def test_update_workflow_acl_people(self):
"""Test PUT workflow with updated ACL."""
data = self.get_workflow_dict()
init_map = {
self.wf_admin_id: WF_ROLES['Admin'],
self.people_ids[0]: WF_ROLES['Workflow Member'],
}
data['workflow']['access_control_list'] = acl_helper.get_acl_list(
init_map)
response = self.api.post(all_models.Workflow, data)
self.assertEqual(response.status_code, 201)
exp_res = {
self.people_ids[0]: WF_ROLES['Admin'],
self.people_ids[1]: WF_ROLES['Admin'],
self.people_ids[2]: WF_ROLES['Workflow Member'],
self.people_ids[3]: WF_ROLES['Workflow Member'],
self.people_ids[4]: WF_ROLES['Workflow Member']
}
workflow = all_models.Workflow.eager_query().one()
put_params = {'access_control_list': acl_helper.get_acl_list(exp_res)}
response = self.api.put(workflow, put_params)
self.assert200(response)
workflow = all_models.Workflow.eager_query().one()
act_res = {
person.id: acl.ac_role_id
for person, acl in workflow.access_control_list
}
self.assertDictEqual(exp_res, act_res)
def test_update_workflow_acl_people(self):
"""Test PUT workflow with updated ACL."""
data = self.get_workflow_dict()
init_map = {
self.wf_admin_id: WF_ROLES['Admin'],
self.people_ids[0]: WF_ROLES['Workflow Member'],
}
data['workflow']['access_control_list'] = acl_helper.get_acl_list(init_map)
response = self.api.post(all_models.Workflow, data)
self.assertEqual(response.status_code, 201)
exp_res = {
self.people_ids[0]: WF_ROLES['Admin'],
self.people_ids[1]: WF_ROLES['Admin'],
self.people_ids[2]: WF_ROLES['Workflow Member'],
self.people_ids[3]: WF_ROLES['Workflow Member'],
self.people_ids[4]: WF_ROLES['Workflow Member']
}
workflow = all_models.Workflow.eager_query().one()
put_params = {'access_control_list': acl_helper.get_acl_list(exp_res)}
response = self.api.put(workflow, put_params)
self.assert200(response)
workflow = all_models.Workflow.eager_query().one()
act_res = {acl.person_id: acl.ac_role_id
for acl in workflow.access_control_list}
self.assertDictEqual(exp_res, act_res)
def test_tg_assignee(self, role_name):
"""Test TaskGroup assignee already has {0} role."""
data = self.get_workflow_dict()
init_acl = {
self.people_ids[0]: WF_ROLES['Admin'],
self.people_ids[1]: WF_ROLES[role_name],
}
data['workflow']['access_control_list'] = acl_helper.get_acl_list(init_acl)
response = self.api.post(all_models.Workflow, data)
self.assertEqual(response.status_code, 201)
data = self.get_task_group_dict(response.json["workflow"])
data["task_group"]["contact"]["id"] = self.people_ids[1]
data["task_group"]["contact"]["href"] = "/api/people/{}".format(
self.people_ids[1])
response = self.api.post(all_models.TaskGroup, data)
self.assertEqual(response.status_code, 201)
workflow = all_models.Workflow.query.one()
task_group = all_models.TaskGroup.query.one()
actual_acl = all_models.AccessControlList.eager_query().filter(
all_models.AccessControlList.person_id == task_group.contact_id,
).all()
self.assertEqual(len(actual_acl), 2)
expected = {
role_name: (workflow.type, workflow.id),
"{} Mapped".format(role_name): (task_group.type, task_group.id)
}
actual = {
acl.ac_role.name: (acl.object_type, acl.object_id)
for acl in actual_acl
}
self.assertDictEqual(expected, actual)
def _create_propagation_acl_test_data(self): # noqa pylint: disable=invalid-name
"""Create objects for Workflow ACL propagation test."""
