def test_01_create_state(self): """User state is correct after creation""" # check that privileged user was created correctly self.assertEqual(self.admin.uaccess.user.username, 'admin') self.assertEqual(self.admin.uaccess.user.first_name, 'administrator') self.assertTrue(self.admin.is_active) # start as privileged user assertUserResourceState(self, self.admin, [], [], []) # check that unprivileged user was created correctly self.assertEqual(self.cat.uaccess.user.username, 'cat') self.assertEqual(self.cat.uaccess.user.first_name, 'not a dog') self.assertTrue(self.cat.is_active) # check that user cat owns and holds nothing assertUserResourceState(self, self.cat, [], [], []) assertUserGroupState(self, self.cat, [], [], [])
def test_matrix_testing(self): """ Test that matrix testing routines function as believed """ george = self.george alva = self.alva john = self.john bikes = self.bikes bikers = self.bikers harpers = self.harpers assertResourceUserState(self, bikes, [george], [], []) assertUserResourceState(self, george, [bikes], [], []) assertUserResourceState(self, alva, [], [], []) assertUserResourceState(self, john, [], [], []) assertUserGroupState(self, george, [harpers, bikers], [], []) assertUserGroupState(self, alva, [], [], []) assertUserGroupState(self, john, [], [], []) george.uaccess.share_resource_with_user(bikes, alva, PrivilegeCodes.CHANGE) assertResourceUserState(self, bikes, [george], [alva], []) assertUserResourceState(self, george, [bikes], [], []) assertUserResourceState(self, alva, [], [bikes], []) assertUserResourceState(self, john, [], [], []) george.uaccess.share_resource_with_user(bikes, john, PrivilegeCodes.VIEW) assertResourceUserState(self, bikes, [george], [alva], [john]) assertUserResourceState(self, george, [bikes], [], []) assertUserResourceState(self, alva, [], [bikes], []) assertUserResourceState(self, john, [], [], [bikes]) bikes.raccess.immutable = True bikes.raccess.save() assertResourceUserState(self, bikes, [george], [], [alva, john]) # squashes CHANGE assertUserResourceState(self, george, [bikes], [], []) # immutable squashes CHANGE assertUserResourceState(self, alva, [], [], [bikes]) assertUserResourceState(self, john, [], [], [bikes]) assertGroupUserState(self, bikers, [george], [], []) assertGroupUserState(self, harpers, [george], [], []) assertUserGroupState(self, george, [bikers, harpers], [], []) assertUserGroupState(self, alva, [], [], []) assertUserGroupState(self, john, [], [], []) george.uaccess.share_group_with_user(bikers, alva, PrivilegeCodes.CHANGE) assertGroupUserState(self, bikers, [george], [alva], []) assertGroupUserState(self, harpers, [george], [], []) assertUserGroupState(self, george, [bikers, harpers], [], []) assertUserGroupState(self, alva, [], [bikers], []) assertUserGroupState(self, john, [], [], []) george.uaccess.share_group_with_user(bikers, john, PrivilegeCodes.VIEW) assertGroupUserState(self, bikers, [george], [alva], [john]) assertGroupUserState(self, harpers, [george], [], []) assertUserGroupState(self, george, [bikers, harpers], [], []) assertUserGroupState(self, alva, [], [bikers], []) assertUserGroupState(self, john, [], [], [bikers]) assertResourceGroupState(self, bikes, [], []) assertGroupResourceState(self, bikers, [], []) george.uaccess.share_resource_with_group(bikes, bikers, PrivilegeCodes.CHANGE) # immutable squashes state assertResourceGroupState(self, bikes, [], [bikers]) # immutable squashes state assertGroupResourceState(self, bikers, [], [bikes]) bikes.raccess.immutable = False bikes.raccess.save() # without immutable, CHANGE returns assertResourceGroupState(self, bikes, [bikers], []) # without immutable, CHANGE returns assertGroupResourceState(self, bikers, [bikes], [])
def test_share(self): bikes = self.bikes harpers = self.harpers bikers = self.bikers george = self.george alva = self.alva admin = self.admin john = self.john assertResourceUserState(self, bikes, [george], [], []) assertUserResourceState(self, george, [bikes], [], []) assertUserResourceState(self, alva, [], [], []) george.uaccess.share_resource_with_user(bikes, alva, PrivilegeCodes.OWNER) assertResourceUserState(self, bikes, [george, alva], [], []) assertUserResourceState(self, george, [bikes], [], []) assertUserResourceState(self, alva, [bikes], [], []) # test a user can downgrade (e.g., from OWNER to CHANGE) his/her access # privilege alva.uaccess.share_resource_with_user(bikes, alva, PrivilegeCodes.CHANGE) assertResourceUserState(self, bikes, [george], [alva], []) assertUserResourceState(self, george, [bikes], [], []) assertUserResourceState(self, alva, [], [bikes], []) # unshare