def setup(self):
# need to do this for every test since we mess with System rights
CreateTestData.create()
model.repo.new_revision()
model.Session.add(model.User(name=u'testadmin'))
model.Session.add(model.User(name=u'testsysadmin'))
model.Session.add(model.User(name=u'notadmin'))
model.repo.commit_and_remove()
pkg = model.Package.by_name(u'annakarenina')
admin = model.User.by_name(u'testadmin')
sysadmin = model.User.by_name(u'testsysadmin')
model.add_user_to_role(admin, model.Role.ADMIN, pkg)
model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
self.pkg = model.Package.by_name(u'annakarenina')
self.admin = model.User.by_name(u'testadmin')
self.sysadmin = model.User.by_name(u'testsysadmin')
self.notadmin = model.User.by_name(u'notadmin')
self.package_fillers = {'title': 'test title',
'notes': 'test notes',
'license_id': 'mit-license',
}
def command(self):
self._load_config()
cmd = self.args[0] if len(self.args) else 'list'
if cmd == 'list':
self.list()
return
assert len(self.args) == 4, "Not enough paramters!" + RIGHTS_HELP
cmd, subj, role, obj = self.args
subj = self.find_subject(unicode(subj))
role = self.ensure_role(unicode(role))
obj = self.find_object(unicode(obj))
if cmd == 'make':
if isinstance(subj, model.User):
model.add_user_to_role(subj, role, obj)
elif isinstance(subj, model.AuthorizationGroup):
model.add_authorization_group_to_role(subj, role, obj)
print "made",
elif cmd == 'remove':
if isinstance(subj, model.User):
model.remove_user_from_role(subj, role, obj)
elif isinstance(subj, model.AuthorizationGroup):
model.remove_authorization_group_from_role(subj, role, obj)
print "remove",
model.repo.commit_and_remove()
self.print_row(subj, role, obj)
def test_register_whilst_logged_in(self):
"""Start registration form as user B then in another window login
as user A, and then try and then submit form for user B. #1799."""
# create user A
password = u"letmein"
CreateTestData.create_user(name=u"user_a__", password=password)
userA = model.User.by_name(u"user_a__")
# make him a sysadmin, to ensure he is allowed to create a user
model.add_user_to_role(userA, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
userA = model.User.by_name(u"user_a__")
# start to register user B
offset = url_for(controller="user", action="register")
res = self.app.get(offset)
fvA = res.forms["user-edit"]
fvA["name"] = "user_b_"
fvA["fullname"] = "User B"
fvA["email"] = "*****@*****.**"
fvA["password1"] = password
fvA["password2"] = password
# login user A
offset = url_for(controller="user", action="login")
res = self.app.get(offset)
fvB = res.forms["login"]
fvB["login"] = "******"
fvB["password"] = str(password)
res = fvB.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
# finish registration of user B
res = fvA.submit("save")
assert_equal(res.status, 200)
assert "user_a__</a> is currently logged in" in res.body, res.body
assert (
'User "user_b_" is now registered but you are still logged in as "user_a__" from before'.replace(
'"', """
)
in res.body
), res.body
assert "logout" in res.body, res.body
# logout and login as user B
res = self.app.get("/user/logout")
res2 = res.follow()
res2 = res2.follow()
assert "You have logged out successfully." in res2, res2
offset = url_for(controller="user", action="login")
res = self.app.get(offset)
fv = res.forms["login"]
fv["login"] = "******"
fv["password"] = str(password)
res = fv.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
assert "User B is now logged in" in res.body, res.body
def command(self):
self._load_config()
cmd = self.args[0] if len(self.args) else 'list'
if cmd == 'list':
args = self.args
if 'list' in args:
del args[args.index('list')]
self.list(args)
return
assert len(self.args) == 4, "Not enough parameters!" + RIGHTS_HELP
cmd, subj, role, obj = self.args
subj = self.find_subject(unicode(subj))
role = self.ensure_role(unicode(role))
objs = self.find_objects(unicode(obj))
for obj in objs:
try:
if cmd == 'make':
if isinstance(subj, model.User):
model.add_user_to_role(subj, role, obj)
elif isinstance(subj, model.AuthorizationGroup):
model.add_authorization_group_to_role(subj, role, obj)
print "made",
elif cmd == 'remove':
if isinstance(subj, model.User):
model.remove_user_from_role(subj, role, obj)
elif isinstance(subj, model.AuthorizationGroup):
model.remove_authorization_group_from_role(
subj, role, obj)
print "remove",
except NoResultFound, e:
print "! not found",
self.print_row(subj, role, obj)
def setup_class(self):
model.repo.init_db()
model.repo.new_revision()
self.sysadmin = 'madeup-sysadmin'
sysadmin_user = model.User(name=unicode(self.sysadmin))
self.admin = 'madeup-administrator'
admin_user = model.User(name=unicode(self.admin))
self.another = u'madeup-another'
another_user = model.User(name=unicode(self.another))
for obj in sysadmin_user, admin_user, another_user:
model.Session.add(obj)
model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System())
model.repo.new_revision()
self.pkgname = u'test6'
self.pkgname2 = u'test6a'
pkg = model.Package(name=self.pkgname)
pkg2 = model.Package(name=self.pkgname2)
model.Session.add(pkg)
model.Session.add(pkg2)
admin_user = model.User.by_name(unicode(self.admin))
assert admin_user
model.setup_default_user_roles(pkg, admins=[admin_user])
model.setup_default_user_roles(pkg2, admins=[admin_user])
model.repo.commit_and_remove()
def test_3_admin_changes_role(self):
# create a role to be deleted
group = model.Group.by_name(self.groupname)
model.add_user_to_role(model.User.by_name(u'visitor'), model.Role.READER, group)
model.repo.commit_and_remove()
offset = url_for(controller='group', action='authz', id=self.groupname)
res = self.app.get(offset, extra_environ={'REMOTE_USER':
self.admin})
assert self.groupname in res
group = model.Group.by_name(self.groupname)
assert len(group.roles) == 3, [(grouprole.user.name, grouprole.role) for grouprole in group.roles]
def _r(r):
return 'GroupRole-%s-role' % r.id
def _u(r):
return 'GroupRole-%s-user_id' % r.id
prs = self._prs(self.groupname)
assert prs.has_key('visitor')
assert prs.has_key('logged_in')
assert prs.has_key(self.admin), prs
form = res.forms['group-authz']
# change role assignments
form.select(_r(prs['visitor']), model.Role.EDITOR)
res = form.submit('save', extra_environ={'REMOTE_USER': self.admin})
model.Session.remove()
prs = self._prs(self.groupname)
assert len(prs) == 3, prs
assert prs['visitor'].role == model.Role.EDITOR
def setup_class(self):
try:
search.clear()
setup_test_search_index()
super(OnsLoaderBase, self).setup_class()
# make annafan a sysadmin to allow package creation
rev = model.repo.new_revision()
user = model.User.by_name(u'annafan')
model.add_user_to_role(user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
publist = [g.name for g in model.Session.query(model.Group).all()]
# create test publishers
rev = model.repo.new_revision()
for name, title in publishers.items():
if not name in publist:
model.Session.add(model.Group(name=unicode(name), title=title, type='publisher'))
model.repo.commit_and_remove()
except Exception, e:
# ensure that mock_drupal is destroyed
print e
MockDrupalCase.teardown_class()
#model.repo.rebuild_db()
raise
def setup_class(self):
# for the authorization editing tests we set up test data so:
# three users, madeup-sysadmin , madeup-administrator, and madeup-another
# one authzgroup
# two packages test6 and test6a, m-a is admin on both
model.repo.init_db()
model.repo.new_revision()
self.sysadmin = 'madeup-sysadmin'
sysadmin_user = model.User(name=unicode(self.sysadmin))
self.admin = 'madeup-administrator'
admin_user = model.User(name=unicode(self.admin))
self.another = u'madeup-another'
another_user = model.User(name=unicode(self.another))
self.authzgroup = u'madeup-authzgroup'
authzgroup = model.AuthorizationGroup(name=unicode(self.authzgroup))
for obj in sysadmin_user, admin_user, another_user, authzgroup:
model.Session.add(obj)
model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System())
model.repo.new_revision()
self.pkgname = u'test6'
self.pkgname2 = u'test6a'
pkg = model.Package(name=self.pkgname)
pkg2 = model.Package(name=self.pkgname2)
model.Session.add(pkg)
model.Session.add(pkg2)
admin_user = model.User.by_name(unicode(self.admin))
assert admin_user
model.setup_default_user_roles(pkg, admins=[admin_user])
model.setup_default_user_roles(pkg2, admins=[admin_user])
model.repo.commit_and_remove()
def setup_class(self):
# for the authorization editing tests we set up test data so:
# three users, madeup-sysadmin , madeup-administrator, and madeup-another
# one authzgroup
# two packages test6 and test6a, m-a is admin on both
model.repo.init_db()
model.repo.new_revision()
self.sysadmin = 'madeup-sysadmin'
sysadmin_user = model.User(name=unicode(self.sysadmin))
self.admin = 'madeup-administrator'
admin_user = model.User(name=unicode(self.admin))
self.another = u'madeup-another'
another_user = model.User(name=unicode(self.another))
self.authzgroup = u'madeup-authzgroup'
authzgroup = model.AuthorizationGroup(name=unicode(self.authzgroup))
for obj in sysadmin_user, admin_user, another_user, authzgroup:
model.Session.add(obj)
model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System())
model.repo.new_revision()
self.pkgname = u'test6'
self.pkgname2 = u'test6a'
pkg = model.Package(name=self.pkgname)
pkg2 = model.Package(name=self.pkgname2)
model.Session.add(pkg)
model.Session.add(pkg2)
admin_user = model.User.by_name(unicode(self.admin))
assert admin_user
model.setup_default_user_roles(pkg, admins=[admin_user])
model.setup_default_user_roles(pkg2, admins=[admin_user])
model.repo.commit_and_remove()
def make_or_remove_roles(cls, cmd, subj, role, obj, except_on_error=False, do_commit=True):
'''Tool to make or remove a role using the names of objects, rather
than the actual objects.
