def setUpClass(cls):
super(TestUpdateRoles, cls).setUpClass()
cls.linked_app.save()
cls.role = UserRole(
domain=cls.domain,
name='test',
permissions=Permissions(
edit_data=True,
edit_reports=True,
view_report_list=[
'corehq.reports.DynamicReportmaster_report_id'
]),
is_non_admin_editable=True,
)
cls.role.save()
cls.other_role = UserRole(
domain=cls.domain,
name='other_test',
permissions=Permissions(
edit_web_users=True,
view_locations=True,
),
assignable_by=[cls.role.get_id],
)
cls.other_role.save()
def setUpClass(cls):
delete_all_users()
cls.client = Client()
cls.domain = DOMAIN
cls.domain_object = Domain(name=cls.domain, is_active=True)
cls.domain_object.save()
cls.reports_role = UserRole(
domain=cls.domain,
name='reports-role',
default_landing_page='reports',
permissions=Permissions(view_reports=True),
)
cls.reports_role.save()
cls.webapps_role = UserRole(
domain=cls.domain,
name='webapps-role',
default_landing_page='webapps',
permissions=Permissions(edit_data=True),
)
cls.webapps_role.save()
cls.global_password = '******'
# make an app because not having one changes the default dashboard redirect to the apps page
app = Application.new_app(domain=cls.domain, name='sympathy')
app.save()
def test_report_fixtures_provider_with_cloudcare(self):
"""
ReportFixturesProvider should iterate only allowed apps if sync is from cloudcare
"""
from corehq.apps.userreports.reports.data_source import ConfigurableReportDataSource
role = UserRole(
domain=self.domain,
permissions=Permissions(
view_web_apps=False,
view_web_apps_list=[self.app1._id]
),
name='WebApp Restricted'
)
role.save()
self.user._couch_user.set_role(self.domain, role.get_qualified_id())
with patch.object(ConfigurableReportDataSource, 'get_data') as get_data_mock:
get_data_mock.return_value = self.rows
with mock_sql_backend():
with mock_datasource_config():
fixtures = call_fixture_generator(
report_fixture_generator,
self.user,
device_id="WebAppsLogin|[email protected]"
)
reports = fixtures[0].findall('.//report')
self.assertEqual(len(reports), 1)
self.assertEqual(reports[0].attrib.get('id'), '123456')
def _create_or_edit_facility_manager_role(domain):
facility_manager_role = UserRole.by_domain_and_name(domain, 'Facility manager')
reports_list = [
"corehq.apps.reports.standard.sms.MessageLogReport",
"custom.ewsghana.reports.specific_reports.dashboard_report.DashboardReport",
"custom.ewsghana.reports.specific_reports.stock_status_report.StockStatus",
"custom.ewsghana.reports.specific_reports.reporting_rates.ReportingRatesReport",
"custom.ewsghana.reports.maps.EWSMapReport"
]
if facility_manager_role:
permissions = Permissions(
edit_web_users=True,
edit_commcare_users=True,
view_reports=False,
view_report_list=reports_list
)
facility_manager_role[0].permissions = permissions
facility_manager_role[0].save()
else:
role = UserRole(
domain=domain,
permissions=Permissions(
view_reports=False,
edit_web_users=True,
edit_commcare_users=True,
view_report_list=reports_list
),
name='Facility manager'
)
role.save()
def _create_or_edit_administrator_role(domain):
administrator_role = UserRole.by_domain_and_name(domain, 'Administrator')
reports_list = [
"corehq.apps.reports.standard.sms.MessageLogReport",
"custom.ewsghana.reports.specific_reports.dashboard_report.DashboardReport",
"custom.ewsghana.reports.specific_reports.stock_status_report.StockStatus",
"custom.ewsghana.reports.specific_reports.reporting_rates.ReportingRatesReport",
"custom.ewsghana.reports.maps.EWSMapReport",
"custom.ewsghana.reports.email_reports.CMSRMSReport",
"custom.ewsghana.reports.email_reports.StockSummaryReport",
"custom.ewsghana.comparison_report.ProductsCompareReport",
"custom.ewsghana.comparison_report.LocationsCompareReport",
"custom.ewsghana.comparison_report.SupplyPointsCompareReport",
