def test_snapshot_counts_query(self):
"""Test snapshot_counts endpoint"""
with factories.single_commit():
audit = factories.AuditFactory()
issue_1 = factories.IssueFactory(audit=audit)
control = factories.ControlFactory()
regulation = factories.RegulationFactory()
factories.RelationshipFactory(
source=issue_1,
destination=control
)
issue_2 = factories.IssueFactory(audit=audit)
with factories.single_commit():
revision = all_models.Revision.query.filter(
all_models.Revision.resource_type == "Issue",
all_models.Revision.resource_id == issue_1.id
).first()
revision_2 = all_models.Revision.query.filter(
all_models.Revision.resource_type == "Issue",
all_models.Revision.resource_id == issue_2.id
).first()
snapshot_1 = factories.SnapshotFactory(
parent=issue_1.audit,
child_type=control.type,
child_id=control.id,
revision=revision
)
factories.RelationshipFactory(
source=issue_1,
destination=snapshot_1,
)
snapshot_2 = factories.SnapshotFactory(
parent=issue_2.audit,
child_type=regulation.type,
child_id=regulation.id,
revision=revision_2
)
factories.RelationshipFactory(
source=issue_2,
destination=snapshot_2,
)
issues = [issue_1, issue_2]
expected_snapshot_counts = {
issue_1.id: {"Control": 1},
issue_2.id: {"Regulation": 1},
}
for issue in issues:
response = self.api.client.get(
"/api/issues/{}/snapshot_counts".format(issue.id),
)
snapshot_counts = json.loads(response.data)
self.assertEqual(snapshot_counts,
expected_snapshot_counts[issue.id])
def test_snapshot_counts_query(self):
"""Test snapshot_counts endpoint"""
with factories.single_commit():
assessment_1 = factories.AssessmentFactory()
control = factories.ControlFactory()
regulation = factories.RegulationFactory()
factories.RelationshipFactory(source=assessment_1,
destination=control)
assessment_2 = factories.AssessmentFactory()
with factories.single_commit():
revision = all_models.Revision.query.filter(
all_models.Revision.resource_type == "Assessment",
all_models.Revision.resource_id == assessment_1.id).first()
revision_2 = all_models.Revision.query.filter(
all_models.Revision.resource_type == "Assessment",
all_models.Revision.resource_id == assessment_2.id).first()
snapshot_1 = factories.SnapshotFactory(parent=assessment_1.audit,
child_type=control.type,
child_id=control.id,
revision=revision)
factories.RelationshipFactory(
source=assessment_1,
destination=snapshot_1,
)
snapshot_2 = factories.SnapshotFactory(parent=assessment_2.audit,
child_type=regulation.type,
child_id=regulation.id,
revision=revision_2)
factories.RelationshipFactory(
source=assessment_2,
destination=snapshot_2,
)
assessments = [assessment_1, assessment_2]
expected_snapshot_counts = {
assessment_1.id: {
"Control": 1
},
assessment_2.id: {
"Regulation": 1
},
}
for assessment in assessments:
response = self.api.client.get(
"/api/assessments/{}/snapshot_counts".format(assessment.id), )
snapshot_counts = json.loads(response.data)
self.assertEqual(snapshot_counts,
expected_snapshot_counts[assessment.id])
def test_filter_by_checkbox_cad(self, value, search_value):
"""Test index by Checkdoxed cad."""
