def create_winterthur_app(request, use_elasticsearch):
app = create_app(app_class=WinterthurApp,
request=request,
use_elasticsearch=use_elasticsearch)
session = app.session()
org = create_new_organisation(app, name="Winterthur")
org.meta['reply_to'] = '*****@*****.**'
org.meta['locales'] = 'de_CH'
# usually we don't want to create the users directly, anywhere else you
# *need* to go through the UserCollection. Here however, we can improve
# the test speed by not hashing the password for every test.
test_password = request.getfixturevalue('test_password')
session.add(
User(username='******',
password_hash=test_password,
role='admin'))
session.add(
User(username='******',
password_hash=test_password,
role='editor'))
transaction.commit()
session.close_all()
return app
def create_swissvotes_app(request, temporary_path):
app = create_app(
SwissvotesApp,
request,
use_smtp=True,
depot_backend='depot.io.local.LocalFileStorage',
depot_storage_path=str(temporary_path),
)
app.session_manager.set_locale('de_CH', 'de_CH')
session = app.session()
session.add(
User(username='******',
password_hash=request.getfixturevalue('swissvotes_password'),
role='admin'))
session.add(
User(realname='Publisher',
username='******',
password_hash=request.getfixturevalue('swissvotes_password'),
role='editor'))
session.add(
User(realname='Editor',
username='******',
password_hash=request.getfixturevalue('swissvotes_password'),
role='member'))
commit()
return app
def create_gazette(request, temporary_path):
app = create_app(
GazetteApp,
request,
use_smtp=True,
depot_backend='depot.io.local.LocalFileStorage',
depot_storage_path=str(temporary_path),
)
app.session_manager.set_locale('de_CH', 'de_CH')
app.filestorage.settext('principal.yml', dedent(PRINCIPAL))
app.filestorage.settext('govikon-pdf.svg', LOGO)
group_id = uuid4()
session = app.session()
session.add(UserGroup(name='TestGroup', id=group_id))
session.add(
User(username='******',
password_hash=request.getfixturevalue('gazette_password'),
role='admin',
phone_number='+41415112250'))
session.add(
User(realname='Publisher',
username='******',
password_hash=request.getfixturevalue('gazette_password'),
role='editor',
phone_number='+41415112260'))
session.add(
User(realname='First Editor',
username='******',
password_hash=request.getfixturevalue('gazette_password'),
role='member',
group_id=group_id,
phone_number='+41415112271'))
session.add(
User(realname='Second Editor',
username='******',
password_hash=request.getfixturevalue('gazette_password'),
role='member',
group_id=group_id,
phone_number='+41415112272'))
session.add(
User(realname='Third Editor',
username='******',
password_hash=request.getfixturevalue('gazette_password'),
role='member',
phone_number='+41415112273'))
create_organizations(session)
create_categories(session)
create_issues(session)
commit()
return app
def create_wtfs_app(request, temporary_path):
app = create_app(
WtfsApp,
request,
use_smtp=True,
depot_backend='depot.io.local.LocalFileStorage',
depot_storage_path=str(temporary_path),
)
app.session_manager.set_locale('de_CH', 'de_CH')
session = app.session()
group_id = uuid4()
session.add(PaymentType(name='normal', _price_per_quantity=700))
session.add(PaymentType(name='spezial', _price_per_quantity=850))
session.add(Municipality(
id=group_id,
name='My Municipality',
bfs_number=1,
payment_type='normal'
))
session.add(User(
realname='Admin',
username='******',
password_hash=request.getfixturevalue('wtfs_password'),
role='admin'
))
session.add(User(
realname='Editor',
username='******',
password_hash=request.getfixturevalue('wtfs_password'),
role='editor',
group_id=group_id,
data={'contact': True}
))
session.add(User(
realname='Member',
username='******',
password_hash=request.getfixturevalue('wtfs_password'),
role='member',
group_id=group_id
))
session.add(User(
realname='Optimo',
username='******',
password_hash=request.getfixturevalue('wtfs_password'),
role='member'
))
commit()
return app
def create_feriennet_app(request, use_elasticsearch):
app = create_app(app_class=FeriennetApp,
request=request,
use_elasticsearch=use_elasticsearch)
app.configure_payment_providers(
**{
'payment_providers_enabled': True,
'payment_provider_defaults': {
'stripe_connect': {
'client_id': 'foo',
'client_secret': 'foo',
'oauth_gateway': 'https://oauth.example.org',
'oauth_gateway_auth': 'foo',
'oauth_gateway_secret': 'bar'
}
}
})
session = app.session()
org = create_new_organisation(app, name="Govikon", create_files=False)
org.meta['reply_to'] = '*****@*****.**'
org.meta['locales'] = 'de_CH'