"custom.ewsghana.comparison_report.WebUsersCompareReport",
"custom.ewsghana.comparison_report.SMSUsersCompareReport"
]
if administrator_role:
permissions = Permissions(edit_web_users=True,
edit_commcare_users=True,
edit_locations=True,
view_reports=False,
view_report_list=reports_list)
administrator_role[0].permissions = permissions
administrator_role[0].save()
else:
role = UserRole(domain=domain,
permissions=Permissions(view_reports=False,
edit_web_users=True,
edit_commcare_users=True,
edit_locations=True,
view_report_list=reports_list),
name='Administrator')
role.save()
def test_set_assignable_by(self):
role = UserRole(
domain=self.domain,
name="test-role",
)
role.save()
role.roleassignableby_set.set([
RoleAssignableBy(assignable_by_role=self.roles[0]),
RoleAssignableBy(assignable_by_role=self.roles[1]),
],
bulk=False)
self.assertEqual(
{a.assignable_by_role.name
for a in role.get_assignable_by()},
{self.roles[0].name, self.roles[1].name})
# remove 1, keep 1, add 1
new_assignments = {self.roles[1], self.roles[2]}
role.set_assignable_by([r.id for r in new_assignments])
role2 = UserRole.objects.get(id=role.id)
self.assertEqual(
{a.assignable_by_role.name
for a in role2.get_assignable_by()},
{r.name
for r in new_assignments})
def setUpClass(cls):
super(TestAccessRestrictions, cls).setUpClass()
cls.suffolk_user = WebUser.create(cls.domain, 'suffolk-joe',
'password')
cls.suffolk_user.set_location(cls.domain,
cls.locations['Suffolk'].couch_location)
role = UserRole(
domain=cls.domain,
name='Regional Supervisor',
permissions=Permissions(access_all_locations=False,
edit_commcare_users=True),
)
role.save()
cls.suffolk_user.set_role(cls.domain, role.get_qualified_id())
cls.suffolk_user.save()
def make_mobile_worker(username, location):
worker = CommCareUser.create(cls.domain, username, '123')
worker.set_location(cls.locations[location])
UserESFake.save_doc(worker._doc)
return worker
cls.boston_worker = make_mobile_worker('boston_worker', 'Boston')
cls.cambridge_worker = make_mobile_worker('cambridge_worker',
'Cambridge')
def _master_role(cls):
return UserRole(domain='state',
permissions=Permissions(
view_web_users=True,
edit_web_users=False,
view_groups=True,
edit_groups=False,
))
def restrict_user_to_location(self, user):
role = UserRole(
domain=self.domain,
name='Regional Supervisor',
permissions=Permissions(access_all_locations=False),
)
role.save()
user.set_role(self.domain, role.get_qualified_id())
def make_role(self, name):
role = UserRole(
domain=self.domain,
name=name,
permissions=Permissions(),
)
role.save()
self.addCleanup(role.delete)
def setUpClass(cls):
cls.domain = 'test_domain'
super(TestCreateDTOsAndAgencies, cls).setUpClass()
cls.user_role = UserRole(
domain=cls.domain,
name='Default Mobile Worker',
)
cls.user_role.save()
def _master_role(cls):
return UserRole(
domain='state',
permissions=Permissions(
view_web_users=True,
edit_web_users=False,
view_groups=True,
edit_groups=False,
edit_apps=True, # needed for InternalFixtureResource
))
def restrict_user_to_location(cls, user):
role = UserRole(
domain=cls.domain,
name='Regional Supervisor',
permissions=Permissions(edit_commcare_users=True,
access_all_locations=False),
)
role.save()
user.set_role(cls.domain, role.get_qualified_id())
user.save()
def test_get_doc_ids_in_domain_by_class(self):
user_role = UserRole(domain=self.domain)
group = Group(domain=self.domain)
xform = XFormInstance(domain=self.domain)
user_role.save()
group.save()
xform.save()
self.addCleanup(user_role.delete)
self.addCleanup(group.delete)
self.addCleanup(xform.delete)
[doc_id] = get_doc_ids_in_domain_by_class(self.domain, UserRole)
self.assertEqual(doc_id, user_role.get_id)
def setUpClass(cls):
super(TestUpdateRoles, cls).setUpClass()
cls.linked_app.save()
cls.role = UserRole(
