def test_list_returns_all_if_omniscient_nd_collector_view_but_no_ownership( self): view = TestResourceViewCollector() request = HttpRequest() request.method = 'GET' request.META['HTTP_AUTHORIZATION'] = \ 'Bearer correct-token' settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock( permissions=['omniscient', 'collector-view']) with HTTMock(signon): response = view.get(request) try: json_response = json.loads(response.content) except ValueError: json_response = None assert_that(response.status_code, is_(200)) assert_that(len(json_response), is_(2)) assert_that(json_response, contains_inanyorder( has_entry("name", starts_with( self.__class__.collector_type1.name)), has_entry("name", starts_with( self.__class__.collector_type2.name))))
def test_detail_returns_all_data_sets_if_user_has_admin_permission(self): settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock(permissions=['signin', 'admin']) with HTTMock(signon): resp = self.client.get('/data-sets/unseen', HTTP_AUTHORIZATION='Bearer correct-token') assert_equal(resp.status_code, 200)
def test_detail_returns_all_data_sets_if_user_has_admin_permission(self): settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock(permissions=['signin', 'admin']) with HTTMock(signon): resp = self.client.get( '/data-sets/unseen', HTTP_AUTHORIZATION='Bearer correct-token') assert_equal(resp.status_code, 200)
def test_list_returns_no_data_sets_if_there_is_no_backdrop_user(self): settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock(permissions=['signin', 'dataset']) with HTTMock(signon): resp = self.client.get('/data-sets', HTTP_AUTHORIZATION='Bearer correct-token') assert_equal(resp.status_code, 200) response_object = json.loads(resp.content.decode('utf-8')) assert_equal(len(response_object), 0)
def test_detail_does_not_return_data_sets_the_user_cannot_see(self): settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock( permissions=['signin', 'dataset'], email='*****@*****.**') with HTTMock(signon): resp = self.client.get('/data-sets/unseen', HTTP_AUTHORIZATION='Bearer correct-token') assert_equal(resp.status_code, 404)
def test_user_permission_needed(self): settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock(permissions=['signin']) with HTTMock(signon): resp = self.client.get('/users/foo%40bar.com', HTTP_AUTHORIZATION='Bearer correct-token') assert_that(resp, is_forbidden()) assert_that(resp, is_error_response()) settings.USE_DEVELOPMENT_USERS = True
def test_user_permission_needed(self): settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock(permissions=['signin']) with HTTMock(signon): resp = self.client.get( '/users/foo%40bar.com', HTTP_AUTHORIZATION='Bearer correct-token') assert_that(resp, is_forbidden()) assert_that(resp, is_error_response()) settings.USE_DEVELOPMENT_USERS = True
def test_detail_does_not_return_data_sets_the_user_cannot_see(self): settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock( permissions=['signin', 'dataset'], email='*****@*****.**') with HTTMock(signon): resp = self.client.get( '/data-sets/unseen', HTTP_AUTHORIZATION='Bearer correct-token') assert_equal(resp.status_code, 404)
def test_list_returns_no_data_sets_if_there_is_no_backdrop_user(self): settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock(permissions=['signin', 'dataset']) with HTTMock(signon): resp = self.client.get( '/data-sets', HTTP_AUTHORIZATION='Bearer correct-token') assert_equal(resp.status_code, 200) response_object = json.loads(resp.content.decode('utf-8')) assert_equal(len(response_object), 0)
def test_list_only_returns_data_sets_the_user_can_see(self): settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock( permissions=['signin', 'dataset'], email='*****@*****.**') with HTTMock(signon): resp = self.client.get('/data-sets', HTTP_AUTHORIZATION='Bearer correct-token') assert_equal(resp.status_code, 200) response_object = json.loads(resp.content.decode('utf-8')) assert_equal(len(response_object), 4)
