def __init__(self, user_id, acr, parent=None): """Set up objects for Document permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api self.acr = acr self.user_id = user_id self.parent_name = parent self.document_id = None self.parent = None self.parent_id = None self.admin_acr_id = all_models.AccessControlRole.query.filter_by( name="Admin", object_type="Document", ).one().id self.setup_models(self.parent_name) self.set_user(user_id)
def __init__(self, user_id, acr, parent=None): """Set up objects for Evidence permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ self.setup_program_scope(user_id, acr) with factories.single_commit(): evidence = factories.EvidenceUrlFactory() if parent == "Audit": self.mapping_id = factories.RelationshipFactory( source=self.audit, destination=evidence).id elif parent == "Assessment": self.mapping_id = factories.RelationshipFactory( source=self.assessment, destination=evidence).id self.evidence_id = evidence.id self.parent = parent self.admin_acr_id = all_models.AccessControlRole.query.filter_by( name="Admin", object_type="Evidence", ).one().id self.user_id = user_id self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api if user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user)
def setUp(self): super(TestIssue, self).setUp() self.api = Api() with factories.single_commit(): audit = factories.AuditFactory() for status in all_models.Issue.VALID_STATES: factories.IssueFactory(audit=audit, status=status)
class TestAssessmentTemplate(TestCase): """ Test AssessmentTemplate class. """ def setUp(self): super(TestAssessmentTemplate, self).setUp() self.api = Api() def test_audit_setup(self): """Test audit setup for assessment_template""" audit = factories.AuditFactory() response = self.api.post( all_models.AssessmentTemplate, { "assessment_template": { "audit": { "id": audit.id }, "context": { "id": audit.context.id }, "default_people": { "assignees": "Admin", "verifiers": "Admin", }, "title": "Some title" } }) self.assertStatus(response, 201) template_id = response.json["assessment_template"]["id"] template = all_models.AssessmentTemplate.query.get(template_id) self.assertEqual(template.audit.id, audit.id) def test_audit_issue_tracker(self): """Test existing audit issue_tracker info in template response""" with factories.single_commit(): audit = factories.AuditFactory() audit_id = audit.id factories.IssueTrackerIssueFactory( issue_tracked_obj=audit, component_id="some id", hotlist_id="some host id", ) template_id = factories.AssessmentTemplateFactory( audit=audit, context=audit.context).id response = self.api.get(all_models.AssessmentTemplate, template_id) self.assert200(response) audit = all_models.Audit.query.get(audit_id) self.assertEqual( response.json["assessment_template"]["audit"], { "type": "Audit", "id": audit.id, "href": "/api/audits/{}".format(audit.id), "context_id": audit.context.id, "issue_tracker": { "component_id": "some id", "enabled": False, "issue_severity": None, "hotlist_id": "some host id", "issue_priority": None, "issue_type": None } })
def __init__(self, user_id, acr, parent=None): """Set up objects for Snapshot permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ self.setup_program_scope(user_id, acr) control = factories.ControlFactory() # pylint: disable=protected-access snapshot = TestCase._create_snapshots(self.audit, [control])[0] factories.RelationshipFactory(source=snapshot, destination=self.audit) factories.RelationshipFactory(source=control, destination=self.program) if parent == "Assessment": factories.RelationshipFactory(source=snapshot, destination=self.assessment) self.control_id = control.id self.snapshot_id = snapshot.id self.user_id = user_id self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api if user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user)
class TestReindex(TestCase): """Tests for reindex procedure.""" def setUp(self): super(TestReindex, self).setUp() self.api = Api() def test_reindex(self): """Test reindex of big portion of objects.""" obj_count = listeners.ReindexSet.CHUNK_SIZE + 1 with factories.single_commit(): audit = factories.AuditFactory() for _ in range(obj_count): factories.AssessmentFactory(audit=audit) indexer = fulltext.get_indexer() archived_index = indexer.record_type.query.filter( mysql.MysqlRecordProperty.type == "Assessment", mysql.MysqlRecordProperty.property == "archived", mysql.MysqlRecordProperty.content == "True") self.assertEqual(archived_index.count(), 0) # Reindex of Audit.archived lead to reindex of all related assessments self.api.put(audit, {"archived": True}) # Check that all Assessment.archived were properly reindexed self.assertEqual(archived_index.count(), obj_count)
def __init__(self, user_id, acr, parent=None): """Set up objects for Cycle Task permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ # pylint: disable=unused-argument self.setup_workflow_scope(user_id, acr) self.admin_control_id = { name: id for id, name in access_control.role.get_custom_roles_for( "Control").items() }["Admin"] self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api if user_id: self.user_id = user_id user = all_models.Person.query.get(user_id) self.api.set_user(user)
class TestReindex(TestCase): """Tests for reindex procedure.""" def setUp(self): super(TestReindex, self).setUp() self.api = Api() def test_reindex(self): """Test reindex of big portion of objects.""" obj_count = listeners.ReindexSet.CHUNK_SIZE + 1 with factories.single_commit(): audit = factories.AuditFactory() for _ in range(obj_count): factories.AssessmentFactory(audit=audit) indexer = fulltext.get_indexer() archived_index = indexer.record_type.query.filter( mysql.MysqlRecordProperty.type == "Assessment", mysql.MysqlRecordProperty.property == "archived", mysql.MysqlRecordProperty.content == "True" ) self.assertEqual(archived_index.count(), 0) # Reindex of Audit.archived lead to reindex of all related assessments self.api.put(audit, {"archived": True}) # Check that all Assessment.archived were properly reindexed self.assertEqual(archived_index.count(), obj_count)
class TestAssessmentTemplate(TestCase): """ Test AssessmentTemplate class. """ def setUp(self): super(TestAssessmentTemplate, self).setUp() self.api = Api() def test_audit_setup(self): """Test audit setup for assessment_template""" audit = factories.AuditFactory() response = self.api.post(all_models.AssessmentTemplate, { "assessment_template": { "audit": {"id": audit.id}, "context": {"id": audit.context.id}, "default_people": { "assignees": "Admin", "verifiers": "Admin", }, "title": "Some title" } }) self.assertStatus(response, 201) template_id = response.json["assessment_template"]["id"] template = all_models.AssessmentTemplate.query.get(template_id) self.assertEqual(template.audit.id, audit.id) def test_audit_issue_tracker(self): """Test existing audit issue_tracker info in template response""" with factories.single_commit(): audit = factories.AuditFactory() audit_id = audit.id factories.IssueTrackerIssueFactory( issue_tracked_obj=audit, component_id="some id", hotlist_id="some host id", ) template_id = factories.AssessmentTemplateFactory( audit=audit, context=audit.context ).id response = self.api.get(all_models.AssessmentTemplate, template_id) self.assert200(response) audit = all_models.Audit.query.get(audit_id) self.assertEqual( response.json["assessment_template"]["audit"], { "type": "Audit", "id": audit.id, "href": "/api/audits/{}".format(audit.id), "context_id": audit.context.id, "issue_tracker": { "component_id": "some id", "enabled": False, "issue_severity": None, "hotlist_id": "some host id", "issue_priority": None, "issue_type": None } } )
