def test_group_lead_inspector_by_submode(submode, mode, org, org_with_people, inspector1, inspector2): # because I can't be bothered making another fixture submode1 = submode # this is Light Rail by the way submode2 = Submode.objects.create( descriptor="Metro Rail", mode=Mode.objects.create(descriptor="Rail")) OrganisationFactory(submode=submode1, lead_inspector=inspector1, deputy_lead_inspector=inspector2) OrganisationFactory(submode=submode1, lead_inspector=inspector1, deputy_lead_inspector=inspector2) OrganisationFactory(submode=submode1, lead_inspector=inspector1, deputy_lead_inspector=inspector2) OrganisationFactory(submode=submode1, lead_inspector=inspector1, deputy_lead_inspector=inspector2) OrganisationFactory(submode=submode2, lead_inspector=inspector2, deputy_lead_inspector=inspector1) OrganisationFactory(submode=submode2, lead_inspector=inspector2, deputy_lead_inspector=inspector1) OrganisationFactory(submode=submode2, lead_inspector=inspector2, deputy_lead_inspector=inspector1) OrganisationFactory(submode=submode2, lead_inspector=inspector2, deputy_lead_inspector=inspector1) # We have two lead inspectors for submode1! org8 = OrganisationFactory(submode=submode1, lead_inspector=inspector2, deputy_lead_inspector=inspector1) orgs = Organisation.objects.filter(submode=submode) leads = [org.lead_inspector for org in orgs] for lead in leads[:3]: assert lead.first_name == "Cyril" for lead in leads[4:]: assert lead.first_name == "Ogilvie" lead_inspectors = inspectors_for_each_mode(lead_type="lead_inspector") deputy_lead_inspectors = inspectors_for_each_mode( lead_type="deputy_lead_inspector") assert lead_inspectors["Light Rail"] == {inspector1, inspector2} assert lead_inspectors["Metro Rail"] == {inspector2} assert deputy_lead_inspectors["Light Rail"] == {inspector2, inspector1} assert deputy_lead_inspectors["Metro Rail"] == {inspector1}
def test_incident_report_create_view(stakeholder_user): org = OrganisationFactory.create() factory = RequestFactory() request = factory.get(f"{org.name}/create-incident-report") request.user = stakeholder_user response = IncidentReportCreateView.as_view()(request, org.slug) assert response.status_code == 200
def test_organisation_by_inspector_view(inspector1, inspector2, client, submode): org = OrganisationFactory(submode=submode, lead_inspector=inspector1, deputy_lead_inspector=inspector2) client.force_login(inspector1) response = client.get( reverse("organisations:list_by_inspector", args=[inspector1.id])) assert response.status_code == 200
def org_with_people(role): org = OrganisationFactory.create( submode=None, name="TEST ORGANISATION", designation_type=3, registered_company_name="Test PLC", comments="NA", ) PersonFactory.create( role=role, job_title="Test Job Title", predecessor=None, organisation__submode=None, organisation=org, ) return org
def test_only_member_of_cct_user_group_can_view_org_list(): OrganisationFactory.create() OrganisationFactory.create() OrganisationFactory.create() group = Group.objects.create(name="cct_user") factory = RequestFactory() user = get_user_model().objects.create_user(username="******", email="*****@*****.**", password="******") user.groups.add(group) org_list_permission = Permission.objects.get(name="Can view organisation") group.permissions.add(org_list_permission) # They get this permisson via the cct_user group assert user.has_perm("organisations.view_organisation")
def test_organisation_list_view(): OrganisationFactory.create() OrganisationFactory.create() OrganisationFactory.create() factory = RequestFactory() user = get_user_model().objects.create_user(username="******", email="*****@*****.**", password="******") # This user needs permission to acccess the list view org_list_permission = Permission.objects.get(name="Can view organisation") assert user.user_permissions.count() == 0 user.user_permissions.add(org_list_permission) assert user.has_perm("organisations.view_organisation") user.save() request = factory.get("/organisations") request.user = user response = OrganisationListView.as_view()(request) assert response.status_code == 200 assert len(response.context_data["organisation_list"]) == 3