def test_list_only_returns_data_sets_the_user_can_see(self): settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock( permissions=['signin', 'dataset'], email='*****@*****.**') with HTTMock(signon): resp = self.client.get( '/data-sets', HTTP_AUTHORIZATION='Bearer correct-token') assert_equal(resp.status_code, 200) response_object = json.loads(resp.content.decode('utf-8')) assert_equal(len(response_object), 4)
def test_detail_returns_404_if_collector_view_not_omniscient(self): view = TestResourceViewCollector() request = HttpRequest() request.method = 'GET' request.META['HTTP_AUTHORIZATION'] = \ 'Bearer correct-token' settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock(permissions=['collector-view']) with HTTMock(signon): response = view.get(request, **{'id': self.collector1.id}) assert_that(response.status_code, is_(404))
def test_list_with_trailing_slash_still_routed(self): settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock( permissions=['signin', 'dataset'], email='*****@*****.**') with HTTMock(signon): resp = self.client.get('/data-sets/?data-type=type1', HTTP_AUTHORIZATION=('Bearer correct-token'), follow=True) assert_equal(resp.status_code, 200) response_object = json.loads(resp.content.decode('utf-8')) assert_equal(len(response_object), 2)
def test_list_returns_403_if_omniscient_no_collector_view( self): view = TestResourceViewCollector() request = HttpRequest() request.method = 'GET' request.META['HTTP_AUTHORIZATION'] = \ 'Bearer correct-token' settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock(permissions=['omniscient']) with HTTMock(signon): response = view.get(request) assert_that(response.status_code, is_(403))
def test_list_with_trailing_slash_still_routed(self): settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock( permissions=['signin', 'dataset'], email='*****@*****.**') with HTTMock(signon): resp = self.client.get( '/data-sets/?data-type=type1', HTTP_AUTHORIZATION=('Bearer correct-token'), follow=True) assert_equal(resp.status_code, 200) response_object = json.loads(resp.content.decode('utf-8')) assert_equal(len(response_object), 2)
def test_add_node_without_permission(self): settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock( permissions=['signin'], email='*****@*****.**') with HTTMock(signon): resp = self.client.post( '/organisation/node', data=json.dumps({ 'name': 'Edam', 'type_id': 'ea72e3e1-13b8-4bf6-9ffb-7cd0d2f168d4' }), HTTP_AUTHORIZATION='Bearer correct-token', content_type='application/json') assert_that(resp.status_code, equal_to(403))
def test_add_node_without_permission(self): settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock( permissions=['signin'], email='*****@*****.**') with HTTMock(signon): resp = self.client.post('/organisation/node', data=json.dumps({ 'name': 'Edam', 'type_id': 'ea72e3e1-13b8-4bf6-9ffb-7cd0d2f168d4' }), HTTP_AUTHORIZATION='Bearer correct-token', content_type='application/json') assert_that(resp.status_code, equal_to(403))
def test_detail_returns_unowned_if_user_has_admin_permission(self): view = TestResourceViewCollector() request = HttpRequest() request.method = 'GET' request.META['HTTP_AUTHORIZATION'] = \ 'Bearer correct-token' settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock(permissions=['admin']) with HTTMock(signon): response = view.get(request, **{'id': self.collector1.id}) try: json_response = json.loads(response.content) except ValueError: json_response = None assert_that(response.status_code, is_(200)) assert_that(json_response['id'], equal_to( str(self.__class__.collector1.id)))
def test_list_returns_empty_list_if_collector_view_not_omniscient( self): view = TestResourceViewCollector() request = HttpRequest() request.method = 'GET' request.META['HTTP_AUTHORIZATION'] = \ 'Bearer correct-token' settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock(permissions=['collector-view']) with HTTMock(signon): response = view.get(request) try: json_response = json.loads(response.content) except ValueError: json_response = None assert_that(response.status_code, is_(200)) assert_that(len(json_response), is_(0))