class TestMaxACLValidation(TestCase): """Test AccessControlList max roles validation.""" def setUp(self): super(TestMaxACLValidation, self).setUp() self.api = Api() self.client.get("/login") @ddt.data("Assignee", "Verifier") def test_max_roles_validation(self, role): """Test validation of max {} roles in object(OrgGroup)""" og_admin = db.session.query(all_models.AccessControlRole.id).filter( all_models.AccessControlRole.object_type == "OrgGroup", all_models.AccessControlRole.name == "Admin").one()[0] og_role = db.session.query(all_models.AccessControlRole.id).filter( all_models.AccessControlRole.object_type == "OrgGroup", all_models.AccessControlRole.name == role).one()[0] acl = [ { "ac_role_id": og_admin, "person": { "type": "Person", "id": factories.PersonFactory().id, } }, { "ac_role_id": og_role, "person": { "type": "Person", "id": factories.PersonFactory().id, } }, ] data = { "org_group": { "title": "org_group title", "context": None, "access_control_list": acl, } } response = self.api.post(all_models.OrgGroup, data) self.assertEqual(response.status_code, 201) self.assertEqual(all_models.OrgGroup.query.count(), 1) data["org_group"]["title"] = "org_group title2" acl += [{ "ac_role_id": og_role, "person": { "type": "Person", "id": factories.PersonFactory().id, } }] response = self.api.post(all_models.OrgGroup, data) self.assertEqual(response.status_code, 400) self.assertEqual(all_models.OrgGroup.query.count(), 1)
def setUp(self): super(TestAccessControlListValidation, self).setUp() self.api = Api() self.client.get("/login") role_ids = db.session.query(all_models.AccessControlRole.id).filter( all_models.AccessControlRole.object_type.in_( ("Control", "Objective")), all_models.AccessControlRole.name == "Admin").order_by( all_models.AccessControlRole.object_type) role_ids = [id_[0] for id_ in role_ids] self.control_admin_acr_id, self.objective_admin_acr_id = role_ids
def generate_cycle(workflow_id, api=None): """Create cycle with task automatically.""" if not api: api = Api() return api.post(all_models.Cycle, { "cycle": { "context": None, "autogenerate": True, "isOverdue": False, "workflow": { "id": workflow_id, "type": "Workflow", }, } })
def __init__(self, user_id, acr, parent=None): """Set up objects for Workflow permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ # pylint: disable=unused-argument self.setup_workflow_scope(user_id, acr) self.api = Api() if user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user)
class TestIssueDueDate(TestCase): """Test suite to test Due Date of Issue""" def setUp(self): self.clear_data() super(TestIssueDueDate, self).setUp() self.api = Api() def test_issue_due_date_post(self): """Test POST requests to Issue.due_date""" response = self.api.post(all_models.Issue, data={ "issue": { "title": "TestDueDate", "context": None, "due_date": "06/14/2018", } }) self.assertEqual(201, response.status_code) due_date = all_models.Issue.query.first().due_date.strftime("%m/%d/%Y") self.assertEqual(due_date, "06/14/2018") def test_issue_due_date_get(self): """Test GET HTTP requests to Issue.due_date""" issue = factories.IssueFactory(due_date=datetime.date(2018, 6, 14)) response = self.api.get(all_models.Issue, issue.id) issue_json = response.json self.assert200(response) self.assertEqual(issue_json["issue"]["due_date"], "2018-06-14") def test_issue_due_date_put(self): """Test PUT HTTP requests to Issue.due_date""" issue = factories.IssueFactory(due_date=datetime.date(2018, 6, 14)) data = issue.log_json() data["due_date"] = "2018-06-15" response = self.api.put(issue, data) self.assert200(response) self.assertEqual(response.json["issue"]["due_date"], "2018-06-15") def test_issue_due_date_mandatory(self): """Test Issue.due_date is mandatory field""" response = self.api.post( all_models.Issue, data={"issue": { "title": "TestDueDate", "context": None }}) self.assert400(response) self.assertIn("Due Date for the issue is not specified", response.data)
def __init__(self, user_id, acr, parent=None): """Set up objects for Snapshot permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ self.setup_program_scope(user_id, acr) control = factories.ControlFactory() # pylint: disable=protected-access snapshot = TestCase._create_snapshots(self.audit, [control])[0] factories.RelationshipFactory(source=snapshot, destination=self.audit) factories.RelationshipFactory(source=control, destination=self.program) if parent == "Assessment": factories.RelationshipFactory( source=snapshot, destination=self.assessment ) self.control_id = control.id self.snapshot_id = snapshot.id self.user_id = user_id self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api if user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user)
def generate_cycle(workflow_id, api=None): """Create cycle with task automatically.""" if not api: api = Api() return api.post( all_models.Cycle, { "cycle": { "context": None, "autogenerate": True, "isOverdue": False, "workflow": { "id": workflow_id, "type": "Workflow", }, } })
def __init__(self, user_id, acr, parent=None): """Set up objects for Evidence permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ self.setup_program_scope(user_id, acr) with factories.single_commit(): evidence = factories.EvidenceUrlFactory() if parent == "Audit": self.mapping_id = factories.RelationshipFactory( source=self.audit, destination=evidence ).id elif parent == "Assessment": self.mapping_id = factories.RelationshipFactory( source=self.assessment, destination=evidence ).id self.evidence_id = evidence.id self.parent = parent self.admin_acr_id = all_models.AccessControlRole.query.filter_by( name="Admin", object_type="Evidence", ).one().id self.user_id = user_id self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api if user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user)
class TestAudit(TestCase): """ Test Audit class. """ def setUp(self): super(TestAudit, self).setUp() self.api = Api() self.gen = generator.ObjectGenerator() def generate_control_mappings(self, control): """Map Control to several Assessments""" acr_creator = all_models.AccessControlRole.query.filter_by( name="Creators", object_type="Assessment").first() with factories.single_commit(): person = factories.PersonFactory() asmnt_ids = [] for _ in range(2): asmnt = factories.AssessmentFactory() asmnt_ids.append(asmnt.id) factories.AccessControlListFactory(object=asmnt, person=person, ac_role=acr_creator) for asmnt_id in asmnt_ids: asmnt = all_models.Assessment.query.get(asmnt_id) self.gen.generate_relationship(source=asmnt, destination=control) def test_creation_mapped_control(self): """Check creation of new Audit if Program has Control with mapped roles""" control = factories.ControlFactory() # Map original of control to several assessments to get propagated roles self.generate_control_mappings(control) # Existing control should be updated to create new revision with ACL self.api.put(control, {"title": "Test Control"}) program = factories.ProgramFactory() factories.RelationshipFactory(source=program, destination=control) response = self.api.post(all_models.Audit, [{ "audit": { "title": "New Audit", "program": { "id": program.id }, "status": "Planned", "context": None } }]) self.assert200(response)
def __init__(self, user_id, acr, parent=None): """Set up objects for Assessment permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ self.setup_program_scope(user_id, acr, parent) self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api if user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user)
def __init__(self, user_id, acr, parent=None): """Set up objects for permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api self.acr = acr self.user_id = user_id self.parent_name = parent self.document_id = None self.parent = None self.parent_id = None self.setup_models(self.parent_name) self.set_user(user_id)
class CycleRBACFactory(base.BaseRBACFactory): """Cycle RBAC factory class.""" def __init__(self, user_id, acr, parent=None): """Set up objects for Cycle permission tests. Args: user_id: Id of user under which all operations will be run. object_acl: Dict with format: { acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ # pylint: disable=unused-argument self.setup_workflow_scope(user_id, acr) self.api = Api() if user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user) def create(self): """Create new cycle for Workflow.""" return self.generate_cycle(self.workflow_id, self.api) def update(self): """Update existing cycle.""" cycle = all_models.Cycle.query.first() return self.api.put(cycle, {"title": factories.random_str()}) def delete(self): """Delete existing cycle.""" cycle = all_models.Cycle.query.first() return self.api.delete(cycle) def activate(self): """Activate Workflow.""" workflow = all_models.Workflow.query.get(self.workflow_id) cycle = wf_factories.CycleFactory(workflow=workflow) return self.api.put( workflow, { "status": "Active", "recurrences": bool(workflow.repeat_every and workflow.unit), "cycles": [{ "id": cycle.id, "type": "Cycle", }] }) def read(self): """Read existing Cycle object.""" cycle = all_models.Cycle.query.first() return self.api.get(cycle, cycle.id) def end(self): """End existing Cycle.""" cycle = all_models.Cycle.query.first() return self.api.put(cycle, {"is_current": False})
