def _create_or_edit_administrator_role(domain): administrator_role = UserRole.by_domain_and_name(domain, 'Administrator') reports_list = [ "corehq.apps.reports.standard.sms.MessageLogReport", "custom.ewsghana.reports.specific_reports.dashboard_report.DashboardReport", "custom.ewsghana.reports.specific_reports.stock_status_report.StockStatus", "custom.ewsghana.reports.specific_reports.reporting_rates.ReportingRatesReport", "custom.ewsghana.reports.maps.EWSMapReport", "custom.ewsghana.reports.email_reports.CMSRMSReport", "custom.ewsghana.reports.email_reports.StockSummaryReport", "custom.ewsghana.comparison_report.ProductsCompareReport", "custom.ewsghana.comparison_report.LocationsCompareReport", "custom.ewsghana.comparison_report.SupplyPointsCompareReport", "custom.ewsghana.comparison_report.WebUsersCompareReport", "custom.ewsghana.comparison_report.SMSUsersCompareReport" ] if administrator_role: permissions = Permissions(edit_web_users=True, edit_commcare_users=True, edit_locations=True, view_reports=False, view_report_list=reports_list) administrator_role[0].permissions = permissions administrator_role[0].save() else: role = UserRole(domain=domain, permissions=Permissions(view_reports=False, edit_web_users=True, edit_commcare_users=True, edit_locations=True, view_report_list=reports_list), name='Administrator') role.save()
def setUpClass(cls): delete_all_users() cls.client = Client() cls.domain = DOMAIN cls.domain_object = Domain(name=cls.domain, is_active=True) cls.domain_object.save() cls.reports_role = UserRole( domain=cls.domain, name='reports-role', default_landing_page='reports', permissions=Permissions(view_reports=True), ) cls.reports_role.save() cls.webapps_role = UserRole( domain=cls.domain, name='webapps-role', default_landing_page='webapps', permissions=Permissions(edit_data=True), ) cls.webapps_role.save() cls.global_password = '******' # make an app because not having one changes the default dashboard redirect to the apps page app = Application.new_app(domain=cls.domain, name='sympathy') app.save()
def _create_or_edit_facility_manager_role(domain): facility_manager_role = UserRole.by_domain_and_name(domain, 'Facility manager') reports_list = [ "corehq.apps.reports.standard.sms.MessageLogReport", "custom.ewsghana.reports.specific_reports.dashboard_report.DashboardReport", "custom.ewsghana.reports.specific_reports.stock_status_report.StockStatus", "custom.ewsghana.reports.specific_reports.reporting_rates.ReportingRatesReport", "custom.ewsghana.reports.maps.EWSMapReport" ] if facility_manager_role: permissions = Permissions( edit_web_users=True, edit_commcare_users=True, view_reports=False, view_report_list=reports_list ) facility_manager_role[0].permissions = permissions facility_manager_role[0].save() else: role = UserRole( domain=domain, permissions=Permissions( view_reports=False, edit_web_users=True, edit_commcare_users=True, view_report_list=reports_list ), name='Facility manager' ) role.save()
def test_dump_roles(self): from corehq.apps.users.models import UserRole, Permissions, RoleAssignableBy, RolePermission expected_object_counts = Counter({ UserRole: 2, RolePermission: 11, RoleAssignableBy: 1 }) role1 = UserRole.create(self.domain_name, 'role1') role2 = UserRole.create(self.domain_name, 'role1', permissions=Permissions(edit_web_users=True), assignable_by=[role1.id]) self.addCleanup(role1.delete) self.addCleanup(role2.delete) self._dump_and_load(expected_object_counts) role1_loaded = UserRole.objects.get(id=role1.id) role2_loaded = UserRole.objects.get(id=role2.id) self.assertEqual(role1_loaded.permissions.to_list(), Permissions().to_list()) self.assertEqual(role1_loaded.assignable_by, []) self.assertEqual(role2_loaded.permissions.to_list(), Permissions(edit_web_users=True).to_list()) self.assertEqual(role2_loaded.assignable_by, [role1_loaded.get_id])