# usually we don't want to create the users directly, anywhere else you
# *need* to go through the UserCollection. Here however, we can improve
# the test speed by not hashing the password for every test.
test_password = request.getfixturevalue('test_password')
session.add(
User(username='******',
password_hash=test_password,
role='admin'))
session.add(
User(username='******',
password_hash=test_password,
role='editor'))
transaction.commit()
session.close_all()
return app
def agency_app(request):
app = create_app(AgencyApp, request, use_smtp=True)
org = create_new_organisation(app, name="Govikon")
org.meta['reply_to'] = '*****@*****.**'
org.meta['locales'] = 'de_CH'
session = app.session()
test_password = request.getfixturevalue('test_password')
session.add(
User(username='******',
password_hash=test_password,
role='admin'))
session.add(
User(username='******',
password_hash=test_password,
role='editor'))
commit()
session.close_all()
yield app
app.session_manager.dispose()
def add_user_unrestricted(self, request, form):
""" Create a new user. """
layout = AddUserLayout(self, request)
if form.submitted(request):
user = User()
form.update_model(user)
request.session.add(user)
request.message(_("User added."), 'success')
return redirect(layout.success_url)
return {
'layout': layout,
'form': form,
'button_text': _("Save"),
'cancel': layout.cancel_url
}
def add_user(self, request, form):
""" Create a new user. """
if request.has_permission(self, AddModelUnrestricted):
return redirect(request.link(self, name='add-unrestricted'))
layout = AddUserLayout(self, request)
if form.submitted(request):
user = User()
form.update_model(user)
request.session.add(user)
request.message(_("User added."), 'success')
return redirect(layout.success_url)
return {
'layout': layout,
'form': form,
'button_text': _("Save"),
'cancel': layout.cancel_url
}
def test_editor_delete_day_before(wtfs_app, wtfs_password):
session = wtfs_app.session()
def permits(user, model, permission):
return permits_by_app(wtfs_app, user, model, permission)
# Remove existing users and group
session.query(User).delete()
session.query(Municipality).delete()
# Add two towns
foo = uuid4()
session.add(Municipality(
id=foo,
name='Foo',
bfs_number=1,
))
session.add(PickupDate(
date=date.today(),
municipality_id=foo,
))
bar = uuid4()
session.add(Municipality(
id=bar,
name='Bar',
bfs_number=1,
))
session.add(PickupDate(
date=date.today(),
municipality_id=bar,
))
# add a single scan job to foo
session.add(ScanJob(
type='normal',
municipality_id=foo,
delivery_number=1,
dispatch_date=date(2019, 1, 1))
)
# an admin with access to all of it
session.add(User(
username='******',
password_hash=wtfs_password,
role='admin'
))
# an editor with access to foo
session.add(User(
username='******',
password_hash=wtfs_password,
role='editor',
group_id=foo
))
# a member with access to foo
session.add(User(
username='******',
password_hash=wtfs_password,
role='member',
group_id=foo
))
# an editor with access to bar
session.add(User(
username='******',
password_hash=wtfs_password,
role='editor',
group_id=bar
))
# a member with access to bar
session.add(User(
username='******',
password_hash=wtfs_password,
role='member',
group_id=bar
))
session.flush()
def fetch_user(username):
return session.query(User).filter_by(username=username).one()
job = session.query(ScanJob).one()
admin = fetch_user('*****@*****.**')
foo_editor = fetch_user('*****@*****.**')
foo_member = fetch_user('*****@*****.**')
bar_editor = fetch_user('*****@*****.**')
bar_member = fetch_user('*****@*****.**')
dt = sedate.replace_timezone(datetime(2018, 12, 31), 'Europe/Zurich')
with freeze_time(dt.replace(hour=17, minute=0)):
assert permits(admin, job, DeleteModel)
assert permits(foo_editor, job, DeleteModel)
assert not permits(foo_member, job, DeleteModel)
assert not permits(bar_editor, job, DeleteModel)
assert not permits(bar_member, job, DeleteModel)
with freeze_time(dt.replace(hour=17, minute=1)):
assert permits(admin, job, DeleteModel)
assert not permits(foo_editor, job, DeleteModel)
assert not permits(foo_member, job, DeleteModel)
assert not permits(bar_editor, job, DeleteModel)
assert not permits(bar_member, job, DeleteModel)
def test_permissions(wtfs_app, wtfs_password):
session = wtfs_app.session()
def permits(user, model, permission):
return permits_by_app(wtfs_app, user, model, permission)
