def test_add_evidence_file(self): """Test add evidence file action.""" assessment = factories.AssessmentFactory() context = factories.ContextFactory(related_object=assessment) assessment.context = context response = self.api.put( assessment, { "actions": { "add_related": [{ "id": None, "type": "Evidence", "link": "google.com", "title": "google.com", "kind": all_models.Evidence.FILE, "source_gdrive_id": "source_gdrive_id", }] } }) self.assert200(response) relationship = _get_relationship("Assessment", response.json["assessment"]["id"]) self.assertIsNotNone(relationship) evidence = all_models.Evidence.query.get(relationship.destination_id) self.assertEqual(evidence.link, "google.com") self.assertEqual(evidence.kind, all_models.Evidence.FILE) self.assertEqual(evidence.source_gdrive_id, "source_gdrive_id") self.assertEqual(evidence.context_id, assessment.context_id)
def test_audit_clone_auditors(self): """Test that auditors get cloned correctly""" auditor_role = Role.query.filter_by(name="Auditor").first() audit = factories.AuditFactory() audit_context = factories.ContextFactory() audit.context = audit_context users = [ "*****@*****.**", "*****@*****.**", "*****@*****.**" ] auditors = [] for user in users: person = factories.PersonFactory(email=user) auditors += [person] for auditor in auditors: rbac_factories.UserRoleFactory( context=audit_context, role=auditor_role, person=auditor) self.assertEqual( UserRole.query.filter_by( role=auditor_role, context=audit.context).count(), 3, "Auditors not present") self.clone_object(audit) audit_copy = db.session.query(models.Audit).filter( models.Audit.title.like("%copy%")).first() self.assertEqual( UserRole.query.filter_by( role=auditor_role, context=audit_copy.context ).count(), 3, "Auditors not present on copy") # Verify that contexts are different for original and copy audit another_user_4 = factories.PersonFactory(email="*****@*****.**") rbac_factories.UserRoleFactory( context=audit_context, role=auditor_role, person=another_user_4) self.assertEqual( UserRole.query.filter_by( role=auditor_role, context=audit.context ).count(), 4, "Auditors not present") self.assertEqual( UserRole.query.filter_by( role=auditor_role, context=audit_copy.context ).count(), 3, "Auditors not present on copy")
def test_audit_clone_auditors(self): """Test that auditors get cloned correctly""" auditor_role = AccessControlRole.query.filter_by( name="Auditors").first() audit = factories.AuditFactory() audit_context = factories.ContextFactory() audit.context = audit_context users = ["*****@*****.**", "*****@*****.**", "*****@*****.**"] auditors = [] for user in users: person = factories.PersonFactory(email=user) auditors += [person] for auditor in auditors: factories.AccessControlListFactory(ac_role=auditor_role, object=audit, person=auditor) self.assertEqual( AccessControlList.query.filter_by(ac_role_id=auditor_role.id, object_type="Audit", object_id=audit.id).count(), 3, "Auditors not present") self.clone_audit(audit) audit_copy = db.session.query(models.Audit).filter( models.Audit.title.like("%copy%")).first() self.assertEqual( AccessControlList.query.filter_by(ac_role_id=auditor_role.id, object_type="Audit", object_id=audit_copy.id).count(), 3, "Auditors not present on copy") # Verify that contexts are different for original and copy audit another_user_4 = factories.PersonFactory(email="*****@*****.**") factories.AccessControlListFactory(ac_role=auditor_role, object=audit, person=another_user_4) self.assertEqual( AccessControlList.query.filter_by(ac_role_id=auditor_role.id, object_type="Audit", object_id=audit.id).count(), 4, "Auditors not present") self.assertEqual( AccessControlList.query.filter_by(ac_role_id=auditor_role.id, object_type="Audit", object_id=audit_copy.id).count(), 3, "Auditors not present on copy")
