def test_save_new_object_unauthorized(self):
plot = Plot(geom=self.p1, instance=self.instance)
self.assertRaises(AuthorizeException, plot.save_with_user, self.outlaw)
plot.save_base()
tree = Tree(plot=plot, instance=self.instance)
self.assertRaises(AuthorizeException, tree.save_with_user, self.outlaw)
def test_save_new_object_unauthorized_tweaker(self):
plot = Plot(geom=self.p1, instance=self.instance)
self.assertRaises(AuthorizeException,
plot.save_with_user, self.tweaker_user)
plot.save_base()
tree = Tree(plot=plot, instance=self.instance)
self.assertRaises(AuthorizeException,
tree.save_with_user, self.tweaker_user)
class ModelUnicodeTests(OTMTestCase):
def setUp(self):
self.instance = make_instance(name='Test Instance')
self.species = Species(instance=self.instance,
common_name='Test Common Name',
genus='Test Genus',
cultivar='Test Cultivar',
species='Test Species')
self.species.save_base()
self.user = make_user(username='******', password='******')
self.plot = Plot(geom=Point(1, 1), instance=self.instance,
address_street="123 Main Street")
self.plot.save_base()
self.tree = Tree(plot=self.plot, instance=self.instance)
self.tree.save_base()
self.boundary = make_simple_boundary("Test Boundary")
self.role = Role(instance=self.instance, name='Test Role',
rep_thresh=2)
self.role.save()
self.field_permission = FieldPermission(
model_name="Tree",
field_name="readonly",
permission_level=FieldPermission.READ_ONLY,
role=self.role,
instance=self.instance)
self.field_permission.save_base()
self.audit = Audit(action=Audit.Type.Update,
model="Tree",
field="readonly",
model_id=1,
user=self.user,
previous_value=True,
current_value=False)
self.audit.save_base()
self.reputation_metric = ReputationMetric(instance=self.instance,
model_name="Tree",
action="Test Action")
self.reputation_metric.save_base()
def test_instance_model(self):
self.assertEqual(unicode(self.instance), "Test Instance")
def test_species_model(self):
self.assertEqual(
unicode(self.species),
"Test Common Name [Test Genus Test Species 'Test Cultivar']")
def test_user_model(self):
self.assertEqual(unicode(self.user), 'commander')
def test_plot_model(self):
self.assertEqual(unicode(self.plot),
'Plot (1.0, 1.0) 123 Main Street')
def test_tree_model(self):
self.assertEqual(unicode(self.tree), '')
def test_boundary_model(self):
self.assertEqual(unicode(self.boundary), 'Test Boundary')
def test_role_model(self):
self.assertEqual(unicode(self.role), 'Test Role (%s)' % self.role.pk)
def test_field_permission_model(self):
self.assertEqual(unicode(self.field_permission),
'Tree.readonly - Test Role (%s) - Read Only'
% self.role.pk)
def test_audit_model(self):
self.assertEqual(
unicode(self.audit),
'pk=%s - action=Update - Tree.readonly:(1) - True => False'
% self.audit.pk)
def test_reputation_metric_model(self):
self.assertEqual(unicode(self.reputation_metric),
'Test Instance - Tree - Test Action')
class UDFAuditTest(OTMTestCase):
def setUp(self):
self.instance = make_instance()
self.commander_user = make_commander_user(self.instance)
set_write_permissions(self.instance, self.commander_user, 'Plot',
['udf:Test choice'])
self.p = Point(-8515941.0, 4953519.0)
UserDefinedFieldDefinition.objects.create(instance=self.instance,
model_type='Plot',
datatype=json.dumps({
'type':
'choice',
'choices':
['a', 'b', 'c']
}),
iscollection=False,
name='Test choice')
UserDefinedFieldDefinition.objects.create(instance=self.instance,
model_type='Plot',
datatype=json.dumps(
{'type': 'string'}),
iscollection=False,
name='Test unauth')
UserDefinedFieldDefinition.objects.create(instance=self.instance,
model_type='Plot',
datatype=json.dumps([{
'type':
'choice',
'name':
'a choice',
'choices':
['a', 'b', 'c']
}, {
'type':
'string',
'name':
'a string'
}]),
iscollection=True,
name='Test collection')
self.plot = Plot(geom=self.p, instance=self.instance)
self.plot.save_with_user(self.commander_user)
psycopg2.extras.register_hstore(connection.cursor(), globally=True)
def test_mask_unauthorized_with_udfs(self):
officer_user = make_officer_user(self.instance)
self.plot.udfs['Test choice'] = 'b'
self.plot.save_with_user(self.commander_user)
self.plot.udfs['Test unauth'] = 'foo'
self.plot.save_base()
newplot = Plot.objects.get(pk=self.plot.pk)
self.assertEqual(newplot.udfs['Test choice'], 'b')
self.assertEqual(newplot.udfs['Test unauth'], 'foo')
newplot = Plot.objects.get(pk=self.plot.pk)
newplot.mask_unauthorized_fields(self.commander_user)
self.assertEqual(newplot.udfs['Test choice'], 'b')
self.assertEqual(newplot.udfs['Test unauth'], None)
newplot = Plot.objects.get(pk=self.plot.pk)