def test_oes_list_view(): OrganisationFactory.create(oes=True) OrganisationFactory.create(oes=True) OrganisationFactory.create(oes=True) factory = RequestFactory() user = get_user_model().objects.create_user(username="******", email="*****@*****.**", password="******") # This user needs permission to acccess the list view org_list_permission = Permission.objects.get(name="Can view organisation") assert user.user_permissions.count() == 0 user.user_permissions.add(org_list_permission) assert user.has_perm("organisations.view_organisation") user.save() request = factory.get("/organisations/oes") request.user = user response = oes_list(request) assert response.status_code == 200 html = response.content.decode("utf-8") assert "OES" in html
def org() -> Organisation: return OrganisationFactory()
def test_organisation_factory(): o = OrganisationFactory.build() assert o.name
def populate_db(**kwargs): # We want the fixtures to be created quicker under unit test conditions, # so we can pass in these kwargs to reduce entities created - and omit them # from management command populate script. _org_number = kwargs.get("orgs") _igp_number = kwargs.get("igps") # Groups cct_staff_group = Group.objects.create(name="cct_users") ctrack_permissions = Permission.objects.filter( Q(codename__contains="address") | Q(codename__contains="addresstype") | Q(codename__contains="mode") | Q(codename__contains="organisation") | Q(codename__contains="role") | Q(codename__contains="submode") | Q(codename__contains="person") | Q(codename__contains="applicablesystem") | Q(codename__contains="caf") | Q(codename__contains="documentfile") | Q(codename__contains="filestore") | Q(codename__contains="grading") | Q(codename__contains="engagementtype") | Q(codename__contains="engagementevent") | Q(codename__contains="cafassessment") | Q(codename__contains="cafobjective") | Q(codename__contains="cafprinciple") | Q(codename__contains="cafcontributingoutcome") | Q(codename__contains="cafassessmentoutcomescore") | Q(codename__contains="achievmentlevel") | Q(codename__contains="igp") | Q(codename__contains="stakeholder") | Q(codename__contains="incidentreport")) cct_staff_group.permissions.add(*ctrack_permissions) # Set up some reasonable Modes and SubModes m1 = Mode.objects.create(descriptor="Rail") m2 = Mode.objects.create(descriptor="Maritime") sb1 = Submode.objects.create(descriptor="Light Rail", mode=m1) sb2 = Submode.objects.create(descriptor="Rail Maintenance", mode=m1) sb3 = Submode.objects.create(descriptor="Rail Infrastructure", mode=m1) sb4 = Submode.objects.create(descriptor="International Rail", mode=m1) sb5 = Submode.objects.create(descriptor="Passenger Port", mode=m2) sb6 = Submode.objects.create(descriptor="Freight Port", mode=m2) sb7 = Submode.objects.create(descriptor="Shipping Infrastructure", mode=m2) submodes = [sb1, sb2, sb3, sb4, sb5, sb6, sb7] user = UserFactory.create() # Create 40 Organisation objects if _org_number: orgs = [ OrganisationFactory.create( submode=submodes[randint(0, len(submodes) - 1)]) for org in range(_org_number) ] else: orgs = [ OrganisationFactory.create( submode=submodes[randint(0, len(submodes) - 1)]) for org in range(60) ] # Create Address objects addr_type = AddressType.objects.create(descriptor="Primary Address") for org in orgs: AddressFactory.create(type=addr_type, organisation=org) roles = [ RoleFactory.create() for _ in range(10) ] # because we have a many-to-many relationship with Role, we need to create one and pass it in for org in orgs: PersonFactory.create( role=choice(roles), predecessor=None, organisation__submode=choice(submodes), organisation=org, ) inspector_role = RoleFactory.create(name="Compliance Inspector") # set up some EngagementEvents # noinspection PyUnboundLocalVariable p1 = PersonFactory.create( role=choice(roles), predecessor=None, organisation__submode=choice(submodes), organisation=org, ) p2 = PersonFactory.create( role=choice(roles), predecessor=None, organisation__submode=choice(submodes), organisation=org, ) p3 = PersonFactory.create( role=choice(roles), predecessor=None, organisation__submode=choice(submodes), organisation=org, ) regulator_org = OrganisationFactory.create( submode=None, name="The Regulator", designation_type=3, registered_company_name="The Regulator - HMG", comments="This is the real regulator.", ) inspectors = [ PersonFactory.create( role=inspector_role, job_title="Compliance Inspector", predecessor=None, organisation__submode=None, organisation=regulator_org, ) for _ in range(5) ] inspector_user = get_user_model().objects.create(username="******", name="inspector1") inspector_user.groups.add(cct_staff_group) etf1 = EngagementTypeFactory(descriptor="Information Notice", enforcement_instrument=True) etf2 = EngagementTypeFactory(descriptor="Designation Letter", enforcement_instrument=True) etf3 = EngagementTypeFactory(descriptor="CAF - Received from OES (Egress)", enforcement_instrument=False) EngagementTypeFactory(descriptor="Phone Call", enforcement_instrument=False) EngagementTypeFactory(descriptor="Video Conference", enforcement_instrument=False) EngagementTypeFactory.create(descriptor="Email", enforcement_instrument=False) EngagementTypeFactory.create(descriptor="CAF - Initial Review", enforcement_instrument=False) EngagementTypeFactory.create(descriptor="CAF - Peer Review") EngagementTypeFactory.create(descriptor="CAF - Validation", single_date_type=False) EngagementTypeFactory.create(descriptor="CAF - Sent to Rosa") EngagementTypeFactory.create(descriptor="CAF - Received from OES (USB)") EngagementTypeFactory.create(descriptor="Audit - Onsite") EngagementTypeFactory.create(descriptor="Audit - Offsite") EngagementTypeFactory.create(descriptor="Inspection - Onsite") EngagementTypeFactory.create(descriptor="Inspection - Offsite") EngagementEventFactory.create(type=etf1, user=user, participants=[p1, p2]) EngagementEventFactory.create(type=etf2, user=user, participants=[p3]) # Quality gradings q_descriptors = ["Q1", "Q2", "Q3", "Q4", "Q5"] for g in q_descriptors: GradingFactory.create(descriptor=g, type="QUALITY") # Confidence gradings c_descriptors = ["C1", "C2", "C3", "C4", "C5"] for g in c_descriptors: GradingFactory.create(descriptor=g, type="CONFIDENCE") # File store FileStoreFactory.create(physical_location_organisation=orgs[1]) # Every org gets on CAF and Essential Service for now for org in orgs: # create a CAF _create_caf_app_service(c_descriptors, org, q_descriptors) # CAF submissions - they create EngagementEvents # Get a random CAF _caf = CAF.objects.get(pk=1) # we should have one by now EngagementEventFactory.create(type=etf2, user=user, participants=[inspectors[1], p2], related_caf=_caf) # We want to simulate 4 CAF Objectives c_obj_a = CAFObjective.objects.create( name="Objective A: Managing security risk", description="An important objective to fix the world.", order_id=1, ) c_obj_b = CAFObjective.objects.create( name="Objective B: Protecting Against Cyber Attack", description="An important objective to fix the world.", order_id=2, ) c_obj_c = CAFObjective.objects.create( name="Objective C: Detecting Cyber Security Events", description="An important objective to fix the world.", order_id=3, ) c_obj_d = CAFObjective.objects.create( name="Objective D: Minimising the Impact of Cyber Security Incidents", description="An important objective to fix the world.", order_id=4, ) # For each Objective, let's create four Principles p_a1 = CAFPrinciple.objects.create( caf_objective_id=c_obj_a.id, designation="A1", title="Governance", description="When you don't have Governance, you have nothing.", order_id=1, ) p_a2 = CAFPrinciple.objects.create( caf_objective_id=c_obj_a.id, designation="A2", title="Risk Management", description="Don't take a risk, and don't get nowhere.", order_id=2, ) p_a3 = CAFPrinciple.objects.create( caf_objective_id=c_obj_a.id, designation="A3", title="Asset Management", description="Without assets, you have no raw materials to work with.", order_id=3, ) p_a4 = CAFPrinciple.objects.create( caf_objective_id=c_obj_a.id, designation="A4", title="Supply Chain", description="You need to get your stuff from somewhere.", order_id=4, ) p_b1 = CAFPrinciple.objects.create( caf_objective_id=c_obj_b.id, designation="B1", title="Service Protection & Policies", description= "Put in place the right protections for a future of security.", order_id=1, ) p_b2 = CAFPrinciple.objects.create( caf_objective_id=c_obj_b.id, designation="B2", title="Identity and Access Control", description= "Stop the wrong people getting at your critical assets, okay.", order_id=2, ) p_b3 = CAFPrinciple.objects.create( caf_objective_id=c_obj_b.id, designation="B3", title="Data Security", description="Data is the new oil...", order_id=3, ) p_b4 = CAFPrinciple.objects.create( caf_objective_id=c_obj_b.id, designation="B4", title="System Security", description= "If you have complicated systems, they need some sort of security.", order_id=4, ) p_b5 = CAFPrinciple.objects.create( caf_objective_id=c_obj_b.id, designation="B5", title="Resilience Networks and Systems", description="When all else fails, there is always food to be cooked.", order_id=5, ) p_b6 = CAFPrinciple.objects.create( caf_objective_id=c_obj_b.id, designation="B6", title="Staff Awareness and Training", description= "You must ensure your people are trained and equipped for making a difference.", order_id=6, ) # Only two of these p_c1 = CAFPrinciple.objects.create( caf_objective_id=c_obj_c.id, designation="C1", title="Security Monitoring", description= "Monitoring the bits and pieces is the most important aspect of your life.", order_id=1, ) p_c2 = CAFPrinciple.objects.create( caf_objective_id=c_obj_c.id, designation="C2", title="Proactive Security and Event Discovery", description="If we're not proactive, we will get found out eventually.", order_id=2, ) # Only two of these too p_d1 = CAFPrinciple.objects.create( caf_objective_id=c_obj_d.id, designation="D1", title="Response and Recovery Planning", description="Responding to the security problems since 1999...", order_id=1, ) p_d2 = CAFPrinciple.objects.create( caf_objective_id=c_obj_d.id, designation="D2", title="Improvements", description="Improving all the things.", order_id=2, ) # Based on these principles, it's time to gen some CAFContributingOutcomes cos = [ CAFContributingOutcome.objects.create( designation="A1.a", name="Board Direction", description= "You have forced your Board to listen to your whinging about cyber.", principle_id=p_a1.id, order_id=1, ), CAFContributingOutcome.objects.create( designation="A1.b", name="Roles and Responsibilities", description= "Your elders and betters are impressed and they continue to make money after your project " "implementation.", principle_id=p_a1.id, order_id=2, ), CAFContributingOutcome.objects.create( designation="A1.c", name="Decision-making", description= "If you are forced to participate in the Crystal Maze, you'll choose the coorect path across " "the Gordian runway.", principle_id=p_a1.id, order_id=3, ), CAFContributingOutcome.objects.create( designation="A2.a", name="Risk Management Process", description= "You take mighty risks, but they are mitigated by more sensible people around you - good.", principle_id=p_a2.id, order_id=1, ), CAFContributingOutcome.objects.create( designation="A2.b", name="Assurance", description= "We all make mistakes, but in doing this well you at least have told people what you're doing.", principle_id=p_a2.id, order_id=2, ), CAFContributingOutcome.objects.create( designation="A3.a", name="Asset Management", description= "Taking care of these aspects of corporate life is commensurate with the money-making way.", principle_id=p_a3.id, order_id=1, ), CAFContributingOutcome.objects.create( designation="A4.a", name="Supply Chain", description= "Task your customers to take on all the risk, the debt, the hassle - you're good to go.", principle_id=p_a4.id, order_id=1, ), CAFContributingOutcome.objects.create( designation="B1.a", name="Policy and Process Development", description= "You are getting your process and policy development spot on.", principle_id=p_b1.id, order_id=1, ), CAFContributingOutcome.objects.create( designation="B1.b", name="Policy and Process Information", description= "Differs from the above in a few ways that will be discussed