def test_system_not_updated(self, new, exp_ignored_columns):
"""Test readonly System not updated if new={0}"""
with factories.single_commit():
obj = factories.SystemFactory(title='a', readonly=True)
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Title", "b"),
])
if new is not None:
data["Read-only"] = new
response = self.import_data(data)
self._check_csv_response(response, {
"System": {
"row_warnings": {
errors.READONLY_ACCESS_WARNING.format(
line=3, columns=exp_ignored_columns),
},
}
})
obj = get_model("System").query.one()
self.assertEqual(obj.readonly, True)
self.assertEqual(obj.title, 'a')
def test_403_if_delete_readonly_without_perms(self, obj_type):
"""Test {0} with readonly=True DELETE returns 401
This test ensures that user without permission for the object
cannot obtain value for flag readonly
"""
role_obj = all_models.Role.query.filter(
all_models.Role.name == "Creator").one()
factory = factories.get_model_factory(obj_type)
with factories.single_commit():
# create Global Creator
person = factories.PersonFactory()
person_id = person.id
rbac_factories.UserRoleFactory(role=role_obj, person=person)
# Create object
obj = factory(title='a', readonly=True)
obj_id = obj.id
self.object_generator.api.set_user(
all_models.Person.query.get(person_id))
obj = get_model(obj_type).query.get(obj_id)
resp = self.object_generator.api.delete(obj)
self.assert403(resp)
obj = get_model(obj_type).query.get(obj_id)
self.assertIsNotNone(obj)
def test_readonly_system_not_deleted(self):
"""Test System with readonly=True can be deleted"""
with factories.single_commit():
obj = factories.SystemFactory(title='a', readonly=True)
obj_id = obj.id
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Delete", "yes"),
])
response = self.import_data(data)
self._check_csv_response(
response, {
"System": {
"row_warnings": {
errors.READONLY_ACCESS_WARNING.format(
line=3, columns="'Delete'"),
},
}
})
obj = get_model("System").query.get(obj_id)
self.assertIsNotNone(obj)
def test_system_map_on_post(self, readonly, rel_obj_type):
"""Test mapping on post System with readonly={0}"""
rel_factory = factories.get_model_factory(rel_obj_type)
with factories.single_commit():
rel_obj = rel_factory()
rel_obj_id = rel_obj.id
data = OrderedDict([
("object_type", "System"),
("Code*", ""),
("Admin", "*****@*****.**"),
("Assignee", "*****@*****.**"),
("Verifier", "*****@*****.**"),
("Title", "b"),
("Read-only", readonly),
("map:{}".format(rel_obj_type), rel_obj.slug),
])
response = self.import_data(data)
self._check_csv_response(response, {})
obj = get_model("System").query.filter_by(title="b").one()
rel_ids = list(o.id for o in obj.related_objects([rel_obj_type]))
self.assertIn(rel_obj_id, rel_ids)
def test_403_if_delete_readonly_without_perms(self, obj_type):
"""Test {0} with readonly=True DELETE returns 401
This test ensures that user without permission for the object
cannot obtain value for flag readonly
"""
role_obj = all_models.Role.query.filter(
all_models.Role.name == "Creator").one()
factory = factories.get_model_factory(obj_type)
with factories.single_commit():
# create Global Creator
person = factories.PersonFactory()
person_id = person.id
rbac_factories.UserRoleFactory(role=role_obj, person=person)
# Create object
obj = factory(title='a', readonly=True)
obj_id = obj.id
self.object_generator.api.set_user(all_models.Person.query.get(person_id))
obj = get_model(obj_type).query.get(obj_id)
resp = self.object_generator.api.delete(obj)
self.assert403(resp)
obj = get_model(obj_type).query.get(obj_id)
self.assertIsNotNone(obj)
def _get_import_data(model1, model2, unmap):
"""Returns data for csv import of the respective objects"""
name1 = model1.__name__
name2 = model2.__name__
title1 = utils.title_from_camelcase(name1)
with factories.single_commit():
with mock.patch('ggrc.models.relationship.is_external_app_user',
return_value=True):
obj1 = factories.get_model_factory(name1)()
obj2 = factories.get_model_factory(name2)()
if unmap:
factories.RelationshipFactory(source=obj1,
destination=obj2,
is_external=True)
slug1 = obj1.slug
slug2 = obj2.slug
data_block = [
collections.OrderedDict([
("object_type", name1),
("Code*", slug1),
]),
collections.OrderedDict([
("object_type", name2),
("Code*", slug2),
("{}:{}".format("unmap" if unmap else "map", title1), slug1),
]),
]
return data_block
def test_system_not_updated_as_admin(self):
"""Test readonly System not updated by admin"""
with factories.single_commit():
obj = factories.SystemFactory(title='a', readonly=True)
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Title", "b"),
])
response = self.import_data(data)
self._check_csv_response(
response, {
"System": {
"row_warnings": {
errors.READONLY_ACCESS_WARNING.format(
line=3, columns="'Title'"),
},
}
})
obj = get_model("System").query.one()
self.assertEqual(obj.readonly, True)
self.assertEqual(obj.title, 'a')
def test_readonly_set_by_role(self, role_name, expected_readonly):
"""Test setting Read-only to true under {}."""