def test_OR(self): p1 = Permissions( edit_web_users=True, view_web_users=True, view_roles=True, view_reports=True, view_report_list=['report1'], ) p2 = Permissions( edit_apps=True, view_apps=True, view_reports=True, view_report_list=['report2'], ) self.assertEqual( p1 | p2, Permissions( edit_apps=True, view_apps=True, edit_web_users=True, view_web_users=True, view_roles=True, view_reports=True, view_report_list=['report1', 'report2'], ))
def setUpClass(cls): super(TestUpdateRoles, cls).setUpClass() cls.linked_app.save() cls.role = UserRole( domain=cls.domain, name='test', permissions=Permissions( edit_data=True, edit_reports=True, view_report_list=[ 'corehq.reports.DynamicReportmaster_report_id' ]), is_non_admin_editable=True, ) cls.role.save() cls.other_role = UserRole( domain=cls.domain, name='other_test', permissions=Permissions( edit_web_users=True, view_locations=True, ), assignable_by=[cls.role.get_id], ) cls.other_role.save()
def setUpClass(cls): super(TestUpdateRoles, cls).setUpClass() permissions = Permissions( edit_data=True, edit_reports=True, view_report_list=['corehq.reports.DynamicReportmaster_report_id']) cls.role = UserRole.create(cls.domain, 'test', permissions, is_non_admin_editable=True) cls.other_role = UserRole.create( cls.domain, 'other_test', Permissions(edit_web_users=True, view_locations=True)) cls.other_role.set_assignable_by([cls.role.id])
def setUpClass(cls): super(TestAccessRestrictions, cls).setUpClass() cls.suffolk_user = WebUser.create(cls.domain, 'suffolk-joe', 'password') cls.suffolk_user.set_location(cls.domain, cls.locations['Suffolk'].couch_location) role = UserRole( domain=cls.domain, name='Regional Supervisor', permissions=Permissions(access_all_locations=False, edit_commcare_users=True), ) role.save() cls.suffolk_user.set_role(cls.domain, role.get_qualified_id()) cls.suffolk_user.save() def make_mobile_worker(username, location): worker = CommCareUser.create(cls.domain, username, '123') worker.set_location(cls.locations[location]) UserESFake.save_doc(worker._doc) return worker cls.boston_worker = make_mobile_worker('boston_worker', 'Boston') cls.cambridge_worker = make_mobile_worker('cambridge_worker', 'Cambridge')
def test_report_fixtures_provider_with_cloudcare(self): """ ReportFixturesProvider should iterate only allowed apps if sync is from cloudcare """ from corehq.apps.userreports.reports.data_source import ConfigurableReportDataSource role = UserRole( domain=self.domain, permissions=Permissions( view_web_apps=False, view_web_apps_list=[self.app1._id] ), name='WebApp Restricted' ) role.save() self.user._couch_user.set_role(self.domain, role.get_qualified_id()) with patch.object(ConfigurableReportDataSource, 'get_data') as get_data_mock: get_data_mock.return_value = self.rows with mock_sql_backend(): with mock_datasource_config(): fixtures = call_fixture_generator( report_fixture_generator, self.user, device_id="WebAppsLogin|[email protected]" ) reports = fixtures[0].findall('.//report') self.assertEqual(len(reports), 1) self.assertEqual(reports[0].attrib.get('id'), '123456')
def create_view(can_edit_reports): rolename = 'edit_role' if can_edit_reports else 'view_role' username = '******' if can_edit_reports else 'viewer' toggles.USER_CONFIGURABLE_REPORTS.set(username, True, toggles.NAMESPACE_USER) # user_role should be deleted along with the domain. user_role = UserRole.create(domain=domain.name, name=rolename, permissions=Permissions( edit_commcare_users=True, view_commcare_users=True, edit_groups=True, view_groups=True, edit_locations=True, view_locations=True, access_all_locations=False, edit_data=True, edit_reports=can_edit_reports, view_reports=True)) web_user = WebUser.create(domain.name, username, '***', None, None) web_user.set_role(domain.name, user_role.get_qualified_id()) web_user.current_domain = domain.name web_user.save() self.addCleanup(web_user.delete, domain.name, deleted_by=None) request = HttpRequest() request.can_access_all_locations = True request.user = web_user.get_django_user() request.couch_user = web_user request.session = {} _, view = self._build_report_and_view(request=request) return view
