コード例 #1
0
 def testGetAccessibleDomains(self):
     privileged = test_utils.SetupUser(test_utils.Login('privileged'))
     outsider = test_utils.SetupUser(test_utils.Login('outsider'))
     with test_utils.RootLogin():
         perms.Grant('privileged', perms.Role.DOMAIN_REVIEWER,
                     'domain-rev.com')
         perms.Grant('privileged', perms.Role.MAP_CREATOR,
                     'map-creator.com')
         perms.Grant('privileged', perms.Role.CATALOG_EDITOR,
                     'catalog-editor.com')
         perms.Grant('privileged', perms.Role.DOMAIN_ADMIN,
                     'domain-admin.com')
         self.assertRaises(ValueError, perms.GetAccessibleDomains, outsider,
                           'not-a-domain-role')
         self.assertEquals({'domain-admin.com'},
                           perms.GetAccessibleDomains(
                               privileged, perms.Role.DOMAIN_ADMIN))
         self.assertEquals({'domain-admin.com', 'catalog-editor.com'},
                           perms.GetAccessibleDomains(
                               privileged, perms.Role.CATALOG_EDITOR))
         self.assertEquals(
             {'domain-admin.com', 'catalog-editor.com', 'map-creator.com'},
             perms.GetAccessibleDomains(privileged, perms.Role.MAP_CREATOR))
         self.assertEquals(
             {
                 'domain-admin.com', 'catalog-editor.com',
                 'map-creator.com', 'domain-rev.com'
             },
             perms.GetAccessibleDomains(privileged,
                                        perms.Role.DOMAIN_REVIEWER))
コード例 #2
0
    def testSharePostSuccess(self):
        """Shares the map with another person successfully."""
        user1 = test_utils.SetupUser(test_utils.Login('owner'))
        user4 = test_utils.SetupUser(test_utils.Login('friend'))
        expected_url = 'http://app.com/root/.maps/' + self.m.id

        self.mox.StubOutWithMock(mail, 'send_mail')
        for role in ['MAP_VIEWER', 'MAP_EDITOR', 'MAP_OWNER']:
            mail.send_mail(
                user1.email, user4.email,
                mox.Func(lambda subject: self.m.title in subject),
                mox.Func(
                    lambda body: MESSAGE in body and expected_url in body))

        self.mox.ReplayAll()
        for role in ['MAP_VIEWER', 'MAP_EDITOR', 'MAP_OWNER']:
            with test_utils.Login('owner'):
                self.DoPost(
                    '/.share/' + self.m.id,
                    'role=%s&recipient=%s&message=%s&xsrf_token=XSRF' %
                    (role, user4.email, MESSAGE))
                # Refetch map because the object changed underneath.
                model.Map.Get(self.m.id).AssertAccess(role, user4)

        self.mox.VerifyAll()
コード例 #3
0
    def testSharePostFailureMissingParameter(self):
        """Sharing should fail if the role or recipient parameter is missing."""
        # Try with missing recipient email.
        with test_utils.Login('owner'):
            self.DoPost('/.share/%s' % self.m.id,
                        'role=MAP_VIEWER&xsrf_token=XSRF', 400)

        # Try with missing role.
        with test_utils.Login('owner'):
            self.DoPost('/.share/%s' % self.m.id,
                        '[email protected]&xsrf_token=XSRF', 400)
コード例 #4
0
    def testGetWithReviewed(self):
        model.CrowdReport.MarkAsReviewed(self.cr1.id)
        with test_utils.Login('reviewer'):
            response = self.DoGet('/.maps/%s/review' % self.map_id)
            self.assertFalse(self.cr1.id in response.body)
            self.assertTrue(self.cr2.id in response.body)

