def test_layer_filter_expression(self, server_iface, DBSession,
test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "unavailable", "no_project", 21781,
lambda: dbsession)
for user_name, layer_name, expected in (
("user1", "public_layer", "FALSE"),
("user12", "private_layer2", "FALSE"),
):
user = test_data["users"][user_name]
set_request_parameters(server_iface, {"USER_ID": str(user["id"])})
layer = test_data["project"].mapLayersByName(layer_name)[0]
assert ogcserver_accesscontrol.layerFilterExpression(
layer) == expected
def test_get_layers(self, server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, 'qgisserver1', 21781, dbsession)
layers = ogcserver_accesscontrol.get_layers()
test_layers = test_data['layers']
expected = {
'public_group': [test_layers['public_group']],
'public_layer':
[test_layers['public_group'], test_layers['public_layer']],
'private_layer1': [test_layers['private_layer1']],
'private_layer2': [test_layers['private_layer2']],
}
assert set(expected.keys()) == set(layers.keys())
for key in expected.keys():
assert set(expected[key]) == set(layers[key])
def test_get_roles(self, server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", 21781, dbsession)
set_request_parameters(server_iface, {"USER_ID": "0"})
assert "ROOT" == ogcserver_accesscontrol.get_roles()
test_users = test_data["users"]
test_roles = test_data["roles"]
for user_name, expected_role_names in (("user1", ("role1", )),
("user12", ("role1", "role2"))):
set_request_parameters(server_iface,
{"USER_ID": str(test_users[user_name].id)})
expected_roles = {
test_roles[expected_role_name]
for expected_role_name in expected_role_names
}
assert expected_roles == set(ogcserver_accesscontrol.get_roles())
def test_layer_permissions(server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", 21781, dbsession)
for user_name, layer_name, expected in (
(
"user1",
"public_layer",
{
"canDelete": False,
"canInsert": False,
"canRead": True,
"canUpdate": False
},
),
(
"user1",
"private_layer1",
{
"canDelete": False,
"canInsert": False,
"canRead": True,
"canUpdate": False
},
),
(
"user12",
"private_layer2",
{
"canDelete": True,
"canInsert": True,
"canRead": True,
"canUpdate": True
},
),
):
user = test_data["users"][user_name]
set_request_parameters(server_iface, {"USER_ID": str(user.id)})
layer = QgsProject.instance().mapLayersByName(layer_name)[0]
permissions = ogcserver_accesscontrol.layerPermissions(layer)
for key, value in expected.items():
assert value == getattr(permissions, key)
def test_get_area(self, server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", 21781, dbsession)
for user_name, layer_name, expected in [
("root", layer_name, (Access.FULL, None))
for layer_name in ("public_layer", "private_layer1",
"private_layer2", "private_layer3")
] + [
("user1", "public_layer", (Access.FULL, None)),
("user1", "private_layer1", (Access.AREA, area1.wkt)),
("user1", "private_layer2", (Access.NO, None)),
("user1", "private_layer3", (Access.AREA, area1.wkt)),
]:
user = test_data["users"][user_name]
set_request_parameters(server_iface, {"USER_ID": str(user.id)})
layer = QgsProject.instance().mapLayersByName(layer_name)[0]
result = ogcserver_accesscontrol.get_area(layer)
assert expected == result, 'get_area with "{}", "{}" should return {}'.format(
user_name, layer_name, expected)
def test_get_layers(self, server_iface, DBSession, test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", "no_project", 21781, lambda: dbsession
)
expected = {
"public_group": ["public_group"],
"public_layer": ["public_group", "public_layer"],
"private_layer1": ["private_layer1"],
"private_layer2": ["private_layer2"],
"pg3": ["private_group3"],
"pl3": ["private_group3", "private_layer3"],
}
layers = ogcserver_accesscontrol.get_layers(dbsession)
assert set(expected.keys()) == set(layers.keys())
for key in expected.keys():
assert set(expected[key]) == {layer.name for layer in layers[key]}