cmd - 'make' or 'remove'
subj - name of subject object (e.g. 'dave-admin')
role - name of role (e.g. 'editor')
obj - names of an objects to apply the role to (e.g. 'river-stats' or 'all')
'''
from ckan import model
log = logging.getLogger(__name__)
subj = cls.find_subject(unicode(subj))
role = cls.ensure_role(unicode(role))
objs = cls.find_objects(unicode(obj))
for obj in objs:
try:
if cmd == 'make':
if isinstance(subj, model.User):
model.add_user_to_role(subj, role, obj)
log.debug('Role made')
elif cmd == 'remove':
if isinstance(subj, model.User):
model.remove_user_from_role(subj, role, obj)
log.debug('Role removed')
else:
raise NotImplementedError
except NoResultFound, e:
log.error('Cannot find object for role %s: %s', str(e), cmd)
if except_on_error:
raise RightsToolError('Cannot %s right: %s %s %s', cmd, subj, role, obj)
log.debug(cls.get_printable_row(subj, role, obj,
exists=(cmd=='make')))
def setup(self):
# need to do this for every test since we mess with System rights
CreateTestData.create()
model.repo.new_revision()
model.Session.add(model.User(name=u'testadmin'))
model.Session.add(model.User(name=u'testsysadmin'))
model.Session.add(model.User(name=u'notadmin'))
model.repo.commit_and_remove()
pkg = model.Package.by_name(u'annakarenina')
admin = model.User.by_name(u'testadmin')
sysadmin = model.User.by_name(u'testsysadmin')
model.add_user_to_role(admin, model.Role.ADMIN, pkg)
model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
self.pkg = model.Package.by_name(u'annakarenina')
self.admin = model.User.by_name(u'testadmin')
self.sysadmin = model.User.by_name(u'testsysadmin')
self.notadmin = model.User.by_name(u'notadmin')
self.package_fillers = {
'title': 'test title',
'notes': 'test notes',
'license_id': 'mit-license',
}
def setup_class(self):
try:
search.clear()
setup_test_search_index()
super(OnsLoaderBase, self).setup_class()
# make annafan a sysadmin to allow package creation
rev = model.repo.new_revision()
user = model.User.by_name(u'annafan')
model.add_user_to_role(user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
publist = [g.name for g in model.Session.query(model.Group).all()]
# create test publishers
rev = model.repo.new_revision()
for name, title in publishers.items():
if not name in publist:
model.Session.add(model.Group(name=unicode(name), title=title, type='publisher'))
model.repo.commit_and_remove()
except Exception, e:
# ensure that mock_drupal is destroyed
print e
MockDrupalCase.teardown_class()
#model.repo.rebuild_db()
raise
def setup_class(self):
super(TestDeletedDecoyWhenAdmin, self).setup_class()
try:
self.orig_pkg_dict = {
"name": u"quarterly_epidemiological_commentary",
"title": "Quarterly Epidemiological Commentary",
"version": None, "url": None, "author": None, "author_email": None, "maintainer": None, "maintainer_email": None,
"notes": "Epidemiological analyses of Mandatory surveillance data on MRSA bacteraemia and C. difficile infection covering at least nine quarters\r\nSource agency: Health Protection Agency\r\nDesignation: Official Statistics not designated as National Statistics\r\nLanguage: English\r\nAlternative title: Quarterly Epi Commentary",
"license_id": "uk-ogl",
"tags": ["conditions-and-diseases", "health", "health-and-social-care", "health-of-the-population", "nhs-trust-hcai-pct-mrsa-mrsa-bacteraemia-c-difficile-c-diff-clostridium-difficile-healthcare-associa", "well-being-and-care"],
"groups": ['health-protection-agency'],
"extras": {
"geographic_coverage": "100000: England",
"geographic_granularity": "Other",
"external_reference": "ONSHUB",
"temporal_coverage-from": "",
"temporal_granularity": "",
"date_updated": "",
"precision": "",
"geographic_granularity": "",
"temporal_coverage_to": "",
"temporal_coverage_from": "",
"taxonomy_url": "",
"import_source": "ONS-ons_data_7_days_to_2010-06-23",
"date_released": "2010-06-18",
"temporal_coverage-to": "",
"update_frequency": "quarterly",
"national_statistic": "no",
"categories": "Health and Social Care"
},
"resources": []
}
self.deleted_decoy_pkg_dict = {
"name": u"quarterly_epidemiological_commentary_-_none",
"title": "Quarterly Epidemiological Commentary",
"groups": ['health-protection-agency'],
}
CreateTestData.create_arbitrary([self.orig_pkg_dict])
CreateTestData.create_arbitrary([self.deleted_decoy_pkg_dict],
extra_user_names=[u'testsysadmin'])
# make a sysadmin user
rev = model.repo.new_revision()
testsysadmin = model.User.by_name(u'testsysadmin')
model.add_user_to_role(testsysadmin, model.Role.ADMIN, model.System())
# delete decoy
decoy_pkg = model.Package.by_name(self.deleted_decoy_pkg_dict['name'])
assert decoy_pkg
decoy_pkg.delete()
model.repo.commit_and_remove()
# same data is imported, but should find record and add department
importer_ = importer.OnsImporter(sample_filepath(9), self.testclient)
self.pkg_dict = [pkg_dict for pkg_dict in importer_.pkg_dict()][0]
except:
# ensure that mock_drupal is destroyed
MockDrupalCase.teardown_class()
model.repo.rebuild_db()
raise
def _create_sysadmin():
model.repo.new_revision()
sysadmin_user = model.User(name="sysadmin")
model.Session.add(sysadmin_user)
model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
return "sysadmin"
def setup_class(self):
super(TestDeletedDecoyWhenAdmin, self).setup_class()
try:
self.orig_pkg_dict = {
"name": u"quarterly_epidemiological_commentary",
"title": "Quarterly Epidemiological Commentary",
"version": None, "url": None, "author": None, "author_email": None, "maintainer": None, "maintainer_email": None,
"notes": "Epidemiological analyses of Mandatory surveillance data on MRSA bacteraemia and C. difficile infection covering at least nine quarters\r\nSource agency: Health Protection Agency\r\nDesignation: Official Statistics not designated as National Statistics\r\nLanguage: English\r\nAlternative title: Quarterly Epi Commentary",
"license_id": "uk-ogl",
"tags": ["conditions-and-diseases", "health", "health-and-social-care", "health-of-the-population", "nhs-trust-hcai-pct-mrsa-mrsa-bacteraemia-c-difficile-c-diff-clostridium-difficile-healthcare-associa", "well-being-and-care"],
"groups": ['health-protection-agency'],
"extras": {
"geographic_coverage": "100000: England",
"geographic_granularity": "Other",
"external_reference": "ONSHUB",
"temporal_coverage-from": "",
"temporal_granularity": "",
"date_updated": "",
"precision": "",
"geographic_granularity": "",
"temporal_coverage_to": "",
"temporal_coverage_from": "",
"taxonomy_url": "",
"import_source": "ONS-ons_data_7_days_to_2010-06-23",
"date_released": "2010-06-18",
"temporal_coverage-to": "",
"update_frequency": "quarterly",
"national_statistic": "no",
"categories": "Health and Social Care"
},
"resources": []
}
self.deleted_decoy_pkg_dict = {
"name": u"quarterly_epidemiological_commentary_-_none",
"title": "Quarterly Epidemiological Commentary",
"groups": ['health-protection-agency'],
}
CreateTestData.create_arbitrary([self.orig_pkg_dict])
CreateTestData.create_arbitrary([self.deleted_decoy_pkg_dict],
extra_user_names=[u'testsysadmin'])
# make a sysadmin user
rev = model.repo.new_revision()
testsysadmin = model.User.by_name(u'testsysadmin')
model.add_user_to_role(testsysadmin, model.Role.ADMIN, model.System())
# delete decoy
decoy_pkg = model.Package.by_name(self.deleted_decoy_pkg_dict['name'])
assert decoy_pkg
decoy_pkg.delete()
model.repo.commit_and_remove()
# same data is imported, but should find record and add department
importer_ = importer.OnsImporter(sample_filepath(9), self.testclient)
self.pkg_dict = [pkg_dict for pkg_dict in importer_.pkg_dict()][0]
except:
# ensure that mock_drupal is destroyed
MockDrupalCase.teardown_class()
model.repo.rebuild_db()
raise
def setup(self):
# Add sysadmin user
harvest_user = model.User(name=u'harvest', password=u'test')
model.add_user_to_role(harvest_user, model.Role.ADMIN, model.System())
Session.add(harvest_user)
Session.commit()
package_schema = default_update_package_schema()
self.context ={'model':model,
'session':Session,
'user':u'harvest',
'schema':package_schema,
'api_version': '2'}
if config.get('ckan.harvest.auth.profile') == u'publisher':
# Create a publisher user
rev = model.repo.new_revision()
self.publisher_user = model.User(name=u'test-publisher-user',password=u'test')
self.publisher = model.Group(name=u'test-publisher',title=u'Test Publihser',type=u'publisher')
Session.add(self.publisher_user)
Session.add(self.publisher)
Session.commit()
member = model.Member(table_name = 'user',
table_id = self.publisher_user.id,
