def test_views_measures_permissions(self, certificate_data, init_db_data): db_data = init_db_data # sign in user auth_header = self._auth_cert_login(certificate_data) # get authenticated user account uacc = self._get_uacc(db_data, 'multi-site') assert uacc is not None # GET list: # 4 measures in DB, but user 'multi-site' is only allowed # to list measures for 2 sites response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 3 measure_data = response.json[0] # verify that parent site IDs are in allowed site IDs for measure in response.json: site_id = dba.get_parent(Measure, measure['id']) assert uacc.verify_scope(sites=[site_id]) allowed_measure_id = str(measure_data['id']) not_allowed_measure_id = str(db_data['measures'][-1]) allowed_sensor_id = str(measure_data['sensor_id']) not_allowed_sensor_id = str(db_data['sensors'][-1]) # GET: # allowed measure (in fact parent site) response = self.get_item_by_id(headers=auth_header, item_id=allowed_measure_id) assert response.status_code == 200 etag_value = response.headers.get('etag', None) # not allowed measure (in fact parent site) response = self.get_item_by_id(headers=auth_header, item_id=not_allowed_measure_id) assert response.status_code == 403 # POST: # user role is allowed to post a new measure on allowed site response = self.post_item(headers=auth_header, name='New measure', observation_type='Temperature', medium='Air', unit='DegreeCelsius', value_properties={ 'vmin': -50, 'vmax': 50 }, sensor_id=allowed_sensor_id) assert response.status_code == 201 # not allowed response = self.post_item(headers=auth_header, name='New sensor 2', observation_type='Temperature', medium='Air', unit='DegreeCelsius', value_properties={ 'vmin': -50, 'vmax': 50 }, sensor_id=not_allowed_sensor_id) assert response.status_code == 403 # an allowed measure has been created... response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 4 # UPDATE: # allowed measure (in fact parent site) headers = auth_header.copy() headers.update({'If-Match': etag_value}) response = self.put_item(headers=headers, item_id=allowed_measure_id, name='Updated-name', observation_type='Temperature', medium='Air', unit='DegreeCelsius', method='OnChange', outdoor=True, on_index=False, set_point=False, sensor_id=allowed_sensor_id) assert response.status_code == 200 etag_value = response.headers.get('etag', None) headers.update({'If-Match': etag_value}) # not allowed measure (in fact parent site) response = self.put_item(headers=headers, item_id=not_allowed_measure_id, name='Updated-name', observation_type='Temperature', medium='Air', unit='DegreeCelsius', method='OnChange', sensor_id=not_allowed_sensor_id) assert response.status_code == 403 # DELETE: # XXX: refresh etag value, update != get_item_by_id response...weird... response = self.get_item_by_id(headers=auth_header, item_id=allowed_measure_id) assert response.status_code == 200 etag_value = response.headers.get('etag', None) headers.update({'If-Match': etag_value}) # allowed measure (in fact parent site) response = self.delete_item(headers=headers, item_id=allowed_measure_id) assert response.status_code == 204 # not allowed measure (in fact parent site) response = self.delete_item(headers=headers, item_id=not_allowed_measure_id) assert response.status_code == 403 # an allowed measure has been deleted... response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 3
def test_views_windows_permissions(self, certificate_data, init_db_data): db_data = init_db_data # sign in user auth_header = self._auth_cert_login(certificate_data) # get authenticated user account uacc = self._get_uacc(db_data, 'multi-site') assert uacc is not None # GET list: # 4 windows in DB, but user 'multi-site' is only allowed # to list windows for 2 sites response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 3 window_data = response.json[0] # verify that parent site IDs are in allowed site IDs for window in response.json: site_id = dba.get_parent(Facade, window['facade_id']) assert uacc.verify_scope(sites=[site_id]) not_allowed_window_id = str(db_data['windows'][-1]) allowed_facade_id = str(window_data['facade_id']) not_allowed_facade_id = str(db_data['facades'][-1]) # POST: # user role is allowed to post a new window on allowed site response = self.post_item(headers=auth_header, name='New window', covering='Curtain', facade_id=allowed_facade_id, surface_info={'area': 2.2}, orientation='South_West', u_value=2.12) assert response.status_code == 201 window_data = response.json allowed_window_id = str(window_data['id']) # not allowed response = self.post_item(headers=auth_header, name='New window 2', covering='Curtain', facade_id=not_allowed_facade_id, surface_info={'area': 2.2}, orientation='South_West', u_value=2.12) assert response.status_code == 403 # an allowed window has been created... response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 