def test_showcase_admin_list_correct_creds(self):
     '''
     Calling showcase admin list by a sysadmin doesn't raise
     NotAuthorized.
     '''
     a_sysadmin = factories.Sysadmin()
     context = {'user': a_sysadmin['name'], 'model': None}
     helpers.call_auth('ckanext_showcase_admin_list', context=context)
Esempio n. 2
0
 def test_showcase_admin_list_correct_creds(self):
     '''
     Calling showcase admin list by a sysadmin doesn't raise
     NotAuthorized.
     '''
     a_sysadmin = factories.Sysadmin()
     context = {'user': a_sysadmin['name'], 'model': None}
     helpers.call_auth('ckanext_showcase_admin_list', context=context)
 def test_showcase_package_association_delete_sysadmin(self):
     '''
     Calling showcase package association create by a sysadmin doesn't
     raise NotAuthorized.
     '''
     a_sysadmin = factories.Sysadmin()
     context = {'user': a_sysadmin['name'], 'model': None}
     helpers.call_auth('ckanext_showcase_package_association_delete',
                       context=context)
Esempio n. 4
0
 def test_showcase_package_association_delete_sysadmin(self):
     '''
     Calling showcase package association create by a sysadmin doesn't
     raise NotAuthorized.
     '''
     a_sysadmin = factories.Sysadmin()
     context = {'user': a_sysadmin['name'], 'model': None}
     helpers.call_auth('ckanext_showcase_package_association_delete',
                       context=context)
    def test_showcase_package_association_delete_showcase_admin(self):
        '''
        Calling showcase package association create by a showcase admin
        doesn't raise NotAuthorized.
        '''
        showcase_admin = factories.User()

        # Make user a showcase admin
        helpers.call_action('ckanext_showcase_admin_add', context={},
                            username=showcase_admin['name'])

        context = {'user': showcase_admin['name'], 'model': None}
        helpers.call_auth('ckanext_showcase_package_association_delete',
                          context=context)
Esempio n. 6
0
    def test_showcase_package_association_delete_showcase_admin(self):
        '''
        Calling showcase package association create by a showcase admin
        doesn't raise NotAuthorized.
        '''
        showcase_admin = factories.User()

        # Make user a showcase admin
        helpers.call_action('ckanext_showcase_admin_add',
                            context={},
                            username=showcase_admin['name'])

        context = {'user': showcase_admin['name'], 'model': None}
        helpers.call_auth('ckanext_showcase_package_association_delete',
                          context=context)
Esempio n. 7
0
    def test_user_update_with_no_user_in_context(self):

        # Make a mock ckan.model.User object.
        mock_user = factories.MockUser(name='fred')

        # Make a mock ckan.model object.
        mock_model = mock.MagicMock()
        # model.User.get(user_id) should return our mock user.
        mock_model.User.get.return_value = mock_user

        # Put the mock model in the context.
        # This is easier than patching import ckan.model.
        context = {'model': mock_model}

        # For this test we're going to have no 'user' in the context.
        context['user'] = None

        params = {
            'id': mock_user.id,
            'name': 'updated_user_name',
        }
        result = helpers.call_auth('user_update', context=context, **params)

        assert result['success'] is False
        # FIXME: Be nice if this error message was a complete sentence.
        assert result['msg'] == 'Have to be logged in to edit user'
Esempio n. 8
0
    def test_user_update_user_cannot_update_another_user(self):
        '''Users should not be able to update other users' accounts.'''

        # 1. Setup.

        # Make a mock ckan.model.User object, Fred.
        fred = factories.MockUser(name='fred')

        # Make a mock ckan.model object.
        mock_model = mock.MagicMock()
        # model.User.get(user_id) should return Fred.
        mock_model.User.get.return_value = fred

        # Put the mock model in the context.
        # This is easier than patching import ckan.model.
        context = {'model': mock_model}

        # The logged-in user is going to be Bob, not Fred.
        context['user'] = '******'

        # 2. Call the function that's being tested, once only.

        # Make Bob try to update Fred's user account.
        params = {
            'id': fred.id,
            'name': 'updated_user_name',
        }
        result = helpers.call_auth('user_update', context=context, **params)

        # 3. Make assertions about the return value and/or side-effects.

        assert result['success'] is False
        # FIXME: This error message should contain Fred's user name not his id.
        assert result['msg'] == ('User bob not authorized to edit user '
                                 'fred_user_id')
Esempio n. 9
0
    def test_user_update_user_can_update_herself(self):
        '''Users should be authorized to update their own accounts.'''

