, user)
# check if the user has permissions to see the idx type model
model_names_idx_types_auth = _check_content_type_perms(model_names_idx_types, user)
# finally get the actual idx keys from model names and return them
(idx_auth, idx_types_auth) = elastic_factory.get_keys_from_model_names(model_names_idx_auth,
model_names_idx_types_auth)
if idx_auth is not None and len(idx_auth) > 0:
for idx in idx_auth:
if idx not in idx_keys_auth:
idx_keys_auth.append(idx)
if idx_types_auth is not None and len(idx_types_auth) > 0:
for idx in idx_types_auth:
if idx not in idx_type_keys_auth:
idx_type_keys_auth.append(idx)
return (idx_keys_auth, idx_type_keys_auth)
def test_get_elastic_model_names_pydgin(self):
'''check whether the right model names are created for pydgin'''
# for pydgin, returns only models for private idx and idx_types
(model_names_idx, model_names_idx_types) = elastic_factory.get_elastic_model_names()
model_names = model_names_idx + model_names_idx_types
self.assertIn('disease_idx', model_names)
self.assertIn('gene-pathway_idx_type', model_names)
self.assertIn('marker-ic_idx_type', model_names)
self.assertIn('disease-disease_idx_type', model_names)
def test_elastic_model_names_round_trip(self):
# getting the private ones
(model_names_idx, model_names_idx_types) = elastic_factory.get_elastic_model_names(auth_public=False)
self.assertIn('target_mifsud_idx', model_names_idx, 'target_mifsud_idx found')
self.assertIn('cp_stats_gwas-gwas-anderson_idx_type', model_names_idx_types,
'cp_stats_gwas-gwas-anderson_idx_type found')
(idx_keys, idx_type_keys) = elastic_factory.get_keys_from_model_names(model_names_idx, model_names_idx_types)
self.assertIn('TARGET_MIFSUD', idx_keys, 'TARGET_MIFSUD found')
self.assertIn('CP_STATS_IC.IC-NAR_FARACO', idx_type_keys, 'CP_STATS_IC.IC-NAR_FARACO found')
def test_get_elastic_model_names_pydgin(self):
'''check whether the right model names are created for pydgin'''
# for pydgin, returns only models for private idx and idx_types
(model_names_idx,
model_names_idx_types) = elastic_factory.get_elastic_model_names()
model_names = model_names_idx + model_names_idx_types
self.assertIn('disease_idx', model_names)
self.assertIn('gene-pathway_idx_type', model_names)
self.assertIn('marker-ic_idx_type', model_names)
self.assertIn('disease-disease_idx_type', model_names)
def test_get_elastic_model_names_chicp(self):
'''check whether the right model names are created for chicp'''
elastic_factory.create_dynamic_models()
(idx_keys, idx_type_keys) = elastic_factory.get_idx_and_idx_type_keys(auth_public=False)
(model_names_idx, model_names_idx_types) = elastic_factory.get_elastic_model_names(
idx_keys=idx_keys,
idx_type_keys=idx_type_keys)
self.assertIn('target_mifsud_idx', model_names_idx)
self.assertIn('cp_stats_ic-ic-ms_imsgc_idx_type', model_names_idx_types)
self.assertIn('cp_stats_ic-ic-nar_faraco_idx_type', model_names_idx_types)
self.assertIn('cp_stats_gwas-gwas-okada_idx_type', model_names_idx_types)
self.assertIn('cp_stats_gwas-gwas-stahl_idx_type', model_names_idx_types)
def test_elastic_model_names_round_trip(self):
# getting the private ones
(model_names_idx,
model_names_idx_types) = elastic_factory.get_elastic_model_names(
auth_public=False)
self.assertIn('target_mifsud_idx', model_names_idx,
'target_mifsud_idx found')
self.assertIn('cp_stats_gwas-gwas-anderson_idx_type',
model_names_idx_types,
'cp_stats_gwas-gwas-anderson_idx_type found')
(idx_keys, idx_type_keys) = elastic_factory.get_keys_from_model_names(
model_names_idx, model_names_idx_types)
self.assertIn('TARGET_MIFSUD', idx_keys, 'TARGET_MIFSUD found')
self.assertIn('CP_STATS_IC.IC-NAR_FARACO', idx_type_keys,
'CP_STATS_IC.IC-NAR_FARACO found')
def test_get_elastic_model_names_chicp(self):