group=self.publisher,
capacity='admin')
Session.add(member)
Session.commit()
def setup(self):
# Add sysadmin user
harvest_user = model.User(name=u"harvest", password=u"test")
model.add_user_to_role(harvest_user, model.Role.ADMIN, model.System())
Session.add(harvest_user)
Session.commit()
package_schema = default_update_package_schema()
self.context = {
"model": model,
"session": Session,
"user": u"harvest",
"schema": package_schema,
"api_version": "2",
}
if config.get("ckan.harvest.auth.profile") == u"publisher":
# Create a publisher user
rev = model.repo.new_revision()
self.publisher_user = model.User(name=u"test-publisher-user", password=u"test")
self.publisher = model.Group(name=u"test-publisher", title=u"Test Publihser", type=u"publisher")
Session.add(self.publisher_user)
Session.add(self.publisher)
Session.commit()
member = model.Member(
table_name="user", table_id=self.publisher_user.id, group=self.publisher, capacity="admin"
)
Session.add(member)
Session.commit()
def _create_sysadmin():
model.repo.new_revision()
sysadmin_user = model.User(name='sysadmin')
model.Session.add(sysadmin_user)
model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
return 'sysadmin'
def command(self):
self._load_config()
cmd = self.args[0] if len(self.args) else 'list'
if cmd == 'list':
args = self.args
if 'list' in args:
del args[args.index('list')]
self.list(args)
return
assert len(self.args) == 4, "Not enough parameters!" + RIGHTS_HELP
cmd, subj, role, obj = self.args
subj = self.find_subject(unicode(subj))
role = self.ensure_role(unicode(role))
objs = self.find_objects(unicode(obj))
for obj in objs:
try:
if cmd == 'make':
if isinstance(subj, model.User):
model.add_user_to_role(subj, role, obj)
elif isinstance(subj, model.AuthorizationGroup):
model.add_authorization_group_to_role(subj, role, obj)
print "made",
elif cmd == 'remove':
if isinstance(subj, model.User):
model.remove_user_from_role(subj, role, obj)
elif isinstance(subj, model.AuthorizationGroup):
model.remove_authorization_group_from_role(subj, role, obj)
print "remove",
except NoResultFound, e:
print "! not found",
self.print_row(subj, role, obj)
def action_save_form(users):
# The permissions grid has been saved
# which is a grid of checkboxes named user$role
rpi = request.params.items()
# The grid passes us a list of the users/roles that were displayed
submitted = [a for (a, b) in rpi if (b == u'submitted')]
# and also those which were checked
checked = [a for (a, b) in rpi if (b == u'on')]
# from which we can deduce true/false for each user/role
# combination that was displayed in the form
table_dict = {}
for a in submitted:
table_dict[a] = False
for a in checked:
table_dict[a] = True
# now we'll split up the user$role strings to make a dictionary
# from (user,role) to True/False, which tells us what we need to
# do.
new_user_role_dict = {}
for (ur, val) in table_dict.items():
u, r = ur.split('$')
new_user_role_dict[(u, r)] = val
# we get the current user/role assignments
# and make a dictionary of them
current_uors = model.Session.query(model.SystemRole).all()
current_users_roles = [(uor.user.name, uor.role)
for uor in current_uors if uor.user]
current_user_role_dict = {}
for (u, r) in current_users_roles:
current_user_role_dict[(u, r)] = True
# and now we can loop through our dictionary of desired states
# checking whether a change needs to be made, and if so making it
# WORRY: Here it seems that we have to check whether someone is
# already assigned a role, in order to avoid assigning it twice,
# or attempting to delete it when it doesn't exist. Otherwise
# problems occur. However this doesn't affect the index page,
# which would seem to be prone to suffer the same effect. Why
# the difference?
for ((u, r), val) in new_user_role_dict.items():
if val:
if not ((u, r) in current_user_role_dict):
model.add_user_to_role(model.User.by_name(u), r,
model.System())
else:
if ((u, r) in current_user_role_dict):
model.remove_user_from_role(model.User.by_name(u), r,
model.System())
# finally commit the change to the database
model.Session.commit()
h.flash_success(_("Changes Saved"))
def setup_class(cls):
setup_test_search_index()
assert_solr_schema_is_the_dgu_variant()
CreateTestData.create_user('sysadmin')
model.add_user_to_role(model.User.by_name(u'sysadmin'),
model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
def setup_class(cls):
setup_test_search_index()
assert_solr_schema_is_the_dgu_variant()
CreateTestData.create_user('sysadmin')
model.add_user_to_role(model.User.by_name(u'sysadmin'),
model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
def test_register_whilst_logged_in(self):
'''Start registration form as user B then in another window login
as user A, and then try and then submit form for user B. #1799.'''
# create user A
password = u'letmein'
CreateTestData.create_user(name=u'user_a__',
password=password)
userA = model.User.by_name(u'user_a__')
# make him a sysadmin, to ensure he is allowed to create a user
model.add_user_to_role(userA, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
userA = model.User.by_name(u'user_a__')
# start to register user B
offset = url_for(controller='user', action='register')
res = self.app.get(offset)
fvA = res.forms['user-edit']
fvA['name'] = 'user_b_'
fvA['fullname'] = 'User B'
fvA['email'] = '*****@*****.**'
fvA['password1'] = password
fvA['password2'] = password
# login user A
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fvB = res.forms['login']
fvB['login'] = '******'
fvB['password'] = str(password)
res = fvB.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
# finish registration of user B
res = fvA.submit('save')
assert_equal(res.status, 200)
assert 'user_a__</a> is currently logged in' in res.body, res.body
assert 'User "user_b_" is now registered but you are still logged in as "user_a__" from before'.replace('"', '"') in res.body, res.body
assert 'logout' in res.body, res.body
# logout and login as user B
res = self.app.get('/user/_logout')
res2 = res.follow()
while res2.status == 302:
res2 = res2.follow()
assert 'You have logged out successfully.' in res2, res2
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = '******'
fv['password'] = str(password)
res = fv.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
assert 'User B is now logged in' in res.body, res.body
def test_register_whilst_logged_in(self):
'''Start registration form as user B then in another window login
as user A, and then try and then submit form for user B. #1799.'''
# create user A
password = u'letmein'
CreateTestData.create_user(name=u'user_a__', password=password)
userA = model.User.by_name(u'user_a__')
# make him a sysadmin, to ensure he is allowed to create a user
model.add_user_to_role(userA, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
userA = model.User.by_name(u'user_a__')
# start to register user B
offset = url_for(controller='user', action='register')
res = self.app.get(offset)
fvA = res.forms['user-edit']
fvA['name'] = 'user_b_'
fvA['fullname'] = 'User B'
fvA['email'] = '*****@*****.**'
fvA['password1'] = password
fvA['password2'] = password
# login user A
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fvB = res.forms['login']
fvB['login'] = '******'
fvB['password'] = str(password)
res = fvB.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
# finish registration of user B
res = fvA.submit('save')
assert_equal(res.status, 200)
assert 'user_a__</a> is currently logged in' in res.body, res.body
assert 'User "user_b_" is now registered but you are still logged in as "user_a__" from before'.replace(
'"', '"') in res.body, res.body
assert 'logout' in res.body, res.body
# logout and login as user B
res = self.app.get('/user/_logout')
res2 = res.follow()
while res2.status == 302:
res2 = res2.follow()
assert 'You have logged out successfully.' in res2, res2
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = '******'
fv['password'] = str(password)
res = fv.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
assert 'User B is now logged in' in res.body, res.body
def create_roles(cls, roles):
'''This is just a basic version for CKAN 1.7.1 - the full version
will be in CKAN 1.8.'''
for subj, role, obj in roles:
assert role, obj == ('admin', 'system')
subj = model.User.by_name(unicode(subj))
model.add_user_to_role(subj, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
def create_roles(cls, roles):
'''This is just a basic version for CKAN 1.7.1 - the full version
will be in CKAN 1.8.'''
