def test_save_new_object_unauthorized(self): plot = Plot(geom=self.p1, instance=self.instance) self.assertRaises(AuthorizeException, plot.save_with_user, self.outlaw) plot.save_base() tree = Tree(plot=plot, instance=self.instance) self.assertRaises(AuthorizeException, tree.save_with_user, self.outlaw)
def test_save_new_object_unauthorized_tweaker(self): plot = Plot(geom=self.p1, instance=self.instance) self.assertRaises(AuthorizeException, plot.save_with_user, self.tweaker_user) plot.save_base() tree = Tree(plot=plot, instance=self.instance) self.assertRaises(AuthorizeException, tree.save_with_user, self.tweaker_user)
class ModelUnicodeTests(OTMTestCase): def setUp(self): self.instance = make_instance(name='Test Instance') self.species = Species(instance=self.instance, common_name='Test Common Name', genus='Test Genus', cultivar='Test Cultivar', species='Test Species') self.species.save_base() self.user = make_user(username='******', password='******') self.plot = Plot(geom=Point(1, 1), instance=self.instance, address_street="123 Main Street") self.plot.save_base() self.tree = Tree(plot=self.plot, instance=self.instance) self.tree.save_base() self.boundary = make_simple_boundary("Test Boundary") self.role = Role(instance=self.instance, name='Test Role', rep_thresh=2) self.role.save() self.field_permission = FieldPermission( model_name="Tree", field_name="readonly", permission_level=FieldPermission.READ_ONLY, role=self.role, instance=self.instance) self.field_permission.save_base() self.audit = Audit(action=Audit.Type.Update, model="Tree", field="readonly", model_id=1, user=self.user, previous_value=True, current_value=False) self.audit.save_base() self.reputation_metric = ReputationMetric(instance=self.instance, model_name="Tree", action="Test Action") self.reputation_metric.save_base() def test_instance_model(self): self.assertEqual(unicode(self.instance), "Test Instance") def test_species_model(self): self.assertEqual( unicode(self.species), "Test Common Name [Test Genus Test Species 'Test Cultivar']") def test_user_model(self): self.assertEqual(unicode(self.user), 'commander') def test_plot_model(self): self.assertEqual(unicode(self.plot), 'Plot (1.0, 1.0) 123 Main Street') def test_tree_model(self): self.assertEqual(unicode(self.tree), '') def test_boundary_model(self): self.assertEqual(unicode(self.boundary), 'Test Boundary') def test_role_model(self): self.assertEqual(unicode(self.role), 'Test Role (%s)' % self.role.pk) def test_field_permission_model(self): self.assertEqual(unicode(self.field_permission), 'Tree.readonly - Test Role (%s) - Read Only' % self.role.pk) def test_audit_model(self): self.assertEqual( unicode(self.audit), 'pk=%s - action=Update - Tree.readonly:(1) - True => False' % self.audit.pk) def test_reputation_metric_model(self): self.assertEqual(unicode(self.reputation_metric), 'Test Instance - Tree - Test Action')
class UDFAuditTest(OTMTestCase): def setUp(self): self.instance = make_instance() self.commander_user = make_commander_user(self.instance) set_write_permissions(self.instance, self.commander_user, 'Plot', ['udf:Test choice']) self.p = Point(-8515941.0, 4953519.0) UserDefinedFieldDefinition.objects.create(instance=self.instance, model_type='Plot', datatype=json.dumps({ 'type': 'choice', 'choices': ['a', 'b', 'c'] }), iscollection=False, name='Test choice') UserDefinedFieldDefinition.objects.create(instance=self.instance, model_type='Plot', datatype=json.dumps( {'type': 'string'}), iscollection=False, name='Test unauth') UserDefinedFieldDefinition.objects.create(instance=self.instance, model_type='Plot', datatype=json.dumps([{ 'type': 'choice', 'name': 'a choice', 'choices': ['a', 'b', 'c'] }, { 'type': 'string', 'name': 'a string' }]), iscollection=True, name='Test collection') self.plot = Plot(geom=self.p, instance=self.instance) self.plot.save_with_user(self.commander_user) psycopg2.extras.register_hstore(connection.cursor(), globally=True) def test_mask_unauthorized_with_udfs(self): officer_user = make_officer_user(self.instance) self.plot.udfs['Test choice'] = 'b' self.plot.save_with_user(self.commander_user) self.plot.udfs['Test unauth'] = 'foo' self.plot.save_base() newplot = Plot.objects.get(pk=self.plot.pk) self.assertEqual(newplot.udfs['Test