コード例 #1
0
    def test_asset_patch_validation(self):
        """User's only allow to PATCH an asset that has a department their are part of, and the
        PATCH department has to be one he belongs to"""
        client = APIClient()
        asset_dict = copy.copy(COMPLETE_ASSET)
        asset_dict['department'] = 'TESTDEPT2'
        asset = Asset(**asset_dict)
        asset.save()
        result_patch = client.patch('/assets/%s/' % asset.pk,
                                    {"name": "asset1"})
        # Not allowed because the asset belongs to TESTDEPT2
        self.assert_method_is_not_listed_as_allowed('PATCH', asset)
        self.assertEqual(result_patch.status_code, 403)

        # We fix the department, so now the user should be allow but we try to change the
        # department to another that the user doesn't belong to
        asset.department = 'TESTDEPT'
        set_local_user(self.user)
        asset.save()

        # User is in principle allowed ...
        self.assert_method_is_listed_as_allowed('PATCH', asset)

        # ... but not in this case
        result_patch = client.patch('/assets/%s/' % asset.pk,
                                    {"department": "TESTDEPT2"})
        self.assertEqual(result_patch.status_code, 403)

        # This one should be allowed
        result_patch = client.patch('/assets/%s/' % asset.pk,
                                    {"name": "asset2"})
        self.assert_method_is_listed_as_allowed('PATCH', asset)
        self.assertEqual(result_patch.status_code, 200)
コード例 #2
0
    def test_asset_put_validation(self):
        """User's only allow to PUT an asset that has a department their are part of, and the
        PUT department has to be one he belongs to"""
        client = APIClient()
        asset_dict = copy.copy(COMPLETE_ASSET)
        asset_dict['department'] = 'TESTDEPT2'
        asset = Asset(**asset_dict)
        asset.save()
        result_put = client.put('/assets/%s/' % asset.pk, COMPLETE_ASSET)
        # Not allowed because the asset belongs to TESTDEPT2
        self.assert_method_is_not_listed_as_allowed('PUT', asset)
        self.assertEqual(result_put.status_code, 403)

        # We fix the department, so now the user should be allow but we try to change the
        # department to another that the user doesn't belong to
        asset.department = 'TESTDEPT'
        set_local_user(self.user)
        asset.save()

        # User can, in principle PUT...
        self.assert_method_is_listed_as_allowed('PUT', asset)

        # ... but not this asset
        result_put = client.put('/assets/%s/' % asset.pk, asset_dict)
        self.assertEqual(result_put.status_code, 403)

        # This one should be allowed
        asset_dict['department'] = 'TESTDEPT'
        asset_dict['name'] = 'asset2'
        result_put = client.put('/assets/%s/' % asset.pk, asset_dict)
        self.assert_method_is_listed_as_allowed('PUT', asset)
        self.assertEqual(result_put.status_code, 200)
コード例 #3
0
ファイル: views.py プロジェクト: abrahammartin/iar-backend 
    def initial(self, request, *args, **kwargs):
        """Runs anything that needs to occur prior to calling the method handler."""
        # Perform any authentication, permissions checking etc.
        super().initial(request, *args, **kwargs)

        # Set the local user for the auditing framework
        set_local_user(request.user)
コード例 #4
0
 def setUp(self):
     self.user = get_user_model().objects.create_user(username='******')
     self.user_lookup = UserLookup.objects.create(
         user=self.user, scheme='mock', identifier=self.user.username)
     set_local_user(self.user)
     self.asset = Asset(name='test-asset')
     self.asset.save()
コード例 #5
0
    def test_audit_anonymous_user(self):

        set_local_user(AnonymousUser())

        # test
        self.test_model._meta.fields.update(
            {'description': "it's a round window"})
        self.test_model.save()

        # check
        self.assertEqual(1, Audit.objects.count())
        self.assertIsNone(Audit.objects.all().first().who)
コード例 #6
0
    def test_asset_stats(self):
        """The asset stats endpoint reports correct statistics."""
        set_local_user(
            self.user)  # Some user which will be used in the audit log

        # A complete asset
        self.create_asset_from_dict(COMPLETE_ASSET)

        # An incomplete asset w/ no personal data
        self.create_asset_from_dict(
            merge_dicts(COMPLETE_ASSET, {'personal_data': False},
                        deleted_keys=['name']))

        # An asset from TESTDEPT2
        self.create_asset_from_dict(
            merge_dicts(COMPLETE_ASSET, {'department': 'TESTDEPT2'}))

        # A deleted asset
        asset = self.create_asset_from_dict(COMPLETE_ASSET)
        asset.deleted_at = now()
        asset.save()

        # Retrieve the stats
        client = APIClient()
        response = client.get('/stats', format='json')

        self.assertDictEqual(
            json.loads(response.content), {
                'all': {
                    'total': 3,
                    'completed': 2,
                    'with_personal_data': 2
                },
                'by_institution': {
                    'TESTDEPT': {
                        'total': 2,
                        'completed': 1,
                        'with_personal_data': 1
                    },
                    'TESTDEPT2': {
                        'total': 1,
                        'completed': 1,
                        'with_personal_data': 1
                    },
                },
            })
コード例 #7
0
 def setUp(self):
     set_local_user(self.user)
     self.test_model = TestModel()
コード例 #8
0
 def process_request(cls, request):
     set_local_user(request.user)