        # Make a mock ckan.model.User object, Fred.
        fred = factories.MockUser(name='fred')

        # Make a mock ckan.model object.
        mock_model = mock.MagicMock()
        # model.User.get(user_id) should return our mock user.
        mock_model.User.get.return_value = fred

        # Put the mock model in the context.
        # This is easier than patching import ckan.model.
        context = {'model': mock_model}

        # The 'user' in the context has to match fred.name, so that the
        # auth function thinks that the user being updated is the same user as
        # the user who is logged-in.
        context['user'] = fred.name

        # Make Fred try to update his own user name.
        params = {
            'id': fred.id,
            'name': 'updated_user_name',
        }

        result = helpers.call_auth('user_update', context=context, **params)
        assert result is True
Esempio n. 10
0
    def test_user_update_visitor_cannot_update_user(self):
        '''Visitors should not be able to update users' accounts.'''

        # Make a mock ckan.model.User object, Fred.
        fred = factories.MockUser(name='fred')

        # Make a mock ckan.model object.
        mock_model = mock.MagicMock()
        # model.User.get(user_id) should return Fred.
        mock_model.User.get.return_value = fred

        # Put the mock model in the context.
        # This is easier than patching import ckan.model.
        context = {'model': mock_model}

        # No user is going to be logged-in.
        context['user'] = '******'

        # Make the visitor try to update Fred's user account.
        params = {
            'id': fred.id,
            'name': 'updated_user_name',
        }
        result = helpers.call_auth('user_update', context=context, **params)

        assert result['success'] is False
        # FIXME: This is a terrible error message, containing both 127.0.0.1
        # and Fred's user id (not his name).
        assert result['msg'] == ('User 127.0.0.1 not authorized to edit user '
                                 'fred_user_id')
Esempio n. 11
0
    def test_user_update_with_no_user_in_context(self):

        # Make a mock ckan.model.User object.
        mock_user = factories.MockUser(name='fred')

        # Make a mock ckan.model object.
        mock_model = mock.MagicMock()
        # model.User.get(user_id) should return our mock user.
        mock_model.User.get.return_value = mock_user

        # Put the mock model in the context.
        # This is easier than patching import ckan.model.
        context = {'model': mock_model}

        # For this test we're going to have no 'user' in the context.
        context['user'] = None

        params = {
            'id': mock_user.id,
            'name': 'updated_user_name',
        }
        result = helpers.call_auth('user_update', context=context, **params)

        assert result['success'] is False
        # FIXME: Be nice if this error message was a complete sentence.
        assert result['msg'] == 'Have to be logged in to edit user'
Esempio n. 12
0
    def test_dataset_owner_can_delete_issue(self):
        user = factories.User()
        org = factories.Organization(user=user)
        dataset = factories.Dataset(owner_org=org['name'])
        issue = issue_factories.Issue(user=user,
                                      user_id=user['id'],
                                      dataset_id=dataset['id'])

        context = {
            'user': user['name'],
            'auth_user_obj': user,
            'model': model,
            'session': model.Session,
        }
        helpers.call_auth('issue_delete', context, issue_id=issue['id'],
                          dataset_id=dataset['id'])
Esempio n. 13
0
    def test_user_update_user_cannot_update_another_user(self):
        '''Users should not be able to update other users' accounts.'''

