def setUpClass(cls): super(TestUpdateRoles, cls).setUpClass() cls.linked_app.save() cls.role = UserRole( domain=cls.domain, name='test', permissions=Permissions( edit_data=True, edit_reports=True, view_report_list=[ 'corehq.reports.DynamicReportmaster_report_id' ]), is_non_admin_editable=True, ) cls.role.save() cls.other_role = UserRole( domain=cls.domain, name='other_test', permissions=Permissions( edit_web_users=True, view_locations=True, ), assignable_by=[cls.role.get_id], ) cls.other_role.save()
def setUpClass(cls): delete_all_users() cls.client = Client() cls.domain = DOMAIN cls.domain_object = Domain(name=cls.domain, is_active=True) cls.domain_object.save() cls.reports_role = UserRole( domain=cls.domain, name='reports-role', default_landing_page='reports', permissions=Permissions(view_reports=True), ) cls.reports_role.save() cls.webapps_role = UserRole( domain=cls.domain, name='webapps-role', default_landing_page='webapps', permissions=Permissions(edit_data=True), ) cls.webapps_role.save() cls.global_password = '******' # make an app because not having one changes the default dashboard redirect to the apps page app = Application.new_app(domain=cls.domain, name='sympathy') app.save()
def test_report_fixtures_provider_with_cloudcare(self): """ ReportFixturesProvider should iterate only allowed apps if sync is from cloudcare """ from corehq.apps.userreports.reports.data_source import ConfigurableReportDataSource role = UserRole( domain=self.domain, permissions=Permissions( view_web_apps=False, view_web_apps_list=[self.app1._id] ), name='WebApp Restricted' ) role.save() self.user._couch_user.set_role(self.domain, role.get_qualified_id()) with patch.object(ConfigurableReportDataSource, 'get_data') as get_data_mock: get_data_mock.return_value = self.rows with mock_sql_backend(): with mock_datasource_config(): fixtures = call_fixture_generator( report_fixture_generator, self.user, device_id="WebAppsLogin|[email protected]" ) reports = fixtures[0].findall('.//report') self.assertEqual(len(reports), 1) self.assertEqual(reports[0].attrib.get('id'), '123456')
def _create_or_edit_facility_manager_role(domain): facility_manager_role = UserRole.by_domain_and_name(domain, 'Facility manager') reports_list = [ "corehq.apps.reports.standard.sms.MessageLogReport", "custom.ewsghana.reports.specific_reports.dashboard_report.DashboardReport", "custom.ewsghana.reports.specific_reports.stock_status_report.StockStatus", "custom.ewsghana.reports.specific_reports.reporting_rates.ReportingRatesReport", "custom.ewsghana.reports.maps.EWSMapReport" ] if facility_manager_role: permissions = Permissions( edit_web_users=True, edit_commcare_users=True, view_reports=False, view_report_list=reports_list ) facility_manager_role[0].permissions = permissions facility_manager_role[0].save() else: role = UserRole( domain=domain, permissions=Permissions( view_reports=False, edit_web_users=True, edit_commcare_users=True, view_report_list=reports_list ), name='Facility manager' ) role.save()
def _create_or_edit_administrator_role(domain): administrator_role = UserRole.by_domain_and_name(domain, 'Administrator') reports_list = [ "corehq.apps.reports.standard.sms.MessageLogReport", "custom.ewsghana.reports.specific_reports.dashboard_report.DashboardReport", "custom.ewsghana.reports.specific_reports.stock_status_report.StockStatus", "custom.ewsghana.reports.specific_reports.reporting_rates.ReportingRatesReport", "custom.ewsghana.reports.maps.EWSMapReport", "custom.ewsghana.reports.email_reports.CMSRMSReport", "custom.ewsghana.reports.email_reports.StockSummaryReport", "custom.ewsghana.comparison_report.ProductsCompareReport", "custom.ewsghana.comparison_report.LocationsCompareReport", "custom.ewsghana.comparison_report.SupplyPointsCompareReport", "custom.ewsghana.comparison_report.WebUsersCompareReport", "custom.ewsghana.comparison_report.SMSUsersCompareReport" ] if administrator_role: permissions = Permissions(edit_web_users=True, edit_commcare_users=True, edit_locations=True, view_reports=False, view_report_list=reports_list) administrator_role[0].permissions = permissions administrator_role[0].save() else: role = UserRole(domain=domain, permissions=Permissions(view_reports=False, edit_web_users=True, edit_commcare_users=True, edit_locations=True, view_report_list=reports_list), name='Administrator') role.save()
