def test_delete_all(self):
ckanext_factories.Permission()
ckanext_factories.Permission()
assert model.Session.query(extmodel.Permission).count() > 0
assert model.Session.query(extmodel.PermissionAction).count() > 0
self.test_action('permission_delete_all')
assert model.Session.query(extmodel.Permission).count() == 0
assert model.Session.query(extmodel.PermissionAction).count() == 0
def test_undefine_valid_partial(self):
permission = ckanext_factories.Permission()
self.test_action('permission_undefine',
content_type=permission['content_type'],
operation=permission['operation'],
actions=permission['actions'][:-1])
del permission['actions'][0]
self._check_permission(**permission)
def test_undefine_valid_full(self):
permission = ckanext_factories.Permission()
self.test_action('permission_undefine',
content_type=permission['content_type'],
operation=permission['operation'],
actions=permission['actions'])
permission['actions'] = []
self._check_permission(**permission)
def test_permission_revoke_invalid_not_granted(self):
role = ckanext_factories.Role()
permission = ckanext_factories.Permission()
result, _ = self.test_action('role_permission_revoke', should_error=True,
role_id=role['name'],
content_type=permission['content_type'],
operation=permission['operation'])
assert_error(result, 'message', 'The role does not have the specified permission')
def test_permission_grant_valid(self):
role = ckanext_factories.Role()
permission = ckanext_factories.Permission()
self.test_action('role_permission_grant',
role_id=role['name'],
content_type=permission['content_type'],
operation=permission['operation'])
role_permission = extmodel.RolePermission.lookup(role['id'], permission['content_type'], permission['operation'])
assert role_permission and role_permission.state == 'active'
def test_define_valid_add(self):
permission = ckanext_factories.Permission()
input_dict = {
'content_type': permission['content_type'],
'operation': permission['operation'],
'actions': ['resource_update', 'resource_view_update'],
}
self.test_action('permission_define', **input_dict)
input_dict['actions'] += permission['actions']
self._check_permission(**input_dict)
def _prepare_user_privilege(self):
self.user = ckan_factories.User()
self.org = ckan_factories.Organization()
self.role = ckanext_factories.Role()
self.user_role = ckanext_factories.UserRole(
role_id=self.role['id'],
user_id=self.user['id'],
organization_id=self.org['id'])
self.permission = ckanext_factories.Permission()
self.role_permission = ckanext_factories.RolePermission(
role_id=self.role['id'],
content_type=self.permission['content_type'],
operation=self.permission['operation'])
def test_undefine_valid_action_not_exist(self):
# allow removal of non-existent actions because they might have been deprecated
permission = ckanext_factories.Permission()
permission_action = extmodel.PermissionAction(
permission_id=permission['id'], action_name='does_not_exist')
model.Session.add(permission_action)
model.repo.commit()
data_dict = {
'content_type': permission['content_type'],
'operation': permission['operation'],
'actions': permission['actions'] + ['does_not_exist'],
}
self._check_permission(**data_dict)
self.test_action('permission_undefine',
content_type=permission['content_type'],
operation=permission['operation'],
actions=['does_not_exist'])
data_dict['actions'].remove('does_not_exist')
self._check_permission(**data_dict)