def test_user_generate_apikey_for_another_user():
    fred = factories.MockUser(name="fred")
    bob = factories.MockUser(name="bob")
    mock_model = mock.MagicMock()
    mock_model.User.get.return_value = fred
    # auth_user_obj shows user as logged in for non-anonymous auth
    # functions
    context = {"model": mock_model, "auth_user_obj": bob}
    context["user"] = bob.name
    params = {"id": fred.id}

    with pytest.raises(logic.NotAuthorized):
        helpers.call_auth("user_generate_apikey", context=context, **params)
예제 #2
0
    def test_user_update_user_can_update_herself(self):
        '''Users should be authorized to update their own accounts.'''

        # Make a mock ckan.model.User object, Fred.
        fred = factories.MockUser(name='fred')

        # Make a mock ckan.model object.
        mock_model = mock.MagicMock()
        # model.User.get(user_id) should return our mock user.
        mock_model.User.get.return_value = fred

        # Put the mock model in the context.
        # This is easier than patching import ckan.model.
        context = {'model': mock_model}

        # The 'user' in the context has to match fred.name, so that the
        # auth function thinks that the user being updated is the same user as
        # the user who is logged-in.
        context['user'] = fred.name

        # Make Fred try to update his own user name.
        params = {
            'id': fred.id,
            'name': 'updated_user_name',
        }

        result = helpers.call_auth('user_update', context=context, **params)
        assert result is True
예제 #3
0
    def test_user_update_user_cannot_update_another_user(self):
        '''Users should not be able to update other users' accounts.'''

        # 1. Setup.

        # Make a mock ckan.model.User object, Fred.
        fred = factories.MockUser(name='fred')

        # Make a mock ckan.model object.
        mock_model = mock.MagicMock()
        # model.User.get(user_id) should return Fred.
        mock_model.User.get.return_value = fred

        # Put the mock model in the context.
        # This is easier than patching import ckan.model.
        context = {'model': mock_model}

        # The logged-in user is going to be Bob, not Fred.
        context['user'] = '******'

        # 2. Call the function that's being tested, once only.

        # Make Bob try to update Fred's user account.
        params = {
            'id': fred.id,
            'name': 'updated_user_name',
        }

        # 3. Make assertions about the return value and/or side-effects.

        nose.tools.assert_raises(logic.NotAuthorized, helpers.call_auth,
                                 'user_update', context=context, **params)
예제 #4
0
    def test_user_update_visitor_cannot_update_user(self):
        '''Visitors should not be able to update users' accounts.'''

        # Make a mock ckan.model.User object, Fred.
        fred = factories.MockUser(name='fred')

        # Make a mock ckan.model object.
        mock_model = mock.MagicMock()
        # model.User.get(user_id) should return Fred.
        mock_model.User.get.return_value = fred

        # Put the mock model in the context.
        # This is easier than patching import ckan.model.
        context = {'model': mock_model}

        # No user is going to be logged-in.
        context['user'] = '******'

        # Make the visitor try to update Fred's user account.
        params = {
            'id': fred.id,
            'name': 'updated_user_name',
        }

        nose.tools.assert_raises(logic.NotAuthorized, helpers.call_auth,
                                 'user_update', context=context, **params)
예제 #5
0
    def test_user_generate_apikey_for_another_user(self):
        fred = factories.MockUser(name='fred')
        bob = factories.MockUser(name='bob')
        mock_model = mock.MagicMock()
        mock_model.User.get.return_value = fred
        # auth_user_obj shows user as logged in for non-anonymous auth
        # functions
        context = {'model': mock_model, 'auth_user_obj': bob}
        context['user'] = bob.name
        params = {
            'id': fred.id,
        }

        nose.tools.assert_raises(logic.NotAuthorized, helpers.call_auth,
                                 'user_generate_apikey', context=context,
                                 **params)
예제 #6
0
    def test_user_update_with_no_user_in_context(self):

        # Make a mock ckan.model.User object.
        mock_user = factories.MockUser(name='fred')

        # Make a mock ckan.model object.
        mock_model = mock.MagicMock()
        # model.User.get(user_id) should return our mock user.
        mock_model.User.get.return_value = mock_user

        # Put the mock model in the context.
        # This is easier than patching import ckan.model.
        context = {'model': mock_model}

        # For this test we're going to have no 'user' in the context.
        context['user'] = None

        params = {
            'id': mock_user.id,
            'name': 'updated_user_name',
        }

        nose.tools.assert_raises(logic.NotAuthorized,
                                 helpers.call_auth,
                                 'user_update',
                                 context=context,
                                 **params)
예제 #7
0
def test_user_update_user_can_update_her():
    """Users should be authorized to update their own accounts."""