choice'], 'b') self.assertEqual(newplot.udfs['Test unauth'], 'foo') newplot = Plot.objects.get(pk=self.plot.pk) newplot.mask_unauthorized_fields(self.commander_user) self.assertEqual(newplot.udfs['Test choice'], 'b') self.assertEqual(newplot.udfs['Test unauth'], None) newplot = Plot.objects.get(pk=self.plot.pk) newplot.mask_unauthorized_fields(officer_user) self.assertEqual(newplot.udfs['Test choice'], None) self.assertEqual(newplot.udfs['Test unauth'], None) def test_update_field_creates_audit(self): self.plot.udfs['Test choice'] = 'b' self.plot.save_with_user(self.commander_user) last_audit = list(self.plot.audits())[-1] self.assertEqual(last_audit.model, 'Plot') self.assertEqual(last_audit.model_id, self.plot.pk) self.assertEqual(last_audit.field, 'udf:Test choice') self.assertEqual(last_audit.previous_value, None) self.assertEqual(last_audit.current_value, 'b') self.plot.udfs['Test choice'] = 'c' self.plot.save_with_user(self.commander_user) last_audit = list(self.plot.audits())[-1] self.assertEqual(last_audit.model, 'Plot') self.assertEqual(last_audit.model_id, self.plot.pk) self.assertEqual(last_audit.field, 'udf:Test choice') self.assertEqual(last_audit.previous_value, 'b') self.assertEqual(last_audit.current_value, 'c') def test_cant_edit_unauthorized_collection(self): self.plot.udfs['Test collection'] = [{ 'a choice': 'a', 'a string': 's' }] self.assertRaises(AuthorizeException, self.plot.save_with_user, self.commander_user) def test_cant_edit_unauthorized_field(self): self.plot.udfs['Test unauth'] = 'c' self.assertRaises(AuthorizeException, self.plot.save_with_user, self.commander_user) def test_create_and_apply_pending(self): pending = self.plot.audits().filter(requires_auth=True) self.assertEqual(len(pending), 0) role = self.commander_user.get_role(self.instance) fp, _ = FieldPermission.objects.get_or_create( model_name='Plot', field_name='udf:Test unauth', permission_level=FieldPermission.WRITE_WITH_AUDIT, role=role, instance=self.instance) self.plot.udfs['Test unauth'] = 'c' self.plot.save_with_user(self.commander_user) reloaded_plot = Plot.objects.get(pk=self.plot.pk) self.assertEqual(reloaded_plot.udfs['Test unauth'], None) pending = self.plot.audits().filter(requires_auth=True) self.assertEqual(len(pending), 1) fp.permission_level = FieldPermission.WRITE_DIRECTLY fp.save() approve_or_reject_audit_and_apply(pending[0], self.commander_user, True) reloaded_plot = Plot.objects.get(pk=self.plot.pk) self.assertEqual(reloaded_plot.udfs['Test unauth'], 'c') def test_create_invalid_pending_collection(self): pending = self.plot.audits().filter(requires_auth=True) self.assertEqual(len(pending), 0) role = self.commander_user.get_role(self.instance) fp, _ = FieldPermission.objects.get_or_create( model_name='Plot', field_name='udf:Test collection', permission_level=FieldPermission.WRITE_WITH_AUDIT, role=role, instance=self.instance) self.plot.udfs['Test collection'] = [{ 'a choice': 'invalid choice', 'a string': 's' }] self.assertRaises(ValidationError, self.plot.save_with_user, self.commander_user) def test_create_and_apply_pending_collection(self): pending = self.plot.audits().filter(requires_auth=True) self.assertEqual(len(pending), 0) role = self.commander_user.get_role(self.instance) fp, _ = FieldPermission.objects.get_or_create( model_name='Plot', field_name='udf:Test collection', permission_level=FieldPermission.WRITE_WITH_AUDIT, role=role, instance=self.instance) self.plot.udfs['Test collection'] = [{ 'a choice': 'a', 'a string': 's' }] self.plot.save_with_user(self.commander_user) reloaded_plot = Plot.objects.get(pk=self.plot.pk) self.assertEqual(reloaded_plot.udfs['Test collection'], []) pending = self.plot.audits().filter(requires_auth=True) # Expecting 'model_id', 'id', 'field def id' # and two udf fields ('a string' and 'a choice') self.assertEqual(len(pending), 5) fp.permission_level = FieldPermission.WRITE_DIRECTLY fp.save() approve_or_reject_audits_and_apply(pending, self.commander_user, True) reloaded_plot = Plot.objects.get(pk=self.plot.pk) col = reloaded_plot.udfs['Test collection'] self.assertEqual(len(col), 1) self.assertEqual(col[0]['a choice'], 'a') self.assertEqual(col[0]['a string'], 's')
