def setup_class(self): model.Session.remove() model.repo.init_db() CreateTestData.create() model.repo.new_revision() treasury = model.AuthorizationGroup(name=u'treasury') health = model.AuthorizationGroup(name=u'health') model.Session.add(treasury) model.Session.add(health) model.add_user_to_authorization_group( model.User.by_name(u"russianfan"), treasury, model.Role.ADMIN) model.repo.commit_and_remove()
def setup_class(self): # for the authorization editing tests we set up test data so: # three users, madeup-sysadmin , madeup-administrator, and madeup-another # one authzgroup # two packages test6 and test6a, m-a is admin on both model.repo.init_db() model.repo.new_revision() self.sysadmin = 'madeup-sysadmin' sysadmin_user = model.User(name=unicode(self.sysadmin)) self.admin = 'madeup-administrator' admin_user = model.User(name=unicode(self.admin)) self.another = u'madeup-another' another_user = model.User(name=unicode(self.another)) self.authzgroup = u'madeup-authzgroup' authzgroup = model.AuthorizationGroup(name=unicode(self.authzgroup)) for obj in sysadmin_user, admin_user, another_user, authzgroup: model.Session.add(obj) model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System()) model.repo.new_revision() self.pkgname = u'test6' self.pkgname2 = u'test6a' pkg = model.Package(name=self.pkgname) pkg2 = model.Package(name=self.pkgname2) model.Session.add(pkg) model.Session.add(pkg2) admin_user = model.User.by_name(unicode(self.admin)) assert admin_user model.setup_default_user_roles(pkg, admins=[admin_user]) model.setup_default_user_roles(pkg2, admins=[admin_user]) model.repo.commit_and_remove()
def setup_class(self): CreateTestData.create() model.repo.new_revision() model.Session.add(model.Package(name=u'testpkgag')) model.Session.add(model.Group(name=u'testgroupag')) model.Session.add(model.User(name=u'ag_member')) model.Session.add(model.User(name=u'ag_admin')) model.Session.add(model.User(name=u'ag_notmember')) model.Session.add(model.AuthorizationGroup(name=u'authz_group')) model.repo.commit_and_remove() pkg = model.Package.by_name(u'testpkgag') grp = model.Group.by_name(u'testgroupag') authzgrp = model.AuthorizationGroup.by_name(u'authz_group') member = model.User.by_name(u'ag_member') admin = model.User.by_name(u'ag_admin') model.setup_default_user_roles(authzgrp, [admin]) model.add_authorization_group_to_role(authzgrp, model.Role.ADMIN, pkg) model.add_authorization_group_to_role(authzgrp, model.Role.ADMIN, grp) model.add_user_to_authorization_group(member, authzgrp, model.Role.EDITOR) model.repo.commit_and_remove() self.authorizer = ckan.authz.Authorizer() self.pkg = model.Package.by_name(u'testpkgag') self.grp = model.Group.by_name(u'testgroupag') self.member = model.User.by_name(u'ag_member') self.admin = model.User.by_name(u'ag_admin') self.notmember = model.User.by_name(u'ag_notmember') self.authzgrp = model.AuthorizationGroup.by_name(u'authz_group')
def setup_class(self): model.repo.init_db() self.authorizer = authz.Authorizer() self.admin_role = model.Role.ADMIN self.editor_role = model.Role.EDITOR self.reader_role = model.Role.READER model.repo.new_revision() anna = model.Package(name=u'annakarenina') war = model.Package(name=u'warandpeace') mradmin = model.User(name=u'mradmin') mreditor = model.User(name=u'mreditor') mrreader = model.User(name=u'mrreader') tester = model.User(name=u'tester') anauthzgroup = model.AuthorizationGroup(name=u'anauthzgroup') for obj in [ anna, war, mradmin, mreditor, mrreader, tester, anauthzgroup ]: model.Session.add(obj) model.repo.commit_and_remove() anna = model.Package.by_name(u'annakarenina') tester = model.User.by_name(u'tester') model.add_user_to_role(tester, self.admin_role, anna) self.context = unicode(model.Package.__name__) ra1 = model.RoleAction( role=self.admin_role, context=self.context, action=model.Action.EDIT, ) ra2 = model.RoleAction( role=self.editor_role, context=self.context, action=model.Action.EDIT, ) ra3 = model.RoleAction( role=self.reader_role, context=self.context, action=model.Action.READ, ) for obj in [ra1, ra2, ra3]: model.Session.add(obj) model.repo.commit_and_remove() mradmin = model.User.by_name(u'mradmin') mreditor = model.User.by_name(u'mreditor') mrreader = model.User.by_name(u'mrreader') model.add_user_to_role(mradmin, self.admin_role, anna) model.add_user_to_role(mreditor, self.editor_role, anna) model.add_user_to_role(mrreader, self.reader_role, anna) model.repo.commit_and_remove() self.mradmin = model.User.by_name(u'mradmin') self.mreditor = model.User.by_name(u'mreditor') self.mrreader = model.User.by_name(u'mrreader') self.war = model.Package.by_name(u'warandpeace') self.anna = model.Package.by_name(u'annakarenina')