        with test_utils.Login('reviewer'):
            response = self.DoGet('/.maps/%s/review?reviewed=true' %
                                  self.map_id)
            self.assertTrue(self.cr1.id in response.body)
            self.assertTrue(self.cr2.id in response.body)
コード例 #5
0
    def testGetWithHidden(self):
        model.CrowdVote.Put(self.cr1.id, 'voter1', 'ANONYMOUS_DOWN')
        model.CrowdVote.Put(self.cr1.id, 'voter2', 'ANONYMOUS_DOWN')
        with test_utils.Login('reviewer'):
            response = self.DoGet('/.maps/%s/review' % self.map_id)
            self.assertTrue(self.cr1.id in response.body)
            self.assertTrue(self.cr2.id in response.body)

        with test_utils.Login('reviewer'):
            response = self.DoGet('/.maps/%s/review?hidden=true' % self.map_id)
            self.assertTrue(self.cr1.id in response.body)
            self.assertFalse(self.cr2.id in response.body)
コード例 #6
0
ファイル: api_test.py プロジェクト: zestyping/googlecrisismap 
 def testPostMap(self):
     """Posts a new version of a map."""
     map_root = {'id': self.map.id, 'stuff': [0, 1]}
     with test_utils.Login('editor'):
         self.DoPost('/.api/maps/' + self.map.id, {
             'json': json.dumps(map_root),
             'xsrf_token': 'XSRF'
         })
     # Now we refetch the map because the object changed underneath us.
     with test_utils.Login('viewer'):
         # Verify that the edited content was saved properly.
         map_object = model.Map.Get(self.map.id)
         self.assertEquals(map_root, map_object.map_root)
コード例 #7
0
    def testLoginAccessList(self):
        """Ensures that the login_access_list config setting is enforced."""
        config.Set('login_access_list', ['*****@*****.**', '*****@*****.**'])

        _, response = self.RunTestHandler('GET', '/test', 302)
        self.assertRegexpMatches(response.headers['Location'], r'/\.login')

        with test_utils.Login('1'):
            _, response = self.RunTestHandler('GET', '/test', 200)
            self.assertEquals('test', response.body)

        with test_utils.Login('7'):
            _, response = self.RunTestHandler('GET', '/test', 403)
            self.assertTrue("you don't have permission" in response.body)
コード例 #8
0
    def testPostMarkAsReviewed(self):
        with test_utils.Login('reviewer'):
            self.DoPost(
                '/.maps/%s/review' % self.map_id,
                'xsrf_token=XSRF&accept=%s&accept=%s' %
                (self.cr1.id, self.cr2.id))
            self.assertTrue(model.CrowdReport.Get(self.cr1.id).reviewed)
            self.assertTrue(model.CrowdReport.Get(self.cr2.id).reviewed)

        # Both reports get marked as reviewed and should not show up by default
        # on the review page
        with test_utils.Login('reviewer'):
            response = self.DoGet('/.maps/%s/review' % self.map_id)
            self.assertFalse(self.cr1.id in response.body)
            self.assertFalse(self.cr2.id in response.body)
コード例 #9
0
 def testRevoke(self):
     subject, role, target = 'subject', perms.Role.CATALOG_EDITOR, 'xyz.com'
     perms.Grant(subject, role, target)
     with test_utils.Login('subject'):
         self.assertTrue(perms.CheckAccess(role, target))
         perms.Revoke(subject, role, target)
         self.assertFalse(perms.CheckAccess(role, target))
コード例 #10
0
 def testGetWithReportId(self):
     cr_id = self.cr1.id
     with test_utils.Login('reviewer'):
         response = self.DoGet('/.maps/%s/review?id=%s' %
                               (self.map_id, cr_id))
     self.assertTrue(self.cr1.id in response.body)
     self.assertFalse(self.cr2.id in response.body)
コード例 #11
0
    def testPost(self):
        """Tests the Prefs POST handler."""
        with test_utils.Login('test'):
            # The first request of any kind should store the UserModel entity, but
            # requests should not affect the preference flags unless save_keys is set.
            self.DoPost('/.prefs', 'marketing_consent=on&xsrf_token=XSRF')
            self.assertFalse(users.Get('test').marketing_consent_answered)

