def setUp(self):
super().setUp()
self.project = ProjectFactory.create()
self.super_user = UserFactory.create()
OrganizationRole.objects.create(user=self.super_user,
organization=self.project.organization,
admin=False)
su_role = Role.objects.get(name='superuser')
self.super_user.assign_policies(su_role)
self.org_admin = UserFactory.create()
OrganizationRole.objects.create(user=self.org_admin,
organization=self.project.organization,
admin=True)
self.project_user_1 = UserFactory.create()
OrganizationRole.objects.create(user=self.project_user_1,
organization=self.project.organization,
admin=False)
ProjectRole.objects.create(user=self.project_user_1,
project=self.project,
role='DC')
self.project_user_2 = UserFactory.create()
OrganizationRole.objects.create(user=self.project_user_2,
organization=self.project.organization,
admin=False)
def setUp(self):
super().setUp()
PolicyFactory.load_policies()
load_test_data(get_test_data())
UserFactory.create(
username='******',
password='******')
def add_test_users(self):
users = []
# the first two named users will have superuser access
named_users = [
{'username': '******', 'email': '*****@*****.**',
'full_name': 'Ian Ross'},
{'username': '******', 'email': '*****@*****.**',
'full_name': 'Oliver Roick'}]
# add user's with names in languages that need to be tested.
languages = ['el_GR', 'ja_JP', 'hi_IN', 'hr_HR', 'lt_LT']
named_users.append({
'full_name': 'עזרא ברש'
})
for lang in languages:
fake = Factory.create(lang)
named_users.append({
'full_name': fake.name()
})
for n in range(20):
if n < len(named_users):
users.append(UserFactory.create(
password='******',
email_verified=True,
last_login=datetime.now(tz=timezone.utc),
is_active=True,
**named_users[n]
))
else:
users.append(UserFactory.create(
password='******',
is_active=(n < 8),
full_name=fake.name(),
))
print('\nSuccessfully added test users.')
return users
def setup_models(self):
self.u1 = UserFactory.create()
self.u2 = UserFactory.create()
self.u3 = UserFactory.create()
self.org1 = OrganizationFactory.create(name='A', add_users=[self.u1])
self.org2 = OrganizationFactory.create(
name='B', add_users=[self.u1, self.u2]
)
self.user = UserFactory.create()
def test_PUT_user_with_unauthorized_user(self):
user = UserFactory.create()
self.test_user = UserFactory.create()
self.project = ProjectFactory.create(add_users=[self.test_user])
response = self.request(method='PUT', user=user)
assert response.status_code == 403
assert response.content['detail'] == PermissionDenied.default_detail
role = ProjectRole.objects.get(project=self.project,
user=self.test_user)
assert role.role == 'PU'
def test_post_with_unauthorized_user(self):
user = UserFactory.create()
user_to_add = UserFactory.create(username='******')
response = self.request(method='POST', user=user)
assert response.status_code == 302
assert ("You don't have permission to add members to this organization"
in response.messages)
assert OrganizationRole.objects.filter(
organization=self.org, user=user_to_add).exists() is False
def test_update_profile_duplicate_email(self):
user1 = UserFactory.create(username='******',
full_name='John Lennon')
user2 = UserFactory.create(username='******')
post_data = {
'username': '******',
'email': user1.email,
'full_name': 'Bill Bloggs',
}
response = self.request(method='POST', user=user2, post_data=post_data)
assert 'Failed to update profile information' in response.messages
def setUp(self):
super().setUp()
self.user = UserFactory.create()
self.org_member = UserFactory.create()
self.org = OrganizationFactory.create()
self.org_role_user = OrganizationRole.objects.create(organization=self.org, user=self.user)
self.org_role_member = OrganizationRole.objects.create(organization=self.org, user=self.org_member)
self.prj_1 = ProjectFactory.create(organization=self.org)
self.prj_2 = ProjectFactory.create(organization=self.org)
self.prj_3 = ProjectFactory.create(organization=self.org)
self.prj_4 = ProjectFactory.create(organization=self.org)
self.prjs = [self.prj_1, self.prj_2, self.prj_3, self.prj_4]
def setup_models(self):
clauses = {
'clause': [
clause('allow', ['user.*']),
clause('allow', ['user.*'], ['user/*'])
]
}
policy = Policy.objects.create(
name='default',
body=json.dumps(clauses))
self.user = UserFactory.create()
assign_user_policies(self.user, policy)
self.test_user = UserFactory.create(username='******')
def test_post_with_authorized_user(self):