class CycleRBACFactory(base.BaseRBACFactory): """Cycle RBAC factory class.""" def __init__(self, user_id, acr, parent=None): """Set up objects for Cycle permission tests. Args: user_id: Id of user under which all operations will be run. object_acl: Dict with format: { acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ # pylint: disable=unused-argument self.setup_workflow_scope(user_id, acr) self.api = Api() if user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user) def create(self): """Create new cycle for Workflow.""" return self.generate_cycle(self.workflow_id, self.api) def update(self): """Update existing cycle.""" cycle = all_models.Cycle.query.first() return self.api.put(cycle, {"title": factories.random_str()}) def delete(self): """Delete existing cycle.""" cycle = all_models.Cycle.query.first() return self.api.delete(cycle) def activate(self): """Activate Workflow.""" workflow = all_models.Workflow.query.get(self.workflow_id) cycle = wf_factories.CycleFactory(workflow=workflow) return self.api.put(workflow, { "status": "Active", "recurrences": bool(workflow.repeat_every and workflow.unit), "cycles": [{ "id": cycle.id, "type": "Cycle", }] }) def read(self): """Read existing Cycle object.""" cycle = all_models.Cycle.query.first() return self.api.get(cycle, cycle.id) def end(self): """End existing Cycle.""" cycle = all_models.Cycle.query.first() return self.api.put(cycle, {"is_current": False})
def __init__(self, user_id, acr, parent=None): """Set up objects for Assessment Template permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ self.setup_program_scope(user_id, acr, parent) with factories.single_commit(): template = factories.AssessmentTemplateFactory(audit=self.audit) factories.RelationshipFactory(source=self.audit, destination=template) self.template_id = template.id self.default_assignees = "Admin" self.default_verifiers = "Admin" self.api = Api() if user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user)
class CycleTaskGroupRBACFactory(base.BaseRBACFactory): """Cycle Task Group RBAC factory class.""" def __init__(self, user_id, acr, parent=None): """Set up objects for Cycle Task Group permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ # pylint: disable=unused-argument self.setup_workflow_scope(user_id, acr) self.admin_control_id = { name: id_ for id_, name in access_control.role.get_custom_roles_for("Control").items() }["Admin"] self.api = Api() if user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user) def read(self): """Read existing Cycle Task Group object.""" cycle_tg = all_models.CycleTaskGroup.query.first() return self.api.get(all_models.CycleTaskGroup, cycle_tg.id) def update(self): """Update title of existing Cycle Task Group object.""" cycle_tg = all_models.CycleTaskGroup.query.first() return self.api.put(cycle_tg, {"title": factories.random_str()}) def delete(self): """Delete Cycle Task Group object.""" cycle_tg = all_models.CycleTaskGroup.query.first() return self.api.delete(cycle_tg)
class CycleTaskGroupRBACFactory(base.BaseRBACFactory): """Cycle Task Group RBAC factory class.""" def __init__(self, user_id, acr, parent=None): """Set up objects for Cycle Task Group permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ # pylint: disable=unused-argument self.setup_workflow_scope(user_id, acr) self.admin_control_id = { name: id_ for id_, name in access_control.role.get_custom_roles_for( "Control").items() }["Admin"] self.api = Api() if user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user) def read(self): """Read existing Cycle Task Group object.""" cycle_tg = all_models.CycleTaskGroup.query.first() return self.api.get(all_models.CycleTaskGroup, cycle_tg.id) def update(self): """Update title of existing Cycle Task Group object.""" cycle_tg = all_models.CycleTaskGroup.query.first() return self.api.put(cycle_tg, {"title": factories.random_str()}) def delete(self): """Delete Cycle Task Group object.""" cycle_tg = all_models.CycleTaskGroup.query.first() return self.api.delete(cycle_tg)
def setUp(self): super(TestAccessControlListValidation, self).setUp() self.api = Api() self.client.get("/login") role_ids = db.session.query( all_models.AccessControlRole.id ).filter( all_models.AccessControlRole.object_type.in_(("Control", "Objective")), all_models.AccessControlRole.name == "Admin" ).order_by(all_models.AccessControlRole.object_type) role_ids = [id_[0] for id_ in role_ids] self.control_admin_acr_id, self.objective_admin_acr_id = role_ids
class TestIssueDueDate(TestCase): """Test suite to test Due Date of Issue""" def setUp(self): self.clear_data() super(TestIssueDueDate, self).setUp() self.api = Api() def test_issue_due_date_post(self): """Test POST requests to Issue.due_date""" response = self.api.post(all_models.Issue, data={ "issue": { "title": "TestDueDate", "context": None, "due_date": "06/14/2018", } }) self.assertEqual(201, response.status_code) due_date = all_models.Issue.query.first().due_date.strftime("%m/%d/%Y") self.assertEqual(due_date, "06/14/2018") def test_issue_due_date_get(self): """Test GET HTTP requests to Issue.due_date""" issue = factories.IssueFactory(due_date=datetime.date(2018, 6, 14)) response = self.api.get(all_models.Issue, issue.id) issue_json = response.json self.assert200(response) self.assertEqual(issue_json["issue"]["due_date"], "2018-06-14") def test_issue_due_date_put(self): """Test PUT HTTP requests to Issue.due_date""" issue = factories.IssueFactory(due_date=datetime.date(2018, 6, 14)) data = issue.log_json() data["due_date"] = "2018-06-15" response = self.api.put(issue, data) self.assert200(response) self.assertEqual(response.json["issue"]["due_date"], "2018-06-15")
class CycleTaskEntryRBACFactory(base.BaseRBACFactory): """Cycle Task Entry RBAC factory class.""" def __init__(self, user_id, acr, parent=None): """Set up objects for Cycle Task Entry permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ # pylint: disable=unused-argument self.setup_workflow_scope(user_id, acr) self.api = Api() self.create() if user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user) def create(self): """Create new Cycle Task Entry object.""" cycle_task = all_models.CycleTaskGroupObjectTask.query.first() return self.api.post(all_models.CycleTaskEntry, { "cycle_task_entry": { "description": "New Comment", "is_declining_review": "", "context": None, "cycle_task_group_object_task": { "id": cycle_task.id, "type": "CycleTaskGroupObjectTask", }, "cycle": { "id": cycle_task.cycle.id, "type": "Cycle", }, } }) def read(self): """Read existing Cycle Task Entry object.""" cycle_task_entry = all_models.CycleTaskEntry.query.first() return self.api.get(cycle_task_entry, cycle_task_entry.id) def update(self): """Update title of existing Cycle Task Entry object.""" cycle_task_entry = all_models.CycleTaskEntry.query.first() return self.api.put( cycle_task_entry, {"description": factories.random_str()} ) def delete(self): """Delete Cycle Task Entry object.""" cycle_task_entry = all_models.CycleTaskEntry.query.first() return self.api.delete(cycle_task_entry)
class TestIssue(TestCase): """ Test Issue class. """ def setUp(self): super(TestIssue, self).setUp() self.api = Api() with factories.single_commit(): audit = factories.AuditFactory() for status in all_models.Issue.VALID_STATES: factories.IssueFactory(audit=audit, status=status) def test_filter_by_status(self): """Test Issue filtering by status.""" query_request_data = [{ 'fields': [], 'filters': { 'expression': { 'left': { 'left': 'status', 'op': { 'name': '=' }, 'right': 'Fixed' }, 'op': { 'name': 'OR' }, 'right': { 'left': 'status', 'op': { 'name': '=' }, 'right': 'Fixed and Verified' }, }, }, 'object_name': 'Issue', 'permissions': 'read', 'type': 'values', }] response = self.api.send_request(self.api.client.post, data=query_request_data, api_link="/query") self.assertEqual(response.status_code, 200) statuses = {i["status"] for i in response.json[0]["Issue"]["values"]} self.assertEqual(statuses, {"Fixed", "Fixed and Verified"})