            # save_keys indicates which keys to save, even if the POST data doesn't
            # contain a particular key's name because its checkbox is off.
            self.DoPost('/.prefs',
                        'save_keys=marketing_consent&xsrf_token=XSRF')
            self.assertFalse(users.Get('test').marketing_consent)
            self.assertTrue(users.Get('test').marketing_consent_answered)

            # With no save_keys, there should be no effect.
            self.DoPost('/.prefs', 'marketing_consent=on&xsrf_token=XSRF')
            self.assertFalse(users.Get('test').marketing_consent)
            self.assertTrue(users.Get('test').marketing_consent_answered)

            # With save_keys, this should turn marketing_consent on.
            self.DoPost(
                '/.prefs', 'save_keys=marketing_consent'
                '&marketing_consent=on&xsrf_token=XSRF')
            self.assertTrue(users.Get('test').marketing_consent)
            self.assertTrue(users.Get('test').marketing_consent_answered)
コード例 #12
0
 def testSharePostFailureInvalidId(self):
     """Sharing should fail if the map ID is invalid."""
     with test_utils.Login('owner'):
         self.DoPost(
             '/.share/xxx',
             'role=MAP_VIEWER&[email protected]&xsrf_token=XSRF',
             404)
コード例 #13
0
 def testSharePostFailureNotOwner(self):
     """Non-owners of a map should not be able to share it."""
     with test_utils.Login('editor'):
         self.DoPost(
             '/.share/' + self.m.id,
             'role=MAP_VIEWER&[email protected]&xsrf_token=XSRF',
             403)
コード例 #14
0
 def testPost(self):
     """Tests the Publish handler."""
     with test_utils.Login('owner'):
         self.DoPost('/xyz.com/.publish',
                     'label=abc&map=%s&xsrf_token=XSRF' % self.map_id)
     entry = model.CatalogEntry.Get('xyz.com', 'abc')
     self.assertEquals(self.map_id, entry.map_id)
     self.assertFalse(entry.is_listed)
コード例 #15
0
 def testGetWithComplexSearch(self):
     with test_utils.Login('reviewer'):
         response = self.DoGet(
             '/.maps/%s/review?query=%s' %
             (self.map_id,
              urllib.quote('here author:"http://foo.com/abc"')))
     self.assertFalse(self.cr1.id in response.body)
     self.assertTrue(self.cr2.id in response.body)
コード例 #16
0
 def testGetPublishedMap(self):
     model.CatalogEntryModel(key_name='xyz.com:zz',
                             domain='xyz.com',
                             label='zz',
                             title='Map 1',
                             map_id=self.map_id).put()
     with test_utils.Login('reviewer'):
         self.DoGet('/xyz.com/zz/review')
コード例 #17
0
 def testInvalidLabels(self):
     """Tests to makes sure invalid labels don't get published."""
     with test_utils.Login('owner'):
         for label in ['', '!', 'f#oo', '?a', 'qwerty!', '9 3']:
             self.DoPost(
                 '/xyz.com/.publish',
                 'label=%s&map=%s&xsrf_token=XSRF' % (label, self.map_id),
                 400)
コード例 #18
0
  def testModify(self):
    # Overwriting a domain should require DOMAIN_ADMIN access.
    self.assertTrue(domains.Domain.Get('xyz.com'))
    self.assertRaises(perms.AuthorizationError, domains.Domain.Put, 'xyz.com')

    # After Put(), the domain should come back with the new values.
    perms.Grant('manager', perms.Role.DOMAIN_ADMIN, 'xyz.com')
    with test_utils.Login('manager'):
      domains.Domain.Put('xyz.com', default_label='fancy-map',
                         has_sticky_catalog_entries=True,
                         initial_domain_role=perms.Role.MAP_EDITOR)
    self.AssertDomain('xyz.com', 'fancy-map', True, perms.Role.MAP_EDITOR)
    # TODO(kpy): Check that DOMAIN_CREATED is not logged in this case.

