def setup(self): # need to do this for every test since we mess with System rights CreateTestData.create() model.repo.new_revision() model.Session.add(model.User(name=u'testadmin')) model.Session.add(model.User(name=u'testsysadmin')) model.Session.add(model.User(name=u'notadmin')) model.repo.commit_and_remove() pkg = model.Package.by_name(u'annakarenina') admin = model.User.by_name(u'testadmin') sysadmin = model.User.by_name(u'testsysadmin') model.add_user_to_role(admin, model.Role.ADMIN, pkg) model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() self.pkg = model.Package.by_name(u'annakarenina') self.admin = model.User.by_name(u'testadmin') self.sysadmin = model.User.by_name(u'testsysadmin') self.notadmin = model.User.by_name(u'notadmin') self.package_fillers = {'title': 'test title', 'notes': 'test notes', 'license_id': 'mit-license', }
def command(self): self._load_config() cmd = self.args[0] if len(self.args) else 'list' if cmd == 'list': self.list() return assert len(self.args) == 4, "Not enough paramters!" + RIGHTS_HELP cmd, subj, role, obj = self.args subj = self.find_subject(unicode(subj)) role = self.ensure_role(unicode(role)) obj = self.find_object(unicode(obj)) if cmd == 'make': if isinstance(subj, model.User): model.add_user_to_role(subj, role, obj) elif isinstance(subj, model.AuthorizationGroup): model.add_authorization_group_to_role(subj, role, obj) print "made", elif cmd == 'remove': if isinstance(subj, model.User): model.remove_user_from_role(subj, role, obj) elif isinstance(subj, model.AuthorizationGroup): model.remove_authorization_group_from_role(subj, role, obj) print "remove", model.repo.commit_and_remove() self.print_row(subj, role, obj)
def test_register_whilst_logged_in(self): """Start registration form as user B then in another window login as user A, and then try and then submit form for user B. #1799.""" # create user A password = u"letmein" CreateTestData.create_user(name=u"user_a__", password=password) userA = model.User.by_name(u"user_a__") # make him a sysadmin, to ensure he is allowed to create a user model.add_user_to_role(userA, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() userA = model.User.by_name(u"user_a__") # start to register user B offset = url_for(controller="user", action="register") res = self.app.get(offset) fvA = res.forms["user-edit"] fvA["name"] = "user_b_" fvA["fullname"] = "User B" fvA["email"] = "*****@*****.**" fvA["password1"] = password fvA["password2"] = password # login user A offset = url_for(controller="user", action="login") res = self.app.get(offset) fvB = res.forms["login"] fvB["login"] = "******" fvB["password"] = str(password) res = fvB.submit() while res.status == 302: res = res.follow() assert_equal(res.status, 200) # finish registration of user B res = fvA.submit("save") assert_equal(res.status, 200) assert "user_a__</a> is currently logged in" in res.body, res.body assert ( 'User "user_b_" is now registered but you are still logged in as "user_a__" from before'.replace( '"', """ ) in res.body ), res.body assert "logout" in res.body, res.body # logout and login as user B res = self.app.get("/user/logout") res2 = res.follow() res2 = res2.follow() assert "You have logged out successfully." in res2, res2 offset = url_for(controller="user", action="login") res = self.app.get(offset) fv = res.forms["login"] fv["login"] = "******" fv["password"] = str(password) res = fv.submit() while res.status == 302: res = res.follow() assert_equal(res.status, 200) assert "User B is now logged in" in res.body, res.body
def command(self): self._load_config() cmd = self.args[0] if len(self.args) else 'list' if cmd == 'list': args = self.args if 'list' in args: del args[args.index('list')] self.list(args) return assert len(self.args) == 4, "Not enough parameters!" + RIGHTS_HELP cmd, subj, role, obj = self.args subj = self.find_subject(unicode(subj)) role = self.ensure_role(unicode(role)) objs = self.find_objects(unicode(obj)) for obj in objs: try: if cmd == 'make': if isinstance(subj, model.User): model.add_user_to_role(subj, role, obj) elif isinstance(subj, model.AuthorizationGroup): model.add_authorization_group_to_role(subj, role, obj) print "made", elif cmd == 'remove': if isinstance(subj, model.User): model.remove_user_from_role(subj, role, obj) elif isinstance(subj, model.AuthorizationGroup): model.remove_authorization_group_from_role( subj, role, obj) print "remove", except NoResultFound, e: print "! not found", self.print_row(subj, role, obj)
def setup_class(self): model.repo.init_db() model.repo.new_revision() self.sysadmin = 'madeup-sysadmin' sysadmin_user = model.User(name=unicode(self.sysadmin)) self.admin = 'madeup-administrator' admin_user = model.User(name=unicode(self.admin)) self.another = u'madeup-another' another_user = model.User(name=unicode(self.another)) for obj in sysadmin_user, admin_user, another_user: model.Session.add(obj) model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System()) model.repo.new_revision() self.pkgname = u'test6' self.pkgname2 = u'test6a' pkg = model.Package(name=self.pkgname) pkg2 = model.Package(name=self.pkgname2) model.Session.add(pkg) model.Session.add(pkg2) admin_user = model.User.by_name(unicode(self.admin)) assert admin_user model.setup_default_user_roles(pkg, admins=[admin_user]) model.setup_default_user_roles(pkg2, admins=[admin_user]) model.repo.commit_and_remove()
def test_3_admin_changes_role(self): # create a role to be deleted group = model.Group.by_name(self.groupname) model.add_user_to_role(model.User.by_name(u'visitor'), model.Role.READER, group) model.repo.commit_and_remove() offset = url_for(controller='group', action='authz', id=self.groupname) res = self.app.get(offset, extra_environ={'REMOTE_USER': self.admin}) assert self.groupname in res group = model.Group.by_name(self.groupname) assert len(group.roles) == 3, [(grouprole.user.name, grouprole.role) for grouprole in group.roles] def _r(r): return 'GroupRole-%s-role' % r.id def _u(r): return 'GroupRole-%s-user_id' % r.id prs = self._prs(self.groupname) assert prs.has_key('visitor') assert prs.has_key('logged_in') assert prs.has_key(self.admin), prs form = res.forms['group-authz'] # change role assignments form.select(_r(prs['visitor']), model.Role.EDITOR) res = form.submit('save', extra_environ={'REMOTE_USER': self.admin}) model.Session.remove() prs = self._prs(self.groupname) assert len(prs) == 3, prs assert prs['visitor'].role == model.Role.EDITOR
def setup_class(self): try: search.clear() setup_test_search_index() super(OnsLoaderBase, self).setup_class() # make annafan a sysadmin to allow package creation rev = model.repo.new_revision() user = model.User.by_name(u'annafan') model.add_user_to_role(user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() publist = [g.name for g in model.Session.query(model.Group).all()] # create test publishers rev = model.repo.new_revision() for name, title in publishers.items(): if not name in publist: model.Session.add(model.Group(name=unicode(name), title=title, type='publisher')) model.repo.commit_and_remove() except Exception, e: # ensure that mock_drupal is destroyed print e MockDrupalCase.teardown_class() #model.repo.rebuild_db() raise