'''check whether the right model names are created for chicp'''
elastic_factory.create_dynamic_models()
(idx_keys, idx_type_keys) = elastic_factory.get_idx_and_idx_type_keys(
auth_public=False)
(model_names_idx,
model_names_idx_types) = elastic_factory.get_elastic_model_names(
idx_keys=idx_keys, idx_type_keys=idx_type_keys)
self.assertIn('target_mifsud_idx', model_names_idx)
self.assertIn('cp_stats_ic-ic-ms_imsgc_idx_type',
model_names_idx_types)
self.assertIn('cp_stats_ic-ic-nar_faraco_idx_type',
model_names_idx_types)
self.assertIn('cp_stats_gwas-gwas-okada_idx_type',
model_names_idx_types)
self.assertIn('cp_stats_gwas-gwas-stahl_idx_type',
model_names_idx_types)
def test_get_authenticated_idx_and_idx_types(self):
elastic_factory.create_dynamic_models()
# As user is none we should get back only public idx and idx_type keys
(idx_keys_auth,
idx_type_keys_auth) = get_authenticated_idx_and_idx_types(user=None)
self.assertIn('MARKER', idx_keys_auth)
self.assertIn('GENE', idx_keys_auth)
self.assertIn('PUBLICATION', idx_keys_auth)
self.assertIn('MARKER.MARKER', idx_type_keys_auth)
self.assertIn('MARKER.HISTORY', idx_type_keys_auth)
self.assertIn('GENE.GENE', idx_type_keys_auth)
# As user is not none and we have assigned the user to any group we should get back
# only public idx and idx_type keys
(idx_keys_auth,
idx_type_keys_auth) = get_authenticated_idx_and_idx_types(self.user)
self.assertIn('MARKER', idx_keys_auth)
self.assertIn('GENE', idx_keys_auth)
self.assertIn('PUBLICATION', idx_keys_auth)
self.assertIn('MARKER.MARKER', idx_type_keys_auth)
self.assertIn('MARKER.HISTORY', idx_type_keys_auth)
self.assertIn('GENE.GENE', idx_type_keys_auth)
# Create test_dil user and assign the user to DIL group
dil_group, created = Group.objects.get_or_create(name='DIL')
self.assertTrue(created)
dil_user = User.objects.create_user(username='******',
email='*****@*****.**',
password='******')
dil_user.groups.add(dil_group)
self.assertTrue(dil_user.groups.filter(name='DIL').exists())
all_groups_of_dil_user = dil_user.groups.values_list('name', flat=True)
self.assertTrue("DIL" in all_groups_of_dil_user, "Found DIL in groups")
self.assertTrue("READ" in all_groups_of_dil_user,
"Found READ in groups")
# get private idx and assign permission to dil_user
(model_names_idx,
model_names_idx_types) = elastic_factory.get_elastic_model_names(
auth_public=False)
test_idx_model = model_names_idx[0]
test_idx_type_model = model_names_idx_types[1]
self.assertTrue(test_idx_model.endswith('_idx'),
'Idx model ends with _idx')
self.assertTrue(test_idx_type_model.endswith('_idx_type'),
'Idx type model ends with _idx_type')
# create permissions on models and retest again to check if the idx could be seen
content_type_idx, created_idx = ContentType.objects.get_or_create( # @UnusedVariable
model=test_idx_model,
app_label=elastic_factory.PERMISSION_MODEL_APP_NAME,
)
content_type_idx_type, created_idx_type = ContentType.objects.get_or_create( # @UnusedVariable
model=test_idx_type_model,
app_label=elastic_factory.PERMISSION_MODEL_APP_NAME,
)
# The idx and idx_type should already exists in db, so created should be false
self.assertFalse(created_idx, test_idx_model + ' is available ')
self.assertFalse(created_idx_type,
test_idx_type_model + ' is available ')
self.assertIsNotNone(content_type_idx,
content_type_idx.name + ' is not None')
self.assertIsNotNone(content_type_idx_type,
content_type_idx_type.name + ' is not None')
# create permission and assign ...Generally we create via admin interface
can_read_permission_idx, create_permission_idx = Permission.objects.get_or_create( # @UnusedVariable
content_type=content_type_idx)
self.assertIsNotNone(
can_read_permission_idx,
' Permission is available ' + can_read_permission_idx.name)