user = UserFactory.create()
user_to_add = UserFactory.create(username='******')
assign_policies(user)
response = self.request(method='POST', user=user)
assert response.status_code == 302
assert ('/organizations/{}/members/{}'.format(
self.org.slug, user_to_add.username) in response.location
)
assert OrganizationRole.objects.filter(
organization=self.org, user=user_to_add).exists() is True
def test_set_roles_for_duplicate_username(self):
org = OrganizationFactory.create()
user1 = UserFactory.create(email='*****@*****.**')
UserFactory.create(email='*****@*****.**')
data = {'username': user1.email, 'admin': 'true'}
serializer = serializers.OrganizationUserSerializer(
data=data, context={'organization': org}
)
with pytest.raises(ValidationError):
serializer.is_valid(raise_exception=True)
assert (_('More than one user found for username or email '
'{email}').format(email='*****@*****.**')
in serializer.errors['username'])
def setup_models(self):
clauses = {
'clause': [
clause('allow', ['org.*']),
clause('allow', ['org.*', 'org.*.*'], ['organization/*'])
]
}
policy = Policy.objects.create(
name='test-policy',
body=json.dumps(clauses))
self.user = UserFactory.create()
assign_user_policies(self.user, policy)
self.org_user = UserFactory.create()
self.org = OrganizationFactory.create(add_users=[self.org_user])
def setUp(self):
super().setUp()
PolicyFactory.load_policies()
test_objs = load_test_data(get_test_data())
OrganizationRole.objects.create(
organization=test_objs['organizations'][0],
user=UserFactory.create(
username='******',
password='******'),
admin=True)
UserFactory.create(
username='******',
email='*****@*****.**',
full_name="Han Solo",
password='******')
def test_post_with_unauthorized_user(self):
user = UserFactory.create()
response = self.request(method='POST', user=user)
assert response.status_code == 302
assert ("You don't have permission to "
"add resources to this location." in response.messages)
assert self.location.resources.count() == 0
def setup_models(self):
clauses = {
'clause': [
{
'effect': 'allow',
'object': ['project/*/*',
'spatial/*/*/*',
'spatial_rel/*/*/*',
'party/*/*/*',
'party_rel/*/*/*',
'tenure_rel/*/*/*'],
'action': ['project.*',
'project.*.*',
'spatial.*',
'spatial_rel.*',
'party.*',
'party_rel.*',
'tenure_rel.*']
}
]
}
policy = Policy.objects.create(
name='basic-test',
body=json.dumps(clauses))
self.user = UserFactory.create()
self.user.assign_policies(policy)
self.prj = ProjectFactory.create(slug='test-project', access='public')
self.SR = spatial_factories.SpatialRelationshipFactory
self.PR = party_factories.PartyRelationshipFactory
self.TR = party_factories.TenureRelationshipFactory
def _test_serialize(self, https=False):
form = self._get_form('xls-form')
self.url = '/collect/'
user = UserFactory.create()
request = APIRequestFactory().get(self.url)
force_authenticate(request, user=user)
if https:
request.META['SERVER_PROTOCOL'] = 'HTTPS/1.1'
project = ProjectFactory.create()
questionnaire = QuestionnaireSerializer(
data={'xls_form': form},
context={'project': project}
)
assert questionnaire.is_valid(raise_exception=True) is True
questionnaire.save()
form = Questionnaire.objects.get(filename__contains='xls-form')
serializer = serializers.XFormListSerializer(
form, context={'request': request})
url_refix = 'https' if https else 'http'
assert serializer.data['formID'] == questionnaire.data['id_string']
assert serializer.data['name'] == questionnaire.data['title']
assert serializer.data['version'] == questionnaire.data['version']
assert (serializer.data['downloadUrl'] ==
url_refix + '://testserver' +
reverse('form-download', args=[form.id]))
assert serializer.data['hash'] == questionnaire.data['md5_hash']
def test_delete_user(self):
self.test_user = UserFactory.create()
self.project = ProjectFactory.create(add_users=[self.test_user])
response = self.request(method='DELETE', user=self.user)
assert response.status_code == 204
assert self.project.users.count() == 0
assert User.objects.filter(username=self.test_user.username).exists()
def test_create_private_record_based_on_org_membership(self):
user = UserFactory.create()
OrganizationRole.objects.create(organization=self.org, user=user)
response = self.request(user=user, method='POST')
assert response.status_code == 403
assert PartyRelationship.objects.count() == 0
assert response.content['detail'] == PermissionDenied.default_detail