role_obj = all_models.Role.query.filter(
all_models.Role.name == role_name).one()
with factories.single_commit():
user = factories.PersonFactory()
rbac_factories.UserRoleFactory(role=role_obj, person=user)
response = self.import_data(OrderedDict([
("object_type", "System"),
("Code*", ""),
("Admin", user.email),
("Assignee", user.email),
("Verifier", user.email),
("Title", "New System"),
("Read-only", True),
]),
person=user)
expected_warning = {
"System": {
"row_warnings": {
errors.NON_ADMIN_ACCESS_ERROR.format(
line=3, object_type="System", column_name="Read-only")
}
}
} if role_name != "Administrator" else {}
self._check_csv_response(response, expected_warning)
obj = all_models.System.query.filter_by(title="New System").first()
self.assertEqual(obj.readonly, expected_readonly)
def test_system_unmap_on_update(self, readonly, rel_obj_type):
"""Test unmapping on update System with readonly={0}"""
rel_factory = factories.get_model_factory(rel_obj_type)
with factories.single_commit():
obj = factories.SystemFactory(title='a', readonly=readonly)
obj_id = obj.id
rel_obj = rel_factory()
rel_obj_id = rel_obj.id
factories.RelationshipFactory(source=obj, destination=rel_obj)
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("unmap:{}".format(rel_obj_type), rel_obj.slug),
])
response = self.import_data(data)
self._check_csv_response(response, {})
obj = get_model("System").query.get(obj_id)
rel_obj = get_model(rel_obj_type).query.get(rel_obj_id)
rel = all_models.Relationship.find_related(obj, rel_obj)
self.assertIsNone(rel)
def test_system_map_on_post(self, readonly, rel_obj_type):
"""Test mapping on post System with readonly={0}"""
rel_factory = factories.get_model_factory(rel_obj_type)
with factories.single_commit():
rel_obj = rel_factory()
rel_obj_id = rel_obj.id
data = OrderedDict([
("object_type", "System"),
("Code*", "CODE"),
("Admin", "*****@*****.**"),
("Assignee", "*****@*****.**"),
("Verifier", "*****@*****.**"),
("Title", "b"),
("Read-only", readonly),
("map:{}".format(rel_obj_type), rel_obj.slug),
])
response = self.import_data(data)
self._check_csv_response(response, {})
obj = get_model("System").query.filter_by(slug="CODE").one()
rel_ids = list(o.id for o in obj.related_objects([rel_obj_type]))
self.assertIn(rel_obj_id, rel_ids)
def test_readonly_unset_by_role(self, role_name, expected_readonly):
"""Test setting Read-only to false under {}."""
role_obj = all_models.Role.query.filter(
all_models.Role.name == role_name).one()
with factories.single_commit():
user = factories.PersonFactory()
system = factories.SystemFactory(readonly=True)
rbac_factories.UserRoleFactory(role=role_obj, person=user)
system.add_person_with_role_name(user, "Admin")
system_slug = system.slug
user_id = user.id
response = self.import_data(
OrderedDict([
("object_type", "System"),
("Code*", system_slug),
("Read-only", "no"),
]),
person=all_models.Person.query.get(user_id))
expected_warning = {
"System": {
"row_warnings": {
errors.NON_ADMIN_ACCESS_ERROR.format(
line=3, object_type="System", column_name="Read-only")
}
}
} if expected_readonly else {}
self._check_csv_response(response, expected_warning)
obj = all_models.System.query.filter_by(slug=system_slug).first()
self.assertEqual(obj.readonly, expected_readonly)
def test_system_unmap_on_update(self, readonly, rel_obj_type):
"""Test unmapping on update System with readonly={0}"""
rel_factory = factories.get_model_factory(rel_obj_type)
with factories.single_commit():
obj = factories.SystemFactory(title='a', readonly=readonly)
obj_id = obj.id
rel_obj = rel_factory()
rel_obj_id = rel_obj.id
factories.RelationshipFactory(source=obj, destination=rel_obj)
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("unmap:{}".format(rel_obj_type), rel_obj.slug),
])
response = self.import_data(data)
self._check_csv_response(response, {})
obj = get_model("System").query.get(obj_id)
rel_obj = get_model(rel_obj_type).query.get(rel_obj_id)
rel = all_models.Relationship.find_related(obj, rel_obj)
self.assertIsNone(rel)
def test_readonly_set_by_role(self, role_name, expected_readonly):
"""Test setting Read-only to true under {}."""