can_read_permission_idx_type, create_permission_idx = Permission.objects.get_or_create( # @UnusedVariable
content_type=content_type_idx_type)
self.assertIsNotNone(
can_read_permission_idx_type,
' Permission is available ' + can_read_permission_idx_type.name)
# now grant access to test_dil and check if the user can see the index
# Add the permission to dil_group
dil_group.permissions.add(can_read_permission_idx)
dil_group.permissions.add(can_read_permission_idx_type)
dil_user = get_object_or_404(User, pk=dil_user.id)
available_group_perms = dil_user.get_group_permissions()
self.assertTrue('elastic.can_read_' +
test_idx_model.lower() in available_group_perms)
self.assertTrue('elastic.can_read_' +
test_idx_type_model.lower() in available_group_perms)
# Try to get the authenticated idx and idx_types keys again
(idx_keys_auth,
idx_type_keys_auth) = get_authenticated_idx_and_idx_types(dil_user)
(idx_model_name_auth,
idx_type_model_name_auth) = elastic_factory.get_elastic_model_names(
idx_keys=idx_keys_auth, idx_type_keys=idx_type_keys_auth)
self.assertTrue(test_idx_model in idx_model_name_auth)
self.assertTrue(test_idx_type_model in idx_type_model_name_auth)
self.assertIn('MARKER', idx_keys_auth)
self.assertIn('GENE', idx_keys_auth)
self.assertIn('PUBLICATION', idx_keys_auth)
self.assertIn('MARKER.MARKER', idx_type_keys_auth)
self.assertIn('MARKER.HISTORY', idx_type_keys_auth)
self.assertIn('GENE.GENE', idx_type_keys_auth)
# pass just one index key and index type and check for returned keys and types
# publication idx is public and publication.publication is private
idx_keys = ['PUBLICATION']
idx_type_keys = ['PUBLICATION.PUBLICATION']
idx_keys_auth = []
idx_type_keys_auth = []
(idx_keys_auth,
idx_type_keys_auth) = get_authenticated_idx_and_idx_types(
self.user, idx_keys=idx_keys, idx_type_keys=idx_type_keys)
self.assertIn('PUBLICATION', idx_keys_auth)
self.assertNotIn('PUBLICATION.PUBLICATION', idx_type_keys_auth)
self.assertTrue(len(idx_keys_auth) == 1, 'Got back only one idx')
# pass only one idx_keys and one idx type keys
idx_keys = ['PUBLICATION']
idx_keys_auth = []
idx_type_keys_auth = []
(idx_keys_auth,
idx_type_keys_auth) = get_authenticated_idx_and_idx_types(
self.user,
idx_keys=idx_keys,
)
self.assertIn('PUBLICATION', idx_keys_auth)
self.assertTrue(len(idx_keys_auth) == 1, 'Got back only one idx')
self.assertTrue(len(idx_type_keys_auth) == 3, 'Got back 3 idx types')
# pass only one idx type keys and idx keys
idx_type_keys = ['MARKER.MARKER', 'PUBLICATION.PUBLICATION']
idx_keys_auth = []
idx_type_keys_auth = []
(idx_keys_auth,
idx_type_keys_auth) = get_authenticated_idx_and_idx_types(
self.user,
idx_type_keys=idx_type_keys,
)
self.assertTrue(len(idx_keys_auth) == 3, 'Got back only one idx')
# as publication is private and we have passed the regular user this is right
self.assertTrue(len(idx_type_keys_auth) == 1, 'Got back 0 idx types')
def test_get_authenticated_idx_and_idx_types(self):
elastic_factory.create_dynamic_models()
# As user is none we should get back only public idx and idx_type keys
(idx_keys_auth, idx_type_keys_auth) = get_authenticated_idx_and_idx_types(user=None)
self.assertIn('MARKER', idx_keys_auth)
self.assertIn('GENE', idx_keys_auth)
self.assertIn('PUBLICATION', idx_keys_auth)
self.assertIn('MARKER.MARKER', idx_type_keys_auth)
self.assertIn('MARKER.HISTORY', idx_type_keys_auth)
self.assertIn('GENE.GENE', idx_type_keys_auth)
# As user is not none and we have assigned the user to any group we should get back
# only public idx and idx_type keys
(idx_keys_auth, idx_type_keys_auth) = get_authenticated_idx_and_idx_types(self.user)
self.assertIn('MARKER', idx_keys_auth)
self.assertIn('GENE', idx_keys_auth)
self.assertIn('PUBLICATION', idx_keys_auth)