        # 1. Setup.

        # Make a mock ckan.model.User object, Fred.
        fred = factories.MockUser(name='fred')

        # Make a mock ckan.model object.
        mock_model = mock.MagicMock()
        # model.User.get(user_id) should return Fred.
        mock_model.User.get.return_value = fred

        # Put the mock model in the context.
        # This is easier than patching import ckan.model.
        context = {'model': mock_model}

        # The logged-in user is going to be Bob, not Fred.
        context['user'] = '******'

        # 2. Call the function that's being tested, once only.

        # Make Bob try to update Fred's user account.
        params = {
            'id': fred.id,
            'name': 'updated_user_name',
        }
        result = helpers.call_auth('user_update', context=context, **params)

        # 3. Make assertions about the return value and/or side-effects.

        assert result['success'] is False
        # FIXME: This error message should contain Fred's user name not his id.
        assert result['msg'] == ('User bob not authorized to edit user '
                                 'fred_user_id')
Esempio n. 14
0
    def test_user_update_user_can_update_herself(self):
        '''Users should be authorized to update their own accounts.'''

        # Make a mock ckan.model.User object, Fred.
        fred = factories.MockUser(name='fred')

        # Make a mock ckan.model object.
        mock_model = mock.MagicMock()
        # model.User.get(user_id) should return our mock user.
        mock_model.User.get.return_value = fred

        # Put the mock model in the context.
        # This is easier than patching import ckan.model.
        context = {'model': mock_model}

        # The 'user' in the context has to match fred.name, so that the
        # auth function thinks that the user being updated is the same user as
        # the user who is logged-in.
        context['user'] = fred.name

        # Make Fred try to update his own user name.
        params = {
            'id': fred.id,
            'name': 'updated_user_name',
        }
        result = helpers.call_auth('user_update', context=context, **params)

        assert result['success'] is True
Esempio n. 15
0
    def test_user_update_visitor_cannot_update_user(self):
        '''Visitors should not be able to update users' accounts.'''

        # Make a mock ckan.model.User object, Fred.
        fred = factories.MockUser(name='fred')

        # Make a mock ckan.model object.
        mock_model = mock.MagicMock()
        # model.User.get(user_id) should return Fred.
        mock_model.User.get.return_value = fred

        # Put the mock model in the context.
        # This is easier than patching import ckan.model.
        context = {'model': mock_model}

        # No user is going to be logged-in.
        context['user'] = '******'

        # Make the visitor try to update Fred's user account.
        params = {
            'id': fred.id,
            'name': 'updated_user_name',
        }
        result = helpers.call_auth('user_update', context=context, **params)

        assert result['success'] is False
        # FIXME: This is a terrible error message, containing both 127.0.0.1
        # and Fred's user id (not his name).
        assert result['msg'] == ('User 127.0.0.1 not authorized to edit user '
                                 'fred_user_id')
Esempio n. 16
0
 def test_any_user_can_report_an_issue(object):
     user = factories.User()
     context = {
         'user': user['name'],
         'model': model,
     }
     assert_true(helpers.call_auth('issue_report', context=context))
Esempio n. 17
0
    def test_sysadmin_user_can_clear(self):
        user = factories.User(sysadmin=True)

        context = {'user': user['name'], 'model': model}
        response = helpers.call_auth('resource_view_clear', context=context)

        assert_equals(response, True)
Esempio n. 18
0
 def test_any_user_can_report_spam(object):
     user = factories.User()
     context = {
         'user': user['name'],
         'model': model,
     }
     assert_true(helpers.call_auth('issue_report_spam', context=context))
Esempio n. 19
0
    def test_dataset_owner_can_delete_issue(self):
        user = factories.User()
        org = factories.Organization(user=user)
        dataset = factories.Dataset(owner_org=org['name'])
        issue = issue_factories.Issue(user=user,
                                      user_id=user['id'],
                                      dataset_id=dataset['id'])

        context = {
            'user': user['name'],
            'auth_user_obj': user,
            'model': model,
            'session': model.Session,
        }
        helpers.call_auth('issue_delete',
                          context,
                          issue_id=issue['id'],
                          dataset_id=dataset['id'])
Esempio n. 20
0
    def test_group_show__deleted_group_is_visible_to_its_member(self):

        fred = factories.User(name='fred')
        org = factories.Group(users=[fred])
        context = {'model': model}
        context['user'] = '******'

        ret = helpers.call_auth('group_show', context=context, id=org['name'])
        assert ret
Esempio n. 21
0
    def test_group_show__deleted_group_is_visible_to_its_member(self):