def test_get_layers(self, server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", 21781, dbsession)
test_layers = test_data["layers"]
expected = {
"public_group": [test_layers["public_group"]],
"public_layer":
[test_layers["public_group"], test_layers["public_layer"]],
"private_layer1": [test_layers["private_layer1"]],
"private_layer2": [test_layers["private_layer2"]],
"pg3": [test_layers["private_group3"]],
"pl3":
[test_layers["private_group3"], test_layers["private_layer3"]],
}
layers = ogcserver_accesscontrol.get_layers()
assert set(expected.keys()) == set(layers.keys())
for key in expected.keys():
assert set(expected[key]) == set(layers[key])
def test_get_restriction_areas(self, server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", 21781, dbsession)
test_layers = test_data["layers"]
test_roles = test_data["roles"]
assert (Access.FULL,
None) == ogcserver_accesscontrol.get_restriction_areas(
(test_layers["private_layer1"], ), rw=True, roles="ROOT")
for layer_names, rw, role_names, expected in (
(("private_layer1", ), False, ("role1", ), (Access.AREA, [area1])),
(("private_layer3", ), False, ("role1", ), (Access.AREA, [area1])),
):
layers = [test_layers[layer_name] for layer_name in layer_names]
roles = [test_roles[role_name] for role_name in role_names]
ras = ogcserver_accesscontrol.get_restriction_areas(
layers, rw, roles)
assert expected == ras, "get_restriction_areas with {} should return {}".format(
(layer_names, rw, role_names), expected)
def test_get_roles(self, server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, 'qgisserver1', 21781, dbsession)
set_request_parameters(server_iface, {'USER_ID': '0'})
assert 'ROOT' == ogcserver_accesscontrol.get_roles()
test_users = test_data['users']
test_roles = test_data['roles']
for user_name, expected_role_names in (
('user1', ('role1', )),
('user12', ('role1', 'role2')),
):
set_request_parameters(server_iface,
{'USER_ID': str(test_users[user_name].id)})
expected_roles = {
test_roles[expected_role_name]
for expected_role_name in expected_role_names
}
assert expected_roles == set(ogcserver_accesscontrol.get_roles())
def test_cache_key(server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, 'qgisserver1', 21781, dbsession)
set_request_parameters(server_iface, {
'Host': 'example.com',
'USER_ID': '0'
})
assert '0' == server_iface.requestHandler().parameter("USER_ID")
assert 'example.com' == server_iface.requestHandler().parameter("Host")
assert 'example.com--1' == ogcserver_accesscontrol.cacheKey()
user = test_data['users']['user12']
set_request_parameters(server_iface, {
'Host': 'example.com',
'USER_ID': str(user.id)
})
role1 = test_data['roles']['role1']
role2 = test_data['roles']['role2']
expected = 'example.com-{}'.format(','.join(
[str(role1.id), str(role2.id)]))
assert expected == ogcserver_accesscontrol.cacheKey()
def test_get_restriction_areas(self, server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, 'qgisserver1', 21781, dbsession)
test_layers = test_data['layers']
test_roles = test_data['roles']
assert (Access.FULL,
None) == ogcserver_accesscontrol.get_restriction_areas(
(test_layers['private_layer1'], ), rw=True, roles='ROOT')
for layer_names, rw, role_names, expected in ((('private_layer1', ),
False, ('role1', ),
(Access.AREA, [area1
])), ):
layers = [test_layers[layer_name] for layer_name in layer_names]
roles = [test_roles[role_name] for role_name in role_names]
ras = ogcserver_accesscontrol.get_restriction_areas(
layers, rw, roles)
assert expected == ras, (
'get_restriction_areas with {} should return {}'.format(
(layer_names, rw, role_names), expected))
def test_cache_key(server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", 21781, dbsession)
set_request_parameters(server_iface, {
"Host": "example.com",
"USER_ID": "0"
})
assert "0" == server_iface.requestHandler().parameter("USER_ID")