with freezegun.freeze_time("2017-08-9"):
with factories.single_commit():
workflow = wf_factories.WorkflowFactory(
title='wf1',
unit=all_models.Workflow.WEEK_UNIT,
is_verification_needed=True,
repeat_every=1)
wf_factories.TaskGroupTaskFactory(
title='tgt1',
task_group=wf_factories.TaskGroupFactory(
title='tg1',
context=factories.ContextFactory(),
workflow=workflow
),
# One cycle should be created
start_date=datetime.date(2017, 8, 3),
end_date=datetime.date(2017, 8, 7)
)
self.generator.activate_workflow(workflow)
workflow = all_models.Workflow.query.one()
acl_map = {
self.people_ids[0]: WF_ROLES['Admin'],
self.people_ids[1]: WF_ROLES['Workflow Member'],
self.people_ids[2]: WF_ROLES['Workflow Member'],
}
put_params = {'access_control_list': acl_helper.get_acl_list(acl_map)}
response = self.api.put(workflow, put_params)
self.assert200(response)
def test_task_group_assignee_gets_workflow_member(self): # noqa pylint: disable=invalid-name
"""Test TaskGroup assignee gets WorkflowMember role."""
data = self.get_workflow_dict()
init_acl = {
self.people_ids[0]: WF_ROLES['Admin'],
self.people_ids[1]: WF_ROLES['Workflow Member'],
}
data['workflow']['access_control_list'] = acl_helper.get_acl_list(init_acl)
response = self.api.post(all_models.Workflow, data)
self.assertEqual(response.status_code, 201)
data = self.get_task_group_dict(response.json["workflow"])
data["task_group"]["contact"]["id"] = self.people_ids[2]
data["task_group"]["contact"]["href"] = "/api/people/{}".format(
self.people_ids[2])
response = self.api.post(all_models.TaskGroup, data)
self.assertEqual(response.status_code, 201)
workflow = all_models.Workflow.query.one()
wf_members = [
acp.person.id
for acp in
workflow.acr_name_acl_map["Workflow Member"].access_control_people
]
self.assertIn(self.people_ids[2], wf_members)
def test_tg_assignee(self, role_name):
"""Test TaskGroup assignee already has {0} role."""
data = self.get_workflow_dict()
init_acl = {
self.people_ids[0]: WF_ROLES['Admin'],
self.people_ids[1]: WF_ROLES[role_name],
}
data['workflow']['access_control_list'] = acl_helper.get_acl_list(init_acl)
response = self.api.post(all_models.Workflow, data)
self.assertEqual(response.status_code, 201)
data = self.get_task_group_dict(response.json["workflow"])
data["task_group"]["contact"]["id"] = self.people_ids[1]
data["task_group"]["contact"]["href"] = "/api/people/{}".format(
self.people_ids[1])
response = self.api.post(all_models.TaskGroup, data)
self.assertEqual(response.status_code, 201)
workflow = all_models.Workflow.query.one()
task_group = all_models.TaskGroup.query.one()
ac_people = all_models.AccessControlPerson.query.filter(
all_models.AccessControlPerson.person_id == task_group.contact_id,
).all()
self.assertEqual(len(ac_people), 1)
actual = {
(acp.ac_list.object_type, acp.ac_list.object_id)
for acp in ac_people
}
self.assertIn((workflow.type, workflow.id), actual)
self.assertNotIn((task_group.type, task_group.id), actual)
def test_task_group_assignee_gets_workflow_member(self): # noqa pylint: disable=invalid-name
"""Test TaskGroup assignee gets WorkflowMember role."""