newplot.mask_unauthorized_fields(officer_user)
self.assertEqual(newplot.udfs['Test choice'], None)
self.assertEqual(newplot.udfs['Test unauth'], None)
def test_update_field_creates_audit(self):
self.plot.udfs['Test choice'] = 'b'
self.plot.save_with_user(self.commander_user)
last_audit = list(self.plot.audits())[-1]
self.assertEqual(last_audit.model, 'Plot')
self.assertEqual(last_audit.model_id, self.plot.pk)
self.assertEqual(last_audit.field, 'udf:Test choice')
self.assertEqual(last_audit.previous_value, None)
self.assertEqual(last_audit.current_value, 'b')
self.plot.udfs['Test choice'] = 'c'
self.plot.save_with_user(self.commander_user)
last_audit = list(self.plot.audits())[-1]
self.assertEqual(last_audit.model, 'Plot')
self.assertEqual(last_audit.model_id, self.plot.pk)
self.assertEqual(last_audit.field, 'udf:Test choice')
self.assertEqual(last_audit.previous_value, 'b')
self.assertEqual(last_audit.current_value, 'c')
def test_cant_edit_unauthorized_collection(self):
self.plot.udfs['Test collection'] = [{
'a choice': 'a',
'a string': 's'
}]
self.assertRaises(AuthorizeException, self.plot.save_with_user,
self.commander_user)
def test_cant_edit_unauthorized_field(self):
self.plot.udfs['Test unauth'] = 'c'
self.assertRaises(AuthorizeException, self.plot.save_with_user,
self.commander_user)
def test_create_and_apply_pending(self):
pending = self.plot.audits().filter(requires_auth=True)
self.assertEqual(len(pending), 0)
role = self.commander_user.get_role(self.instance)
fp, _ = FieldPermission.objects.get_or_create(
model_name='Plot',
field_name='udf:Test unauth',
permission_level=FieldPermission.WRITE_WITH_AUDIT,
role=role,
instance=self.instance)
self.plot.udfs['Test unauth'] = 'c'
self.plot.save_with_user(self.commander_user)
reloaded_plot = Plot.objects.get(pk=self.plot.pk)
self.assertEqual(reloaded_plot.udfs['Test unauth'], None)
pending = self.plot.audits().filter(requires_auth=True)
self.assertEqual(len(pending), 1)
fp.permission_level = FieldPermission.WRITE_DIRECTLY
fp.save()
approve_or_reject_audit_and_apply(pending[0], self.commander_user,
True)
reloaded_plot = Plot.objects.get(pk=self.plot.pk)
self.assertEqual(reloaded_plot.udfs['Test unauth'], 'c')
def test_create_invalid_pending_collection(self):
pending = self.plot.audits().filter(requires_auth=True)
self.assertEqual(len(pending), 0)
role = self.commander_user.get_role(self.instance)
fp, _ = FieldPermission.objects.get_or_create(
model_name='Plot',
field_name='udf:Test collection',
permission_level=FieldPermission.WRITE_WITH_AUDIT,
role=role,
instance=self.instance)
self.plot.udfs['Test collection'] = [{
'a choice': 'invalid choice',
'a string': 's'
}]
self.assertRaises(ValidationError, self.plot.save_with_user,
self.commander_user)
def test_create_and_apply_pending_collection(self):
pending = self.plot.audits().filter(requires_auth=True)
self.assertEqual(len(pending), 0)
role = self.commander_user.get_role(self.instance)
fp, _ = FieldPermission.objects.get_or_create(
model_name='Plot',
field_name='udf:Test collection',
permission_level=FieldPermission.WRITE_WITH_AUDIT,
role=role,
instance=self.instance)
self.plot.udfs['Test collection'] = [{
'a choice': 'a',
'a string': 's'
}]
self.plot.save_with_user(self.commander_user)
reloaded_plot = Plot.objects.get(pk=self.plot.pk)
self.assertEqual(reloaded_plot.udfs['Test collection'], [])
pending = self.plot.audits().filter(requires_auth=True)
# Expecting 'model_id', 'id', 'field def id'
# and two udf fields ('a string' and 'a choice')
self.assertEqual(len(pending), 5)
fp.permission_level = FieldPermission.WRITE_DIRECTLY
fp.save()
approve_or_reject_audits_and_apply(pending, self.commander_user, True)
reloaded_plot = Plot.objects.get(pk=self.plot.pk)
col = reloaded_plot.udfs['Test collection']
self.assertEqual(len(col), 1)
self.assertEqual(col[0]['a choice'], 'a')
self.assertEqual(col[0]['a string'], 's')
class UserRoleFieldPermissionTest(MultiUserTestCase):
def setUp(self):
super(UserRoleFieldPermissionTest, self).setUp()
self.plot = Plot(geom=self.p1, instance=self.instance)
self.plot.save_with_user(self.commander_user)
self.tree = Tree(plot=self.plot, instance=self.instance)
self.tree.save_with_user(self.direct_user)
def test_no_permission_cant_edit_object(self):
self.plot.length = 10
self.assertRaises(AuthorizeException,
self.plot.save_with_user, self.outlaw_user)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.tree.diameter = 10
self.assertRaises(AuthorizeException,
self.tree.save_with_user, self.outlaw_user)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
def test_readonly_cant_edit_object(self):