self.assertIn('MARKER.MARKER', idx_type_keys_auth)
self.assertIn('MARKER.HISTORY', idx_type_keys_auth)
self.assertIn('GENE.GENE', idx_type_keys_auth)
# Create test_dil user and assign the user to DIL group
dil_group, created = Group.objects.get_or_create(name='DIL')
self.assertTrue(created)
dil_user = User.objects.create_user(
username='******', email='*****@*****.**', password='******')
dil_user.groups.add(dil_group)
self.assertTrue(dil_user.groups.filter(name='DIL').exists())
all_groups_of_dil_user = dil_user.groups.values_list('name', flat=True)
self.assertTrue("DIL" in all_groups_of_dil_user, "Found DIL in groups")
self.assertTrue("READ" in all_groups_of_dil_user, "Found READ in groups")
# get private idx and assign permission to dil_user
(model_names_idx, model_names_idx_types) = elastic_factory.get_elastic_model_names(auth_public=False)
test_idx_model = model_names_idx[0]
test_idx_type_model = model_names_idx_types[1]
self.assertTrue(test_idx_model.endswith('_idx'), 'Idx model ends with _idx')
self.assertTrue(test_idx_type_model.endswith('_idx_type'), 'Idx type model ends with _idx_type')
# create permissions on models and retest again to check if the idx could be seen
content_type_idx, created_idx = ContentType.objects.get_or_create( # @UnusedVariable
model=test_idx_model, app_label=elastic_factory.PERMISSION_MODEL_APP_NAME,
)
content_type_idx_type, created_idx_type = ContentType.objects.get_or_create( # @UnusedVariable
model=test_idx_type_model, app_label=elastic_factory.PERMISSION_MODEL_APP_NAME,
)
# The idx and idx_type should already exists in db, so created should be false
self.assertFalse(created_idx, test_idx_model + ' is available ')
self.assertFalse(created_idx_type, test_idx_type_model + ' is available ')
self.assertIsNotNone(content_type_idx, content_type_idx.name + ' is not None')
self.assertIsNotNone(content_type_idx_type, content_type_idx_type.name + ' is not None')
# create permission and assign ...Generally we create via admin interface
can_read_permission_idx, create_permission_idx = Permission.objects.get_or_create( # @UnusedVariable
content_type=content_type_idx)
self.assertIsNotNone(can_read_permission_idx, ' Permission is available ' + can_read_permission_idx.name)
can_read_permission_idx_type, create_permission_idx = Permission.objects.get_or_create( # @UnusedVariable
content_type=content_type_idx_type)
self.assertIsNotNone(can_read_permission_idx_type,
' Permission is available ' + can_read_permission_idx_type.name)
# now grant access to test_dil and check if the user can see the index
# Add the permission to dil_group
dil_group.permissions.add(can_read_permission_idx)
dil_group.permissions.add(can_read_permission_idx_type)
dil_user = get_object_or_404(User, pk=dil_user.id)
available_group_perms = dil_user.get_group_permissions()
self.assertTrue('elastic.can_read_' + test_idx_model.lower() in available_group_perms)
self.assertTrue('elastic.can_read_' + test_idx_type_model.lower() in available_group_perms)
# Try to get the authenticated idx and idx_types keys again
(idx_keys_auth, idx_type_keys_auth) = get_authenticated_idx_and_idx_types(dil_user)
(idx_model_name_auth, idx_type_model_name_auth) = elastic_factory.get_elastic_model_names(
idx_keys=idx_keys_auth,
idx_type_keys=idx_type_keys_auth)
self.assertTrue(test_idx_model in idx_model_name_auth)
self.assertTrue(test_idx_type_model in idx_type_model_name_auth)
self.assertIn('MARKER', idx_keys_auth)
self.assertIn('GENE', idx_keys_auth)
self.assertIn('PUBLICATION', idx_keys_auth)
self.assertIn('MARKER.MARKER', idx_type_keys_auth)
self.assertIn('MARKER.HISTORY', idx_type_keys_auth)
self.assertIn('GENE.GENE', idx_type_keys_auth)
# pass just one index key and index type and check for returned keys and types
# publication idx is public and publication.publication is private
idx_keys = ['PUBLICATION']
