def test_showcase_admin_list_correct_creds(self):
'''
Calling showcase admin list by a sysadmin doesn't raise
NotAuthorized.
'''
a_sysadmin = factories.Sysadmin()
context = {'user': a_sysadmin['name'], 'model': None}
helpers.call_auth('ckanext_showcase_admin_list', context=context)
def test_showcase_admin_list_correct_creds(self):
'''
Calling showcase admin list by a sysadmin doesn't raise
NotAuthorized.
'''
a_sysadmin = factories.Sysadmin()
context = {'user': a_sysadmin['name'], 'model': None}
helpers.call_auth('ckanext_showcase_admin_list', context=context)
def test_showcase_package_association_delete_sysadmin(self):
'''
Calling showcase package association create by a sysadmin doesn't
raise NotAuthorized.
'''
a_sysadmin = factories.Sysadmin()
context = {'user': a_sysadmin['name'], 'model': None}
helpers.call_auth('ckanext_showcase_package_association_delete',
context=context)
def test_showcase_package_association_delete_sysadmin(self):
'''
Calling showcase package association create by a sysadmin doesn't
raise NotAuthorized.
'''
a_sysadmin = factories.Sysadmin()
context = {'user': a_sysadmin['name'], 'model': None}
helpers.call_auth('ckanext_showcase_package_association_delete',
context=context)
def test_showcase_package_association_delete_showcase_admin(self):
'''
Calling showcase package association create by a showcase admin
doesn't raise NotAuthorized.
'''
showcase_admin = factories.User()
# Make user a showcase admin
helpers.call_action('ckanext_showcase_admin_add', context={},
username=showcase_admin['name'])
context = {'user': showcase_admin['name'], 'model': None}
helpers.call_auth('ckanext_showcase_package_association_delete',
context=context)
def test_showcase_package_association_delete_showcase_admin(self):
'''
Calling showcase package association create by a showcase admin
doesn't raise NotAuthorized.
'''
showcase_admin = factories.User()
# Make user a showcase admin
helpers.call_action('ckanext_showcase_admin_add',
context={},
username=showcase_admin['name'])
context = {'user': showcase_admin['name'], 'model': None}
helpers.call_auth('ckanext_showcase_package_association_delete',
context=context)
def test_user_update_with_no_user_in_context(self):
# Make a mock ckan.model.User object.
mock_user = factories.MockUser(name='fred')
# Make a mock ckan.model object.
mock_model = mock.MagicMock()
# model.User.get(user_id) should return our mock user.
mock_model.User.get.return_value = mock_user
# Put the mock model in the context.
# This is easier than patching import ckan.model.
context = {'model': mock_model}
# For this test we're going to have no 'user' in the context.
context['user'] = None
params = {
'id': mock_user.id,
'name': 'updated_user_name',
}
result = helpers.call_auth('user_update', context=context, **params)
assert result['success'] is False
# FIXME: Be nice if this error message was a complete sentence.
assert result['msg'] == 'Have to be logged in to edit user'
def test_user_update_user_cannot_update_another_user(self):
'''Users should not be able to update other users' accounts.'''
# 1. Setup.
# Make a mock ckan.model.User object, Fred.
fred = factories.MockUser(name='fred')
# Make a mock ckan.model object.
mock_model = mock.MagicMock()
# model.User.get(user_id) should return Fred.
mock_model.User.get.return_value = fred
# Put the mock model in the context.
# This is easier than patching import ckan.model.
context = {'model': mock_model}
# The logged-in user is going to be Bob, not Fred.
context['user'] = '******'
# 2. Call the function that's being tested, once only.
# Make Bob try to update Fred's user account.
params = {
'id': fred.id,
'name': 'updated_user_name',
}
result = helpers.call_auth('user_update', context=context, **params)
# 3. Make assertions about the return value and/or side-effects.
assert result['success'] is False
# FIXME: This error message should contain Fred's user name not his id.
assert result['msg'] == ('User bob not authorized to edit user '
'fred_user_id')
def test_user_update_user_can_update_herself(self):
'''Users should be authorized to update their own accounts.'''