data = self.get_workflow_dict()
init_acl = {
self.people_ids[0]: WF_ROLES['Admin'],
self.people_ids[1]: WF_ROLES['Workflow Member'],
}
data['workflow']['access_control_list'] = acl_helper.get_acl_list(init_acl)
response = self.api.post(all_models.Workflow, data)
self.assertEqual(response.status_code, 201)
data = self.get_task_group_dict(response.json["workflow"])
data["task_group"]["contact"]["id"] = self.people_ids[2]
data["task_group"]["contact"]["href"] = "/api/people/{}".format(
self.people_ids[2])
response = self.api.post(all_models.TaskGroup, data)
self.assertEqual(response.status_code, 201)
workflow = all_models.Workflow.query.one()
task_group = all_models.TaskGroup.query.one()
parent_acl = all_models.AccessControlList.eager_query().filter(
all_models.AccessControlList.person_id == task_group.contact_id,
all_models.AccessControlList.object_type == workflow.type,
all_models.AccessControlList.object_id == workflow.id
).one()
tg_acl = all_models.AccessControlList.eager_query().filter(
all_models.AccessControlList.person_id == task_group.contact_id,
all_models.AccessControlList.object_type == task_group.type,
all_models.AccessControlList.object_id == task_group.id
).one()
self.assertEqual(parent_acl.ac_role.name, "Workflow Member")
self.assertEqual(tg_acl.parent_id, parent_acl.id)
self.assertEqual(tg_acl.ac_role.name, "Workflow Member Mapped")
def create_asmt_with_issue_tracker(self, role_name_to_people,
issue_tracker=None):
"""Create Assessment with issue_tracker parameters and ACL."""
access_control_list = acl_helper.get_acl_list({
person.id: self.roles[role_name].id
for role_name, people in role_name_to_people.iteritems()
for person in people
})
issue_tracker_with_defaults = {
'enabled': True,
'component_id': hash('Default Component id'),
'hotlist_id': hash('Default Hotlist id'),
'issue_type': 'Default Issue type',
'issue_priority': 'Default Issue priority',
'issue_severity': 'Default Issue severity',
}
issue_tracker_with_defaults.update(issue_tracker or {})
_, asmt = self.generator.generate_object(
all_models.Assessment,
data={
'audit': {'id': self.audit.id, 'type': self.audit.type},
'issue_tracker': issue_tracker_with_defaults,
'access_control_list': access_control_list,
}
)
return asmt
def test_task_group_assignee_gets_workflow_member(self): # noqa pylint: disable=invalid-name
"""Test TaskGroup assignee gets WorkflowMember role."""
data = self.get_workflow_dict()
init_acl = {
self.people_ids[0]: WF_ROLES['Admin'],
self.people_ids[1]: WF_ROLES['Workflow Member'],
}
data['workflow']['access_control_list'] = acl_helper.get_acl_list(
init_acl)
response = self.api.post(all_models.Workflow, data)
self.assertEqual(response.status_code, 201)
data = self.get_task_group_dict(response.json["workflow"])
data["task_group"]["contact"]["id"] = self.people_ids[2]
data["task_group"]["contact"]["href"] = "/api/people/{}".format(
self.people_ids[2])
response = self.api.post(all_models.TaskGroup, data)
self.assertEqual(response.status_code, 201)
workflow = all_models.Workflow.query.one()
wf_members = [
acp.person.id for acp in
workflow.acr_name_acl_map["Workflow Member"].access_control_people
]
self.assertIn(self.people_ids[2], wf_members)
def create_asmt_with_issue_tracker(self,
role_name_to_people,
issue_tracker=None):
"""Create Assessment with issue_tracker parameters and ACL."""
access_control_list = acl_helper.get_acl_list({
person.id: self.roles[role_name].id
for role_name, people in role_name_to_people.iteritems()
for person in people
})
issue_tracker_with_defaults = {
"enabled": True,
"component_id": hash("Default Component id"),
"hotlist_id": hash("Default Hotlist id"),
"issue_type": "Default Issue type",
"issue_priority": "Default Issue priority",
"issue_severity": "Default Issue severity",
}
issue_tracker_with_defaults.update(issue_tracker or {})
_, asmt = self.generator.generate_object(
all_models.Assessment,
data={
"audit": {
"id": self.audit.id,
"type": self.audit.type
},
"issue_tracker": issue_tracker_with_defaults,
"access_control_list": access_control_list,
})
return asmt
def _create_propagation_acl_test_data(self): # noqa pylint: disable=invalid-name
"""Create objects for Workflow ACL propagation test."""
