def test_update_workflow_acl_people(self): """Test PUT workflow with updated ACL.""" data = self.get_workflow_dict() init_map = { self.wf_admin_id: WF_ROLES['Admin'], self.people_ids[0]: WF_ROLES['Workflow Member'], } data['workflow']['access_control_list'] = acl_helper.get_acl_list( init_map) response = self.api.post(all_models.Workflow, data) self.assertEqual(response.status_code, 201) exp_res = { self.people_ids[0]: WF_ROLES['Admin'], self.people_ids[1]: WF_ROLES['Admin'], self.people_ids[2]: WF_ROLES['Workflow Member'], self.people_ids[3]: WF_ROLES['Workflow Member'], self.people_ids[4]: WF_ROLES['Workflow Member'] } workflow = all_models.Workflow.eager_query().one() put_params = {'access_control_list': acl_helper.get_acl_list(exp_res)} response = self.api.put(workflow, put_params) self.assert200(response) workflow = all_models.Workflow.eager_query().one() act_res = { person.id: acl.ac_role_id for person, acl in workflow.access_control_list } self.assertDictEqual(exp_res, act_res)
def test_update_workflow_acl_people(self): """Test PUT workflow with updated ACL.""" data = self.get_workflow_dict() init_map = { self.wf_admin_id: WF_ROLES['Admin'], self.people_ids[0]: WF_ROLES['Workflow Member'], } data['workflow']['access_control_list'] = acl_helper.get_acl_list(init_map) response = self.api.post(all_models.Workflow, data) self.assertEqual(response.status_code, 201) exp_res = { self.people_ids[0]: WF_ROLES['Admin'], self.people_ids[1]: WF_ROLES['Admin'], self.people_ids[2]: WF_ROLES['Workflow Member'], self.people_ids[3]: WF_ROLES['Workflow Member'], self.people_ids[4]: WF_ROLES['Workflow Member'] } workflow = all_models.Workflow.eager_query().one() put_params = {'access_control_list': acl_helper.get_acl_list(exp_res)} response = self.api.put(workflow, put_params) self.assert200(response) workflow = all_models.Workflow.eager_query().one() act_res = {acl.person_id: acl.ac_role_id for acl in workflow.access_control_list} self.assertDictEqual(exp_res, act_res)
def test_tg_assignee(self, role_name): """Test TaskGroup assignee already has {0} role.""" data = self.get_workflow_dict() init_acl = { self.people_ids[0]: WF_ROLES['Admin'], self.people_ids[1]: WF_ROLES[role_name], } data['workflow']['access_control_list'] = acl_helper.get_acl_list(init_acl) response = self.api.post(all_models.Workflow, data) self.assertEqual(response.status_code, 201) data = self.get_task_group_dict(response.json["workflow"]) data["task_group"]["contact"]["id"] = self.people_ids[1] data["task_group"]["contact"]["href"] = "/api/people/{}".format( self.people_ids[1]) response = self.api.post(all_models.TaskGroup, data) self.assertEqual(response.status_code, 201) workflow = all_models.Workflow.query.one() task_group = all_models.TaskGroup.query.one() actual_acl = all_models.AccessControlList.eager_query().filter( all_models.AccessControlList.person_id == task_group.contact_id, ).all() self.assertEqual(len(actual_acl), 2) expected = { role_name: (workflow.type, workflow.id), "{} Mapped".format(role_name): (task_group.type, task_group.id) } actual = { acl.ac_role.name: (acl.object_type, acl.object_id) for acl in actual_acl } self.assertDictEqual(expected, actual)