role_obj = all_models.Role.query.filter(
all_models.Role.name == role_name
).one()
with factories.single_commit():
user = factories.PersonFactory()
rbac_factories.UserRoleFactory(role=role_obj, person=user)
response = self.import_data(OrderedDict([
("object_type", "System"),
("Code*", "System-1"),
("Admin", user.email),
("Assignee", user.email),
("Verifier", user.email),
("Title", "New System"),
("Read-only", True),
]), person=user)
expected_warning = {
"System": {
"row_warnings": {
errors.NON_ADMIN_ACCESS_ERROR.format(
line=3,
object_type="System",
column_name="Read-only"
)
}
}
} if role_name != "Administrator" else {}
self._check_csv_response(response, expected_warning)
obj = all_models.System.query.filter_by(slug="System-1").first()
self.assertEqual(obj.readonly, expected_readonly)
def test_not_empty_revisions(self):
"""Test `not_empty_revisions` returns revisions with changes."""
self._turn_on_bg_indexing()
with factories.single_commit():
control = factories.ControlFactory()
edits_count = 3
for _ in range(edits_count):
response = self.api.put(control, {})
self.assert200(response)
all_revisions_count = all_models.Revision.query.filter(
all_models.Revision.resource_type == control.type,
all_models.Revision.resource_id == control.id,
).count()
# Revision also is created when creating an object
self.assertEqual(all_revisions_count, edits_count + 1)
not_empty_revisions = self._get_first_result_set(
{
"object_name": "Revision",
"type": "ids",
"filters": {
"expression": {
"op": {"name": "not_empty_revisions"},
"resource_type": control.type,
"resource_id": control.id,
},
},
},
"Revision",
"ids",
)
self.assertEqual(len(not_empty_revisions), 1)
self._turn_off_bg_indexing()
def test_audit_ok(self):
""" Test an operator on an audit with a non-empty result
Make sure that the operator returns an audit object if the audit has
relations with an issue and an assessment, and doesn't have relations with
other assessments.
"""
with factories.single_commit():
audit = factories.AuditFactory()
issue = factories.IssueFactory()
assessment = factories.AssessmentFactory()
factories.RelationshipFactory(source=assessment, destination=audit)
rel_assmt_issue = factories.RelationshipFactory(source=assessment,
destination=issue)
factories.AutomappingFactory(parent=rel_assmt_issue)
audit_id = audit.id
issue_id = issue.id
assmt_id = assessment.id
resp = self._perform_query(issue_id, assmt_id)
self.assert200(resp)
self.assertEqual(len(resp.json), 1)
self.assertEqual(resp.json[0]["Audit"]["count"], 1)
self.assertEqual(audit_id, resp.json[0]["Audit"]["values"][0]["id"])
def test_audit_bad(self):
""" Test an operator on an audit with an empty result
Make sure that the operator returns an empty result if the audit has
relations with several different assessments.