for subj, role, obj in roles:
assert role, obj == ('admin', 'system')
subj = model.User.by_name(unicode(subj))
model.add_user_to_role(subj, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
def test_10_visitor_role(self):
assert not self.authorizer.is_authorized(username=self.visitor.name,
action=model.Action.EDIT, domain_object=self.war)
self.visitor = model.User.by_name(model.PSEUDO_USER__VISITOR)
self.war = model.Package.by_name(u'warandpeace')
model.add_user_to_role(self.visitor, model.Role.EDITOR, self.war)
model.repo.commit_and_remove()
assert self.authorizer.is_authorized(username=self.visitor.name,
action=model.Action.EDIT, domain_object=self.war)
def _create_test_data(cls):
CreateTestData.create()
# Remove visitor and logged in roles
roles = []
q = model.Session.query(model.UserObjectRole).\
filter(model.UserObjectRole.user==model.User.by_name(u"visitor"))
roles.extend(q.all())
q = model.Session.query(model.UserObjectRole).\
filter(model.UserObjectRole.user==model.User.by_name(u"logged_in"))
roles.extend(q.all())
for role in roles:
model.Session.delete(role)
rev = model.repo.new_revision()
model.Session.add_all([
model.User(name=u'pkggroupadmin'),
model.User(name=u'site_reader'),
model.User(name=u'outcast'),
model.Package(name=cls.ENTITY_NAME),
model.Package(name=u'deleted'),
model.Group(name=cls.ENTITY_NAME),
model.Group(name=u'deleted'),
model.Tag(name=cls.ENTITY_NAME),
model.RoleAction(role=cls.TRUSTED_ROLE,
context=u'',
action=model.Action.SITE_READ),
model.RoleAction(role=cls.TRUSTED_ROLE,
context=u'',
action=model.Action.READ),
])
model.repo.commit_and_remove()
# testsysadmin is sysadmin
# annafan is package admin for annakarenina
rev = model.repo.new_revision()
site_reader = model.User.by_name(u'site_reader')
pkggroupadmin = model.User.by_name(u'pkggroupadmin')
pkg = model.Package.by_name(cls.ENTITY_NAME)
group = model.Group.by_name(cls.ENTITY_NAME)
tag = model.Tag.by_name(cls.ENTITY_NAME)
pkg.add_tag(tag)
model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, model.System())
model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, pkg)
model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, group)
model.add_user_to_role(pkggroupadmin, model.Role.ADMIN, pkg)
model.add_user_to_role(pkggroupadmin, model.Role.ADMIN, group)
model.Package.by_name(u'deleted').delete()
model.Group.by_name(u'deleted').delete()
model.repo.commit_and_remove()
cls.testsysadmin = model.User.by_name(u'testsysadmin')
cls.pkggroupadmin = model.User.by_name(u'pkggroupadmin')
cls.site_reader = model.User.by_name(u'site_reader')
cls.outcast = model.User.by_name(u'outcast')
def test_1_user_role(self):
anna = model.Package.by_name(u'annakarenina')
mradmin = model.User.by_name(u'tester')
role = model.Role.ADMIN
model.add_user_to_role(mradmin, role, anna)
model.repo.commit_and_remove()
anna = model.Package.by_name(u'annakarenina')
mradmin = model.User.by_name(u'tester')
roles = self.authorizer.get_roles(mradmin.name, anna)
assert role in roles, roles
def test_1_user_role(self):
anna = model.Package.by_name(u'annakarenina')
mradmin = model.User.by_name(u'tester')
role = model.Role.ADMIN
model.add_user_to_role(mradmin, role, anna)
model.repo.commit_and_remove()
anna = model.Package.by_name(u'annakarenina')
mradmin = model.User.by_name(u'tester')
roles = self.authorizer.get_roles(mradmin.name, anna)
assert role in roles, roles
def test_10_visitor_role(self):
assert not self.authorizer.is_authorized(username=self.visitor.name,
action=model.Action.EDIT,
domain_object=self.war)
self.visitor = model.User.by_name(model.PSEUDO_USER__VISITOR)
self.war = model.Package.by_name(u'warandpeace')
model.add_user_to_role(self.visitor, model.Role.EDITOR, self.war)
model.repo.commit_and_remove()
assert self.authorizer.is_authorized(username=self.visitor.name,
action=model.Action.EDIT,
domain_object=self.war)
def _create_test_data(cls):
CreateTestData.create()
# Remove visitor and logged in roles
roles = []
q = model.Session.query(model.UserObjectRole).\
filter(model.UserObjectRole.user==model.User.by_name(u"visitor"))
roles.extend(q.all())
q = model.Session.query(model.UserObjectRole).\
filter(model.UserObjectRole.user==model.User.by_name(u"logged_in"))
roles.extend(q.all())
for role in roles:
model.Session.delete(role)
rev = model.repo.new_revision()
model.Session.add_all([
model.User(name=u'pkggroupadmin'),
model.User(name=u'site_reader'),
model.User(name=u'outcast'),
model.Package(name=cls.ENTITY_NAME),
model.Package(name=u'deleted'),
model.Group(name=cls.ENTITY_NAME),
model.Group(name=u'deleted'),
model.Tag(name=cls.ENTITY_NAME),
model.RoleAction(role=cls.TRUSTED_ROLE, context=u'',
action=model.Action.SITE_READ),
model.RoleAction(role=cls.TRUSTED_ROLE, context=u'',
action=model.Action.READ),
])
model.repo.commit_and_remove()
# testsysadmin is sysadmin
# annafan is package admin for annakarenina
rev = model.repo.new_revision()
site_reader = model.User.by_name(u'site_reader')
pkggroupadmin = model.User.by_name(u'pkggroupadmin')
pkg = model.Package.by_name(cls.ENTITY_NAME)
group = model.Group.by_name(cls.ENTITY_NAME)
tag = model.Tag.by_name(cls.ENTITY_NAME)
pkg.add_tag(tag)
model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, model.System())
model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, pkg)
model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, group)
model.add_user_to_role(pkggroupadmin, model.Role.ADMIN, pkg)
model.add_user_to_role(pkggroupadmin, model.Role.ADMIN, group)
model.Package.by_name(u'deleted').delete()
model.Group.by_name(u'deleted').delete()
model.repo.commit_and_remove()
cls.testsysadmin = model.User.by_name(u'testsysadmin')
cls.pkggroupadmin = model.User.by_name(u'pkggroupadmin')
cls.site_reader = model.User.by_name(u'site_reader')
cls.outcast = model.User.by_name(u'outcast')
def action_add_form(users):
# The user is attempting to set new roles for a named user
new_user = request.params.get('new_user_name')
# this is the list of roles whose boxes were ticked
checked_roles = [
a for (a, b) in request.params.items() if (b == u'on')
]
# this is the list of all the roles that were in the submitted
# form
submitted_roles = [
a for (a, b) in request.params.items() if (b == u'submitted')
]
# from this we can make a dictionary of the desired states
# i.e. true for the ticked boxes, false for the unticked
desired_roles = {}
for r in submitted_roles:
desired_roles[r] = False
for r in checked_roles:
desired_roles[r] = True
# again, in order to avoid either creating a role twice or
# deleting one which is non-existent, we need to get the users'
# current roles (if any)
current_uors = model.Session.query(model.SystemRole).all()
current_roles = [
uor.role for uor in current_uors
if (uor.user and uor.user.name == new_user)
]
user_object = model.User.by_name(new_user)
if user_object is None:
# The submitted user does not exist. Bail with flash
# message
h.flash_error(_('unknown user:') + str(new_user))
else:
# Whenever our desired state is different from our
# current state, change it.
for (r, val) in desired_roles.items():
if val:
if (r not in current_roles):
model.add_user_to_role(user_object, r,
model.System())
else:
if (r in current_roles):
model.remove_user_from_role(
user_object, r, model.System())
h.flash_success(_("User Added"))
# and finally commit all these changes to the database
model.Session.commit()
def dataset_editor_add(context, data_dict):
'''
Adds a user and role to dataset
:param name: dataset name or id
:type name: string
:param role: admin, editor or reader
:type role: string
:param username: user to be added
:type username: string
:rtype: message string
'''
pkg = model.Package.get(data_dict.get('name', None))
user = model.User.get(context.get('user', None))
role = data_dict.get('role', None)
username = model.User.get(data_dict.get('username', None))
if not (pkg and user and role):
msg = _('Required information missing')
raise ValidationError(msg)
pkg_dict = get_action('package_show')(context, {'id': pkg.id})
pkg_dict['domain_object'] = pkg_dict.get('id')
domain_object_ref = _get_or_bust(pkg_dict, 'domain_object')
domain_object = ckan.logic.action.get_domain_object(model, domain_object_ref)
# These are detailed checks to inform the user of the flaw
if not username:
msg = _('User not found')
raise NotFound(msg)
if not ((_authz.user_has_role(user, 'admin', domain_object) or
user.sysadmin)) and role == 'admin':
raise NotAuthorized
if not (check_access('package_update', context)):
raise NotAuthorized
if _authz.user_has_role(username, role, domain_object):
msg = _('User already has %s rights') % role
raise ValidationError(msg)
model.add_user_to_role(username, role, pkg)
model.meta.Session.commit()
msg = _('User added')
return msg
def setup_class(self):
model.repo.init_db()
self.authorizer = authz.Authorizer()
self.admin_role = model.Role.ADMIN
self.editor_role = model.Role.EDITOR
self.reader_role = model.Role.READER
model.repo.new_revision()
anna = model.Package(name=u'annakarenina')
war = model.Package(name=u'warandpeace')
mradmin = model.User(name=u'mradmin')
mreditor = model.User(name=u'mreditor')
mrreader = model.User(name=u'mrreader')
tester = model.User(name=u'tester')
anauthzgroup = model.AuthorizationGroup(name=u'anauthzgroup')
for obj in [
anna, war, mradmin, mreditor, mrreader, tester, anauthzgroup
]:
model.Session.add(obj)
model.repo.commit_and_remove()
anna = model.Package.by_name(u'annakarenina')
tester = model.User.by_name(u'tester')
model.add_user_to_role(tester, self.admin_role, anna)
self.context = unicode(model.Package.__name__)
ra1 = model.RoleAction(
role=self.admin_role,
context=self.context,
action=model.Action.EDIT,
)
ra2 = model.RoleAction(
role=self.editor_role,
context=self.context,
action=model.Action.EDIT,
)
ra3 = model.RoleAction(
role=self.reader_role,
context=self.context,
action=model.Action.READ,
)
for obj in [ra1, ra2, ra3]:
model.Session.add(obj)
model.repo.commit_and_remove()
mradmin = model.User.by_name(u'mradmin')
mreditor = model.User.by_name(u'mreditor')
mrreader = model.User.by_name(u'mrreader')
model.add_user_to_role(mradmin, self.admin_role, anna)
model.add_user_to_role(mreditor, self.editor_role, anna)
model.add_user_to_role(mrreader, self.reader_role, anna)
model.repo.commit_and_remove()
self.mradmin = model.User.by_name(u'mradmin')
self.mreditor = model.User.by_name(u'mreditor')
self.mrreader = model.User.by_name(u'mrreader')
self.war = model.Package.by_name(u'warandpeace')
self.anna = model.Package.by_name(u'annakarenina')
def action_add_form(users):
# The user is attempting to set new roles for a named user
new_user = request.params.get('new_user_name')
# this is the list of roles whose boxes were ticked
checked_roles = [a for (a, b) in request.params.items()
if (b == u'on')]
# this is the list of all the roles that were in the submitted
# form
submitted_roles = [a for (a, b) in request.params.items()
if (b == u'submitted')]
# from this we can make a dictionary of the desired states
# i.e. true for the ticked boxes, false for the unticked
desired_roles = {}
for r in submitted_roles:
desired_roles[r] = False
for r in checked_roles:
desired_roles[r] = True
# again, in order to avoid either creating a role twice or
# deleting one which is non-existent, we need to get the users'
# current roles (if any)
current_uors = model.Session.query(model.SystemRole).all()
current_roles = [uor.role for uor in current_uors
if (uor.user and uor.user.name == new_user)]
user_object = model.User.by_name(new_user)
if user_object is None:
# The submitted user does not exist. Bail with flash
# message
h.flash_error(_('unknown user:') + str(new_user))
else:
# Whenever our desired state is different from our
# current state, change it.
for (r, val) in desired_roles.items():
if val:
if (r not in current_roles):
model.add_user_to_role(user_object, r,
model.System())
else:
if (r in current_roles):
model.remove_user_from_role(user_object, r,
model.System())
h.flash_success(_("User Added"))
# and finally commit all these changes to the database
model.Session.commit()
def setup_class(self):
search.clear()
setup_test_search_index()
super(OnsLoaderBase, self).setup_class()
# make annafan a sysadmin to allow package creation
rev = model.repo.new_revision()
user = model.User.by_name(u'annafan')
model.add_user_to_role(user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
# create test publishers
rev = model.repo.new_revision()
for name, title in publishers.items():
model.Session.add(model.Group(name=unicode(name), title=title, type='publisher'))
model.repo.commit_and_remove()
def setup_class(self):
search.clear()
setup_test_search_index()
super(OnsLoaderBase, self).setup_class()
# make annafan a sysadmin to allow package creation
rev = model.repo.new_revision()
user = model.User.by_name(u'annafan')
model.add_user_to_role(user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
# create test publishers
rev = model.repo.new_revision()
for name, title in publishers.items():
model.Session.add(
model.Group(name=unicode(name), title=title, type='publisher'))
model.repo.commit_and_remove()
def setup(self):
model.repo.init_db()
CreateTestData.create()
self.package_name = u'formsapi'
self.package_name_alt = u'formsapialt'
self.package_name_alt2 = u'formsapialt2'
self.apikey_header_name = config.get('apikey_header_name',
'X-CKAN-API-Key')
self.user = self.get_user_by_name(u'tester')
if not self.user:
self.user = self.create_user(name=u'tester')
self.user = self.get_user_by_name(u'tester')
model.add_user_to_role(self.user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
self.extra_environ = {self.apikey_header_name: str(self.user.apikey)}
self.create_package(name=self.package_name)
def setup(self):
model.repo.init_db()
CreateTestData.create()
self.package_name = u'formsapi'
self.package_name_alt = u'formsapialt'
self.package_name_alt2 = u'formsapialt2'
self.apikey_header_name = config.get('apikey_header_name', 'X-CKAN-API-Key')
self.user = self.get_user_by_name(u'tester')
if not self.user:
self.user = self.create_user(name=u'tester')
self.user = self.get_user_by_name(u'tester')
model.add_user_to_role(self.user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
self.extra_environ = {
self.apikey_header_name : str(self.user.apikey)
}
self.create_package(name=self.package_name)
def setup_class(self):
model.repo.init_db()
self.authorizer = authz.Authorizer()
self.admin_role = model.Role.ADMIN
self.editor_role = model.Role.EDITOR
self.reader_role = model.Role.READER
model.repo.new_revision()
anna = model.Package(name=u'annakarenina')
war = model.Package(name=u'warandpeace')
mradmin = model.User(name=u'mradmin')
mreditor = model.User(name=u'mreditor')
mrreader = model.User(name=u'mrreader')
tester = model.User(name=u'tester')
anauthzgroup = model.AuthorizationGroup(name=u'anauthzgroup')
for obj in [anna, war, mradmin, mreditor, mrreader, tester, anauthzgroup]:
model.Session.add(obj)
model.repo.commit_and_remove()
anna = model.Package.by_name(u'annakarenina')
tester = model.User.by_name(u'tester')
model.add_user_to_role(tester, self.admin_role, anna)
self.context = unicode(model.Package.__name__)
ra1 = model.RoleAction(role=self.admin_role,
context=self.context,
action=model.Action.EDIT,
)
ra2 = model.RoleAction(role=self.editor_role,
context=self.context,
action=model.Action.EDIT,
)
ra3 = model.RoleAction(role=self.reader_role,
context=self.context,
action=model.Action.READ,
)
for obj in [ra1, ra2, ra3]:
model.Session.add(obj)
model.repo.commit_and_remove()
mradmin = model.User.by_name(u'mradmin')
mreditor = model.User.by_name(u'mreditor')
mrreader = model.User.by_name(u'mrreader')
model.add_user_to_role(mradmin, self.admin_role, anna)
model.add_user_to_role(mreditor, self.editor_role, anna)
model.add_user_to_role(mrreader, self.reader_role, anna)
model.repo.commit_and_remove()
self.mradmin = model.User.by_name(u'mradmin')
self.mreditor = model.User.by_name(u'mreditor')
self.mrreader = model.User.by_name(u'mrreader')
self.war = model.Package.by_name(u'warandpeace')
self.anna = model.Package.by_name(u'annakarenina')
def setup_class(self):
# for the authorization editing tests we set up test data so:
# three users, sysadmin , administrator, and another
# one authzgroup, one group, one package
# and administrator is admin on all three
# one extra authzgroup, authzgroup2, with no permissions to start with
model.repo.init_db()
model.repo.new_revision()
self.sysadmin = 'sysadmin'
sysadmin_user = model.User(name=unicode(self.sysadmin))
self.admin = 'administrator'
admin_user = model.User(name=unicode(self.admin))
self.another = 'another'
another_user = model.User(name=unicode(self.another))
self.authzgroup = 'authzgroup'
authzgroup = model.AuthorizationGroup(name=unicode(self.authzgroup))
self.group = 'group'
group = model.Group(name=unicode(self.group))
self.authzgroup2 = 'authzgroup2'
authzgroup2 = model.AuthorizationGroup(name=unicode(self.authzgroup2))
for obj in sysadmin_user, admin_user, another_user, authzgroup, group, authzgroup2:
model.Session.add(obj)
model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
model.repo.new_revision()
self.pkg = u'dataset'
pkg = model.Package(name=self.pkg)
model.Session.add(pkg)
admin_user = model.User.by_name(unicode(self.admin))
assert admin_user
# setup all three authorization objects to have logged in and visitor as editors, and the admin as admin
model.setup_user_roles(pkg, ['editor'], ['editor'], [admin_user])
model.setup_user_roles(authzgroup, ['editor'], ['editor'],
[admin_user])
model.setup_user_roles(group, ['editor'], ['editor'], [admin_user])
model.repo.commit_and_remove()
def setup_class(self):
CreateTestData.create()
model.repo.new_revision()
model.Session.add(model.Package(name=u'testpkg'))
model.Session.add(model.Package(name=u'testpkg2'))
model.Session.add(model.Package(name=u'private_pkg'))
model.Session.add(model.User(name=u'testadmin'))
