def test_resource_download(self):
container_member = core_factories.User()
dataset_member = core_factories.User()
another_user = core_factories.User()
data_container = factories.DataContainer(
users=[{
'name': container_member['name'],
'capacity': 'admin'
}])
dataset = factories.Dataset(owner_org=data_container['id'], )
resource = factories.Resource(package_id=dataset['id'],
url_type='upload',
visibility='restricted')
helpers.call_action(
'package_collaborator_create',
id=dataset['id'],
user_id=dataset_member['id'],
capacity='member',
)
for user in [container_member, dataset_member]:
assert ({
'success': True
} == auth.resource_download({'user': user['name']}, resource))
assert ({
'success': False
} == auth.resource_download({'user': another_user['name']}, resource))
def test_user_autocomplete(self):
sysadmin = core_factories.Sysadmin(name='sysadmin', id='sysadmin')
factories.ExternalUser(
fullname='Alice External',
email='*****@*****.**',
)
core_factories.User(fullname='Bob Internal')
core_factories.User(fullname='Carlos Internal')
core_factories.User(fullname='David Internal')
action = toolkit.get_action('user_autocomplete')
context = {'user': sysadmin['name']}
result = action(context, {'q': 'alic'})
assert 0 == len(result)
result = action(context, {'q': 'alic', 'include_external': True})
assert 'Alice External' == result[0]['fullname']
result = action(context, {'q': 'nal'})
fullnames = [r['fullname'] for r in result]
assert 'Bob Internal' in fullnames
assert 'Carlos Internal' in fullnames
assert 'David Internal' in fullnames
result = action(context, {'q': 'foobar'})
assert 0 == len(result)
def test_recipients_with_org_admins(self):
editor = core_factories.User()
admin = core_factories.User()
external = core_factories.User()
container = factories.DataContainer(users=[
{
'name': editor['name'],
'capacity': 'editor'
},
{
'name': admin['name'],
'capacity': 'admin'
},
],
name='container1',
id='container1')
dataset1 = factories.Dataset(
name='new-dataset',
title='New Dataset',
owner_org=container['id'],
)
dataset_recipients = mailer.get_dataset_request_access_email_recipients(
dataset1)
container_recipients = mailer.get_container_request_access_email_recipients(
container)
assert dataset_recipients == container_recipients
assert len(container_recipients) == 1
assert admin['name'] == container_recipients[0]['name']
def setup(self):
# Users
self.normal_user = core_factories.User()
self.org_user = core_factories.User()
self.sysadmin = core_factories.Sysadmin()
# Containers
self.container = factories.DataContainer(
users=[
{'name': self.org_user['name'], 'capacity': 'member'},
]
)
# Datasets
self.dataset = factories.Dataset(
owner_org=self.container['id'],
)
self.resource = factories.Resource(
package_id=self.dataset['id'],
url_type='datastore',
upload=mocks.FakeFileStorage(),
visibility='restricted',
)
# Actions
core_helpers.call_action('datastore_create',
resource_id=self.resource['id'],
records=[{'a': 1, 'b': 2}],
force=True,
)
def setup(self):
saml_user = core_factories.User(name='saml2user',
email='*****@*****.**')
userobj = model.User.get(saml_user['id'])
userobj.plugin_extras = {'saml2auth': {'saml_id': 'abc123'}}
model.Session.commit()
core_factories.User(name='nativeuser', email='*****@*****.**')
def test_package_update(self):
# Create users
depadmin = core_factories.User(name='depadmin')
curator = core_factories.User(name='curator')
depositor = core_factories.User(name='depositor')
creator = core_factories.User(name='creator')
# Create containers
deposit = factories.DataContainer(
id='data-deposit',
name='data-deposit',
users=[
{
'name': 'depadmin',
'capacity': 'admin'
},
{
'name': 'curator',
'capacity': 'editor'
},
],
)
target = factories.DataContainer(
id='data-target',
name='data-target',
)
# Create dataset
dataset = factories.DepositedDataset(name='dataset',
owner_org='data-deposit',
owner_org_dest='data-target',
user=creator)