class UserRoleFieldPermissionTest(MultiUserTestCase): def setUp(self): super(UserRoleFieldPermissionTest, self).setUp() self.plot = Plot(geom=self.p1, instance=self.instance) self.plot.save_with_user(self.commander_user) self.tree = Tree(plot=self.plot, instance=self.instance) self.tree.save_with_user(self.direct_user) def test_no_permission_cant_edit_object(self): self.plot.length = 10 self.assertRaises(AuthorizeException, self.plot.save_with_user, self.outlaw_user) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.tree.diameter = 10 self.assertRaises(AuthorizeException, self.tree.save_with_user, self.outlaw_user) self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) def test_readonly_cant_edit_object(self): self.plot.length = 10 self.assertRaises(AuthorizeException, self.plot.save_with_user, self.observer_user) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.tree.diameter = 10 self.assertRaises(AuthorizeException, self.tree.save_with_user, self.observer_user) self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) def test_writeperm_allows_write(self): self.plot.length = 10 self.plot.save_with_user(self.direct_user) self.assertEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.tree.diameter = 10 self.tree.save_with_user(self.direct_user) self.assertEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) def test_masking_authorized(self): "When masking with a superuser, nothing should happen" self.plot.width = 5 self.plot.save_with_user(self.commander_user) plot = Plot.objects.get(pk=self.plot.pk) plot.mask_unauthorized_fields(self.commander_user) self.assertEqual(self.plot.width, plot.width) def test_masking_unauthorized(self): "Masking changes an unauthorized field to None" self.plot.width = 5 self.plot.save_base() plot = Plot.objects.get(pk=self.plot.pk) plot.mask_unauthorized_fields(self.observer_user) self.assertEqual(plot.width, None) # geom is always readable self.assertEqual(plot.geom, self.plot.geom) plot = Plot.objects.get(pk=self.plot.pk) plot.mask_unauthorized_fields(self.outlaw_user) self.assertEqual(plot.width, None) # geom is always readable self.assertEqual(plot.geom, self.plot.geom) def test_write_fails_if_any_fields_cant_be_written(self): """ If a user tries to modify several fields simultaneously, only some of which s/he has access to, the write will fail for all fields.""" self.plot.length = 10 self.plot.width = 110 self.assertRaises(AuthorizeException, self.plot.save_with_user, self.direct_user) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).width, 110) self.tree.diameter = 10 self.tree.canopy_height = 110 self.assertRaises(AuthorizeException, self.tree.save_with_user, self.direct_user) self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).canopy_height, 110)
class UserRoleFieldPermissionTest(OTMTestCase): def setUp(self): self.p1 = Point(-8515941.0, 4953519.0) self.instance = make_instance(point=self.p1) self.commander = make_commander_user(self.instance) self.officer = make_officer_user(self.instance) self.observer = make_observer_user(self.instance) self.outlaw = make_user_with_default_role(self.instance, 'outlaw') self.plot = Plot(geom=self.p1, instance=self.instance) self.plot.save_with_user(self.officer) self.tree = Tree(plot=self.plot, instance=self.instance) self.tree.save_with_user(self.officer) def test_no_permission_cant_edit_object(self): self.plot.length = 10 self.assertRaises(AuthorizeException, self.plot.save_with_user, self.outlaw) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.tree.diameter = 10 self.assertRaises(AuthorizeException, self.tree.save_with_user, self.outlaw) self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) def test_readonly_cant_edit_object(self): self.plot.length = 10 self.assertRaises(AuthorizeException, self.plot.save_with_user, self.observer) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.tree.diameter = 10 self.assertRaises(AuthorizeException, self.tree.save_with_user, self.observer) self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) def test_writeperm_allows_write(self): self.plot.length = 10 self.plot.save_with_user(self.officer) self.assertEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.tree.diameter = 10 