def test_add_evidence_file(self):
"""Test add evidence file action."""
assessment = factories.AssessmentFactory()
context = factories.ContextFactory(related_object=assessment)
assessment.context = context
response = self.api.put(
assessment, {
"actions": {
"add_related": [{
"id": None,
"type": "Evidence",
"link": "google.com",
"title": "google.com",
"kind": all_models.Evidence.FILE,
"source_gdrive_id": "source_gdrive_id",
}]
}
})
self.assert200(response)
relationship = _get_relationship("Assessment",
response.json["assessment"]["id"])
self.assertIsNotNone(relationship)
evidence = all_models.Evidence.query.get(relationship.destination_id)
self.assertEqual(evidence.link, "google.com")
self.assertEqual(evidence.kind, all_models.Evidence.FILE)
self.assertEqual(evidence.source_gdrive_id, "source_gdrive_id")
self.assertEqual(evidence.context_id, assessment.context_id)
def test_audit_clone_auditors(self):
"""Test that auditors get cloned correctly"""
auditor_role = Role.query.filter_by(name="Auditor").first()
audit = factories.AuditFactory()
audit_context = factories.ContextFactory()
audit.context = audit_context
users = [
"*****@*****.**",
"*****@*****.**",
"*****@*****.**"
]
auditors = []
for user in users:
person = factories.PersonFactory(email=user)
auditors += [person]
for auditor in auditors:
rbac_factories.UserRoleFactory(
context=audit_context,
role=auditor_role,
person=auditor)
self.assertEqual(
UserRole.query.filter_by(
role=auditor_role,
context=audit.context).count(), 3, "Auditors not present")
self.clone_object(audit)
audit_copy = db.session.query(models.Audit).filter(
models.Audit.title.like("%copy%")).first()
self.assertEqual(
UserRole.query.filter_by(
role=auditor_role,
context=audit_copy.context
).count(), 3, "Auditors not present on copy")
# Verify that contexts are different for original and copy audit
another_user_4 = factories.PersonFactory(email="*****@*****.**")
rbac_factories.UserRoleFactory(
context=audit_context,
role=auditor_role,
person=another_user_4)
self.assertEqual(
UserRole.query.filter_by(
role=auditor_role,
context=audit.context
).count(), 4, "Auditors not present")
self.assertEqual(
UserRole.query.filter_by(
role=auditor_role,
context=audit_copy.context
).count(), 3, "Auditors not present on copy")
def test_audit_clone_auditors(self):
"""Test that auditors get cloned correctly"""
auditor_role = AccessControlRole.query.filter_by(
name="Auditors").first()
audit = factories.AuditFactory()
audit_context = factories.ContextFactory()
audit.context = audit_context
users = ["*****@*****.**", "*****@*****.**", "*****@*****.**"]
auditors = []
for user in users:
person = factories.PersonFactory(email=user)
auditors += [person]
for auditor in auditors:
factories.AccessControlListFactory(ac_role=auditor_role,
object=audit,
person=auditor)
self.assertEqual(
AccessControlList.query.filter_by(ac_role_id=auditor_role.id,
object_type="Audit",
object_id=audit.id).count(), 3,
"Auditors not present")
self.clone_audit(audit)
audit_copy = db.session.query(models.Audit).filter(
models.Audit.title.like("%copy%")).first()
self.assertEqual(
AccessControlList.query.filter_by(ac_role_id=auditor_role.id,
object_type="Audit",
object_id=audit_copy.id).count(),
3, "Auditors not present on copy")
# Verify that contexts are different for original and copy audit
another_user_4 = factories.PersonFactory(email="*****@*****.**")
factories.AccessControlListFactory(ac_role=auditor_role,
object=audit,
person=another_user_4)
self.assertEqual(
AccessControlList.query.filter_by(ac_role_id=auditor_role.id,
object_type="Audit",
object_id=audit.id).count(), 4,
"Auditors not present")
self.assertEqual(
AccessControlList.query.filter_by(ac_role_id=auditor_role.id,
object_type="Audit",
object_id=audit_copy.id).count(),
3, "Auditors not present on copy")
def test_autogenerated_assignees_base_on_audit(self, assessor_role,
verifier_role):
"""Test autogenerated assessment assignees base on audit setting
and empty tmpl."""