"""
with factories.single_commit():
audit = factories.AuditFactory()
issue = factories.IssueFactory()
assessment = factories.AssessmentFactory()
factories.RelationshipFactory(source=assessment, destination=audit)
rel_assmt_issue = factories.RelationshipFactory(source=assessment,
destination=issue)
factories.AutomappingFactory(parent=rel_assmt_issue)
other_assessment = factories.AssessmentFactory()
factories.RelationshipFactory(source=audit,
destination=other_assessment)
issue_id = issue.id
assmt_id = assessment.id
resp = self._perform_query(issue_id, assmt_id)
self.assert200(resp)
self.assertEqual(len(resp.json), 1)
self.assertEqual(resp.json[0]["Audit"]["count"], 0)
def test_unmap_people(self, user_role):
"""Test that global reader/creator can't unmap people from program"""
user = self.users[user_role]
with factories.single_commit():
program = factories.ProgramFactory()
mapped_person = factories.ObjectPersonFactory(
personable=program, person=user, context=program.context)
self.api.set_user(user)
db.session.add(mapped_person)
response = self.api.delete(mapped_person)
self.assertEqual(response.status_code, 403)
def test_readonly_searchable(self, test_value, expected_title):
"""Test filtration by readonly attribute"""
with factories.single_commit():
factories.SystemFactory(title="readonly system", readonly=True)
factories.SystemFactory(title="non readonly system")
self.client.get("/login")
actual_systems = self.simple_query(
"System", expression=["readonly", "=", test_value])
self.assertEqual([s.get("title") for s in actual_systems],
[expected_title])
def test_unmap_people(self, user_role):
"""Test that global reader/creator can't unmap people from program"""
user = self.users[user_role]
with factories.single_commit():
program = factories.ProgramFactory()
mapped_person = factories.ObjectPersonFactory(
personable=program, person=user, context=program.context
)
self.api.set_user(user)
db.session.add(mapped_person)
response = self.api.delete(mapped_person)
self.assert403(response)
def test_user_cannot_get_readonly_value_without_perms(self, new):
"""Test readonly System not updated if new={0!r} and user has no perms
This test ensures that user without permission for the object
cannot obtain value for flag readonly
"""
role_obj = all_models.Role.query.filter(
all_models.Role.name == "Creator").one()
with factories.single_commit():
person = factories.PersonFactory()
person_id = person.id
rbac_factories.UserRoleFactory(role=role_obj, person=person)
obj = factories.SystemFactory(title='a', readonly=True)
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Title", "b"),
])
if new is not _NOT_SPECIFIED:
data["Read-only"] = new
response = self.import_data(
data,
person=all_models.Person.query.get(person_id)
)
exp_csv_responsse = {
"System": {
"row_errors": {
errors.PERMISSION_ERROR.format(line=3),
},
}
}
if new is not _NOT_SPECIFIED:
exp_csv_responsse['System']['row_warnings'] = {
errors.NON_ADMIN_ACCESS_ERROR.format(
line=3,
object_type="System",
column_name="Read-only",
),
}
self._check_csv_response(response, exp_csv_responsse)
obj = get_model("System").query.one()
self.assertEqual(obj.readonly, True)
self.assertEqual(obj.title, 'a')
def _create_model(obj_type, cad_map, cavs):
"""Create model and assign CAVs"""
with factories.single_commit():
obj = factories.get_model_factory(obj_type)()
for name, value in cavs.iteritems():
cad = get_model('CustomAttributeDefinition').query.get(cad_map[name])
factories.CustomAttributeValueFactory(
custom_attribute=cad,
attributable=obj,
attribute_value=value,
)
return obj.id
def test_readonly_searchable(self, test_value, expected_title):
"""Test filtration by readonly attribute"""
with factories.single_commit():
factories.SystemFactory(title="readonly system", readonly=True)
factories.SystemFactory(title="non readonly system")
self.client.get("/login")
actual_systems = self.simple_query(
"System",
expression=["readonly", "=", test_value]
)
self.assertEqual(
[s.get("title") for s in actual_systems],
[expected_title]
)
def _create_cads(obj_type, names=('ATTR1', 'ATTR2', 'ATTR3')):
"""Create custom attribute definitions"""
ret = dict()
with factories.single_commit():
for name in names:
obj = factories.CustomAttributeDefinitionFactory(
title=name,
definition_type=obj_type.lower(),
attribute_type="Text",
)
ret[name] = obj.id
return ret
def test_user_cannot_get_readonly_value_without_perms(self, new):
"""Test readonly System not updated if new={0!r} and user has no perms
This test ensures that user without permission for the object
cannot obtain value for flag readonly
"""
role_obj = all_models.Role.query.filter(
