def test_user_owns_package_as_member(self, mock_users_role):
"""Test ckanext.userdatasets.logic.auth.auth.user_owns_package_as_member
Ensure all the possible combination of parameters always lead to the expected
result.
"""
tests = [{
'user': SMock(id=444, name='turtle'),
'package': SMock(creator_user_id=444, owner_org='carrot'),
'role': 'member',
'result': True
}, {
'user': SMock(id=445, name='turtle'),
'package': SMock(creator_user_id=444, owner_org='carrot'),
'role': 'member',
'result': False
}, {
'user': SMock(id=444, name='turtle'),
'package': SMock(creator_user_id=444, owner_org=False),
'role': 'member',
'result': False
}, {
'user': SMock(id=444, name='turtle'),
'package': SMock(creator_user_id=444, owner_org='carrot'),
'role': 'editor',
'result': False
}]
for t in tests:
mock_users_role.return_value = t['role']
assert_equal(user_owns_package_as_member(t['user'], t['package']),
t['result'])
def test_user_owns_package_as_member(self, mock_users_role):
"""Test ckanext.userdatasets.logic.auth.auth.user_owns_package_as_member
Ensure all the possible combination of parameters always lead to the expected
result.
"""
tests = [
{
'user': SMock(id=444, name='turtle'),
'package': SMock(creator_user_id=444, owner_org='carrot'),
'role': 'member',
'result': True
},
{
'user': SMock(id=445, name='turtle'),
'package': SMock(creator_user_id=444, owner_org='carrot'),
'role': 'member',
'result': False
},
{
'user': SMock(id=444, name='turtle'),
'package': SMock(creator_user_id=444, owner_org=False),
'role': 'member',
'result': False
},
{
'user': SMock(id=444, name='turtle'),
'package': SMock(creator_user_id=444, owner_org='carrot'),
'role': 'editor',
'result': False
}
]
for t in tests:
mock_users_role.return_value = t['role']
assert_equal(user_owns_package_as_member(t['user'], t['package']), t['result'])
def package_update(fb, context, data_dict):
user = context['auth_user_obj']
package = get_package_object(context, data_dict)
if user_owns_package_as_member(user, package):
return {'success': True}
return fb(context, data_dict)
def resource_view_create(next_auth, context, data_dict):
'''
:param next_auth:
:param context:
:param data_dict:
'''
user = context['auth_user_obj']
# data_dict provides 'resource_id', while get_resource_object expects 'id'. This is
# not consistent with the rest of the API - so future proof it by catering for both
# cases in case the API is made consistent (one way or the other) later.
if data_dict and 'resource_id' in data_dict:
dc = {
'id': data_dict['resource_id'],
'resource_id': data_dict['resource_id']
}
elif data_dict and 'id' in data_dict:
dc = {
'id': data_dict['id'],
'resource_id': data_dict['id']
}
else:
dc = data_dict
resource = get_resource_object(context, dc)
if user_owns_package_as_member(user, resource.package):
return {
'success': True
}
elif user_is_member_of_package_org(user, resource.package):
return {
'success': False
}
return next_auth(context, data_dict)
def package_update(context, data_dict):
user = context['auth_user_obj']
package = get_package_object(context, data_dict)
if user_owns_package_as_member(user, package):
return {'success': True}
fallback = get_default_auth('update', 'package_update')
return fallback(context, data_dict)
def package_update(context, data_dict):
user = context['auth_user_obj']
package = get_package_object(context, data_dict)
if user_owns_package_as_member(user, package):
return {'success': True}
fallback = get_default_auth('update', 'package_update')
return fallback(context, data_dict)
def resource_create(fb, context, data_dict):
user = context['auth_user_obj']
package = get_package_object(context, data_dict)
if user_owns_package_as_member(user, package):
return {'success': True}
elif user_is_member_of_package_org(user, package):
return {'success': False}
return fb(context, data_dict)
def resource_view_delete(fb, context, data_dict):
user = context['auth_user_obj']
resource_view = get_resource_view_object(context, data_dict)
resource = get_resource_object(context, {'id': resource_view.resource_id})
if user_owns_package_as_member(user, resource.resource_group.package):
return {'success': True}
elif user_is_member_of_package_org(user, resource.resource_group.package):
return {'success': False}
return fb(context, data_dict)
def resource_create(context, data_dict):
user = context['auth_user_obj']
package = get_package_object(context, data_dict)
if user_owns_package_as_member(user, package):
return {'success': True}
elif user_is_member_of_package_org(user, package):
return {'success': False}
fallback = get_default_auth('create', 'resource_create')
return fallback(context, data_dict)
def resource_create(context, data_dict):
user = context['auth_user_obj']
package = get_package_object(context, data_dict)
if user_owns_package_as_member(user, package):
return {'success': True}
elif user_is_member_of_package_org(user, package):
return {'success': False}
fallback = get_default_auth('create', 'resource_create')
return fallback(context, data_dict)
def resource_update(fb, context, data_dict):
user = context['auth_user_obj']
resource = get_resource_object(context, data_dict)
package = resource.resource_group.package
if user_owns_package_as_member(user, package):
return {'success': True}
elif user_is_member_of_package_org(user, package):
return {'success': False}
return fb(context, data_dict)