assessor = "*****@*****.**"
verifier = "*****@*****.**"
assessor_audit = "*****@*****.**"
verifier_audit = "*****@*****.**"
auditors = collections.defaultdict(list)
auditor_role = all_models.Role.query.filter_by(name="Auditor").first()
with factories.single_commit():
self.audit.context = factories.ContextFactory()
auditors[assessor_role].append(
factories.PersonFactory(email=assessor))
if verifier_role is not None:
auditors[verifier_role].append(
factories.PersonFactory(email=verifier))
default_people = {"assessors": assessor_role}
if verifier_role is not None:
default_people["verifiers"] = verifier_role
self.audit.contact = factories.PersonFactory(email=assessor_audit)
db.session.add(self.audit)
audit_context = factories.ContextFactory()
self.audit.context = audit_context
for email in [verifier_audit]:
rbac_factories.UserRoleFactory(
context=audit_context,
role=auditor_role,
person=factories.PersonFactory(email=email))
self.snapshot.revision.content = self.control.log_json()
db.session.add(self.snapshot.revision)
template = factories.AssessmentTemplateFactory(
test_plan_procedure=False,
procedure_description="Assessment Template Test Plan",
default_people=default_people)
response = self.assessment_post(template)
self.assert_assignees("Assessor", response, assessor_audit)
if verifier_role:
self.assert_assignees("Verifier", response, verifier_audit)
else:
self.assert_assignees("Verifier", response)
self.assert_assignees("Creator", response, "*****@*****.**")
def setUp(self):
super(TestFilterByAuditor, self).setUp()
self.api = Api()
self.generator = ObjectGenerator()
_, self.auditor = self.generator.generate_person(user_role="Creator")
with factories.single_commit():
self.audit = factories.AuditFactory(status="In Progress")
self.audit_id = self.audit.id
audit_context = factories.ContextFactory()
self.audit.context = audit_context
self.audit.add_person_with_role_name(self.auditor, "Auditors")
self.api.set_user(self.auditor)
def test_update_verification_flag_negative(self, db_value, import_value):
slug = 'SomeCode'
with freezegun.freeze_time("2017-08-10"):
with factories.single_commit():
workflow = wf_factories.WorkflowFactory(
slug=slug,
is_verification_needed=db_value,
repeat_every=1,
unit=Workflow.WEEK_UNIT)
wf_factories.TaskGroupTaskFactory(
task_group=wf_factories.TaskGroupFactory(
workflow=workflow, context=factories.ContextFactory()),
# Two cycles should be created
start_date=date(2017, 8, 3),
end_date=date(2017, 8, 7))
person = factories.PersonFactory(
email="{}@email.py".format(slug))
wf_id = workflow.id
person_email = person.email
self.generator.activate_workflow(workflow)
workflow = Workflow.query.filter(Workflow.id == wf_id).first()
self.assertEqual(workflow.status, workflow.ACTIVE)
resp = self.import_data(
collections.OrderedDict([
("object_type", "Workflow"),
("code", slug),
("title", "SomeTitle"),
("Need Verification", import_value),
("force real-time email updates", "no"),
("Admin", person_email),
]))
self.assertEqual(1, resp[0]['ignored'])
workflow = Workflow.query.filter(Workflow.id == wf_id).first()
self.assertEqual(workflow.is_verification_needed, db_value)
# End all current cycles
for cycle in workflow.cycles:
self.generator.modify_object(cycle, {'is_current': False})
workflow = Workflow.query.filter(Workflow.id == wf_id).first()
self.assertEqual(workflow.status, workflow.INACTIVE)
resp = self.import_data(
collections.OrderedDict([
("object_type", "Workflow"),
("code", slug),
("title", "SomeTitle"),
("Need Verification", import_value),
("force real-time email updates", "no"),
("Admin", person_email),
]))
self.assertEqual(1, resp[0]['ignored'])
workflow = Workflow.query.filter(Workflow.id == wf_id).first()
self.assertEqual(workflow.is_verification_needed, db_value)
def setUp(self):
"""Prepare data needed to run the tests"""
TestCase.clear_data()
self.api = Api()
self.client.get("/login")
self.archived_audit = factories.AuditFactory(archived=True)
self.archived_audit.context = factories.ContextFactory(
name="Audit context",
related_object=self.archived_audit,
)
self.audit = factories.AuditFactory()
self.assessment = factories.AssessmentFactory()
def test_autogenerated_assignees_base_on_role(self, assessor_role,
verifier_role):
"""Test autogenerated assessment assignees base on template settings."""