def _create_propagation_acl_test_data(self): # noqa pylint: disable=invalid-name """Create objects for Workflow ACL propagation test.""" with freezegun.freeze_time("2017-08-9"): with factories.single_commit(): workflow = wf_factories.WorkflowFactory( title='wf1', unit=all_models.Workflow.WEEK_UNIT, is_verification_needed=True, repeat_every=1) wf_factories.TaskGroupTaskFactory( title='tgt1', task_group=wf_factories.TaskGroupFactory( title='tg1', context=factories.ContextFactory(), workflow=workflow ), # One cycle should be created start_date=datetime.date(2017, 8, 3), end_date=datetime.date(2017, 8, 7) ) self.generator.activate_workflow(workflow) workflow = all_models.Workflow.query.one() acl_map = { self.people_ids[0]: WF_ROLES['Admin'], self.people_ids[1]: WF_ROLES['Workflow Member'], self.people_ids[2]: WF_ROLES['Workflow Member'], } put_params = {'access_control_list': acl_helper.get_acl_list(acl_map)} response = self.api.put(workflow, put_params) self.assert200(response)
def test_task_group_assignee_gets_workflow_member(self): # noqa pylint: disable=invalid-name """Test TaskGroup assignee gets WorkflowMember role.""" data = self.get_workflow_dict() init_acl = { self.people_ids[0]: WF_ROLES['Admin'], self.people_ids[1]: WF_ROLES['Workflow Member'], } data['workflow']['access_control_list'] = acl_helper.get_acl_list(init_acl) response = self.api.post(all_models.Workflow, data) self.assertEqual(response.status_code, 201) data = self.get_task_group_dict(response.json["workflow"]) data["task_group"]["contact"]["id"] = self.people_ids[2] data["task_group"]["contact"]["href"] = "/api/people/{}".format( self.people_ids[2]) response = self.api.post(all_models.TaskGroup, data) self.assertEqual(response.status_code, 201) workflow = all_models.Workflow.query.one() wf_members = [ acp.person.id for acp in workflow.acr_name_acl_map["Workflow Member"].access_control_people ] self.assertIn(self.people_ids[2], wf_members)
def test_tg_assignee(self, role_name): """Test TaskGroup assignee already has {0} role.""" data = self.get_workflow_dict() init_acl = { self.people_ids[0]: WF_ROLES['Admin'], self.people_ids[1]: WF_ROLES[role_name], } data['workflow']['access_control_list'] = acl_helper.get_acl_list(init_acl) response = self.api.post(all_models.Workflow, data) self.assertEqual(response.status_code, 201) data = self.get_task_group_dict(response.json["workflow"]) data["task_group"]["contact"]["id"] = self.people_ids[1] data["task_group"]["contact"]["href"] = "/api/people/{}".format( self.people_ids[1]) response = self.api.post(all_models.TaskGroup, data) self.assertEqual(response.status_code, 201) workflow = all_models.Workflow.query.one() task_group = all_models.TaskGroup.query.one() ac_people = all_models.AccessControlPerson.query.filter( all_models.AccessControlPerson.person_id == task_group.contact_id, ).all() self.assertEqual(len(ac_people), 1) actual = { (acp.ac_list.object_type, acp.ac_list.object_id) for acp in ac_people } self.assertIn((workflow.type, workflow.id), actual) self.assertNotIn((task_group.type, task_group.id), actual)
def test_task_group_assignee_gets_workflow_member(self): # noqa pylint: disable=invalid-name """Test TaskGroup assignee gets WorkflowMember role.""" data = self.get_workflow_dict() init_acl = { self.people_ids[0]: WF_ROLES['Admin'], self.people_ids[1]: WF_ROLES['Workflow Member'], } data['workflow']['access_control_list'] = acl_helper.get_acl_list(init_acl) response = self.api.post(all_models.Workflow, data) self.assertEqual(response.status_code, 201) data = self.get_task_group_dict(response.json["workflow"]) data["task_group"]["contact"]["id"] = self.people_ids[2] data["task_group"]["contact"]["href"] = "/api/people/{}".format( self.people_ids[2]) response = self.api.post(all_models.TaskGroup, data) self.assertEqual(response.status_code, 201) workflow = all_models.Workflow.query.one() task_group = all_models.TaskGroup.query.one() parent_acl = all_models.AccessControlList.eager_query().filter( all_models.AccessControlList.person_id == task_group.contact_id, all_models.AccessControlList.object_type == workflow.type, all_models.AccessControlList.object_id == workflow.id ).one() tg_acl = all_models.AccessControlList.eager_query().filter( all_models.AccessControlList.person_id == task_group.contact_id, all_models.AccessControlList.object_type == task_group.type, all_models.AccessControlList.object_id == task_group.id ).one() self.assertEqual(parent_acl.ac_role.name, "Workflow Member") self.assertEqual(tg_acl.parent_id, parent_acl.id) self.assertEqual(tg_acl.ac_role.name, "Workflow Member Mapped")
def create_asmt_with_issue_tracker(self, role_name_to_people, issue_tracker=None): """Create Assessment with issue_tracker parameters and ACL.""" access_control_list = acl_helper.get_acl_list({ person.id: self.roles[role_name].id for role_name, people in role_name_to_people.iteritems() for person in people }) issue_tracker_with_defaults = { 'enabled': True, 'component_id': hash('Default Component id'), 'hotlist_id': hash('Default Hotlist id'), 'issue_type': 'Default Issue type', 'issue_priority': 'Default Issue priority', 'issue_severity': 'Default Issue severity', } issue_tracker_with_defaults.update(issue_tracker or {}) _, asmt = self.generator.generate_object( all_models.Assessment, data={ 'audit': {'id': self.audit.id, 'type': self.audit.type}, 'issue_tracker': issue_tracker_with_defaults, 'access_control_list': access_control_list, } ) return asmt
def test_task_group_assignee_gets_workflow_member(self): # noqa pylint: disable=invalid-name """Test TaskGroup assignee gets WorkflowMember role.""" data = self.get_workflow_dict() init_acl = { self.people_ids[0]: WF_ROLES['Admin'], self.people_ids[1]: WF_ROLES['Workflow Member'], } data['workflow']['access_control_list'] = acl_helper.get_acl_list( init_acl) response = self.api.post(all_models.Workflow, data) self.assertEqual(response.status_code, 201) data = self.get_task_group_dict(response.json["workflow"]) data["task_group"]["contact"]["id"] = self.people_ids[2] data["task_group"]["contact"]["href"] = "/api/people/{}".format( self.people_ids[2]) response = self.api.post(all_models.TaskGroup, data) self.assertEqual(response.status_code, 201) workflow = all_models.Workflow.query.one() wf_members = [ acp.person.id for acp in workflow.acr_name_acl_map["Workflow Member"].access_control_people ] self.assertIn(self.people_ids[2], wf_members)
def create_asmt_with_issue_tracker(self, role_name_to_people, issue_tracker=None): """Create Assessment with issue_tracker parameters and ACL.""" access_control_list = acl_helper.get_acl_list({ person.id: self.roles[role_name].id for role_name, people in role_name_to_people.iteritems() for person in people }) issue_tracker_with_defaults = { "enabled": True, "component_id": hash("Default Component id"), "hotlist_id": hash("Default Hotlist id"), "issue_type": "Default Issue type", "issue_priority": "Default Issue priority", "issue_severity": "Default Issue severity", } issue_tracker_with_defaults.update(issue_tracker or {}) _, asmt = self.generator.generate_object( all_models.Assessment, data={ "audit": { "id": self.audit.id, "type": self.audit.type }, "issue_tracker": issue_tracker_with_defaults, "access_control_list": access_control_list, }) return asmt