def setup_class(self): # for the authorization editing tests we set up test data so: # three users, madeup-sysadmin , madeup-administrator, and madeup-another # one authzgroup # two packages test6 and test6a, m-a is admin on both model.repo.init_db() model.repo.new_revision() self.sysadmin = 'madeup-sysadmin' sysadmin_user = model.User(name=unicode(self.sysadmin)) self.admin = 'madeup-administrator' admin_user = model.User(name=unicode(self.admin)) self.another = u'madeup-another' another_user = model.User(name=unicode(self.another)) self.authzgroup = u'madeup-authzgroup' authzgroup = model.AuthorizationGroup(name=unicode(self.authzgroup)) for obj in sysadmin_user, admin_user, another_user, authzgroup: model.Session.add(obj) model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System()) model.repo.new_revision() self.pkgname = u'test6' self.pkgname2 = u'test6a' pkg = model.Package(name=self.pkgname) pkg2 = model.Package(name=self.pkgname2) model.Session.add(pkg) model.Session.add(pkg2) admin_user = model.User.by_name(unicode(self.admin)) assert admin_user model.setup_default_user_roles(pkg, admins=[admin_user]) model.setup_default_user_roles(pkg2, admins=[admin_user]) model.repo.commit_and_remove()
def make_or_remove_roles(cls, cmd, subj, role, obj, except_on_error=False, do_commit=True): '''Tool to make or remove a role using the names of objects, rather than the actual objects. cmd - 'make' or 'remove' subj - name of subject object (e.g. 'dave-admin') role - name of role (e.g. 'editor') obj - names of an objects to apply the role to (e.g. 'river-stats' or 'all') ''' from ckan import model log = logging.getLogger(__name__) subj = cls.find_subject(unicode(subj)) role = cls.ensure_role(unicode(role)) objs = cls.find_objects(unicode(obj)) for obj in objs: try: if cmd == 'make': if isinstance(subj, model.User): model.add_user_to_role(subj, role, obj) log.debug('Role made') elif cmd == 'remove': if isinstance(subj, model.User): model.remove_user_from_role(subj, role, obj) log.debug('Role removed') else: raise NotImplementedError except NoResultFound, e: log.error('Cannot find object for role %s: %s', str(e), cmd) if except_on_error: raise RightsToolError('Cannot %s right: %s %s %s', cmd, subj, role, obj) log.debug(cls.get_printable_row(subj, role, obj, exists=(cmd=='make')))
def setup(self): # need to do this for every test since we mess with System rights CreateTestData.create() model.repo.new_revision() model.Session.add(model.User(name=u'testadmin')) model.Session.add(model.User(name=u'testsysadmin')) model.Session.add(model.User(name=u'notadmin')) model.repo.commit_and_remove() pkg = model.Package.by_name(u'annakarenina') admin = model.User.by_name(u'testadmin') sysadmin = model.User.by_name(u'testsysadmin') model.add_user_to_role(admin, model.Role.ADMIN, pkg) model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() self.pkg = model.Package.by_name(u'annakarenina') self.admin = model.User.by_name(u'testadmin') self.sysadmin = model.User.by_name(u'testsysadmin') self.notadmin = model.User.by_name(u'notadmin') self.package_fillers = { 'title': 'test title', 'notes': 'test notes', 'license_id': 'mit-license', }
def setup_class(self): super(TestDeletedDecoyWhenAdmin, self).setup_class() try: self.orig_pkg_dict = { "name": u"quarterly_epidemiological_commentary", "title": "Quarterly Epidemiological Commentary", "version": None, "url": None, "author": None, "author_email": None, "maintainer": None, "maintainer_email": None, "notes": "Epidemiological analyses of Mandatory surveillance data on MRSA bacteraemia and C. difficile infection covering at least nine quarters\r\nSource agency: Health Protection Agency\r\nDesignation: Official Statistics not designated as National Statistics\r\nLanguage: English\r\nAlternative title: Quarterly Epi Commentary", "license_id": "uk-ogl", "tags": ["conditions-and-diseases", "health", "health-and-social-care", "health-of-the-population", "nhs-trust-hcai-pct-mrsa-mrsa-bacteraemia-c-difficile-c-diff-clostridium-difficile-healthcare-associa", "well-being-and-care"], "groups": ['health-protection-agency'], "extras": { "geographic_coverage": "100000: England", "geographic_granularity": "Other", "external_reference": "ONSHUB", "temporal_coverage-from": "", "temporal_granularity": "", "date_updated": "", "precision": "", "geographic_granularity": "", "temporal_coverage_to": "", "temporal_coverage_from": "", "taxonomy_url": "", "import_source": "ONS-ons_data_7_days_to_2010-06-23", "date_released": "2010-06-18", "temporal_coverage-to": "", "update_frequency": "quarterly", "national_statistic": "no", "categories": "Health and Social Care" }, "resources": [] } self.deleted_decoy_pkg_dict = { "name": u"quarterly_epidemiological_commentary_-_none", "title": "Quarterly Epidemiological Commentary", "groups": ['health-protection-agency'], } CreateTestData.create_arbitrary([self.orig_pkg_dict]) CreateTestData.create_arbitrary([self.deleted_decoy_pkg_dict], extra_user_names=[u'testsysadmin']) # make a sysadmin user rev = model.repo.new_revision() testsysadmin = model.User.by_name(u'testsysadmin') model.add_user_to_role(testsysadmin, model.Role.ADMIN, model.System()) # delete decoy decoy_pkg = model.Package.by_name(self.deleted_decoy_pkg_dict['name']) assert decoy_pkg decoy_pkg.delete() model.repo.commit_and_remove() # same data is imported, but should find record and add department importer_ = importer.OnsImporter(sample_filepath(9), self.testclient) self.pkg_dict = [pkg_dict for pkg_dict in importer_.pkg_dict()][0] except: # ensure that mock_drupal is destroyed MockDrupalCase.teardown_class() model.repo.rebuild_db() raise
def _create_sysadmin(): model.repo.new_revision() sysadmin_user = model.User(name="sysadmin") model.Session.add(sysadmin_user) model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() return "sysadmin"
def setup(self): # Add sysadmin user harvest_user = model.User(name=u'harvest', password=u'test') model.add_user_to_role(harvest_user, model.Role.ADMIN, model.System()) Session.add(harvest_user) Session.commit() package_schema = default_update_package_schema() self.context ={'model':model, 'session':Session, 'user':u'harvest', 'schema':package_schema, 'api_version': '2'} if config.get('ckan.harvest.auth.profile') == u'publisher': # Create a publisher user rev = model.repo.new_revision() self.publisher_user = model.User(name=u'test-publisher-user',password=u'test') self.publisher = model.Group(name=u'test-publisher',title=u'Test Publihser',type=u'publisher') Session.add(self.publisher_user) Session.add(self.publisher) Session.commit() member = model.Member(table_name = 'user', table_id = self.publisher_user.id, group=self.publisher, capacity='admin') Session.add(member) Session.commit()
def setup(self): # Add sysadmin user harvest_user = model.User(name=u"harvest", password=u"test") model.add_user_to_role(harvest_user, model.Role.ADMIN, model.System()) Session.add(harvest_user) Session.commit() package_schema = default_update_package_schema() self.context = { "model": model, "session": Session, "user": u"harvest", "schema": package_schema, "api_version": "2", } if config.get("ckan.harvest.auth.profile") == u"publisher": # Create a publisher user rev = model.repo.new_revision() self.publisher_user = model.User(name=u"test-publisher-user", password=u"test") self.publisher = model.Group(name=u"test-publisher", title=u"Test Publihser", type=u"publisher") Session.add(self.publisher_user) Session.add(self.publisher) Session.commit() member = model.Member( table_name="user", table_id=self.publisher_user.id, group=self.publisher, capacity="admin" ) Session.add(member) Session.commit()