# Cannot setup testsysadmin user as it is alreade done in
# the default test data.
#model.Session.add(model.User(name=u'testsysadmin'))
model.Session.add(model.User(name=u'notadmin'))
model.Session.add(model.Group(name=u'testgroup'))
model.Session.add(model.Group(name=u'testgroup2'))
model.repo.commit_and_remove()
model.repo.new_revision()
pkg = model.Package.by_name(u'testpkg')
pkg2 = model.Package.by_name(u'testpkg2')
private_pkg = model.Package.by_name(u'private_pkg')
pkg.add_relationship(u'depends_on', pkg2)
pkg.add_relationship(u'depends_on', private_pkg)
model.repo.commit_and_remove()
pkg = model.Package.by_name(u'testpkg')
grp = model.Group.by_name(u'testgroup')
admin = model.User.by_name(u'testadmin')
sysadmin = model.User.by_name(u'testsysadmin')
notadmin = model.User.by_name(u'notadmin')
model.add_user_to_role(admin, model.Role.ADMIN, pkg)
model.add_user_to_role(admin, model.Role.ADMIN, grp)
model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System())
model.add_user_to_role(notadmin, model.Role.READER, pkg)
model.add_user_to_role(notadmin, model.Role.READER, pkg2)
model.repo.commit_and_remove()
self.authorizer = ckan.authz.Authorizer()
self.pkg = model.Package.by_name(u'testpkg')
self.pkg2 = model.Package.by_name(u'testpkg2')
self.private_pkg = model.Package.by_name(u'private_pkg')
self.grp = model.Group.by_name(u'testgroup')
self.grp2 = model.Group.by_name(u'testgroup2')
self.admin = model.User.by_name(u'testadmin')
self.sysadmin = model.User.by_name(u'testsysadmin')
self.notadmin = model.User.by_name(u'notadmin')
def setup_class(self):
# for the authorization editing tests we set up test data so:
# three users, sysadmin , administrator, and another
# one authzgroup, one group, one package
# and administrator is admin on all three
# one extra authzgroup, authzgroup2, with no permissions to start with
model.repo.init_db()
model.repo.new_revision()
self.sysadmin = 'sysadmin'
sysadmin_user = model.User(name=unicode(self.sysadmin))
self.admin = 'administrator'
admin_user = model.User(name=unicode(self.admin))
self.another = 'another'
another_user = model.User(name=unicode(self.another))
self.authzgroup = 'authzgroup'
authzgroup = model.AuthorizationGroup(name=unicode(self.authzgroup))
self.group = 'group'
group = model.Group(name=unicode(self.group))
self.authzgroup2 = 'authzgroup2'
authzgroup2 = model.AuthorizationGroup(name=unicode(self.authzgroup2))
for obj in sysadmin_user, admin_user, another_user, authzgroup, group, authzgroup2:
model.Session.add(obj)
model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
model.repo.new_revision()
self.pkg = u'dataset'
pkg = model.Package(name=self.pkg)
model.Session.add(pkg)
admin_user = model.User.by_name(unicode(self.admin))
assert admin_user
# setup all three authorization objects to have logged in and visitor as editors, and the admin as admin
model.setup_user_roles(pkg, ['editor'], ['editor'], [admin_user])
model.setup_user_roles(authzgroup, ['editor'], ['editor'], [admin_user])
model.setup_user_roles(group, ['editor'], ['editor'], [admin_user])
model.repo.commit_and_remove()
def setup_class(self):
CreateTestData.create()
model.repo.new_revision()
model.Session.add(model.Package(name=u'testpkg'))
model.Session.add(model.Package(name=u'testpkg2'))
model.Session.add(model.Package(name=u'private_pkg'))
model.Session.add(model.User(name=u'testadmin'))
# Cannot setup testsysadmin user as it is alreade done in
# the default test data.
#model.Session.add(model.User(name=u'testsysadmin'))
model.Session.add(model.User(name=u'notadmin'))
model.Session.add(model.Group(name=u'testgroup'))
model.Session.add(model.Group(name=u'testgroup2'))
model.repo.commit_and_remove()
model.repo.new_revision()
pkg = model.Package.by_name(u'testpkg')
pkg2 = model.Package.by_name(u'testpkg2')
private_pkg = model.Package.by_name(u'private_pkg')
pkg.add_relationship(u'depends_on', pkg2)
pkg.add_relationship(u'depends_on', private_pkg)
model.repo.commit_and_remove()
pkg = model.Package.by_name(u'testpkg')
grp = model.Group.by_name(u'testgroup')
admin = model.User.by_name(u'testadmin')
sysadmin = model.User.by_name(u'testsysadmin')
notadmin = model.User.by_name(u'notadmin')
model.add_user_to_role(admin, model.Role.ADMIN, pkg)
model.add_user_to_role(admin, model.Role.ADMIN, grp)
model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System())
model.add_user_to_role(notadmin, model.Role.READER, pkg)
model.add_user_to_role(notadmin, model.Role.READER, pkg2)
model.repo.commit_and_remove()
self.authorizer = ckan.authz.Authorizer()
self.pkg = model.Package.by_name(u'testpkg')
self.pkg2 = model.Package.by_name(u'testpkg2')
self.private_pkg = model.Package.by_name(u'private_pkg')
self.grp = model.Group.by_name(u'testgroup')
self.grp2 = model.Group.by_name(u'testgroup2')
self.admin = model.User.by_name(u'testadmin')
self.sysadmin = model.User.by_name(u'testsysadmin')
self.notadmin = model.User.by_name(u'notadmin')
def add(self):
from ckan import model
if len(self.args) < 2:
print "Need name of the user to be made sysadmin."
return
username = self.args[1]
user = model.User.by_name(unicode(username))
if not user:
print 'User "%s" not found' % username
makeuser = raw_input("Create new user: %s? [y/n]" % username)
if makeuser == "y":
print ("Creating %s user" % username)
user = model.User(name=unicode(username))
else:
print "Exiting ..."
return
model.add_user_to_role(user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
print "Added %s as sysadmin" % username
def test_3_add_twice_remove_twice(self):
tester = model.User.by_name(u'tester')
war = model.Package.by_name(u'warandpeace')
def tester_roles():
return [x.role \
for x in model.Session.query(model.PackageRole).all() \
if x.user and x.user.name=='tester' and x.package.name==u'warandpeace']
assert len(tester_roles()) == 0, "wrong number of roles for tester"
model.add_user_to_role(tester, model.Role.ADMIN, war)
model.repo.commit_and_remove()
assert len(tester_roles()) == 1, "wrong number of roles for tester"
model.add_user_to_role(tester, model.Role.ADMIN, war)
model.repo.commit_and_remove()
assert len(tester_roles()) == 1, "wrong number of roles for tester"
model.remove_user_from_role(tester, model.Role.ADMIN, war)
assert len(tester_roles()) == 0, "wrong number of roles for tester"
model.remove_user_from_role(tester, model.Role.ADMIN, war)
assert len(tester_roles()) == 0, "wrong number of roles for tester"
def test_3_add_twice_remove_twice(self):
tester = model.User.by_name(u'tester')
war = model.Package.by_name(u'warandpeace')
def tester_roles():
return [x.role \
for x in model.Session.query(model.PackageRole).all() \
if x.user and x.user.name=='tester' and x.package.name==u'warandpeace']
assert len(tester_roles()) == 0, "wrong number of roles for tester"
model.add_user_to_role(tester, model.Role.ADMIN, war)
model.repo.commit_and_remove()
assert len(tester_roles()) == 1, "wrong number of roles for tester"
model.add_user_to_role(tester, model.Role.ADMIN, war)
model.repo.commit_and_remove()
assert len(tester_roles()) == 1, "wrong number of roles for tester"
model.remove_user_from_role(tester, model.Role.ADMIN, war)
assert len(tester_roles()) == 0, "wrong number of roles for tester"
model.remove_user_from_role(tester, model.Role.ADMIN, war)
assert len(tester_roles()) == 0, "wrong number of roles for tester"
def setup_class(self):
CreateTestData.create()
model.repo.new_revision()
model.Session.add(model.Package(name=u"testpkg"))
model.Session.add(model.Package(name=u"testpkg2"))
model.Session.add(model.User(name=u"testadmin"))
model.Session.add(model.User(name=u"testsysadmin"))
model.Session.add(model.User(name=u"notadmin"))
model.Session.add(model.Group(name=u"testgroup"))
model.Session.add(model.Group(name=u"testgroup2"))
model.repo.commit_and_remove()
pkg = model.Package.by_name(u"testpkg")
grp = model.Group.by_name(u"testgroup")
admin = model.User.by_name(u"testadmin")
sysadmin = model.User.by_name(u"testsysadmin")
model.add_user_to_role(admin, model.Role.ADMIN, pkg)
model.add_user_to_role(admin, model.Role.ADMIN, grp)
model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
self.authorizer = ckan.authz.Authorizer()
self.pkg = model.Package.by_name(u"testpkg")
self.pkg2 = model.Package.by_name(u"testpkg2")
self.grp = model.Group.by_name(u"testgroup")
self.grp2 = model.Group.by_name(u"testgroup2")
self.admin = model.User.by_name(u"testadmin")
self.sysadmin = model.User.by_name(u"testsysadmin")
self.notadmin = model.User.by_name(u"notadmin")
def add(self):
from ckan import model
if len(self.args) < 2:
print 'Need name of the user to be made sysadmin.'
return
username = self.args[1]
user = model.User.by_name(unicode(username))
if not user:
print 'User "%s" not found' % username
makeuser = raw_input('Create new user: %s? [y/n]' % username)
if makeuser == 'y':
password = UserCmd.password_prompt()
print('Creating %s user' % username)
user = model.User(name=unicode(username), password=password)
else:
print 'Exiting ...'
return
model.add_user_to_role(user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
print 'Added %s as sysadmin' % username
def set_roles(self, user_name, drupal_roles):
'''Sets CKAN user roles based on the drupal roles.