def test_update_with_archived_project(self):
self.project.archived = True
self.project.save()
response = self.request(method='PATCH', user=UserFactory.create())
assert response.status_code == 403
self.resource.refresh_from_db()
assert self.resource.name != self.post_data['name']
def test_user_fields_are_set(self):
user = UserFactory.create(last_login=datetime.now())
serializer = serializers.UserAdminSerializer(user)
assert 'username' in serializer.data
assert 'last_login' in serializer.data
assert 'is_active' in serializer.data
def test_post_with_unauthorized_user(self):
user = UserFactory.create()
response = self.request(method='POST', user=user)
assert SpatialUnit.objects.count() == 0
assert response.status_code == 302
assert ("You don't have permission to add "
"locations to this project." in response.messages)
def test_organizations_are_serialized(self):
user = UserFactory.create()
OrganizationFactory.create(add_users=[user])
OrganizationFactory.create(add_users=[user])
serializer = serializers.UserAdminSerializer(user)
assert 'organizations' in serializer.data
def test_PUT_with_unauthorized_user(self):
user = UserFactory.create()
data = {'name': 'Org Name'}
response = self.request(method='PUT', post_data=data, user=user)
assert response.status_code == 403
self.org.refresh_from_db()
assert self.org.name == 'Org'
def test_get_users(self):
other_user = UserFactory.create()
response = self.request(user=self.user)
assert response.status_code == 200
assert len(response.content) == 2
assert (other_user.username not in
[u['username'] for u in response.content])
def setup_models(self):
self.user = UserFactory.create()
self.org = OrganizationFactory.create()
self.prj = ProjectFactory.create(organization=self.org)
OrganizationRole.objects.create(
organization=self.org, user=self.user, admin=True)
def setup_models(self):
self.project = ProjectFactory.create()
self.resources = ResourceFactory.create_batch(
2, content_object=self.project, project=self.project)
self.denied = ResourceFactory.create(content_object=self.project,
project=self.project)
ResourceFactory.create()
self.user = UserFactory.create()
assign_policies(self.user, add_clauses=[
{
'effect': 'deny',
'object': ['resource/*/*/' + self.denied.id],
'action': ['resource.*'],
},
{
'effect': 'deny',
'object': ['resource/*/*/*'],
'action': ['resource.unarchive'],
},
])
self.storage = self.get_storage()
self.file = self.get_file(
'/resources/tests/files/image.jpg', 'rb')
self.file_name = self.storage.save('resources/image.jpg', self.file)
def test_get_with_authorized_user_with_same_referrer_with_session(self):
user = UserFactory.create()
assign_policies(user)
# Manually construct our request to enable session reuse
request = HttpRequest()
self._request = request
setattr(request, 'method', 'GET')
setattr(request, 'user', user)
request.META['SERVER_NAME'] = 'testserver'
request.META['SERVER_PORT'] = '80'
setattr(request, 'session', SessionStore())
url_params = self._get_url_kwargs()
view = self.setup_view()
expected_content = self.render_content(cancel_url='/info/')
# First request that should set the session
request.META['HTTP_REFERER'] = '/info/'
response = view(request, **url_params)
content = response.render().content.decode('utf-8')
assert response.status_code == 200
assert remove_csrf(content) == expected_content
assert request.session['cancel_add_location_url'] == '/info/'
# Second request to check that the session is being used
request.META['HTTP_REFERER'] = reverse(
'locations:add', kwargs=self.setup_url_kwargs())
response = view(request, **url_params)
content = response.render().content.decode('utf-8')
assert response.status_code == 200
assert remove_csrf(content) == expected_content
assert request.session['cancel_add_location_url'] == '/info/'
def test_post_with_authorized_user(self):
user = UserFactory.create()
assign_policies(user)
response = self.request(method='POST', user=user)
assert response.status_code == 302
assert response.location == self.expected_success_url + '#resources'
assert self.location.resources.count() == 1
def test_add_user_to_organization_that_does_not_exist(self):
new_user = UserFactory.create()
response = self.request(method='POST', user=self.user,
url_kwargs={'organization': 'some-org'},
post_data={'username': new_user.username})
assert response.status_code == 404
assert response.content['detail'] == "Organization not found."