# Remove existing users and group
session.query(User).filter_by(realname='Editor').one().group_id = None
session.query(User).filter_by(realname='Member').one().group_id = None
session.query(Municipality).delete()
# Add new
municipality_a_id = uuid4()
session.add(Municipality(
id=municipality_a_id,
name='Municipality A',
bfs_number=10,
))
session.add(PickupDate(
date=date.today(),
municipality_id=municipality_a_id,
))
session.add(ScanJob(
type='normal',
municipality_id=municipality_a_id,
delivery_number=1,
dispatch_date=date(2019, 1, 1))
)
session.add(User(
realname='Admin A',
username='******',
password_hash=wtfs_password,
role='admin',
group_id=municipality_a_id
))
session.add(User(
realname='Editor A',
username='******',
password_hash=wtfs_password,
role='editor',
group_id=municipality_a_id
))
session.add(User(
realname='Member A',
username='******',
password_hash=wtfs_password,
role='member',
group_id=municipality_a_id
))
municipality_b_id = uuid4()
session.add(Municipality(
id=municipality_b_id,
name='Municipality B',
bfs_number=20,
))
session.add(User(
realname='Admin B',
username='******',
password_hash=wtfs_password,
role='admin',
group_id=municipality_b_id
))
session.add(User(
realname='Editor B',
username='******',
password_hash=wtfs_password,
role='editor',
group_id=municipality_b_id
))
session.add(User(
realname='Member B',
username='******',
password_hash=wtfs_password,
role='member',
group_id=municipality_b_id
))
query = session.query
admin = query(User).filter_by(realname='Admin').one()
admin_a = query(User).filter_by(realname='Admin A').one()
admin_b = query(User).filter_by(realname='Admin B').one()
editor = query(User).filter_by(realname='Editor').one()
editor_a = query(User).filter_by(realname='Editor A').one()
editor_b = query(User).filter_by(realname='Editor B').one()
member = query(User).filter_by(realname='Member').one()
member_a = query(User).filter_by(realname='Member A').one()
member_b = query(User).filter_by(realname='Member B').one()
group = UserGroup()
group_a = query(UserGroup).filter_by(name='Municipality A').one()
group_b = query(UserGroup).filter_by(name='Municipality B').one()
municipality = Municipality()
municipality_a = query(Municipality).filter_by(name='Municipality A').one()
municipality_b = query(Municipality).filter_by(name='Municipality B').one()
scan_job = query(ScanJob).one()
# General
model = object()
for user in (admin, admin_a, admin_b):
assert permits(user, model, Public)
assert permits(user, model, AddModel)
assert permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert permits(user, model, EditModelUnrestricted)
assert permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert permits(user, model, ViewModelUnrestricted)
for user in (editor, editor_a, editor_b, member, member_a, member_b):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert not permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
# UserGroupCollection / MunicipalityCollection
# MunicipalityCollection
for model in (
MunicipalityCollection(session),
UserGroupCollection(session)
):
for user in (admin, admin_a, admin_b):
assert permits(user, model, Public)
assert permits(user, model, AddModel)
assert permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert permits(user, model, EditModelUnrestricted)
assert permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert permits(user, model, ViewModelUnrestricted)
for user in (editor, editor_a, editor_b, member, member_a, member_b):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert not permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
# UserGroup / Municipality
for user in (admin, admin_a, admin_b):
for model in (group_a, group_b, municipality_a, municipality_b):
assert permits(user, model, Public)
assert permits(user, model, AddModel)
assert permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert permits(user, model, ViewModelUnrestricted)
for model in (group, municipality):
assert permits(user, model, Public)
assert permits(user, model, AddModel)
assert permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert permits(user, model, EditModelUnrestricted)
assert permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert permits(user, model, ViewModelUnrestricted)
for user in (editor, editor_a, editor_b, member, member_a, member_b):
for model in (
group_a, group_b, group,
municipality_a, municipality_b, municipality
):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert not permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
