def test_delete_assessment_by_role(self, role_name): """Delete assessment not allowed for based on Assignee Type.""" with factories.single_commit(): assessment = factories.AssessmentFactory() context = factories.ContextFactory(related_object=assessment) assessment.context = context person = factories.PersonFactory() object_person_rel = factories.RelationshipFactory( source=assessment, destination=person) factories.RelationshipAttrFactory( relationship_id=object_person_rel.id, attr_name="AssigneeType", attr_value=role_name, ) assessment_id = assessment.id role = all_models.Role.query.filter( all_models.Role.name == "Creator").first() self.generator.generate_user_role(person, role, context) self.api.set_user(person) assessment = all_models.Assessment.query.get(assessment_id) resp = self.api.delete(assessment) self.assert403(resp) self.assertTrue( all_models.Assessment.query.filter( all_models.Assessment.id == assessment_id).one())
def create_assignees(cls, obj, persons): """Create assignees for object. This is used only during object creation because we cannot create assignees at that point yet. Args: obj: Assignable object. persons: [("(string) email", "Assignee roles"), ...] A list of people and their roles Returns: [(person, object-person relationship, object-person relationship attributes), ...] A list of persons with their relationships and relationship attributes. """ assignees = [] for person, roles in persons: person = factories.PersonFactory(email=person) object_person_rel = factories.RelationshipFactory( source=obj, destination=person ) object_person_rel_attrs = factories.RelationshipAttrFactory( relationship_id=object_person_rel.id, attr_name="AssigneeType", attr_value=roles ) assignees += [(person, object_person_rel, object_person_rel_attrs)] return assignees
def test_add_comment(self): """Test add comment action.""" generator = ObjectGenerator() _, reader = generator.generate_person(user_role="Reader") self.api.set_user(reader) assessment = factories.AssessmentFactory() context = factories.ContextFactory(related_object=assessment) assessment.context = context object_person_rel = factories.RelationshipFactory(source=assessment, destination=reader) factories.RelationshipAttrFactory(relationship_id=object_person_rel.id, attr_name="AssigneeType", attr_value="Creator,Assessor") response = self.api.put( assessment, { "actions": { "add_related": [{ "id": None, "type": "Comment", "description": "comment", "custom_attribute_definition_id": None, }] } }) self.assert200(response) # last relationship id (newly created relationship) rel_id = max( i["id"] for i in response.json["assessment"]["related_destinations"]) relationship = all_models.Relationship.query.get(rel_id) self.assertIsNotNone(relationship) comment = all_models.Comment.query.get(relationship.destination_id) self.assertEqual(comment.description, "comment") self.assertEqual(comment.assignee_type, "Creator,Assessor") self.assertEqual(comment.context_id, assessment.context_id)
def setUp(self): super(TestPermissionsOnAssessmentRelatedAssignables, self).setUp() self.api = Api() self.generator = ObjectGenerator() _, self.reader = self.generator.generate_person(user_role="Reader") audit = factories.AuditFactory() assessment = factories.AssessmentFactory(audit=audit) object_person_rel = factories.RelationshipFactory( source=assessment, destination=self.reader) factories.RelationshipAttrFactory(relationship_id=object_person_rel.id, attr_name="AssigneeType", attr_value="Assessor") factories.RelationshipFactory(source=audit, destination=assessment) document = factories.DocumentFactory() document_id = document.id doc_rel = factories.RelationshipFactory(source=assessment, destination=document) doc_rel_id = doc_rel.id self.api.set_user(self.reader) self.document = all_models.Document.query.get(document_id) self.doc_relationship = all_models.Relationship.query.get(doc_rel_id)
def setUp(self): super(TestAssessmentNotification, self).setUp() self.client.get("/login") self.api = api_helper.Api() self.auditor = Person.query.filter_by(email="*****@*****.**").one() self.api.set_user(self.auditor) audit = factories.AuditFactory() self.api.post( Assessment, { "assessment": { "title": "Assessment1", "context": None, "audit": { "id": audit.id, "type": "Audit", }, "access_control_list": [{ "person": { "id": self.auditor.id, "type": "Person", }, "ac_role_id": self.primary_role_id, "context": None }], "status": "In Progress", } }) self.assessment = Assessment.query.filter_by(title="Assessment1").one() auditor = Person.query.filter_by(email="*****@*****.**").one() assessment_person_rel = factories.RelationshipFactory( source=self.assessment, destination=auditor) factories.RelationshipAttrFactory( relationship_id=assessment_person_rel.id, attr_name="AssigneeType", attr_value="Assessor") self.cad1 = factories.CustomAttributeDefinitionFactory( definition_type="assessment", title="ca1", ) factories.CustomAttributeValueFactory(custom_attribute=self.cad1, attributable=self.assessment) self.cad2 = factories.CustomAttributeDefinitionFactory( definition_type="assessment", attribute_type="Map:Person", title="ca2", ) factories.CustomAttributeValueFactory(custom_attribute=self.cad2, attributable=self.assessment) self.cad3 = factories.CustomAttributeDefinitionFactory( definition_type="assessment", attribute_type="Checkbox", title="ca3", ) factories.CustomAttributeValueFactory(custom_attribute=self.cad3, attributable=self.assessment) db.engine.execute(""" UPDATE notifications SET sent_at = NOW() """)