Restricted to sysadmin. Publishing roles initially imported during migration from
Drupal.
Example drupal_roles:
['package admin', 'publisher admin', 'authenticated user', 'publishing user']
where sysadmin roles are:
3 'administrator' - total control
11 'package admin' - admin of datasets
'publisher admin' - admin of publishers
other roles:
'publishing user' - anyone who has registered - includes spammers
'''
from ckan import model
from ckan.authz import Authorizer
needs_commit = False
user = model.User.by_name(user_name)
# Sysadmin or not
log.debug('User roles in Drupal: %r', drupal_roles)
should_be_sysadmin = bool(
set(('administrator', 'package admin', 'publisher admin'))
& set(drupal_roles))
is_sysadmin = Authorizer().is_sysadmin(user)
if should_be_sysadmin and not is_sysadmin:
# Make user a sysadmin
model.add_user_to_role(user, model.Role.ADMIN, model.System())
log.info('User made a sysadmin: %s', user_name)
needs_commit = True
elif not should_be_sysadmin and is_sysadmin:
# Stop user being a sysadmin
model.remove_user_from_role(user, model.Role.ADMIN, model.System())
log.info('User now not a sysadmin: %s', user_name)
needs_commit = True
if needs_commit:
model.repo.commit_and_remove()
def test_4_admin_deletes_role(self):
group = model.Group.by_name(self.groupname)
# create a role to be deleted
model.add_user_to_role(model.User.by_name(u'logged_in'), model.Role.READER, group)
model.repo.commit_and_remove()
group = model.Group.by_name(self.groupname)
num_roles_start = len(group.roles)
# make sure not admin
pr_id = [ r for r in group.roles if r.user.name != self.admin ][0].id
offset = url_for(controller='group', action='authz', id=self.groupname,
role_to_delete=pr_id)
# need this here as o/w conflicts over session binding
model.Session.remove()
res = self.app.get(offset, extra_environ={'REMOTE_USER':
self.admin})
assert 'Deleted role' in res, res
assert 'error' not in res, res
group = model.Group.by_name(self.groupname)
assert len(group.roles) == num_roles_start - 1
assert model.Session.query(model.GroupRole).filter_by(id=pr_id).count() == 0
def setup(self):
# Add sysadmin user
harvest_user = model.User(name=u'harvest', password=u'test')
model.add_user_to_role(harvest_user, model.Role.ADMIN, model.System())
Session.add(harvest_user)
Session.commit()
package_schema = default_update_package_schema()
self.context = {
'model': model,
'session': Session,
'user': u'harvest',
'schema': package_schema,
'api_version': '2'
}
if config.get('ckan.harvest.auth.profile') == u'publisher':
# Create a publisher user
rev = model.repo.new_revision()
self.publisher_user = model.User(name=u'test-publisher-user',
password=u'test')
self.publisher = model.Group(name=u'test-publisher',
title=u'Test Publihser',
type=u'publisher')
Session.add(self.publisher_user)
Session.add(self.publisher)
Session.commit()
member = model.Member(table_name='user',
table_id=self.publisher_user.id,
group=self.publisher,
capacity='admin')
Session.add(member)
Session.commit()
def setup_class(self):
CreateTestData.create()
q = model.Session.query(model.UserObjectRole).filter(
sa.or_(model.UserObjectRole.role == Role.EDITOR,
model.UserObjectRole.role == Role.ANON_EDITOR,
model.UserObjectRole.role == Role.READER))
q = q.filter(
model.UserObjectRole.user == model.User.by_name(u"visitor"))
for role in q:
model.Session.delete(role)
model.repo.commit_and_remove()
model.repo.new_revision()
model.Session.add(model.Package(name=u'testpkg'))
model.Session.add(model.Package(name=u'testpkg2'))
model.Session.add(model.User(name=u'testadmin'))
# Cannot setup testsysadmin user as it is alreade done in
# the default test data.
#model.Session.add(model.User(name=u'testsysadmin'))
model.Session.add(model.User(name=u'notadmin'))
model.Session.add(model.Group(name=u'testgroup'))
model.Session.add(model.Group(name=u'testgroup2'))
model.repo.commit_and_remove()
pkg = model.Package.by_name(u'testpkg')
grp = model.Group.by_name(u'testgroup')
admin = model.User.by_name(u'testadmin')
sysadmin = model.User.by_name(u'testsysadmin')
model.add_user_to_role(admin, model.Role.ADMIN, pkg)
model.add_user_to_role(admin, model.Role.ADMIN, grp)
model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
self.authorizer = ckan.authz.Authorizer()
self.pkg = model.Package.by_name(u'testpkg')
self.pkg2 = model.Package.by_name(u'testpkg2')
self.grp = model.Group.by_name(u'testgroup')
self.grp2 = model.Group.by_name(u'testgroup2')
self.admin = model.User.by_name(u'testadmin')
self.sysadmin = model.User.by_name(u'testsysadmin')
self.notadmin = model.User.by_name(u'notadmin')
def _create_user(self):
harvest_user = model.User(name=u'harvest', password=u'test')
model.add_user_to_role(harvest_user, model.Role.ADMIN, model.System())
model.Session.add(harvest_user)
model.Session.commit()
def _add_user_object_role(self, users_or_authz_groups, current_uors, domain_object):
'''
current_uors: in order to avoid either creating a role twice or deleting one which is
non-existent, we need to get the users' current roles (if any)
'''
# The user is attempting to set new roles for a named user
new_user = request.params.get('new_user_name')
# this is the list of roles whose boxes were ticked
checked_roles = [ a for (a,b) in request.params.items() if (b == u'on')]
# this is the list of all the roles that were in the submitted form
submitted_roles = [ a for (a,b) in request.params.items() if (b == u'submitted')]
# from this we can make a dictionary of the desired states
# i.e. true for the ticked boxes, false for the unticked
desired_roles = {}
for r in submitted_roles:
desired_roles[r]=False
for r in checked_roles:
desired_roles[r]=True
if users_or_authz_groups=='users':
current_roles = [uor.role for uor in current_uors if ( uor.user and uor.user.name == new_user )]
user_object = model.User.by_name(new_user)
if user_object==None:
# The submitted user does not exist. Bail with flash message
h.flash_error(_('unknown user:'******'authz_groups':
current_roles = [uor.role for uor in current_uors if ( uor.authorized_group and uor.authorized_group.name == new_user )]
user_object = model.AuthorizationGroup.by_name(new_user)
if user_object==None:
# The submitted user does not exist. Bail with flash message
h.flash_error(_('unknown authorization group:') + str (new_user))
else:
# Whenever our desired state is different from our current state, change it.
for (r,val) in desired_roles.items():
if val:
if (r not in current_roles):
model.add_authorization_group_to_role(user_object,
r, domain_object)
else:
if (r in current_roles):
model.remove_authorization_group_from_role(user_object,
r, domain_object)
h.flash_success(_("Authorization Group Added"))
else:
assert False, "shouldn't be here"
# and finally commit all these changes to the database
model.repo.commit_and_remove()
def _update_user_object_roles(self, users_or_authz_groups, current_uors, domain_object):
'''Update user object roles for this object.
:param domain_object: the domain object for whom we are adding the user
object role.