    # Make a mock ckan.model.User object, Fred.
    fred = factories.MockUser(name="fred")

    # Make a mock ckan.model object.
    mock_model = mock.MagicMock()
    # model.User.get(user_id) should return our mock user.
    mock_model.User.get.return_value = fred

    # Put the mock model in the context.
    # This is easier than patching import ckan.model.
    context = {"model": mock_model}

    # The 'user' in the context has to match fred.name, so that the
    # auth function thinks that the user being updated is the same user as
    # the user who is logged-in.
    context["user"] = fred.name

    # Make Fred try to update his own user name.
    params = {"id": fred.id, "name": "updated_user_name"}

    result = helpers.call_auth("user_update", context=context, **params)
    assert result is True
예제 #8
0
def test_user_update_user_cannot_update_another_user():
    """Users should not be able to update other users' accounts."""

    # 1. Setup.

    # Make a mock ckan.model.User object, Fred.
    fred = factories.MockUser(name="fred")

    # Make a mock ckan.model object.
    mock_model = mock.MagicMock()
    # model.User.get(user_id) should return Fred.
    mock_model.User.get.return_value = fred

    # Put the mock model in the context.
    # This is easier than patching import ckan.model.
    context = {"model": mock_model}

    # The logged-in user is going to be Bob, not Fred.
    context["user"] = "******"

    # 2. Call the function that's being tested, once only.

    # Make Bob try to update Fred's user account.
    params = {"id": fred.id, "name": "updated_user_name"}

    # 3. Make assertions about the return value and/or side-effects.

    with pytest.raises(logic.NotAuthorized):
        helpers.call_auth("user_update", context=context, **params)
def test_user_generate_apikey_without_logged_in_user():
    fred = factories.MockUser(name="fred")
    mock_model = mock.MagicMock()
    mock_model.User.get.return_value = fred
    context = {"model": mock_model}
    context["user"] = None
    params = {"id": fred.id}

    with pytest.raises(logic.NotAuthorized):
        helpers.call_auth("user_generate_apikey", context=context, **params)
예제 #10
0
    def test_user_generate_apikey_without_logged_in_user(self):
        fred = factories.MockUser(name='fred')
        mock_model = mock.MagicMock()
        mock_model.User.get.return_value = fred
        context = {'model': mock_model}
        context['user'] = None
        params = {
            'id': fred.id,
        }

        nose.tools.assert_raises(logic.NotAuthorized, helpers.call_auth,
                                 'user_generate_apikey', context=context,
                                 **params)
def test_user_generate_own_apikey():
    fred = factories.MockUser(name="fred")
    mock_model = mock.MagicMock()
    mock_model.User.get.return_value = fred
    # auth_user_obj shows user as logged in for non-anonymous auth
    # functions
    context = {"model": mock_model, "auth_user_obj": fred}
    context["user"] = fred.name
    params = {"id": fred.id}

    result = helpers.call_auth("user_generate_apikey",
                               context=context,
                               **params)
    assert result is True
예제 #12
0
    def test_user_generate_own_apikey(self):
        fred = factories.MockUser(name='fred')
        mock_model = mock.MagicMock()
        mock_model.User.get.return_value = fred
        # auth_user_obj shows user as logged in for non-anonymous auth
        # functions
        context = {'model': mock_model, 'auth_user_obj': fred}
        context['user'] = fred.name
        params = {
            'id': fred.id,
        }

        result = helpers.call_auth('user_generate_apikey', context=context,
                                   **params)
        assert result is True
예제 #13
0
def test_user_update_with_no_user_in_context():

    # Make a mock ckan.model.User object.
    mock_user = factories.MockUser(name="fred")

    # Make a mock ckan.model object.
    mock_model = mock.MagicMock()
    # model.User.get(user_id) should return our mock user.
    mock_model.User.get.return_value = mock_user

    # Put the mock model in the context.
    # This is easier than patching import ckan.model.
    context = {"model": mock_model}

    # For this test we're going to have no 'user' in the context.
    context["user"] = None

    params = {"id": mock_user.id, "name": "updated_user_name"}

    with pytest.raises(logic.NotAuthorized):
        helpers.call_auth("user_update", context=context, **params)
예제 #14
0
def test_user_update_visitor_cannot_update_user():
    """Visitors should not be able to update users' accounts."""

    # Make a mock ckan.model.User object, Fred.
    fred = factories.MockUser(name="fred")

    # Make a mock ckan.model object.
    mock_model = mock.MagicMock()
    # model.User.get(user_id) should return Fred.
    mock_model.User.get.return_value = fred

    # Put the mock model in the context.
    # This is easier than patching import ckan.model.
    context = {"model": mock_model}

    # No user is going to be logged-in.
    context["user"] = "******"

    # Make the visitor try to update Fred's user account.
    params = {"id": fred.id, "name": "updated_user_name"}

    with pytest.raises(logic.NotAuthorized):
        helpers.call_auth("user_update", context=context, **params)
예제 #15
0
 def test_mockuser_factory(self):
     mockuser1 = factories.MockUser()
     mockuser2 = factories.MockUser()
     assert_not_equals(mockuser1['id'], mockuser2['id'])