# UserCollection
model = UserCollection(session)
for user in (admin, admin_a, admin_b):
assert permits(user, model, Public)
assert permits(user, model, AddModel)
assert permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert permits(user, model, EditModelUnrestricted)
assert permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert permits(user, model, ViewModelUnrestricted)
for user in (editor, editor_a, editor_b):
assert permits(user, model, Public)
assert permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
for user in (member, member_a, member_b):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert not permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
# User
for user in (admin, admin_a, admin_b):
for model in (admin, admin_a, admin_b):
assert permits(user, model, Public)
assert permits(user, model, AddModel)
assert permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert permits(user, model, EditModelUnrestricted)
if user == model:
assert not permits(user, model, DeleteModel)
else:
assert permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert permits(user, model, ViewModelUnrestricted)
for model in (editor, editor_a, editor_b, member, member_a, member_b):
assert permits(user, model, Public)
assert permits(user, model, AddModel)
assert permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert permits(user, model, EditModelUnrestricted)
assert permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert permits(user, model, ViewModelUnrestricted)
for user in (editor, ):
for model in (admin, admin_a, admin_b, editor_a, editor_b,
member, member_a, member_b):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert not permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
for user in (editor, ):
for model in (editor, ):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
for user in (editor_a, ):
for model in (admin, admin_a, admin_b, editor, editor_b,
member, member_b):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert not permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
for model in (editor_a, ):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
for model in (member_a,):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
for user in (editor_b, ):
for model in (admin, admin_a, admin_b, editor, editor_a,
member, member_a):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert not permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
for model in (editor_b, ):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
for model in (member_b,):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
for user in (member, member_a, member_b):
for model in (admin, admin_a, admin_b, editor, editor_a, editor_b,
member, member_a, member_b):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert not permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
# ScanJobCollection
model = ScanJobCollection(session)
for user in (admin, admin_a, admin_b):
assert permits(user, model, Public)
assert permits(user, model, AddModel)
assert permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert permits(user, model, EditModelUnrestricted)
assert permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert permits(user, model, ViewModelUnrestricted)
for user in (editor_a, editor_b, member_a, member_b):
assert permits(user, model, Public)
assert permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
for user in (editor, member):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert not permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
# ScanJob
model = scan_job
for user in (admin, admin_a, admin_b):
assert permits(user, model, Public)
assert permits(user, model, AddModel)
assert permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert permits(user, model, EditModelUnrestricted)
assert permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert permits(user, model, ViewModelUnrestricted)
for user in (editor, editor_b, member, member_b):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert not permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
for user in (editor_a, member_a):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
# DailyList
for model in (DailyList(), DailyListBoxes(session)):
for user in (admin, admin_a, admin_b):
assert permits(user, model, Public)
assert permits(user, model, AddModel)