self.plot.length = 10
self.assertRaises(AuthorizeException,
self.plot.save_with_user, self.observer_user)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.tree.diameter = 10
self.assertRaises(AuthorizeException,
self.tree.save_with_user, self.observer_user)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
def test_writeperm_allows_write(self):
self.plot.length = 10
self.plot.save_with_user(self.direct_user)
self.assertEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.tree.diameter = 10
self.tree.save_with_user(self.direct_user)
self.assertEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
def test_masking_authorized(self):
"When masking with a superuser, nothing should happen"
self.plot.width = 5
self.plot.save_with_user(self.commander_user)
plot = Plot.objects.get(pk=self.plot.pk)
plot.mask_unauthorized_fields(self.commander_user)
self.assertEqual(self.plot.width, plot.width)
def test_masking_unauthorized(self):
"Masking changes an unauthorized field to None"
self.plot.width = 5
self.plot.save_base()
plot = Plot.objects.get(pk=self.plot.pk)
plot.mask_unauthorized_fields(self.observer_user)
self.assertEqual(plot.width, None)
# geom is always readable
self.assertEqual(plot.geom, self.plot.geom)
plot = Plot.objects.get(pk=self.plot.pk)
plot.mask_unauthorized_fields(self.outlaw_user)
self.assertEqual(plot.width, None)
# geom is always readable
self.assertEqual(plot.geom, self.plot.geom)
def test_write_fails_if_any_fields_cant_be_written(self):
""" If a user tries to modify several fields simultaneously,
only some of which s/he has access to, the write will fail
for all fields."""
self.plot.length = 10
self.plot.width = 110
self.assertRaises(AuthorizeException,
self.plot.save_with_user, self.direct_user)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).width, 110)
self.tree.diameter = 10
self.tree.canopy_height = 110
self.assertRaises(AuthorizeException, self.tree.save_with_user,
self.direct_user)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter,
10)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).canopy_height,
110)
class UserRoleFieldPermissionTest(OTMTestCase):
def setUp(self):
self.p1 = Point(-8515941.0, 4953519.0)
self.instance = make_instance(point=self.p1)
self.commander = make_commander_user(self.instance)
self.officer = make_officer_user(self.instance)
self.observer = make_observer_user(self.instance)
self.outlaw = make_user_with_default_role(self.instance, 'outlaw')
self.plot = Plot(geom=self.p1, instance=self.instance)
self.plot.save_with_user(self.officer)
self.tree = Tree(plot=self.plot, instance=self.instance)
self.tree.save_with_user(self.officer)
def test_no_permission_cant_edit_object(self):
self.plot.length = 10
self.assertRaises(AuthorizeException,
self.plot.save_with_user, self.outlaw)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.tree.diameter = 10
self.assertRaises(AuthorizeException,
self.tree.save_with_user, self.outlaw)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
def test_readonly_cant_edit_object(self):
self.plot.length = 10
self.assertRaises(AuthorizeException,
self.plot.save_with_user, self.observer)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.tree.diameter = 10
self.assertRaises(AuthorizeException,
self.tree.save_with_user, self.observer)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
def test_writeperm_allows_write(self):
self.plot.length = 10
self.plot.save_with_user(self.officer)
self.assertEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.tree.diameter = 10
self.tree.save_with_user(self.officer)
self.assertEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
def test_save_new_object_authorized(self):
'''Save two new objects with authorized user, nothing should happen'''
plot = Plot(geom=self.p1, instance=self.instance)
plot.save_with_user(self.officer)
tree = Tree(plot=plot, instance=self.instance)
tree.save_with_user(self.officer)
def test_save_new_object_unauthorized(self):
plot = Plot(geom=self.p1, instance=self.instance)
self.assertRaises(AuthorizeException,
plot.save_with_user, self.outlaw)
plot.save_base()
tree = Tree(plot=plot, instance=self.instance)
self.assertRaises(AuthorizeException,
tree.save_with_user, self.outlaw)
def test_make_administrator_can_delete(self):
with self.assertRaises(AuthorizeException):
self.tree.delete_with_user(self.outlaw)
iuser = self.outlaw.get_instance_user(self.instance)
role = Role.objects.create(instance=self.instance,
name=Role.ADMINISTRATOR,
rep_thresh=0)
iuser.role = role
iuser.save_with_user(self.commander)
self.tree.delete_with_user(self.outlaw)