domain=cls.domain,
name='test',
permissions=Permissions(
edit_data=True,
view_report_list=[
'corehq.reports.DynamicReportmaster_report_id'
]))
cls.role.save()
def setUpTestData(cls):
SQLPermission.create_all()
cls.roles = [
UserRole(
domain=cls.domain,
name="role1",
),
UserRole(
domain=cls.domain,
name="role2",
),
UserRole(
domain='other-domain',
name="role3",
)
]
for role in cls.roles:
role.save()
cls.roles[0].set_assignable_by([cls.roles[1].id])
cls.roles[0].set_permissions([
PermissionInfo(Permissions.edit_data.name),
])
def test_unique_constraint_fail(self):
"""the same role can not have duplicate permissions"""
sql_role = UserRole(domain=self.domain, name="role1")
sql_role.save()
self.addCleanup(sql_role.delete)
constraint_name = "users_rolepermission_role_id_permission_fk_id_bc5f84db_uniq"
with self.assertRaisesMessage(IntegrityError, constraint_name):
sql_role.rolepermission_set.set([
RolePermission(permission=Permissions.edit_data.name,
allow_all=True),
RolePermission(permission=Permissions.edit_data.name,
allow_all=False),
],
bulk=False)
def test_set_assignable_by_couch(self):
role = UserRole(
domain=self.domain,
name="test-role",
)
role.save()
new_assignments = {self.roles[1], self.roles[2]}
role.set_assignable_by_couch([r.couch_id for r in new_assignments])
role2 = UserRole.objects.get(id=role.id)
self.assertEqual(
{a.assignable_by_role.name
for a in role2.get_assignable_by()},
{r.name
for r in new_assignments})
def test_unique_constraint_ok(self):
"""different roles can have the same permission"""
self.role1.rolepermission_set.set([
RolePermission(permission=Permissions.edit_data.name,
allow_all=True),
],
bulk=False)
role2 = UserRole(domain=self.domain, name="role2")
role2.save()
self.addCleanup(role2.delete)
role2.rolepermission_set.set([
RolePermission(permission=Permissions.edit_data.name,
allow_all=True),
],
bulk=False)
def setUp(self):
super(TestCreateDTOsAndAgencies, self).setUp()
LocationType.objects.filter(
domain=self.domain,
code__in=[
'pac',
'pcc',
'pdr',
'pcp',
'plc',
],
).update(has_user=True)
self.user_role = UserRole(
domain=self.domain,
name='Default Mobile Worker',
)
self.user_role.save()
def update_user_roles(domain_link):
if domain_link.is_remote:
master_results = remote_get_user_roles(domain_link)
else:
master_results = local_get_user_roles(domain_link.master_domain)
_convert_reports_permissions(domain_link, master_results)
local_roles = UserRole.objects.get_by_domain(domain_link.linked_domain, include_archived=True)
local_roles_by_name = {}
local_roles_by_upstream_id = {}
for role in local_roles:
local_roles_by_name[role.name] = role
if role.upstream_id:
local_roles_by_upstream_id[role.upstream_id] = role
# Update downstream roles based on upstream roles
for role_def in master_results:
role = local_roles_by_upstream_id.get(role_def['_id']) or local_roles_by_name.get(role_def['name'])
if not role:
role = UserRole(domain=domain_link.linked_domain)
local_roles_by_upstream_id[role_def['_id']] = role
role.upstream_id = role_def['_id']
role.name = role_def["name"]
role.default_landing_page = role_def["default_landing_page"]
role.is_non_admin_editable = role_def["is_non_admin_editable"]
role.save()
permissions = Permissions.wrap(role_def["permissions"])
role.set_permissions(permissions.to_list())
# Update assignable_by ids - must be done after main update to guarantee all local roles have ids
for role_def in master_results:
local_role = local_roles_by_upstream_id[role_def['_id']]
assignable_by = []
if role_def["assignable_by"]:
assignable_by = [
local_roles_by_upstream_id[role_id].id
for role_id in role_def["assignable_by"]
]
local_role.set_assignable_by(assignable_by)
def _create_or_edit_web_reporter_role(domain):
web_reporter_roles = UserRole.by_domain_and_name(domain, 'Web Reporter')