# Forbidden depadmin/curator/depositor
with pytest.raises(toolkit.NotAuthorized):
toolkit.check_access(
'package_update',
context={'user': '******'},
data_dict={'id': dataset['id']},
)
with pytest.raises(toolkit.NotAuthorized):
toolkit.check_access(
'package_update',
context={'user': '******'},
data_dict={'id': dataset['id']},
)
with pytest.raises(toolkit.NotAuthorized):
toolkit.check_access(
'package_update',
context={'user': '******'},
data_dict={'id': dataset['id']},
)
# Granted creator
assert (True == toolkit.check_access('package_update',
{'user': '******'},
{'id': dataset['id']}))
def setup(self):
# Users
self.sysadmin = core_factories.Sysadmin(name='sysadmin', id='sysadmin')
self.user1 = core_factories.User(name='user1', id='user1')
self.user2 = core_factories.User(name='user2', id='user2')
self.user3 = core_factories.User(name='user3', id='user3')
# Containers
self.container1 = factories.DataContainer(
name='container1',
id='container1',
users=[
{
'name': 'user1',
'capacity': 'admin'
},
],
)
self.container2 = factories.DataContainer(
name='container2',
id='container2',
users=[
{
'name': 'user2',
'capacity': 'admin'
},
],
)
# Datasets
self.dataset1 = factories.Dataset(
name='dataset1',
title='Test Dataset 1',
owner_org='container1',
data_collection_technique='f2f',
sampling_procedure='nonprobability',
operational_purpose_of_data='cartography',
user=self.user1,
tags=[{
'name': 'Keyword1'
}, {
'name': 'Keyword2'
}],
)
# Resources
self.resource1 = factories.Resource(
name='resource1',
package_id='dataset1',
url_type='upload',
visibility='restricted',
upload=mocks.FakeFileStorage(),
)
def setup(self):
# Users
self.normal_user = core_factories.User()
self.org_user = core_factories.User()
self.sysadmin = core_factories.Sysadmin()
# Containers
factories.DataContainer(name='data-deposit', id='data-deposit')
self.container = factories.DataContainer(
users=[{
'name': self.org_user['name'],
'capacity': 'member'
}])
def test_resource_download_deposited_dataset(self):
depadmin = core_factories.User()
curator = core_factories.User()
target_container_admin = core_factories.User()
target_container_member = core_factories.User()
other_container_admin = core_factories.User()
deposit = factories.DataContainer(id='data-deposit',
users=[
{
'name': depadmin['name'],
'capacity': 'admin'
},
{
'name': curator['name'],
'capacity': 'editor'
},
])
target = factories.DataContainer(users=[
{
'name': target_container_admin['name'],
'capacity': 'admin'
},
{
'name': target_container_member['name'],
'capacity': 'member'
},
])
container = factories.DataContainer(users=[
{
'name': other_container_admin['name'],
'capacity': 'admin'
},
])
dataset = factories.DepositedDataset(owner_org=deposit['id'],
owner_org_dest=target['id'])
resource = factories.Resource(
package_id=dataset['id'],
url_type='upload',
)
for user in [depadmin, curator, target_container_admin]:
assert ({
'success': True
} == auth.resource_download({'user': user['name']}, resource))
for user in [target_container_member, other_container_admin]:
assert ({
'success': False
} == auth.resource_download({'user': user['name']}, resource))
def test_sysadmin_not_authorized(self):
user1 = core_factories.User()
user2 = core_factories.User()
action = toolkit.get_action("user_update_sysadmin")
with pytest.raises(toolkit.NotAuthorized):
action({"user": user1["name"]}, {
'id': user1["name"],
'is_sysadmin': True
})
with pytest.raises(toolkit.NotAuthorized):
action({"user": user2["name"]}, {
'id': user1["name"],
'is_sysadmin': True
})
def _create_harvest_source_with_owner_org_and_job_if_not_existing(self):
site_user = toolkit.get_action('get_site_user')({
'model': model,
'ignore_auth': True
}, {})['name']
context = {
'user': site_user,
'model': model,
'session': model.Session,
'ignore_auth': True,
}
test_org = ckan_factories.Organization(
extras=[{
'key': 'email_list',
'value': '[email protected], [email protected]'
}])
test_other_org = ckan_factories.Organization()