        fred = factories.User(name='fred')
        org = factories.Group(users=[fred])
        context = {'model': model}
        context['user'] = '******'

        ret = helpers.call_auth('group_show', context=context,
                                id=org['name'])
        assert ret
Esempio n. 22
0
    def test_group_show__deleted_org_is_visible_to_its_member(self):

        fred = factories.User(name='fred')
        fred['capacity'] = 'editor'
        org = factories.Organization(users=[fred])
        context = {'model': model}
        context['user'] = '******'

        ret = helpers.call_auth('group_show', context=context, id=org['name'])
        assert ret
Esempio n. 23
0
    def test_authorized_if_user_has_permissions_on_dataset(self):

        user = factories.User()

        dataset = factories.Dataset(user=user)

        context = {'user': user['name'], 'model': core_model}
        response = helpers.call_auth('package_create_default_resource_views',
                                     context=context, package=dataset)
        assert_equals(response, True)
Esempio n. 24
0
    def test_sysadmin_is_authorized(self):

        sysadmin = factories.Sysadmin()

        resource = {'title': 'Resource', 'url': 'http://test', 'format': 'csv'}

        context = {'user': sysadmin['name'], 'model': core_model}
        response = helpers.call_auth('resource_create',
                                     context=context,
                                     **resource)
        assert_equals(response, True)
Esempio n. 25
0
    def test_authorized_if_user_has_permissions_on_dataset(self):

        user = factories.User()

        dataset = factories.Dataset(user=user)

        context = {'user': user['name'], 'model': core_model}
        response = helpers.call_auth('package_create_default_resource_views',
                                     context=context,
                                     package=dataset)
        assert_equals(response, True)
Esempio n. 26
0
    def test_group_show__deleted_org_is_visible_to_its_member(self):

        fred = factories.User(name='fred')
        fred['capacity'] = 'editor'
        org = factories.Organization(users=[fred])
        context = {'model': model}
        context['user'] = '******'

        ret = helpers.call_auth('group_show', context=context,
                                id=org['name'])
        assert ret
Esempio n. 27
0
    def test_package_show__deleted_dataset_is_visible_to_editor(self):

        fred = factories.User(name='fred')
        fred['capacity'] = 'editor'
        org = factories.Organization(users=[fred])
        dataset = factories.Dataset(owner_org=org['id'], state='deleted')
        context = {'model': model}
        context['user'] = '******'

        ret = helpers.call_auth('package_show', context=context,
                                id=dataset['name'])
        assert ret
Esempio n. 28
0
    def test_sysadmin_is_authorized(self):

        sysadmin = factories.Sysadmin()

        resource = {'title': 'Resource',
                    'url': 'http://test',
                    'format': 'csv'}

        context = {'user': sysadmin['name'], 'model': core_model}
        response = helpers.call_auth('resource_create',
                                     context=context, **resource)
        assert_equals(response, True)
Esempio n. 29
0
    def test_package_show__deleted_dataset_is_visible_to_editor(self):

        fred = factories.User(name='fred')
        fred['capacity'] = 'editor'
        org = factories.Organization(users=[fred])
        dataset = factories.Dataset(owner_org=org['id'], state='deleted')
        context = {'model': model}
        context['user'] = '******'

        ret = helpers.call_auth('package_show',
                                context=context,
                                id=dataset['name'])
        assert ret
Esempio n. 30
0
    def test_user_generate_own_apikey(self):
        fred = factories.MockUser(name='fred')
        mock_model = mock.MagicMock()
        mock_model.User.get.return_value = fred
        # auth_user_obj shows user as logged in for non-anonymous auth
        # functions
        context = {'model': mock_model, 'auth_user_obj': fred}
        context['user'] = fred.name
        params = {
            'id': fred.id,
        }

        result = helpers.call_auth('user_generate_apikey', context=context,
                                   **params)
        assert result is True
Esempio n. 31
0
    def test_user_generate_own_apikey(self):
        fred = factories.MockUser(name='fred')
        mock_model = mock.MagicMock()
        mock_model.User.get.return_value = fred
        # auth_user_obj shows user as logged in for non-anonymous auth
        # functions
        context = {'model': mock_model, 'auth_user_obj': fred}
        context['user'] = fred.name
        params = {
            'id': fred.id,
        }