def setup(cls): CreateTestData.create() for ag_name in [u'anauthzgroup', u'anotherauthzgroup']: ag = model.AuthorizationGroup.by_name(ag_name) if not ag: #may already exist, if not create ag = model.AuthorizationGroup(name=ag_name) model.Session.add(ag) model.Session.commit()
def setup_class(self): # for the authorization editing tests we set up test data so: # three users, sysadmin , administrator, and another # one authzgroup, one group, one package # and administrator is admin on all three # one extra authzgroup, authzgroup2, with no permissions to start with model.repo.init_db() model.repo.new_revision() self.sysadmin = 'sysadmin' sysadmin_user = model.User(name=unicode(self.sysadmin)) self.admin = 'administrator' admin_user = model.User(name=unicode(self.admin)) self.another = 'another' another_user = model.User(name=unicode(self.another)) self.authzgroup = 'authzgroup' authzgroup = model.AuthorizationGroup(name=unicode(self.authzgroup)) self.group = 'group' group = model.Group(name=unicode(self.group)) self.authzgroup2 = 'authzgroup2' authzgroup2 = model.AuthorizationGroup(name=unicode(self.authzgroup2)) for obj in sysadmin_user, admin_user, another_user, authzgroup, group, authzgroup2: model.Session.add(obj) model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() model.repo.new_revision() self.pkg = u'dataset' pkg = model.Package(name=self.pkg) model.Session.add(pkg) admin_user = model.User.by_name(unicode(self.admin)) assert admin_user # setup all three authorization objects to have logged in and visitor as editors, and the admin as admin model.setup_user_roles(pkg, ['editor'], ['editor'], [admin_user]) model.setup_user_roles(authzgroup, ['editor'], ['editor'], [admin_user]) model.setup_user_roles(group, ['editor'], ['editor'], [admin_user]) model.repo.commit_and_remove()
def setup_class(cls): # setup test data including testsysadmin user CreateTestData.create() # Creating a couple of authorization groups, which are enough to break # some things just by their existence for ag_name in [u'anauthzgroup', u'anotherauthzgroup']: ag=model.AuthorizationGroup.by_name(ag_name) if not ag: #may already exist, if not create ag=model.AuthorizationGroup(name=ag_name) model.Session.add(ag) model.Session.commit() #they are especially dangerous if they have a role on the System ag = model.AuthorizationGroup.by_name(u'anauthzgroup') model.add_authorization_group_to_role(ag, u'editor', model.System()) model.Session.commit()
def create(cls, auth_profile="", package_type=None): import ckan.model as model model.Session.remove() rev = model.repo.new_revision() # same name as user we create below rev.author = cls.author rev.message = u'''Creating test data. * Package: annakarenina * Package: warandpeace * Associated tags, etc etc ''' if auth_profile == "publisher": publisher_group = model.Group(name=u"publisher_group", type="publisher") cls.pkg_names = [u'annakarenina', u'warandpeace'] pkg1 = model.Package(name=cls.pkg_names[0], type=package_type) if auth_profile == "publisher": pkg1.group = publisher_group model.Session.add(pkg1) pkg1.title = u'A Novel By Tolstoy' pkg1.version = u'0.7a' pkg1.url = u'http://www.annakarenina.com' # put an & in the url string to test escaping if 'alt_url' in model.Resource.get_extra_columns(): configured_extras = ({'alt_url': u'alt123'}, {'alt_url': u'alt345'}) else: configured_extras = ({}, {}) pr1 = model.Resource( url=u'http://www.annakarenina.com/download/x=1&y=2', format=u'plain text', description=u'Full text. Needs escaping: " Umlaut: \xfc', hash=u'abc123', extras={'size_extra': u'123'}, **configured_extras[0] ) pr2 = model.Resource( url=u'http://www.annakarenina.com/index.json', format=u'json', description=u'Index of the novel', hash=u'def456', extras={'size_extra': u'345'}, **configured_extras[1] ) model.Session.add(pr1) model.Session.add(pr2) pkg1.resources.append(pr1) pkg1.resources.append(pr2) pkg1.notes = u'''Some test notes ### A 3rd level heading **Some bolded text.