def _mock_signon(self, permissions): return HTTMock(govuk_signon_mock(permissions=permissions))
def _mock_signon(self, permissions): return HTTMock( govuk_signon_mock( permissions=permissions))
def test_list(self): settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock( permissions=['signin', 'dataset'], email='*****@*****.**') with HTTMock(signon): resp = self.client.get('/data-sets', HTTP_AUTHORIZATION='Bearer correct-token') assert_equal(resp.status_code, 200) expected = [{ 'bearer_token': '', 'capped_size': None, 'name': 'group1_type1', 'data_type': 'type1', 'realtime': False, 'auto_ids': ['aa'], 'max_age_expected': 86400, 'data_group': 'group1', 'upload_filters': ['backdrop.filter.1'], 'queryable': True, 'upload_format': '', 'raw_queries_allowed': True, 'published': False }, { 'bearer_token': '', 'capped_size': None, 'name': 'set2', 'data_type': 'type1', 'realtime': False, 'auto_ids': ['aa', 'bb'], 'max_age_expected': 86400, 'data_group': 'group2', 'upload_filters': ['backdrop.filter.1', 'backdrop.filter.2'], 'queryable': True, 'upload_format': '', 'raw_queries_allowed': True, 'published': False }, { 'name': 'abc_-0123456789', 'data_group': 'group3', 'data_type': 'type3', 'bearer_token': '', 'capped_size': None, 'realtime': False, 'auto_ids': [], 'max_age_expected': 86400, 'upload_filters': [], 'queryable': True, 'upload_format': '', 'raw_queries_allowed': True, 'published': False }, { 'name': 'monitoring-data-set', 'data_group': 'group3', 'data_type': 'monitoring', 'bearer_token': '', 'capped_size': None, 'realtime': False, 'auto_ids': [], 'max_age_expected': 86400, 'upload_filters': [], 'queryable': True, 'upload_format': '', 'raw_queries_allowed': True, 'published': False }] response_object = json.loads(resp.content.decode('utf-8')) assert_equal(len(response_object), len(expected)) for i, record in enumerate(expected): if record['data_type'] != 'monitoring': record['schema'] = self._get_default_schema( record['data_group'] + "/" + record['data_type']) else: record['schema'] = self.monitoring_schema assert_equal(record, response_object[i])
def test_list(self): settings.USE_DEVELOPMENT_USERS = False signon = govuk_signon_mock( permissions=['signin', 'dataset'], email='*****@*****.**') with HTTMock(signon): resp = self.client.get( '/data-sets', HTTP_AUTHORIZATION='Bearer correct-token') assert_equal(resp.status_code, 200) expected = [ { 'bearer_token': '', 'capped_size': None, 'name': 'group1_type1', 'data_type': 'type1', 'realtime': False, 'auto_ids': ['aa'], 'max_age_expected': 86400, 'data_group': 'group1', 'upload_filters': ['backdrop.filter.1'], 'queryable': True, 'upload_format': '', 'raw_queries_allowed': True, 'published': False }, { 'bearer_token': '', 'capped_size': None, 'name': 'set2', 'data_type': 'type1', 'realtime': False, 'auto_ids': ['aa', 'bb'], 'max_age_expected': 86400, 'data_group': 'group2', 'upload_filters': ['backdrop.filter.1', 'backdrop.filter.2'], 'queryable': True, 'upload_format': '', 'raw_queries_allowed': True, 'published': False }, { 'name': 'abc_-0123456789', 'data_group': 'group3', 'data_type': 'type3', 'bearer_token': '', 'capped_size': None, 'realtime': False, 'auto_ids': [], 'max_age_expected': 86400, 'upload_filters': [], 'queryable': True, 'upload_format': '', 'raw_queries_allowed': True, 'published': False }, { 'name': 'monitoring-data-set', 'data_group': 'group3', 'data_type': 'monitoring', 'bearer_token': '', 'capped_size': None, 'realtime': False, 'auto_ids': [], 'max_age_expected': 86400, 'upload_filters': [], 'queryable': True, 'upload_format': '', 'raw_queries_allowed': True, 'published': False } ] response_object = json.loads(resp.content.decode('utf-8')) assert_equal(len(response_object), len(expected)) for i, record in enumerate(expected): if record['data_type'] != 'monitoring': record['schema'] = self._get_default_schema( record['data_group'] + "/" + record['data_type'] ) else: record['schema'] = self.monitoring_schema assert_equal( record, response_object[i] )