        result = helpers.call_auth('user_generate_apikey', context=context,
                                   **params)
        assert result is True
Esempio n. 32
0
    def test_authorized_if_user_has_permissions_on_dataset(self):

        user = factories.User()

        dataset = factories.Dataset(user=user)

        resource = {'package_id': dataset['id'],
                    'title': 'Resource',
                    'url': 'http://test',
                    'format': 'csv'}

        context = {'user': user['name'], 'model': core_model}
        response = helpers.call_auth('resource_create',
                                     context=context, **resource)
        assert_equals(response, True)
    def test_issue_owner_can_update_issue(self):
        issue_owner = factories.User()
        org = factories.Organization()
        dataset = factories.Dataset(owner_org=org['name'])
        issue = issue_factories.Issue(user=issue_owner,
                                      user_id=issue_owner['id'],
                                      dataset_id=dataset['id'])

        context = {
            'user': issue_owner['name'],
            'model': model,
        }
        assert_true(helpers.call_auth('issue_update', context, id=issue['id'],
                                      dataset_id=dataset['id'],
                                      status='open'))
Esempio n. 34
0
    def test_authorized_if_user_has_permissions_on_dataset(self):

        user = factories.User()

        dataset = factories.Dataset(user=user)

        resource = {'package_id': dataset['id'],
                    'title': 'Resource',
                    'url': 'http://test',
                    'format': 'csv'}

        context = {'user': user['name'], 'model': core_model}
        response = helpers.call_auth('resource_create',
                                     context=context, **resource)
        assert_equals(response, True)
Esempio n. 35
0
    def test_user_invite_delegates_correctly_to_group_member_create(self, gmc):
        user = factories.User()
        context = {'user': user['name'], 'model': None, 'auth_user_obj': user}
        data_dict = {'group_id': 42}

        gmc.return_value = {'success': False}
        nose.tools.assert_raises(logic.NotAuthorized,
                                 helpers.call_auth,
                                 'user_invite',
                                 context=context,
                                 **data_dict)

        gmc.return_value = {'success': True}
        result = helpers.call_auth('user_invite', context=context, **data_dict)
        assert result is True
    def test_org_editor_can_update_an_issue(self):
        org_editor = factories.User()
        org = factories.Organization()
        helpers.call_action('member_create', object=org_editor['name'],
                            id=org['id'], object_type='user',
                            capacity='editor')
        dataset = factories.Dataset(owner_org=org['name'], private=True)
        user = helpers.call_action('get_site_user')
        issue = issue_factories.Issue(user=user, dataset_id=dataset['id'])

        context = {
            'user': org_editor['name'],
            'model': model,
        }
        assert_true(helpers.call_auth('issue_update', context,
                                      dataset_id=dataset['id']))
Esempio n. 37
0
    def test_user_invite_delegates_correctly_to_group_member_create(self, gmc):
        user = factories.User()
        context = {
            'user': user['name'],
            'model': None,
            'auth_user_obj': user
        }
        data_dict = {'group_id': 42}

        gmc.return_value = {'success': False}
        nose.tools.assert_raises(logic.NotAuthorized, helpers.call_auth,
                                 'user_invite', context=context, **data_dict)

        gmc.return_value = {'success': True}
        result = helpers.call_auth('user_invite', context=context, **data_dict)
        assert result is True
Esempio n. 38
0
    def test_authorized_if_user_has_permissions_on_dataset(self):

        user = factories.User()

        dataset = factories.Dataset(user=user)

        resource = factories.Resource(user=user, package_id=dataset['id'])

        resource_view = {'resource_id': resource['id'],
                         'title': u'Resource View',
                         'view_type': u'image_view',
                         'image_url': 'url'}

        context = {'user': user['name'], 'model': core_model}
        response = helpers.call_auth('resource_view_create',
                                     context=context, **resource_view)
        assert_equals(response, True)
Esempio n. 39
0
    def test_authorized_if_user_has_permissions_on_dataset(self):