self.tree.save_with_user(self.officer) self.assertEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) def test_save_new_object_authorized(self): '''Save two new objects with authorized user, nothing should happen''' plot = Plot(geom=self.p1, instance=self.instance) plot.save_with_user(self.officer) tree = Tree(plot=plot, instance=self.instance) tree.save_with_user(self.officer) def test_save_new_object_unauthorized(self): plot = Plot(geom=self.p1, instance=self.instance) self.assertRaises(AuthorizeException, plot.save_with_user, self.outlaw) plot.save_base() tree = Tree(plot=plot, instance=self.instance) self.assertRaises(AuthorizeException, tree.save_with_user, self.outlaw) def test_make_administrator_can_delete(self): with self.assertRaises(AuthorizeException): self.tree.delete_with_user(self.outlaw) iuser = self.outlaw.get_instance_user(self.instance) role = Role.objects.create(instance=self.instance, name=Role.ADMINISTRATOR, rep_thresh=0) iuser.role = role iuser.save_with_user(self.commander) self.tree.delete_with_user(self.outlaw) self.assertEqual(Tree.objects.count(), 0) def test_delete_object(self): with self.assertRaises(AuthorizeException): self.tree.delete_with_user(self.outlaw) with self.assertRaises(AuthorizeException): self.plot.delete_with_user(self.outlaw, cascade=True) with self.assertRaises(AuthorizeException): self.tree.delete_with_user(self.officer) with self.assertRaises(AuthorizeException): self.plot.delete_with_user(self.officer, cascade=True) self.tree.delete_with_user(self.commander) self.plot.delete_with_user(self.commander, cascade=True) def test_masking_authorized(self): "When masking with a superuser, nothing should happen" self.plot.width = 5 self.plot.save_with_user(self.commander) plot = Plot.objects.get(pk=self.plot.pk) plot.mask_unauthorized_fields(self.commander) self.assertEqual(self.plot.width, plot.width) def test_masking_unauthorized(self): "Masking changes an unauthorized field to None" self.plot.width = 5 self.plot.save_base() plot = Plot.objects.get(pk=self.plot.pk) plot.mask_unauthorized_fields(self.observer) self.assertEqual(None, plot.width) plot = Plot.objects.get(pk=self.plot.pk) plot.mask_unauthorized_fields(self.outlaw) self.assertEqual(None, plot.width) def test_masking_whole_queryset(self): "Masking also works on entire querysets" self.plot.width = 5 self.plot.save_base() plots = Plot.objects.filter(pk=self.plot.pk) plot = Plot.mask_queryset(plots, self.observer)[0] self.assertEqual(None, plot.width) def test_write_fails_if_any_fields_cant_be_written(self): """ If a user tries to modify several fields simultaneously, only some of which s/he has access to, the write will fail for all fields.""" self.plot.length = 10 self.plot.width = 110 self.assertRaises(AuthorizeException, self.plot.save_with_user, self.officer) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).width, 110) self.tree.diameter = 10 self.tree.canopy_height = 110 self.assertRaises(AuthorizeException, self.tree.save_with_user, self.officer) self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).canopy_height, 110)
class ModelUnicodeTests(OTMTestCase): def setUp(self): self.instance = make_instance(name='Test Instance') self.species = Species(instance=self.instance, common_name='Test Common Name', genus='Test Genus', cultivar='Test Cultivar', species='Test Species') self.species.save_base() self.user = make_user(username='******', password='******') self.plot = Plot(geom=Point(1, 1), instance=self.instance, address_street="123 Main Street") self.plot.save_base() self.tree = Tree(plot=self.plot, instance=self.instance) self.tree.save_base() self.boundary = make_simple_boundary("Test Boundary") self.role = Role(instance=self.instance, name='Test Role', rep_thresh=2) self.role.save() self.field_permission = FieldPermission( model_name="Tree", field_name="readonly", permission_level=FieldPermission.READ_ONLY, role=self.role, instance=self.instance) self.field_permission.save_base() self.audit = Audit(action=Audit.Type.Update, model="Tree", field="readonly", model_id=1, user=self.user, previous_value=True, current_value=False) self.audit.save_base() self.reputation_metric = ReputationMetric(instance=self.instance, model_name="Tree", action="Test