assessor = "*****@*****.**"
verifier = "*****@*****.**"
auditors = collections.defaultdict(list)
with factories.single_commit():
self.audit.context = factories.ContextFactory()
auditors[assessor_role].append(
factories.PersonFactory(email=assessor))
if verifier_role is not None:
auditors[verifier_role].append(
factories.PersonFactory(email=verifier))
for role, people in auditors.iteritems():
ac_role = all_models.AccessControlRole.query.filter_by(
name=role,
object_type=self.snapshot.child_type,
).first()
if not ac_role:
ac_role = factories.AccessControlRoleFactory(
name=role,
object_type=self.snapshot.child_type,
)
factories.AccessControlListFactory(
ac_role=ac_role,
object=self.control, # snapshot child
)
db.session.commit()
for user in people:
factories.AccessControlPersonFactory(
ac_list=self.control.acr_acl_map[ac_role],
person=user,
)
default_people = {"assignees": assessor_role}
if verifier_role is not None:
default_people["verifiers"] = verifier_role
template = factories.AssessmentTemplateFactory(
test_plan_procedure=False,
procedure_description="Assessment Template Test Plan",
default_people=default_people)
self.snapshot.revision.content = self.control.log_json()
db.session.add(self.snapshot.revision)
response = self.assessment_post(template)
if assessor_role == verifier_role:
self.assert_assignees("Verifiers", response, assessor, verifier)
self.assert_assignees("Assignees", response, assessor, verifier)
elif verifier_role is None:
self.assert_assignees("Verifiers", response)
self.assert_assignees("Assignees", response, assessor)
else:
self.assert_assignees("Verifiers", response, verifier)
self.assert_assignees("Assignees", response, assessor)
self.assert_assignees("Creators", response, "*****@*****.**")
def setUp(self):
super(TestFilterByAuditor, self).setUp()
self.api = Api()
self.generator = ObjectGenerator()
_, self.auditor = self.generator.generate_person(user_role="Creator")
auditor_role = all_models.Role.query.filter_by(name="Auditor").first()
with factories.single_commit():
self.audit = factories.AuditFactory(status="In Progress")
self.audit_id = self.audit.id
audit_context = factories.ContextFactory()
self.audit.context = audit_context
rbac_factories.UserRoleFactory(context=audit_context,
role=auditor_role,
person=self.auditor)
self.api.set_user(self.auditor)
def create_assessment(self, people=None):
"""Create default assessment with some default assignees in all roles.
Args:
people: List of tuples with email address and their assignee roles for
Assessments.
Returns:
Assessment object.
"""
assessment = factories.AssessmentFactory()
context = factories.ContextFactory(related_object=assessment)
assessment.context = context
if not people:
people = [
("*****@*****.**", "Creators"),
("*****@*****.**", "Assignees"),
("*****@*****.**", "Assignees"),
("*****@*****.**", "Verifiers"),
("*****@*****.**", "Verifiers"),
]
defined_assessors = len(
[1 for _, role in people if "Assignees" in role])
defined_creators = len([1 for _, role in people if "Creators" in role])
defined_verifiers = len(
[1 for _, role in people if "Verifiers" in role])
assignee_roles = self.create_assignees(assessment, people)
creators = [
assignee for assignee, roles in assignee_roles
if "Creators" in roles
]
assignees = [
assignee for assignee, roles in assignee_roles
if "Assignees" in roles
]
verifiers = [
assignee for assignee, roles in assignee_roles
if "Verifiers" in roles
]
self.assertEqual(len(creators), defined_creators)
self.assertEqual(len(assignees), defined_assessors)
self.assertEqual(len(verifiers), defined_verifiers)
return assessment
def _create_snapshot():
"""Create snapshot for test"""
audit = factories.AuditFactory()
assessment = factories.AssessmentFactory(audit=audit)
context = factories.ContextFactory(related_object=assessment)
assessment.context = context
factories.RelationshipFactory(source=audit, destination=assessment)
control = factories.ControlFactory(description='control-9')
revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == control.id,
all_models.Revision.resource_type ==
control.__class__.__name__).order_by(
all_models.Revision.id.desc()).first()
snapshot = factories.SnapshotFactory(parent=audit,
child_id=control.id,
child_type=control.__class__.__name__,
revision_id=revision.id)
return assessment, snapshot
def test_add_comment(self):
"""Test add comment action."""