        user = factories.User()

        dataset = factories.Dataset(user=user)

        resource = factories.Resource(user=user, package_id=dataset['id'])

        resource_view = {'resource_id': resource['id'],
                         'title': u'Resource View',
                         'view_type': u'image_view',
                         'image_url': 'url'}

        context = {'user': user['name'], 'model': core_model}
        response = helpers.call_auth('resource_view_create',
                                     context=context, **resource_view)
        assert_equals(response, True)
Esempio n. 40
0
    def test_issue_owner_can_update_issue(self):
        issue_owner = factories.User()
        org = factories.Organization()
        dataset = factories.Dataset(owner_org=org['name'])
        issue = issue_factories.Issue(user=issue_owner,
                                      user_id=issue_owner['id'],
                                      dataset_id=dataset['id'])

        context = {
            'user': issue_owner['name'],
            'model': model,
        }
        assert_true(
            helpers.call_auth('issue_update',
                              context,
                              id=issue['id'],
                              dataset_id=dataset['id'],
                              status='open'))
Esempio n. 41
0
    def test_org_user_can_delete(self):
        user = factories.User()
        org_users = [{'name': user['name'], 'capacity': 'editor'}]
        org = factories.Organization(users=org_users)
        dataset = factories.Dataset(owner_org=org['id'],
                                    resources=[factories.Resource()],
                                    user=user)

        resource_view = factories.ResourceView(
            resource_id=dataset['resources'][0]['id']
        )

        context = {'user': user['name'], 'model': model}

        response = helpers.call_auth('resource_view_delete', context=context,
                                     id=resource_view['id'])

        assert_equals(response, True)
Esempio n. 42
0
    def test_org_editor_can_update_an_issue(self):
        org_editor = factories.User()
        org = factories.Organization()
        helpers.call_action('member_create',
                            object=org_editor['name'],
                            id=org['id'],
                            object_type='user',
                            capacity='editor')
        dataset = factories.Dataset(owner_org=org['name'], private=True)
        user = helpers.call_action('get_site_user')
        issue = issue_factories.Issue(user=user, dataset_id=dataset['id'])

        context = {
            'user': org_editor['name'],
            'model': model,
        }
        assert_true(
            helpers.call_auth('issue_update',
                              context,
                              dataset_id=dataset['id']))
Esempio n. 43
0
    def test_org_editor_can_update_an_issue(self):
        org_editor = factories.User()
        org = factories.Organization(users=[{
            'name': org_editor['id'],
            'capacity': 'editor'
        }])
        dataset = factories.Dataset(owner_org=org['name'], private=True)
        user = helpers.call_action('get_site_user')
        issue = issue_factories.Issue(user=user, dataset_id=dataset['id'])

        context = {
            'user': org_editor['name'],
            'model': model,
        }
        assert_true(
            helpers.call_auth('issue_update',
                              context,
                              issue_number=issue['number'],
                              dataset_id=dataset['id'],
                              status='open'))
Esempio n. 44
0
    def test_org_editor_can_update_an_issue(self):
        org_editor = factories.User()
        org = factories.Organization(
            users=[{'name': org_editor['id'], 'capacity': 'editor'}]
        )
        dataset = factories.Dataset(owner_org=org['name'], private=True)
        user = helpers.call_action('get_site_user')
        issue = issue_factories.Issue(user=user, dataset_id=dataset['id'])

        context = {
            'user': org_editor['name'],
            'model': model,
        }
        assert_true(
            helpers.call_auth(
                'issue_update',
                context,
                issue_number=issue['number'],
                dataset_id=dataset['id'],
                status='open'
            )
        )
Esempio n. 45
0
    def test_esd_service_show(self):

        context = {'user': None, 'model': core_model}
        response = helpers.call_auth('esd_service_show',
                                     context=context, id=1512)
        assert_equals(response, True)
Esempio n. 46
0
    def test_esd_service_autocomplete(self):

        context = {'user': None, 'model': core_model}
        response = helpers.call_auth('esd_service_autocomplete',
                                     context=context, q='a')
        assert_equals(response, True)