checkbox_type = all_models.CustomAttributeDefinition.ValidTypes.CHECKBOX
cad_title = "Checkbox"
with factories.single_commit():
cad = factories.CustomAttributeDefinitionFactory(
attribute_type=checkbox_type,
definition_type="control",
title=cad_title,
)
control = factories.ControlFactory()
factories.CustomAttributeValueFactory(
custom_attribute=cad,
attributable=control,
attribute_value=value,
)
revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == control.id,
all_models.Revision.resource_type == control.type,
).first()
revision.content = control.log_json()
db.session.add(revision)
with factories.single_commit():
snapshot = factories.SnapshotFactory(child_id=control.id,
child_type=control.type,
revision=revision)
db.session.expire_all()
snapshot_id = snapshot.id
self.client.post("/admin/reindex")
snapshot = all_models.Snapshot.query.get(snapshot_id)
self.assert_indexed_fields(snapshot, cad_title, {"": search_value})
def setup_snapshots_and_issue(self):
"""Create snapshot & issue objects"""
self.snapshots = {}
self.issues = {}
self.control = factories.ControlFactory()
revision = all_models.Revision.query.filter(
all_models.Revision.resource_type == self.control.type).first()
for is_archived in (False, True):
audit = self.audits[is_archived]
# Create a snapshot
self.snapshots[is_archived] = factories.SnapshotFactory(
child_id=revision.resource_id,
child_type=revision.resource_type,
revision=revision,
parent=audit,
context=audit.context,
)
# Create an issue
issue = factories.IssueFactory()
self.issues[is_archived] = issue
# Map issue to audit
factories.RelationshipFactory(
source=audit,
destination=issue,
context=audit.context
)
def setUp(self):
super(TestIssueRelevantFilter, self).setUp()
self.client.get("/login")
self.snapshottable = factories.ObjectiveFactory()
revision = all_models.Revision.query.filter_by(
resource_id=self.snapshottable.id,
resource_type=self.snapshottable.type,
).first()
with factories.single_commit():
self.control = factories.ControlFactory()
self.audit = factories.AuditFactory()
self.issue = factories.IssueFactory()
self.snapshot = factories.SnapshotFactory(
parent=self.audit,
child_id=self.snapshottable.id,
child_type=self.snapshottable.type,
revision_id=revision.id,
)
factories.RelationshipFactory(source=self.issue,
destination=self.control)
factories.RelationshipFactory(source=self.issue,
destination=self.audit)
factories.RelationshipFactory(source=self.issue,
destination=self.snapshot)
self.objects = {
"Issue": self.issue,
"Control": self.control,
"Snapshot": self.snapshot,
"Snapshottable": self.snapshottable,
}
def test_index_by_acr(self):
"""Test index by ACR."""
role_name = "Test name"
with factories.single_commit():
acr = factories.AccessControlRoleFactory(name=role_name,
object_type="Control")
person = factories.PersonFactory(email="*****@*****.**",
name='test')
control = factories.ControlFactory()
factories.AccessControlList(ac_role=acr,
person=person,
object=control)
revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == control.id,
all_models.Revision.resource_type == control.type,
).one()
revision.content = control.log_json()
db.session.add(revision)
with factories.single_commit():
snapshot = factories.SnapshotFactory(child_id=control.id,
child_type=control.type,
revision=revision)
db.session.expire_all()
do_reindex()
self.assert_indexed_fields(
snapshot, role_name, {
"{}-email".format(person.id): person.email,
"{}-name".format(person.id): person.name,
"{}-user_name".format(person.id): person.user_name,
"__sort__": person.user_name,
})
def test_export_assesments_map_control(self, with_map):
"""Test export assesment with and without related control instance"""
with factories.single_commit():
audit = factories.AuditFactory()
assessment = factories.AssessmentFactory(audit=audit)
factories.RelationshipFactory(source=audit, destination=assessment)
control = factories.ControlFactory()
revision = models.Revision.query.filter(
models.Revision.resource_id == control.id,
models.Revision.resource_type ==
control.__class__.__name__).order_by(
models.Revision.id.desc()).first()
with factories.single_commit():
snapshot = factories.SnapshotFactory(
parent=audit,
child_id=control.id,
child_type=control.__class__.__name__,
revision_id=revision.id)
if with_map:
factories.RelationshipFactory(source=snapshot,
destination=assessment)
if with_map:
val = control.slug
else:
val = ""
self.assertColumnExportedValue(val, assessment, "map:control versions")
def test_index_deleted_acr(self):
"""Test index by removed ACR."""