self.assertEqual(Tree.objects.count(), 0)
def test_delete_object(self):
with self.assertRaises(AuthorizeException):
self.tree.delete_with_user(self.outlaw)
with self.assertRaises(AuthorizeException):
self.plot.delete_with_user(self.outlaw, cascade=True)
with self.assertRaises(AuthorizeException):
self.tree.delete_with_user(self.officer)
with self.assertRaises(AuthorizeException):
self.plot.delete_with_user(self.officer, cascade=True)
self.tree.delete_with_user(self.commander)
self.plot.delete_with_user(self.commander, cascade=True)
def test_masking_authorized(self):
"When masking with a superuser, nothing should happen"
self.plot.width = 5
self.plot.save_with_user(self.commander)
plot = Plot.objects.get(pk=self.plot.pk)
plot.mask_unauthorized_fields(self.commander)
self.assertEqual(self.plot.width, plot.width)
def test_masking_unauthorized(self):
"Masking changes an unauthorized field to None"
self.plot.width = 5
self.plot.save_base()
plot = Plot.objects.get(pk=self.plot.pk)
plot.mask_unauthorized_fields(self.observer)
self.assertEqual(None, plot.width)
plot = Plot.objects.get(pk=self.plot.pk)
plot.mask_unauthorized_fields(self.outlaw)
self.assertEqual(None, plot.width)
def test_masking_whole_queryset(self):
"Masking also works on entire querysets"
self.plot.width = 5
self.plot.save_base()
plots = Plot.objects.filter(pk=self.plot.pk)
plot = Plot.mask_queryset(plots, self.observer)[0]
self.assertEqual(None, plot.width)
def test_write_fails_if_any_fields_cant_be_written(self):
""" If a user tries to modify several fields simultaneously,
only some of which s/he has access to, the write will fail
for all fields."""
self.plot.length = 10
self.plot.width = 110
self.assertRaises(AuthorizeException,
self.plot.save_with_user, self.officer)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).width, 110)
self.tree.diameter = 10
self.tree.canopy_height = 110
self.assertRaises(AuthorizeException, self.tree.save_with_user,
self.officer)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter,
10)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).canopy_height,
110)
class ModelUnicodeTests(OTMTestCase):
def setUp(self):
self.instance = make_instance(name='Test Instance')
self.species = Species(instance=self.instance,
common_name='Test Common Name',
genus='Test Genus',
cultivar='Test Cultivar',
species='Test Species')
self.species.save_base()
self.user = make_user(username='******', password='******')
self.plot = Plot(geom=Point(1, 1),
instance=self.instance,
address_street="123 Main Street")
self.plot.save_base()
self.tree = Tree(plot=self.plot, instance=self.instance)
self.tree.save_base()
self.boundary = make_simple_boundary("Test Boundary")
self.role = Role(instance=self.instance,
name='Test Role',
rep_thresh=2)
self.role.save()
self.field_permission = FieldPermission(
model_name="Tree",
field_name="readonly",
permission_level=FieldPermission.READ_ONLY,
role=self.role,
instance=self.instance)
self.field_permission.save_base()
self.audit = Audit(action=Audit.Type.Update,
model="Tree",
field="readonly",
model_id=1,
user=self.user,
previous_value=True,
current_value=False)
self.audit.save_base()
self.reputation_metric = ReputationMetric(instance=self.instance,
model_name="Tree",
action="Test Action")
self.reputation_metric.save_base()
def test_instance_model(self):
self.assertEqual(unicode(self.instance), "Test Instance")
def test_species_model(self):
self.assertEqual(
unicode(self.species),
"Test Common Name [Test Genus Test Species 'Test Cultivar']")
def test_user_model(self):
self.assertEqual(unicode(self.user), 'commander')
def test_plot_model(self):
self.assertEqual(unicode(self.plot), 'Plot (1.0, 1.0) 123 Main Street')
def test_tree_model(self):
self.assertEqual(unicode(self.tree), '')
def test_boundary_model(self):
self.assertEqual(unicode(self.boundary), 'Test Boundary')
def test_role_model(self):
self.assertEqual(unicode(self.role), 'Test Role (%s)' % self.role.pk)
def test_field_permission_model(self):
self.assertEqual(
unicode(self.field_permission),
'Tree.readonly - Test Role (%s) - Read Only' % self.role.pk)
def test_audit_model(self):
self.assertEqual(
unicode(self.audit),
'pk=%s - action=Update - Tree.readonly:(1) - True => False' %
self.audit.pk)
def test_reputation_metric_model(self):
self.assertEqual(unicode(self.reputation_metric),
'Test Instance - Tree - Test Action')
class UDFAuditTest(TestCase):
def setUp(self):
self.instance = make_instance()
self.commander_user = make_commander_user(self.instance)
set_write_permissions(self.instance, self.commander_user,
'Plot', ['udf:Test choice'])
self.p = Point(-8515941.0, 4953519.0)