assert permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert permits(user, model, EditModelUnrestricted)
assert permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert permits(user, model, ViewModelUnrestricted)
for user in (editor, editor_a, editor_b, member_a, member_b):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert not permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
for user in (member,):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
for model in (DailyListBoxesAndForms(session), ):
for user in (admin, admin_a, admin_b):
assert permits(user, model, Public)
assert permits(user, model, AddModel)
assert permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert permits(user, model, EditModelUnrestricted)
assert permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert permits(user, model, ViewModelUnrestricted)
for user in (editor, editor_a, editor_b, member, member_a, member_b):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert not permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
# Report
for model in (
Report(session),
ReportBoxes(session),
ReportBoxesAndForms(session),
ReportFormsByMunicipality(session)
):
for user in (admin, admin_a, admin_b):
assert permits(user, model, Public)
assert permits(user, model, AddModel)
assert permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert permits(user, model, EditModelUnrestricted)
assert permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert permits(user, model, ViewModelUnrestricted)
for user in (editor, editor_a, editor_b, member, member_a, member_b):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert not permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
# Notification
model = Notification()
for user in (admin, admin_a, admin_b):
assert permits(user, model, Public)
assert permits(user, model, AddModel)
assert permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert permits(user, model, EditModelUnrestricted)
assert permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert permits(user, model, ViewModelUnrestricted)
for user in (editor, editor_a, editor_b, member, member_a, member_b):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
# Invoice
model = Invoice(session)
for user in (admin, admin_a, admin_b):
assert permits(user, model, Public)
assert permits(user, model, AddModel)
assert permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert permits(user, model, EditModelUnrestricted)
assert permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert permits(user, model, ViewModelUnrestricted)
for user in (editor, editor_a, editor_b, member, member_a, member_b):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert not permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
# PaymentType
model = PaymentType()
for user in (admin, admin_a, admin_b):
assert permits(user, model, Public)
assert permits(user, model, AddModel)
assert permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert permits(user, model, EditModelUnrestricted)
assert permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert permits(user, model, ViewModelUnrestricted)
for user in (editor, editor_a, editor_b, member, member_a, member_b):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert not permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
# PaymentTypeCollection
model = PaymentTypeCollection(session)
for user in (admin, admin_a, admin_b):
assert permits(user, model, Public)
assert permits(user, model, AddModel)
assert permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert permits(user, model, EditModelUnrestricted)
assert permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert permits(user, model, ViewModelUnrestricted)
for user in (editor, editor_a, editor_b, member, member_a, member_b):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert not permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
# UserManual
model = UserManual(wtfs_app)
for user in (admin, admin_a, admin_b):
assert permits(user, model, Public)
assert permits(user, model, AddModel)
assert permits(user, model, AddModelUnrestricted)
assert permits(user, model, EditModel)
assert permits(user, model, EditModelUnrestricted)
assert permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert permits(user, model, ViewModelUnrestricted)
for user in (editor, editor_a, editor_b, member, member_a, member_b):
assert permits(user, model, Public)