report_list = [
"corehq.apps.reports.standard.sms.MessageLogReport",
"custom.ewsghana.reports.specific_reports.dashboard_report.DashboardReport",
"custom.ewsghana.reports.specific_reports.stock_status_report.StockStatus",
"custom.ewsghana.reports.specific_reports.reporting_rates.ReportingRatesReport",
"custom.ewsghana.reports.maps.EWSMapReport"
]
if web_reporter_roles:
web_reporter_role = web_reporter_roles[0]
web_reporter_role.permissions.view_reports = False
web_reporter_role.permissions.view_report_list = report_list
web_reporter_role.save()
else:
role = UserRole(domain=domain,
permissions=Permissions(view_reports=False,
view_report_list=report_list),
name='Web Reporter')
role.save()
def test_match_ids(self):
self.assertEqual([], UserRole.by_domain(self.linked_domain))
role = UserRole(domain=self.linked_domain,
name='id_test',
permissions=Permissions(
edit_web_users=False,
view_locations=True,
),
assignable_by=[self.role.get_id],
upstream_id=self.other_role.get_id)
role.save()
update_user_roles(self.domain_link)
roles = {r.name: r for r in UserRole.by_domain(self.linked_domain)}
self.assertEqual(2, len(roles))
self.assertIsNotNone(roles.get('other_test'))
self.assertTrue(roles['other_test'].permissions.edit_web_users)
self.assertEqual(roles['other_test'].upstream_id,
self.other_role.get_id)
def setUpClass(cls):
super().setUpClass()
cls.domain = 'bookshelf'
cls.domain_obj = create_domain(cls.domain)
cls.role = UserRole(domain=cls.domain, name='App Editor')
cls.role.save()
cls.qualified_role_id = cls.role.get_qualified_id()
cls.user1 = WebUser.create(
cls.domain_obj.name,
'*****@*****.**',
'badpassword',
None,
None,
email='*****@*****.**',
first_name='Edith',
last_name='Wharton',
role_id=cls.role.get_id,
)
cls.user2 = WebUser.create(
cls.domain_obj.name,
'*****@*****.**',
'anotherbadpassword',
None,
None,
email='*****@*****.**',
first_name='George',
last_name='Eliot',
is_admin=True,
)
cls.invited_user = Invitation.objects.create(
email='*****@*****.**',
domain=cls.domain_obj.name,
invited_by='*****@*****.**',
invited_on=datetime.utcnow(),
role=cls.qualified_role_id,
)
def test_set_permissions(self):
role = UserRole(
domain=self.domain,
name="test-role",
)
role.save()
role.rolepermission_set.set([
RolePermission(permission=Permissions.edit_data.name),
RolePermission(permission=Permissions.view_reports.name,
allow_all=False,
allowed_items=['report1']),
],
bulk=False)
self.assertEqual(
set(role.get_permission_infos()), {
PermissionInfo(Permissions.edit_data.name),
PermissionInfo(Permissions.view_reports.name,
allow=['report1']),
})
new_permissions = {
# removed edit_data
PermissionInfo(Permissions.access_api.name), # new
PermissionInfo(Permissions.view_reports.name,
allow=['report1', 'report2']), # edit
}
role.set_permissions(new_permissions)
role2 = UserRole.objects.get(id=role.id)
self.assertEqual(set(role2.get_permission_infos()), new_permissions)
# change parameterized permission to allow all
new_permissions = {
PermissionInfo(Permissions.view_reports.name,
allow=PermissionInfo.ALLOW_ALL), # edit
}
role.set_permissions(new_permissions)
role2 = UserRole.objects.get(id=role.id)
self.assertEqual(set(role2.get_permission_infos()), new_permissions)
def create_view(can_edit_reports):
rolename = 'edit_role' if can_edit_reports else 'view_role'
username = '******' if can_edit_reports else 'viewer'
toggles.USER_CONFIGURABLE_REPORTS.set(username, True, toggles.NAMESPACE_USER)
user_role = UserRole(
domain=domain.name,
name=rolename,
permissions=Permissions(edit_commcare_users=True,
view_commcare_users=True,
edit_groups=True,
view_groups=True,
edit_locations=True,
view_locations=True,
access_all_locations=False,
edit_data=True,
edit_reports=can_edit_reports,
view_reports=True
)
)
user_role.save()