generator = ObjectGenerator()
_, reader = generator.generate_person(user_role="Administrator")
self.api.set_user(reader)
assessment = factories.AssessmentFactory()
context = factories.ContextFactory(related_object=assessment)
assessment.context = context
acrs = all_models.AccessControlRole.query.filter(
all_models.AccessControlRole.object_type == "Assessment",
all_models.AccessControlRole.name.in_(["Assignees", "Creators"]),
)
for acr in acrs:
factories.AccessControlListFactory(ac_role=acr,
object=assessment,
person=reader)
response = self.api.put(
assessment, {
"actions": {
"add_related": [{
"id": None,
"type": "Comment",
"description": "comment",
"custom_attribute_definition_id": None,
}]
}
})
self.assert200(response)
# last relationship id (newly created relationship)
rel_id = max(
i["id"]
for i in response.json["assessment"]["related_destinations"])
relationship = all_models.Relationship.query.get(rel_id)
self.assertIsNotNone(relationship)
comment = all_models.Comment.query.get(relationship.destination_id)
self.assertEqual(comment.description, "comment")
self.assertEqual(comment.assignee_type, "Assignees,Creators")
self.assertEqual(comment.context_id, assessment.context_id)
def test_change_verification_flag_positive(self, title, unit,
repeat_every):
with freezegun.freeze_time("2017-08-10"):
with glob_factories.single_commit():
workflow = factories.WorkflowFactory(title=title,
unit=unit,
repeat_every=repeat_every)
factories.TaskGroupTaskFactory(
task_group=factories.TaskGroupFactory(
workflow=workflow,
context=glob_factories.ContextFactory()),
start_date=datetime.date(2017, 8, 3),
end_date=datetime.date(2017, 8, 7))
wf_id = workflow.id
workflow = all_models.Workflow.query.get(wf_id)
verif_default = all_models.Workflow.IS_VERIFICATION_NEEDED_DEFAULT
self.assertIs(workflow.is_verification_needed, verif_default)
self.generator.modify_object(
workflow, {'is_verification_needed': not verif_default})
workflow = all_models.Workflow.query.get(wf_id)
self.assertIs(workflow.is_verification_needed, not verif_default)
def test_delete_assessment_by_role(self, role_name):
"""Delete assessment not allowed for based on Assignee Type."""
with factories.single_commit():
assessment = factories.AssessmentFactory()
context = factories.ContextFactory(related_object=assessment)
assessment.context = context
person = factories.PersonFactory()
factories.AccessControlPersonFactory(
ac_list=assessment.acr_name_acl_map[role_name],
person=person,
)
assessment_id = assessment.id
role = all_models.Role.query.filter(
all_models.Role.name == "Creator").first()
self.generator.generate_user_role(person, role, context)
self.api.set_user(person)
assessment = all_models.Assessment.query.get(assessment_id)
resp = self.api.delete(assessment)
self.assert403(resp)
self.assertTrue(
all_models.Assessment.query.filter(
all_models.Assessment.id == assessment_id).one())
def test_add_comment(self):
"""Test add comment action."""
generator = ObjectGenerator()
_, reader = generator.generate_person(user_role="Reader")
self.api.set_user(reader)
assessment = factories.AssessmentFactory()
context = factories.ContextFactory(related_object=assessment)
assessment.context = context
object_person_rel = factories.RelationshipFactory(source=assessment,
destination=reader)
factories.RelationshipAttrFactory(relationship_id=object_person_rel.id,
attr_name="AssigneeType",
attr_value="Creator,Assessor")
response = self.api.put(
assessment, {
"actions": {
"add_related": [{
"id": None,
"type": "Comment",
"description": "comment",
"custom_attribute_definition_id": None,
}]
}
})
self.assert200(response)
# last relationship id (newly created relationship)
rel_id = max(
i["id"]
for i in response.json["assessment"]["related_destinations"])
relationship = all_models.Relationship.query.get(rel_id)
self.assertIsNotNone(relationship)
comment = all_models.Comment.query.get(relationship.destination_id)
self.assertEqual(comment.description, "comment")
self.assertEqual(comment.assignee_type, "Creator,Assessor")
self.assertEqual(comment.context_id, assessment.context_id)
def test_autogenerated_assignees_verifiers_with_model(self):
"""Test autogenerated assessment assignees based on template settings."""