def resource_view_update(context, data_dict):
user = context['auth_user_obj']
resource_view = get_resource_view_object(context, data_dict)
resource = get_resource_object(context, {'id': resource_view.resource_id})
if user_owns_package_as_member(user, resource.resource_group.package):
return {'success': True}
elif user_is_member_of_package_org(user, resource.resource_group.package):
return {'success': False}
fallback = get_default_auth('update', 'resource_view_update')
return fallback(context, data_dict)
def resource_view_update(context, data_dict):
user = context['auth_user_obj']
resource_view = get_resource_view_object(context, data_dict)
resource = get_resource_object(context, {'id': resource_view.resource_id})
if user_owns_package_as_member(user, resource.package):
return {'success': True}
elif user_is_member_of_package_org(user, resource.package):
return {'success': False}
fallback = get_default_auth('update', 'resource_view_update')
return fallback(context, data_dict)
def package_update(next_auth, context, data_dict):
'''
:param next_auth:
:param context:
:param data_dict:
'''
user = context['auth_user_obj']
package = get_package_object(context, data_dict)
if user_owns_package_as_member(user, package):
return {'success': True}
return next_auth(context, data_dict)
def resource_create(context, data_dict):
user = context['auth_user_obj']
# ckan.logic.auth._get_object() expects 'id', not 'package_id' as key
package_id = data_dict.get('package_id')
data_dict.update({'id': package_id})
package = get_package_object(context, data_dict)
if user_owns_package_as_member(user, package):
return {'success': True}
elif user_is_member_of_package_org(user, package):
return {'success': False}
fallback = get_default_auth('create', 'resource_create')
return fallback(context, data_dict)
def resource_create(context, data_dict):
user = context['auth_user_obj']
# ckan.logic.auth._get_object() expects 'id', not 'package_id' as key
package_id = data_dict.get('package_id')
data_dict.update({'id': package_id})
package = get_package_object(context, data_dict)
if user_owns_package_as_member(user, package):
return {'success': True}
elif user_is_member_of_package_org(user, package):
return {'success': False}
fallback = get_default_auth('create', 'resource_create')
return fallback(context, data_dict)
def resource_view_update(next_auth, context, data_dict):
'''
:param next_auth:
:param context:
:param data_dict:
'''
user = context['auth_user_obj']
resource_view = get_resource_view_object(context, data_dict)
resource = get_resource_object(context, {'id': resource_view.resource_id})
if user_owns_package_as_member(user, resource.package):
return {'success': True}
elif user_is_member_of_package_org(user, resource.package):
return {'success': False}
return next_auth(context, data_dict)
def resource_view_create(context, data_dict):
user = context['auth_user_obj']
# data_dict provides 'resource_id', while get_resource_object expects 'id'. This is not consistent with the rest of
# the API - so future proof it by catering for both cases in case the API is made consistent (one way or the other)
# later.
if data_dict and 'resource_id' in data_dict:
dc = {'id': data_dict['resource_id'], 'resource_id': data_dict['resource_id']}
elif data_dict and 'id' in data_dict:
dc = {'id': data_dict['id'], 'resource_id': data_dict['id']}
else:
dc = data_dict
resource = get_resource_object(context, dc)
if user_owns_package_as_member(user, resource.resource_group.package):
return {'success': True}
elif user_is_member_of_package_org(user, resource.resource_group.package):
return {'success': False}
fallback = get_default_auth('create', 'resource_view_create')
return fallback(context, data_dict)
def resource_view_create(context, data_dict):
user = context['auth_user_obj']
# data_dict provides 'resource_id', while get_resource_object expects 'id'. This is not consistent with the rest of
# the API - so future proof it by catering for both cases in case the API is made consistent (one way or the other)
# later.
if data_dict and 'resource_id' in data_dict:
dc = {'id': data_dict['resource_id'], 'resource_id': data_dict['resource_id']}
elif data_dict and 'id' in data_dict:
dc = {'id': data_dict['id'], 'resource_id': data_dict['id']}
else:
dc = data_dict
resource = get_resource_object(context, dc)
if user_owns_package_as_member(user, resource.package):
return {'success': True}
elif user_is_member_of_package_org(user, resource.package):
return {'success': False}
fallback = get_default_auth('create', 'resource_view_create')
return fallback(context, data_dict)
def resource_create(next_auth, context, data_dict):
'''
:param context:
:param data_dict:
'''
user = context['auth_user_obj']
package = get_package_object(context, {
'id': data_dict['package_id']
})
if user_owns_package_as_member(user, package):
return {
'success': True
}
elif user_is_member_of_package_org(user, package):
return {
'success': False
}
return next_auth(context, data_dict)
def resource_delete(next_auth, context, data_dict):
'''
:param next_auth:
:param context:
:param data_dict:
'''
user = context['auth_user_obj']
resource = get_resource_object(context, data_dict)
package = resource.package
if user_owns_package_as_member(user, package):
return {
'success': True
}
elif user_is_member_of_package_org(user, package):
return {
'success': False
}
return next_auth(context, data_dict)