org_admin_user = ckan_factories.User()
org_member_user = ckan_factories.User()
toolkit.get_action('organization_member_create')(
context.copy(), {
'id': test_org['id'],
'username': org_admin_user['name'],
'role': 'admin'
})
toolkit.get_action('organization_member_create')(
context.copy(), {
'id': test_org['id'],
'username': org_member_user['name'],
'role': 'member'
})
source_dict = {
'title': 'Test Source 01',
'name': 'test-source-01',
'url': 'basic_test',
'source_type': 'ckan',
'owner_org': test_org['id'],
'run': True
}
harvest_source = toolkit.get_action('harvest_source_create')(
context.copy(), source_dict)
return context, harvest_source['id']
def test_logged_in_users(self):
user = core_factories.User()
actions = [
'package_search',
'package_list',
'organization_list',
'group_list',
'user_list',
'organization_list_for_user',
]
context = {'user': user['name'], 'ignore_auth': False}
for action in actions:
helpers.call_action(action, context=context)
data_container = factories.DataContainer(users=[{
'name': user['name'],
'capacity': 'admin'
}])
dataset = factories.Dataset(owner_org=data_container['id'])
helpers.call_action('package_show',
context=context,
id=dataset['name'])
helpers.call_action('organization_show',
context=context,
id=data_container['name'])
helpers.call_action('user_show', context=context, id=user['id'])
def test_deposited_dataset_owner_org_dest_invalid_not_existent(self):
deposit = factories.DataContainer(id='data-deposit')
target = factories.DataContainer(id='data-target')
user = core_factories.User()
with pytest.raises(toolkit.Invalid):
validators.deposited_dataset_owner_org_dest(
'not-existent', {'user': user['name']})
def test_requesting_user_is_not_admin_of_required_container(self):
target_user = factories.ExternalUser(state=model.State.PENDING)
requesting_user = core_factories.User()
container2 = factories.DataContainer(
users=[{
"name": requesting_user["name"],
"capacity": "admin"
}])
access_request_data_dict = {
'object_id': target_user['id'],
'object_type': 'user',
'message': 'asdf',
'role': 'member',
'data': {
'default_containers': [self.container1['id']]
}
}
toolkit.get_action(u'access_request_create')({
'user': target_user['id'],
'ignore_auth': True
}, access_request_data_dict)
action = toolkit.get_action("external_user_update_state")
with pytest.raises(toolkit.NotAuthorized):
action({"user": requesting_user["name"]}, {
'id': target_user['id'],
'state': model.State.ACTIVE
})
def test_logged_in(self, app):
user = core_factories.User()
with app.flask_app.test_request_context():
app.get(
toolkit.url_for('user.register'),
extra_environ={'REMOTE_USER': user['name'].encode('ascii')},
status=403)
with app.flask_app.test_request_context():
app.get(toolkit.url_for('user.register'),
extra_environ={
'REMOTE_USER': self.sysadmin['name'].encode('ascii')
},
status=403)
with app.flask_app.test_request_context():
app.post(
toolkit.url_for('user.register'),
data=self.payload,
extra_environ={'REMOTE_USER': user['name'].encode('ascii')},
status=403)
with app.flask_app.test_request_context():
app.post(toolkit.url_for('user.register'),
data=self.payload,
extra_environ={
'REMOTE_USER': self.sysadmin['name'].encode('ascii')
},
status=403)
def test_resource_is_blocked_task_status_infected(self):
user = core_factories.User()
dataset = factories.Dataset()
resource = factories.Resource(
package_id=dataset['id'],
url_type='upload',
)
toolkit.get_action('task_status_update')(
{
'ignore_auth': True,
# task_status_update wants a user object
# for no reason, even with 'ignore_auth': True
# give it an empty string to keep it happy
'user': ''
},
{
'entity_id': resource['id'],
'entity_type': 'resource',
'task_type': 'clamav',
'last_updated': datetime.datetime.utcnow().isoformat(),
'state': 'complete',
'key': 'clamav',
'value': '{"data": {"status_code": 1}}',
'error': 'null',
}
)
assert utils.resource_is_blocked(
{'user': user['name']},
resource['id']
)
def setup(self):