def _create_sysadmin(): model.repo.new_revision() sysadmin_user = model.User(name='sysadmin') model.Session.add(sysadmin_user) model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() return 'sysadmin'
def command(self): self._load_config() cmd = self.args[0] if len(self.args) else 'list' if cmd == 'list': args = self.args if 'list' in args: del args[args.index('list')] self.list(args) return assert len(self.args) == 4, "Not enough parameters!" + RIGHTS_HELP cmd, subj, role, obj = self.args subj = self.find_subject(unicode(subj)) role = self.ensure_role(unicode(role)) objs = self.find_objects(unicode(obj)) for obj in objs: try: if cmd == 'make': if isinstance(subj, model.User): model.add_user_to_role(subj, role, obj) elif isinstance(subj, model.AuthorizationGroup): model.add_authorization_group_to_role(subj, role, obj) print "made", elif cmd == 'remove': if isinstance(subj, model.User): model.remove_user_from_role(subj, role, obj) elif isinstance(subj, model.AuthorizationGroup): model.remove_authorization_group_from_role(subj, role, obj) print "remove", except NoResultFound, e: print "! not found", self.print_row(subj, role, obj)
def action_save_form(users): # The permissions grid has been saved # which is a grid of checkboxes named user$role rpi = request.params.items() # The grid passes us a list of the users/roles that were displayed submitted = [a for (a, b) in rpi if (b == u'submitted')] # and also those which were checked checked = [a for (a, b) in rpi if (b == u'on')] # from which we can deduce true/false for each user/role # combination that was displayed in the form table_dict = {} for a in submitted: table_dict[a] = False for a in checked: table_dict[a] = True # now we'll split up the user$role strings to make a dictionary # from (user,role) to True/False, which tells us what we need to # do. new_user_role_dict = {} for (ur, val) in table_dict.items(): u, r = ur.split('$') new_user_role_dict[(u, r)] = val # we get the current user/role assignments # and make a dictionary of them current_uors = model.Session.query(model.SystemRole).all() current_users_roles = [(uor.user.name, uor.role) for uor in current_uors if uor.user] current_user_role_dict = {} for (u, r) in current_users_roles: current_user_role_dict[(u, r)] = True # and now we can loop through our dictionary of desired states # checking whether a change needs to be made, and if so making it # WORRY: Here it seems that we have to check whether someone is # already assigned a role, in order to avoid assigning it twice, # or attempting to delete it when it doesn't exist. Otherwise # problems occur. However this doesn't affect the index page, # which would seem to be prone to suffer the same effect. Why # the difference? for ((u, r), val) in new_user_role_dict.items(): if val: if not ((u, r) in current_user_role_dict): model.add_user_to_role(model.User.by_name(u), r, model.System()) else: if ((u, r) in current_user_role_dict): model.remove_user_from_role(model.User.by_name(u), r, model.System()) # finally commit the change to the database model.Session.commit() h.flash_success(_("Changes Saved"))
def setup_class(cls): setup_test_search_index() assert_solr_schema_is_the_dgu_variant() CreateTestData.create_user('sysadmin') model.add_user_to_role(model.User.by_name(u'sysadmin'), model.Role.ADMIN, model.System()) model.repo.commit_and_remove()
def test_register_whilst_logged_in(self): '''Start registration form as user B then in another window login as user A, and then try and then submit form for user B. #1799.''' # create user A password = u'letmein' CreateTestData.create_user(name=u'user_a__', password=password) userA = model.User.by_name(u'user_a__') # make him a sysadmin, to ensure he is allowed to create a user model.add_user_to_role(userA, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() userA = model.User.by_name(u'user_a__') # start to register user B offset = url_for(controller='user', action='register') res = self.app.get(offset) fvA = res.forms['user-edit'] fvA['name'] = 'user_b_' fvA['fullname'] = 'User B' fvA['email'] = '*****@*****.**' fvA['password1'] = password fvA['password2'] = password # login user A offset = url_for(controller='user', action='login') res = self.app.get(offset) fvB = res.forms['login'] fvB['login'] = '******' fvB['password'] = str(password) res = fvB.submit() while res.status == 302: res = res.follow() assert_equal(res.status, 200) # finish registration of user B res = fvA.submit('save') assert_equal(res.status, 200) assert 'user_a__</a> is currently logged in' in res.body, res.body assert 'User "user_b_" is now registered but you are still logged in as "user_a__" from before'.replace('"', '"') in res.body, res.body assert 'logout' in res.body, res.body # logout and login as user B res = self.app.get('/user/_logout') res2 = res.follow() while res2.status == 302: res2 = res2.follow() assert 'You have logged out successfully.' in res2, res2 offset = url_for(controller='user', action='login') res = self.app.get(offset) fv = res.forms['login'] fv['login'] = '******' fv['password'] = str(password) res = fv.submit() while res.status == 302: res = res.follow() assert_equal(res.status, 200) assert 'User B is now logged in' in res.body, res.body
def test_register_whilst_logged_in(self): '''Start registration form as user B then in another window login as user A, and then try and then submit form for user B. #1799.''' # create user A password = u'letmein' CreateTestData.create_user(name=u'user_a__', password=password) userA = model.User.by_name(u'user_a__') # make him a sysadmin, to ensure he is allowed to create a user model.add_user_to_role(userA, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() userA = model.User.by_name(u'user_a__') # start to register user B offset = url_for(controller='user', action='register') res = self.app.get(offset) fvA = res.forms['user-edit'] fvA['name'] = 'user_b_' fvA['fullname'] = 'User B' fvA['email'] = '*****@*****.**' fvA['password1'] = password fvA['password2'] = password # login user A offset = url_for(controller='user', action='login') res = self.app.get(offset) fvB = res.forms['login'] fvB['login'] = '******' fvB['password'] = str(password) res = fvB.submit() while res.status == 302: res = res.follow() assert_equal(res.status, 200) # finish registration of user B res = fvA.submit('save') assert_equal(res.status, 200) assert 'user_a__</a> is currently logged in' in res.body, res.body assert 'User "user_b_" is now registered but you are still logged in as "user_a__" from before'.replace( '"', '"') in res.body, res.body assert 'logout' in res.body, res.body # logout and login as user B res = self.app.get('/user/_logout') res2 = res.follow() while res2.status == 302: res2 = res2.follow() assert 'You have logged out successfully.' in res2, res2 offset = url_for(controller='user', action='login') res = self.app.get(offset) fv = res.forms['login'] fv['login'] = '******' fv['password'] = str(password) res = fv.submit() while res.status == 302: res = res.follow() assert_equal(res.status, 200) assert 'User B is now logged in' in res.body, res.body