def test_add_user_with_unauthorized_user(self):
new_user = UserFactory.create()
response = self.request(method='POST',
post_data={'username': new_user.username})
assert response.status_code == 403
assert self.org.users.count() == 2
assert response.content['detail'] == PermissionDenied.default_detail
def test_get_user(self):
self.test_user = UserFactory.create()
self.project = ProjectFactory.create(add_users=[self.test_user])
response = self.request(user=self.user)
assert response.status_code == 200
assert response.content['username'] == self.test_user.username
def setUp(self):
self.user = UserFactory.create()
self.client.login(username='******', password='******')
self.url = reverse('contact_list')
activate('en')
def test_get_from_non_existend_project(self):
user = UserFactory.create()
assign_policies(user)
with pytest.raises(Http404):
self.request(user=user, url_kwargs={'project': 'abc123'})
def setUp(self):
super().setUp()
self.oa_policy = Policy.objects.get(name='org-admin')
self.user = UserFactory.create()
self.org = OrganizationFactory.create(add_users=[self.user])
self.no_user_org = OrganizationFactory.create()
def setup_models(self):
self.user = UserFactory.create()
assign_policies(self.user)
self.project = ProjectFactory.create(slug='test-project')
QuestionnaireFactory.create(project=self.project)
content_type = ContentType.objects.get(app_label='party',
model='party')
create_attrs_schema(
project=self.project,
dict=attr_schemas.individual_party_xform_group,
content_type=content_type,
)
create_attrs_schema(
project=self.project,
dict=attr_schemas.default_party_xform_group,
content_type=content_type,
)
content_type = ContentType.objects.get(app_label='party',
model='tenurerelationship')
create_attrs_schema(
project=self.project,
dict=attr_schemas.tenure_relationship_xform_group,
content_type=content_type,
)
self.su = SpatialUnitFactory.create(project=self.project, type='CB')
self.party = PartyFactory.create(project=self.project,
type='IN',
attributes={
'gender': 'm',
'homeowner': 'yes',
'dob': '1951-05-05'
})
self.tenure_rel = TenureRelationshipFactory.create(
spatial_unit=self.su,
party=self.party,
project=self.project,
attributes={'notes': 'PBS is the best.'})
self.resource = ResourceFactory.create(project=self.project)
self.results = get_fake_es_api_results(self.project, self.su,
self.party, self.tenure_rel,
self.resource)
self.proj_result = self.results['hits']['hits'][0]
self.su_result = self.results['hits']['hits'][1]
self.party_result = self.results['hits']['hits'][2]
self.tenure_rel_result = self.results['hits']['hits'][3]
self.resource_result = self.results['hits']['hits'][4]
self.query = 'searching'
self.query_body = {
'query': parse_query(self.query),
'from': 10,
'size': 20,
'sort': {
'_score': {
'order': 'desc'
}
},
}
url = '{}/project-{}/spatial,party,resource/_search/'
self.es_endpoint = url.format(api_url, self.project.id)
self.es_body = json.dumps(self.query_body, sort_keys=True)
def test_add_resource_with_unauthorized_user(self):
response = self.request(method='POST', user=UserFactory.create())
assert response.status_code == 403
assert self.su.resources.count() == 2
def setup_models(self):
self.user = UserFactory.create()
assign_policies(self.user)
self.prj = ProjectFactory.create(slug='test-project', access='public')
def test_update_resource_with_unauthorized_user(self):
response = self.request(method='PATCH', user=UserFactory.create())
assert response.status_code == 403
self.resource.refresh_from_db()
assert self.resource.name != self.post_data['name']
def setup_models(self):
self.member = UserFactory.create()
self.org = OrganizationFactory.create(add_users=[self.member])
def test_add_user_when_role_exists(self):
new_user = UserFactory.create()
OrganizationRole.objects.create(user=new_user, organization=self.org)
response = self.request(user=self.user, method='POST',
post_data={'username': new_user.username})
assert response.status_code == 400
def test_get_profile(self):
self.user = UserFactory.create()
response = self.request(user=self.user)
assert response.status_code == 200
assert response.content == self.expected_content
def test_get_user_with_unauthorized_user(self):
self.test_user = UserFactory.create()
self.project = ProjectFactory.create(add_users=[self.test_user])
response = self.request()
assert response.status_code == 403
def test_delete_resource_with_unauthorized_user(self):
response = self.request(method='DELETE', user=UserFactory.create())
assert response.status_code == 403
assert self.resource in self.su.resources
assert Resource.objects.filter(id=self.resource.id,
project=self.prj).exists()
def test_delete_user_with_unauthorized_user(self):
self.test_user = UserFactory.create()
self.project = ProjectFactory.create(add_users=[self.test_user])
response = self.request(method='DELETE')
assert response.status_code == 403
assert self.project.users.count() == 1
def setup_models(self):
