def test_unauthorized(self): """It should return a "Permission Denied" error. """ resource = self.factory(workspace=self.workspace, object_permissions_enabled=True) did = helpers.to_global_id('DatastoreType', resource.pk) oid = helpers.to_global_id('UserType', self.users['MEMBER'].pk) privileges = [ 'view_datastore', 'change_datastore_metadata', 'change_datastore_settings', 'change_datastore_connection', 'delete_datastore', ] response = self.execute(variables={ 'id': did, 'objectId': oid, 'privileges': privileges, }) self.assertPermissionDenied(response) self.assertInstanceDoesNotExist( audit.Activity, verb='updated access privileges to', **serializers.get_audit_kwargs(resource), )
def test_valid_with_user_object_permission(self): """It should update permissions on an object. """ resource = self.factory(workspace=self.workspace, object_permissions_enabled=True) resource.assign_perm(self.user, 'change_datastore_access') did = helpers.to_global_id('DatastoreType', resource.pk) oid = helpers.to_global_id('UserType', self.users['OWNER'].pk) privileges = [ 'view_datastore', 'change_datastore_metadata', 'change_datastore_settings', 'change_datastore_connection', 'delete_datastore', ] response = self.execute(variables={'id': did, 'objectId': oid, 'privileges': privileges}) response = response['data'][self.operation] self.assertOk(response) for privilege in privileges: self.assertTrue(self.users['OWNER'].has_perm(privilege, resource)) self.assertInstanceCreated( audit.Activity, verb='updated access privileges to', **serializers.get_audit_kwargs(resource), )
def test_valid_with_group_object_permission(self): """It should update permissions on an object. """ group = factories.GroupFactory(workspace_id=self.workspace.id) group.user_set.add(self.users['MEMBER']) resource = self.factory(workspace=self.workspace, object_permissions_enabled=True) resource.assign_perm(group, 'change_datastore_access') did = helpers.to_global_id('DatastoreType', resource.pk) oid = helpers.to_global_id('GroupType', group.pk) privileges = [ 'view_datastore', 'change_datastore', 'change_datastore_access', ] response = self.execute(variables={'id': did, 'objectId': oid, 'privileges': privileges}) response = response['data'][self.operation] self.assertOk(response) for privilege in privileges: self.assertTrue(self.users['MEMBER'].has_perm(privilege, resource)) self.assertInstanceCreated( audit.Activity, verb='updated access privileges to', **serializers.get_audit_kwargs(resource), )
def test_when_valid_parent(self, mock_es_update): """It should create the comment with a parent. """ parent = factories.CommentFactory(content_object=self.resource) parent_id = helpers.to_global_id('CommentType', parent) variables = self._get_attributes(parentId=parent_id) response = self.execute(variables=variables) response = response['data'][self.operation] self.assertEqual( response, { 'comment': { 'html': variables['html'], 'parent': { 'pk': parent.pk, }, }, 'errors': None }) self.assertInstanceCreated(models.Comment, html=variables['html']) self.assertInstanceCreated( audit.Activity, verb='commented on', **serializers.get_audit_kwargs(models.Comment.objects.last()), ) self.assertTrue(mock_es_update.called)
def test_disabled_with_object_permissions(self): """It should permanently delete the datastore. """ resource = self.factory(workspace=self.workspace, object_permissions_enabled=True) globalid = helpers.to_global_id('DatastoreType', resource.pk) resource.assign_perm(self.user, 'change_datastore_access') response = self.execute(variables={'id': globalid}) response = response['data'][self.operation] self.assertEqual(response, { 'isEnabled': False, 'errors': None, }) self.assertInstanceUpdated( instance=resource, object_permissions_enabled=False, ) self.assertInstanceCreated( audit.Activity, verb='disabled limited access to', **serializers.get_audit_kwargs(resource), )