at a later date.", principle_id=p_b1.id, order_id=2, ), CAFContributingOutcome.objects.create( designation="B2.a", name="ID Verification, Authentication and Authorisation", description= "It is very important for people to be able to confirm they they truly are. Underneath.", principle_id=p_b2.id, order_id=1, ), CAFContributingOutcome.objects.create( designation="B2.b", name="Device Management", description= "Your devices, and their safe and sustainable use, is crucuial to the longevity of your " "company.", principle_id=p_b2.id, order_id=2, ), CAFContributingOutcome.objects.create( designation="B2.c", name="Privileged User Mangement", description= "You ensure that even the most privileged members of your senior management are under the " "impression that they exude inequality, in all instances.", principle_id=p_b2.id, order_id=3, ), CAFContributingOutcome.objects.create( designation="B3.a", name="Understanding Data", description= "You, more than anyone else in the organisation, know what your data means to you.", principle_id=p_b3.id, order_id=1, ), CAFContributingOutcome.objects.create( designation="B3.b", name="Data in Transit", description= "You are protecting your data as it moves along the Information Superhighway.", principle_id=p_b3.id, order_id=2, ), CAFContributingOutcome.objects.create( designation="B3.c", name="Stored Data", description= "You have stored your data in accordance with local environment laws.", principle_id=p_b3.id, order_id=3, ), CAFContributingOutcome.objects.create( designation="B3.d", name="Mobile Data", description= "Mobile data is when data moves because it is stored in a moving thing.", principle_id=p_b3.id, order_id=4, ), CAFContributingOutcome.objects.create( designation="B3.e", name="Media/Equipment Sanitisation", description= "You routinely wash and clean the legs and bottom brackets of your server racks.", principle_id=p_b3.id, order_id=5, ), CAFContributingOutcome.objects.create( designation="B4.a", name="Secure by Design", description= "You have designed your systems to be secure and you're sure no one is going to hack " "into them.", principle_id=p_b4.id, order_id=1, ), CAFContributingOutcome.objects.create( designation="B4.b", name="Secure Configuration", description= "When you are able to configure your systems and software well, you can say you have Secure " "Configuration. Only then, mind.", principle_id=p_b4.id, order_id=2, ), CAFContributingOutcome.objects.create( designation="B4.c", name="Secure Management", description= "Somehow this one is different from all the others but I'm not sure how.", principle_id=p_b4.id, order_id=3, ), CAFContributingOutcome.objects.create( designation="B4.d", name="Vulnerability Management", description= "Doing this well means that you are at the top of your vulnerability scale.", principle_id=p_b4.id, order_id=4, ), CAFContributingOutcome.objects.create( designation="B5.a", name="Resilience Preparation", description= "Totally ready for the coming of the cyber apocalyse. You practice this stuff regular.", principle_id=p_b5.id, order_id=1, ), CAFContributingOutcome.objects.create( designation="B5.b", name="Design for Resilience", description="This stuff is built into your very working model.", principle_id=p_b5.id, order_id=2, ), CAFContributingOutcome.objects.create( designation="B5.c", name="Backups", description= "There is nowhere for you to go as a professional if you don't make backups of your data.", principle_id=p_b5.id, order_id=3, ), CAFContributingOutcome.objects.create( designation="B6.a", name="Cyber Security Culture", description= "You're making them understand that this isn't going to go away in a hurry.", principle_id=p_b6.id, order_id=1, ), CAFContributingOutcome.objects.create( designation="B6.b", name="Cyber Security Training", description= "By the way, when youre staff are able to write C code, your company understands buffer " "overflows.", principle_id=p_b6.id, order_id=2, ), CAFContributingOutcome.objects.create( designation="C1.a", name="Monitoring Coverage", description= "At all times, you are vigilent to the threats out there, and ready to