assert not permits(user, model, AddModel)
assert not permits(user, model, AddModelUnrestricted)
assert not permits(user, model, EditModel)
assert not permits(user, model, EditModelUnrestricted)
assert not permits(user, model, DeleteModel)
assert permits(user, model, ViewModel)
assert not permits(user, model, ViewModelUnrestricted)
def test_unrestricted_user_form(session):
municipalities = MunicipalityCollection(session)
municipality_1 = municipalities.add(name="Aesch", bfs_number=82)
municipality_2 = municipalities.add(name="Adlikon", bfs_number=21)
# Test choices
form = UnrestrictedUserForm()
form.request = Request(session)
form.request.identity.userid = '*****@*****.**'
form.request.identity.role = 'admin'
form.on_request()
assert [c[1] for c in form.municipality_id.choices
] == ["- none -", "Adlikon (21)", "Aesch (82)"]
assert form.role.choices == [('admin', "Admin"), ('editor', "Editor"),
('member', "Member")]
# Test apply / update
user = User()
form.role.data = "member"
form.municipality_id.data = None
form.realname.data = "Petra Muster"
form.username.data = "*****@*****.**"
form.contact.data = False
logged_out = form.update_model(user)
assert user.role == 'member'
assert user.realname == "Petra Muster"
assert user.username == "*****@*****.**"
assert user.group_id is None
assert user.data['contact'] is False
assert user.password_hash
assert user.modified
assert logged_out is False
users = UserCollection(session)
user = users.add(
realname="Hans Muster",
username="******",
role='member',
password='******',
)
user.group_id = municipality_1.id
user.logout_all_sessions = MagicMock()
password_hash = user.password_hash
form.apply_model(user)
assert form.role.data == 'member'
assert form.municipality_id.data == municipality_1.id.hex
assert form.realname.data == "Hans Muster"
assert form.username.data == "*****@*****.**"
assert form.contact.data is False
form.role.data = 'admin'
form.municipality_id.data = municipality_2.id.hex
form.realname.data = "Hans-Peter Muster"
form.username.data = "*****@*****.**"
form.contact.data = True
logged_out = form.update_model(user)
assert user.realname == "Hans-Peter Muster"
assert user.username == "*****@*****.**"
assert user.group_id == municipality_2.id.hex
assert user.data['contact'] is True
assert user.password_hash == password_hash
assert user.logout_all_sessions.called is True
assert logged_out is False
form.request.identity.userid = "*****@*****.**"
logged_out = form.update_model(user)
assert user.realname == "Hans-Peter Muster"
assert user.username == "*****@*****.**"
assert user.group_id == municipality_2.id.hex
assert user.data['contact'] is True
assert user.password_hash == password_hash
assert user.logout_all_sessions.called is True
assert logged_out is True
# Test validation
form = UnrestrictedUserForm()
form.request = Request(session, groupid=municipality_1.id.hex)
form.on_request()
assert not form.validate()
form = UnrestrictedUserForm(
PostData({
'role': 'member',
'realname': "Hans-Peter Muster",
'username': "******"
}))
form.request = Request(session, groupid=municipality_1.id.hex)
form.on_request()
assert not form.validate()
assert form.errors == {'username': ['This value already exists.']}
form = UnrestrictedUserForm(
PostData({
'role': 'member',
'realname': "Hans Muster",
'username': "******"
}))
form.request = Request(session, groupid=municipality_1.id.hex)
form.on_request()
assert form.validate()
form = UnrestrictedUserForm(
PostData({
'role': 'editor',
'municipality_id': municipality_2.id.hex,
'realname': "Hans Muster",
'username': "******"
}))
form.request = Request(session, groupid=municipality_1.id.hex)
form.on_request()
assert form.validate()
def test_user_form(session):
municipalities = MunicipalityCollection(session)
municipality = municipalities.add(name="Aesch", bfs_number=82)
# Test apply / update
form = UserForm()
form.request = Request(session, groupid=municipality.id.hex)
form.request.identity.userid = '*****@*****.**'
form.request.identity.role = 'editor'
user = User()
form.realname.data = "Petra Muster"
form.username.data = "*****@*****.**"
form.contact.data = False
logged_out = form.update_model(user)
assert user.realname == "Petra Muster"
assert user.username == "*****@*****.**"
assert user.group_id == municipality.id.hex
assert user.role == 'member'
assert user.data['contact'] is False
assert user.password_hash
assert user.modified
assert logged_out is False