def test_autogenerated_assignees_base_on_audit(self, assessor_role, verifier_role): """Test autogenerated assessment assignees base on audit setting and empty tmpl.""" assessor = "*****@*****.**" verifier = "*****@*****.**" assessor_audit = "*****@*****.**" verifier_audit = "*****@*****.**" auditors = collections.defaultdict(list) auditor_role = all_models.Role.query.filter_by(name="Auditor").first() with factories.single_commit(): self.audit.context = factories.ContextFactory() auditors[assessor_role].append( factories.PersonFactory(email=assessor)) if verifier_role is not None: auditors[verifier_role].append( factories.PersonFactory(email=verifier)) default_people = {"assessors": assessor_role} if verifier_role is not None: default_people["verifiers"] = verifier_role self.audit.contact = factories.PersonFactory(email=assessor_audit) db.session.add(self.audit) audit_context = factories.ContextFactory() self.audit.context = audit_context for email in [verifier_audit]: rbac_factories.UserRoleFactory( context=audit_context, role=auditor_role, person=factories.PersonFactory(email=email)) self.snapshot.revision.content = self.control.log_json() db.session.add(self.snapshot.revision) template = factories.AssessmentTemplateFactory( test_plan_procedure=False, procedure_description="Assessment Template Test Plan", default_people=default_people) response = self.assessment_post(template) self.assert_assignees("Assessor", response, assessor_audit) if verifier_role: self.assert_assignees("Verifier", response, verifier_audit) else: self.assert_assignees("Verifier", response) self.assert_assignees("Creator", response, "*****@*****.**")
def setUp(self): super(TestFilterByAuditor, self).setUp() self.api = Api() self.generator = ObjectGenerator() _, self.auditor = self.generator.generate_person(user_role="Creator") with factories.single_commit(): self.audit = factories.AuditFactory(status="In Progress") self.audit_id = self.audit.id audit_context = factories.ContextFactory() self.audit.context = audit_context self.audit.add_person_with_role_name(self.auditor, "Auditors") self.api.set_user(self.auditor)
def test_update_verification_flag_negative(self, db_value, import_value): slug = 'SomeCode' with freezegun.freeze_time("2017-08-10"): with factories.single_commit(): workflow = wf_factories.WorkflowFactory( slug=slug, is_verification_needed=db_value, repeat_every=1, unit=Workflow.WEEK_UNIT) wf_factories.TaskGroupTaskFactory( task_group=wf_factories.TaskGroupFactory( workflow=workflow, context=factories.ContextFactory()), # Two cycles should be created start_date=date(2017, 8, 3), end_date=date(2017, 8, 7)) person = factories.PersonFactory( email="{}@email.py".format(slug)) wf_id = workflow.id person_email = person.email self.generator.activate_workflow(workflow) workflow = Workflow.query.filter(Workflow.id == wf_id).first() self.assertEqual(workflow.status, workflow.ACTIVE) resp = self.import_data( collections.OrderedDict([ ("object_type", "Workflow"), ("code", slug), ("title", "SomeTitle"), ("Need Verification", import_value), ("force real-time email updates", "no"), ("Admin", person_email), ])) self.assertEqual(1, resp[0]['ignored']) workflow = Workflow.query.filter(Workflow.id == wf_id).first() self.assertEqual(workflow.is_verification_needed, db_value) # End all current cycles for cycle in workflow.cycles: self.generator.modify_object(cycle, {'is_current': False}) workflow = Workflow.query.filter(Workflow.id == wf_id).first() self.assertEqual(workflow.status, workflow.INACTIVE) resp = self.import_data( collections.OrderedDict([ ("object_type", "Workflow"), ("code", slug), ("title", "SomeTitle"), ("Need Verification", import_value), ("force real-time email updates", "no"), ("Admin", person_email), ])) self.assertEqual(1, resp[0]['ignored']) workflow = Workflow.query.filter(Workflow.id == wf_id).first() self.assertEqual(workflow.is_verification_needed, db_value)
def setUp(self): """Prepare data needed to run the tests""" TestCase.clear_data() self.api = Api() self.client.get("/login") self.archived_audit = factories.AuditFactory(archived=True) self.archived_audit.context = factories.ContextFactory( name="Audit context", related_object=self.archived_audit, ) self.audit = factories.AuditFactory() self.assessment = factories.AssessmentFactory()