class TestIssue(TestCase): """ Test Issue class. """ def setUp(self): super(TestIssue, self).setUp() self.api = Api() with factories.single_commit(): audit = factories.AuditFactory() for status in all_models.Issue.VALID_STATES: factories.IssueFactory(audit=audit, status=status) def test_filter_by_status(self): """Test Issue filtering by status.""" query_request_data = [{ 'fields': [], 'filters': { 'expression': { 'left': { 'left': 'status', 'op': {'name': '='}, 'right': 'Fixed' }, 'op': {'name': 'OR'}, 'right': { 'left': 'status', 'op': {'name': '='}, 'right': 'Fixed and Verified' }, }, }, 'object_name': 'Issue', 'permissions': 'read', 'type': 'values', }] response = self.api.send_request( self.api.client.post, data=query_request_data, api_link="/query" ) self.assertEqual(response.status_code, 200) statuses = {i["status"] for i in response.json[0]["Issue"]["values"]} self.assertEqual(statuses, {"Fixed", "Fixed and Verified"})
def __init__(self, user_id, acr, parent=None): """Set up objects for Cycle Task Group permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ # pylint: disable=unused-argument self.setup_workflow_scope(user_id, acr) self.admin_control_id = { name: id_ for id_, name in access_control.role.get_custom_roles_for("Control").items() }["Admin"] self.api = Api() if user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user)
def __init__(self, user_id, acr, parent=None): """Set up objects for Program permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ # pylint: disable=unused-argument self.setup_program_scope(user_id, acr, "Program") self.admin_control_id = { name: id for id, name in access_control.role.get_custom_roles_for("Control").items() }["Admin"] self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api if user_id: self.user_id = user_id user = all_models.Person.query.get(user_id) self.api.set_user(user)
class ProgramRBACFactory(base.BaseRBACFactory): """Program RBAC factory class.""" def __init__(self, user_id, acr, parent=None): """Set up objects for Program permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ # pylint: disable=unused-argument self.setup_program_scope(user_id, acr, "Program") self.admin_control_id = { name: id for id, name in access_control.role.get_custom_roles_for( "Control").items() }["Admin"] self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api if user_id: self.user_id = user_id user = all_models.Person.query.get(user_id) self.api.set_user(user) def create(self): """Create new Program object.""" return self.api.post( all_models.Program, { "program": { "title": "New program", "program": { "id": self.program_id }, "context": None, "access_control_list": [], } }) def read(self): """Read existing Audit object.""" return self.api.get(all_models.Program, self.program_id) def update(self): """Update title of existing Audit object.""" program = all_models.Program.query.get(self.program_id) return self.api.put(program, {"title": factories.random_str()}) def delete(self): """Delete Audit object.""" program = all_models.Program.query.get(self.program_id) return self.api.delete(program) def read_revisions(self): """Read revisions for Assessment object.""" responses = [] for query in [ "source_type={}&source_id={}", "destination_type={}&destination_id={}", "resource_type={}&resource_id={}" ]: responses.append( self.api.get_query(all_models.Program, query.format("program", self.program_id))) return responses def map_control(self): """Map new Control to Program.""" with factories.single_commit(): control = factories.ControlFactory() for acl in control._access_control_list: if acl.ac_role_id == self.admin_control_id: factories.AccessControlPersonFactory( person_id=self.user_id, ac_list=acl, ) program = all_models.Program.query.get(self.program_id) return self.objgen.generate_relationship( source=program, destination=control, )[0] def unmap_control(self): """Unmap Control from Program.""" control = factories.ControlFactory() program = all_models.Program.query.get(self.program_id) rel = factories.RelationshipFactory(source=control, destination=program) return self.api.delete(rel) def read_mapped(self): """Read project mapped to Program.""" program = all_models.Program.query.get(self.program_id) with factories.single_commit(): project = factories.ProjectFactory() factories.RelationshipFactory(source=project, destination=program) return self.api.get(project, project.id) def update_mapped(self): """Update project mapped to Program.""" program = all_models.Program.query.get(self.program_id) with factories.single_commit(): project = factories.ProjectFactory() factories.RelationshipFactory(source=project, destination=program) return self.api.put(project, {"title": factories.random_str()}) def delete_mapped(self): """Delete project mapped to Program.""" program = all_models.Program.query.get(self.program_id) with factories.single_commit(): project = factories.ProjectFactory() factories.RelationshipFactory(source=project, destination=program) return self.api.delete(project)
def setUp(self): super(TestAudit, self).setUp() self.api = Api() self.gen = generator.ObjectGenerator()
class EvidenceRBACFactory(base.BaseRBACFactory): """Evidence RBAC factory class.""" def __init__(self, user_id, acr, parent=None): """Set up objects for Evidence permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ self.setup_program_scope(user_id, acr) with factories.single_commit(): evidence = factories.EvidenceUrlFactory() if parent == "Audit": self.mapping_id = factories.RelationshipFactory( source=self.audit, destination=evidence).id elif parent == "Assessment": self.mapping_id = factories.RelationshipFactory( source=self.assessment, destination=evidence).id self.evidence_id = evidence.id self.parent = parent self.admin_acr_id = all_models.AccessControlRole.query.filter_by( name="Admin", object_type="Evidence", ).one().id self.user_id = user_id self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api if user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user) def create(self): """Create new Evidence object.""" result = self.api.post( all_models.Evidence, { "evidence": { "access_control_list": [{ "ac_role_id": self.admin_acr_id, "person": { "id": self.user_id, "type": "Person", } }], "link": factories.random_str(), "title": factories.random_str(), "context": None, } }) return result def read(self): """Read existing Evidence object.""" res = self.api.get(all_models.Evidence, self.evidence_id) return res def update(self): """Update title of existing Evidence object.""" evidence = all_models.Evidence.query.get(self.evidence_id) return self.api.put(evidence, {"title": factories.random_str()}) def delete(self): """Delete Evidence object.""" evidence = all_models.Evidence.query.get(self.evidence_id) return self.api.delete(evidence) def map(self, evidence=None): """Map Evidence to parent object.""" if self.parent == "Audit": parent = all_models.Audit.query.get(self.audit_id) else: parent = all_models.Assessment.query.get(self.assessment_id) map_evidence = evidence if evidence else factories.EvidenceUrlFactory() return self.api.put( parent, { "actions": { "add_related": [{ "id": map_evidence.id, "type": "Evidence", }] } }) def create_and_map(self): """Create new Evidence and map it to parent.""" response = self.create() evidence_id = None if response.json and response.json.get("evidence"): evidence_id = response.json.get("evidence", {}).get("id") if not evidence_id: return response evidence = all_models.Evidence.query.get(evidence_id) return self.map(evidence) def add_comment(self): """Map new comment to evidence.""" evidence = all_models.Evidence.query.get(self.evidence_id) _, comment = self.objgen.generate_object( all_models.Comment, { "description": factories.random_str(), "context": None, }) return self.objgen.generate_relationship(source=evidence, destination=comment)[0] def read_comments(self): """Read comments mapped to evidence""" evidence = all_models.Evidence.query.get(self.evidence_id) with factories.single_commit(): comment = factories.CommentFactory( description=factories.random_str()) factories.RelationshipFactory(source=evidence, destination=comment) query_request_data = [{ "fields": [], "filters": { "expression": { "object_name": "Evidence", "op": { "name": "relevant" }, "ids": [evidence.id] } }, "object_name": "Comment", }] response = self.api.send_request(self.api.client.post, data=query_request_data, api_link="/query") return response