assert "example.com" == server_iface.requestHandler().parameter("Host")
assert "example.com--1" == ogcserver_accesscontrol.cacheKey()
user = test_data["users"]["user12"]
set_request_parameters(server_iface, {
"Host": "example.com",
"USER_ID": str(user.id)
})
role1 = test_data["roles"]["role1"]
role2 = test_data["roles"]["role2"]
expected = "example.com-{}".format(",".join(
[str(role1.id), str(role2.id)]))
assert expected == ogcserver_accesscontrol.cacheKey()
def test_cache_key(server_iface, DBSession, test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", "no_project", 21781, lambda: dbsession
)
set_request_parameters(server_iface, {"USER_ID": "0"}, {"HTTP_HOST": "example.com"})
assert "0" == server_iface.requestHandler().parameter("USER_ID")
assert "example.com-ROOT" == ogcserver_accesscontrol.cacheKey()
user = test_data["users"]["user12"]
role1 = test_data["roles"]["role1"]
role2 = test_data["roles"]["role2"]
set_request_parameters(
server_iface,
{
"USER_ID": str(user["id"]),
"ROLE_IDS": "{},{}".format(role1["id"], role2["id"]),
},
{"HTTP_HOST": "example.com"},
)
expected = "example.com-{},{}".format(role1["id"], role2["id"])
assert expected == ogcserver_accesscontrol.cacheKey()
def test_get_roles(self, server_iface, DBSession,
test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", "no_project", 21781,
lambda: dbsession)
set_request_parameters(server_iface, {"USER_ID": "0"})
assert "ROOT" == ogcserver_accesscontrol.get_roles(dbsession)
test_users = test_data["users"]
test_roles = test_data["roles"]
for user_name, expected_role_names in (
("user1", ("role1", )),
("user12", ("role1", "role2")),
):
set_request_parameters(
server_iface,
{
"USER_ID":
str(test_users[user_name]["id"]),
"ROLE_IDS":
",".join([
str(test_roles[r]["id"]) for r in expected_role_names
]),
},
)
expected_roles = {
test_roles[expected_role_name]["id"]
for expected_role_name in expected_role_names
}
assert expected_roles == {
role.id
for role in ogcserver_accesscontrol.get_roles(dbsession)
}
def test_layer_permissions(self, server_iface, DBSession,
test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "unavailable", "no_project", 21781,
lambda: dbsession)
for user_name, layer_name, expected in (
(
"user1",
"public_layer",
{
"canDelete": False,
"canInsert": False,
"canRead": False,
"canUpdate": False
},
),
(
"user12",
"private_layer2",
{
"canDelete": False,
"canInsert": False,
"canRead": False,
"canUpdate": False
},
),
):
user = test_data["users"][user_name]
set_request_parameters(server_iface, {"USER_ID": str(user["id"])})
layer = test_data["project"].mapLayersByName(layer_name)[0]
permissions = ogcserver_accesscontrol.layerPermissions(layer)
for key, value in expected.items():
assert value == getattr(permissions, key)
def test_init(self, server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, 'qgisserver1', 21781, dbsession)
assert ogcserver_accesscontrol.ogcserver is test_data['ogc_servers'][
'qgisserver1']
def test_init(self, server_iface, DBSession): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "unavailable", "no_project", 21781,
lambda: dbsession)
assert ogcserver_accesscontrol.ogcserver is None
def test_init(self, server_iface, DBSession, test_data): # noqa: ignore=N803
dbsession = DBSession()
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", "no_project", 21781, lambda: dbsession
)
assert ogcserver_accesscontrol.ogcserver.name == "qgisserver1"
def test_ogc_layer_with_wms_use_layer_ids(self, server_iface, dbsession):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", 21781, dbsession)
layer = QgsProject.instance().mapLayersByName("private_layer1")[0]
assert layer.id() == ogcserver_accesscontrol.ogc_layer_name(layer)
def test_init(self, server_iface, dbsession, test_data):
ogcserver_accesscontrol = OGCServerAccessControl(
server_iface, "qgisserver1", 21781, dbsession)
assert ogcserver_accesscontrol.ogcserver is test_data["ogc_servers"][
"qgisserver1"]