# Make a mock ckan.model.User object, Fred.
fred = factories.MockUser(name='fred')
# Make a mock ckan.model object.
mock_model = mock.MagicMock()
# model.User.get(user_id) should return our mock user.
mock_model.User.get.return_value = fred
# Put the mock model in the context.
# This is easier than patching import ckan.model.
context = {'model': mock_model}
# The 'user' in the context has to match fred.name, so that the
# auth function thinks that the user being updated is the same user as
# the user who is logged-in.
context['user'] = fred.name
# Make Fred try to update his own user name.
params = {
'id': fred.id,
'name': 'updated_user_name',
}
result = helpers.call_auth('user_update', context=context, **params)
assert result is True
def test_user_update_visitor_cannot_update_user(self):
'''Visitors should not be able to update users' accounts.'''
# Make a mock ckan.model.User object, Fred.
fred = factories.MockUser(name='fred')
# Make a mock ckan.model object.
mock_model = mock.MagicMock()
# model.User.get(user_id) should return Fred.
mock_model.User.get.return_value = fred
# Put the mock model in the context.
# This is easier than patching import ckan.model.
context = {'model': mock_model}
# No user is going to be logged-in.
context['user'] = '******'
# Make the visitor try to update Fred's user account.
params = {
'id': fred.id,
'name': 'updated_user_name',
}
result = helpers.call_auth('user_update', context=context, **params)
assert result['success'] is False
# FIXME: This is a terrible error message, containing both 127.0.0.1
# and Fred's user id (not his name).
assert result['msg'] == ('User 127.0.0.1 not authorized to edit user '
'fred_user_id')
def test_user_update_with_no_user_in_context(self):
# Make a mock ckan.model.User object.
mock_user = factories.MockUser(name='fred')
# Make a mock ckan.model object.
mock_model = mock.MagicMock()
# model.User.get(user_id) should return our mock user.
mock_model.User.get.return_value = mock_user
# Put the mock model in the context.
# This is easier than patching import ckan.model.
context = {'model': mock_model}
# For this test we're going to have no 'user' in the context.
context['user'] = None
params = {
'id': mock_user.id,
'name': 'updated_user_name',
}
result = helpers.call_auth('user_update', context=context, **params)
assert result['success'] is False
# FIXME: Be nice if this error message was a complete sentence.
assert result['msg'] == 'Have to be logged in to edit user'
def test_dataset_owner_can_delete_issue(self):
user = factories.User()
org = factories.Organization(user=user)
dataset = factories.Dataset(owner_org=org['name'])
issue = issue_factories.Issue(user=user,
user_id=user['id'],
dataset_id=dataset['id'])
context = {
'user': user['name'],
'auth_user_obj': user,
'model': model,
'session': model.Session,
}
helpers.call_auth('issue_delete', context, issue_id=issue['id'],
dataset_id=dataset['id'])
def test_user_update_user_cannot_update_another_user(self):
'''Users should not be able to update other users' accounts.'''
# 1. Setup.
# Make a mock ckan.model.User object, Fred.
fred = factories.MockUser(name='fred')
# Make a mock ckan.model object.
mock_model = mock.MagicMock()
# model.User.get(user_id) should return Fred.
mock_model.User.get.return_value = fred
# Put the mock model in the context.
# This is easier than patching import ckan.model.
context = {'model': mock_model}
# The logged-in user is going to be Bob, not Fred.
context['user'] = '******'
# 2. Call the function that's being tested, once only.
# Make Bob try to update Fred's user account.
params = {
'id': fred.id,
'name': 'updated_user_name',
}
result = helpers.call_auth('user_update', context=context, **params)
# 3. Make assertions about the return value and/or side-effects.
assert result['success'] is False
# FIXME: This error message should contain Fred's user name not his id.
assert result['msg'] == ('User bob not authorized to edit user '
'fred_user_id')
def test_user_update_user_can_update_herself(self):
'''Users should be authorized to update their own accounts.'''
# Make a mock ckan.model.User object, Fred.
fred = factories.MockUser(name='fred')
# Make a mock ckan.model object.
mock_model = mock.MagicMock()
# model.User.get(user_id) should return our mock user.
mock_model.User.get.return_value = fred
# Put the mock model in the context.
# This is easier than patching import ckan.model.
context = {'model': mock_model}
# The 'user' in the context has to match fred.name, so that the
# auth function thinks that the user being updated is the same user as
# the user who is logged-in.
context['user'] = fred.name
# Make Fred try to update his own user name.
params = {
'id': fred.id,
'name': 'updated_user_name',
}
result = helpers.call_auth('user_update', context=context, **params)
assert result['success'] is True
def test_user_update_visitor_cannot_update_user(self):
'''Visitors should not be able to update users' accounts.'''