UserDefinedFieldDefinition.objects.create(
instance=self.instance,
model_type='Plot',
datatype=json.dumps({'type': 'choice',
'choices': ['a', 'b', 'c']}),
iscollection=False,
name='Test choice')
UserDefinedFieldDefinition.objects.create(
instance=self.instance,
model_type='Plot',
datatype=json.dumps({'type': 'string'}),
iscollection=False,
name='Test unauth')
UserDefinedFieldDefinition.objects.create(
instance=self.instance,
model_type='Plot',
datatype=json.dumps([{'type': 'choice',
'name': 'a choice',
'choices': ['a', 'b', 'c']},
{'type': 'string',
'name': 'a string'}]),
iscollection=True,
name='Test collection')
self.plot = Plot(geom=self.p, instance=self.instance)
self.plot.save_with_user(self.commander_user)
psycopg2.extras.register_hstore(connection.cursor(), globally=True)
def test_mask_unauthorized_with_udfs(self):
officer_user = make_officer_user(self.instance)
self.plot.udfs['Test choice'] = 'b'
self.plot.save_with_user(self.commander_user)
self.plot.udfs['Test unauth'] = 'foo'
self.plot.save_base()
newplot = Plot.objects.get(pk=self.plot.pk)
self.assertEqual(newplot.udfs['Test choice'], 'b')
self.assertEqual(newplot.udfs['Test unauth'], 'foo')
newplot = Plot.objects.get(pk=self.plot.pk)
newplot.mask_unauthorized_fields(self.commander_user)
self.assertEqual(newplot.udfs['Test choice'], 'b')
self.assertEqual(newplot.udfs['Test unauth'], None)
newplot = Plot.objects.get(pk=self.plot.pk)
newplot.mask_unauthorized_fields(officer_user)
self.assertEqual(newplot.udfs['Test choice'], None)
self.assertEqual(newplot.udfs['Test unauth'], None)
def test_update_field_creates_audit(self):
self.plot.udfs['Test choice'] = 'b'
self.plot.save_with_user(self.commander_user)
last_audit = list(self.plot.audits())[-1]
self.assertEqual(last_audit.model, 'Plot')
self.assertEqual(last_audit.model_id, self.plot.pk)
self.assertEqual(last_audit.field, 'udf:Test choice')
self.assertEqual(last_audit.previous_value, None)
self.assertEqual(last_audit.current_value, 'b')
self.plot.udfs['Test choice'] = 'c'
self.plot.save_with_user(self.commander_user)
last_audit = list(self.plot.audits())[-1]
self.assertEqual(last_audit.model, 'Plot')
self.assertEqual(last_audit.model_id, self.plot.pk)
self.assertEqual(last_audit.field, 'udf:Test choice')
self.assertEqual(last_audit.previous_value, 'b')
self.assertEqual(last_audit.current_value, 'c')
def test_cant_edit_unauthorized_collection(self):
self.plot.udfs['Test collection'] = [
{'a choice': 'a', 'a string': 's'}]
self.assertRaises(AuthorizeException,
self.plot.save_with_user, self.commander_user)
def test_cant_edit_unauthorized_field(self):
self.plot.udfs['Test unauth'] = 'c'
self.assertRaises(AuthorizeException,
self.plot.save_with_user, self.commander_user)
def test_create_and_apply_pending(self):
pending = self.plot.audits().filter(requires_auth=True)
self.assertEqual(len(pending), 0)
role = self.commander_user.get_role(self.instance)
fp, _ = FieldPermission.objects.get_or_create(
model_name='Plot', field_name='udf:Test unauth',
permission_level=FieldPermission.WRITE_WITH_AUDIT,
role=role, instance=self.instance)
self.plot.udfs['Test unauth'] = 'c'
self.plot.save_with_user(self.commander_user)
reloaded_plot = Plot.objects.get(pk=self.plot.pk)
self.assertEqual(
reloaded_plot.udfs['Test unauth'],
None)
pending = self.plot.audits().filter(requires_auth=True)
self.assertEqual(len(pending), 1)
fp.permission_level = FieldPermission.WRITE_DIRECTLY
fp.save()
approve_or_reject_audit_and_apply(pending[0],
self.commander_user,
True)
reloaded_plot = Plot.objects.get(pk=self.plot.pk)
self.assertEqual(
reloaded_plot.udfs['Test unauth'],
'c')
def test_create_invalid_pending_collection(self):
pending = self.plot.audits().filter(requires_auth=True)
self.assertEqual(len(pending), 0)
role = self.commander_user.get_role(self.instance)
fp, _ = FieldPermission.objects.get_or_create(
model_name='Plot', field_name='udf:Test collection',
permission_level=FieldPermission.WRITE_WITH_AUDIT,
role=role, instance=self.instance)
self.plot.udfs['Test collection'] = [
{'a choice': 'invalid choice', 'a string': 's'}]
self.assertRaises(ValidationError,
self.plot.save_with_user, self.commander_user)
def test_create_and_apply_pending_collection(self):
pending = self.plot.audits().filter(requires_auth=True)
self.assertEqual(len(pending), 0)
role = self.commander_user.get_role(self.instance)
fp, _ = FieldPermission.objects.get_or_create(
model_name='Plot', field_name='udf:Test collection',
permission_level=FieldPermission.WRITE_WITH_AUDIT,
role=role, instance=self.instance)
self.plot.udfs['Test collection'] = [