self.user = UserFactory.create()
assign_policies(self.user)
self.prj = ProjectFactory.create(slug='test-project', access='public')
self.su = SpatialUnitFactory(project=self.prj, type='PA')
def setup_models(self):
self.org = OrganizationFactory.create(slug='habitat')
self.user = UserFactory.create()
assign_policies(self.user)
def test_get_resource_with_unauthorized_user(self):
response = self.request(user=UserFactory.create())
assert response.status_code == 403
assert 'id' not in response.content
def test_get_non_existent_location(self):
user = UserFactory.create()
assign_policies(user)
with pytest.raises(Http404):
self.request(user=user, url_kwargs={'location': 'abc123'})
def test_PUT_with_unauthorized_user(self):
response = self.request(method='PUT', user=UserFactory.create())
assert response.status_code == 403
self.project.refresh_from_db()
assert self.project.name == 'Test Project'
def setup_models(self):
clauses = {'clause': [clause('allow', ['org.create'])]}
self.policy = Policy.objects.create(name='allow',
body=json.dumps(clauses))
self.user = UserFactory.create()
assign_user_policies(self.user, self.policy)
def test_get_with_unauthorized_user(self):
user = UserFactory.create()
response = self.request(user=user)
assert response.status_code == 302
assert ("You don't have permission to "
"add resources to this location." in response.messages)
def test_redirects_when_user_is_signed_in(self):
user = UserFactory.create()
response = self.request(user=user)
assert response.status_code == 302
assert '/dashboard/' in response.location
def test_get_with_unauthorized_user(self):
user = UserFactory.create()
response = self.request(user=user)
assert response.status_code == 302
assert ("You don't have permission to add tenure relationships to "
"this project." in response.messages)
def test_page_is_rendered_when_user_is_signed_in(self):
user = UserFactory.create()
response = self.request(user=user)
assert response.status_code == 200
def test_get_with_unauthorized_user(self):
user = UserFactory.create()
response = self.request(user=user)
assert response.status_code == 200
assert response.content == self.expected_content
def setup_models(self):
self.user = UserFactory.create(username='******',
email='*****@*****.**',
password='******')
def setup_models(self):
self.user = UserFactory.create()
assign_policies(self.user)
def setup_models(self):
self.user = UserFactory.create(email='*****@*****.**')
def test_valid_visibility_patching(self):
# Create users with default list and view permissions for
# organizations and projects.
clauses = {
'clause': [
clause('allow', ['org.list']),
clause('allow', ['org.view', 'project.list'],
['organization/*']),
clause('allow', ['project.view'], ['project/*/*'])
]
}
policy = Policy.objects.create(name='test-policy',
body=json.dumps(clauses))
org_user = UserFactory.create()
assign_user_policies(org_user, policy)
non_org_user = UserFactory.create()
assign_user_policies(non_org_user, policy)
# Create organization, adding just one user.
org = OrganizationFactory.create(add_users=[org_user])
# Create public project in organization.
prj = ProjectFactory.create(organization=org, access='public')
# User in org SHOULD be able to see project.
response = self.request(user=org_user,
url_kwargs={
'organization': org.slug,
'project': prj.slug
})
assert response.status_code == 200
# User NOT in org SHOULD be able to see project.
response = self.request(user=non_org_user,
url_kwargs={
'organization': org.slug,
'project': prj.slug
})
assert response.status_code == 200
# Patch visibility to private.
response = self.request(user=self.user,
url_kwargs={
'organization': org.slug,
'project': prj.slug
},
post_data={'access': 'private'},
method='PATCH')
assert response.status_code == 200
# User in org SHOULD be able to see project.
response = self.request(user=org_user,
url_kwargs={
'organization': org.slug,
'project': prj.slug
})
assert response.status_code == 200
# User not in org SHOULD NOT be able to see project.
response = self.request(user=non_org_user,
url_kwargs={
'organization': org.slug,
'project': prj.slug
})
assert response.status_code == 403
# Patch visibility to public.
response = self.request(user=self.user,
url_kwargs={
'organization': org.slug,
'project': prj.slug
},
post_data={'access': 'public'},
method='PATCH')
# User in org SHOULD be able to see project.
response = self.request(user=org_user,
url_kwargs={
'organization': org.slug,
'project': prj.slug
})
assert response.status_code == 200
# User NOT in org SHOULD be able to see project.
response = self.request(user=non_org_user,
url_kwargs={
'organization': org.slug,
'project': prj.slug
})
assert response.status_code == 200
def test_get_with_unauthorized_user(self):
user = UserFactory.create()
response = self.request(user=user)
assert response.status_code == 302
assert ("You don't have permission to add members to this organization"
in response.messages)