    # Specifying just one property should leave the rest unchanged.
    with test_utils.Login('manager'):
      domains.Domain.Put('xyz.com', default_label='another-map')
    self.AssertDomain('xyz.com', 'another-map', True, perms.Role.MAP_EDITOR)
コード例 #19
0
 def testGet_WithPermissions(self):
   with test_utils.Login('manager'):
     response = self.DoGet('/xyz.com/.admin')
   # All users with any kind of permissions should be present
   self.assertTrue('*****@*****.**' in response.body)
   self.assertTrue('*****@*****.**' in response.body)
   self.assertTrue('*****@*****.**' in response.body)
   # Navigation bar should be present; "cm-navbar" is the class of its div.
   self.assertTrue('cm-navbar' in response.body)
コード例 #20
0
 def testRemove(self):
     """Tests removal of a catalog entry."""
     with test_utils.RootLogin():
         model.CatalogEntry.Create('xyz.com', 'abc', self.map_object)
     self.assertNotEqual(None, model.CatalogEntry.Get('xyz.com', 'abc'))
     with test_utils.Login('owner'):
         self.DoPost('/xyz.com/.publish',
                     'label=abc&remove=1&xsrf_token=XSRF')
     self.assertEquals(None, model.CatalogEntry.Get('xyz.com', 'abc'))
コード例 #21
0
 def testValidLabels(self):
     """Tests to makes sure valid labels do get published."""
     with test_utils.Login('owner'):
         for label in ['a', 'B', '2', 'a2', 'q-w_e-r_t-y', '93']:
             self.DoPost(
                 '/xyz.com/.publish',
                 'label=%s&map=%s&xsrf_token=XSRF' % (label, self.map_id))
             entry = model.CatalogEntry.Get('xyz.com', label)
             self.assertEquals(self.map_id, entry.map_id)
             self.assertFalse(entry.is_listed)
コード例 #22
0
ファイル: api_test.py プロジェクト: zestyping/googlecrisismap 
    def testGetMap(self):
        """Fetches a map through the API."""
        map_root = {'id': self.map.id, 'json': True, 'stuff': [0, 1]}
        with test_utils.Login('editor'):
            self.map.PutNewVersion(map_root)
        with test_utils.Login('viewer'):
            response = self.DoGet('/.api/maps/%s' % self.map.id)
            self.assertEquals(map_root, json.loads(response.body))

        # Map should not be accessible to a not-signed-in user, or an outsider
        self.DoGet('/.api/maps/%s' % self.map.id, 403)
        with test_utils.Login('outsider'):
            self.DoGet('/.api/maps/%s' % self.map.id, 403)

        # Map should be accessible by a properly configured auth key.
        auth = model.Authorization.Create(map_read_permission=True,
                                          map_ids=[self.map.id])
        response = self.DoGet('/.api/maps/%s?key=%s' % (self.map.id, auth.id),
                              https=True)
        self.assertEquals(map_root, json.loads(response.body))
コード例 #23
0
 def setUp(self):
   super(AdminDomainTest, self).setUp()
   test_utils.SetupUser(test_utils.Login('manager'))
   test_utils.SetupUser(test_utils.DomainLogin('insider', 'xyz.com'))
   test_utils.SetupUser(test_utils.DomainLogin('reviewer', 'xyz.com'))
   test_utils.SetupUser(test_utils.DomainLogin('outsider', 'not-xyz.com'))
   # TODO(kpy): Consider moving this setup into the tests that use it.
   perms.Grant('xyz.com', perms.Role.MAP_CREATOR, 'xyz.com')
   perms.Grant('manager', perms.Role.DOMAIN_ADMIN, 'xyz.com')
   perms.Grant('reviewer', perms.Role.DOMAIN_REVIEWER, 'xyz.com')
   perms.Grant('insider', perms.Role.CATALOG_EDITOR, 'xyz.com')
   perms.Grant('outsider', perms.Role.MAP_CREATOR, 'xyz.com')
コード例 #24
0
 def testDomainSettingsPost(self):
   domains.Domain.Put(
       'foo.com', has_sticky_catalog_entries=True, default_label='label-a',
       initial_domain_role=perms.Role.MAP_VIEWER)
   perms.Grant('manager', perms.Role.DOMAIN_ADMIN, 'foo.com')
   with test_utils.Login('manager'):
     self.DoDomainSettingsPost(
         'foo.com', 'label-b', False, perms.Role.MAP_EDITOR)
   domain = domains.Domain.Get('foo.com')
   self.assertEqual('label-b', domain.default_label)
   self.assertFalse(domain.has_sticky_catalog_entries)
   self.assertEqual(perms.Role.MAP_EDITOR, domain.initial_domain_role)
コード例 #25
0
    def testInitialDomainRole(self):
        # Start with no initial_domain_role for our domain.
        with test_utils.RootLogin():
            domains.Domain.Put('xyz.com', initial_domain_role=perms.Role.NONE)
            perms.Grant('creator', perms.Role.MAP_CREATOR, 'xyz.com')