{'a choice': 'a', 'a string': 's'}]
self.plot.save_with_user(self.commander_user)
reloaded_plot = Plot.objects.get(pk=self.plot.pk)
self.assertEqual(
reloaded_plot.udfs['Test collection'],
[])
pending = self.plot.audits().filter(requires_auth=True)
# Expecting 'model_id', 'id', 'field def id'
# and two udf fields ('a string' and 'a choice')
self.assertEqual(len(pending), 5)
fp.permission_level = FieldPermission.WRITE_DIRECTLY
fp.save()
approve_or_reject_audits_and_apply(pending,
self.commander_user,
True)
reloaded_plot = Plot.objects.get(pk=self.plot.pk)
col = reloaded_plot.udfs['Test collection']
self.assertEqual(len(col), 1)
self.assertEqual(col[0]['a choice'], 'a')
self.assertEqual(col[0]['a string'], 's')
class UserRoleFieldPermissionTest(MultiUserTestCase):
def setUp(self):
super(UserRoleFieldPermissionTest, self).setUp()
self.plot = Plot(geom=self.p1, instance=self.instance)
self.plot.save_with_user(self.commander_user)
self.tree = Tree(plot=self.plot, instance=self.instance)
self.tree.save_with_user(self.direct_user)
def test_no_permission_cant_edit_object(self):
self.plot.length = 10
self.assertRaises(AuthorizeException,
self.plot.save_with_user, self.outlaw_user)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.tree.diameter = 10
self.assertRaises(AuthorizeException,
self.tree.save_with_user, self.outlaw_user)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
def test_readonly_cant_edit_object(self):
self.plot.length = 10
self.assertRaises(AuthorizeException,
self.plot.save_with_user, self.observer_user)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.tree.diameter = 10
self.assertRaises(AuthorizeException,
self.tree.save_with_user, self.observer_user)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
def test_writeperm_allows_write(self):
self.plot.length = 10
self.plot.save_with_user(self.direct_user)
self.assertEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.tree.diameter = 10
self.tree.save_with_user(self.direct_user)
self.assertEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
def test_masking_authorized(self):
"When masking with a superuser, nothing should happen"
self.plot.width = 5
self.plot.save_with_user(self.commander_user)
plot = Plot.objects.get(pk=self.plot.pk)
plot.mask_unauthorized_fields(self.commander_user)
self.assertEqual(self.plot.width, plot.width)
def test_masking_unauthorized(self):
"Masking changes an unauthorized field to None"
self.plot.width = 5
self.plot.save_base()
plot = Plot.objects.get(pk=self.plot.pk)
plot.mask_unauthorized_fields(self.observer_user)
self.assertEqual(plot.width, None)
# geom is always readable
self.assertEqual(plot.geom, self.plot.geom)
plot = Plot.objects.get(pk=self.plot.pk)
plot.mask_unauthorized_fields(self.outlaw_user)
self.assertEqual(plot.width, None)
# geom is always readable
self.assertEqual(plot.geom, self.plot.geom)
def test_write_fails_if_any_fields_cant_be_written(self):
""" If a user tries to modify several fields simultaneously,
only some of which s/he has access to, the write will fail
for all fields."""
self.plot.length = 10
self.plot.width = 110
self.assertRaises(AuthorizeException,
self.plot.save_with_user, self.direct_user)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).width, 110)
self.tree.diameter = 10
self.tree.canopy_height = 110
self.assertRaises(AuthorizeException, self.tree.save_with_user,
self.direct_user)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter,
10)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).canopy_height,
110)
class UDFAuditTest(OTMTestCase):
def setUp(self):
self.p = Point(-8515941.0, 4953519.0)
self.instance = make_instance(point=self.p)
self.commander_user = make_commander_user(self.instance)
set_write_permissions(self.instance, self.commander_user, "Plot", ["udf:Test choice"])
UserDefinedFieldDefinition.objects.create(
instance=self.instance,
model_type="Plot",
datatype=json.dumps({"type": "choice", "choices": ["a", "b", "c"]}),
iscollection=False,
name="Test choice",
)
UserDefinedFieldDefinition.objects.create(
instance=self.instance,
model_type="Plot",
datatype=json.dumps({"type": "string"}),
iscollection=False,
name="Test unauth",
)
UserDefinedFieldDefinition.objects.create(
instance=self.instance,
model_type="Plot",
datatype=json.dumps(
[
{"type": "choice", "name": "a choice", "choices": ["a", "b", "c"]},
{"type": "string", "name": "a string"},
]
),
iscollection=True,
name="Test collection",
)
self.plot = Plot(geom=self.p, instance=self.instance)
self.plot.save_with_user(self.commander_user)
psycopg2.extras.register_hstore(connection.cursor(), globally=True)