all_models.Role.name == "Creator").one()
with factories.single_commit():
person = factories.PersonFactory()
person_id = person.id
rbac_factories.UserRoleFactory(role=role_obj, person=person)
obj = factories.SystemFactory(title='a', readonly=True)
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Title", "b"),
])
if new is not _NOT_SPECIFIED:
data["Read-only"] = new
response = self.import_data(
data, person=all_models.Person.query.get(person_id))
exp_csv_responsse = {
"System": {
"row_errors": {
errors.PERMISSION_ERROR.format(line=3),
},
}
}
if new is not _NOT_SPECIFIED:
exp_csv_responsse['System']['row_warnings'] = {
errors.NON_ADMIN_ACCESS_ERROR.format(
line=3,
object_type="System",
column_name="Read-only",
),
}
self._check_csv_response(response, exp_csv_responsse)
obj = get_model("System").query.one()
self.assertEqual(obj.readonly, True)
self.assertEqual(obj.title, 'a')
def test_delete(self, obj_type, readonly, exp_code, exp_deleted):
"""Test {0} DELETE if readonly={1}"""
factory = factories.get_model_factory(obj_type)
with factories.single_commit():
obj = factory(title='a', readonly=readonly)
obj_id = obj.id
resp = self.object_generator.api.delete(obj)
self.assertStatus(resp, exp_code)
obj = get_model(obj_type).query.get(obj_id)
if exp_deleted:
self.assertIsNone(obj)
else:
self.assertIsNotNone(obj)
def test_put(self, obj_type, current, new, exp_code):
"""Test {0} PUT readonly={2} for current readonly={1}"""
factory = factories.get_model_factory(obj_type)
with factories.single_commit():
obj = factory(title='a', readonly=current)
obj_id = obj.id
data = {'title': 'b'}
if new is not _NOT_SPECIFIED:
data['readonly'] = new
resp = self.object_generator.api.put(obj, data)
self.assertStatus(resp, exp_code)
obj = get_model(obj_type).query.get(obj_id)
self.assertEqual(obj.readonly, current)
def test_put(self, obj_type, current, new, exp_code):
"""Test {0} PUT readonly={2} for current readonly={1}"""
factory = factories.get_model_factory(obj_type)
with factories.single_commit():
obj = factory(title='a', readonly=current)
obj_id = obj.id
data = {'title': 'b'}
if new is not _NOT_SPECIFIED:
data['readonly'] = new
resp = self.object_generator.api.put(obj, data)
self.assertStatus(resp, exp_code)
obj = get_model(obj_type).query.get(obj_id)
self.assertEqual(obj.readonly, current)
def test_system_update_and_unset_readonly_as_admin(self):
"""Test System readonly unset and title updated by admin in same import"""
with factories.single_commit():
obj = factories.SystemFactory(title='a', readonly=True)
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Title", "b"),
("Read-Only", "no"),
])
response = self.import_data(data)
self._check_csv_response(response, {})
obj = get_model("System").query.one()
self.assertEqual(obj.readonly, False)
self.assertEqual(obj.title, 'b')
def test_system_update_and_unset_readonly_as_admin(self):
"""Test System readonly unset and title updated by admin in same import"""
with factories.single_commit():
obj = factories.SystemFactory(title='a', readonly=True)
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Title", "b"),
("Read-Only", "no"),
])
response = self.import_data(data)
self._check_csv_response(response, {})
obj = get_model("System").query.one()
self.assertEqual(obj.readonly, False)
self.assertEqual(obj.title, 'b')
def test_system_update_to_readonly_as_admin(self, new, expected):
"""Test System readonly={1} if new={0}"""
with factories.single_commit():
obj = factories.SystemFactory(title='a', readonly=False)
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Title", "b"),
])
if new is not None:
data["Read-only"] = new
response = self.import_data(data)
self._check_csv_response(response, {})
obj = get_model("System").query.one()
self.assertEqual(obj.readonly, expected)
def test_system_update_to_readonly_as_admin(self, new, expected):
"""Test System readonly={1} if new={0}"""
with factories.single_commit():
obj = factories.SystemFactory(title='a', readonly=False)
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Title", "b"),
])
if new is not None:
data["Read-only"] = new
response = self.import_data(data)
self._check_csv_response(response, {})
obj = get_model("System").query.one()
self.assertEqual(obj.readonly, expected)
def test_relationship_post(self, obj_type, readonly, rel_obj_type, swap,
expected_code):
"""Test PUT relationship {0}.readonly={1}, related object type {2}"""
factory = factories.get_model_factory(obj_type)
rel_factory = factories.get_model_factory(rel_obj_type)
with factories.single_commit():
obj = factory(title='a', readonly=readonly)
rel_obj = rel_factory()
if swap:
source, destination = rel_obj, obj