def restrict_user_to_location(self, user): role = UserRole( domain=self.domain, name='Regional Supervisor', permissions=Permissions(access_all_locations=False), ) role.save() user.set_role(self.domain, role.get_qualified_id())
def setUpTestData(cls): cls.domain = 'my-domain' cls.domain_obj = create_domain(cls.domain) cls.user = cls._create_user(cls.domain) cls.test_role = UserRole.create( cls.domain, 'test role', permissions=Permissions(edit_web_users=True))
def make_role(self, name): role = UserRole( domain=self.domain, name=name, permissions=Permissions(), ) role.save() self.addCleanup(role.delete)
def _change_std_roles(self): for u in self.user_roles: user_role = UserRole.get(u.get_id) user_role.permissions = Permissions(view_reports=True, edit_commcare_users=True, edit_apps=True, edit_data=True) user_role.save()
def _master_role(cls): return UserRole(domain='state', permissions=Permissions( view_web_users=True, edit_web_users=False, view_groups=True, edit_groups=False, ))
def setUpClass(cls): cls.domain = 'export-permissions-test' cls.web_user = WebUser(username='******', domains=[cls.domain]) cls.web_user.domain_memberships = [ DomainMembership(domain=cls.domain, role_id='MYROLE') ] cls.permissions = Permissions()
def test_has_permission_to_view_report_all(self): self.assertFalse( has_permission_to_view_report(self.web_user, self.domain, ODATA_FEED_PERMISSION)) self.permissions = Permissions(view_reports=True) self.assertTrue( has_permission_to_view_report(self.web_user, self.domain, ODATA_FEED_PERMISSION))
def setUpClass(cls): super().setUpClass() delete_all_users() cls.domain_name = 'mydomain' cls.domain = Domain.get_or_create_with_name(name=cls.domain_name) permissions = Permissions(edit_apps=True, view_reports=True) cls.role = UserRole.get_or_create_with_permissions( cls.domain.name, permissions, 'edit-apps')
def setUpClass(cls): super(AllCommCareUsersTest, cls).setUpClass() delete_all_users() hard_delete_deleted_users() cls.ccdomain = Domain(name='cc_user_domain') cls.ccdomain.save() cls.other_domain = Domain(name='other_domain') cls.other_domain.save() UserRole.init_domain_with_presets(cls.ccdomain.name) cls.user_roles = UserRole.by_domain(cls.ccdomain.name) cls.custom_role = UserRole.get_or_create_with_permissions( cls.ccdomain.name, Permissions( edit_apps=True, edit_web_users=True, view_web_users=True, view_roles=True, ), "Custom Role") cls.custom_role.save() cls.ccuser_1 = CommCareUser.create( domain=cls.ccdomain.name, username='******', password='******', email='*****@*****.**', ) cls.ccuser_2 = CommCareUser.create( domain=cls.ccdomain.name, username='******', password='******', email='*****@*****.**', ) cls.ccuser_2.set_role(cls.ccdomain.name, cls.custom_role.get_qualified_id()) cls.ccuser_2.save() cls.web_user = WebUser.create( domain=cls.ccdomain.name, username='******', password='******', email='*****@*****.**', ) cls.ccuser_other_domain = CommCareUser.create( domain=cls.other_domain.name, username='******', password='******', email='*****@*****.**', ) cls.retired_user = CommCareUser.create( domain=cls.ccdomain.name, username='******', password='******', email='*****@*****.**', ) cls.retired_user.retire()
def _master_role(cls): return UserRole( domain='state', permissions=Permissions( view_web_users=True, edit_web_users=False, view_groups=True, edit_groups=False, edit_apps=True, # needed for InternalFixtureResource ))
def restrict_user_to_location(cls, user): role = UserRole( domain=cls.domain, name='Regional Supervisor', permissions=Permissions(edit_commcare_users=True, access_all_locations=False), ) role.save() user.set_role(cls.domain, role.get_qualified_id()) user.save()
def setUpClass(cls): super(PermissionsHelpersTest, cls).setUpClass() cls.domain = 'export-permissions-test' cls.admin_domain = 'export-permissions-test-admin' cls.web_user = WebUser(username='******', domains=[cls.domain, cls.admin_domain]) cls.web_user.domain_memberships = [ DomainMembership(domain=cls.domain, role_id='MYROLE'), DomainMembership(domain=cls.admin_domain, is_admin=True) ] cls.permissions = Permissions()