def test_set_assignable_by(self): role = UserRole( domain=self.domain, name="test-role", ) role.save() role.roleassignableby_set.set([ RoleAssignableBy(assignable_by_role=self.roles[0]), RoleAssignableBy(assignable_by_role=self.roles[1]), ], bulk=False) self.assertEqual( {a.assignable_by_role.name for a in role.get_assignable_by()}, {self.roles[0].name, self.roles[1].name}) # remove 1, keep 1, add 1 new_assignments = {self.roles[1], self.roles[2]} role.set_assignable_by([r.id for r in new_assignments]) role2 = UserRole.objects.get(id=role.id) self.assertEqual( {a.assignable_by_role.name for a in role2.get_assignable_by()}, {r.name for r in new_assignments})
def setUpClass(cls): super(TestAccessRestrictions, cls).setUpClass() cls.suffolk_user = WebUser.create(cls.domain, 'suffolk-joe', 'password') cls.suffolk_user.set_location(cls.domain, cls.locations['Suffolk'].couch_location) role = UserRole( domain=cls.domain, name='Regional Supervisor', permissions=Permissions(access_all_locations=False, edit_commcare_users=True), ) role.save() cls.suffolk_user.set_role(cls.domain, role.get_qualified_id()) cls.suffolk_user.save() def make_mobile_worker(username, location): worker = CommCareUser.create(cls.domain, username, '123') worker.set_location(cls.locations[location]) UserESFake.save_doc(worker._doc) return worker cls.boston_worker = make_mobile_worker('boston_worker', 'Boston') cls.cambridge_worker = make_mobile_worker('cambridge_worker', 'Cambridge')
def _master_role(cls): return UserRole(domain='state', permissions=Permissions( view_web_users=True, edit_web_users=False, view_groups=True, edit_groups=False, ))
def restrict_user_to_location(self, user): role = UserRole( domain=self.domain, name='Regional Supervisor', permissions=Permissions(access_all_locations=False), ) role.save() user.set_role(self.domain, role.get_qualified_id())
def make_role(self, name): role = UserRole( domain=self.domain, name=name, permissions=Permissions(), ) role.save() self.addCleanup(role.delete)
def setUpClass(cls): cls.domain = 'test_domain' super(TestCreateDTOsAndAgencies, cls).setUpClass() cls.user_role = UserRole( domain=cls.domain, name='Default Mobile Worker', ) cls.user_role.save()
def _master_role(cls): return UserRole( domain='state', permissions=Permissions( view_web_users=True, edit_web_users=False, view_groups=True, edit_groups=False, edit_apps=True, # needed for InternalFixtureResource ))
def restrict_user_to_location(cls, user): role = UserRole( domain=cls.domain, name='Regional Supervisor', permissions=Permissions(edit_commcare_users=True, access_all_locations=False), ) role.save() user.set_role(cls.domain, role.get_qualified_id()) user.save()
def test_get_doc_ids_in_domain_by_class(self): user_role = UserRole(domain=self.domain) group = Group(domain=self.domain) xform = XFormInstance(domain=self.domain) user_role.save() group.save() xform.save() self.addCleanup(user_role.delete) self.addCleanup(group.delete) self.addCleanup(xform.delete) [doc_id] = get_doc_ids_in_domain_by_class(self.domain, UserRole) self.assertEqual(doc_id, user_role.get_id)
def setUpClass(cls): super(TestUpdateRoles, cls).setUpClass() cls.linked_app.save() cls.role = UserRole( domain=cls.domain, name='test', permissions=Permissions( edit_data=True, view_report_list=[ 'corehq.reports.DynamicReportmaster_report_id' ])) cls.role.save()
def setUpTestData(cls): SQLPermission.create_all() cls.roles = [ UserRole( domain=cls.domain, name="role1", ), UserRole( domain=cls.domain, name="role2", ), UserRole( domain='other-domain', name="role3", ) ] for role in cls.roles: role.save() cls.roles[0].set_assignable_by([cls.roles[1].id]) cls.roles[0].set_permissions([ PermissionInfo(Permissions.edit_data.name), ])
def test_unique_constraint_fail(self): """the same role can not have duplicate permissions""" sql_role = UserRole(domain=self.domain, name="role1") sql_role.save() self.addCleanup(sql_role.delete) constraint_name = "users_rolepermission_role_id_permission_fk_id_bc5f84db_uniq" with self.assertRaisesMessage(IntegrityError, constraint_name): sql_role.rolepermission_set.set([ RolePermission(permission=Permissions.edit_data.name, allow_all=True), RolePermission(permission=Permissions.edit_data.name, allow_all=False), ], bulk=False)
def test_set_assignable_by_couch(self): role = UserRole( domain=self.domain, name="test-role", ) role.save() new_assignments = {self.roles[1], self.roles[2]} role.set_assignable_by_couch([r.couch_id for r in new_assignments]) role2 = UserRole.objects.get(id=role.id) self.assertEqual( {a.assignable_by_role.name for a in role2.get_assignable_by()}, {r.name for r in new_assignments})