4 # GET: # allowed window (in fact parent site) response = self.get_item_by_id(headers=auth_header, item_id=allowed_window_id) assert response.status_code == 200 etag_value = response.headers.get('etag', None) # not allowed window (in fact parent site) response = self.get_item_by_id(headers=auth_header, item_id=not_allowed_window_id) assert response.status_code == 403 # UPDATE: # allowed window (in fact parent site) headers = auth_header.copy() headers.update({'If-Match': etag_value}) response = self.put_item(headers=headers, item_id=allowed_window_id, name='Updated-name', covering=window_data['covering'], orientation=window_data['orientation'], surface_info=window_data['surface_info'], u_value=window_data['u_value'], facade_id=allowed_facade_id) assert response.status_code == 200 etag_value = response.headers.get('etag', None) headers.update({'If-Match': etag_value}) # not allowed window (in fact parent site) response = self.put_item(headers=headers, item_id=not_allowed_window_id, name='Updated-name', covering=window_data['covering'], orientation=window_data['orientation'], surface_info=window_data['surface_info'], u_value=window_data['u_value'], facade_id=not_allowed_facade_id) assert response.status_code == 403 # DELETE: # allowed slab (in fact parent site) response = self.delete_item(headers=headers, item_id=allowed_window_id) assert response.status_code == 204 # not allowed slab (in fact parent site) response = self.delete_item(headers=headers, item_id=not_allowed_window_id) assert response.status_code == 403 # an allowed slab has been deleted... response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 3
def test_views_facades_permissions(self, certificate_data, init_db_data): db_data = init_db_data # sign in user auth_header = self._auth_cert_login(certificate_data) # get authenticated user account uacc = self._get_uacc(db_data, 'multi-site') assert uacc is not None # GET list: # 4 facades in DB, but user 'multi-site' is only allowed # to list facades for 2 sites response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 3 facade_data = response.json[0] # verify that parent site IDs are in allowed site IDs for facade in response.json: site_id = dba.get_parent(Building, facade['building_id']) assert uacc.verify_scope(sites=[site_id]) allowed_facade_id = str(facade_data['id']) not_allowed_facade_id = str(db_data['facades'][-1]) allowed_building_id = str(facade_data['building_id']) not_allowed_building_id = str(db_data['buildings'][-1]) # GET: # allowed facade (in fact parent site) response = self.get_item_by_id(headers=auth_header, item_id=allowed_facade_id) assert response.status_code == 200 etag_value = response.headers.get('etag', None) # not allowed facade (in fact parent site) response = self.get_item_by_id(headers=auth_header, item_id=not_allowed_facade_id) assert response.status_code == 403 # POST: # user role is allowed to post a new facade on allowed site response = self.post_item(headers=auth_header, name='New facade', distance_unit='metric', spaces=[], surface_info={'area': 42}, windows_wall_ratio=0.14, orientation='East', building_id=allowed_building_id) assert response.status_code == 201 # not allowed response = self.post_item(headers=auth_header, name='New facade 2', distance_unit='metric', spaces=[], surface_info={'area': 42}, windows_wall_ratio=0.14, orientation='East', building_id=not_allowed_building_id) assert response.status_code == 403 # an allowed facade has been created... response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 4 # UPDATE: # allowed facade (in fact parent site) headers = auth_header.copy() headers.update({'If-Match': etag_value}) response = self.put_item(headers=headers, item_id=allowed_facade_id, name='Updated-name', spaces=facade_data['spaces'], orientation='South_West', windows_wall_ratio=0.3, surface_info=facade_data['surface_info'], building_id=allowed_building_id) assert response.status_code == 200 etag_value = response.headers.get('etag', None) headers.update({'If-Match': etag_value}) # not allowed facade (in fact parent site) response = self.put_item(headers=headers, item_id=not_allowed_facade_id, name='Updated-name', spaces=facade_data['spaces'], orientation='South_West', windows_wall_ratio=0.3, surface_info=facade_data['surface_info'], building_id=not_allowed_building_id) assert response.status_code == 403 # DELETE: # allowed facade (in fact parent site) response = self.delete_item(headers=headers, item_id=allowed_facade_id) assert response.status_code == 204 # not allowed facade (in fact parent site) response = self.delete_item(headers=headers, item_id=not_allowed_facade_id) assert response.status_code == 403 # an allowed facade has been deleted... response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 3