else:
source, destination = obj, rel_obj
resp, _ = self.object_generator.generate_relationship(
source=source, destination=destination)
self.assertStatus(resp, expected_code)
def test_system_add_comments_on_update(self, readonly, comments,
exp_comments):
"""Test Comment creation {1} on update System with readonly={0}"""
with factories.single_commit():
obj = factories.SystemFactory(title='a', readonly=readonly)
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Comments", ';;'.join(comments)),
])
response = self.import_data(data)
self._check_csv_response(response, {})
obj = get_model("System").query.one()
created_comments = set(comment.description
for comment in obj.related_objects(['Comment']))
self.assertEqual(created_comments, set(exp_comments))
def test_system_add_comments_on_update(self, readonly, comments,
exp_comments):
"""Test Comment creation {1} on update System with readonly={0}"""
with factories.single_commit():
obj = factories.SystemFactory(title='a', readonly=readonly)
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Comments", ';;'.join(comments)),
])
response = self.import_data(data)
self._check_csv_response(response, {})
obj = get_model("System").query.one()
created_comments = set(comment.description
for comment in obj.related_objects(['Comment']))
self.assertEqual(created_comments, set(exp_comments))
def test_relationship_post(self, obj_type, readonly, rel_obj_type, swap,
expected_code):
"""Test PUT relationship {0}.readonly={1}, related object type {2}"""
factory = factories.get_model_factory(obj_type)
rel_factory = factories.get_model_factory(rel_obj_type)
with factories.single_commit():
obj = factory(title='a', readonly=readonly)
rel_obj = rel_factory()
if swap:
source, destination = rel_obj, obj
else:
source, destination = obj, rel_obj
resp, _ = self.object_generator.generate_relationship(
source=source, destination=destination
)
self.assertStatus(resp, expected_code)
def test_system_readonly_invalid_on_update(self):
"""Test System readonly=False on update with invalid data"""
with factories.single_commit():
obj = factories.SystemFactory(title='a', readonly=False)
data = OrderedDict([("object_type", "System"), ("Code*", obj.slug),
("Title", "b"), ("Read-only", "qwerty")])
response = self.import_data(data)
self._check_csv_response(
response, {
"System": {
"row_warnings": {
errors.WRONG_VALUE.format(line=3,
column_name="Read-only")
},
}
})
obj = get_model("System").query.one()
self.assertFalse(obj.readonly)
def test_readonly_system_not_deleted_without_user_perms(self):
"""Test System with readonly=True can be deleted
This test ensures that user without permission for the object
cannot obtain value for flag readonly
"""
role_obj = all_models.Role.query.filter(
all_models.Role.name == "Creator").one()
with factories.single_commit():
person = factories.PersonFactory()
person_id = person.id
rbac_factories.UserRoleFactory(role=role_obj, person=person)
obj = factories.SystemFactory(title='a', readonly=True)
obj_id = obj.id
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Delete", "yes"),
])
response = self.import_data(
data,
person=all_models.Person.query.get(person_id)
)
self._check_csv_response(response, {
"System": {
"row_errors": {
"Line 3: Delete column is temporary disabled, please "
"use web interface to delete current object.",
errors.PERMISSION_ERROR.format(line=3),
},
}
})
obj = get_model("System").query.get(obj_id)
self.assertIsNotNone(obj)
def test_readonly_system_not_deleted_without_user_perms(self):
"""Test System with readonly=True can be deleted
This test ensures that user without permission for the object
cannot obtain value for flag readonly
"""
role_obj = all_models.Role.query.filter(
all_models.Role.name == "Creator").one()
with factories.single_commit():
person = factories.PersonFactory()
person_id = person.id
rbac_factories.UserRoleFactory(role=role_obj, person=person)
obj = factories.SystemFactory(title='a', readonly=True)
obj_id = obj.id
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Delete", "yes"),
])
response = self.import_data(
data,
person=all_models.Person.query.get(person_id)
)
self._check_csv_response(response, {
"System": {
"row_errors": {
"Line 3: Delete column is temporary disabled, please "
"use web interface to delete current object.",
errors.PERMISSION_ERROR.format(line=3),
},
}
})
obj = get_model("System").query.get(obj_id)
self.assertIsNotNone(obj)
def test_system_readonly_invalid_on_update(self):
"""Test System readonly=False on update with invalid data"""
with factories.single_commit():
obj = factories.SystemFactory(title='a', readonly=False)