def test_unique_constraint_ok(self): """different roles can have the same permission""" self.role1.rolepermission_set.set([ RolePermission(permission=Permissions.edit_data.name, allow_all=True), ], bulk=False) role2 = UserRole(domain=self.domain, name="role2") role2.save() self.addCleanup(role2.delete) role2.rolepermission_set.set([ RolePermission(permission=Permissions.edit_data.name, allow_all=True), ], bulk=False)
def setUp(self): super(TestCreateDTOsAndAgencies, self).setUp() LocationType.objects.filter( domain=self.domain, code__in=[ 'pac', 'pcc', 'pdr', 'pcp', 'plc', ], ).update(has_user=True) self.user_role = UserRole( domain=self.domain, name='Default Mobile Worker', ) self.user_role.save()
def update_user_roles(domain_link): if domain_link.is_remote: master_results = remote_get_user_roles(domain_link) else: master_results = local_get_user_roles(domain_link.master_domain) _convert_reports_permissions(domain_link, master_results) local_roles = UserRole.objects.get_by_domain(domain_link.linked_domain, include_archived=True) local_roles_by_name = {} local_roles_by_upstream_id = {} for role in local_roles: local_roles_by_name[role.name] = role if role.upstream_id: local_roles_by_upstream_id[role.upstream_id] = role # Update downstream roles based on upstream roles for role_def in master_results: role = local_roles_by_upstream_id.get(role_def['_id']) or local_roles_by_name.get(role_def['name']) if not role: role = UserRole(domain=domain_link.linked_domain) local_roles_by_upstream_id[role_def['_id']] = role role.upstream_id = role_def['_id'] role.name = role_def["name"] role.default_landing_page = role_def["default_landing_page"] role.is_non_admin_editable = role_def["is_non_admin_editable"] role.save() permissions = Permissions.wrap(role_def["permissions"]) role.set_permissions(permissions.to_list()) # Update assignable_by ids - must be done after main update to guarantee all local roles have ids for role_def in master_results: local_role = local_roles_by_upstream_id[role_def['_id']] assignable_by = [] if role_def["assignable_by"]: assignable_by = [ local_roles_by_upstream_id[role_id].id for role_id in role_def["assignable_by"] ] local_role.set_assignable_by(assignable_by)
def _create_or_edit_web_reporter_role(domain): web_reporter_roles = UserRole.by_domain_and_name(domain, 'Web Reporter') report_list = [ "corehq.apps.reports.standard.sms.MessageLogReport", "custom.ewsghana.reports.specific_reports.dashboard_report.DashboardReport", "custom.ewsghana.reports.specific_reports.stock_status_report.StockStatus", "custom.ewsghana.reports.specific_reports.reporting_rates.ReportingRatesReport", "custom.ewsghana.reports.maps.EWSMapReport" ] if web_reporter_roles: web_reporter_role = web_reporter_roles[0] web_reporter_role.permissions.view_reports = False web_reporter_role.permissions.view_report_list = report_list web_reporter_role.save() else: role = UserRole(domain=domain, permissions=Permissions(view_reports=False, view_report_list=report_list), name='Web Reporter') role.save()
def test_match_ids(self): self.assertEqual([], UserRole.by_domain(self.linked_domain)) role = UserRole(domain=self.linked_domain, name='id_test', permissions=Permissions( edit_web_users=False, view_locations=True, ), assignable_by=[self.role.get_id], upstream_id=self.other_role.get_id) role.save() update_user_roles(self.domain_link) roles = {r.name: r for r in UserRole.by_domain(self.linked_domain)} self.assertEqual(2, len(roles)) self.assertIsNotNone(roles.get('other_test')) self.assertTrue(roles['other_test'].permissions.edit_web_users) self.assertEqual(roles['other_test'].upstream_id, self.other_role.get_id)
def setUpClass(cls): super().setUpClass() cls.domain = 'bookshelf' cls.domain_obj = create_domain(cls.domain) cls.role = UserRole(domain=cls.domain, name='App Editor') cls.role.save() cls.qualified_role_id = cls.role.get_qualified_id() cls.user1 = WebUser.create( cls.domain_obj.name, '*****@*****.**', 'badpassword', None, None, email='*****@*****.**', first_name='Edith', last_name='Wharton', role_id=cls.role.get_id, ) cls.user2 = WebUser.create( cls.domain_obj.name, '*****@*****.**', 'anotherbadpassword', None, None, email='*****@*****.**', first_name='George', last_name='Eliot', is_admin=True, ) cls.invited_user = Invitation.objects.create( email='*****@*****.**', domain=cls.domain_obj.name, invited_by='*****@*****.**', invited_on=datetime.utcnow(), role=cls.qualified_role_id, )