def test_views_zones_permissions(self, certificate_data, init_db_data): db_data = init_db_data # sign in user auth_header = self._auth_cert_login(certificate_data) # get authenticated user account uacc = self._get_uacc(db_data, 'multi-site') assert uacc is not None # GET list: # 4 zones in DB, but user 'multi-site' is only allowed # to list zones for 2 sites response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 3 zone_data = response.json[0] # verify that parent site IDs are in allowed site IDs for zone in response.json: site_id = dba.get_parent(Building, zone['building_id']) assert uacc.verify_scope(sites=[site_id]) allowed_zone_id = str(zone_data['id']) not_allowed_zone_id = str(db_data['zones'][-1]) allowed_building_id = str(zone_data['building_id']) not_allowed_building_id = str(db_data['buildings'][-1]) # GET: # allowed zone (in fact parent site) response = self.get_item_by_id(headers=auth_header, item_id=allowed_zone_id) assert response.status_code == 200 etag_value = response.headers.get('etag', None) # not allowed zone (in fact parent site) response = self.get_item_by_id(headers=auth_header, item_id=not_allowed_zone_id) assert response.status_code == 403 # POST: # user role is allowed to post a new zone on allowed site response = self.post_item(headers=auth_header, name='New zone', zones=[], spaces=[], building_id=allowed_building_id) assert response.status_code == 201 # not allowed response = self.post_item(headers=auth_header, name='New zone 2', zones=[], spaces=[], building_id=not_allowed_building_id) assert response.status_code == 403 # an allowed zone has been created... response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 4 # UPDATE: # allowed zone (in fact parent site) headers = auth_header.copy() headers.update({'If-Match': etag_value}) response = self.put_item(headers=headers, item_id=allowed_zone_id, name='Updated-name', zones=[], sapces=zone_data['spaces'], building_id=allowed_building_id) assert response.status_code == 200 etag_value = response.headers.get('etag', None) headers.update({'If-Match': etag_value}) # not allowed zone (in fact parent site) response = self.put_item(headers=headers, item_id=not_allowed_zone_id, name='Updated-name', zones=[], sapces=zone_data['spaces'], building_id=not_allowed_building_id) assert response.status_code == 403 # DELETE: # allowed zone (in fact parent site) response = self.delete_item(headers=headers, item_id=allowed_zone_id) assert response.status_code == 204 # not allowed zone (in fact parent site) response = self.delete_item(headers=headers, item_id=not_allowed_zone_id) assert response.status_code == 403 # an allowed zone has been deleted... response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 3
def test_views_slabs_permissions(self, certificate_data, init_db_data): db_data = init_db_data # sign in user auth_header = self._auth_cert_login(certificate_data) # get authenticated user account uacc = self._get_uacc(db_data, 'multi-site') assert uacc is not None # GET list: # 4 slabs in DB, but user 'multi-site' is only allowed # to list slabs for 2 sites response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 3 slab_data = response.json[0] # verify that parent site IDs are in allowed site IDs for slab in response.json: site_id = dba.get_parent(Building, slab['building_id']) assert uacc.verify_scope(sites=[site_id]) not_allowed_slab_id = str(db_data['slabs'][-1]) allowed_building_id = str(slab_data['building_id']) not_allowed_building_id = str(db_data['buildings'][-1]) # POST: # user role is allowed to post a new slab on allowed site response = self.post_item(headers=auth_header, name='New slab', kind='Roof', floors=[], surface_info={'area': 51}, building_id=allowed_building_id) assert response.status_code == 201 slab_data = response.json allowed_slab_id = str(slab_data['id']) # not allowed response = self.post_item(headers=auth_header, name='New slab 2', kind='Roof', floors=[], surface_info={'area': 51}, building_id=not_allowed_building_id) assert response.status_code == 403 # an allowed slab has been created... response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 4 # GET: # allowed slab (in fact parent site) response = self.get_item_by_id(headers=auth_header, item_id=allowed_slab_id) assert response.status_code == 200 etag_value = response.headers.get('etag', None) # not allowed slab (in fact parent site) response = self.get_item_by_id(headers=auth_header, item_id=not_allowed_slab_id) assert response.status_code == 403 # UPDATE: # allowed slab (in fact parent site) headers = auth_header.copy() headers.update({'If-Match': etag_value}) response = self.put_item(headers=headers, item_id=allowed_slab_id, name='Updated-name', kind=slab_data['kind'], floors=slab_data['floors'], surface_info=slab_data['surface_info'], building_id=allowed_building_id) assert response.status_code == 200 etag_value = response.headers.get('etag', None) headers.update({'If-Match': etag_value}) # not allowed slab (in fact parent site) response = self.put_item(headers=headers, item_id=not_allowed_slab_id, name='Updated-name', kind=slab_data['kind'], floors=slab_data['floors'], surface_info=slab_data['surface_info'], building_id=not_allowed_building_id) assert response.status_code == 403 # DELETE: # allowed slab (in fact parent site) response = self.delete_item(headers=headers, item_id=allowed_slab_id) assert response.status_code == 204 # not allowed slab (in fact parent site) response = self.delete_item(headers=headers, item_id=not_allowed_slab_id) assert response.status_code == 403 # an allowed slab has been deleted... response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 3