def create_roles(cls, roles): '''This is just a basic version for CKAN 1.7.1 - the full version will be in CKAN 1.8.''' for subj, role, obj in roles: assert role, obj == ('admin', 'system') subj = model.User.by_name(unicode(subj)) model.add_user_to_role(subj, model.Role.ADMIN, model.System()) model.repo.commit_and_remove()
def test_10_visitor_role(self): assert not self.authorizer.is_authorized(username=self.visitor.name, action=model.Action.EDIT, domain_object=self.war) self.visitor = model.User.by_name(model.PSEUDO_USER__VISITOR) self.war = model.Package.by_name(u'warandpeace') model.add_user_to_role(self.visitor, model.Role.EDITOR, self.war) model.repo.commit_and_remove() assert self.authorizer.is_authorized(username=self.visitor.name, action=model.Action.EDIT, domain_object=self.war)
def _create_test_data(cls): CreateTestData.create() # Remove visitor and logged in roles roles = [] q = model.Session.query(model.UserObjectRole).\ filter(model.UserObjectRole.user==model.User.by_name(u"visitor")) roles.extend(q.all()) q = model.Session.query(model.UserObjectRole).\ filter(model.UserObjectRole.user==model.User.by_name(u"logged_in")) roles.extend(q.all()) for role in roles: model.Session.delete(role) rev = model.repo.new_revision() model.Session.add_all([ model.User(name=u'pkggroupadmin'), model.User(name=u'site_reader'), model.User(name=u'outcast'), model.Package(name=cls.ENTITY_NAME), model.Package(name=u'deleted'), model.Group(name=cls.ENTITY_NAME), model.Group(name=u'deleted'), model.Tag(name=cls.ENTITY_NAME), model.RoleAction(role=cls.TRUSTED_ROLE, context=u'', action=model.Action.SITE_READ), model.RoleAction(role=cls.TRUSTED_ROLE, context=u'', action=model.Action.READ), ]) model.repo.commit_and_remove() # testsysadmin is sysadmin # annafan is package admin for annakarenina rev = model.repo.new_revision() site_reader = model.User.by_name(u'site_reader') pkggroupadmin = model.User.by_name(u'pkggroupadmin') pkg = model.Package.by_name(cls.ENTITY_NAME) group = model.Group.by_name(cls.ENTITY_NAME) tag = model.Tag.by_name(cls.ENTITY_NAME) pkg.add_tag(tag) model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, model.System()) model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, pkg) model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, group) model.add_user_to_role(pkggroupadmin, model.Role.ADMIN, pkg) model.add_user_to_role(pkggroupadmin, model.Role.ADMIN, group) model.Package.by_name(u'deleted').delete() model.Group.by_name(u'deleted').delete() model.repo.commit_and_remove() cls.testsysadmin = model.User.by_name(u'testsysadmin') cls.pkggroupadmin = model.User.by_name(u'pkggroupadmin') cls.site_reader = model.User.by_name(u'site_reader') cls.outcast = model.User.by_name(u'outcast')
def test_1_user_role(self): anna = model.Package.by_name(u'annakarenina') mradmin = model.User.by_name(u'tester') role = model.Role.ADMIN model.add_user_to_role(mradmin, role, anna) model.repo.commit_and_remove() anna = model.Package.by_name(u'annakarenina') mradmin = model.User.by_name(u'tester') roles = self.authorizer.get_roles(mradmin.name, anna) assert role in roles, roles
def action_add_form(users): # The user is attempting to set new roles for a named user new_user = request.params.get('new_user_name') # this is the list of roles whose boxes were ticked checked_roles = [ a for (a, b) in request.params.items() if (b == u'on') ] # this is the list of all the roles that were in the submitted # form submitted_roles = [ a for (a, b) in request.params.items() if (b == u'submitted') ] # from this we can make a dictionary of the desired states # i.e. true for the ticked boxes, false for the unticked desired_roles = {} for r in submitted_roles: desired_roles[r] = False for r in checked_roles: desired_roles[r] = True # again, in order to avoid either creating a role twice or # deleting one which is non-existent, we need to get the users' # current roles (if any) current_uors = model.Session.query(model.SystemRole).all() current_roles = [ uor.role for uor in current_uors if (uor.user and uor.user.name == new_user) ] user_object = model.User.by_name(new_user) if user_object is None: # The submitted user does not exist. Bail with flash # message h.flash_error(_('unknown user:') + str(new_user)) else: # Whenever our desired state is different from our # current state, change it. for (r, val) in desired_roles.items(): if val: if (r not in current_roles): model.add_user_to_role(user_object, r, model.System()) else: if (r in current_roles): model.remove_user_from_role( user_object, r, model.System()) h.flash_success(_("User Added")) # and finally commit all these changes to the database model.Session.commit()
def dataset_editor_add(context, data_dict): ''' Adds a user and role to dataset :param name: dataset name or id :type name: string :param role: admin, editor or reader :type role: string :param username: user to be added :type username: string :rtype: message string ''' pkg = model.Package.get(data_dict.get('name', None)) user = model.User.get(context.get('user', None)) role = data_dict.get('role', None) username = model.User.get(data_dict.get('username', None)) if not (pkg and user and role): msg = _('Required information missing') raise ValidationError(msg) pkg_dict = get_action('package_show')(context, {'id': pkg.id}) pkg_dict['domain_object'] = pkg_dict.get('id') domain_object_ref = _get_or_bust(pkg_dict, 'domain_object') domain_object = ckan.logic.action.get_domain_object(model, domain_object_ref) # These are detailed checks to inform the user of the flaw if not username: msg = _('User not found') raise NotFound(msg) if not ((_authz.user_has_role(user, 'admin', domain_object) or user.sysadmin)) and role == 'admin': raise NotAuthorized if not (check_access('package_update', context)): raise NotAuthorized if _authz.user_has_role(username, role, domain_object): msg = _('User already has %s rights') % role raise ValidationError(msg) model.add_user_to_role(username, role, pkg) model.meta.Session.commit() msg = _('User added') return msg
def setup_class(self): model.repo.init_db() self.authorizer = authz.Authorizer() self.admin_role = model.Role.ADMIN self.editor_role = model.Role.EDITOR self.reader_role = model.Role.READER model.repo.new_revision() anna = model.Package(name=u'annakarenina') war = model.Package(name=u'warandpeace') mradmin = model.User(name=u'mradmin') mreditor = model.User(name=u'mreditor') mrreader = model.User(name=u'mrreader') tester = model.User(name=u'tester') anauthzgroup = model.AuthorizationGroup(name=u'anauthzgroup') for obj in [ anna, war, mradmin, mreditor, mrreader, tester, anauthzgroup ]: model.Session.add(obj) model.repo.commit_and_remove() anna = model.Package.by_name(u'annakarenina') tester = model.User.by_name(u'tester') model.add_user_to_role(tester, self.admin_role, anna) self.context = unicode(model.Package.__name__) ra1 = model.RoleAction( role=self.admin_role, context=self.context, action=model.Action.EDIT, ) ra2 = model.RoleAction( role=self.editor_role, context=self.context, action=model.Action.EDIT, ) ra3 = model.RoleAction( role=self.reader_role, context=self.context, action=model.Action.READ, ) for obj in [ra1, ra2, ra3]: model.Session.add(obj) model.repo.commit_and_remove() mradmin = model.User.by_name(u'mradmin') mreditor = model.User.by_name(u'mreditor') mrreader = model.User.by_name(u'mrreader') model.add_user_to_role(mradmin, self.admin_role, anna) model.add_user_to_role(mreditor, self.editor_role, anna) model.add_user_to_role(mrreader, self.reader_role, anna) model.repo.commit_and_remove() self.mradmin = model.User.by_name(u'mradmin') self.mreditor = model.User.by_name(u'mreditor') self.mrreader = model.User.by_name(u'mrreader') self.war = model.Package.by_name(u'warandpeace') self.anna = model.Package.by_name(u'annakarenina')