# Make a mock ckan.model.User object, Fred.
fred = factories.MockUser(name='fred')
# Make a mock ckan.model object.
mock_model = mock.MagicMock()
# model.User.get(user_id) should return Fred.
mock_model.User.get.return_value = fred
# Put the mock model in the context.
# This is easier than patching import ckan.model.
context = {'model': mock_model}
# No user is going to be logged-in.
context['user'] = '******'
# Make the visitor try to update Fred's user account.
params = {
'id': fred.id,
'name': 'updated_user_name',
}
result = helpers.call_auth('user_update', context=context, **params)
assert result['success'] is False
# FIXME: This is a terrible error message, containing both 127.0.0.1
# and Fred's user id (not his name).
assert result['msg'] == ('User 127.0.0.1 not authorized to edit user '
'fred_user_id')
def test_any_user_can_report_an_issue(object):
user = factories.User()
context = {
'user': user['name'],
'model': model,
}
assert_true(helpers.call_auth('issue_report', context=context))
def test_sysadmin_user_can_clear(self):
user = factories.User(sysadmin=True)
context = {'user': user['name'], 'model': model}
response = helpers.call_auth('resource_view_clear', context=context)
assert_equals(response, True)
def test_any_user_can_report_spam(object):
user = factories.User()
context = {
'user': user['name'],
'model': model,
}
assert_true(helpers.call_auth('issue_report_spam', context=context))
def test_dataset_owner_can_delete_issue(self):
user = factories.User()
org = factories.Organization(user=user)
dataset = factories.Dataset(owner_org=org['name'])
issue = issue_factories.Issue(user=user,
user_id=user['id'],
dataset_id=dataset['id'])
context = {
'user': user['name'],
'auth_user_obj': user,
'model': model,
'session': model.Session,
}
helpers.call_auth('issue_delete',
context,
issue_id=issue['id'],
dataset_id=dataset['id'])
def test_group_show__deleted_group_is_visible_to_its_member(self):
fred = factories.User(name='fred')
org = factories.Group(users=[fred])
context = {'model': model}
context['user'] = '******'
ret = helpers.call_auth('group_show', context=context, id=org['name'])
assert ret
def test_group_show__deleted_group_is_visible_to_its_member(self):
fred = factories.User(name='fred')
org = factories.Group(users=[fred])
context = {'model': model}
context['user'] = '******'
ret = helpers.call_auth('group_show', context=context,
id=org['name'])
assert ret
def test_group_show__deleted_org_is_visible_to_its_member(self):
fred = factories.User(name='fred')
fred['capacity'] = 'editor'
org = factories.Organization(users=[fred])
context = {'model': model}
context['user'] = '******'
ret = helpers.call_auth('group_show', context=context, id=org['name'])
assert ret
def test_authorized_if_user_has_permissions_on_dataset(self):
user = factories.User()
dataset = factories.Dataset(user=user)
context = {'user': user['name'], 'model': core_model}
response = helpers.call_auth('package_create_default_resource_views',
context=context, package=dataset)
assert_equals(response, True)
def test_sysadmin_is_authorized(self):
sysadmin = factories.Sysadmin()
resource = {'title': 'Resource', 'url': 'http://test', 'format': 'csv'}
context = {'user': sysadmin['name'], 'model': core_model}
response = helpers.call_auth('resource_create',
context=context,
**resource)
assert_equals(response, True)
def test_authorized_if_user_has_permissions_on_dataset(self):
user = factories.User()
dataset = factories.Dataset(user=user)
context = {'user': user['name'], 'model': core_model}
response = helpers.call_auth('package_create_default_resource_views',
context=context,
package=dataset)
assert_equals(response, True)
def test_group_show__deleted_org_is_visible_to_its_member(self):
fred = factories.User(name='fred')
fred['capacity'] = 'editor'
org = factories.Organization(users=[fred])
context = {'model': model}
context['user'] = '******'
ret = helpers.call_auth('group_show', context=context,
id=org['name'])
assert ret
def test_package_show__deleted_dataset_is_visible_to_editor(self):
fred = factories.User(name='fred')
fred['capacity'] = 'editor'
org = factories.Organization(users=[fred])
dataset = factories.Dataset(owner_org=org['id'], state='deleted')