Action") self.reputation_metric.save_base() def test_instance_model(self): self.assertEqual(unicode(self.instance), "Test Instance") def test_species_model(self): self.assertEqual( unicode(self.species), "Test Common Name [Test Genus Test Species 'Test Cultivar']") def test_user_model(self): self.assertEqual(unicode(self.user), 'commander') def test_plot_model(self): self.assertEqual(unicode(self.plot), 'Plot (1.0, 1.0) 123 Main Street') def test_tree_model(self): self.assertEqual(unicode(self.tree), '') def test_boundary_model(self): self.assertEqual(unicode(self.boundary), 'Test Boundary') def test_role_model(self): self.assertEqual(unicode(self.role), 'Test Role (%s)' % self.role.pk) def test_field_permission_model(self): self.assertEqual( unicode(self.field_permission), 'Tree.readonly - Test Role (%s) - Read Only' % self.role.pk) def test_audit_model(self): self.assertEqual( unicode(self.audit), 'pk=%s - action=Update - Tree.readonly:(1) - True => False' % self.audit.pk) def test_reputation_metric_model(self): self.assertEqual(unicode(self.reputation_metric), 'Test Instance - Tree - Test Action')
class UDFAuditTest(TestCase): def setUp(self): self.instance = make_instance() self.commander_user = make_commander_user(self.instance) set_write_permissions(self.instance, self.commander_user, 'Plot', ['udf:Test choice']) self.p = Point(-8515941.0, 4953519.0) UserDefinedFieldDefinition.objects.create( instance=self.instance, model_type='Plot', datatype=json.dumps({'type': 'choice', 'choices': ['a', 'b', 'c']}), iscollection=False, name='Test choice') UserDefinedFieldDefinition.objects.create( instance=self.instance, model_type='Plot', datatype=json.dumps({'type': 'string'}), iscollection=False, name='Test unauth') UserDefinedFieldDefinition.objects.create( instance=self.instance, model_type='Plot', datatype=json.dumps([{'type': 'choice', 'name': 'a choice', 'choices': ['a', 'b', 'c']}, {'type': 'string', 'name': 'a string'}]), iscollection=True, name='Test collection') self.plot = Plot(geom=self.p, instance=self.instance) self.plot.save_with_user(self.commander_user) psycopg2.extras.register_hstore(connection.cursor(), globally=True) def test_mask_unauthorized_with_udfs(self): officer_user = make_officer_user(self.instance) self.plot.udfs['Test choice'] = 'b' self.plot.save_with_user(self.commander_user) self.plot.udfs['Test unauth'] = 'foo' self.plot.save_base() newplot = Plot.objects.get(pk=self.plot.pk) self.assertEqual(newplot.udfs['Test choice'], 'b') self.assertEqual(newplot.udfs['Test unauth'], 'foo') newplot = Plot.objects.get(pk=self.plot.pk) newplot.mask_unauthorized_fields(self.commander_user) self.assertEqual(newplot.udfs['Test choice'], 'b') self.assertEqual(newplot.udfs['Test unauth'], None) newplot = Plot.objects.get(pk=self.plot.pk) newplot.mask_unauthorized_fields(officer_user) self.assertEqual(newplot.udfs['Test choice'], None) self.assertEqual(newplot.udfs['Test unauth'], None) def test_update_field_creates_audit(self): self.plot.udfs['Test choice'] = 'b' self.plot.save_with_user(self.commander_user) last_audit = list(self.plot.audits())[-1] self.assertEqual(last_audit.model, 'Plot') self.assertEqual(last_audit.model_id, self.plot.pk) self.assertEqual(last_audit.field, 'udf:Test choice') self.assertEqual(last_audit.previous_value, None) self.assertEqual(last_audit.current_value, 'b') self.plot.udfs['Test choice'] = 'c' self.plot.save_with_user(self.commander_user) last_audit = list(self.plot.audits())[-1] self.assertEqual(last_audit.model, 'Plot') self.assertEqual(last_audit.model_id, self.plot.pk) self.assertEqual(last_audit.field, 'udf:Test choice') self.assertEqual(last_audit.previous_value, 'b') self.assertEqual(last_audit.current_value, 'c') def test_cant_edit_unauthorized_collection(self): self.plot.udfs['Test collection'] = [ {'a choice': 'a', 'a string': 's'}] self.assertRaises(AuthorizeException, self.plot.save_with_user, self.commander_user) def test_cant_edit_unauthorized_field(self): self.plot.udfs['Test unauth'] = 'c' self.assertRaises(AuthorizeException, self.plot.save_with_user, self.commander_user) def test_create_and_apply_pending(self): pending = self.plot.audits().filter(requires_auth=True) self.assertEqual(len(pending), 