def __init__(self, *args, **kwargs):
for ac_role in role.get_ac_roles_for(self.type).values():
AccessControlList(
object=self,
ac_role=ac_role,
)
super(Roleable, self).__init__(*args, **kwargs)
def _check_propagated_acl(self, exp_admin_ids, exp_member_ids):
"""Check that roles were propagated properly.
Args:
exp_admin_ids: Test people data indexes who should get Admin role.
exp_member_ids: Test people data indexes who should get Member role.
"""
workflow = Workflow.query.filter(Workflow.slug == self.wf_slug).one()
task_group = TaskGroup.query.filter(
TaskGroup.workflow_id == workflow.id,
TaskGroup.slug == self.tg_slug).one()
acl = AccessControlList.eager_query().filter(
AccessControlList.object_type == TaskGroup.__name__,
AccessControlList.object_id == task_group.id).all()
actual_admins = [
a.person.email for a in acl if a.ac_role.name.startswith("Admin*")
]
expected_admins = [self.user_emails[i] for i in exp_admin_ids]
self.assertItemsEqual(actual_admins, expected_admins)
actual_members = [
a.person.email for a in acl
if a.ac_role.name.startswith("Workflow Member*")
]
expected_members = [self.user_emails[i] for i in exp_member_ids]
self.assertItemsEqual(actual_members, expected_members)
def _check_propagated_acl(self, exp_admin_ids, exp_member_ids):
"""Check that roles were propagated properly.
Args:
exp_admin_ids: Test people data indexes who should get Admin role.
exp_member_ids: Test people data indexes who should get Member role.
"""
workflow = Workflow.query.filter(Workflow.slug == self.wf_slug).one()
task_group = TaskGroup.query.filter(
TaskGroup.workflow_id == workflow.id,
TaskGroup.slug == self.tg_slug
).one()
acl = AccessControlList.eager_query().filter(
AccessControlList.object_type == TaskGroup.__name__,
AccessControlList.object_id == task_group.id
).all()
actual_admins = [a.person.email for a in acl
if a.ac_role.name == "Admin Mapped"]
expected_admins = [self.user_emails[i] for i in exp_admin_ids]
self.assertItemsEqual(actual_admins, expected_admins)
actual_members = [a.person.email for a in acl
if a.ac_role.name == "Workflow Member Mapped"]
expected_members = [self.user_emails[i] for i in exp_member_ids]
self.assertItemsEqual(actual_members, expected_members)
def _add_values(self, values):
"""Attach new custom role values to current object."""
for ac_role, person in values:
AccessControlList(
object=self,
person=person,
ac_role=ac_role
)
def clone_acls(self, audit):
"""Clone acl roles like auditors and audit captains
Args:
audit: Audit instance
"""
for acl in audit.access_control_list:
data = {
"person": acl.person,
"ac_role": acl.ac_role,
"object": self,
"context": acl.context,
}
new_acl = AccessControlList(**data)
db.session.add(new_acl)
def _check_propagated_acl(self, exp_admin_ids, exp_member_ids):
"""Check that roles were propagated properly.
Args:
exp_admin_ids: Test people data indexes who should get Admin role.
exp_member_ids: Test people data indexes who should get Member role.
"""
workflow = Workflow.query.filter(Workflow.slug == self.wf_slug).one()
task_group = TaskGroup.query.filter(
TaskGroup.workflow_id == workflow.id,
TaskGroup.slug == self.tg_slug
).one()
acl = AccessControlList.eager_query().filter(
AccessControlList.object_type == TaskGroup.__name__,
AccessControlList.object_id == task_group.id
).all()
propagated_admins = [acl for a in acl
if a.ac_role.name.startswith("Admin*")]
self.assertEqual(len(propagated_admins), 1)
propagated_members = [acl for a in acl
if a.ac_role.name.startswith("Workflow Member*")]
self.assertEqual(len(propagated_members), 1)