def test_views_sensors_permissions(self, certificate_data, init_db_data): db_data = init_db_data # sign in user auth_header = self._auth_cert_login(certificate_data) # get authenticated user account uacc = self._get_uacc(db_data, 'multi-site') assert uacc is not None # GET list: # 4 sensors in DB, but user 'multi-site' is only allowed # to list sensors for 2 sites response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 3 sensor_data = response.json[0] # verify that parent site IDs are in allowed site IDs for sensor in response.json: site_id = dba.get_parent(Sensor, sensor['id']) assert uacc.verify_scope(sites=[site_id]) allowed_sensor_id = str(sensor_data['id']) not_allowed_sensor_id = str(db_data['sensors'][-1]) allowed_site_id = str(db_data['sites'][0]) not_allowed_site_id = str(db_data['sites'][-1]) # GET: # allowed sensor (in fact parent site) response = self.get_item_by_id(headers=auth_header, item_id=allowed_sensor_id) assert response.status_code == 200 etag_value = response.headers.get('etag', None) # not allowed sensor (in fact parent site) response = self.get_item_by_id(headers=auth_header, item_id=not_allowed_sensor_id) assert response.status_code == 403 # POST: # user role is allowed to post a new sensor on allowed site response = self.post_item( headers=auth_header, name='New sensor', static=False, localization={'building_id': allowed_site_id}) assert response.status_code == 201 # not allowed response = self.post_item( headers=auth_header, name='New sensor 2', static=False, localization={'building_id': not_allowed_site_id}) assert response.status_code == 403 # an allowed sensor has been created... response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 4 # UPDATE: # allowed sensor (in fact parent site) headers = auth_header.copy() headers.update({'If-Match': etag_value}) response = self.put_item(headers=headers, item_id=allowed_sensor_id, name='Updated-name', static=sensor_data['static'], localization=sensor_data['localization']) assert response.status_code == 200 etag_value = response.headers.get('etag', None) headers.update({'If-Match': etag_value}) # not allowed sensor (in fact parent site) response = self.put_item(headers=headers, item_id=not_allowed_sensor_id, name='Updated-name', static=sensor_data['static'], localization=sensor_data['localization']) assert response.status_code == 403 # DELETE: # allowed sensor (in fact parent site) response = self.delete_item(headers=headers, item_id=allowed_sensor_id) assert response.status_code == 204 # not allowed sensor (in fact parent site) response = self.delete_item(headers=headers, item_id=not_allowed_sensor_id) assert response.status_code == 403 # an allowed sensor has been deleted... response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 3
def test_views_floors_permissions(self, certificate_data, init_db_data): db_data = init_db_data # sign in user auth_header = self._auth_cert_login(certificate_data) # get authenticated user account uacc = self._get_uacc(db_data, 'multi-site') assert uacc is not None # GET list: # 4 floors in DB, but user 'multi-site' is only allowed # to list floors for 2 sites response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 3 floor_data = response.json[0] # verify that parent site IDs are in allowed site IDs for floor in response.json: site_id = dba.get_parent(Floor, floor['id']) assert uacc.verify_scope(sites=[site_id]) allowed_floor_id = str(floor_data['id']) not_allowed_floor_id = str(db_data['floors'][-1]) allowed_building_id = str(floor_data['building_id']) not_allowed_building_id = str(db_data['buildings'][-1]) # GET: # allowed floor (in fact parent site) response = self.get_item_by_id(headers=auth_header, item_id=allowed_floor_id) assert response.status_code == 200 etag_value = response.headers.get('etag', None) # not allowed floor (in fact parent site) response = self.get_item_by_id(headers=auth_header, item_id=not_allowed_floor_id) assert response.status_code == 403 # POST: # user role is allowed to post a new floor on allowed site response = self.post_item(headers=auth_header, name='New floor', kind='Floor', level=69, spatial_info={ 