        # Newly created maps should get a domain_role of perms.Role.NONE.
        with test_utils.Login('creator'):
            response = self.DoPost('/xyz.com/.create', 'xsrf_token=XSRF', 302)
            map_object = model.Map.Get(
                response.headers['Location'].split('/')[-1])
        self.assertEquals(perms.Role.NONE, map_object.domain_role)

        # Now set the initial_domain_role for xyz.com.
        with test_utils.RootLogin():
            domains.Domain.Put('xyz.com',
                               initial_domain_role=perms.Role.MAP_EDITOR)

        # Newly created maps should pick up the new domain_role.
        with test_utils.Login('creator'):
            response = self.DoPost('/xyz.com/.create', 'xsrf_token=XSRF', 302)
            map_object = model.Map.Get(
                response.headers['Location'].split('/')[-1])
        self.assertEquals(perms.Role.MAP_EDITOR, map_object.domain_role)
コード例 #26
0
 def testCreate(self):
     perms.Grant('creator', perms.Role.MAP_CREATOR, 'xyz.com')
     self.CaptureLog()
     with test_utils.Login('creator'):
         response = self.DoPost('/xyz.com/.create', 'xsrf_token=XSRF', 302)
         map_object = model.Map.Get(
             response.headers['Location'].split('/')[-1])
     # Confirm that a map was created.
     self.assertTrue(map_object)
     self.assertEquals('xyz.com', map_object.domain)
     self.assertTrue('Untitled' in map_object.map_root['title'])
     self.AssertLog(logs.Event.MAP_CREATED,
                    uid='creator',
                    map_id=map_object.id,
                    domain_name='xyz.com')
コード例 #27
0
 def testGet(self):
     with test_utils.Login('reviewer'):
         response = self.DoGet('/.maps/%s/review' % self.map_id)
     self.assertTrue('>shelter<' in response.body)
     self.assertTrue('>water<' in response.body)
     self.assertTrue('>flooding<' in response.body)
     self.assertTrue(self.cr1.id in response.body)
     self.assertTrue(self.cr2.id in response.body)
     self.assertTrue('[space]' in response.body)
     self.assertTrue('[no water]' in response.body)
     self.assertTrue('Beds: 26' in response.body)
     self.assertTrue('Phone: 555-1234' in response.body)
     self.assertTrue('bottled water here &lt;/script&gt;' in response.body)
     self.assertTrue('name="accept"' in response.body)
     self.assertTrue(map_review._ICON_URL_TEMPLATE % 'aaa' in response.body)
コード例 #28
0
    def testPostUpvoteDownvoteFromPublishedMap(self):
        model.CatalogEntryModel(key_name='xyz.com:zz',
                                domain='xyz.com',
                                label='zz',
                                title='Map 1',
                                map_id=self.map_id).put()

        model.CrowdVote.Put(self.cr1.id, 'voter1', 'ANONYMOUS_DOWN')
        model.CrowdVote.Put(self.cr1.id, 'voter2', 'ANONYMOUS_DOWN')
        self.assertTrue(model.CrowdReport.Get(self.cr1.id).hidden)

        with test_utils.Login('reviewer'):
            self.DoPost(
                '/xyz.com/zz/review', 'xsrf_token=XSRF&upvote=%s&downvote=%s' %
                (self.cr1.id, self.cr2.id))
            self.assertFalse(model.CrowdReport.Get(self.cr1.id).hidden)
            self.assertTrue(model.CrowdReport.Get(self.cr2.id).hidden)