with freezegun.freeze_time("2017-08-9"):
with factories.single_commit():
workflow = wf_factories.WorkflowFactory(
title='wf1',
unit=all_models.Workflow.WEEK_UNIT,
is_verification_needed=True,
repeat_every=1)
wf_factories.TaskGroupTaskFactory(
title='tgt1',
task_group=wf_factories.TaskGroupFactory(
title='tg1',
context=factories.ContextFactory(),
workflow=workflow),
# One cycle should be created
start_date=datetime.date(2017, 8, 3),
end_date=datetime.date(2017, 8, 7))
self.generator.activate_workflow(workflow)
workflow = all_models.Workflow.query.one()
acl_map = {
self.people_ids[0]: WF_ROLES['Admin'],
self.people_ids[1]: WF_ROLES['Workflow Member'],
self.people_ids[2]: WF_ROLES['Workflow Member'],
}
put_params = {
'access_control_list': acl_helper.get_acl_list(acl_map)
}
response = self.api.put(workflow, put_params)
self.assert200(response)
def create_asmt_with_issue_tracker(self,
role_name_to_people,
issue_tracker=None):
"""Create Assessment with issue_tracker parameters and ACL."""
access_control_list = acl_helper.get_acl_list({
person.id: self.roles[role_name].id
for role_name, people in role_name_to_people.iteritems()
for person in people
})
issue_tracker_with_defaults = {
'enabled': True,
'component_id': hash('Default Component id'),
'hotlist_id': hash('Default Hotlist id'),
'issue_type': 'Default Issue type',
'issue_priority': 'Default Issue priority',
'issue_severity': 'Default Issue severity',
}
issue_tracker_with_defaults.update(issue_tracker or {})
_, asmt = self.generator.generate_object(
all_models.Assessment,
data={
'audit': {
'id': self.audit.id,
'type': self.audit.type
},
'issue_tracker': issue_tracker_with_defaults,
'access_control_list': access_control_list,
})
return asmt
def test_tg_assignee(self, role_name):
"""Test TaskGroup assignee already has {0} role."""
data = self.get_workflow_dict()
init_acl = {
self.people_ids[0]: WF_ROLES['Admin'],
self.people_ids[1]: WF_ROLES[role_name],
}
data['workflow']['access_control_list'] = acl_helper.get_acl_list(
init_acl)
response = self.api.post(all_models.Workflow, data)
self.assertEqual(response.status_code, 201)
data = self.get_task_group_dict(response.json["workflow"])
data["task_group"]["contact"]["id"] = self.people_ids[1]
data["task_group"]["contact"]["href"] = "/api/people/{}".format(
self.people_ids[1])
response = self.api.post(all_models.TaskGroup, data)
self.assertEqual(response.status_code, 201)
workflow = all_models.Workflow.query.one()
task_group = all_models.TaskGroup.query.one()
ac_people = all_models.AccessControlPerson.query.filter(
all_models.AccessControlPerson.person_id == task_group.contact_id,
).all()
self.assertEqual(len(ac_people), 1)
actual = {(acp.ac_list.object_type, acp.ac_list.object_id)
for acp in ac_people}
self.assertIn((workflow.type, workflow.id), actual)
self.assertNotIn((task_group.type, task_group.id), actual)
def test_task_group_assignee_gets_workflow_member(self): # noqa pylint: disable=invalid-name
"""Test TaskGroup assignee gets WorkflowMember role."""
data = self.get_workflow_dict()
init_acl = {
self.people_ids[0]: WF_ROLES['Admin'],
self.people_ids[1]: WF_ROLES['Workflow Member'],
}
data['workflow']['access_control_list'] = acl_helper.get_acl_list(
init_acl)
response = self.api.post(all_models.Workflow, data)
self.assertEqual(response.status_code, 201)
data = self.get_task_group_dict(response.json["workflow"])
data["task_group"]["contact"]["id"] = self.people_ids[2]
data["task_group"]["contact"]["href"] = "/api/people/{}".format(
self.people_ids[2])
response = self.api.post(all_models.TaskGroup, data)
self.assertEqual(response.status_code, 201)
workflow = all_models.Workflow.query.one()
task_group = all_models.TaskGroup.query.one()
parent_acl = all_models.AccessControlList.eager_query().filter(
all_models.AccessControlList.person_id == task_group.contact_id,
all_models.AccessControlList.object_type == workflow.type,
all_models.AccessControlList.object_id == workflow.id).one()
tg_acl = all_models.AccessControlList.eager_query().filter(
all_models.AccessControlList.person_id == task_group.contact_id,
all_models.AccessControlList.object_type == task_group.type,
all_models.AccessControlList.object_id == task_group.id).one()
self.assertEqual(parent_acl.ac_role.name, "Workflow Member")
self.assertEqual(tg_acl.parent_id, parent_acl.id)
self.assertEqual(tg_acl.ac_role.name, "Workflow Member Mapped")
def test_unassign_workflow_acl(self):
"""Test propagation Workflow ACL roles on person unassigned."""