def test_autogenerated_assignees_base_on_role(self, assessor_role, verifier_role): """Test autogenerated assessment assignees base on template settings.""" assessor = "*****@*****.**" verifier = "*****@*****.**" auditors = collections.defaultdict(list) with factories.single_commit(): self.audit.context = factories.ContextFactory() auditors[assessor_role].append( factories.PersonFactory(email=assessor)) if verifier_role is not None: auditors[verifier_role].append( factories.PersonFactory(email=verifier)) for role, people in auditors.iteritems(): ac_role = all_models.AccessControlRole.query.filter_by( name=role, object_type=self.snapshot.child_type, ).first() if not ac_role: ac_role = factories.AccessControlRoleFactory( name=role, object_type=self.snapshot.child_type, ) factories.AccessControlListFactory( ac_role=ac_role, object=self.control, # snapshot child ) db.session.commit() for user in people: factories.AccessControlPersonFactory( ac_list=self.control.acr_acl_map[ac_role], person=user, ) default_people = {"assignees": assessor_role} if verifier_role is not None: default_people["verifiers"] = verifier_role template = factories.AssessmentTemplateFactory( test_plan_procedure=False, procedure_description="Assessment Template Test Plan", default_people=default_people) self.snapshot.revision.content = self.control.log_json() db.session.add(self.snapshot.revision) response = self.assessment_post(template) if assessor_role == verifier_role: self.assert_assignees("Verifiers", response, assessor, verifier) self.assert_assignees("Assignees", response, assessor, verifier) elif verifier_role is None: self.assert_assignees("Verifiers", response) self.assert_assignees("Assignees", response, assessor) else: self.assert_assignees("Verifiers", response, verifier) self.assert_assignees("Assignees", response, assessor) self.assert_assignees("Creators", response, "*****@*****.**")
def setUp(self): super(TestFilterByAuditor, self).setUp() self.api = Api() self.generator = ObjectGenerator() _, self.auditor = self.generator.generate_person(user_role="Creator") auditor_role = all_models.Role.query.filter_by(name="Auditor").first() with factories.single_commit(): self.audit = factories.AuditFactory(status="In Progress") self.audit_id = self.audit.id audit_context = factories.ContextFactory() self.audit.context = audit_context rbac_factories.UserRoleFactory(context=audit_context, role=auditor_role, person=self.auditor) self.api.set_user(self.auditor)
def create_assessment(self, people=None): """Create default assessment with some default assignees in all roles. Args: people: List of tuples with email address and their assignee roles for Assessments. Returns: Assessment object. """ assessment = factories.AssessmentFactory() context = factories.ContextFactory(related_object=assessment) assessment.context = context if not people: people = [ ("*****@*****.**", "Creators"), ("*****@*****.**", "Assignees"), ("*****@*****.**", "Assignees"), ("*****@*****.**", "Verifiers"), ("*****@*****.**", "Verifiers"), ] defined_assessors = len( [1 for _, role in people if "Assignees" in role]) defined_creators = len([1 for _, role in people if "Creators" in role]) defined_verifiers = len( [1 for _, role in people if "Verifiers" in role]) assignee_roles = self.create_assignees(assessment, people) creators = [ assignee for assignee, roles in assignee_roles if "Creators" in roles ] assignees = [ assignee for assignee, roles in assignee_roles if "Assignees" in roles ] verifiers = [ assignee for assignee, roles in assignee_roles if "Verifiers" in roles ] self.assertEqual(len(creators), defined_creators) self.assertEqual(len(assignees), defined_assessors) self.assertEqual(len(verifiers), defined_verifiers) return assessment