0) role = self.commander_user.get_role(self.instance) fp, _ = FieldPermission.objects.get_or_create( model_name='Plot', field_name='udf:Test unauth', permission_level=FieldPermission.WRITE_WITH_AUDIT, role=role, instance=self.instance) self.plot.udfs['Test unauth'] = 'c' self.plot.save_with_user(self.commander_user) reloaded_plot = Plot.objects.get(pk=self.plot.pk) self.assertEqual( reloaded_plot.udfs['Test unauth'], None) pending = self.plot.audits().filter(requires_auth=True) self.assertEqual(len(pending), 1) fp.permission_level = FieldPermission.WRITE_DIRECTLY fp.save() approve_or_reject_audit_and_apply(pending[0], self.commander_user, True) reloaded_plot = Plot.objects.get(pk=self.plot.pk) self.assertEqual( reloaded_plot.udfs['Test unauth'], 'c') def test_create_invalid_pending_collection(self): pending = self.plot.audits().filter(requires_auth=True) self.assertEqual(len(pending), 0) role = self.commander_user.get_role(self.instance) fp, _ = FieldPermission.objects.get_or_create( model_name='Plot', field_name='udf:Test collection', permission_level=FieldPermission.WRITE_WITH_AUDIT, role=role, instance=self.instance) self.plot.udfs['Test collection'] = [ {'a choice': 'invalid choice', 'a string': 's'}] self.assertRaises(ValidationError, self.plot.save_with_user, self.commander_user) def test_create_and_apply_pending_collection(self): pending = self.plot.audits().filter(requires_auth=True) self.assertEqual(len(pending), 0) role = self.commander_user.get_role(self.instance) fp, _ = FieldPermission.objects.get_or_create( model_name='Plot', field_name='udf:Test collection', permission_level=FieldPermission.WRITE_WITH_AUDIT, role=role, instance=self.instance) self.plot.udfs['Test collection'] = [ {'a choice': 'a', 'a string': 's'}] self.plot.save_with_user(self.commander_user) reloaded_plot = Plot.objects.get(pk=self.plot.pk) self.assertEqual( reloaded_plot.udfs['Test collection'], []) pending = self.plot.audits().filter(requires_auth=True) # Expecting 'model_id', 'id', 'field def id' # and two udf fields ('a string' and 'a choice') self.assertEqual(len(pending), 5) fp.permission_level = FieldPermission.WRITE_DIRECTLY fp.save() approve_or_reject_audits_and_apply(pending, self.commander_user, True) reloaded_plot = Plot.objects.get(pk=self.plot.pk) col = reloaded_plot.udfs['Test collection'] self.assertEqual(len(col), 1) self.assertEqual(col[0]['a choice'], 'a') self.assertEqual(col[0]['a string'], 's')
class UDFAuditTest(OTMTestCase): def setUp(self): self.p = Point(-8515941.0, 4953519.0) self.instance = make_instance(point=self.p) self.commander_user = make_commander_user(self.instance) set_write_permissions(self.instance, self.commander_user, "Plot", ["udf:Test choice"]) UserDefinedFieldDefinition.objects.create( instance=self.instance, model_type="Plot", datatype=json.dumps({"type": "choice", "choices": ["a", "b", "c"]}), iscollection=False, name="Test choice", ) UserDefinedFieldDefinition.objects.create( instance=self.instance, model_type="Plot", datatype=json.dumps({"type": "string"}), iscollection=False, name="Test unauth", ) UserDefinedFieldDefinition.objects.create( instance=self.instance, model_type="Plot", datatype=json.dumps( [ {"type": "choice", "name": "a choice", "choices": ["a", "b", "c"]}, {"type": "string", "name": "a string"}, ] ), iscollection=True, name="Test collection", ) self.plot = Plot(geom=self.p, instance=self.instance) self.plot.save_with_user(self.commander_user) psycopg2.extras.register_hstore(connection.cursor(), globally=True) def test_mask_unauthorized_with_udfs(self): officer_user = make_officer_user(self.instance) self.plot.udfs["Test choice"] = "b" self.plot.save_with_user(self.commander_user) self.plot.udfs["Test unauth"] = "foo" self.plot.save_base() newplot = Plot.objects.get(pk=self.plot.pk) self.assertEqual(newplot.udfs["Test choice"], "b") self.assertEqual(newplot.udfs["Test unauth"], "foo") newplot = Plot.objects.get(pk=self.plot.pk) newplot.mask_unauthorized_fields(self.commander_user) self.assertEqual(newplot.udfs["Test choice"], "b") self.assertEqual(newplot.udfs["Test unauth"], None) newplot = Plot.objects.get(pk=self.plot.pk) newplot.mask_unauthorized_fields(officer_user) self.assertEqual(newplot.udfs["Test