def action_add_form(users): # The user is attempting to set new roles for a named user new_user = request.params.get('new_user_name') # this is the list of roles whose boxes were ticked checked_roles = [a for (a, b) in request.params.items() if (b == u'on')] # this is the list of all the roles that were in the submitted # form submitted_roles = [a for (a, b) in request.params.items() if (b == u'submitted')] # from this we can make a dictionary of the desired states # i.e. true for the ticked boxes, false for the unticked desired_roles = {} for r in submitted_roles: desired_roles[r] = False for r in checked_roles: desired_roles[r] = True # again, in order to avoid either creating a role twice or # deleting one which is non-existent, we need to get the users' # current roles (if any) current_uors = model.Session.query(model.SystemRole).all() current_roles = [uor.role for uor in current_uors if (uor.user and uor.user.name == new_user)] user_object = model.User.by_name(new_user) if user_object is None: # The submitted user does not exist. Bail with flash # message h.flash_error(_('unknown user:') + str(new_user)) else: # Whenever our desired state is different from our # current state, change it. for (r, val) in desired_roles.items(): if val: if (r not in current_roles): model.add_user_to_role(user_object, r, model.System()) else: if (r in current_roles): model.remove_user_from_role(user_object, r, model.System()) h.flash_success(_("User Added")) # and finally commit all these changes to the database model.Session.commit()
def setup_class(self): search.clear() setup_test_search_index() super(OnsLoaderBase, self).setup_class() # make annafan a sysadmin to allow package creation rev = model.repo.new_revision() user = model.User.by_name(u'annafan') model.add_user_to_role(user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() # create test publishers rev = model.repo.new_revision() for name, title in publishers.items(): model.Session.add(model.Group(name=unicode(name), title=title, type='publisher')) model.repo.commit_and_remove()
def setup_class(self): search.clear() setup_test_search_index() super(OnsLoaderBase, self).setup_class() # make annafan a sysadmin to allow package creation rev = model.repo.new_revision() user = model.User.by_name(u'annafan') model.add_user_to_role(user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() # create test publishers rev = model.repo.new_revision() for name, title in publishers.items(): model.Session.add( model.Group(name=unicode(name), title=title, type='publisher')) model.repo.commit_and_remove()
def setup(self): model.repo.init_db() CreateTestData.create() self.package_name = u'formsapi' self.package_name_alt = u'formsapialt' self.package_name_alt2 = u'formsapialt2' self.apikey_header_name = config.get('apikey_header_name', 'X-CKAN-API-Key') self.user = self.get_user_by_name(u'tester') if not self.user: self.user = self.create_user(name=u'tester') self.user = self.get_user_by_name(u'tester') model.add_user_to_role(self.user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() self.extra_environ = {self.apikey_header_name: str(self.user.apikey)} self.create_package(name=self.package_name)
def setup(self): model.repo.init_db() CreateTestData.create() self.package_name = u'formsapi' self.package_name_alt = u'formsapialt' self.package_name_alt2 = u'formsapialt2' self.apikey_header_name = config.get('apikey_header_name', 'X-CKAN-API-Key') self.user = self.get_user_by_name(u'tester') if not self.user: self.user = self.create_user(name=u'tester') self.user = self.get_user_by_name(u'tester') model.add_user_to_role(self.user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() self.extra_environ = { self.apikey_header_name : str(self.user.apikey) } self.create_package(name=self.package_name)
def setup_class(self): model.repo.init_db() self.authorizer = authz.Authorizer() self.admin_role = model.Role.ADMIN self.editor_role = model.Role.EDITOR self.reader_role = model.Role.READER model.repo.new_revision() anna = model.Package(name=u'annakarenina') war = model.Package(name=u'warandpeace') mradmin = model.User(name=u'mradmin') mreditor = model.User(name=u'mreditor') mrreader = model.User(name=u'mrreader') tester = model.User(name=u'tester') anauthzgroup = model.AuthorizationGroup(name=u'anauthzgroup') for obj in [anna, war, mradmin, mreditor, mrreader, tester, anauthzgroup]: model.Session.add(obj) model.repo.commit_and_remove() anna = model.Package.by_name(u'annakarenina') tester = model.User.by_name(u'tester') model.add_user_to_role(tester, self.admin_role, anna) self.context = unicode(model.Package.__name__) ra1 = model.RoleAction(role=self.admin_role, context=self.context, action=model.Action.EDIT, ) ra2 = model.RoleAction(role=self.editor_role, context=self.context, action=model.Action.EDIT, ) ra3 = model.RoleAction(role=self.reader_role, context=self.context, action=model.Action.READ, ) for obj in [ra1, ra2, ra3]: model.Session.add(obj) model.repo.commit_and_remove() mradmin = model.User.by_name(u'mradmin') mreditor = model.User.by_name(u'mreditor') mrreader = model.User.by_name(u'mrreader') model.add_user_to_role(mradmin, self.admin_role, anna) model.add_user_to_role(mreditor, self.editor_role, anna) model.add_user_to_role(mrreader, self.reader_role, anna) model.repo.commit_and_remove() self.mradmin = model.User.by_name(u'mradmin') self.mreditor = model.User.by_name(u'mreditor') self.mrreader = model.User.by_name(u'mrreader') self.war = model.Package.by_name(u'warandpeace') self.anna = model.Package.by_name(u'annakarenina')
def setup_class(self): # for the authorization editing tests we set up test data so: # three users, sysadmin , administrator, and another # one authzgroup, one group, one package # and administrator is admin on all three # one extra authzgroup, authzgroup2, with no permissions to start with model.repo.init_db() model.repo.new_revision() self.sysadmin = 'sysadmin' sysadmin_user = model.User(name=unicode(self.sysadmin)) self.admin = 'administrator' admin_user = model.User(name=unicode(self.admin)) self.another = 'another' another_user = model.User(name=unicode(self.another)) self.authzgroup = 'authzgroup' authzgroup = model.AuthorizationGroup(name=unicode(self.authzgroup)) self.group = 'group' group = model.Group(name=unicode(self.group)) self.authzgroup2 = 'authzgroup2' authzgroup2 = model.AuthorizationGroup(name=unicode(self.authzgroup2)) for obj in sysadmin_user, admin_user, another_user, authzgroup, group, authzgroup2: model.Session.add(obj) model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() model.repo.new_revision() self.pkg = u'dataset' pkg = model.Package(name=self.pkg) model.Session.add(pkg) admin_user = model.User.by_name(unicode(self.admin)) assert admin_user # setup all three authorization objects to have logged in and visitor as editors, and the admin as admin model.setup_user_roles(pkg, ['editor'], ['editor'], [admin_user]) model.setup_user_roles(authzgroup, ['editor'], ['editor'], [admin_user]) model.setup_user_roles(group, ['editor'], ['editor'], [admin_user]) model.repo.commit_and_remove()