def setUp(self): self.clear_data() super(TestIssueDueDate, self).setUp() self.api = Api()
class TestEvidenceRolePropagation(TestCase): """Evidence role propagation test case""" # pylint: disable=invalid-name def setUp(self): super(TestEvidenceRolePropagation, self).setUp() self.api = Api() self.generator = ObjectGenerator() # Propagation isn't work for 'Primary Contacts', 'Secondary Contacts' # just add them to data list to check if fix works. @ddt.data("Assignees", "Creators", "Verifiers") def test_assessment_role_propagation_edit(self, role_name): """Asses user with role '{0}' should be able to edit related evidence""" _, reader = self.generator.generate_person(user_role="Creator") with factories.single_commit(): assessment = factories.AssessmentFactory() assessment.add_person_with_role_name(reader, role_name) evidence = factories.EvidenceFactory() evidence_id = evidence.id factories.RelationshipFactory(source=assessment, destination=evidence) self.api.set_user(reader) evidence = all_models.Evidence.query.get(evidence_id) new_description = 'new description' resp = self.api.modify_object(evidence, {'description': new_description}) evidence = self.refresh_object(evidence) self.assert200(resp) self.assertEquals(new_description, evidence.description) self.assertEquals(reader.id, evidence.modified_by_id) @ddt.data( ("Creator", "Audit Captains", 200), ("Creator", "Auditors", 403), ("Reader", "Audit Captains", 200), ("Reader", "Auditors", 403), ("Editor", "Audit Captains", 200), ("Editor", "Auditors", 200), ) @ddt.unpack def test_audit_role_propagation_edit(self, user_role, audit_role, status_code): """'{0}' assigned as '{1}' should get '{2}' when editing audit evidence""" _, user = self.generator.generate_person(user_role=user_role) with factories.single_commit(): audit = factories.AuditFactory() audit.add_person_with_role_name(user, audit_role) evidence = factories.EvidenceFactory() evidence_id = evidence.id factories.RelationshipFactory(source=audit, destination=evidence) self.api.set_user(user) evidence = all_models.Evidence.query.get(evidence_id) new_description = 'new description' resp = self.api.modify_object(evidence, {'description': new_description}) evidence = self.refresh_object(evidence) if status_code == 200: self.assert200(resp) self.assertEquals(new_description, evidence.description) self.assertEquals(user.id, evidence.modified_by_id) else: self.assertStatus(resp, status_code) def test_audit_role_propagation_not_delete(self): """Audit user with role Auditors can NOT delete related evidence""" role_name = "Auditors" _, reader = self.generator.generate_person(user_role="Reader") with factories.single_commit(): audit = factories.AuditFactory() audit.add_person_with_role_name(reader, role_name) evidence = factories.EvidenceFactory() evidence_id = evidence.id factories.RelationshipFactory(source=audit, destination=evidence) self.api.set_user(reader) evidence = all_models.Evidence.query.get(evidence_id) resp = self.api.delete(evidence) self.assertStatus(resp, 403) evidence = all_models.Evidence.query.get(evidence_id) self.assertTrue(evidence)
class TestAssessmentTemplate(TestCase): """ Test AssessmentTemplate class. """ def setUp(self): super(TestAssessmentTemplate, self).setUp() self.api = Api() def test_audit_setup(self): """Test audit setup for assessment_template""" audit = factories.AuditFactory() response = self.api.post( all_models.AssessmentTemplate, { "assessment_template": { "audit": { "id": audit.id }, "context": { "id": audit.context.id }, "default_people": { "assignees": "Admin", "verifiers": "Admin", }, "title": "Some title" } }) self.assertStatus(response, 201) template_id = response.json["assessment_template"]["id"] template = all_models.AssessmentTemplate.query.get(template_id) self.assertEqual(template.audit.id, audit.id) def test_audit_issue_tracker(self): """Test existing audit issue_tracker info in template response""" with factories.single_commit(): audit = factories.AuditFactory() audit_id = audit.id factories.IssueTrackerIssueFactory( issue_tracked_obj=audit, component_id="some component id", hotlist_id="some host id", title="some title", issue_id="some issue id") template_id = factories.AssessmentTemplateFactory( audit=audit, context=audit.context).id response = self.api.get(all_models.AssessmentTemplate, template_id) self.assert200(response) audit = all_models.Audit.query.get(audit_id) default_issue_type = constants.DEFAULT_ISSUETRACKER_VALUES[ 'issue_type'] self.assertEqual( response.json["assessment_template"]["audit"], { u"type": u"Audit", u"id": long(audit.id), u'title': unicode(audit.title), u"href": u"/api/audits/{}".format(long(audit.id)), u"context_id": long(audit.context.id), u"issue_tracker": { u'_warnings': [], u"component_id": u"some component id", u"enabled": False, u"issue_severity": None, u"hotlist_id": u"some host id", u"issue_id": u"some issue id", u"issue_priority": None, u"issue_type": default_issue_type, u"issue_url": None, u"title": "some title", u"people_sync_enabled": True, } })
def setUp(self): super(TestReindex, self).setUp() self.api = Api()
class EvidenceRBACFactory(base.BaseRBACFactory): """Evidence RBAC factory class.""" def __init__(self, user_id, acr, parent=None): """Set up objects for Evidence permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ self.setup_program_scope(user_id, acr) with factories.single_commit(): evidence = factories.EvidenceUrlFactory() if parent == "Audit": self.mapping_id = factories.RelationshipFactory( source=self.audit, destination=evidence ).id elif parent == "Assessment": self.mapping_id = factories.RelationshipFactory( source=self.assessment, destination=evidence ).id self.evidence_id = evidence.id self.parent = parent self.admin_acr_id = all_models.AccessControlRole.query.filter_by( name="Admin", object_type="Evidence", ).one().id self.user_id = user_id self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api if user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user) def create(self): """Create new Evidence object.""" result = self.api.post(all_models.Evidence, { "evidence": { "access_control_list": [{ "ac_role_id": self.admin_acr_id, "person": { "id": self.user_id, "type": "Person", } }], "link": factories.random_str(), "title": factories.random_str(), "context": None, } }) return result def read(self): """Read existing Evidence object.""" res = self.api.get(all_models.Evidence, self.evidence_id) return res def update(self): """Update title of existing Evidence object.""" evidence = all_models.Evidence.query.get(self.evidence_id) return self.api.put(evidence, {"title": factories.random_str()}) def delete(self): """Delete Evidence object.""" evidence = all_models.Evidence.query.get(self.evidence_id) return self.api.delete(evidence) def map(self, evidence=None): """Map Evidence to parent object.""" if self.parent == "Audit": parent = all_models.Audit.query.get(self.audit_id) else: parent = all_models.Assessment.query.get(self.assessment_id) map_evidence = evidence if evidence else factories.EvidenceUrlFactory() return self.api.put(parent, { "actions": { "add_related": [{ "id": map_evidence.id, "type": "Evidence", }] } }) def create_and_map(self): """Create new Evidence and map it to parent.""" response = self.create() evidence_id = None if response.json and response.json.get("evidence"): evidence_id = response.json.get("evidence", {}).get("id") if not evidence_id: return response evidence = all_models.Evidence.query.get(evidence_id) return self.map(evidence) def add_comment(self): """Map new comment to evidence.""" evidence = all_models.Evidence.query.get(self.evidence_id) _, comment = self.objgen.generate_object(all_models.Comment, { "description": factories.random_str(), "context": None, }) return self.objgen.generate_relationship(source=evidence, destination=comment)[0] def read_comments(self): """Read comments mapped to evidence""" evidence = all_models.Evidence.query.get(self.evidence_id) with factories.single_commit(): comment = factories.CommentFactory(description=factories.random_str()) factories.RelationshipFactory(source=evidence, destination=comment) query_request_data = [{ "fields": [], "filters": { "expression": { "object_name": "Evidence", "op": { "name": "relevant" }, "ids": [evidence.id] } }, "object_name": "Comment", }] response = self.api.send_request( self.api.client.post, data=query_request_data, api_link="/query" ) return response