def test_mask_unauthorized_with_udfs(self):
officer_user = make_officer_user(self.instance)
self.plot.udfs["Test choice"] = "b"
self.plot.save_with_user(self.commander_user)
self.plot.udfs["Test unauth"] = "foo"
self.plot.save_base()
newplot = Plot.objects.get(pk=self.plot.pk)
self.assertEqual(newplot.udfs["Test choice"], "b")
self.assertEqual(newplot.udfs["Test unauth"], "foo")
newplot = Plot.objects.get(pk=self.plot.pk)
newplot.mask_unauthorized_fields(self.commander_user)
self.assertEqual(newplot.udfs["Test choice"], "b")
self.assertEqual(newplot.udfs["Test unauth"], None)
newplot = Plot.objects.get(pk=self.plot.pk)
newplot.mask_unauthorized_fields(officer_user)
self.assertEqual(newplot.udfs["Test choice"], None)
self.assertEqual(newplot.udfs["Test unauth"], None)
def test_update_field_creates_audit(self):
self.plot.udfs["Test choice"] = "b"
self.plot.save_with_user(self.commander_user)
last_audit = list(self.plot.audits())[-1]
self.assertEqual(last_audit.model, "Plot")
self.assertEqual(last_audit.model_id, self.plot.pk)
self.assertEqual(last_audit.field, "udf:Test choice")
self.assertEqual(last_audit.previous_value, None)
self.assertEqual(last_audit.current_value, "b")
self.plot.udfs["Test choice"] = "c"
self.plot.save_with_user(self.commander_user)
last_audit = list(self.plot.audits())[-1]
self.assertEqual(last_audit.model, "Plot")
self.assertEqual(last_audit.model_id, self.plot.pk)
self.assertEqual(last_audit.field, "udf:Test choice")
self.assertEqual(last_audit.previous_value, "b")
self.assertEqual(last_audit.current_value, "c")
def test_cant_edit_unauthorized_collection(self):
self.plot.udfs["Test collection"] = [{"a choice": "a", "a string": "s"}]
self.assertRaises(AuthorizeException, self.plot.save_with_user, self.commander_user)
def test_cant_edit_unauthorized_field(self):
self.plot.udfs["Test unauth"] = "c"
self.assertRaises(AuthorizeException, self.plot.save_with_user, self.commander_user)
def test_create_and_apply_pending(self):
pending = self.plot.audits().filter(requires_auth=True)
self.assertEqual(len(pending), 0)
role = self.commander_user.get_role(self.instance)
fp, __ = FieldPermission.objects.get_or_create(
model_name="Plot",
field_name="udf:Test unauth",
permission_level=FieldPermission.WRITE_WITH_AUDIT,
role=role,
instance=self.instance,
)
self.plot.udfs["Test unauth"] = "c"
self.plot.save_with_user(self.commander_user)
reloaded_plot = Plot.objects.get(pk=self.plot.pk)
self.assertEqual(reloaded_plot.udfs["Test unauth"], None)
pending = self.plot.audits().filter(requires_auth=True)
self.assertEqual(len(pending), 1)
fp.permission_level = FieldPermission.WRITE_DIRECTLY
fp.save()
approve_or_reject_audit_and_apply(pending[0], self.commander_user, True)
reloaded_plot = Plot.objects.get(pk=self.plot.pk)
self.assertEqual(reloaded_plot.udfs["Test unauth"], "c")
def test_create_invalid_pending_collection(self):
pending = self.plot.audits().filter(requires_auth=True)
self.assertEqual(len(pending), 0)
role = self.commander_user.get_role(self.instance)
fp, __ = FieldPermission.objects.get_or_create(
model_name="Plot",
field_name="udf:Test collection",
permission_level=FieldPermission.WRITE_WITH_AUDIT,
role=role,
instance=self.instance,
)
self.plot.udfs["Test collection"] = [{"a choice": "invalid choice", "a string": "s"}]
self.assertRaises(ValidationError, self.plot.save_with_user, self.commander_user)
def test_create_and_apply_pending_collection(self):
pending = self.plot.audits().filter(requires_auth=True)
self.assertEqual(len(pending), 0)
role = self.commander_user.get_role(self.instance)
fp, __ = FieldPermission.objects.get_or_create(
model_name="Plot",
field_name="udf:Test collection",
permission_level=FieldPermission.WRITE_WITH_AUDIT,
role=role,
instance=self.instance,
)
self.plot.udfs["Test collection"] = [{"a choice": "a", "a string": "s"}]
self.plot.save_with_user(self.commander_user)
reloaded_plot = Plot.objects.get(pk=self.plot.pk)
self.assertEqual(reloaded_plot.udfs["Test collection"], [])
pending = self.plot.audits().filter(requires_auth=True)
# Expecting 'model_id', 'id', 'field def id'
# and two udf fields ('a string' and 'a choice')
self.assertEqual(len(pending), 5)
fp.permission_level = FieldPermission.WRITE_DIRECTLY
fp.save()
approve_or_reject_audits_and_apply(pending, self.commander_user, True)
reloaded_plot = Plot.objects.get(pk=self.plot.pk)
col = reloaded_plot.udfs["Test collection"]
self.assertEqual(len(col), 1)
self.assertEqual(col[0]["a choice"], "a")
self.assertEqual(col[0]["a string"], "s")
class UserRoleFieldPermissionTest(OTMTestCase):
def setUp(self):