def setup_class(self): CreateTestData.create() model.repo.new_revision() model.Session.add(model.Package(name=u'testpkg')) model.Session.add(model.Package(name=u'testpkg2')) model.Session.add(model.Package(name=u'private_pkg')) model.Session.add(model.User(name=u'testadmin')) # Cannot setup testsysadmin user as it is alreade done in # the default test data. #model.Session.add(model.User(name=u'testsysadmin')) model.Session.add(model.User(name=u'notadmin')) model.Session.add(model.Group(name=u'testgroup')) model.Session.add(model.Group(name=u'testgroup2')) model.repo.commit_and_remove() model.repo.new_revision() pkg = model.Package.by_name(u'testpkg') pkg2 = model.Package.by_name(u'testpkg2') private_pkg = model.Package.by_name(u'private_pkg') pkg.add_relationship(u'depends_on', pkg2) pkg.add_relationship(u'depends_on', private_pkg) model.repo.commit_and_remove() pkg = model.Package.by_name(u'testpkg') grp = model.Group.by_name(u'testgroup') admin = model.User.by_name(u'testadmin') sysadmin = model.User.by_name(u'testsysadmin') notadmin = model.User.by_name(u'notadmin') model.add_user_to_role(admin, model.Role.ADMIN, pkg) model.add_user_to_role(admin, model.Role.ADMIN, grp) model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System()) model.add_user_to_role(notadmin, model.Role.READER, pkg) model.add_user_to_role(notadmin, model.Role.READER, pkg2) model.repo.commit_and_remove() self.authorizer = ckan.authz.Authorizer() self.pkg = model.Package.by_name(u'testpkg') self.pkg2 = model.Package.by_name(u'testpkg2') self.private_pkg = model.Package.by_name(u'private_pkg') self.grp = model.Group.by_name(u'testgroup') self.grp2 = model.Group.by_name(u'testgroup2') self.admin = model.User.by_name(u'testadmin') self.sysadmin = model.User.by_name(u'testsysadmin') self.notadmin = model.User.by_name(u'notadmin')
def add(self): from ckan import model if len(self.args) < 2: print "Need name of the user to be made sysadmin." return username = self.args[1] user = model.User.by_name(unicode(username)) if not user: print 'User "%s" not found' % username makeuser = raw_input("Create new user: %s? [y/n]" % username) if makeuser == "y": print ("Creating %s user" % username) user = model.User(name=unicode(username)) else: print "Exiting ..." return model.add_user_to_role(user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() print "Added %s as sysadmin" % username
def test_3_add_twice_remove_twice(self): tester = model.User.by_name(u'tester') war = model.Package.by_name(u'warandpeace') def tester_roles(): return [x.role \ for x in model.Session.query(model.PackageRole).all() \ if x.user and x.user.name=='tester' and x.package.name==u'warandpeace'] assert len(tester_roles()) == 0, "wrong number of roles for tester" model.add_user_to_role(tester, model.Role.ADMIN, war) model.repo.commit_and_remove() assert len(tester_roles()) == 1, "wrong number of roles for tester" model.add_user_to_role(tester, model.Role.ADMIN, war) model.repo.commit_and_remove() assert len(tester_roles()) == 1, "wrong number of roles for tester" model.remove_user_from_role(tester, model.Role.ADMIN, war) assert len(tester_roles()) == 0, "wrong number of roles for tester" model.remove_user_from_role(tester, model.Role.ADMIN, war) assert len(tester_roles()) == 0, "wrong number of roles for tester"
def setup_class(self): CreateTestData.create() model.repo.new_revision() model.Session.add(model.Package(name=u"testpkg")) model.Session.add(model.Package(name=u"testpkg2")) model.Session.add(model.User(name=u"testadmin")) model.Session.add(model.User(name=u"testsysadmin")) model.Session.add(model.User(name=u"notadmin")) model.Session.add(model.Group(name=u"testgroup")) model.Session.add(model.Group(name=u"testgroup2")) model.repo.commit_and_remove() pkg = model.Package.by_name(u"testpkg") grp = model.Group.by_name(u"testgroup") admin = model.User.by_name(u"testadmin") sysadmin = model.User.by_name(u"testsysadmin") model.add_user_to_role(admin, model.Role.ADMIN, pkg) model.add_user_to_role(admin, model.Role.ADMIN, grp) model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() self.authorizer = ckan.authz.Authorizer() self.pkg = model.Package.by_name(u"testpkg") self.pkg2 = model.Package.by_name(u"testpkg2") self.grp = model.Group.by_name(u"testgroup") self.grp2 = model.Group.by_name(u"testgroup2") self.admin = model.User.by_name(u"testadmin") self.sysadmin = model.User.by_name(u"testsysadmin") self.notadmin = model.User.by_name(u"notadmin")
def add(self): from ckan import model if len(self.args) < 2: print 'Need name of the user to be made sysadmin.' return username = self.args[1] user = model.User.by_name(unicode(username)) if not user: print 'User "%s" not found' % username makeuser = raw_input('Create new user: %s? [y/n]' % username) if makeuser == 'y': password = UserCmd.password_prompt() print('Creating %s user' % username) user = model.User(name=unicode(username), password=password) else: print 'Exiting ...' return model.add_user_to_role(user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() print 'Added %s as sysadmin' % username
def set_roles(self, user_name, drupal_roles): '''Sets CKAN user roles based on the drupal roles. Restricted to sysadmin. Publishing roles initially imported during migration from Drupal. Example drupal_roles: ['package admin', 'publisher admin', 'authenticated user', 'publishing user'] where sysadmin roles are: 3 'administrator' - total control 11 'package admin' - admin of datasets 'publisher admin' - admin of publishers other roles: 'publishing user' - anyone who has registered - includes spammers ''' from ckan import model from ckan.authz import Authorizer needs_commit = False user = model.User.by_name(user_name) # Sysadmin or not log.debug('User roles in Drupal: %r', drupal_roles) should_be_sysadmin = bool( set(('administrator', 'package admin', 'publisher admin')) & set(drupal_roles)) is_sysadmin = Authorizer().is_sysadmin(user) if should_be_sysadmin and not is_sysadmin: # Make user a sysadmin model.add_user_to_role(user, model.Role.ADMIN, model.System()) log.info('User made a sysadmin: %s', user_name) needs_commit = True elif not should_be_sysadmin and is_sysadmin: # Stop user being a sysadmin model.remove_user_from_role(user, model.Role.ADMIN, model.System()) log.info('User now not a sysadmin: %s', user_name) needs_commit = True if needs_commit: model.repo.commit_and_remove()
