def test_full_access_control_list(self):
"""Test if access_control_list property filters out propagated roles
Before sending the access_control_list to the frontend, propagated roles
need to be filtered out to help prevent performance issues"""
with factories.single_commit():
# Create an object with one external and one propagated role
obj = factories.ControlFactory()
acl = factories.AccessControlList(object=obj,
ac_role=self.role,
person=self.person)
factories.AccessControlList(object=obj,
ac_role=self.role,
person=self.person,
parent=acl)
# full_access_control_list should have all rows:
self.assertEqual(len(obj.full_access_control_list), 2,
"full_access_control_list doesn't include all roles")
# access_control_list should only have non propagated ones
self.assertEqual(len(obj.access_control_list), 1,
"access_control_list doesn't include all the roles")
obj_id, acl_id = obj.id, acl.id
api = api_helper.Api()
response = api.get(all_models.Control, obj_id)
acl = response.json["control"]["access_control_list"]
# Check if the response filtered out the propagated access_control_role
self.assertEqual(len(acl), 1,
"acl didn't filter out propagated roles correctly")
self.assertEqual(acl[0]["id"], acl_id,
"acl didn't filter out propagated roles correctly")
def test_index_deleted_acr(self):
"""Test index by removed ACR."""
role_name = "Test name"
with factories.single_commit():
acr = factories.AccessControlRoleFactory(name=role_name,
object_type="Control")
person = factories.PersonFactory(email="*****@*****.**",
name='test')
control = factories.ControlFactory()
factories.AccessControlList(ac_role=acr,
person=person,
object=control)
revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == control.id,
all_models.Revision.resource_type == control.type,
).one()
revision.content = control.log_json()
db.session.add(revision)
with factories.single_commit():
snapshot = factories.SnapshotFactory(child_id=control.id,
child_type=control.type,
revision=revision)
db.session.expire_all()
db.session.delete(acr)
db.session.commit()
do_reindex()
all_found_records = dict(
Record.query.filter(Record.key == snapshot.id,
Record.type == snapshot.type,
Record.property == role_name.lower()).values(
"subproperty", "content"))
self.assertFalse(all_found_records)
def test_index_by_acr(self):
"""Test index by ACR."""
role_name = "Test name"
with factories.single_commit():
acr = factories.AccessControlRoleFactory(name=role_name,
object_type="Control")
person = factories.PersonFactory(email="*****@*****.**",
name='test')
control = factories.ControlFactory()
factories.AccessControlList(ac_role=acr,
person=person,
object=control)
revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == control.id,
all_models.Revision.resource_type == control.type,
).one()
revision.content = control.log_json()
db.session.add(revision)
with factories.single_commit():
snapshot = factories.SnapshotFactory(child_id=control.id,
child_type=control.type,
revision=revision)
db.session.expire_all()
do_reindex()
self.assert_indexed_fields(
snapshot, role_name, {
"{}-email".format(person.id): person.email,
"{}-name".format(person.id): person.name,
"{}-user_name".format(person.id): person.user_name,
"__sort__": person.user_name,
})
def setUp(self):
super(TestLastAssessmentDate, self).setUp()
self.api = Api()
self.generator = generator.ObjectGenerator()
self.client.get("/login")
person = models.Person.query.first()
admin_control = models.AccessControlRole.query.filter_by(
name="Admin", object_type="Control").first()
admin_objective = models.AccessControlRole.query.filter_by(
name="Admin", object_type="Objective").first()
with factories.single_commit():
controls = [
factories.ControlFactory(slug="Control_{}".format(i),
title="Control_{}".format(i))
for i in range(5)
]
objectives = [
factories.ObjectiveFactory(slug="Objective_{}".format(i),
title="Objective_{}".format(i))
for i in range(2)
]
for obj in itertools.chain(controls, objectives):
acr = admin_control if obj.type == "Control" else admin_objective
factories.AccessControlList(object=obj,
person=person,
ac_role=acr)
audit_0 = factories.AuditFactory(title="Audit_0")
audit_1 = factories.AuditFactory(title="Audit_1")
audit_0_snapshots = self._create_snapshots(
audit_0, controls[:2] + objectives[:1])
audit_1_snapshots = self._create_snapshots(
audit_1, controls[1:4] + objectives)
assessment_0 = factories.AssessmentFactory(title="Assessment_0",
audit=audit_0)
assessment_1 = factories.AssessmentFactory(title="Assessment_1",
audit=audit_1)
factories.RelationshipFactory(source=assessment_0,
destination=audit_0)
factories.RelationshipFactory(source=audit_1,
destination=assessment_1)
# Audit 0 assessment mappings:
factories.RelationshipFactory(
source=assessment_0,
destination=audit_0_snapshots[1], # snapshot of control_1
)
factories.RelationshipFactory(
source=assessment_0,
destination=audit_0_snapshots[2], # snapshot of objective_0
)
# Audit 1 assessment mappings:
factories.RelationshipFactory(
source=audit_1_snapshots[0], # snapshot of control_1
destination=assessment_1,
)
factories.RelationshipFactory(
source=assessment_1,
destination=audit_1_snapshots[1], # snapshot of control_2
)
factories.RelationshipFactory(
source=assessment_1,
destination=audit_1_snapshots[3], # snapshot of objective_0
)
factories.RelationshipFactory(
source=audit_1_snapshots[4], # snapshot of objective_1
destination=assessment_1,
)