self._create_propagation_acl_test_data()
with freezegun.freeze_time("2017-08-9"):
workflow = all_models.Workflow.query.one()
acl_map = {
self.people_ids[0]: WF_ROLES['Admin'],
self.people_ids[1]: WF_ROLES['Workflow Member'],
}
put_params = {'access_control_list': acl_helper.get_acl_list(acl_map)}
response = self.api.put(workflow, put_params)
self.assert200(response)
self._check_propagated_acl(2)
def test_unassign_workflow_acl(self):
"""Test propagation Workflow ACL roles on person unassigned."""
self._create_propagation_acl_test_data()
with freezegun.freeze_time("2017-08-9"):
workflow = all_models.Workflow.query.one()
acl_map = {
self.people_ids[0]: WF_ROLES['Admin'],
self.people_ids[1]: WF_ROLES['Workflow Member'],
}
put_params = {'access_control_list': acl_helper.get_acl_list(acl_map)}
response = self.api.put(workflow, put_params)
self.assert200(response)
self._check_propagated_acl(2)
def test_post_workflow_with_acl(self):
"""Test PUT workflow with ACL."""
data = self.get_workflow_dict()
exp_res = {
self.wf_admin_id: WF_ROLES['Admin'],
self.people_ids[0]: WF_ROLES['Admin'],
self.people_ids[1]: WF_ROLES['Workflow Member'],
self.people_ids[2]: WF_ROLES['Workflow Member'],
self.people_ids[3]: WF_ROLES['Workflow Member']
}
data['workflow']['access_control_list'] = acl_helper.get_acl_list(exp_res)
response = self.api.post(all_models.Workflow, data)
self.assertEqual(response.status_code, 201)
workflow = all_models.Workflow.eager_query().one()
act_res = {acl.person_id: acl.ac_role_id
for acl in workflow.access_control_list}
self.assertDictEqual(exp_res, act_res)
def test_post_workflow_with_acl(self):
"""Test PUT workflow with ACL."""
data = self.get_workflow_dict()
exp_res = {
self.wf_admin_id: WF_ROLES['Admin'],
self.people_ids[0]: WF_ROLES['Admin'],
self.people_ids[1]: WF_ROLES['Workflow Member'],
self.people_ids[2]: WF_ROLES['Workflow Member'],
self.people_ids[3]: WF_ROLES['Workflow Member']
}
data['workflow']['access_control_list'] = acl_helper.get_acl_list(exp_res)
response = self.api.post(all_models.Workflow, data)
self.assertEqual(response.status_code, 201)
workflow = all_models.Workflow.eager_query().one()
act_res = {acl.person_id: acl.ac_role_id
for acl in workflow.access_control_list}
self.assertDictEqual(exp_res, act_res)
def test_acl_for_new_related_object(self):
"""Test Workflow ACL propagation for new related objects."""