** *Some italicized text.* Foreign characters: u with umlaut \xfc 66-style quote \u201c foreign word: th\xfcmb Needs escaping: left arrow < <http://ckan.net/> ''' pkg2 = model.Package(name=cls.pkg_names[1], type=package_type) tag1 = model.Tag(name=u'russian') tag2 = model.Tag(name=u'tolstoy') if auth_profile == "publisher": pkg2.group = publisher_group # Flexible tag, allows spaces, upper-case, # and all punctuation except commas tag3 = model.Tag(name=u'Flexible \u30a1') for obj in [pkg2, tag1, tag2, tag3]: model.Session.add(obj) pkg1.add_tags([tag1, tag2, tag3]) pkg2.add_tags([ tag1, tag3 ]) cls.tag_names = [ t.name for t in (tag1, tag2, tag3) ] pkg1.license_id = u'other-open' pkg2.license_id = u'cc-nc' # closed license pkg2.title = u'A Wonderful Story' pkg1.extras = {u'genre':'romantic novel', u'original media':'book'} # group david = model.Group(name=u'david', title=u'Dave\'s books', description=u'These are books that David likes.', type=auth_profile or 'group') roger = model.Group(name=u'roger', title=u'Roger\'s books', description=u'Roger likes these books.', type=auth_profile or 'group') for obj in [david, roger]: model.Session.add(obj) cls.group_names.add(u'david') cls.group_names.add(u'roger') model.Session.flush() model.Session.add(model.Member(table_id=pkg1.id, table_name='package', group=david)) model.Session.add(model.Member(table_id=pkg2.id, table_name='package', group=david)) model.Session.add(model.Member(table_id=pkg1.id, table_name='package', group=roger)) # authz model.Session.add_all([ model.User(name=u'tester', apikey=u'tester', password=u'tester'), model.User(name=u'joeadmin', password=u'joeadmin'), model.User(name=u'annafan', about=u'I love reading Annakarenina. My site: <a href="http://anna.com">anna.com</a>', password=u'annafan'), model.User(name=u'russianfan', password=u'russianfan'), model.User(name=u'testsysadmin', password=u'testsysadmin'), ]) cls.user_refs.extend([u'tester', u'joeadmin', u'annafan', u'russianfan', u'testsysadmin']) model.repo.commit_and_remove() visitor = model.User.by_name(model.PSEUDO_USER__VISITOR) anna = model.Package.by_name(u'annakarenina') war = model.Package.by_name(u'warandpeace') annafan = model.User.by_name(u'annafan') russianfan = model.User.by_name(u'russianfan') model.setup_default_user_roles(anna, [annafan]) model.setup_default_user_roles(war, [russianfan]) model.add_user_to_role(visitor, model.Role.ADMIN, war) david = model.Group.by_name(u'david') roger = model.Group.by_name(u'roger') model.setup_default_user_roles(david, [russianfan]) model.setup_default_user_roles(roger, [russianfan]) model.add_user_to_role(visitor, model.Role.ADMIN, roger) testsysadmin = model.User.by_name(u'testsysadmin') model.add_user_to_role(testsysadmin, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() # Create a couple of authorization groups for ag_name in [u'anauthzgroup', u'anotherauthzgroup']: ag=model.AuthorizationGroup.by_name(ag_name) if not ag: #may already exist, if not create ag=model.AuthorizationGroup(name=ag_name) model.Session.add(ag) model.repo.commit_and_remove() # and give them a range of roles on various things ag = model.AuthorizationGroup.by_name(u'anauthzgroup') aag = model.AuthorizationGroup.by_name(u'anotherauthzgroup') pkg = model.Package.by_name(u'warandpeace') g = model.Group.by_name('david') model.add_authorization_group_to_role(ag, u'editor', model.System()) model.add_authorization_group_to_role(ag, u'reader', pkg) model.add_authorization_group_to_role(ag, u'admin', aag) model.add_authorization_group_to_role(aag, u'editor', ag) model.add_authorization_group_to_role(ag, u'editor', g) model.repo.commit_and_remove()
def get_authorization_groups(self, username): return [model.AuthorizationGroup(name=u'authz_plugin_group')]