users = UserCollection(session)
user = users.add(
realname="Hans Muster",
username="******",
role='invalid',
password='******',
)
user.logout_all_sessions = MagicMock()
password_hash = user.password_hash
form.apply_model(user)
assert form.realname.data == "Hans Muster"
assert form.username.data == "*****@*****.**"
assert form.contact.data is False
form.realname.data = "Hans-Peter Muster"
form.username.data = "*****@*****.**"
form.contact.data = True
logged_out = form.update_model(user)
assert user.realname == "Hans-Peter Muster"
assert user.username == "*****@*****.**"
assert user.group_id == municipality.id.hex
assert user.role == 'member'
assert user.data['contact'] is True
assert user.password_hash == password_hash
assert user.logout_all_sessions.called is True
assert logged_out is False
form.request.identity.userid = "*****@*****.**"
logged_out = form.update_model(user)
assert user.realname == "Hans-Peter Muster"
assert user.username == "*****@*****.**"
assert user.group_id == municipality.id.hex
assert user.role == 'editor'
assert user.data['contact'] is True
assert user.password_hash == password_hash
assert user.logout_all_sessions.called is True
assert logged_out is True
# Test validation
form = UserForm()
form.request = Request(session, groupid=municipality.id.hex)
assert not form.validate()
form = UserForm(
PostData({
'realname': "Hans-Peter Muster",
'username': "******"
}))
form.request = Request(session, groupid=municipality.id.hex)
assert not form.validate()
assert form.errors == {'username': ['This value already exists.']}
form = UserForm(
PostData({
'realname': "Hans Muster",
'username': "******"
}))
form.request = Request(session, groupid=municipality.id.hex)
assert form.validate()
def handle_import(request, app):
context = Context(request.session)
created = Bunch(towns={}, users=[], dates=[], jobs=[])
townids = {}
deleted = set()
for record in files.township:
if record.deleted == '1':
deleted.add(record.uid)
continue
# towns double as user groups
group = context.groups.add(
name=record.name,
bfs_number=record.bfs_nr,
address_supplement=record.address_extension,
gpn_number=record.gp_nr.isdigit() and int(record.gp_nr),
payment_type=town_payment_type(record),
type='wtfs')
townids[record.uid] = record.bfs_nr
assert group.bfs_number not in created.towns
created.towns[group.bfs_number] = group
print(f"✓ Imported {len(created.towns)} towns")
for record in files.users:
user = User(
username=record.email,
role=roles[record.rolle],
realname=record.name,
active=True,
second_factor=None,
signup_token=None,
password_hash=password_hash,
group_id=record.bfs and created.towns[record.bfs].id or None,
data={'contact': record.kontakt == 'j'})
context.session.add(user)
created.users.append(user)
print(f"✓ Imported {len(created.users)} users")
for record in files.date:
if record.township in deleted:
continue
if record.deleted == '1' or record.township == '0':
continue
dt = parse_datetime(record.date).date()
pickup_date = PickupDate(
date=dt,
municipality_id=created.towns[townids[record.township]].id)
context.session.add(pickup_date)
created.dates.append(pickup_date)
print(f"✓ Imported {len(created.dates)} dates")
for record in files.transportorder:
dispatch_date = parse_datetime(record.distribution_date).date()
return_date = parse_datetime(record.return_date).date()
if record.deleted == '1' or record.township == '0':
continue
if record.township in deleted:
continue
job = ScanJob(
municipality_id=created.towns[townids[record.township]].id,
type=types[record.transport_type],
delivery_number=record.delivery_bill_number,
# dispatch (in)
dispatch_date=dispatch_date,
dispatch_note=record.comment_delivery,
dispatch_boxes=int(record.box_in),
dispatch_tax_forms_current_year=int(
record.tax_current_year_in),
dispatch_tax_forms_last_year=int(
record.tax_last_year_in),
dispatch_tax_forms_older=int(
record.tax_old_in),
dispatch_single_documents=int(
record.single_voucher_in),
# targets (ribbon stands for "Bändliweg" I think)
dispatch_cantonal_tax_office=int(
record.ribbon_out),
dispatch_cantonal_scan_center=int(
record.cantonal_scan_center),
# return (out)
return_date=return_date,
return_note=record.comment_handover,
return_boxes=record.box_out,
return_tax_forms_current_year=int(
record.tax_current_year_out),
return_tax_forms_last_year=int(
record.tax_last_year_out),
return_tax_forms_older=int(
record.tax_old_out),
return_single_documents=int(