def _create_snapshot(): """Create snapshot for test""" audit = factories.AuditFactory() assessment = factories.AssessmentFactory(audit=audit) context = factories.ContextFactory(related_object=assessment) assessment.context = context factories.RelationshipFactory(source=audit, destination=assessment) control = factories.ControlFactory(description='control-9') revision = all_models.Revision.query.filter( all_models.Revision.resource_id == control.id, all_models.Revision.resource_type == control.__class__.__name__).order_by( all_models.Revision.id.desc()).first() snapshot = factories.SnapshotFactory(parent=audit, child_id=control.id, child_type=control.__class__.__name__, revision_id=revision.id) return assessment, snapshot
def test_add_comment(self): """Test add comment action.""" generator = ObjectGenerator() _, reader = generator.generate_person(user_role="Administrator") self.api.set_user(reader) assessment = factories.AssessmentFactory() context = factories.ContextFactory(related_object=assessment) assessment.context = context acrs = all_models.AccessControlRole.query.filter( all_models.AccessControlRole.object_type == "Assessment", all_models.AccessControlRole.name.in_(["Assignees", "Creators"]), ) for acr in acrs: factories.AccessControlListFactory(ac_role=acr, object=assessment, person=reader) response = self.api.put( assessment, { "actions": { "add_related": [{ "id": None, "type": "Comment", "description": "comment", "custom_attribute_definition_id": None, }] } }) self.assert200(response) # last relationship id (newly created relationship) rel_id = max( i["id"] for i in response.json["assessment"]["related_destinations"]) relationship = all_models.Relationship.query.get(rel_id) self.assertIsNotNone(relationship) comment = all_models.Comment.query.get(relationship.destination_id) self.assertEqual(comment.description, "comment") self.assertEqual(comment.assignee_type, "Assignees,Creators") self.assertEqual(comment.context_id, assessment.context_id)
def test_change_verification_flag_positive(self, title, unit, repeat_every): with freezegun.freeze_time("2017-08-10"): with glob_factories.single_commit(): workflow = factories.WorkflowFactory(title=title, unit=unit, repeat_every=repeat_every) factories.TaskGroupTaskFactory( task_group=factories.TaskGroupFactory( workflow=workflow, context=glob_factories.ContextFactory()), start_date=datetime.date(2017, 8, 3), end_date=datetime.date(2017, 8, 7)) wf_id = workflow.id workflow = all_models.Workflow.query.get(wf_id) verif_default = all_models.Workflow.IS_VERIFICATION_NEEDED_DEFAULT self.assertIs(workflow.is_verification_needed, verif_default) self.generator.modify_object( workflow, {'is_verification_needed': not verif_default}) workflow = all_models.Workflow.query.get(wf_id) self.assertIs(workflow.is_verification_needed, not verif_default)
def test_delete_assessment_by_role(self, role_name): """Delete assessment not allowed for based on Assignee Type.""" with factories.single_commit(): assessment = factories.AssessmentFactory() context = factories.ContextFactory(related_object=assessment) assessment.context = context person = factories.PersonFactory() factories.AccessControlPersonFactory( ac_list=assessment.acr_name_acl_map[role_name], person=person, ) assessment_id = assessment.id role = all_models.Role.query.filter( all_models.Role.name == "Creator").first() self.generator.generate_user_role(person, role, context) self.api.set_user(person) assessment = all_models.Assessment.query.get(assessment_id) resp = self.api.delete(assessment) self.assert403(resp) self.assertTrue( all_models.Assessment.query.filter( all_models.Assessment.id == assessment_id).one())