choice"], None) self.assertEqual(newplot.udfs["Test unauth"], None) def test_update_field_creates_audit(self): self.plot.udfs["Test choice"] = "b" self.plot.save_with_user(self.commander_user) last_audit = list(self.plot.audits())[-1] self.assertEqual(last_audit.model, "Plot") self.assertEqual(last_audit.model_id, self.plot.pk) self.assertEqual(last_audit.field, "udf:Test choice") self.assertEqual(last_audit.previous_value, None) self.assertEqual(last_audit.current_value, "b") self.plot.udfs["Test choice"] = "c" self.plot.save_with_user(self.commander_user) last_audit = list(self.plot.audits())[-1] self.assertEqual(last_audit.model, "Plot") self.assertEqual(last_audit.model_id, self.plot.pk) self.assertEqual(last_audit.field, "udf:Test choice") self.assertEqual(last_audit.previous_value, "b") self.assertEqual(last_audit.current_value, "c") def test_cant_edit_unauthorized_collection(self): self.plot.udfs["Test collection"] = [{"a choice": "a", "a string": "s"}] self.assertRaises(AuthorizeException, self.plot.save_with_user, self.commander_user) def test_cant_edit_unauthorized_field(self): self.plot.udfs["Test unauth"] = "c" self.assertRaises(AuthorizeException, self.plot.save_with_user, self.commander_user) def test_create_and_apply_pending(self): pending = self.plot.audits().filter(requires_auth=True) self.assertEqual(len(pending), 0) role = self.commander_user.get_role(self.instance) fp, __ = FieldPermission.objects.get_or_create( model_name="Plot", field_name="udf:Test unauth", permission_level=FieldPermission.WRITE_WITH_AUDIT, role=role, instance=self.instance, ) self.plot.udfs["Test unauth"] = "c" self.plot.save_with_user(self.commander_user) reloaded_plot = Plot.objects.get(pk=self.plot.pk) self.assertEqual(reloaded_plot.udfs["Test unauth"], None) pending = self.plot.audits().filter(requires_auth=True) self.assertEqual(len(pending), 1) fp.permission_level = FieldPermission.WRITE_DIRECTLY fp.save() approve_or_reject_audit_and_apply(pending[0], self.commander_user, True) reloaded_plot = Plot.objects.get(pk=self.plot.pk) self.assertEqual(reloaded_plot.udfs["Test unauth"], "c") def test_create_invalid_pending_collection(self): pending = self.plot.audits().filter(requires_auth=True) self.assertEqual(len(pending), 0) role = self.commander_user.get_role(self.instance) fp, __ = FieldPermission.objects.get_or_create( model_name="Plot", field_name="udf:Test collection", permission_level=FieldPermission.WRITE_WITH_AUDIT, role=role, instance=self.instance, ) self.plot.udfs["Test collection"] = [{"a choice": "invalid choice", "a string": "s"}] self.assertRaises(ValidationError, self.plot.save_with_user, self.commander_user) def test_create_and_apply_pending_collection(self): pending = self.plot.audits().filter(requires_auth=True) self.assertEqual(len(pending), 0) role = self.commander_user.get_role(self.instance) fp, __ = FieldPermission.objects.get_or_create( model_name="Plot", field_name="udf:Test collection", permission_level=FieldPermission.WRITE_WITH_AUDIT, role=role, instance=self.instance, ) self.plot.udfs["Test collection"] = [{"a choice": "a", "a string": "s"}] self.plot.save_with_user(self.commander_user) reloaded_plot = Plot.objects.get(pk=self.plot.pk) self.assertEqual(reloaded_plot.udfs["Test collection"], []) pending = self.plot.audits().filter(requires_auth=True) # Expecting 'model_id', 'id', 'field def id' # and two udf fields ('a string' and 'a choice') self.assertEqual(len(pending), 5) fp.permission_level = FieldPermission.WRITE_DIRECTLY fp.save() approve_or_reject_audits_and_apply(pending, self.commander_user, True) reloaded_plot = Plot.objects.get(pk=self.plot.pk) col = reloaded_plot.udfs["Test collection"] self.assertEqual(len(col), 1) self.assertEqual(col[0]["a choice"], "a") self.assertEqual(col[0]["a string"], "s")