def __init__(self, domain, couch_user): self.domain = domain self.couch_user = couch_user role = couch_user.get_role(domain, allow_enterprise=True) self._permissions = role.permissions if role else Permissions() self.manageable_slugs = set( self._permissions.manage_data_registry_list) self.can_manage_all = self._permissions.manage_data_registry self.can_manage_some = self.can_manage_all or bool( self.manageable_slugs)
def test_set_permissions_clear_prefetch_cache(self): role = UserRole.create(domain=self.domain, name="test-role", permissions=Permissions()) self.assertEqual(set(role.get_permission_infos()), set(Permissions().to_list())) role_with_prefetch = UserRole.objects.prefetch_related( "rolepermission_set").get(id=role.id) new_permissions = {PermissionInfo(Permissions.access_api.name)} role_with_prefetch.set_permissions(new_permissions) self.assertEqual(set(role_with_prefetch.get_permission_infos()), new_permissions) role_with_prefetch = UserRole.objects.prefetch_related( "rolepermission_set").get(id=role.id) role_with_prefetch.set_permissions([]) self.assertEqual(list(role_with_prefetch.get_permission_infos()), [])
def setUpClass(cls): super().setUpClass() cls.role_with_permission = UserRole.create( cls.domain, 'edit-data', permissions=Permissions(edit_data=True)) cls.role_without_permission = UserRole.create( cls.domain, 'no-edit-data', permissions=Permissions(edit_data=False)) cls.role_with_permission_but_no_api_access = UserRole.create( cls.domain, 'no-api-access', permissions=Permissions(edit_data=True, access_api=False)) cls.domain_admin = WebUser.create(cls.domain, 'domain_admin', cls.password, None, None, is_admin=True) cls.user_with_permission = WebUser.create( cls.domain, 'permission', cls.password, None, None, role_id=cls.role_with_permission.get_id) cls.user_without_permission = WebUser.create( cls.domain, 'no-permission', cls.password, None, None, role_id=cls.role_without_permission.get_id) cls.user_with_permission_but_no_api_access = WebUser.create( cls.domain, 'no-api-access', cls.password, None, None, role_id=cls.role_with_permission_but_no_api_access.get_id, )
def test_deid_permission(self): self.assertFalse(user_can_view_deid_exports(self.domain, self.web_user)) self.permissions = Permissions(view_report_list=[DEID_EXPORT_PERMISSION]) self.assertTrue( self.permissions.has(get_permission_name(Permissions.view_report), data=DEID_EXPORT_PERMISSION)) self.assertTrue( self.web_user.has_permission( self.domain, get_permission_name(Permissions.view_report), data=DEID_EXPORT_PERMISSION) ) self.assertTrue(user_can_view_deid_exports(self.domain, self.web_user))
def test_create_with_custom_role(self): new_user_role = UserRole.get_or_create_with_permissions( self.domain.name, Permissions(edit_apps=True, view_reports=True), 'awesomeness') user_json = deepcopy(self.default_user_json) user_json["role"] = new_user_role.name user_json["is_admin"] = False response = self._assert_auth_post_resource(self.list_endpoint, json.dumps(user_json), content_type='application/json') self.assertEqual(response.status_code, 201) user_back = WebUser.get_by_username("test_1234") self.assertEqual(user_back.role, new_user_role.name) user_back.delete(deleted_by=None)
def setUpClass(cls): super().setUpClass() cls.domain_obj = create_domain(cls.domain) role = UserRole.create(cls.domain, 'edit-data', permissions=Permissions(edit_data=True, access_api=True)) cls.web_user = WebUser.create(cls.domain, 'netflix', 'password', None, None, role_id=role.get_id)
def _create_user(self, edit_data=False, access_api=False): role = UserRole.create(self.domain, 'api-user', permissions=Permissions(edit_data=edit_data, access_api=access_api)) web_user = WebUser.create(self.domain, self.username, self.password, None, None, role_id=role.get_id) self.addCleanup(web_user.delete, None, None) return web_user
def setUpClass(cls): super(TestUpdateRoles, cls).setUpClass() cls.linked_app.save() cls.role = UserRole( domain=cls.domain, name='test', permissions=Permissions( edit_data=True, view_report_list=[ 'corehq.reports.DynamicReportmaster_report_id' ])) cls.role.save()