def test_add_comment(self): """Test add comment action.""" generator = ObjectGenerator() _, reader = generator.generate_person(user_role="Reader") self.api.set_user(reader) assessment = factories.AssessmentFactory() context = factories.ContextFactory(related_object=assessment) assessment.context = context object_person_rel = factories.RelationshipFactory(source=assessment, destination=reader) factories.RelationshipAttrFactory(relationship_id=object_person_rel.id, attr_name="AssigneeType", attr_value="Creator,Assessor") response = self.api.put( assessment, { "actions": { "add_related": [{ "id": None, "type": "Comment", "description": "comment", "custom_attribute_definition_id": None, }] } }) self.assert200(response) # last relationship id (newly created relationship) rel_id = max( i["id"] for i in response.json["assessment"]["related_destinations"]) relationship = all_models.Relationship.query.get(rel_id) self.assertIsNotNone(relationship) comment = all_models.Comment.query.get(relationship.destination_id) self.assertEqual(comment.description, "comment") self.assertEqual(comment.assignee_type, "Creator,Assessor") self.assertEqual(comment.context_id, assessment.context_id)
def test_autogenerated_assignees_verifiers_with_model(self): """Test autogenerated assessment assignees based on template settings.""" assessor = "*****@*****.**" verifier = "*****@*****.**" with factories.single_commit(): self.audit.context = factories.ContextFactory() auditors = { u: factories.PersonFactory(email=u).id for u in [assessor, verifier] } template = factories.AssessmentTemplateFactory( test_plan_procedure=False, procedure_description="Assessment Template Test Plan", default_people={ "assessors": [auditors[assessor]], "verifiers": [auditors[verifier]], }, ) response = self.assessment_post(template) self.assert_assignees("Verifier", response, verifier) self.assert_assignees("Assessor", response, assessor) self.assert_assignees("Creator", response, "*****@*****.**")
def test_add_url(self): """Test add url action.""" assessment = factories.AssessmentFactory() context = factories.ContextFactory(related_object=assessment) assessment.context = context response = self.api.put(assessment, {"actions": {"add_related": [ { "id": None, "type": "Document", "link": "google.com", "title": "google.com", "document_type": all_models.Document.URL, } ]}}) self.assert200(response) relationship = _get_relationship( "Assessment", response.json["assessment"]["id"]) self.assertIsNotNone(relationship) document = all_models.Document.query.get(relationship.destination_id) self.assertEqual(document.link, "google.com") self.assertEqual(document.document_type, all_models.Document.URL) self.assertEqual(document.context_id, assessment.context_id)
def test_autogenerated_assignees_verifiers(self): """Test autogenerated assessment assignees""" auditor_role = all_models.Role.query.filter_by(name="Auditor").first() audit_context = factories.ContextFactory() self.audit.context = audit_context users = ["*****@*****.**", "*****@*****.**"] auditors = [] for user in users: person = factories.PersonFactory(email=user) auditors += [person] for auditor in auditors: rbac_factories.UserRoleFactory(context=audit_context, role=auditor_role, person=auditor) self.assertEqual( all_models.UserRole.query.filter_by( role=auditor_role, context=self.audit.context).count(), 2, "Auditors not present") response = self.assessment_post() verifiers = response.json["assessment"]["assignees"]["Verifier"] verifiers = set([v.get("email") for v in verifiers]) self.assertEqual(verifiers, set(users)) assessors = response.json["assessment"]["assignees"]["Assessor"] assessor = assessors[0].get("email") db.session.add(self.audit) self.assertEqual(assessor, self.audit.contact.email) creators = response.json["assessment"]["assignees"]["Creator"] creators = set([c.get("email") for c in creators]) self.assertEqual(set(creators), {"*****@*****.**"})
def test_create_ctg_wf_admin(self, admin_role): """Check creation cycle task group by workflow admin""" admin = self.create_user_with_role(admin_role) exp_count = 1 with factories.single_commit(): workflow = wf_factories.WorkflowFactory() workflow.add_person_with_role_name(admin, 'Admin') task_group = wf_factories.TaskGroupFactory( title='TestTG', context=factories.ContextFactory(), workflow=workflow ) wf_factories.TaskGroupTaskFactory( title='TestTGT', task_group=task_group, start_date=datetime.date(2017, 8, 3), end_date=datetime.date(2017, 8, 7) ) cycle = wf_factories.CycleFactory(workflow=workflow) self.generator.activate_workflow(workflow) self.api.set_user(admin) response = self.api.post(all_models.CycleTaskGroup, { "cycle_task_group": { "cycle": { "id": cycle.id, }, "contact": { "id": admin.id, }, "title": 'title1', }, }) self.assert201(response) count = len(all_models.CycleTaskGroup.query.all()) self.assertEquals(count, exp_count)