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Title", "b"),
("Read-only", "qwerty")
])
response = self.import_data(data)
self._check_csv_response(response, {
"System": {
"row_warnings": {
errors.WRONG_VALUE.format(line=3, column_name="Read-only")
},
}
})
obj = get_model("System").query.one()
self.assertFalse(obj.readonly)
def test_readonly_add_folder_with_global_role(self, obj_type, role_name,
expected_status):
"""Test add_folder read-only {0} by user with global role {1}"""
role_obj = all_models.Role.query.filter(
all_models.Role.name == role_name).one()
factory = factories.get_model_factory(obj_type)
with factories.single_commit():
obj_id = factory(folder="a", readonly=True).id
person = factories.PersonFactory()
rbac_factories.UserRoleFactory(role=role_obj, person=person)
person_id = person.id
self.api.set_user(all_models.Person.query.get(person_id))
response = self.api.client.post(
self.PATH_ADD_FOLDER, content_type="application/json",
data=self._get_request_data(obj_type, obj_id, folder="b"))
self.assertStatus(response, expected_status)
obj = get_model(obj_type).query.get(obj_id)
self.assertEqual(obj.folder, "a")
def test_delete(self, obj_type, is_external, readonly, exp_code,
exp_deleted):
"""Test {0} DELETE if readonly={1}"""
factory = factories.get_model_factory(obj_type)
with factories.single_commit():
obj = factory(title='a', readonly=readonly)
obj_id = obj.id
if is_external:
self.object_generator.api.login_as_external()
else:
self.object_generator.api.login_as_normal()
obj = get_model(obj_type).query.get(obj_id)
resp = self.object_generator.api.delete(obj)
self.assertStatus(resp, exp_code)
obj = get_model(obj_type).query.get(obj_id)
if exp_deleted:
self.assertIsNone(obj)
else:
self.assertIsNotNone(obj)
def test_readonly_remove_folder_with_global_role(self, obj_type, role_name,
expected_status):
"""Test remove_folder read-only {0} by user with global role {1}"""
role_obj = all_models.Role.query.filter(
all_models.Role.name == role_name).one()
factory = factories.get_model_factory(obj_type)
with factories.single_commit():
obj_id = factory(folder="a", readonly=True).id
person = factories.PersonFactory()
rbac_factories.UserRoleFactory(role=role_obj, person=person)
person_id = person.id
self.api.set_user(all_models.Person.query.get(person_id))
response = self.api.client.post(
self.PATH_REMOVE_FOLDER, content_type="application/json",
data=self._get_request_data(obj_type, obj_id, folder="a"))
self.assertStatus(response, expected_status)
obj = get_model(obj_type).query.get(obj_id)
self.assertEqual(obj.folder, "a")
def test_readonly_update_by_role(self, role, old_readonly, new_readonly):
"""Test updating readonly attribute from {1} to {2}."""
role_obj = all_models.Role.query.filter(
all_models.Role.name == role
).one()
with factories.single_commit():
user = factories.PersonFactory()
system = factories.SystemFactory(readonly=old_readonly)
rbac_factories.UserRoleFactory(role=role_obj, person=user)
system.add_person_with_role_name(user, "Admin")
response = self.import_data(OrderedDict([
("object_type", "System"),
("Code*", system.slug),
("Admin", user.email),
("Read-only", new_readonly),
]), person=user)
expected_message = {
"System": {
"row_warnings": {
errors.NON_ADMIN_ACCESS_ERROR.format(
line=3,
column_name="Read-only",
object_type="System",
)
}
}
} if role != "Administrator" else {}
self._check_csv_response(response, expected_message)
obj = all_models.System.query.get(system.id)
self.assertEqual(
obj.readonly,
new_readonly if role == "Administrator" else old_readonly
)
def test_unmap_objects(self, model1, model2):
"""Test deprecated unmapping between {0.__name__} and {1.__name__}
"""
name1 = model1.__name__
name2 = model2.__name__
title1 = title_from_camelcase(name1)
with factories.single_commit():
with mock.patch('ggrc.models.relationship.is_external_app_user',
return_value=True):
obj1 = factories.get_model_factory(name1)()
obj2 = factories.get_model_factory(name2)()
factories.RelationshipFactory(source=obj1,
destination=obj2,
is_external=True)
slug1 = obj1.slug
slug2 = obj2.slug
data_block = [
OrderedDict([
("object_type", name1),
("Code*", slug1),
]),
OrderedDict([
("object_type", name2),
("Code*", slug2),
("unmap:{}".format(title1), slug1),
]),
]
response = self.import_data(*data_block)
# Check that mapping is not added
self.assertEqual(len(response[1]['row_warnings']), 1)
self.assertIn(
u'Line 7: You do not have the necessary permissions to unmap',
response[1]['row_warnings'][0])
def test_readonly_update_by_role(self, role, old_readonly, new_readonly):
"""Test updating readonly attribute from {1} to {2} as {0}."""