bikes george.uaccess.unshare_resource_with_user(bikes, alva) assertResourceUserState(self, bikes, [george], [], []) assertUserResourceState(self, george, [bikes], [], []) assertUserResourceState(self, alva, [], [], []) assertGroupResourceState(self, bikers, [], []) george.uaccess.share_resource_with_group(bikes, bikers, PrivilegeCodes.VIEW) assertGroupResourceState(self, bikers, [], [bikes]) george.uaccess.share_resource_with_group(bikes, harpers, PrivilegeCodes.CHANGE) assertGroupResourceState(self, harpers, [bikes], []) george.uaccess.share_group_with_user(harpers, alva, PrivilegeCodes.CHANGE) assertUserGroupState(self, alva, [], [harpers], []) # isolated from group privilege CHANGE assertUserResourceState(self, alva, [], [], []) assertGroupResourceState(self, harpers, [bikes], []) george.uaccess.unshare_group_with_user(harpers, alva) # isolated from group privilege CHANGE assertUserResourceState(self, alva, [], [], []) george.uaccess.unshare_resource_with_group(bikes, harpers) assertGroupResourceState(self, harpers, [], []) # test upgrade privilege by non owners # let george (owner) grant change privilege to alva (non owner) george.uaccess.share_resource_with_user(bikes, alva, PrivilegeCodes.CHANGE) assertUserResourceState(self, alva, [], [bikes], []) # let alva (non owner) grant view privilege to john (non owner) alva.uaccess.share_resource_with_user(bikes, self.john, PrivilegeCodes.VIEW) assertUserResourceState(self, john, [], [], [bikes]) assertResourceUserState(self, bikes, [george], [alva], [john]) # let alva (non owner) grant change privilege (upgrade) to john (non # owner) alva.uaccess.share_resource_with_user(bikes, self.john, PrivilegeCodes.CHANGE) assertUserResourceState(self, john, [], [bikes], []) assertResourceUserState(self, bikes, [george], [alva, john], []) # test django admin has ownership permission over any resource when not # owning a resource self.assertFalse(admin.uaccess.owns_resource(bikes)) self.assertEqual(bikes.raccess.get_effective_privilege(admin), PrivilegeCodes.OWNER) # test django admin can always view/change or delete any resource self.assertTrue(admin.uaccess.can_view_resource(bikes)) self.assertTrue(admin.uaccess.can_change_resource(bikes)) self.assertTrue(admin.uaccess.can_delete_resource(bikes)) # test django admin can change resource flags self.assertTrue(admin.uaccess.can_change_resource_flags(bikes)) # test django admin can share any resource with all possible permission # types self.assertTrue( admin.uaccess.can_share_resource(bikes, PrivilegeCodes.OWNER)) self.assertTrue( admin.uaccess.can_share_resource(bikes, PrivilegeCodes.CHANGE)) self.assertTrue( admin.uaccess.can_share_resource(bikes, PrivilegeCodes.VIEW)) # test django admin can share a resource with a specific user admin.uaccess.share_resource_with_user(bikes, alva, PrivilegeCodes.OWNER) assertResourceUserState(self, bikes, [george, alva], [john], []) admin.uaccess.share_resource_with_user(bikes, alva, PrivilegeCodes.CHANGE) assertResourceUserState(self, bikes, [george], [john, alva], []) admin.uaccess.share_resource_with_user(bikes, alva, PrivilegeCodes.VIEW) assertResourceUserState(self, bikes, [george], [john], [alva]) # test django admin can unshare a resource with a specific user admin.uaccess.unshare_resource_with_user(bikes, alva) assertResourceUserState(self, bikes, [george], [john], []) # test django admin can share a group with a user self.assertEqual(bikers.gaccess.members.count(), 1) self.assertFalse(admin.uaccess.owns_group(bikers)) admin.uaccess.share_group_with_user(bikers, alva, PrivilegeCodes.OWNER) self.assertEqual(alva.uaccess.owned_groups.count(), 1) self.assertEqual(bikers.gaccess.members.count(), 2) # test django admin can share resource with a group self.assertFalse( admin.uaccess.can_share_resource_with_group( bikes, harpers, PrivilegeCodes.OWNER)) self.assertTrue( admin.uaccess.can_share_resource_with_group( bikes, harpers, PrivilegeCodes.CHANGE)) admin.uaccess.share_resource_with_group(bikes, harpers, PrivilegeCodes.CHANGE) self.assertTrue(bikes in harpers.gaccess.edit_resources) self.assertTrue( admin.uaccess.can_share_resource_with_group( bikes, harpers, PrivilegeCodes.VIEW)) admin.uaccess.share_resource_with_group(bikes, harpers, PrivilegeCodes.VIEW) self.assertTrue(bikes in harpers.gaccess.view_resources) # test django admin can unshare a user with a group self.assertTrue(admin.uaccess.can_unshare_group_with_user( bikers, alva)) admin.uaccess.unshare_group_with_user(bikers, alva) self.assertTrue(bikers.gaccess.members.count(), 1) self.assertEqual(alva.uaccess.owned_groups.count(), 0)