def _create_propagation_acl_test_data(self): # noqa pylint: disable=invalid-name """Create objects for Workflow ACL propagation test.""" with freezegun.freeze_time("2017-08-9"): with factories.single_commit(): workflow = wf_factories.WorkflowFactory( title='wf1', unit=all_models.Workflow.WEEK_UNIT, is_verification_needed=True, repeat_every=1) wf_factories.TaskGroupTaskFactory( title='tgt1', task_group=wf_factories.TaskGroupFactory( title='tg1', context=factories.ContextFactory(), workflow=workflow), # One cycle should be created start_date=datetime.date(2017, 8, 3), end_date=datetime.date(2017, 8, 7)) self.generator.activate_workflow(workflow) cycle = all_models.Cycle.query.one() cycle_task = all_models.CycleTaskGroupObjectTask.query.one() wf_factories.CycleTaskEntryFactory( cycle=cycle, cycle_task_group_object_task=cycle_task, description="Cycle task comment", ) workflow = all_models.Workflow.query.one() acl_map = { self.people_ids[0]: WF_ROLES['Admin'], self.people_ids[1]: WF_ROLES['Workflow Member'], self.people_ids[2]: WF_ROLES['Workflow Member'], } put_params = { 'access_control_list': acl_helper.get_acl_list(acl_map) } response = self.api.put(workflow, put_params) self.assert200(response)
def test_verification_flag_negative(self, flag): """Test immutable verification flag on active workflows.""" with freezegun.freeze_time("2017-08-10"): with factories.single_commit(): workflow = wf_factories.WorkflowFactory( unit=all_models.Workflow.WEEK_UNIT, is_verification_needed=flag, repeat_every=1) wf_factories.TaskGroupTaskFactory( task_group=wf_factories.TaskGroupFactory( context=factories.ContextFactory(), workflow=workflow ), # Two cycles should be created start_date=datetime.date(2017, 8, 3), end_date=datetime.date(2017, 8, 7)) workflow_id = workflow.id self.assertEqual(workflow.status, all_models.Workflow.DRAFT) self.generator.activate_workflow(workflow) workflow = all_models.Workflow.query.get(workflow_id) self.assertEqual(workflow.status, all_models.Workflow.ACTIVE) resp = self.api.put(workflow, {"is_verification_needed": not flag}) self.assert400(resp) workflow = all_models.Workflow.query.get(workflow_id) self.assertEqual(workflow.is_verification_needed, flag) # End all current cycles for cycle in workflow.cycles: self.generator.modify_object(cycle, {'is_current': False}) workflow = all_models.Workflow.query.filter( all_models.Workflow.id == workflow_id).first() self.assertEqual(workflow.status, all_models.Workflow.INACTIVE) resp = self.api.put(workflow, {"is_verification_needed": not flag}) self.assert400(resp) workflow = all_models.Workflow.query.get(workflow_id) self.assertEqual(workflow.is_verification_needed, flag)
def test_create_ctg_wf_member(self, member_role, response_code, exp_count): """Check creation cycle task group by workflow member""" member = self.create_user_with_role(member_role) with factories.single_commit(): workflow = wf_factories.WorkflowFactory() workflow.add_person_with_role_name(member, 'Workflow Member') task_group = wf_factories.TaskGroupFactory( title='TestTG', context=factories.ContextFactory(), workflow=workflow ) wf_factories.TaskGroupTaskFactory( title='TestTGT', task_group=task_group, start_date=datetime.date(2017, 8, 3), end_date=datetime.date(2017, 8, 7) ) cycle = wf_factories.CycleFactory(workflow=workflow) self.generator.activate_workflow(workflow) self.api.set_user(member) response = self.api.post(all_models.CycleTaskGroup, { "cycle_task_group": { "cycle": { "id": cycle.id, }, "contact": { "id": member.id, }, "title": 'title1', }, }) self.assertEquals(response.status_code, response_code) count = len(all_models.CycleTaskGroup.query.all()) self.assertEquals(count, exp_count)