class UserRoleFieldPermissionTest(OTMTestCase): def setUp(self): self.p1 = Point(-8515941.0, 4953519.0) self.instance = make_instance(point=self.p1) self.commander = make_commander_user(self.instance) self.officer = make_officer_user(self.instance) self.observer = make_observer_user(self.instance) self.outlaw = make_user_with_default_role(self.instance, 'outlaw') self.plot = Plot(geom=self.p1, instance=self.instance) self.plot.save_with_user(self.officer) self.tree = Tree(plot=self.plot, instance=self.instance) self.tree.save_with_user(self.officer) def test_no_permission_cant_edit_object(self): self.plot.length = 10 self.assertRaises(AuthorizeException, self.plot.save_with_user, self.outlaw) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.tree.diameter = 10 self.assertRaises(AuthorizeException, self.tree.save_with_user, self.outlaw) self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) def test_readonly_cant_edit_object(self): self.plot.length = 10 self.assertRaises(AuthorizeException, self.plot.save_with_user, self.observer) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.tree.diameter = 10 self.assertRaises(AuthorizeException, self.tree.save_with_user, self.observer) self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) def test_writeperm_allows_write(self): self.plot.length = 10 self.plot.save_with_user(self.officer) self.assertEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.tree.diameter = 10 self.tree.save_with_user(self.officer) self.assertEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) def test_save_new_object_authorized(self): '''Save two new objects with authorized user, nothing should happen''' plot = Plot(geom=self.p1, instance=self.instance) plot.save_with_user(self.officer) tree = Tree(plot=plot, instance=self.instance) tree.save_with_user(self.officer) def test_save_new_object_unauthorized(self): plot = Plot(geom=self.p1, instance=self.instance) self.assertRaises(AuthorizeException, plot.save_with_user, self.outlaw) plot.save_base() tree = Tree(plot=plot, instance=self.instance) self.assertRaises(AuthorizeException, tree.save_with_user, self.outlaw) def test_make_administrator_can_delete(self): with self.assertRaises(AuthorizeException): self.tree.delete_with_user(self.outlaw) iuser = self.outlaw.get_instance_user(self.instance) role = Role.objects.create(instance=self.instance, name=Role.ADMINISTRATOR, rep_thresh=0) iuser.role = role iuser.save_with_user(self.commander) self.tree.delete_with_user(self.outlaw) self.assertEqual(Tree.objects.count(), 0) def test_delete_object(self): with self.assertRaises(AuthorizeException): self.tree.delete_with_user(self.outlaw) with self.assertRaises(AuthorizeException): self.plot.delete_with_user(self.outlaw, cascade=True) with self.assertRaises(AuthorizeException): self.tree.delete_with_user(self.officer) with self.assertRaises(AuthorizeException): self.plot.delete_with_user(self.officer, cascade=True) self.tree.delete_with_user(self.commander) self.plot.delete_with_user(self.commander, cascade=True) def test_masking_authorized(self): "When masking with a superuser, nothing should happen" self.plot.width = 5 self.plot.save_with_user(self.commander) plot = Plot.objects.get(pk=self.plot.pk) plot.mask_unauthorized_fields(self.commander) self.assertEqual(self.plot.width, plot.width) def test_masking_unauthorized(self): "Masking changes an unauthorized field to None" self.plot.width = 5 self.plot.save_base() plot = Plot.objects.get(pk=self.plot.pk) plot.mask_unauthorized_fields(self.observer) self.assertEqual(None, plot.width) plot = Plot.objects.get(pk=self.plot.pk) plot.mask_unauthorized_fields(self.outlaw) self.assertEqual(None, plot.width) def test_masking_whole_queryset(self): "Masking also works on entire querysets" self.plot.width = 5 self.plot.save_base() plots = Plot.objects.filter(pk=self.plot.pk) plot = Plot.mask_queryset(plots, self.observer)[0] self.assertEqual(None, plot.width) def test_write_fails_if_any_fields_cant_be_written(self): """ If a user tries to modify several fields simultaneously, only some of which s/he has access to, the write will fail for all fields.""" self.plot.length = 10 self.plot.width = 110 self.assertRaises(AuthorizeException, self.plot.save_with_user, self.officer) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10) self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).width, 110) self.tree.diameter = 10 self.tree.canopy_height = 110 self.assertRaises(AuthorizeException, self.tree.save_with_user, self.officer) self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10) self.assertNotEqual( Tree.objects.get(pk=self.tree.pk).canopy_height, 110)