idx_type_keys = ['PUBLICATION.PUBLICATION']
idx_keys_auth = []
idx_type_keys_auth = []
(idx_keys_auth, idx_type_keys_auth) = get_authenticated_idx_and_idx_types(self.user,
idx_keys=idx_keys,
idx_type_keys=idx_type_keys)
self.assertIn('PUBLICATION', idx_keys_auth)
self.assertNotIn('PUBLICATION.PUBLICATION', idx_type_keys_auth)
self.assertTrue(len(idx_keys_auth) == 1, 'Got back only one idx')
# pass only one idx_keys and one idx type keys
idx_keys = ['PUBLICATION']
idx_keys_auth = []
idx_type_keys_auth = []
(idx_keys_auth, idx_type_keys_auth) = get_authenticated_idx_and_idx_types(self.user,
idx_keys=idx_keys,
)
self.assertIn('PUBLICATION', idx_keys_auth)
self.assertTrue(len(idx_keys_auth) == 1, 'Got back only one idx')
self.assertTrue(len(idx_type_keys_auth) == 3, 'Got back 3 idx types')
# pass only one idx type keys and idx keys
idx_type_keys = ['MARKER.MARKER', 'PUBLICATION.PUBLICATION']
idx_keys_auth = []
idx_type_keys_auth = []
(idx_keys_auth, idx_type_keys_auth) = get_authenticated_idx_and_idx_types(self.user,
idx_type_keys=idx_type_keys,
)
self.assertTrue(len(idx_keys_auth) == 3, 'Got back only one idx')
# as publication is private and we have passed the regular user this is right
self.assertTrue(len(idx_type_keys_auth) == 1, 'Got back 0 idx types')
def get_authenticated_idx_and_idx_types(user=None,
idx_keys=None,
idx_type_keys=None):
''' Check permissions on elastic indexes and returns indexes that the given user can see'''
# get all public idx_keys and idx_type_keys
(idx_keys_public,
idx_type_keys_public) = elastic_factory.get_idx_and_idx_type_keys(
auth_public=True)
# get all the private idx_keys and idx_type_keys
(idx_keys_private,
idx_type_keys_private) = elastic_factory.get_idx_and_idx_type_keys(
auth_public=False)
# user is None...return all public keys
if user is None:
return idx_keys_public, idx_type_keys_public
idx_keys_auth = []
idx_type_keys_auth = []
# idx_keys or idx_type_keys is None, first fetch and add public keys
# if idx_keys is None or idx_type_keys is None:
if idx_keys is None:
# First add all the public idx keys
idx_keys_auth.extend(idx_keys_public)
# Assign the idx keys that need to be checked
idx_keys = idx_keys_private
else:
# don't add all, limit the one that the user has passed
idx_keys_auth = [
idx_key for idx_key in idx_keys if idx_key in idx_keys_public
]
if idx_type_keys is None:
# First add all the public idx type keys
idx_type_keys_auth.extend(idx_type_keys_public)
# Assign the idx type keys that need to be checked
idx_type_keys = idx_type_keys_private
else:
# don't add all, limit the one that the user has passed
idx_type_keys_auth = [
idx_key for idx_key in idx_type_keys
if idx_key in idx_type_keys_public
]
# get elastic model names for the idx_keys and types
(model_names_idx,
model_names_idx_types) = elastic_factory.get_elastic_model_names(
idx_keys=idx_keys, idx_type_keys=idx_type_keys) # @IgnorePep8
# check if the user has permissions to see the idx model
model_names_idx_auth = _check_content_type_perms(model_names_idx, user)
# check if the user has permissions to see the idx type model
model_names_idx_types_auth = _check_content_type_perms(
model_names_idx_types, user)
# finally get the actual idx keys from model names and return them
(idx_auth, idx_types_auth) = elastic_factory.get_keys_from_model_names(
model_names_idx_auth, model_names_idx_types_auth)
if idx_auth is not None and len(idx_auth) > 0:
for idx in idx_auth:
if idx not in idx_keys_auth:
idx_keys_auth.append(idx)
if idx_types_auth is not None and len(idx_types_auth) > 0:
for idx in idx_types_auth:
if idx not in idx_type_keys_auth:
idx_type_keys_auth.append(idx)
return (idx_keys_auth, idx_type_keys_auth)