context = {'model': model}
context['user'] = '******'
ret = helpers.call_auth('package_show', context=context,
id=dataset['name'])
assert ret
def test_sysadmin_is_authorized(self):
sysadmin = factories.Sysadmin()
resource = {'title': 'Resource',
'url': 'http://test',
'format': 'csv'}
context = {'user': sysadmin['name'], 'model': core_model}
response = helpers.call_auth('resource_create',
context=context, **resource)
assert_equals(response, True)
def test_package_show__deleted_dataset_is_visible_to_editor(self):
fred = factories.User(name='fred')
fred['capacity'] = 'editor'
org = factories.Organization(users=[fred])
dataset = factories.Dataset(owner_org=org['id'], state='deleted')
context = {'model': model}
context['user'] = '******'
ret = helpers.call_auth('package_show',
context=context,
id=dataset['name'])
assert ret
def test_user_generate_own_apikey(self):
fred = factories.MockUser(name='fred')
mock_model = mock.MagicMock()
mock_model.User.get.return_value = fred
# auth_user_obj shows user as logged in for non-anonymous auth
# functions
context = {'model': mock_model, 'auth_user_obj': fred}
context['user'] = fred.name
params = {
'id': fred.id,
}
result = helpers.call_auth('user_generate_apikey', context=context,
**params)
assert result is True
def test_user_generate_own_apikey(self):
fred = factories.MockUser(name='fred')
mock_model = mock.MagicMock()
mock_model.User.get.return_value = fred
# auth_user_obj shows user as logged in for non-anonymous auth
# functions
context = {'model': mock_model, 'auth_user_obj': fred}
context['user'] = fred.name
params = {
'id': fred.id,
}
result = helpers.call_auth('user_generate_apikey', context=context,
**params)
assert result is True
def test_authorized_if_user_has_permissions_on_dataset(self):
user = factories.User()
dataset = factories.Dataset(user=user)
resource = {'package_id': dataset['id'],
'title': 'Resource',
'url': 'http://test',
'format': 'csv'}
context = {'user': user['name'], 'model': core_model}
response = helpers.call_auth('resource_create',
context=context, **resource)
assert_equals(response, True)
def test_issue_owner_can_update_issue(self):
issue_owner = factories.User()
org = factories.Organization()
dataset = factories.Dataset(owner_org=org['name'])
issue = issue_factories.Issue(user=issue_owner,
user_id=issue_owner['id'],
dataset_id=dataset['id'])
context = {
'user': issue_owner['name'],
'model': model,
}
assert_true(helpers.call_auth('issue_update', context, id=issue['id'],
dataset_id=dataset['id'],
status='open'))
def test_authorized_if_user_has_permissions_on_dataset(self):
user = factories.User()
dataset = factories.Dataset(user=user)
resource = {'package_id': dataset['id'],
'title': 'Resource',
'url': 'http://test',
'format': 'csv'}
context = {'user': user['name'], 'model': core_model}
response = helpers.call_auth('resource_create',
context=context, **resource)
assert_equals(response, True)
def test_user_invite_delegates_correctly_to_group_member_create(self, gmc):
user = factories.User()
context = {'user': user['name'], 'model': None, 'auth_user_obj': user}
data_dict = {'group_id': 42}
gmc.return_value = {'success': False}
nose.tools.assert_raises(logic.NotAuthorized,
helpers.call_auth,
'user_invite',
context=context,
**data_dict)
gmc.return_value = {'success': True}
result = helpers.call_auth('user_invite', context=context, **data_dict)
assert result is True
def test_org_editor_can_update_an_issue(self):
org_editor = factories.User()
org = factories.Organization()
helpers.call_action('member_create', object=org_editor['name'],
id=org['id'], object_type='user',
capacity='editor')
dataset = factories.Dataset(owner_org=org['name'], private=True)
user = helpers.call_action('get_site_user')
issue = issue_factories.Issue(user=user, dataset_id=dataset['id'])
context = {
'user': org_editor['name'],
'model': model,
}
assert_true(helpers.call_auth('issue_update', context,
dataset_id=dataset['id']))
def test_user_invite_delegates_correctly_to_group_member_create(self, gmc):
user = factories.User()
context = {
'user': user['name'],
'model': None,
'auth_user_obj': user
}
data_dict = {'group_id': 42}