data = self.get_workflow_dict()
acl_map = {
self.people_ids[0]: WF_ROLES['Admin'],
self.people_ids[1]: WF_ROLES['Workflow Member'],
}
data["workflow"]["access_control_list"] = acl_helper.get_acl_list(acl_map)
data["workflow"]["unit"] = "week"
data["workflow"]["repeat_every"] = 1
response = self.api.post(all_models.Workflow, data)
self.assertEqual(response.status_code, 201)
data = self.get_task_group_dict(response.json["workflow"])
data["task_group"]["contact"]["id"] = self.people_ids[2]
data["task_group"]["contact"]["href"] = "/api/people/{}".format(
self.people_ids[2])
response = self.api.post(all_models.TaskGroup, data)
self.assertEqual(response.status_code, 201)
task_group = all_models.TaskGroup.eager_query().one()
data = self.get_task_dict(task_group)
data["task_group_task"]["start_date"] = "2018-01-04"
data["task_group_task"]["end_date"] = "2018-01-05"
response = self.api.post(all_models.TaskGroupTask, data)
self.assertEqual(response.status_code, 201)
workflow = all_models.Workflow.query.one()
with freezegun.freeze_time("2018-01-05"): # Generate 1 cycle
self.generator.activate_workflow(workflow)
cycle_task = all_models.CycleTaskGroupObjectTask.query.one()
with factories.single_commit():
comment = factories.CommentFactory()
factories.RelationshipFactory(
source=comment,
destination=cycle_task
)
self._check_propagated_acl(2, has_comment=True)
def test_acl_for_new_related_object(self):
"""Test Workflow ACL propagation for new related objects."""
data = self.get_workflow_dict()
acl_map = {
self.people_ids[0]: WF_ROLES['Admin'],
self.people_ids[1]: WF_ROLES['Workflow Member'],
}
data["workflow"]["access_control_list"] = acl_helper.get_acl_list(acl_map)
data["workflow"]["unit"] = "week"
data["workflow"]["repeat_every"] = 1
response = self.api.post(all_models.Workflow, data)
self.assertEqual(response.status_code, 201)
data = self.get_task_group_dict(response.json["workflow"])
data["task_group"]["contact"]["id"] = self.people_ids[2]
data["task_group"]["contact"]["href"] = "/api/people/{}".format(
self.people_ids[2])
response = self.api.post(all_models.TaskGroup, data)
self.assertEqual(response.status_code, 201)
task_group = all_models.TaskGroup.eager_query().one()
data = self.get_task_dict(task_group)
data["task_group_task"]["start_date"] = "2018-01-04"
data["task_group_task"]["end_date"] = "2018-01-05"
response = self.api.post(all_models.TaskGroupTask, data)
self.assertEqual(response.status_code, 201)
workflow = all_models.Workflow.query.one()
with freezegun.freeze_time("2018-01-05"): # Generate 1 cycle
self.generator.activate_workflow(workflow)
cycle_task = all_models.CycleTaskGroupObjectTask.query.one()
with factories.single_commit():
comment = factories.CommentFactory()
factories.RelationshipFactory(
source=comment,
destination=cycle_task
)
self._check_propagated_acl(2, has_comment=True)
def test_tg_assignee(self, role_name):
"""Test TaskGroup assignee already has {0} role."""
data = self.get_workflow_dict()
init_acl = {
self.people_ids[0]: WF_ROLES['Admin'],
self.people_ids[1]: WF_ROLES[role_name],
}
data['workflow']['access_control_list'] = acl_helper.get_acl_list(
init_acl)
response = self.api.post(all_models.Workflow, data)
self.assertEqual(response.status_code, 201)
data = self.get_task_group_dict(response.json["workflow"])
data["task_group"]["contact"]["id"] = self.people_ids[1]
data["task_group"]["contact"]["href"] = "/api/people/{}".format(
self.people_ids[1])
response = self.api.post(all_models.TaskGroup, data)
self.assertEqual(response.status_code, 201)
workflow = all_models.Workflow.query.one()
task_group = all_models.TaskGroup.query.one()
actual_acl = all_models.AccessControlList.eager_query().filter(
all_models.AccessControlList.person_id == task_group.contact_id,
).all()
self.assertEqual(len(actual_acl), 2)
expected = {
role_name: (workflow.type, workflow.id),
"{} Mapped".format(role_name): (task_group.type, task_group.id)
}
actual = {
acl.ac_role.name: (acl.object_type, acl.object_id)
for acl in actual_acl
}
self.assertDictEqual(expected, actual)
