def test_allow_to_edit(self, server_iface, DBSession,
test_data2): # noqa: ignore=N803
session = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver", "no_project", 21781, lambda: session)
ogcserver_accesscontrol.project = test_data2["project"]
for user_name, expected, geometry in [
["user_no_access", False, geom_in],
["user_full_access", True, geom_in],
["user_area_access", True, geom_in],
["user_no_access", False, geom_intersects],
["user_full_access", True, geom_intersects],
["user_area_access", True, geom_intersects],
["user_no_access", False, geom_out],
["user_full_access", True, geom_out],
["user_area_access", False, geom_out],
]:
user = test_data2["users"][user_name]
set_request_parameters(
server_iface,
{
"USER_ID": str(user["id"]),
"ROLE_IDS": ",".join([str(e) for e in user["role_ids"]])
},
)
layer = test_data2["project"].mapLayersByName("private_layer")[0]
feature = QgsFeature()
geom = QgsGeometry()
geom.fromWkb(geometry.wkb)
feature.setGeometry(geom)
result = ogcserver_accesscontrol.allowToEdit(layer, feature)
assert expected == result, "allowToEdit with '{}', should return '{}'.".format(
user_name, expected)
def test_get_area(self, server_iface, DBSession,
test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", "no_project", 21781,
lambda: dbsession)
ogcserver_accesscontrol.project = test_data["project"]
for user_name, layer_name, expected in [
("root", layer_name, (Access.FULL, None))
for layer_name in ("public_layer", "private_layer1",
"private_layer2", "private_layer3")
] + [
("user1", "public_layer", (Access.FULL, None)),
("user1", "private_layer1", (Access.AREA, area1.wkt)),
("user1", "private_layer2", (Access.NO, None)),
("user1", "private_layer3", (Access.AREA, area1.wkt)),
]:
user = test_data["users"][user_name]
set_request_parameters(
server_iface,
{
"USER_ID": str(user["id"]),
"ROLE_IDS": ",".join([str(r) for r in user["role_ids"]])
},
)
layer = test_data["project"].mapLayersByName(layer_name)[0]
access, area = ogcserver_accesscontrol.get_area(layer, dbsession)
assert expected == (
access,
area.wkt if area else None,
), 'get_area with "{}", "{}" should return {}'.format(
user_name, layer_name, expected)
def test_ogc_layer_with_wms_use_layer_ids(self, server_iface, DBSession,
test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", "no_project", 21781,
lambda: dbsession)
ogcserver_accesscontrol.project = test_data["project"]
layer = test_data["project"].mapLayersByName("private_layer1")[0]
assert layer.id() == ogcserver_accesscontrol.ogc_layer_name(layer)
def test_layer_permissions(server_iface, DBSession,
test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", "no_project", 21781,
lambda: dbsession)
ogcserver_accesscontrol.project = test_data["project"]
for user_name, layer_name, expected in (
(
"user1",
"public_layer",
{
"canDelete": False,
"canInsert": False,
"canRead": True,
"canUpdate": False
},
),
(
"user1",
"private_layer1",
{
"canDelete": False,
"canInsert": False,
"canRead": True,
"canUpdate": False
},
),
(
"user12",
"private_layer2",
{
"canDelete": True,
"canInsert": True,
"canRead": True,
"canUpdate": True
},
),
):
user = test_data["users"][user_name]
set_request_parameters(
server_iface,
{
"USER_ID": str(user["id"]),
"ROLE_IDS": ",".join([str(r) for r in user["role_ids"]])
},
)
layer = test_data["project"].mapLayersByName(layer_name)[0]
permissions = ogcserver_accesscontrol.layerPermissions(layer)
for key, value in expected.items():
assert value == getattr(permissions, key)
def test_ogc_layer_name(self, server_iface, DBSession,
test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", "no_project", 21781,
lambda: dbsession)
ogcserver_accesscontrol.project = test_data["project"]
for layer_name, expected in (
("private_layer1", "private_layer1"),
("private_layer3", "pl3"),
):
layer = test_data["project"].mapLayersByName(layer_name)[0]
assert expected == ogcserver_accesscontrol.ogc_layer_name(layer)
def test_get_layers(self, server_iface, DBSession,
test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", "no_project", 21781,
lambda: dbsession)
ogcserver_accesscontrol.project = test_data["project"]
expected = {
"public_group": ["public_group"],
"public_layer": ["public_group", "public_layer"],
"private_layer1": ["private_layer1"],
"private_layer2": ["private_layer2"],
"pg3": ["private_group3"],
"pl3": ["private_group3", "private_layer3"],
}
layers = ogcserver_accesscontrol.get_layers(dbsession)
assert set(expected.keys()) == set(layers.keys())
for key in expected.keys():
assert set(expected[key]) == {layer.name for layer in layers[key]}