def test_not_found(self): variables = { 'id': helpers.to_global_id('DatastoreType', '12345'), 'port': 5432, } self.assertPermissionDenied(self.execute(variables=variables))
def test_with_fake_custom_field(self): """It should save without the fake field. """ resource = resource = self.factory(workspace=self.workspace) globalid = helpers.to_global_id('DatastoreType', resource.pk) t_customfield = self.workspace.custom_fields.filter( content_type__model="table", ).first() variables = { 'id': globalid, 'disabledTableProperties': [ t_customfield.pk, "abcdefghijklmnop", ], } response = self.execute(variables=variables) response = response['data'][self.operation] self.assertEqual(response, { 'datastore': { 'id': globalid, 'disabledDatastoreProperties': [], 'disabledTableProperties': [t_customfield.pk], }, 'errors': None, }) self.assertInstanceUpdated( resource, disable_table_properties=[t_customfield.pk], )
def test_unauthorized(self): """It should return a "Permission Denied" error. """ owner = self.resource.owners.create(workspace=self.workspace, owner=self.user) node_id = helpers.to_global_id('AssetOwnerType', owner.pk) self.assertPermissionDenied(self.execute(variables={'id': node_id}))
def test_when_valid_html(self, mock_es_update): """It should update the HTML of a comment. """ resource = factories.CommentFactory(content_object=self.resource, author=self.user) globalid = helpers.to_global_id('CommentType', resource.pk) response = self.execute(variables={ 'id': globalid, 'html': '<p>This is valid html</p>' }) response = response['data'][self.operation] self.assertInstanceUpdated(resource, html='<p>This is valid html</p>') self.assertEqual( response, { 'comment': { 'pk': resource.pk, 'html': '<p>This is valid html</p>', }, 'errors': None, }) self.assertInstanceCreated( audit.Activity, verb='updated comment on', **serializers.get_audit_kwargs(resource), ) self.assertTrue(mock_es_update.called)
def test_query_excludes_object_id_changes(self): """Test that the query exclude changes to the objectId field. """ table = Table.objects.filter( schema__datastore__id='x1nEp57xLm4N' ).first() revision = Revision( revision_id=uuid.uuid4(), run=self._run, workspace_id=self._run.workspace_id, resource=table, parent_resource=table.schema, action=Revision.MODIFIED, metadata={'field': 'object_id', 'old_value': 1000, 'new_value': 2000}, ) revision.set_first_seen_run(self._run) revision.save() node_id = helpers.to_global_id('TableType', table.pk) results = self.execute(self.statement, variables={'tableId': node_id}) results = results['data'][self.operation] self.assertEqual( first=len(results['edges']), second=11, msg="Node count should equal number of revisions." ) for edge in results['edges']: self.assertNotEqual(edge['node']['revisionId'], revision.revision_id)
def test_query_with_orphan_membership(self): """Tests when an email is invited that does not have an associated User. """ email = '*****@*****.**' membership, created = self.workspace.grant_membership(email, 'MEMBER') node_id = helpers.to_global_id('WorkspaceType', self.workspace.pk) results = self.execute(self.statement, variables={'workspaceId': node_id}) results = results['data'][self.operation] members = self.workspace.memberships.all() self.assertEqual( first=len(results['edges']), second=members.count(), msg="Node count should equal the number of team members.") self.assertEqual(first=results['totalCount'], second=len(results['edges']), msg="Node count should equal totalCount field.") output = next( filter(lambda m: m['node']['email'] == email, results['edges'])) self.assertIsNone(output['node']['name'], msg="Output should contain User without a name.")