gmc.return_value = {'success': False}
nose.tools.assert_raises(logic.NotAuthorized, helpers.call_auth,
'user_invite', context=context, **data_dict)
gmc.return_value = {'success': True}
result = helpers.call_auth('user_invite', context=context, **data_dict)
assert result is True
def test_authorized_if_user_has_permissions_on_dataset(self):
user = factories.User()
dataset = factories.Dataset(user=user)
resource = factories.Resource(user=user, package_id=dataset['id'])
resource_view = {'resource_id': resource['id'],
'title': u'Resource View',
'view_type': u'image_view',
'image_url': 'url'}
context = {'user': user['name'], 'model': core_model}
response = helpers.call_auth('resource_view_create',
context=context, **resource_view)
assert_equals(response, True)
def test_authorized_if_user_has_permissions_on_dataset(self):
user = factories.User()
dataset = factories.Dataset(user=user)
resource = factories.Resource(user=user, package_id=dataset['id'])
resource_view = {'resource_id': resource['id'],
'title': u'Resource View',
'view_type': u'image_view',
'image_url': 'url'}
context = {'user': user['name'], 'model': core_model}
response = helpers.call_auth('resource_view_create',
context=context, **resource_view)
assert_equals(response, True)
def test_issue_owner_can_update_issue(self):
issue_owner = factories.User()
org = factories.Organization()
dataset = factories.Dataset(owner_org=org['name'])
issue = issue_factories.Issue(user=issue_owner,
user_id=issue_owner['id'],
dataset_id=dataset['id'])
context = {
'user': issue_owner['name'],
'model': model,
}
assert_true(
helpers.call_auth('issue_update',
context,
id=issue['id'],
dataset_id=dataset['id'],
status='open'))
def test_org_user_can_delete(self):
user = factories.User()
org_users = [{'name': user['name'], 'capacity': 'editor'}]
org = factories.Organization(users=org_users)
dataset = factories.Dataset(owner_org=org['id'],
resources=[factories.Resource()],
user=user)
resource_view = factories.ResourceView(
resource_id=dataset['resources'][0]['id']
)
context = {'user': user['name'], 'model': model}
response = helpers.call_auth('resource_view_delete', context=context,
id=resource_view['id'])
assert_equals(response, True)
def test_org_editor_can_update_an_issue(self):
org_editor = factories.User()
org = factories.Organization()
helpers.call_action('member_create',
object=org_editor['name'],
id=org['id'],
object_type='user',
capacity='editor')
dataset = factories.Dataset(owner_org=org['name'], private=True)
user = helpers.call_action('get_site_user')
issue = issue_factories.Issue(user=user, dataset_id=dataset['id'])
context = {
'user': org_editor['name'],
'model': model,
}
assert_true(
helpers.call_auth('issue_update',
context,
dataset_id=dataset['id']))
def test_org_editor_can_update_an_issue(self):
org_editor = factories.User()
org = factories.Organization(users=[{
'name': org_editor['id'],
'capacity': 'editor'
}])
dataset = factories.Dataset(owner_org=org['name'], private=True)
user = helpers.call_action('get_site_user')
issue = issue_factories.Issue(user=user, dataset_id=dataset['id'])
context = {
'user': org_editor['name'],
'model': model,
}
assert_true(
helpers.call_auth('issue_update',
context,
issue_number=issue['number'],
dataset_id=dataset['id'],
status='open'))
def test_org_editor_can_update_an_issue(self):
org_editor = factories.User()
org = factories.Organization(
users=[{'name': org_editor['id'], 'capacity': 'editor'}]
)
dataset = factories.Dataset(owner_org=org['name'], private=True)
user = helpers.call_action('get_site_user')
issue = issue_factories.Issue(user=user, dataset_id=dataset['id'])
context = {
'user': org_editor['name'],
'model': model,
}
assert_true(
helpers.call_auth(
'issue_update',
context,
issue_number=issue['number'],
dataset_id=dataset['id'],
status='open'
)
)
def test_esd_service_show(self):
context = {'user': None, 'model': core_model}
response = helpers.call_auth('esd_service_show',
context=context, id=1512)
assert_equals(response, True)
def test_esd_service_autocomplete(self):
context = {'user': None, 'model': core_model}
response = helpers.call_auth('esd_service_autocomplete',
context=context, q='a')
assert_equals(response, True)