# user_role should be deleted along with the domain.
web_user = WebUser.create(domain.name, username, '***', None, None)
web_user.set_role(domain.name, user_role.get_qualified_id())
web_user.current_domain = domain.name
web_user.save()
self.addCleanup(web_user.delete, deleted_by=None)
request = HttpRequest()
request.can_access_all_locations = True
request.user = web_user.get_django_user()
request.couch_user = web_user
request.session = {}
_, view = self._build_report_and_view(request=request)
return view
def setUpTestData(cls):
cls.role = UserRole(
domain=cls.domain,
name="role1",
)
cls.role.save()
def get_role(self):
return UserRole(domain=test_self.domain,
permissions=test_self.permissions)
def setUp(self):
self.role1 = UserRole(domain=self.domain, name="role1")
self.role1.save()
self.addCleanup(self.role1.delete)
def setUpClass(cls):
super(TestMprAsrLocationFilter, cls).setUpClass()
cls.domain = create_domain('icds-location-test')
domain_name = cls.domain.name
cls.domain_name = domain_name
location_types = [
'state',
'district',
'block',
'supervisor',
'awc'
]
previous_parent = None
for location_type in location_types:
previous_parent = LocationType.objects.create(
domain=domain_name,
name=location_type,
parent_type=previous_parent
)
cls.state = SQLLocation.objects.create(
name='Test State',
domain=domain_name,
location_type=LocationType.objects.get(domain=domain_name, name='state')
)
cls.state2 = SQLLocation.objects.create(
name='Test State2',
domain=domain_name,
location_type=LocationType.objects.get(domain=domain_name, name='state')
)
cls.district = SQLLocation.objects.create(
name='Test District',
domain=domain_name,
location_type=LocationType.objects.get(domain=domain_name, name='district'),
parent=cls.state,
)
cls.block = SQLLocation.objects.create(
name='Test Block',
domain=domain_name,
location_type=LocationType.objects.get(domain=domain_name, name='block'),
parent=cls.district
)
cls.supervisor = SQLLocation.objects.create(
name='Test Supervisor',
domain=domain_name,
location_type=LocationType.objects.get(domain=domain_name, name='supervisor'),
parent=cls.block
)
cls.awc = SQLLocation.objects.create(
name='Test AWC',
domain=domain_name,
location_type=LocationType.objects.get(domain=domain_name, name='awc'),
parent=cls.supervisor
)
cls.role = UserRole(domain=domain_name, name='demo', permissions=Permissions(access_all_locations=False))
cls.role.save()
cls.mobile_user = CommCareUser.create(domain_name, 'test_user', 'test_password', None, None)
cls.mobile_user.set_location(cls.block)
cls.mobile_user.set_role(domain_name, cls.role.get_qualified_id())
cls.mobile_user.save()
cls.national_user = CommCareUser.create(domain_name, 'test_user_national', 'test_password', None, None)
cls.national_user.save()