role_obj = all_models.Role.query.filter(
all_models.Role.name == role
).one()
with factories.single_commit():
user = factories.PersonFactory()
system = factories.SystemFactory(readonly=old_readonly)
rbac_factories.UserRoleFactory(role=role_obj, person=user)
system.add_person_with_role_name(user, "Admin")
response = self.import_data(OrderedDict([
("object_type", "System"),
("Code*", system.slug),
("Admin", user.email),
("Read-only", new_readonly),
]), person=user)
expected_message = {
"System": {
"row_warnings": {
errors.NON_ADMIN_ACCESS_ERROR.format(
line=3,
column_name="Read-only",
object_type="System",
)
}
}
} if role != "Administrator" else {}
self._check_csv_response(response, expected_message)
obj = all_models.System.query.get(system.id)
self.assertEqual(
obj.readonly,
new_readonly if role == "Administrator" else old_readonly
)
def test_system_not_updated_as_admin(self):
"""Test readonly System not updated by admin"""
with factories.single_commit():
obj = factories.SystemFactory(title='a', readonly=True)
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Title", "b"),
])
response = self.import_data(data)
self._check_csv_response(response, {
"System": {
"row_warnings": {
errors.READONLY_ACCESS_WARNING.format(
line=3, columns="'Title'"),
},
}
})
obj = get_model("System").query.one()
self.assertEqual(obj.readonly, True)
self.assertEqual(obj.title, 'a')
def test_system_add_document_on_update(self, readonly, exp_set):
"""Test Reference URL set on update System with readonly={0}"""
with factories.single_commit():
obj = factories.SystemFactory(title='a', readonly=readonly)
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Reference URL", "aa"),
])
if exp_set:
dct = {}
else:
dct = {
"System": {
"row_warnings": {
errors.READONLY_ACCESS_WARNING.format(
line=3, columns="'Reference URL'"),
},
}
}
response = self.import_data(data)
self._check_csv_response(response, dct)
obj = get_model("System").query.one()
docs = obj.documents_reference_url
if exp_set:
self.assertEqual(len(docs), 1)
doc = docs[0]
self.assertEqual(doc.link, "aa")
else:
self.assertEqual(len(docs), 0)
def test_unmap_objects(self, model1, model2):
"""Test deprecated unmapping between {0.__name__} and {1.__name__}
"""
name1 = model1.__name__
name2 = model2.__name__
title1 = title_from_camelcase(name1)
with factories.single_commit():
with mock.patch('ggrc.models.relationship.is_external_app_user',
return_value=True):
obj1 = factories.get_model_factory(name1)()
obj2 = factories.get_model_factory(name2)()
factories.RelationshipFactory(source=obj1, destination=obj2,
is_external=True)
slug1 = obj1.slug
slug2 = obj2.slug
data_block = [
OrderedDict([
("object_type", name1),
("Code*", slug1),
]),
OrderedDict([
("object_type", name2),
("Code*", slug2),
("unmap:{}".format(title1), slug1),
]),
]
response = self.import_data(*data_block)
# Check that mapping is not added
self.assertEqual(len(response[1]['row_warnings']), 1)
self.assertIn(
u'Line 7: You do not have the necessary permissions to unmap',
response[1]['row_warnings'][0])
def test_readonly_unset_by_role(self, role_name, expected_readonly):
"""Test setting Read-only to false under {}."""
role_obj = all_models.Role.query.filter(
all_models.Role.name == role_name
).one()
with factories.single_commit():
user = factories.PersonFactory()
system = factories.SystemFactory(readonly=True)
rbac_factories.UserRoleFactory(role=role_obj, person=user)
system.add_person_with_role_name(user, "Admin")
system_slug = system.slug
user_id = user.id
response = self.import_data(OrderedDict([
("object_type", "System"),
("Code*", system_slug),
("Read-only", "no"),
]), person=all_models.Person.query.get(user_id))
expected_warning = {
"System": {
"row_warnings": {
errors.NON_ADMIN_ACCESS_ERROR.format(
line=3,
object_type="System",
column_name="Read-only"
)
}
}
} if expected_readonly else {}
self._check_csv_response(response, expected_warning)
obj = all_models.System.query.filter_by(slug=system_slug).first()
self.assertEqual(obj.readonly, expected_readonly)
def test_readonly_system_not_deleted(self):
"""Test System with readonly=True can be deleted"""
with factories.single_commit():
obj = factories.SystemFactory(title='a', readonly=True)
obj_id = obj.id
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Delete", "yes"),
])
response = self.import_data(data)
self._check_csv_response(response, {
"System": {
"row_warnings": {
errors.READONLY_ACCESS_WARNING.format(line=3,
columns="'Delete'"),
},
}
})
obj = get_model("System").query.get(obj_id)
self.assertIsNotNone(obj)
def test_system_add_document_on_update(self, readonly, exp_set):
"""Test Reference URL set on update System with readonly={0}"""
with factories.single_commit():
obj = factories.SystemFactory(title='a', readonly=readonly)
data = OrderedDict([
("object_type", "System"),
("Code*", obj.slug),
("Reference URL", "aa"),
])
if exp_set:
dct = {}
else:
dct = {
"System": {
"row_warnings": {
errors.READONLY_ACCESS_WARNING.format(
line=3, columns="'Reference URL'"),
},
}
}
response = self.import_data(data)
self._check_csv_response(response, dct)
obj = get_model("System").query.one()
docs = obj.documents_reference_url
if exp_set:
self.assertEqual(len(docs), 1)
doc = docs[0]
self.assertEqual(doc.link, "aa")
else:
self.assertEqual(len(docs), 0)