assessor = "*****@*****.**"
verifier = "*****@*****.**"
with factories.single_commit():
self.audit.context = factories.ContextFactory()
auditors = {
u: factories.PersonFactory(email=u).id
for u in [assessor, verifier]
}
template = factories.AssessmentTemplateFactory(
test_plan_procedure=False,
procedure_description="Assessment Template Test Plan",
default_people={
"assessors": [auditors[assessor]],
"verifiers": [auditors[verifier]],
},
)
response = self.assessment_post(template)
self.assert_assignees("Verifier", response, verifier)
self.assert_assignees("Assessor", response, assessor)
self.assert_assignees("Creator", response, "*****@*****.**")
def test_add_url(self):
"""Test add url action."""
assessment = factories.AssessmentFactory()
context = factories.ContextFactory(related_object=assessment)
assessment.context = context
response = self.api.put(assessment, {"actions": {"add_related": [
{
"id": None,
"type": "Document",
"link": "google.com",
"title": "google.com",
"document_type": all_models.Document.URL,
}
]}})
self.assert200(response)
relationship = _get_relationship(
"Assessment", response.json["assessment"]["id"])
self.assertIsNotNone(relationship)
document = all_models.Document.query.get(relationship.destination_id)
self.assertEqual(document.link, "google.com")
self.assertEqual(document.document_type, all_models.Document.URL)
self.assertEqual(document.context_id, assessment.context_id)
def test_autogenerated_assignees_verifiers(self):
"""Test autogenerated assessment assignees"""
auditor_role = all_models.Role.query.filter_by(name="Auditor").first()
audit_context = factories.ContextFactory()
self.audit.context = audit_context
users = ["*****@*****.**", "*****@*****.**"]
auditors = []
for user in users:
person = factories.PersonFactory(email=user)
auditors += [person]
for auditor in auditors:
rbac_factories.UserRoleFactory(context=audit_context,
role=auditor_role,
person=auditor)
self.assertEqual(
all_models.UserRole.query.filter_by(
role=auditor_role, context=self.audit.context).count(), 2,
"Auditors not present")
response = self.assessment_post()
verifiers = response.json["assessment"]["assignees"]["Verifier"]
verifiers = set([v.get("email") for v in verifiers])
self.assertEqual(verifiers, set(users))
assessors = response.json["assessment"]["assignees"]["Assessor"]
assessor = assessors[0].get("email")
db.session.add(self.audit)
self.assertEqual(assessor, self.audit.contact.email)
creators = response.json["assessment"]["assignees"]["Creator"]
creators = set([c.get("email") for c in creators])
self.assertEqual(set(creators), {"*****@*****.**"})
def test_create_ctg_wf_admin(self, admin_role):
"""Check creation cycle task group by workflow admin"""
admin = self.create_user_with_role(admin_role)
exp_count = 1
with factories.single_commit():
workflow = wf_factories.WorkflowFactory()
workflow.add_person_with_role_name(admin, 'Admin')
task_group = wf_factories.TaskGroupFactory(
title='TestTG',
context=factories.ContextFactory(),
workflow=workflow
)
wf_factories.TaskGroupTaskFactory(
title='TestTGT',
task_group=task_group,
start_date=datetime.date(2017, 8, 3),
end_date=datetime.date(2017, 8, 7)
)
cycle = wf_factories.CycleFactory(workflow=workflow)
self.generator.activate_workflow(workflow)
self.api.set_user(admin)
response = self.api.post(all_models.CycleTaskGroup, {
"cycle_task_group": {
"cycle": {
"id": cycle.id,
},
"contact": {
"id": admin.id,
},
"title": 'title1',
},
})
self.assert201(response)
count = len(all_models.CycleTaskGroup.query.all())
self.assertEquals(count, exp_count)
def _create_propagation_acl_test_data(self): # noqa pylint: disable=invalid-name
"""Create objects for Workflow ACL propagation test."""
