def test_user_can_access_decorator_application_level(set_current_user,
request_ctx):
ccpo = UserFactory.create_ccpo()
port_admin = UserFactory.create()
app_user = UserFactory.create()
rando = UserFactory.create()
portfolio = PortfolioFactory.create(owner=port_admin,
applications=[{
"name": "Mos Eisley"
}])
app = portfolio.applications[0]
ApplicationRoleFactory.create(application=app, user=app_user)
request_ctx.g.portfolio = portfolio
request_ctx.g.application = app
@user_can_access_decorator(Permissions.VIEW_APPLICATION)
def _stroll_into_mos_eisley(*args, **kwargs):
return True
set_current_user(ccpo)
assert _stroll_into_mos_eisley(application_id=app.id)
set_current_user(port_admin)
assert _stroll_into_mos_eisley(application_id=app.id)
set_current_user(app_user)
assert _stroll_into_mos_eisley(application_id=app.id)
set_current_user(rando)
with pytest.raises(UnauthorizedError):
_stroll_into_mos_eisley(application_id=app.id)
def test_for_user_returns_portfolios_for_applications_user_invited_to():
bob = UserFactory.create()
portfolio = PortfolioFactory.create()
application = ApplicationFactory.create(portfolio=portfolio)
ApplicationRoleFactory.create(application=application,
user=bob,
status=ApplicationRoleStatus.ACTIVE)
assert portfolio in Portfolios.for_user(user=bob)
def test_application_members_excludes_deleted(session):
app = ApplicationFactory.create()
member_role = ApplicationRoleFactory.create(
application=app, status=ApplicationRoleStatus.ACTIVE)
disabled_role = ApplicationRoleFactory.create(
application=app, status=ApplicationRoleStatus.DISABLED)
disabled_role.deleted = True
session.add(disabled_role)
session.commit()
assert len(app.members) == 1
assert app.members[0].id == member_role.id
def test_for_user_does_not_include_deleted_application_roles():
user1 = UserFactory.create()
user2 = UserFactory.create()
portfolio = PortfolioFactory.create()
app = ApplicationFactory.create(portfolio=portfolio)
ApplicationRoleFactory.create(status=ApplicationRoleStatus.ACTIVE,
user=user1,
application=app)
assert len(Portfolios.for_user(user1)) == 1
ApplicationRoleFactory.create(status=ApplicationRoleStatus.ACTIVE,
user=user2,
application=app,
deleted=True)
assert len(Portfolios.for_user(user2)) == 0
def test_get_portfolio_events_includes_app_and_env_events():
owner = UserFactory.create()
# add portfolio level events
portfolio = PortfolioFactory.create(owner=owner)
portfolio_events = AuditLog.get_portfolio_events(portfolio)
# add application level events
application = ApplicationFactory.create(portfolio=portfolio)
Applications.update(application, {"name": "Star Cruiser"})
app_role = ApplicationRoleFactory.create(application=application)
app_invite = ApplicationInvitationFactory.create(role=app_role)
portfolio_and_app_events = AuditLog.get_portfolio_events(portfolio)
assert len(portfolio_events) < len(portfolio_and_app_events)
# add environment level events
env = EnvironmentFactory.create(application=application)
env_role = EnvironmentRoleFactory.create(environment=env, application_role=app_role)
portfolio_app_and_env_events = AuditLog.get_portfolio_events(portfolio)
assert len(portfolio_and_app_events) < len(portfolio_app_and_env_events)
resource_types = [event.resource_type for event in portfolio_app_and_env_events]
assert "application" in resource_types
assert "application_role" in resource_types
assert "application_invitation" in resource_types
assert "environment" in resource_types
assert "environment_role" in resource_types
def test_deleted_application_roles_are_ignored(session):
user = UserFactory.create()
app = ApplicationFactory.create()
app_role = ApplicationRoleFactory.create(user=user, application=app)
assert len(user.application_roles) == 1
app_role.deleted = True
session.add(app_role)
session.commit()
assert len(user.application_roles) == 0
def test_has_application_permission():
role_one = PermissionSets.get(PermissionSets.EDIT_APPLICATION_TEAM)
role_two = PermissionSets.get(PermissionSets.EDIT_APPLICATION_ENVIRONMENTS)
app_role = ApplicationRoleFactory.create(
permission_sets=[role_one, role_two])
different_user = UserFactory.create()
assert Authorization.has_application_permission(
app_role.user, app_role.application, Permissions.EDIT_ENVIRONMENT)
assert not Authorization.has_portfolio_permission(
app_role.user, app_role.application, Permissions.DELETE_ENVIRONMENT)
assert not Authorization.has_portfolio_permission(
different_user, app_role.application, Permissions.DELETE_ENVIRONMENT)
def test_for_user():
user = UserFactory.create()
portfolio = PortfolioFactory.create()
for _x in range(4):
ApplicationFactory.create(portfolio=portfolio)
ApplicationRoleFactory.create(
application=portfolio.applications[0],
user=user,
status=ApplicationRoleStatus.ACTIVE,
)
ApplicationRoleFactory.create(
application=portfolio.applications[1],
user=user,
status=ApplicationRoleStatus.ACTIVE,
)
ApplicationRoleFactory.create(
application=portfolio.applications[2],
user=user,
status=ApplicationRoleStatus.PENDING,
)
assert len(portfolio.applications) == 4
user_applications = Applications.for_user(user, portfolio)
assert len(user_applications) == 2
def test_delete_environment(session):
env = EnvironmentFactory.create(application=ApplicationFactory.create())
env_role = EnvironmentRoleFactory.create(
application_role=ApplicationRoleFactory.create(
application=env.application),
environment=env,
)
assert not env.deleted
assert not env_role.deleted
Environments.delete(env)
assert env.deleted
assert env_role.deleted
# did not flush
assert session.dirty
Environments.delete(env, commit=True)
assert env.deleted
assert env_role.deleted
# flushed the change
assert not session.dirty
def test_delete_application(session):
app = ApplicationFactory.create()
app_role = ApplicationRoleFactory.create(user=UserFactory.create(),
application=app)
env1 = EnvironmentFactory.create(application=app)
env2 = EnvironmentFactory.create(application=app)
assert not app.deleted
assert not env1.deleted
assert not env2.deleted
assert not app_role.deleted
Applications.delete(app)
assert app.deleted
assert env1.deleted
assert env2.deleted
assert app_role.deleted
# changes are flushed
assert not session.dirty
def test_get_application_events():
# add in some portfolio level events
portfolio = PortfolioFactory.create()
Portfolios.update(portfolio, {"name": "New Name"})
# add app level events
application = ApplicationFactory.create(portfolio=portfolio)
Applications.update(application, {"name": "Star Cruiser"})
app_role = ApplicationRoleFactory.create(application=application)
app_invite = ApplicationInvitationFactory.create(role=app_role)
env = EnvironmentFactory.create(application=application)
env_role = EnvironmentRoleFactory.create(environment=env, application_role=app_role)
# add rando app
rando_app = ApplicationFactory.create(portfolio=portfolio)
events = AuditLog.get_application_events(application)
for event in events:
assert event.application_id == application.id
assert not event.application_id == rando_app.id
resource_types = [event.resource_type for event in events]
assert "portfolio" not in resource_types