def setUp(self): super(TestSnapshot, self).setUp() self.api = Api()
class TestAssessmentTemplate(TestCase): """ Test AssessmentTemplate class. """ def setUp(self): super(TestAssessmentTemplate, self).setUp() self.api = Api() def test_audit_setup(self): """Test audit setup for assessment_template""" audit = factories.AuditFactory() response = self.api.post(all_models.AssessmentTemplate, { "assessment_template": { "audit": {"id": audit.id}, "context": {"id": audit.context.id}, "default_people": { "assignees": "Admin", "verifiers": "Admin", }, "title": "Some title" } }) self.assertStatus(response, 201) template_id = response.json["assessment_template"]["id"] template = all_models.AssessmentTemplate.query.get(template_id) self.assertEqual(template.audit.id, audit.id) def test_audit_issue_tracker(self): """Test existing audit issue_tracker info in template response""" with factories.single_commit(): audit = factories.AuditFactory() audit_id = audit.id factories.IssueTrackerIssueFactory( issue_tracked_obj=audit, component_id="some component id", hotlist_id="some host id", title="some title", issue_id="some issue id" ) template_id = factories.AssessmentTemplateFactory( audit=audit, context=audit.context ).id response = self.api.get(all_models.AssessmentTemplate, template_id) self.assert200(response) audit = all_models.Audit.query.get(audit_id) default_issue_type = constants.DEFAULT_ISSUETRACKER_VALUES['issue_type'] self.assertEqual( response.json["assessment_template"]["audit"], { u"type": u"Audit", u"id": long(audit.id), u'title': unicode(audit.title), u"href": u"/api/audits/{}".format(long(audit.id)), u"context_id": long(audit.context.id), u"issue_tracker": { u'_warnings': [], u"component_id": u"some component id", u"enabled": False, u"issue_severity": None, u"hotlist_id": u"some host id", u"issue_id": u"some issue id", u"issue_priority": None, u"issue_type": default_issue_type, u"issue_url": None, u"title": "some title", u"people_sync_enabled": True, } } )
class DocumentReferenceUrlRBACFactory(base.BaseRBACFactory): """Document Reference Url RBAC factory class.""" def __init__(self, user_id, acr, parent=None): """Set up objects for Document permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api self.acr = acr self.user_id = user_id self.parent_name = parent self.document_id = None self.parent = None self.parent_id = None self.admin_acr_id = all_models.AccessControlRole.query.filter_by( name="Admin", object_type="Document", ).one().id self.setup_models(self.parent_name) self.set_user(user_id) def set_user(self, user_id): """Set user to send requests""" if self.user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user) def setup_models(self, parent_name): """Setup document, parent, relationship""" with factories.single_commit(): document = factories.DocumentReferenceUrlFactory() self.document_id = document.id self.parent = self.build_parent(parent_name) self.parent_id = self.parent.id factories.RelationshipFactory(source=self.parent, destination=document) self.assign_person(self.parent, self.acr, self.user_id) @staticmethod def build_parent(parent_name): """Create parent based on Name""" try: parent = FACTORIES_MAPPING[parent_name]() except KeyError(): raise ValueError("Unknown parent {}".format(parent_name)) return parent def create(self): """Create new Document object.""" result = self.api.post(all_models.Document, { "document": { "access_control_list": [{ "ac_role_id": self.admin_acr_id, "person": { "id": self.user_id, "type": "Person", } }], "link": factories.random_str(), "title": factories.random_str(), "context": None, } }) return result def read(self): """Read existing Document object.""" res = self.api.get(all_models.Document, self.document_id) return res def update(self): """Update title of existing Document object.""" document = all_models.Document.query.get(self.document_id) return self.api.put(document, {"title": factories.random_str()}) def delete(self): """Delete Document object.""" document = all_models.Document.query.get(self.document_id) return self.api.delete(document) def map(self, document=None): """Map Document to parent object.""" parent = self.parent.__class__.query.get(self.parent_id) map_document = document if document \ else factories.DocumentReferenceUrlFactory() return self.objgen.generate_relationship( source=parent, destination=map_document )[0] def create_and_map(self): """Create new Document and map it to parent.""" response = self.create() document_id = None if response.json and response.json.get("document"): document_id = response.json.get("document", {}).get("id") if not document_id: return response document = all_models.Document.query.get(document_id) return self.map(document) def add_comment(self): """Map new comment to document.""" document = all_models.Document.query.get(self.document_id) _, comment = self.objgen.generate_object(all_models.Comment, { "description": factories.random_str(), "context": None, }) return self.objgen.generate_relationship(source=document, destination=comment)[0] def read_comments(self): """Read comments mapped to document""" document = all_models.Document.query.get(self.document_id) with factories.single_commit(): comment = factories.CommentFactory(description=factories.random_str()) factories.RelationshipFactory(source=document, destination=comment) query_request_data = [{ "fields": [], "filters": { "expression": { "object_name": "Document", "op": { "name": "relevant" }, "ids": [document.id] } }, "object_name": "Comment", }] response = self.api.send_request( self.api.client.post, data=query_request_data, api_link="/query" ) return response
def setUp(self): super(TestAssessmentTemplate, self).setUp() self.api = Api()
class UniversalRBACFactory(base.BaseRBACFactory): """Universal RBAC factory class. Can be used in 'one rank' tests """ # pylint: disable=too-many-instance-attributes def __init__(self, user_id, acr, parent=None): """Set up objects for permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ self.api = Api() self.objgen = generator.ObjectGenerator() self.objgen.api = self.api self.acr = acr self.user_id = user_id self.parent_name = parent self.document_id = None self.parent = None self.parent_id = None self.setup_models(self.parent_name) self.set_user(user_id) def set_user(self, user_id): """Set user to send requests""" if self.user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user) def setup_models(self, parent_name): """Setup document, parent, relationship""" with factories.single_commit(): self.parent = get_model_factory(parent_name)() self.parent_id = self.parent.id self.parent_name = parent_name self.assign_person(self.parent, self.acr, self.user_id) def _setup_document(self): """Crate and map document""" with factories.single_commit(): document = factories.DocumentReferenceUrlFactory() parent = db.session.query(self.parent.__class__).get(self.parent_id) factories.RelationshipFactory(source=parent, destination=document) return document.id def _setup_comment(self): """Crate and map comment""" with factories.single_commit(): comment = factories.CommentFactory(description="Hey!") parent = db.session.query(self.parent.