tackle them.", principle_id=p_c1.id, order_id=1, ), CAFContributingOutcome.objects.create( designation="C1.b", name="Securing Logs", description= "You might think the are a waste of time, but the Board thinks logging is important.", principle_id=p_c1.id, order_id=2, ), CAFContributingOutcome.objects.create( designation="C1.c", name="Generating Alerts", description= "Boo! There, you coped with it because you're good at this.", principle_id=p_c1.id, order_id=3, ), CAFContributingOutcome.objects.create( designation="C1.d", name="Identifying Security Incidents", description= "You are wary of all the possible things that could go wrong and you have a plan to deal. Well " "done.", principle_id=p_c1.id, order_id=4, ), CAFContributingOutcome.objects.create( designation="C1.e", name="Monitoring Tools and Skills", description= "All these things matter in today's switched on cyber-aware environment.", principle_id=p_c1.id, order_id=5, ), CAFContributingOutcome.objects.create( designation="C2.a", name="System Abnormalities for Attack Detection", description= "Make sure you know how to look for things that mighty wrong on your network.", principle_id=p_c2.id, order_id=1, ), CAFContributingOutcome.objects.create( designation="C2.b", name="Proactive Attack Discovery", description= "When you go out looking for the bad stuff, you usefully find it - " "and you know this in spades.", principle_id=p_c2.id, order_id=2, ), CAFContributingOutcome.objects.create( designation="D1.a", name="Response Plan", description="Yeah, we know it's boring but you've got to have one.", principle_id=p_d1.id, order_id=1, ), CAFContributingOutcome.objects.create( designation="D1.b", name="Response and Recovery Capability", description= "If you can't get back on your feet after you've been beat, where are you, really?", principle_id=p_d1.id, order_id=2, ), CAFContributingOutcome.objects.create( designation="D1.c", name="Testing and Exercising", description= "One of the most important things you should not be forgetting is this.", principle_id=p_d1.id, order_id=3, ), CAFContributingOutcome.objects.create( designation="D2.a", name="Incident Root Cause and Analysis", description= "I guess there are always lessons learned, no matter how we good we are.", principle_id=p_d2.id, order_id=1, ), CAFContributingOutcome.objects.create( designation="D2.b", name="Using Incidents to Drive Improvements", description= "This is the kind of thing that bores us to tears but it simply has to be done.", principle_id=p_d2.id, order_id=2, ), ] achievement_levels = [ AchievementLevel.objects.create(descriptor="Not Achieved", colour_description="Red", colour_hex="#000001"), AchievementLevel.objects.create( descriptor="Partially Achieved", colour_description="Amber", colour_hex="#000002", ), AchievementLevel.objects.create(descriptor="Achieved", colour_description="Green", colour_hex="#000003"), ] for al in achievement_levels: if _igp_number: for co in cos: for igp in range(1, _igp_number): dtext_fake = Faker() fake_txt = f"IGP {igp}/{al.descriptor}/{co.designation}: {dtext_fake.paragraph()}" IGP.objects.create( achievement_level=al, contributing_outcome=co, descriptive_text=fake_txt, ) else: for co in cos: for igp in range(1, random.randint(2, 5)): dtext_fake = Faker() fake_txt = f"IGP {igp}/{al.descriptor}/{co.designation}: {dtext_fake.paragraph()}" IGP.objects.create( achievement_level=al, contributing_outcome=co, descriptive_text=fake_txt, ) # We want to create a CAF with a bunch of scoring now... _caf2 = CAF.objects.get(pk=1) _completer = Person.objects.get(pk=1) caf_assessment = CAFAssessment.objects.create(caf_id=_caf2.id, completer_id=_completer.id, comments="Random Comments") # TODO Need to create as many of these as there are ContributingOutcomes # Create a single CAFSelfAssessmentOutcomeScore for c in cos: CAFAssessmentOutcomeScore.objects.create( caf_assessment_id=caf_assessment.id, caf_contributing_outcome_id=c.id, assessment_score=random.choice( ["Achieved", "Partially Achieved", "Not Achieved"]), baseline_assessment_score=random.choice( ["Achieved", "Partially Achieved", "Not Achieved"]), )