def test_define_invalid_action_list(self):
result, _ = self.test_action('permission_define',
should_error=True,
actions=[
1,
])
assert_error(result, 'actions', 'Not a string')
def test_user_role_assign_invalid_already_assigned(self):
user_role = ckanext_factories.UserRole()
result, _ = self.test_action('user_role_assign', should_error=True,
user_id=user_role['user_id'],
role_id=user_role['role_id'],
organization_id=user_role['organization_id'])
assert_error(result, 'message', 'The role has already been assigned to the user')
def test_sysadmin_user(self):
user = ckan_factories.Sysadmin()
result, _ = self.test_action('user_privilege_check',
action='package_create',
user_id=user['id'])
assert result['success'] is True
assert_error(result, 'msg', 'User is a sysadmin')
def test_valid(self):
self._prepare_user_privilege()
result, _ = self.test_action('user_privilege_check',
action=self.permission['actions'][0],
user_id=self.user['name'])
assert result['success'] is True
assert_error(result, 'msg', 'User is permitted to perform the action')
def test_permission_grant_invalid_already_granted(self):
role_permission = ckanext_factories.RolePermission()
result, _ = self.test_action('role_permission_grant', should_error=True,
role_id=role_permission['role_id'],
content_type=role_permission['content_type'],
operation=role_permission['operation'])
assert_error(result, 'message', 'The specified permission has already been granted to the role')
def test_automatic_privilege(self):
for action in _default_allow_actions:
result, _ = self.test_action('user_privilege_check',
action=action,
user_id='')
assert result['success'] is True
assert_error(result, 'msg',
'The action %s is allowed by default' % action)
def test_deleted_user(self):
user = ckan_factories.User()
call_action('user_delete', id=user['id'])
result, _ = self.test_action('user_privilege_check',
action='package_create',
user_id=user['id'])
assert result['success'] is False
assert_error(result, 'msg', 'Unknown user')
def test_user_role_unassign_invalid_not_assigned(self):
role = ckanext_factories.Role()
org = ckan_factories.Organization()
result, _ = self.test_action('user_role_unassign', should_error=True,
user_id=self.normal_user['id'],
role_id=role['id'],
organization_id=org['id'])
assert_error(result, 'message', 'The user does not have the specified role')
def test_permission_revoke_invalid_not_granted(self):
role = ckanext_factories.Role()
permission = ckanext_factories.Permission()
result, _ = self.test_action('role_permission_revoke', should_error=True,
role_id=role['name'],
content_type=permission['content_type'],
operation=permission['operation'])
assert_error(result, 'message', 'The role does not have the specified permission')
def test_user_role_assign_invalid_deleted_role(self):
role = ckanext_factories.Role()
org = ckan_factories.Organization()
call_action('role_delete', id=role['id'])
result, _ = self.test_action('user_role_assign', should_error=True, exception_class=tk.ObjectNotFound,
user_id=self.normal_user['name'],
role_id=role['name'],
organization_id=org['name'])
assert_error(result, '', 'Not found: Role')
def test_update_invalid_duplicate_name(self):
role1 = ckanext_factories.Role()
role2 = ckanext_factories.Role()
input_dict = {
'id': role1['id'],
'name': role2['name'],
}
result, obj = self.test_action('role_update', should_error=True, **input_dict)
assert_error(result, 'name', 'Duplicate name')
def test_deleted_role(self):
self._prepare_user_privilege()
call_action('role_delete', id=self.role['id'])
result, _ = self.test_action('user_privilege_check',
action=self.permission['actions'][0],
user_id=self.user['name'])
assert result['success'] is False
assert_error(result, 'msg',
'User is not permitted to perform the action')
def test_undefined_permission(self):
self._prepare_user_privilege()
call_action('permission_undefine',
content_type=self.permission['content_type'],
operation=self.permission['operation'],
actions=self.permission['actions'][0:1])
result, _ = self.test_action('user_privilege_check',
action=self.permission['actions'][0],
user_id=self.user['name'])
assert result['success'] is False
assert_error(result, 'msg',
'User is not permitted to perform the action')
def test_deleted_permissions(self):
self._prepare_user_privilege()
call_action('permission_delete_all')
result, _ = self.test_action('user_privilege_check',
action=self.permission['actions'][0],
user_id=self.user['name'])
assert result['success'] is False
assert_error(result, 'msg',
'User is not permitted to perform the action')
# restore the permissions - since the role_permissions still exist,
# the user should again be privileged to perform the action
call_action('permission_define',
content_type=self.permission['content_type'],
operation=self.permission['operation'],
actions=self.permission['actions'])
result, _ = self.test_action('user_privilege_check',
action=self.permission['actions'][0],
user_id=self.user['name'])
assert result['success'] is True
assert_error(result, 'msg', 'User is permitted to perform the action')
result, _ = self.test_action('user_privilege_check',
action=self.permission['actions'][1],
user_id=self.user['name'])
assert result['success'] is True
assert_error(result, 'msg', 'User is permitted to perform the action')
def test_define_invalid_missing_values(self):
result, _ = self.test_action('permission_define',
should_error=True,
content_type='',
operation='',
actions=[])
assert_error(result, 'content_type', 'Missing value')
assert_error(result, 'operation', 'Missing value')
assert_error(result, 'actions', 'Missing value')
def test_invalid_user(self):
result, _ = self.test_action('user_privilege_check',
action='package_create',
user_id='foo')
assert result['success'] is False
assert_error(result, 'msg', 'Unknown user')
def test_create_invalid_missing_name(self):
result, obj = self.test_action('role_create', should_error=True,
name='')
assert_error(result, 'name', 'Missing value')
def test_invalid_action(self):
result, _ = self.test_action('user_privilege_check',
should_error=True,
action='foo',
user_id='')
assert_error(result, 'action', 'The action foo does not exist')
def test_create_invalid_duplicate_name(self):
role = ckanext_factories.Role()
result, obj = self.test_action('role_create', should_error=True,
name=role['name'])
assert_error(result, 'name', 'Duplicate name')
def test_define_invalid_action_not_exist(self):
result, _ = self.test_action('permission_define',
should_error=True,
actions=['foo', 'package_create', 'bar'])
assert_error(result, 'actions', 'The action foo does not exist')
assert_error(result, 'actions', 'The action bar does not exist')
def test_missing_values(self):
result, _ = self.test_action('user_privilege_check', should_error=True)
assert_error(result, 'user_id', 'Missing value')
assert_error(result, 'action', 'Missing value')