def test_does_not_exist(self): """It should return a "Resource Not Found" error. """ globalid = helpers.to_global_id('CustomFieldType', '12345') response = self.execute(variables={'id': globalid}) self.assertNotFound(response)
def test_valid_for_table(self): """It should update a CustomField scoped to Table models. """ resource = self.factory(workspace=self.workspace, field_type=models.CustomField.ENUM) globalid = helpers.to_global_id('CustomFieldType', resource.pk) variables = { 'id': globalid, 'fieldName': helpers.faker.name(), 'validators': { 'choices': ['red', 'blue', 'yellow'] } } response = self.execute(variables=variables) response = response['data'][self.operation] self.assertEqual( response, { 'customField': { 'fieldName': variables['fieldName'], 'fieldType': models.CustomField.ENUM, 'validators': variables['validators'], }, 'errors': None }) self.assertInstanceUpdated( instance=resource, field_name=variables['fieldName'], validators=variables['validators'], )
def test_invalid_validators(self): """It should throw a validation error when a validators are invalid. """ resource = self.factory(workspace=self.workspace, field_type=models.CustomField.ENUM) globalid = helpers.to_global_id('CustomFieldType', resource.pk) variables = { 'id': globalid, 'validators': { 'choices': None, }, } response = self.execute(variables=variables) response = response['data'][self.operation] self.assertEqual( response, { 'customField': None, 'errors': [{ 'resource': 'CustomField', 'field': 'choices', 'code': 'nulled', }], })
def execute_success_test_case(self, owner_type, owner, order): """It should create the data asset owner. """ variables = { 'id': helpers.to_global_id(owner_type, owner.id), 'order': order, } response = self.execute(variables=variables) response = response['data'][self.operation] owner_instance = owner.owner self.assertEqual(response, { 'assetOwner': { 'type': owner_instance.__class__.__name__.upper(), 'order': order, 'owner': { 'name': owner_instance.name, }, }, 'errors': None }) self.assertInstanceUpdated(self.asset_owner, order=order)
def test_query_when_not_authenticated(self): """Outside users should not be able to access this resource. """ node_id = helpers.to_global_id('RunType', self.run_id) results = self.execute(self.statement, variables={'runId': node_id}) self.assertNotFound(results)
def test_query(self): """Test the query. """ node_id = helpers.to_global_id('RunType', self.run_id) results = self.execute(self.statement, variables={'runId': node_id}) results = results['data'][self.operation] run = Run.objects.get(pk=self.run_id) self.assertEqual( first=len(results['edges']), second=run.revision_count, msg="Node count should equal number of revisions." ) self.assertEqual( first=len(results['edges']), second=results['totalCount'], msg="Node count should equal totalCount field." ) types = set() for result in results['edges']: types.add(result['node']['relatedResource']['type']) self.assertEqual(len(types), 4)
def test_unauthorized(self): """It should return a "Permission Denied" error. """ resource = self.factory(workspace=self.workspace) globalid = helpers.to_global_id('SSOConnectionType', resource.pk) response = self.execute(variables={'id': globalid}) self.assertPermissionDenied(response)
def test_valid_for_table(self): """It should update the custom properties. """ resource = factories.TableFactory(workspace=self.workspace) globalid = helpers.to_global_id('TableType', resource.pk) self.execute_success_test_case(resource, globalid)
def test_not_found(self): """It should permanently delete the sso connection. """ globalid = helpers.to_global_id('SSOConnectionType', '12345') response = self.execute(variables={'id': globalid}) self.assertPermissionDenied(response)
def execute_success_test_case(self, owner_type, owner): """It should create the data asset owner. """ variables = { 'objectId': self.object_id, 'ownerId': helpers.to_global_id(owner_type, owner.id), } response = self.execute(variables=variables) response = response['data'][self.operation] self.assertEqual(response, { 'assetOwner': { 'type': owner.__class__.__name__.upper(), 'owner': { 'id': variables['ownerId'], 'name': owner.name, }, }, 'errors': None }) resource = models.AssetOwner.objects.get(owner_id=owner.id, object_id=self.resource.id) self.assertInstanceCreated( audit.Activity, verb='created', **serializers.get_asset_owner_audit_kwargs(resource), )