'area': 42, 'max_height': 2.4 }, building_id=allowed_building_id) assert response.status_code == 201 # not allowed response = self.post_item(headers=auth_header, name='New building 2', kind='Floor', level=69, spatial_info={ 'area': 42, 'max_height': 2.4 }, building_id=not_allowed_building_id) assert response.status_code == 403 # an allowed floor has been created... response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 4 # UPDATE: # allowed floor (in fact parent site) headers = auth_header.copy() headers.update({'If-Match': etag_value}) response = self.put_item(headers=headers, item_id=allowed_floor_id, name='Updated-name', kind='Floor', level=69, spatial_info={ 'area': 42, 'max_height': 2.4 }, building_id=allowed_building_id) assert response.status_code == 200 etag_value = response.headers.get('etag', None) headers.update({'If-Match': etag_value}) # not allowed floor (in fact parent site) response = self.put_item(headers=headers, item_id=not_allowed_floor_id, name='Updated-name', kind='Floor', level=69, spatial_info={ 'area': 42, 'max_height': 2.4 }, building_id=not_allowed_building_id) assert response.status_code == 403 # DELETE: # allowed floor (in fact parent site) response = self.delete_item(headers=headers, item_id=allowed_floor_id) assert response.status_code == 204 # not allowed floor (in fact parent site) response = self.delete_item(headers=headers, item_id=not_allowed_floor_id) assert response.status_code == 403 # an allowed floor has been deleted... response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 3
def test_views_spaces_permissions(self, certificate_data, init_db_data): db_data = init_db_data # sign in user auth_header = self._auth_cert_login(certificate_data) # get authenticated user account uacc = self._get_uacc(db_data, 'multi-site') assert uacc is not None # GET list: # 4 spaces in DB, but user 'multi-site' is only allowed # to list spaces for 2 sites response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 3 space_data = response.json[0] # verify that parent site IDs are in allowed site IDs for space in response.json: site_id = dba.get_parent(Space, space['id']) assert uacc.verify_scope([site_id]) allowed_space_id = str(space_data['id']) not_allowed_space_id = str(db_data['spaces'][-1]) allowed_floor_id = str(space_data['floor_id']) not_allowed_floor_id = str(db_data['floors'][-1]) # GET: # allowed space (in fact parent site) response = self.get_item_by_id(headers=auth_header, item_id=allowed_space_id) assert response.status_code == 200 etag_value = response.headers.get('etag', None) # not allowed space (in fact parent site) response = self.get_item_by_id(headers=auth_header, item_id=not_allowed_space_id) assert response.status_code == 403 # POST: # user role is allowed to post a new space on allowed site response = self.post_item(headers=auth_header, name='New space', kind='Kitchen', floor_id=allowed_floor_id, occupancy={ 'nb_permanents': 6, 'nb_max': 66 }, spatial_info={ 'area': 10, 'max_height': 2 }) assert response.status_code == 201 # not allowed response = self.post_item(headers=auth_header, name='New space 2', kind='Kitchen', floor_id=not_allowed_floor_id, occupancy={ 'nb_permanents': 6, 'nb_max': 66 }, spatial_info={ 'area': 10, 'max_height': 2 }) assert response.status_code == 403 # an allowed floor has been created... response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 4 response = self.get_item_by_id(headers=auth_header, item_id=allowed_space_id) assert response.status_code == 200 # UPDATE: # allowed space (in fact parent site) headers = auth_header.copy() headers.update({'If-Match': etag_value}) response = self.put_item(headers=headers, item_id=allowed_space_id, name='Updated-name', kind='Cafeteria', floor_id=allowed_floor_id, occupancy={ 'nb_permanents': 6, 'nb_max': 66 }, spatial_info={ 'area': 10, 'max_height': 2 }) assert response.status_code == 200 etag_value = response.headers.get('etag', None) headers.update({'If-Match': etag_value}) # not allowed space (in fact parent site) response = self.put_item(headers=headers, item_id=not_allowed_space_id, name='Updated-name', kind='Cafeteria', floor_id=not_allowed_floor_id, occupancy={ 'nb_permanents': 6, 'nb_max': 66 }, spatial_info={ 'area': 10, 'max_height': 2 }) assert response.status_code == 403 response = self.get_item_by_id(headers=auth_header, item_id=allowed_space_id) assert response.status_code == 200 # DELETE: # allowed space (in fact parent site) response = self.delete_item(headers=headers, item_id=allowed_space_id) assert response.status_code == 204 # not allowed space (in fact parent site) response = self.delete_item(headers=headers, item_id=not_allowed_space_id) assert response.status_code == 403 # an allowed space has been deleted... response = self.get_items(headers=auth_header) assert response.status_code == 200 assert len(response.json) == 3