def test_4_admin_deletes_role(self): group = model.Group.by_name(self.groupname) # create a role to be deleted model.add_user_to_role(model.User.by_name(u'logged_in'), model.Role.READER, group) model.repo.commit_and_remove() group = model.Group.by_name(self.groupname) num_roles_start = len(group.roles) # make sure not admin pr_id = [ r for r in group.roles if r.user.name != self.admin ][0].id offset = url_for(controller='group', action='authz', id=self.groupname, role_to_delete=pr_id) # need this here as o/w conflicts over session binding model.Session.remove() res = self.app.get(offset, extra_environ={'REMOTE_USER': self.admin}) assert 'Deleted role' in res, res assert 'error' not in res, res group = model.Group.by_name(self.groupname) assert len(group.roles) == num_roles_start - 1 assert model.Session.query(model.GroupRole).filter_by(id=pr_id).count() == 0
def setup(self): # Add sysadmin user harvest_user = model.User(name=u'harvest', password=u'test') model.add_user_to_role(harvest_user, model.Role.ADMIN, model.System()) Session.add(harvest_user) Session.commit() package_schema = default_update_package_schema() self.context = { 'model': model, 'session': Session, 'user': u'harvest', 'schema': package_schema, 'api_version': '2' } if config.get('ckan.harvest.auth.profile') == u'publisher': # Create a publisher user rev = model.repo.new_revision() self.publisher_user = model.User(name=u'test-publisher-user', password=u'test') self.publisher = model.Group(name=u'test-publisher', title=u'Test Publihser', type=u'publisher') Session.add(self.publisher_user) Session.add(self.publisher) Session.commit() member = model.Member(table_name='user', table_id=self.publisher_user.id, group=self.publisher, capacity='admin') Session.add(member) Session.commit()
def setup_class(self): CreateTestData.create() q = model.Session.query(model.UserObjectRole).filter( sa.or_(model.UserObjectRole.role == Role.EDITOR, model.UserObjectRole.role == Role.ANON_EDITOR, model.UserObjectRole.role == Role.READER)) q = q.filter( model.UserObjectRole.user == model.User.by_name(u"visitor")) for role in q: model.Session.delete(role) model.repo.commit_and_remove() model.repo.new_revision() model.Session.add(model.Package(name=u'testpkg')) model.Session.add(model.Package(name=u'testpkg2')) model.Session.add(model.User(name=u'testadmin')) # Cannot setup testsysadmin user as it is alreade done in # the default test data. #model.Session.add(model.User(name=u'testsysadmin')) model.Session.add(model.User(name=u'notadmin')) model.Session.add(model.Group(name=u'testgroup')) model.Session.add(model.Group(name=u'testgroup2')) model.repo.commit_and_remove() pkg = model.Package.by_name(u'testpkg') grp = model.Group.by_name(u'testgroup') admin = model.User.by_name(u'testadmin') sysadmin = model.User.by_name(u'testsysadmin') model.add_user_to_role(admin, model.Role.ADMIN, pkg) model.add_user_to_role(admin, model.Role.ADMIN, grp) model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() self.authorizer = ckan.authz.Authorizer() self.pkg = model.Package.by_name(u'testpkg') self.pkg2 = model.Package.by_name(u'testpkg2') self.grp = model.Group.by_name(u'testgroup') self.grp2 = model.Group.by_name(u'testgroup2') self.admin = model.User.by_name(u'testadmin') self.sysadmin = model.User.by_name(u'testsysadmin') self.notadmin = model.User.by_name(u'notadmin')
def _create_user(self): harvest_user = model.User(name=u'harvest', password=u'test') model.add_user_to_role(harvest_user, model.Role.ADMIN, model.System()) model.Session.add(harvest_user) model.Session.commit()
def _add_user_object_role(self, users_or_authz_groups, current_uors, domain_object): ''' current_uors: in order to avoid either creating a role twice or deleting one which is non-existent, we need to get the users' current roles (if any) ''' # The user is attempting to set new roles for a named user new_user = request.params.get('new_user_name') # this is the list of roles whose boxes were ticked checked_roles = [ a for (a,b) in request.params.items() if (b == u'on')] # this is the list of all the roles that were in the submitted form submitted_roles = [ a for (a,b) in request.params.items() if (b == u'submitted')] # from this we can make a dictionary of the desired states # i.e. true for the ticked boxes, false for the unticked desired_roles = {} for r in submitted_roles: desired_roles[r]=False for r in checked_roles: desired_roles[r]=True if users_or_authz_groups=='users': current_roles = [uor.role for uor in current_uors if ( uor.user and uor.user.name == new_user )] user_object = model.User.by_name(new_user) if user_object==None: # The submitted user does not exist. Bail with flash message h.flash_error(_('unknown user:'******'authz_groups': current_roles = [uor.role for uor in current_uors if ( uor.authorized_group and uor.authorized_group.name == new_user )] user_object = model.AuthorizationGroup.by_name(new_user) if user_object==None: # The submitted user does not exist. Bail with flash message h.flash_error(_('unknown authorization group:') + str (new_user)) else: # Whenever our desired state is different from our current state, change it. for (r,val) in desired_roles.items(): if val: if (r not in current_roles): model.add_authorization_group_to_role(user_object, r, domain_object) else: if (r in current_roles): model.remove_authorization_group_from_role(user_object, r, domain_object) h.flash_success(_("Authorization Group Added")) else: assert False, "shouldn't be here" # and finally commit all these changes to the database model.repo.commit_and_remove()
def _update_user_object_roles(self, users_or_authz_groups, current_uors, domain_object): '''Update user object roles for this object. :param domain_object: the domain object for whom we are adding the user object role. ''' # The permissions grid has been saved # which is a grid of checkboxes named user$role rpi = request.params.items() # The grid passes us a list of the users/roles that were displayed submitted = [ a for (a,b) in rpi if (b == u'submitted')] # and also those which were checked checked = [ a for (a,b) in rpi if (b == u'on')] # from which we can deduce true/false for each user/role combination # that was displayed in the form table_dict={} for a in submitted: table_dict[a]=False for a in checked: table_dict[a]=True # now we'll split up the user$role strings to make a dictionary from # (user,role) to True/False, which tells us what we need to do. new_user_role_dict={} for (ur,val) in table_dict.items(): u,r = ur.split('$') new_user_role_dict[(u,r)] = val if users_or_authz_groups=='users': current_users_roles = [( uor.user.name, uor.role) for uor in current_uors if uor.user] elif users_or_authz_groups=='authz_groups': current_users_roles = [( uor.authorized_group.name, uor.role) for uor in current_uors if uor.authorized_group] else: assert False, "shouldn't be here" current_user_role_dict={} for (u,r) in current_users_roles: current_user_role_dict[(u,r)]=True # and now we can loop through our dictionary of desired states # checking whether a change needs to be made, and if so making it # Here we check whether someone is already assigned a role, in order # to avoid assigning it twice, or attempting to delete it when it # doesn't exist. Otherwise problems can occur. if users_or_authz_groups=='users': for ((u,r), val) in new_user_role_dict.items(): if val: if not ((u,r) in current_user_role_dict): model.add_user_to_role(model.User.by_name(u),r,domain_object) else: if ((u,r) in current_user_role_dict): model.remove_user_from_role(model.User.by_name(u),r,domain_object) elif users_or_authz_groups=='authz_groups': for ((u,r), val) in new_user_role_dict.items(): if val: if not ((u,r) in current_user_role_dict): model.add_authorization_group_to_role(model.AuthorizationGroup.by_name(u),r,domain_object) else: if ((u,r) in current_user_role_dict): model.remove_authorization_group_from_role(model.AuthorizationGroup.by_name(u),r,domain_object) else: assert False, "shouldn't be here" # finally commit the change to the database model.repo.commit_and_remove() h.flash_success(_("Changes Saved"))