self.deposit = factories.DataContainer(
name='data-deposit',
id='data-deposit',
)
self.user = core_factories.User(name='user1')
self.admin = core_factories.User(name='admin')
self.container = factories.DataContainer(name='container1',
title='Test Container',
users=[
{
'name':
self.admin['name'],
'capacity': 'admin'
},
])
def setup(self):
# Users
self.sysadmin = core_factories.Sysadmin(name='sysadmin', id='sysadmin')
self.user1 = core_factories.User(name='user1', id='user1')
self.user2 = core_factories.User(name='user2', id='user2')
self.user3 = core_factories.User(name='user3', id='user3')
# Containers
self.container1 = factories.DataContainer(
name='container1',
id='container1',
)
self.container2 = factories.DataContainer(
name='container2',
id='container2',
)
def test_package_create_with_group_permission(self):
user = factories.User(name='user2')
owner_org = factories.Organization(users=[{
'name': user['name'],
'capacity': 'editor'
}])
group = factories.Group(name='economy',
users=[{
'name': user['name'],
'capacity': 'member'
}])
context = {'user': user['name'], 'ignore_auth': False}
params = {
'name': 'test-dataset-2',
'notes': 'This is a test',
'tag_string': 'geography',
'accessLevel': 'public',
'contact_name': 'John Smith',
'contact_email': '*****@*****.**',
'rights': 'No restrictions on public use',
'accrualPeriodicity': 'R/P1W',
'owner_org': owner_org['id'],
'group': 'economy'
}
dataset = helpers.call_action('package_create',
context=context,
**params)
assert dataset['groups'][0]['name'] == 'economy'
def setup(self):
self.container1_admin = core_factories.User()
self.container1 = factories.DataContainer(
users=[{
"name": self.container1_admin["name"],
"capacity": "admin"
}])
def test_deposited_dataset_owner_org_dest(self):
deposit = factories.DataContainer(id='data-deposit')
target = factories.DataContainer(id='data-target')
user = core_factories.User()
result = validators.deposited_dataset_owner_org_dest(
'data-target', {'user': user['name']})
assert result == 'data-target'
def test_renewal_not_allowed(self):
target_user = factories.ExternalUser()
access_request_data_dict = {
'object_id': target_user['id'],
'object_type': 'user',
'message': 'asdf',
'role': 'member',
'data': {
'user_request_type': USER_REQUEST_TYPE_RENEWAL,
'users_who_can_approve': [self.container1_admin['id']]
}
}
toolkit.get_action(u'access_request_create')({
'user': target_user['id'],
'ignore_auth': True
}, access_request_data_dict)
requesting_user = core_factories.User()
action = toolkit.get_action("external_user_update_state")
with pytest.raises(toolkit.NotAuthorized):
action({"user": requesting_user["name"]}, {
'id': target_user['id'],
'state': model.State.ACTIVE,
'renew_expiry_date': True
})
def test_package_internal_activity_list_unprivileged_user(self):
normal_user = core_factories.User()
context = {'user': normal_user['name']}
data_dict = {'id': self.dataset1['id']}
action = toolkit.get_action('package_internal_activity_list')
# an unprivileged user can't see any internal activities
with pytest.raises(toolkit.NotAuthorized):
action(context, data_dict)
def test_target_user_is_internal(self):
target_user = core_factories.User(state=model.State.PENDING, )
action = toolkit.get_action("external_user_update_state")
with pytest.raises(toolkit.NotAuthorized):
action({"user": self.container1_admin["name"]}, {
'id': target_user['id'],
'state': model.State.ACTIVE
})
def test_logged_in_users_private_dataset(self, app):
container_member = core_factories.User()
dataset_member = core_factories.User()
other_user = core_factories.User()
data_container = factories.DataContainer(
users=[{
'name': container_member['name'],
'capacity': 'admin'
}])
dataset = factories.Dataset(owner_org=data_container['id'], )
resource = factories.Resource(
package_id=dataset['id'],
url_type='upload',
visibility='restricted',
)
helpers.call_action(
'package_collaborator_create',
id=dataset['id'],
user_id=dataset_member['id'],