        # Both reports get marked as reviewed and should not show up by default
        # on the review page
        with test_utils.Login('reviewer'):
            response = self.DoGet('/xyz.com/zz/review')
            self.assertFalse(self.cr1.id in response.body)
            self.assertFalse(self.cr2.id in response.body)
コード例 #29
0
    def testGet(self):
        """Tests CrowdReport.GetWithoutLocation."""
        now = datetime.datetime.utcnow()

        def TimeAgo(days=0, hours=0):
            return now - datetime.timedelta(days=days, hours=hours)

        self.SetTime(
            utils.UtcToTimestamp(
                TimeAgo(days=crowd_report_tasks.CROWD_REPORT_TTL_DAYS - 1)))
        cr1 = test_utils.NewCrowdReport(topic_ids=['foo'])

        self.SetTime(
            utils.UtcToTimestamp(
                TimeAgo(days=crowd_report_tasks.CROWD_REPORT_TTL_DAYS)))
        cr2 = test_utils.NewCrowdReport(topic_ids=['foo'])

        self.SetTime(
            utils.UtcToTimestamp(
                TimeAgo(days=crowd_report_tasks.CROWD_REPORT_TTL_DAYS,
                        hours=1)))
        cr3 = test_utils.NewCrowdReport(topic_ids=['foo'])

        self.SetTime(
            utils.UtcToTimestamp(
                TimeAgo(days=crowd_report_tasks.CROWD_REPORT_TTL_DAYS + 1)))
        cr4 = test_utils.NewCrowdReport(topic_ids=['foo'])

        self.SetTime(utils.UtcToTimestamp(now))

        self.assertEquals([cr1.key, cr2.key, cr3.key, cr4.key], [
            x.key
            for x in model.CrowdReport.GetWithoutLocation(topic_ids=['foo'],
                                                          count=10)
        ])

        with test_utils.Login('owner'):
            self.DoGet('/.crowd_report_cleanup')

        # Should have deleted the two reports older than CROWD_REPORT_TTL_DAYS
        self.assertEquals([cr1.key, cr2.key], [
            x.key
            for x in model.CrowdReport.GetWithoutLocation(topic_ids=['foo'],
                                                          count=10)
        ])
コード例 #30
0
    def testDomainAdminRole(self):
        with test_utils.RootLogin():
            perms.Grant('xyz.com', perms.Role.DOMAIN_ADMIN, 'xyz.com')
            perms.Grant('outside_friend', perms.Role.DOMAIN_ADMIN, 'xyz.com')

        with test_utils.DomainLogin('insider', 'xyz.com'):
            self.assertTrue(
                perms.CheckAccess(perms.Role.DOMAIN_ADMIN, 'xyz.com'))
        with test_utils.DomainLogin('outside_friend', 'not-xyz.com'):
            self.assertTrue(
                perms.CheckAccess(perms.Role.DOMAIN_ADMIN, 'xyz.com'))
        with test_utils.Login('stranger'):
            self.assertFalse(
                perms.CheckAccess(perms.Role.DOMAIN_ADMIN, 'xyz.com'))
        with test_utils.DomainLogin('stranger_with_ga_domain', 'not-xyz.com'):
            self.assertFalse(
                perms.CheckAccess(perms.Role.DOMAIN_ADMIN, 'xyz.com'))
        with test_utils.RootLogin():
            self.assertTrue(
                perms.CheckAccess(perms.Role.DOMAIN_ADMIN, 'xyz.com'))