def _create_propagation_acl_test_data(self): # noqa pylint: disable=invalid-name """Create objects for Workflow ACL propagation test.""" with freezegun.freeze_time("2017-08-9"): with factories.single_commit(): workflow = wf_factories.WorkflowFactory( title='wf1', unit=all_models.Workflow.WEEK_UNIT, is_verification_needed=True, repeat_every=1) wf_factories.TaskGroupTaskFactory( title='tgt1', task_group=wf_factories.TaskGroupFactory( title='tg1', context=factories.ContextFactory(), workflow=workflow), # One cycle should be created start_date=datetime.date(2017, 8, 3), end_date=datetime.date(2017, 8, 7)) self.generator.activate_workflow(workflow) workflow = all_models.Workflow.query.one() acl_map = { self.people_ids[0]: WF_ROLES['Admin'], self.people_ids[1]: WF_ROLES['Workflow Member'], self.people_ids[2]: WF_ROLES['Workflow Member'], } put_params = { 'access_control_list': acl_helper.get_acl_list(acl_map) } response = self.api.put(workflow, put_params) self.assert200(response)
def create_asmt_with_issue_tracker(self, role_name_to_people, issue_tracker=None): """Create Assessment with issue_tracker parameters and ACL.""" access_control_list = acl_helper.get_acl_list({ person.id: self.roles[role_name].id for role_name, people in role_name_to_people.iteritems() for person in people }) issue_tracker_with_defaults = { 'enabled': True, 'component_id': hash('Default Component id'), 'hotlist_id': hash('Default Hotlist id'), 'issue_type': 'Default Issue type', 'issue_priority': 'Default Issue priority', 'issue_severity': 'Default Issue severity', } issue_tracker_with_defaults.update(issue_tracker or {}) _, asmt = self.generator.generate_object( all_models.Assessment, data={ 'audit': { 'id': self.audit.id, 'type': self.audit.type }, 'issue_tracker': issue_tracker_with_defaults, 'access_control_list': access_control_list, }) return asmt
def test_tg_assignee(self, role_name): """Test TaskGroup assignee already has {0} role.""" data = self.get_workflow_dict() init_acl = { self.people_ids[0]: WF_ROLES['Admin'], self.people_ids[1]: WF_ROLES[role_name], } data['workflow']['access_control_list'] = acl_helper.get_acl_list( init_acl) response = self.api.post(all_models.Workflow, data) self.assertEqual(response.status_code, 201) data = self.get_task_group_dict(response.json["workflow"]) data["task_group"]["contact"]["id"] = self.people_ids[1] data["task_group"]["contact"]["href"] = "/api/people/{}".format( self.people_ids[1]) response = self.api.post(all_models.TaskGroup, data) self.assertEqual(response.status_code, 201) workflow = all_models.Workflow.query.one() task_group = all_models.TaskGroup.query.one() ac_people = all_models.AccessControlPerson.query.filter( all_models.AccessControlPerson.person_id == task_group.contact_id, ).all() self.assertEqual(len(ac_people), 1) actual = {(acp.ac_list.object_type, acp.ac_list.object_id) for acp in ac_people} self.assertIn((workflow.type, workflow.id), actual) self.assertNotIn((task_group.type, task_group.id), actual)
def test_task_group_assignee_gets_workflow_member(self): # noqa pylint: disable=invalid-name """Test TaskGroup assignee gets WorkflowMember role.""" data = self.get_workflow_dict() init_acl = { self.people_ids[0]: WF_ROLES['Admin'], self.people_ids[1]: WF_ROLES['Workflow Member'], } data['workflow']['access_control_list'] = acl_helper.get_acl_list( init_acl) response = self.api.post(all_models.Workflow, data) self.assertEqual(response.status_code, 201) data = self.get_task_group_dict(response.json["workflow"]) data["task_group"]["contact"]["id"] = self.people_ids[2] data["task_group"]["contact"]["href"] = "/api/people/{}".format( self.people_ids[2]) response = self.api.post(all_models.TaskGroup, data) self.assertEqual(response.status_code, 201) workflow = all_models.Workflow.query.one() task_group = all_models.TaskGroup.query.one() parent_acl = all_models.AccessControlList.eager_query().filter( all_models.AccessControlList.person_id == task_group.contact_id, all_models.AccessControlList.object_type == workflow.type, all_models.AccessControlList.object_id == workflow.id).one() tg_acl = all_models.AccessControlList.eager_query().filter( all_models.AccessControlList.person_id == task_group.contact_id, all_models.AccessControlList.object_type == task_group.type, all_models.AccessControlList.object_id == task_group.id).one() self.assertEqual(parent_acl.ac_role.name, "Workflow Member") self.assertEqual(tg_acl.parent_id, parent_acl.id) self.assertEqual(tg_acl.ac_role.name, "Workflow Member Mapped")
def test_unassign_workflow_acl(self): """Test propagation Workflow ACL roles on person unassigned.""" self._create_propagation_acl_test_data() with freezegun.freeze_time("2017-08-9"): workflow = all_models.Workflow.query.one() acl_map = { self.people_ids[0]: WF_ROLES['Admin'], self.people_ids[1]: WF_ROLES['Workflow Member'], } put_params = {'access_control_list': acl_helper.get_acl_list(acl_map)} response = self.api.put(workflow, put_params) self.assert200(response) self._check_propagated_acl(2)
def test_unassign_workflow_acl(self): """Test propagation Workflow ACL roles on person unassigned.""" self._create_propagation_acl_test_data() with freezegun.freeze_time("2017-08-9"): workflow = all_models.Workflow.query.one() acl_map = { self.people_ids[0]: WF_ROLES['Admin'], self.people_ids[1]: WF_ROLES['Workflow Member'], } put_params = {'access_control_list': acl_helper.get_acl_list(acl_map)} response = self.api.put(workflow, put_params) self.assert200(response) self._check_propagated_acl(2)
def test_post_workflow_with_acl(self): """Test PUT workflow with ACL.""" data = self.get_workflow_dict() exp_res = { self.wf_admin_id: WF_ROLES['Admin'], self.people_ids[0]: WF_ROLES['Admin'], self.people_ids[1]: WF_ROLES['Workflow Member'], self.people_ids[2]: WF_ROLES['Workflow Member'], self.people_ids[3]: WF_ROLES['Workflow Member'] } data['workflow']['access_control_list'] = acl_helper.get_acl_list(exp_res) response = self.api.post(all_models.Workflow, data) self.assertEqual(response.status_code, 201) workflow = all_models.Workflow.eager_query().one() act_res = {acl.person_id: acl.ac_role_id for acl in workflow.access_control_list} self.assertDictEqual(exp_res, act_res)
def test_post_workflow_with_acl(self): """Test PUT workflow with ACL.""" data = self.get_workflow_dict() exp_res = { self.wf_admin_id: WF_ROLES['Admin'], self.people_ids[0]: WF_ROLES['Admin'], self.people_ids[1]: WF_ROLES['Workflow Member'], self.people_ids[2]: WF_ROLES['Workflow Member'], self.people_ids[3]: WF_ROLES['Workflow Member'] } data['workflow']['access_control_list'] = acl_helper.get_acl_list(exp_res) response = self.api.post(all_models.Workflow, data) self.assertEqual(response.status_code, 201) workflow = all_models.Workflow.eager_query().one() act_res = {acl.person_id: acl.ac_role_id for acl in workflow.access_control_list} self.assertDictEqual(exp_res, act_res)
def test_acl_for_new_related_object(self): """Test Workflow ACL propagation for new related objects.""" data = self.get_workflow_dict() acl_map = { self.people_ids[0]: WF_ROLES['Admin'], self.people_ids[1]: WF_ROLES['Workflow Member'], } data["workflow"]["access_control_list"] = acl_helper.get_acl_list(acl_map) data["workflow"]["unit"] = "week" data["workflow"]["repeat_every"] = 1 response = self.api.post(all_models.Workflow, data) self.assertEqual(response.status_code, 201) data = self.get_task_group_dict(response.json["workflow"]) data["task_group"]["contact"]["id"] = self.people_ids[2] data["task_group"]["contact"]["href"] = "/api/people/{}".format( self.people_ids[2]) response = self.api.post(all_models.TaskGroup, data) self.assertEqual(response.status_code, 201) task_group = all_models.TaskGroup.eager_query().one() data = self.get_task_dict(task_group) data["task_group_task"]["start_date"] = "2018-01-04" data["task_group_task"]["end_date"] = "2018-01-05" response = self.api.post(all_models.TaskGroupTask, data) self.assertEqual(response.status_code, 201) workflow = all_models.Workflow.query.one() with freezegun.freeze_time("2018-01-05"): # Generate 1 cycle self.generator.activate_workflow(workflow) cycle_task = all_models.CycleTaskGroupObjectTask.query.one() with factories.single_commit(): comment = factories.CommentFactory() factories.RelationshipFactory( source=comment, destination=cycle_task ) self._check_propagated_acl(2, has_comment=True)
def test_acl_for_new_related_object(self): """Test Workflow ACL propagation for new related objects.""" data = self.get_workflow_dict() acl_map = { self.people_ids[0]: WF_ROLES['Admin'], self.people_ids[1]: WF_ROLES['Workflow Member'], } data["workflow"]["access_control_list"] = acl_helper.get_acl_list(acl_map) data["workflow"]["unit"] = "week" data["workflow"]["repeat_every"] = 1 response = self.api.post(all_models.Workflow, data) self.assertEqual(response.status_code, 201) data = self.get_task_group_dict(response.json["workflow"]) data["task_group"]["contact"]["id"] = self.people_ids[2] data["task_group"]["contact"]["href"] = "/api/people/{}".format( self.people_ids[2]) response = self.api.post(all_models.TaskGroup, data) self.assertEqual(response.status_code, 201) task_group = all_models.TaskGroup.eager_query().one() data = self.get_task_dict(task_group) data["task_group_task"]["start_date"] = "2018-01-04" data["task_group_task"]["end_date"] = "2018-01-05" response = self.api.post(all_models.TaskGroupTask, data) self.assertEqual(response.status_code, 201) workflow = all_models.Workflow.query.one() with freezegun.freeze_time("2018-01-05"): # Generate 1 cycle self.generator.activate_workflow(workflow) cycle_task = all_models.CycleTaskGroupObjectTask.query.one() with factories.single_commit(): comment = factories.CommentFactory() factories.RelationshipFactory( source=comment, destination=cycle_task ) self._check_propagated_acl(2, has_comment=True)
def test_tg_assignee(self, role_name): """Test TaskGroup assignee already has {0} role.""" data = self.get_workflow_dict() init_acl = { self.people_ids[0]: WF_ROLES['Admin'], self.people_ids[1]: WF_ROLES[role_name], } data['workflow']['access_control_list'] = acl_helper.get_acl_list( init_acl) response = self.api.post(all_models.Workflow, data) self.assertEqual(response.status_code, 201) data = self.get_task_group_dict(response.json["workflow"]) data["task_group"]["contact"]["id"] = self.people_ids[1] data["task_group"]["contact"]["href"] = "/api/people/{}".format( self.people_ids[1]) response = self.api.post(all_models.TaskGroup, data) self.assertEqual(response.status_code, 201) workflow = all_models.Workflow.query.one() task_group = all_models.TaskGroup.query.one() actual_acl = all_models.AccessControlList.eager_query().filter( all_models.AccessControlList.person_id == task_group.contact_id, ).all() self.assertEqual(len(actual_acl), 2) expected = { role_name: (workflow.type, workflow.id), "{} Mapped".format(role_name): (task_group.type, task_group.id) } actual = { acl.ac_role.name: (acl.object_type, acl.object_id) for acl in actual_acl } self.assertDictEqual(expected, actual)