__class__).get(self.parent_id) factories.RelationshipFactory(source=parent, destination=comment) return comment.id def read_parent(self): """Can Read parent info.""" res = self.api.get(self.parent, self.parent_id) return res def create_and_map_document(self): """Create and map document object to parent.""" admin_acr_id = all_models.AccessControlRole.query.filter_by( name="Admin", object_type="Document", ).one().id _, document = self.objgen.generate_object( all_models.Document, { "link": factories.random_str(), "title": factories.random_str(), "context": None, "access_control_list": [ { "ac_role_id": admin_acr_id, "person": { "id": self.user_id, "type": "Person", } } ], } ) parent = db.session.query(self.parent.__class__).get(self.parent_id) return self.objgen.generate_relationship( source=document, destination=parent )[0] def read_document(self): """Read existing Document object.""" doc_id = self._setup_document() res = self.api.get(all_models.Document, doc_id) return res def update_document(self): """Update title of existing Document object.""" doc_id = self._setup_document() document = all_models.Document.query.get(doc_id) return self.api.put(document, {"title": factories.random_str()}) def delete_document(self): """Delete Document object.""" doc_id = self._setup_document() document = all_models.Document.query.get(doc_id) return self.api.delete(document) def create_and_map_comment(self): """Create new Comment object and map to parent.""" _, comment = self.objgen.generate_object( all_models.Comment, { "description": factories.random_str(), "context": None, } ) parent = db.session.query(self.parent.__class__).get(self.parent_id) return self.objgen.generate_relationship( source=parent, destination=comment )[0] def read_comment(self): """Read existing Comment object.""" comment_id = self._setup_comment() res = self.api.get(all_models.Comment, comment_id) return res def create_and_map_document_comment(self): """Map new comment to document.""" doc_id = self._setup_document() _, comment = self.objgen.generate_object( all_models.Comment, { "description": factories.random_str(), "context": None, } ) document = all_models.Document.query.get(doc_id) return self.objgen.generate_relationship( source=document, destination=comment )[0] def read_document_comment(self): """Read comments mapped to document""" doc_id = self._setup_document() document = all_models.Document.query.get(doc_id) with factories.single_commit(): comment = factories.CommentFactory(description=factories.random_str()) factories.RelationshipFactory(source=document, destination=comment) query_request_data = [ { "fields": [], "filters": { "expression": { "object_name": "Document", "op": { "name": "relevant" }, "ids": [document.id] } }, "object_name": "Comment", } ] response = self.api.send_request( self.api.client.post, data=query_request_data, api_link="/query" ) return response
class WorkflowRBACFactory(base.BaseRBACFactory): """Workflow RBAC factory class.""" def __init__(self, user_id, acr, parent=None): """Set up objects for Workflow permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ # pylint: disable=unused-argument self.setup_workflow_scope(user_id, acr) self.api = Api() if user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user) def create(self): """Create new Workflow object.""" return self.api.post(all_models.Workflow, { "workflow": { "title": "New workflow", "context": None, } }) def read(self): """Read existing Workflow object.""" return self.api.get(all_models.Workflow, self.workflow_id) def update(self): """Update title of existing Workflow object.""" workflow = all_models.Workflow.query.get(self.workflow_id) return self.api.put(workflow, {"title": factories.random_str()}) def delete(self): """Delete Workflow object.""" workflow = all_models.Workflow.query.get(self.workflow_id) return self.api.delete(workflow) def read_revisions(self): """Read revisions for Workflow object.""" responses = [] for query in ["source_type={}&source_id={}", "destination_type={}&destination_id={}", "resource_type={}&resource_id={}"]: responses.append( self.api.get_query( all_models.Workflow, query.format("workflow", self.workflow_id) ) ) return responses def clone(self): """Clone existing Workflow object.""" with factories.single_commit(): task_group = wf_factories.TaskGroupFactory(workflow_id=self.workflow_id) wf_factories.TaskGroupTaskFactory(task_group=task_group) return self.api.post(all_models.Workflow, { "workflow": { # workaround - title is required for validation "title": "", "clone": self.workflow_id, "clone_objects": True, "clone_people": True, "clone_tasks": True, "context": None, } })
class TestReviewNotification(TestCase): """Test notification on Review status change.""" def setUp(self): super(TestReviewNotification, self).setUp() self.client.get("/login") self.generator = generator.ObjectGenerator() self.api = Api() @ddt.data( (all_models.Review.NotificationTypes.EMAIL_TYPE, 1), (all_models.Review.NotificationTypes.ISSUE_TRACKER, 0), ) @ddt.unpack def test_notification_add_new_review(self, notification_type, expected_notifications): """After creation of new review notification should be created""" program = factories.ProgramFactory() resp, _ = self.generator.generate_object( all_models.Review, { "reviewable": { "type": program.type, "id": program.id, }, "context": None, "notification_type": notification_type, "status": all_models.Review.STATES.UNREVIEWED, "access_control_list": build_reviewer_acl(), }, ) self.assertEqual(201, resp.status_code) self.assertEqual(expected_notifications, len(all_models.Notification.query.all())) @ddt.data( (all_models.Review.NotificationTypes.EMAIL_TYPE, 1), (all_models.Review.NotificationTypes.ISSUE_TRACKER, 0), ) @ddt.unpack def test_reviewable_attributes(self, notification_type, expected_notifications): """Review change state to Unreviewed Notification with notification type STATUS_UNREVIEWED created """ with factories.single_commit(): program = factories.ProgramFactory() review = factories.ReviewFactory( status=all_models.Review.STATES.REVIEWED, reviewable=program, notification_type=notification_type) review_id = review.id reviewable = review.reviewable self.api.modify_object(reviewable, {"title": "new title"}) review = all_models.Review.query.get(review_id) self.assertEqual(review.status, all_models.Review.STATES.UNREVIEWED) review_notif_types = all_models.Review.NotificationObjectTypes notyf_unreviewed_type = all_models.Notification.query.join( all_models.NotificationType).filter( all_models.NotificationType.name == review_notif_types.STATUS_UNREVIEWED).all() self.assertEqual(expected_notifications, len(notyf_unreviewed_type)) @ddt.data( (all_models.Review.NotificationTypes.EMAIL_TYPE, 1), (all_models.Review.NotificationTypes.ISSUE_TRACKER, 0), ) @ddt.unpack def test_map_snapshotable_notification(self, notification_type, expected_notifications): """Map snapshotable should change review status and add notification""" with factories.single_commit(): program = factories.ProgramFactory() review = factories.ReviewFactory( status=all_models.Review.STATES.REVIEWED, reviewable=program, notification_type=notification_type) review_id = review.id self.generator.generate_relationship( source=program, destination=factories.ProductFactory(), context=None, ) review = all_models.Review.query.get(review_id) self.assertEqual(review.status, all_models.Review.STATES.UNREVIEWED) review_notif_types = all_models.Review.NotificationObjectTypes notyf_unreviewed_type = all_models.Notification.query.join( all_models.NotificationType).filter( all_models.NotificationType.name == review_notif_types.STATUS_UNREVIEWED).all() self.assertEqual(expected_notifications, len(notyf_unreviewed_type)) @ddt.data( (all_models.Review.NotificationTypes.EMAIL_TYPE, 1), (all_models.Review.NotificationTypes.ISSUE_TRACKER, 0), ) @ddt.unpack def test_proposal_apply_notification(self, notification_type, expected_notifications): """Reviewable object changed via proposal -> notification created""" with factories.single_commit(): program = factories.ProgramFactory() review = factories.ReviewFactory( status=all_models.Review.STATES.REVIEWED, reviewable=program, notification_type=notification_type) review_id = review.id proposal_content = { "fields": { "title": "new