capacity='member',
)
for user in [container_member, dataset_member]:
with app.flask_app.test_request_context():
response = app.get(
'/dataset/{}'.format(dataset['name']),
extra_environ={'REMOTE_USER': str(user['name'])},
status=200,
)
# these users can see the dataset_read view
assert 'You must be logged in' not in response.body
# these users can also download the resource attached to dataset
assert 'You are not authorized to download the private resources from this dataset' not in response.body
response = app.get(
'/dataset/{}'.format(dataset['name']),
extra_environ={'REMOTE_USER': str(other_user['name'])},
status=200,
)
# other_user is allowed to see the dataset_read view too
assert 'You must be logged in' not in response.body
# other_user is not allowed to download the resource
assert 'You are not authorized to download the private resources from this dataset' in response.body
# but they can request access to it if they like
assert 'If you need access to the dataset' in response.body
def test_email_notification_delete(self, mock_mail_user):
dataset = factories.Dataset()
user = core_factories.User()
capacity = 'editor'
mailer.mail_notification_to_collaborator(dataset['id'], user['id'],
capacity, 'delete')
assert mock_mail_user.call_count == 1
def test_user_show(self):
sysadmin = core_factories.Sysadmin()
external_user = factories.ExternalUser()
internal_user = core_factories.User()
action = toolkit.get_action('user_show')
context = {'user': sysadmin['name']}
assert action(context, {'id': external_user['id']})['external']
assert not action(context, {'id': internal_user['id']})['external']
def setup_class(self):
core_helpers.reset_db()
# Users
self.sysadmin = core_factories.Sysadmin(name='sysadmin', id='sysadmin')
self.depadmin = core_factories.User(name='depadmin', id='depadmin')
self.curator = core_factories.User(name='curator', id='curator')
self.creator = core_factories.User(name='creator', id='creator')
self.depositor = core_factories.User(name='depositor', id='depositor')
self.editor = core_factories.User(name='editor', id='editor')
self.target_container_admin = core_factories.User(
name='target_container_admin', id='target_container_admin')
self.target_container_member = core_factories.User(
name='target_container_member', id='target_container_member')
self.other_container_admin = core_factories.User(
name='other_container_admin', id='other_container_admin')
app = core_helpers._get_test_app()
self.deposit = factories.DataContainer(users=[
{
'name': 'curator',
'capacity': 'editor'
},
{
'name': 'depadmin',
'capacity': 'admin'
},
],
name='data-deposit',
id='data-deposit')
self.target = factories.DataContainer(
name='data-target',
id='data-target',
users=[
{
'name': 'editor',
'capacity': 'editor'
},
{
'name': 'target_container_admin',
'capacity': 'admin'
},
{
'name': 'target_container_member',
'capacity': 'member'
},
],
)
container = factories.DataContainer(users=[
{
'name': 'other_container_admin',
'capacity': 'admin'
},
])
def test_request_rejected_email_body_user(self):
user1 = core_factories.User(name='user1', id='user1')
message = 'Nope\nNot today thank you'
email_body = mailer.compose_request_rejected_email_body(
'user', user1, user1, message)
regularised_body = regularise_html(email_body)
assert 'Your request for a RIDL user account has been rejected.' in regularised_body
assert '<p>Nope<br> Not today thank you</p>' in regularised_body
def test_email_recipients(self):
user1 = core_factories.User(name='user1', id='user1')
curator = core_factories.User(name='curator', id='curator')
factories.DataContainer(users=[
{
'name': 'curator',
'capacity': 'editor'
},
],
name='data-deposit',
id='data-deposit')
recipients = mailer.get_summary_email_recipients()
recipient_ids = [r['name'] for r in recipients]
assert len(recipient_ids) == 2
assert curator['name'] in recipient_ids
assert self.sysadmin['name'] in recipient_ids
assert user1['name'] not in recipient_ids