def create(cls, auth_profile="", package_type=None): model.Session.remove() rev = model.repo.new_revision() # same name as user we create below rev.author = cls.author rev.message = u'''Creating test data. * Package: annakarenina * Package: warandpeace * Associated tags, etc etc ''' if auth_profile == "publisher": organization_group = model.Group(name=u"organization_group", type="organization") cls.pkg_names = [u'annakarenina', u'warandpeace'] pkg1 = model.Package(name=cls.pkg_names[0], type=package_type) if auth_profile == "publisher": pkg1.group = organization_group model.Session.add(pkg1) pkg1.title = u'A Novel By Tolstoy' pkg1.version = u'0.7a' pkg1.url = u'http://www.annakarenina.com' # put an & in the url string to test escaping if 'alt_url' in model.Resource.get_extra_columns(): configured_extras = ({ 'alt_url': u'alt123' }, { 'alt_url': u'alt345' }) else: configured_extras = ({}, {}) pr1 = model.Resource( url=u'http://www.annakarenina.com/download/x=1&y=2', format=u'plain text', description=u'Full text. Needs escaping: " Umlaut: \xfc', hash=u'abc123', extras={'size_extra': u'123'}, **configured_extras[0]) pr2 = model.Resource(url=u'http://www.annakarenina.com/index.json', format=u'json', description=u'Index of the novel', hash=u'def456', extras={'size_extra': u'345'}, **configured_extras[1]) model.Session.add(pr1) model.Session.add(pr2) pkg1.resource_groups_all[0].resources_all.append(pr1) pkg1.resource_groups_all[0].resources_all.append(pr2) pkg1.notes = u'''Some test notes ### A 3rd level heading **Some bolded text.** *Some italicized text.* Foreign characters: u with umlaut \xfc 66-style quote \u201c foreign word: th\xfcmb Needs escaping: left arrow < <http://ckan.net/> ''' pkg2 = model.Package(name=cls.pkg_names[1], type=package_type) tag1 = model.Tag(name=u'russian') tag2 = model.Tag(name=u'tolstoy') if auth_profile == "publisher": pkg2.group = organization_group # Flexible tag, allows spaces, upper-case, # and all punctuation except commas tag3 = model.Tag(name=u'Flexible \u30a1') for obj in [pkg2, tag1, tag2, tag3]: model.Session.add(obj) pkg1.add_tags([tag1, tag2, tag3]) pkg2.add_tags([tag1, tag3]) cls.tag_names = [t.name for t in (tag1, tag2, tag3)] pkg1.license_id = u'other-open' pkg2.license_id = u'cc-nc' # closed license pkg2.title = u'A Wonderful Story' pkg1.extras = {u'genre': 'romantic novel', u'original media': 'book'} # group david = model.Group(name=u'david', title=u'Dave\'s books', description=u'These are books that David likes.', type=auth_profile or 'group') roger = model.Group(name=u'roger', title=u'Roger\'s books', description=u'Roger likes these books.', type=auth_profile or 'group') for obj in [david, roger]: model.Session.add(obj) cls.group_names.add(u'david') cls.group_names.add(u'roger') model.Session.flush() model.Session.add( model.Member(table_id=pkg1.id, table_name='package', group=david)) model.Session.add( model.Member(table_id=pkg2.id, table_name='package', group=david)) model.Session.add( model.Member(table_id=pkg1.id, table_name='package', group=roger)) # authz sysadmin = model.User(name=u'testsysadmin', password=u'testsysadmin') sysadmin.sysadmin = True model.Session.add_all([ model.User(name=u'tester', apikey=u'tester', password=u'tester'), model.User(name=u'joeadmin', password=u'joeadmin'), model.User( name=u'annafan', about=u'I love reading Annakarenina. My site: http://anna.com', password=u'annafan'), model.User(name=u'russianfan', password=u'russianfan'), sysadmin, ]) cls.user_refs.extend([ u'tester', u'joeadmin', u'annafan', u'russianfan', u'testsysadmin' ]) model.repo.commit_and_remove() visitor = model.User.by_name(model.PSEUDO_USER__VISITOR) anna = model.Package.by_name(u'annakarenina') war = model.Package.by_name(u'warandpeace') annafan = model.User.by_name(u'annafan') russianfan = model.User.by_name(u'russianfan') model.setup_default_user_roles(anna, [annafan]) model.setup_default_user_roles(war, [russianfan]) model.add_user_to_role(visitor, model.Role.ADMIN, war) david = model.Group.by_name(u'david') roger = model.Group.by_name(u'roger') model.setup_default_user_roles(david, [russianfan]) model.setup_default_user_roles(roger, [russianfan]) model.add_user_to_role(visitor, model.Role.ADMIN, roger) model.repo.commit_and_remove()
def setup_class(self): model.Session.remove() CreateTestData.create() model.Session.remove() self.authorizer = authz.Authorizer() self.admin_role = model.Role.ADMIN self.editor_role = model.Role.EDITOR self.reader_role = model.Role.READER john = model.User(name=u'john') model.Session.add(john) # setup annakarenina with default roles anna = model.Package.by_name(u'annakarenina') model.clear_user_roles(anna) annakarenina_creator = model.User(name=u'annakarenina_creator') model.Session.add(annakarenina_creator) model.repo.commit_and_remove() model.setup_default_user_roles(anna, [annakarenina_creator]) model.repo.commit_and_remove() # setup warandpeace with no roles war = model.Package.by_name(u'warandpeace') model.clear_user_roles(war) # setup restricted package - visitors can't change restricted = model.Package(name=u'restricted') vrestricted = model.Package(name=u'vrestricted') mreditor = model.User(name=u'mreditor') mrreader = model.User(name=u'mrreader') self.mrsysadmin = u'mrsysadmin' mrsysadmin = model.User(name=self.mrsysadmin) model.repo.new_revision() model.Session.add_all( [restricted, vrestricted, mreditor, mrreader, mrsysadmin]) model.repo.commit_and_remove() visitor_roles = [] logged_in_roles = [model.Role.EDITOR, model.Role.READER] logged_in_roles_v = [] restricted = model.Package.by_name(u'restricted') vrestricted = model.Package.by_name(u'vrestricted') model.setup_user_roles(restricted, visitor_roles, logged_in_roles) model.setup_user_roles(vrestricted, visitor_roles, logged_in_roles_v) model.repo.commit_and_remove() mreditor = model.User.by_name(u'mreditor') model.add_user_to_role(mreditor, model.Role.EDITOR, restricted) mrsysadmin = model.User.by_name(u'mrsysadmin') model.add_user_to_role(mrsysadmin, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() self.mreditor = model.User.by_name(u'mreditor') self.mrreader = model.User.by_name(u'mrreader') self.annakarenina_creator = model.User.by_name(u'annakarenina_creator') self.logged_in = model.User.by_name(model.PSEUDO_USER__LOGGED_IN) self.visitor = model.User.by_name(model.PSEUDO_USER__VISITOR) self.john = model.User.by_name(u'john') self.war = model.Package.by_name(u'warandpeace') self.anna = model.Package.by_name(u'annakarenina') self.restricted = model.Package.by_name(u'restricted') self.vrestricted = model.Package.by_name(u'vrestricted')