with freezegun.freeze_time("2017-08-9"):
with factories.single_commit():
workflow = wf_factories.WorkflowFactory(
title='wf1',
unit=all_models.Workflow.WEEK_UNIT,
is_verification_needed=True,
repeat_every=1)
wf_factories.TaskGroupTaskFactory(
title='tgt1',
task_group=wf_factories.TaskGroupFactory(
title='tg1',
context=factories.ContextFactory(),
workflow=workflow),
# One cycle should be created
start_date=datetime.date(2017, 8, 3),
end_date=datetime.date(2017, 8, 7))
self.generator.activate_workflow(workflow)
cycle = all_models.Cycle.query.one()
cycle_task = all_models.CycleTaskGroupObjectTask.query.one()
wf_factories.CycleTaskEntryFactory(
cycle=cycle,
cycle_task_group_object_task=cycle_task,
description="Cycle task comment",
)
workflow = all_models.Workflow.query.one()
acl_map = {
self.people_ids[0]: WF_ROLES['Admin'],
self.people_ids[1]: WF_ROLES['Workflow Member'],
self.people_ids[2]: WF_ROLES['Workflow Member'],
}
put_params = {
'access_control_list': acl_helper.get_acl_list(acl_map)
}
response = self.api.put(workflow, put_params)
self.assert200(response)
def test_verification_flag_negative(self, flag):
"""Test immutable verification flag on active workflows."""
with freezegun.freeze_time("2017-08-10"):
with factories.single_commit():
workflow = wf_factories.WorkflowFactory(
unit=all_models.Workflow.WEEK_UNIT,
is_verification_needed=flag,
repeat_every=1)
wf_factories.TaskGroupTaskFactory(
task_group=wf_factories.TaskGroupFactory(
context=factories.ContextFactory(),
workflow=workflow
),
# Two cycles should be created
start_date=datetime.date(2017, 8, 3),
end_date=datetime.date(2017, 8, 7))
workflow_id = workflow.id
self.assertEqual(workflow.status, all_models.Workflow.DRAFT)
self.generator.activate_workflow(workflow)
workflow = all_models.Workflow.query.get(workflow_id)
self.assertEqual(workflow.status, all_models.Workflow.ACTIVE)
resp = self.api.put(workflow, {"is_verification_needed": not flag})
self.assert400(resp)
workflow = all_models.Workflow.query.get(workflow_id)
self.assertEqual(workflow.is_verification_needed, flag)
# End all current cycles
for cycle in workflow.cycles:
self.generator.modify_object(cycle, {'is_current': False})
workflow = all_models.Workflow.query.filter(
all_models.Workflow.id == workflow_id).first()
self.assertEqual(workflow.status, all_models.Workflow.INACTIVE)
resp = self.api.put(workflow, {"is_verification_needed": not flag})
self.assert400(resp)
workflow = all_models.Workflow.query.get(workflow_id)
self.assertEqual(workflow.is_verification_needed, flag)
def test_create_ctg_wf_member(self, member_role, response_code, exp_count):
"""Check creation cycle task group by workflow member"""
member = self.create_user_with_role(member_role)
with factories.single_commit():
workflow = wf_factories.WorkflowFactory()
workflow.add_person_with_role_name(member, 'Workflow Member')
task_group = wf_factories.TaskGroupFactory(
title='TestTG',
context=factories.ContextFactory(),
workflow=workflow
)
wf_factories.TaskGroupTaskFactory(
title='TestTGT',
task_group=task_group,
start_date=datetime.date(2017, 8, 3),
end_date=datetime.date(2017, 8, 7)
)
cycle = wf_factories.CycleFactory(workflow=workflow)
self.generator.activate_workflow(workflow)
self.api.set_user(member)
response = self.api.post(all_models.CycleTaskGroup, {
"cycle_task_group": {
"cycle": {
"id": cycle.id,
},
"contact": {
"id": member.id,
},
"title": 'title1',
},
})
self.assertEquals(response.status_code, response_code)
count = len(all_models.CycleTaskGroup.query.all())
self.assertEquals(count, exp_count)