def test_set_permissions(self): role = UserRole( domain=self.domain, name="test-role", ) role.save() role.rolepermission_set.set([ RolePermission(permission=Permissions.edit_data.name), RolePermission(permission=Permissions.view_reports.name, allow_all=False, allowed_items=['report1']), ], bulk=False) self.assertEqual( set(role.get_permission_infos()), { PermissionInfo(Permissions.edit_data.name), PermissionInfo(Permissions.view_reports.name, allow=['report1']), }) new_permissions = { # removed edit_data PermissionInfo(Permissions.access_api.name), # new PermissionInfo(Permissions.view_reports.name, allow=['report1', 'report2']), # edit } role.set_permissions(new_permissions) role2 = UserRole.objects.get(id=role.id) self.assertEqual(set(role2.get_permission_infos()), new_permissions) # change parameterized permission to allow all new_permissions = { PermissionInfo(Permissions.view_reports.name, allow=PermissionInfo.ALLOW_ALL), # edit } role.set_permissions(new_permissions) role2 = UserRole.objects.get(id=role.id) self.assertEqual(set(role2.get_permission_infos()), new_permissions)
def create_view(can_edit_reports): rolename = 'edit_role' if can_edit_reports else 'view_role' username = '******' if can_edit_reports else 'viewer' toggles.USER_CONFIGURABLE_REPORTS.set(username, True, toggles.NAMESPACE_USER) user_role = UserRole( domain=domain.name, name=rolename, permissions=Permissions(edit_commcare_users=True, view_commcare_users=True, edit_groups=True, view_groups=True, edit_locations=True, view_locations=True, access_all_locations=False, edit_data=True, edit_reports=can_edit_reports, view_reports=True ) ) user_role.save() # user_role should be deleted along with the domain. web_user = WebUser.create(domain.name, username, '***', None, None) web_user.set_role(domain.name, user_role.get_qualified_id()) web_user.current_domain = domain.name web_user.save() self.addCleanup(web_user.delete, deleted_by=None) request = HttpRequest() request.can_access_all_locations = True request.user = web_user.get_django_user() request.couch_user = web_user request.session = {} _, view = self._build_report_and_view(request=request) return view
def setUpTestData(cls): cls.role = UserRole( domain=cls.domain, name="role1", ) cls.role.save()
def get_role(self): return UserRole(domain=test_self.domain, permissions=test_self.permissions)
def setUp(self): self.role1 = UserRole(domain=self.domain, name="role1") self.role1.save() self.addCleanup(self.role1.delete)
def setUpClass(cls): super(TestMprAsrLocationFilter, cls).setUpClass() cls.domain = create_domain('icds-location-test') domain_name = cls.domain.name cls.domain_name = domain_name location_types = [ 'state', 'district', 'block', 'supervisor', 'awc' ] previous_parent = None for location_type in location_types: previous_parent = LocationType.objects.create( domain=domain_name, name=location_type, parent_type=previous_parent ) cls.state = SQLLocation.objects.create( name='Test State', domain=domain_name, location_type=LocationType.objects.get(domain=domain_name, name='state') ) cls.state2 = SQLLocation.objects.create( name='Test State2', domain=domain_name, location_type=LocationType.objects.get(domain=domain_name, name='state') ) cls.district = SQLLocation.objects.create( name='Test District', domain=domain_name, location_type=LocationType.objects.get(domain=domain_name, name='district'), parent=cls.state, ) cls.block = SQLLocation.objects.create( name='Test Block', domain=domain_name, location_type=LocationType.objects.get(domain=domain_name, name='block'), parent=cls.district ) cls.supervisor = SQLLocation.objects.create( name='Test Supervisor', domain=domain_name, location_type=LocationType.objects.get(domain=domain_name, name='supervisor'), parent=cls.block ) cls.awc = SQLLocation.objects.create( name='Test AWC', domain=domain_name, location_type=LocationType.objects.get(domain=domain_name, name='awc'), parent=cls.supervisor ) cls.role = UserRole(domain=domain_name, name='demo', permissions=Permissions(access_all_locations=False)) cls.role.save() cls.mobile_user = CommCareUser.create(domain_name, 'test_user', 'test_password', None, None) cls.mobile_user.set_location(cls.block) cls.mobile_user.set_role(domain_name, cls.role.get_qualified_id()) cls.mobile_user.save() cls.national_user = CommCareUser.create(domain_name, 'test_user_national', 'test_password', None, None) cls.national_user.save()