'''
# The permissions grid has been saved
# which is a grid of checkboxes named user$role
rpi = request.params.items()
# The grid passes us a list of the users/roles that were displayed
submitted = [ a for (a,b) in rpi if (b == u'submitted')]
# and also those which were checked
checked = [ a for (a,b) in rpi if (b == u'on')]
# from which we can deduce true/false for each user/role combination
# that was displayed in the form
table_dict={}
for a in submitted:
table_dict[a]=False
for a in checked:
table_dict[a]=True
# now we'll split up the user$role strings to make a dictionary from
# (user,role) to True/False, which tells us what we need to do.
new_user_role_dict={}
for (ur,val) in table_dict.items():
u,r = ur.split('$')
new_user_role_dict[(u,r)] = val
if users_or_authz_groups=='users':
current_users_roles = [( uor.user.name, uor.role) for uor in current_uors if uor.user]
elif users_or_authz_groups=='authz_groups':
current_users_roles = [( uor.authorized_group.name, uor.role) for uor in current_uors if uor.authorized_group]
else:
assert False, "shouldn't be here"
current_user_role_dict={}
for (u,r) in current_users_roles:
current_user_role_dict[(u,r)]=True
# and now we can loop through our dictionary of desired states
# checking whether a change needs to be made, and if so making it
# Here we check whether someone is already assigned a role, in order
# to avoid assigning it twice, or attempting to delete it when it
# doesn't exist. Otherwise problems can occur.
if users_or_authz_groups=='users':
for ((u,r), val) in new_user_role_dict.items():
if val:
if not ((u,r) in current_user_role_dict):
model.add_user_to_role(model.User.by_name(u),r,domain_object)
else:
if ((u,r) in current_user_role_dict):
model.remove_user_from_role(model.User.by_name(u),r,domain_object)
elif users_or_authz_groups=='authz_groups':
for ((u,r), val) in new_user_role_dict.items():
if val:
if not ((u,r) in current_user_role_dict):
model.add_authorization_group_to_role(model.AuthorizationGroup.by_name(u),r,domain_object)
else:
if ((u,r) in current_user_role_dict):
model.remove_authorization_group_from_role(model.AuthorizationGroup.by_name(u),r,domain_object)
else:
assert False, "shouldn't be here"
# finally commit the change to the database
model.repo.commit_and_remove()
h.flash_success(_("Changes Saved"))
def create(cls, auth_profile="", package_type=None):
model.Session.remove()
rev = model.repo.new_revision()
# same name as user we create below
rev.author = cls.author
rev.message = u'''Creating test data.
* Package: annakarenina
* Package: warandpeace
* Associated tags, etc etc
'''
if auth_profile == "publisher":
organization_group = model.Group(name=u"organization_group",
type="organization")
cls.pkg_names = [u'annakarenina', u'warandpeace']
pkg1 = model.Package(name=cls.pkg_names[0], type=package_type)
if auth_profile == "publisher":
pkg1.group = organization_group
model.Session.add(pkg1)
pkg1.title = u'A Novel By Tolstoy'
pkg1.version = u'0.7a'
pkg1.url = u'http://www.annakarenina.com'
# put an & in the url string to test escaping
if 'alt_url' in model.Resource.get_extra_columns():
configured_extras = ({
'alt_url': u'alt123'
}, {
'alt_url': u'alt345'
})
else:
configured_extras = ({}, {})
pr1 = model.Resource(
url=u'http://www.annakarenina.com/download/x=1&y=2',
format=u'plain text',
description=u'Full text. Needs escaping: " Umlaut: \xfc',
hash=u'abc123',
extras={'size_extra': u'123'},
**configured_extras[0])
pr2 = model.Resource(url=u'http://www.annakarenina.com/index.json',
format=u'json',
description=u'Index of the novel',
hash=u'def456',
extras={'size_extra': u'345'},
**configured_extras[1])
model.Session.add(pr1)
model.Session.add(pr2)
pkg1.resource_groups_all[0].resources_all.append(pr1)
pkg1.resource_groups_all[0].resources_all.append(pr2)
pkg1.notes = u'''Some test notes
### A 3rd level heading
**Some bolded text.**
*Some italicized text.*
Foreign characters:
u with umlaut \xfc
66-style quote \u201c
foreign word: th\xfcmb
Needs escaping:
left arrow <
<http://ckan.net/>
'''
pkg2 = model.Package(name=cls.pkg_names[1], type=package_type)
tag1 = model.Tag(name=u'russian')
tag2 = model.Tag(name=u'tolstoy')
if auth_profile == "publisher":
pkg2.group = organization_group
# Flexible tag, allows spaces, upper-case,
# and all punctuation except commas
tag3 = model.Tag(name=u'Flexible \u30a1')
for obj in [pkg2, tag1, tag2, tag3]:
model.Session.add(obj)
pkg1.add_tags([tag1, tag2, tag3])
pkg2.add_tags([tag1, tag3])
cls.tag_names = [t.name for t in (tag1, tag2, tag3)]
pkg1.license_id = u'other-open'
pkg2.license_id = u'cc-nc' # closed license
pkg2.title = u'A Wonderful Story'
pkg1.extras = {u'genre': 'romantic novel', u'original media': 'book'}
# group
david = model.Group(name=u'david',
title=u'Dave\'s books',
description=u'These are books that David likes.',
type=auth_profile or 'group')
roger = model.Group(name=u'roger',
title=u'Roger\'s books',
description=u'Roger likes these books.',
type=auth_profile or 'group')
for obj in [david, roger]:
model.Session.add(obj)
cls.group_names.add(u'david')
cls.group_names.add(u'roger')
model.Session.flush()
model.Session.add(
model.Member(table_id=pkg1.id, table_name='package', group=david))
model.Session.add(
model.Member(table_id=pkg2.id, table_name='package', group=david))
model.Session.add(
model.Member(table_id=pkg1.id, table_name='package', group=roger))
# authz
sysadmin = model.User(name=u'testsysadmin', password=u'testsysadmin')
sysadmin.sysadmin = True
model.Session.add_all([
model.User(name=u'tester', apikey=u'tester', password=u'tester'),
model.User(name=u'joeadmin', password=u'joeadmin'),
model.User(
name=u'annafan',
about=u'I love reading Annakarenina. My site: http://anna.com',
password=u'annafan'),
model.User(name=u'russianfan', password=u'russianfan'),
sysadmin,
])
cls.user_refs.extend([
u'tester', u'joeadmin', u'annafan', u'russianfan', u'testsysadmin'
])
model.repo.commit_and_remove()
visitor = model.User.by_name(model.PSEUDO_USER__VISITOR)
anna = model.Package.by_name(u'annakarenina')
war = model.Package.by_name(u'warandpeace')
annafan = model.User.by_name(u'annafan')
russianfan = model.User.by_name(u'russianfan')
model.setup_default_user_roles(anna, [annafan])
model.setup_default_user_roles(war, [russianfan])
model.add_user_to_role(visitor, model.Role.ADMIN, war)
david = model.Group.by_name(u'david')
roger = model.Group.by_name(u'roger')
model.setup_default_user_roles(david, [russianfan])
model.setup_default_user_roles(roger, [russianfan])
model.add_user_to_role(visitor, model.Role.ADMIN, roger)
model.repo.commit_and_remove()
def setup_class(self):
model.Session.remove()
CreateTestData.create()
model.Session.remove()
self.authorizer = authz.Authorizer()
self.admin_role = model.Role.ADMIN
self.editor_role = model.Role.EDITOR
self.reader_role = model.Role.READER
john = model.User(name=u'john')
model.Session.add(john)
# setup annakarenina with default roles
anna = model.Package.by_name(u'annakarenina')
model.clear_user_roles(anna)
annakarenina_creator = model.User(name=u'annakarenina_creator')
model.Session.add(annakarenina_creator)
model.repo.commit_and_remove()
model.setup_default_user_roles(anna, [annakarenina_creator])
model.repo.commit_and_remove()
# setup warandpeace with no roles
war = model.Package.by_name(u'warandpeace')
model.clear_user_roles(war)
# setup restricted package - visitors can't change
restricted = model.Package(name=u'restricted')
vrestricted = model.Package(name=u'vrestricted')
mreditor = model.User(name=u'mreditor')
mrreader = model.User(name=u'mrreader')
self.mrsysadmin = u'mrsysadmin'
mrsysadmin = model.User(name=self.mrsysadmin)
model.repo.new_revision()
model.Session.add_all(
[restricted, vrestricted, mreditor, mrreader, mrsysadmin])
model.repo.commit_and_remove()
visitor_roles = []
logged_in_roles = [model.Role.EDITOR, model.Role.READER]
logged_in_roles_v = []
restricted = model.Package.by_name(u'restricted')
vrestricted = model.Package.by_name(u'vrestricted')
model.setup_user_roles(restricted, visitor_roles, logged_in_roles)
model.setup_user_roles(vrestricted, visitor_roles, logged_in_roles_v)
model.repo.commit_and_remove()
mreditor = model.User.by_name(u'mreditor')
model.add_user_to_role(mreditor, model.Role.EDITOR, restricted)
mrsysadmin = model.User.by_name(u'mrsysadmin')
model.add_user_to_role(mrsysadmin, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
self.mreditor = model.User.by_name(u'mreditor')
self.mrreader = model.User.by_name(u'mrreader')
self.annakarenina_creator = model.User.by_name(u'annakarenina_creator')
self.logged_in = model.User.by_name(model.PSEUDO_USER__LOGGED_IN)
self.visitor = model.User.by_name(model.PSEUDO_USER__VISITOR)
self.john = model.User.by_name(u'john')
self.war = model.Package.by_name(u'warandpeace')
self.anna = model.Package.by_name(u'annakarenina')
self.restricted = model.Package.by_name(u'restricted')
self.vrestricted = model.Package.by_name(u'vrestricted')