def test_delete(self): node_id = helpers.to_global_id('WorkspaceType', self.workspace.id) results = self.execute(variables={'id': node_id}) results = results['data'][self.operation] self.assertOk(results) self.assertInstanceDeleted(models.Workspace, id=self.workspace.id)
def test_not_found(self): """If the datastore does not exist, we return a 404 – Not Found message. """ results = self.execute(self.statement, variables={ 'datastoreId': helpers.to_global_id('DatastoreType', '123456'), }) self.assertNotFound(results)
def test_query_with_object_permissions(self): """It returns the datastore object. """ self.group.user_set.add(self.user) datastore, variables = self._setup_and_get_variables(object_permissions_enabled=True) datastore.assign_perm(self.user, 'definitions.view_datastore') results = self.execute(self.statement, variables=variables) results = results['data'][self.operation] self.assertEqual(results, [ { 'id': helpers.to_global_id('GroupType', self.group.pk), 'name': self.group.name, 'privileges': [ 'add_datastore', 'change_datastore', 'change_datastore_access', 'change_datastore_connection', 'change_datastore_metadata', 'change_datastore_settings', 'comment_on_datastore', 'delete_datastore', 'view_datastore', ] } ])
def test_query(self): """It returns the table definition object. """ _, variables = self._setup_and_get_variables() results = self.execute(self.statement, variables=variables) results = results['data'][self.operation] self.assertEqual(results, [ { 'id': helpers.to_global_id('GroupType', self.group.pk), 'name': self.group.name, 'privileges': [ 'add_datastore', 'change_datastore', 'change_datastore_access', 'change_datastore_connection', 'change_datastore_metadata', 'change_datastore_settings', 'comment_on_datastore', 'delete_datastore', 'view_datastore', ] } ])
def test_object_permissions(self): """It should return the requested resource if object-level permissions are granted. """ datastore = self.factory(workspace=self.workspace, object_permissions_enabled=True) global_id = helpers.to_global_id('DatastoreType', datastore.pk) results = self.execute(self.statement, variables={'id': global_id}) self.assertPermissionDenied(results) datastore.assign_perm(self.user, 'definitions.view_datastore') results = self.execute(self.statement, variables={'id': global_id}) results = results['data'][self.operation] self.assertEqual(results, { 'name': datastore.name, 'tags': datastore.tags, 'version': datastore.version, 'isEnabled': datastore.is_enabled, 'jdbcConnection': { 'engine': datastore.engine, 'host': datastore.host, 'username': datastore.username, 'database': datastore.database, 'port': datastore.port, }, 'sshConfig': { 'isEnabled': datastore.ssh_enabled, 'host': datastore.ssh_host, 'user': datastore.ssh_user, 'port': datastore.ssh_port, 'publicKey': self.workspace.ssh_public_key, } })
def test_query_when_not_authorized(self): """Outside users should not be able to access this resource. """ table = factories.TableFactory(workspace=self.workspace) global_id = helpers.to_global_id('TableType', table.pk) variables = {'objectId': global_id} results = self.execute(self.statement, variables=variables) self.assertPermissionDenied(results)
def test_query_when_not_authorized(self): """Outside users should not be able to access this resource. """ resource = self.factory(workspace_id=self.workspace.pk, author=self.user) globalid = helpers.to_global_id('CommentType', resource.pk) response = self.execute(variables={'id': globalid}) self.assertPermissionDenied(response)
def test_valid_with_object_permission_as_owner(self): """It should update the datastore. """ resource = factories.DatastoreFactory(workspace=self.workspace, object_permissions_enabled=True) globalid = helpers.to_global_id('DatastoreType', resource.pk) self.execute_success_test_case(resource, globalid)
def test_when_not_exists(self, mock_es_remove): """It should return a 404 error. """ globalid = helpers.to_global_id('CommentType', '1234') response = self.execute(variables={'id': globalid, 'html': 'Test'}) self.assertPermissionDenied(response) self.assertFalse(mock_es_remove.called)