self.p1 = Point(-8515941.0, 4953519.0)
self.instance = make_instance(point=self.p1)
self.commander = make_commander_user(self.instance)
self.officer = make_officer_user(self.instance)
self.observer = make_observer_user(self.instance)
self.outlaw = make_user_with_default_role(self.instance, 'outlaw')
self.plot = Plot(geom=self.p1, instance=self.instance)
self.plot.save_with_user(self.officer)
self.tree = Tree(plot=self.plot, instance=self.instance)
self.tree.save_with_user(self.officer)
def test_no_permission_cant_edit_object(self):
self.plot.length = 10
self.assertRaises(AuthorizeException, self.plot.save_with_user,
self.outlaw)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.tree.diameter = 10
self.assertRaises(AuthorizeException, self.tree.save_with_user,
self.outlaw)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
def test_readonly_cant_edit_object(self):
self.plot.length = 10
self.assertRaises(AuthorizeException, self.plot.save_with_user,
self.observer)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.tree.diameter = 10
self.assertRaises(AuthorizeException, self.tree.save_with_user,
self.observer)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
def test_writeperm_allows_write(self):
self.plot.length = 10
self.plot.save_with_user(self.officer)
self.assertEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.tree.diameter = 10
self.tree.save_with_user(self.officer)
self.assertEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
def test_save_new_object_authorized(self):
'''Save two new objects with authorized user, nothing should happen'''
plot = Plot(geom=self.p1, instance=self.instance)
plot.save_with_user(self.officer)
tree = Tree(plot=plot, instance=self.instance)
tree.save_with_user(self.officer)
def test_save_new_object_unauthorized(self):
plot = Plot(geom=self.p1, instance=self.instance)
self.assertRaises(AuthorizeException, plot.save_with_user, self.outlaw)
plot.save_base()
tree = Tree(plot=plot, instance=self.instance)
self.assertRaises(AuthorizeException, tree.save_with_user, self.outlaw)
def test_make_administrator_can_delete(self):
with self.assertRaises(AuthorizeException):
self.tree.delete_with_user(self.outlaw)
iuser = self.outlaw.get_instance_user(self.instance)
role = Role.objects.create(instance=self.instance,
name=Role.ADMINISTRATOR,
rep_thresh=0)
iuser.role = role
iuser.save_with_user(self.commander)
self.tree.delete_with_user(self.outlaw)
self.assertEqual(Tree.objects.count(), 0)
def test_delete_object(self):
with self.assertRaises(AuthorizeException):
self.tree.delete_with_user(self.outlaw)
with self.assertRaises(AuthorizeException):
self.plot.delete_with_user(self.outlaw, cascade=True)
with self.assertRaises(AuthorizeException):
self.tree.delete_with_user(self.officer)
with self.assertRaises(AuthorizeException):
self.plot.delete_with_user(self.officer, cascade=True)
self.tree.delete_with_user(self.commander)
self.plot.delete_with_user(self.commander, cascade=True)
def test_masking_authorized(self):
"When masking with a superuser, nothing should happen"
self.plot.width = 5
self.plot.save_with_user(self.commander)
plot = Plot.objects.get(pk=self.plot.pk)
plot.mask_unauthorized_fields(self.commander)
self.assertEqual(self.plot.width, plot.width)
def test_masking_unauthorized(self):
"Masking changes an unauthorized field to None"
self.plot.width = 5
self.plot.save_base()
plot = Plot.objects.get(pk=self.plot.pk)
plot.mask_unauthorized_fields(self.observer)
self.assertEqual(None, plot.width)
plot = Plot.objects.get(pk=self.plot.pk)
plot.mask_unauthorized_fields(self.outlaw)
self.assertEqual(None, plot.width)
def test_masking_whole_queryset(self):
"Masking also works on entire querysets"
self.plot.width = 5
self.plot.save_base()
plots = Plot.objects.filter(pk=self.plot.pk)
plot = Plot.mask_queryset(plots, self.observer)[0]
self.assertEqual(None, plot.width)
def test_write_fails_if_any_fields_cant_be_written(self):
""" If a user tries to modify several fields simultaneously,
only some of which s/he has access to, the write will fail
for all fields."""
self.plot.length = 10
self.plot.width = 110
self.assertRaises(AuthorizeException, self.plot.save_with_user,
self.officer)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).length, 10)
self.assertNotEqual(Plot.objects.get(pk=self.plot.pk).width, 110)
self.tree.diameter = 10
self.tree.canopy_height = 110
self.assertRaises(AuthorizeException, self.tree.save_with_user,
self.officer)
self.assertNotEqual(Tree.objects.get(pk=self.tree.pk).diameter, 10)
self.assertNotEqual(
Tree.objects.get(pk=self.tree.pk).canopy_height, 110)
