def _(self,
obj_class,
data=None,
add_fields=True,
with_background_tasks=False):
"""Handle generation of `Control` objects."""
data = data if data is not None else {}
# pylint: disable=protected-access
obj_name = models.Control._inflector.table_singular
# pylint: enable=protected-access
obj_dict = self.obj_to_dict(models.Control(), obj_name)
defaults = {
obj_name: {
"title": factories.random_str(),
"context": None,
"recipients": "Admin,Control Operators,Control Owners",
"send_by_default": 0,
"assertions": [{
"id": factories.ControlAssertionFactory().id
}]
}
}
obj_dict[obj_name].update(defaults[obj_name])
obj_dict[obj_name].update(data[obj_name] if obj_name in data else data)
return self.generate(models.Control,
obj_name=obj_name,
data=obj_dict,
with_background_tasks=with_background_tasks)
def setUp(self):
super(TestAccessControlList, self).setUp()
self.person = factories.PersonFactory(name="My Person")
self.acr = factories.AccessControlRoleFactory(object_type="Control",
read=True)
self.second_acr = factories.AccessControlRoleFactory(
object_type="Control", read=True)
self.control = factories.ControlFactory()
self.assertion = factories.ControlAssertionFactory()
factories.AccessControlPersonFactory(
ac_list=self.control.acr_acl_map[self.acr],
person=self.person,
)
def test_post_modifier(self, model):
"""Test modifier of models when working as external user."""
model_plural = model._inflector.table_plural
model_singular = model._inflector.table_singular
model_data = {
"title": "{}1".format(model_singular),
"context": 0,
}
if model_plural == "risks":
model_data["risk_type"] = "some text"
if model_plural == "controls":
assertion = factories.ControlAssertionFactory()
model_data["assertions"] = [{"id": assertion.id}]
response = self._post("api/{}".format(model_plural),
data=json.dumps({model_singular: model_data}),
headers=self.headers)
self.assertEqual(response.status_code, 201)
ext_person = all_models.Person.query.filter_by(
email="*****@*****.**").first()
ext_person_id = ext_person.id
# check model modifier
model_json = response.json[model_singular]
self.assertEqual(model_json['modified_by']['id'], ext_person_id)
# check model revision modifier
model_revision = all_models.Revision.query.filter(
all_models.Revision.resource_type == model.__name__).order_by(
all_models.Revision.id.desc()).first()
self.assertEqual(model_revision.modified_by_id, ext_person_id)
# check model event modifier
event = all_models.Event.query.filter(
all_models.Event.resource_type == model.__name__).order_by(
all_models.Event.id.desc()).first()
self.assertEqual(event.modified_by_id, ext_person_id)
def test_create_with_assertions(self):
"""Check control creation with assertions pass"""
with factories.single_commit():
assertion = factories.ControlAssertionFactory()
response = self.api.post(
all_models.Control, {
"control": {
"title": "Control title",
"context": None,
"recipients": "Admin,Control Operators,Control Owners",
"send_by_default": 0,
"assertions": [{
"id": assertion.id
}]
}
})
self.assertEqual(response.status_code, 201)
control = all_models.Control.query.first()
self.assertIsNotNone(control)
self.assertEqual(assertion.id, control.assertions[0].id)
def test_create_commentable(self):
"""Test if commentable fields are set on creation"""
with factories.single_commit():
assertion = factories.ControlAssertionFactory()
recipients = "Admin,Control Operators,Control Owners"
send_by_default = 0
response = self.api.post(
all_models.Control, {
"control": {
"title": "Control title",
"context": None,
"recipients": recipients,
"send_by_default": send_by_default,
"assertions": [{
"id": assertion.id
}]
},
})
self.assertEqual(response.status_code, 201)
control_id = response.json.get("control").get("id")
control = db.session.query(all_models.Control).get(control_id)
self.assertEqual(control.recipients, recipients)
self.assertEqual(control.send_by_default, send_by_default)