title" }, } proposal = factories.ProposalFactory(instance=program, content=proposal_content, agenda="agenda content") self.api.modify_object(proposal, {"status": proposal.STATES.APPLIED}) review = all_models.Review.query.get(review_id) self.assertEqual(review.status, all_models.Review.STATES.UNREVIEWED) review_notif_types = all_models.Review.NotificationObjectTypes notyf_unreviewed_type = all_models.Notification.query.join( all_models.NotificationType).filter( all_models.NotificationType.name == review_notif_types.STATUS_UNREVIEWED).all() self.assertEqual(expected_notifications, len(notyf_unreviewed_type)) @patch("google.appengine.api.mail.send_mail") def test_reviewer_notification_on_create_review(self, _): """Reviewer should receive email notification""" reviewer = factories.PersonFactory() reviewer_role_id = all_models.AccessControlRole.query.filter_by( name="Reviewers", object_type="Review", ).one().id program = factories.ProgramFactory() email_message = "email email_message" self.generator.generate_object( all_models.Review, { "reviewable": { "type": program.type, "id": program.id, }, "context": None, "notification_type": all_models.Review.NotificationTypes.EMAIL_TYPE, "status": all_models.Review.STATES.UNREVIEWED, "email_message": email_message, "access_control_list": [{ "ac_role_id": reviewer_role_id, "person": { "id": reviewer.id }, }], }, ) with mock.patch.object(fast_digest.DIGEST_TMPL, "render") as bodybuilder_mock: fast_digest.send_notification() template_args = bodybuilder_mock.call_args[1] self.assertListEqual([], template_args["proposals"]) self.assertListEqual([], template_args["review_owners"]) self.assertEqual(1, len(template_args["review_reviewers"])) self.assertEqual( program.id, template_args["review_reviewers"][0].reviewable.id) self.assertEqual( email_message, template_args["review_reviewers"][0].email_message) @patch("google.appengine.api.mail.send_mail") def test_self_reviewer_notification_on_create_review(self, _): """Auto assigned Reviewer should NOT receive email notification""" current_user = all_models.Person.query.filter_by( email="*****@*****.**").one() reviewer_role_id = all_models.AccessControlRole.query.filter_by( name="Reviewers", object_type="Review", ).one().id program = factories.ProgramFactory() email_message = "email email_message" self.generator.generate_object( all_models.Review, { "reviewable": { "type": program.type, "id": program.id, }, "context": None, "notification_type": all_models.Review.NotificationTypes.EMAIL_TYPE, "status": all_models.Review.STATES.REVIEWED, "email_message": email_message, "access_control_list": [{ "ac_role_id": reviewer_role_id, "person": { "id": current_user.id }, }], }, ) with mock.patch.object(fast_digest.DIGEST_TMPL, "render") as bodybuilder_mock: fast_digest.send_notification() # assert no email sent bodybuilder_mock.assert_not_called() @patch("google.appengine.api.mail.send_mail") def test_reviewer_owner_notification(self, _): """Object owners should receive notifications System should send notification(s) to object's managers, primary contacts, secondary contacts, if object is reverted to 'Unreviewed'. """ reviewer = factories.PersonFactory(name='reviewers') reviewer_role_id = all_models.AccessControlRole.query.filter_by( name="Reviewers", object_type="Review", ).one().id with factories.single_commit(): program_primary_contact = factories.PersonFactory(name='primary') program_secondary_contact = factories.PersonFactory( name='secondary') program = factories.ProgramFactory() program.add_person_with_role_name(program_primary_contact, "Primary Contacts") program.add_person_with_role_name(program_secondary_contact, "Secondary Contacts") email_message = "email email_message" self.generator.generate_object( all_models.Review, { "reviewable": { "type": program.type, "id": program.id, }, "context": None, "notification_type": all_models.Review.NotificationTypes.EMAIL_TYPE, "status": all_models.Review.STATES.REVIEWED, "email_message": email_message, "access_control_list": [{ "ac_role_id": reviewer_role_id, "person": { "id": reviewer.id }, }], }, ) self.api.put(program, {"title": "new title"}) with mock.patch.object(fast_digest.DIGEST_TMPL, "render") as bodybuilder_mock: fast_digest.send_notification() # 4 emails to each user self.assertEqual(3, bodybuilder_mock.call_count) call_count = _call_counter(bodybuilder_mock) # 1 email to reviewer -> need to review self.assertEqual(1, call_count["review_reviewers"]) # 1 emails to owners -> object state updated self.assertEqual(2, call_count["review_owners"]) @patch("google.appengine.api.mail.send_mail") @freezegun.freeze_time("2019-01-15 12:00:00") def test_notification_subject(self, send_mail_mock): """Test that emails are sent with proper subject.""" expected_subject = "GGRC Change requests review digest " \ "for 01/15/2019 04:00:00 PST" reviewer = factories.PersonFactory() reviewer_role_id = all_models.AccessControlRole.query.filter_by( name="Reviewers", object_type="Review", ).one().id with factories.single_commit(): program_manager = factories.PersonFactory() program = factories.ProgramFactory() program.add_person_with_role_name(program_manager, "Program managers") email_message = "email email_message" _, review = self.generator.generate_object( all_models.Review, { "reviewable": { "type": program.type, "id": program.id, }, "context": None, "notification_type": all_models.Review.NotificationTypes.EMAIL_TYPE, "status": all_models.Review.STATES.REVIEWED, "email_message": email_message, "access_control_list": [{ "ac_role_id": reviewer_role_id, "person": { "id": reviewer.id }, }], }, ) self.api.modify_object(review.reviewable, {"title": "new title"}) with mock.patch.object(fast_digest.DIGEST_TMPL, "render"): fast_digest.send_notification() for call_item in send_mail_mock.call_args_list: self.assertEqual(expected_subject, call_item[1]["subject"])
def setUp(self): super(TestReviewNotification, self).setUp() self.client.get("/login") self.generator = generator.ObjectGenerator() self.api = Api()
def setUp(self): super(TestEvidenceRolePropagation, self).setUp() self.api = Api() self.generator = ObjectGenerator()
class AssessmentTemplateRBACFactory(base.BaseRBACFactory): """Assessment Template RBAC factory class.""" def __init__(self, user_id, acr, parent=None): """Set up objects for Assessment Template permission tests. Args: user_id: Id of user under which all operations will be run. acr: Instance of ACR that should be assigned for tested user. parent: Model name in scope of which objects should be set up. """ self.setup_program_scope(user_id, acr, parent) with factories.single_commit(): template = factories.AssessmentTemplateFactory(audit=self.audit) factories.RelationshipFactory(source=self.audit, destination=template) self.template_id = template.id self.default_assignees = "Admin" self.default_verifiers = "Admin" self.api = Api() if user_id: user = all_models.Person.query.get(user_id) self.api.set_user(user) def create(self): """Create new Assessment Template object.""" return self.api.post(all_models.AssessmentTemplate, { "assessment_template": { "audit": {"id": self.audit_id, "type": "Audit"}, "context": None, "default_people": { "assignees": self.default_assignees, "verifiers": self.default_verifiers, }, "title": "New Assessment Template" } }) def read(self): """Read existing Assessment Template object.""" return self.api.get(all_models.AssessmentTemplate, self.template_id) def update(self): """Update title of existing Assessment Template object.""" template = all_models.AssessmentTemplate.query.get(self.template_id) return self.api.put(template, {"title": factories.random_str()}) def delete(self): """Delete Assessment Template object.""" template = all_models.AssessmentTemplate.query.get(self.template_id) return self.api.delete(template) def read_revisions(self): """Read revisions for Assessment Template object.""" model_class = get_model("AssessmentTemplate") responses = [] for query in ["source_type={}&source_id={}", "destination_type={}&destination_id={}", "resource_type={}&resource_id={}"]: responses.append( self.api.get_query( model_class, query.format("assessment_template", self.template_id) ) ) return responses