record.single_voucher_out),
return_unscanned_tax_forms_current_year=int(
record.not_scanned_current_year),
return_unscanned_tax_forms_last_year=int(
record.not_scanned_last_year),
return_unscanned_tax_forms_older=int(
record.not_scanned_old),
return_unscanned_single_documents=int(
record.not_scanned_voucher)
)
context.session.add(job)
created.jobs.append(job)
print(f"✓ Imported {len(created.jobs)} jobs")
def test_user_layouts():
request = DummyRequest()
request_admin = DummyRequest(roles=['admin'])
request_editor = DummyRequest(roles=['editor'])
# User collection
model = UserCollection(None)
layout = UsersLayout(model, request)
assert layout.title == 'Users'
assert layout.editbar_links == []
assert path(layout.breadcrumbs) == 'DummyPrincipal/UserCollection'
assert layout.cancel_url == ''
assert layout.success_url == ''
layout = UsersLayout(model, request_admin)
assert list(hrefs(layout.editbar_links)) == [
'UserCollection/add-unrestricted'
]
layout = UsersLayout(model, request_editor)
assert list(hrefs(layout.editbar_links)) == ['UserCollection/add']
# .. add
layout = AddUserLayout(model, request)
assert layout.title == 'Add user'
assert layout.editbar_links == []
assert path(layout.breadcrumbs) == (
'DummyPrincipal/UserCollection/#'
)
assert layout.cancel_url == 'UserCollection/'
assert layout.success_url == 'UserCollection/'
layout = AddUserLayout(model, request_admin)
assert list(hrefs(layout.editbar_links)) == []
layout = AddUserLayout(model, request_editor)
assert list(hrefs(layout.editbar_links)) == []
# User
model = User(
realname='Hans Muster',
username="******",
role='member',
password='******'
)
layout = UserLayout(model, request)
assert layout.title == 'Hans Muster'
assert layout.editbar_links == []
assert path(layout.breadcrumbs) == 'DummyPrincipal/UserCollection/#'
assert layout.cancel_url == ''
assert layout.success_url == ''
layout = UserLayout(model, request_admin)
assert list(hrefs(layout.editbar_links)) == [
'User/edit-unrestricted',
'User/?csrf-token=x'
]
layout = UserLayout(model, request_editor)
assert list(hrefs(layout.editbar_links)) == [
'User/edit',
'User/?csrf-token=x'
]
# ... edit
layout = EditUserLayout(model, request)
assert layout.title == 'Edit user'
assert layout.editbar_links == []
assert path(layout.breadcrumbs) == 'DummyPrincipal/UserCollection/User/#'
assert layout.cancel_url == 'User/'
assert layout.success_url == 'UserCollection/'
layout = EditUserLayout(model, request_admin)
assert list(hrefs(layout.editbar_links)) == []
layout = EditUserLayout(model, request_editor)
assert list(hrefs(layout.editbar_links)) == []
def test_municipality(session):
session.add(PaymentType(name='normal', _price_per_quantity=700))
session.add(PaymentType(name='spezial', _price_per_quantity=850))
session.add(
Municipality(name='Winterthur',
bfs_number=230,
address_supplement='Zusatz',
gpn_number=1120,
payment_type='normal'))
session.flush()
municipality = session.query(Municipality).one()
assert municipality.name == 'Winterthur'
assert municipality.bfs_number == 230
assert municipality.address_supplement == 'Zusatz'
assert municipality.gpn_number == 1120
assert municipality.price_per_quantity == 7.0
assert not municipality.has_data
municipality.payment_type = 'spezial'
assert municipality.price_per_quantity == 8.5
municipality.payment_type = 'invalid'
assert municipality.price_per_quantity == 0
# PickupDate
session.add(
PickupDate(municipality_id=municipality.id, date=date(2019, 1, 1)))
session.add(
PickupDate(municipality_id=municipality.id, date=date(2019, 1, 7)))
session.add(
PickupDate(municipality_id=municipality.id, date=date(2019, 1, 14)))
session.flush()
session.expire_all()
assert [d.date for d in municipality.pickup_dates
] == [date(2019, 1, 1),
date(2019, 1, 7),
date(2019, 1, 14)]
assert session.query(PickupDate).first().municipality == municipality
assert municipality.has_data
# Contacts
assert municipality.contacts == []
for name, group_id, data in (
('a', municipality.id, None),
('b', municipality.id, {}),
('c', municipality.id, {
'contact': None
}),
('d', municipality.id, {
'contact': False
}),
('e', municipality.id, {
'contact': True
}),
('f', municipality.id, {
'contact': True
}),
('g', None, {
'contact': True
}),
):
session.add(
User(realname=name,
username=f'{name}@example.org',
password_hash='abcd',
role='editor',
group_id=group_id,
data=data))
assert municipality.contacts == ['*****@*****.**', '*****@*****.**']