role_name = "Test name"
with factories.single_commit():
acr = factories.AccessControlRoleFactory(name=role_name,
object_type="Control")
person = factories.PersonFactory(email="*****@*****.**",
name='test')
control = factories.ControlFactory()
factories.AccessControlList(ac_role=acr,
person=person,
object=control)
revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == control.id,
all_models.Revision.resource_type == control.type,
).one()
revision.content = control.log_json()
db.session.add(revision)
with factories.single_commit():
snapshot = factories.SnapshotFactory(child_id=control.id,
child_type=control.type,
revision=revision)
db.session.expire_all()
db.session.delete(acr)
db.session.commit()
do_reindex()
all_found_records = dict(
Record.query.filter(Record.key == snapshot.id,
Record.type == snapshot.type,
Record.property == role_name.lower()).values(
"subproperty", "content"))
self.assertFalse(all_found_records)
def test_index_by_acr(self):
"""Test index by ACR."""
role_name = "Test name"
factories.AccessControlRoleFactory(name=role_name, object_type="Control")
with factories.single_commit():
person = factories.PersonFactory(email="*****@*****.**", name='test')
control = factories.ControlFactory()
factories.AccessControlPersonFactory(
ac_list=control.acr_name_acl_map[role_name],
person=person,
)
revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == control.id,
all_models.Revision.resource_type == control.type,
).one()
revision.content = control.log_json()
db.session.add(revision)
with factories.single_commit():
snapshot = factories.SnapshotFactory(
child_id=control.id,
child_type=control.type,
revision=revision)
db.session.expire_all()
person_id = person.id
snapshot_id = snapshot.id
self.client.post("/admin/full_reindex")
person = all_models.Person.query.get(person_id)
snapshot = all_models.Snapshot.query.get(snapshot_id)
self.assert_indexed_fields(snapshot, role_name, {
"{}-email".format(person.id): person.email,
"{}-name".format(person.id): person.name,
"__sort__": person.email,
})
def test_filter_by_checkbox_cad_no_cav(self):
"""Test index by Checkdoxed cad no cav."""
checkbox_type = all_models.CustomAttributeDefinition.ValidTypes.CHECKBOX
cad_title = "Checkbox"
search_value = "No"
with factories.single_commit():
factories.CustomAttributeDefinitionFactory(
attribute_type=checkbox_type,
definition_type="objective",
title=cad_title,
)
objective = factories.ObjectiveFactory()
revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == objective.id,
all_models.Revision.resource_type == objective.type,
).first()
revision.content = objective.log_json()
db.session.add(revision)
with factories.single_commit():
snapshot = factories.SnapshotFactory(
child_id=objective.id,
child_type=objective.type,
revision=revision)
db.session.expire_all()
snapshot_id = snapshot.id
self.client.post("/admin/full_reindex")
snapshot = all_models.Snapshot.query.get(snapshot_id)
self.assert_indexed_fields(snapshot, cad_title, {"": search_value})
def test_export_with_map_control_mirror_relation(self):
"""Test export assessment with related control instance
relation assessment -> snapshot
"""
with factories.single_commit():
audit = factories.AuditFactory()
assessment = factories.AssessmentFactory(audit=audit)
factories.RelationshipFactory(source=audit, destination=assessment)
control = factories.ControlFactory()
revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == control.id,
all_models.Revision.resource_type == control.__class__.__name__
).order_by(
all_models.Revision.id.desc()
).first()
snapshot = factories.SnapshotFactory(
parent=audit,
child_id=control.id,
child_type=control.__class__.__name__,
revision_id=revision.id
)
db.session.commit()
factories.RelationshipFactory(destination=snapshot, source=assessment)
self.assertColumnExportedValue(control.slug, assessment,
"map:control versions")
def test_mapping_control_through_snapshot(self):
"Test for add mapping control on assessment"
audit = factories.AuditFactory()
assessment = factories.AssessmentFactory(audit=audit)
factories.RelationshipFactory(source=audit, destination=assessment)
control = factories.ControlFactory()
revision = models.Revision.query.filter(
models.Revision.resource_id == control.id,
models.Revision.resource_type ==
control.__class__.__name__).order_by(
models.Revision.id.desc()).first()
factories.SnapshotFactory(parent=audit,
child_id=control.id,
child_type=control.__class__.__name__,
revision_id=revision.id)
db.session.commit()
self.assertFalse(
db.session.query(
models.Relationship.get_related_query(
assessment, models.Snapshot()).exists()).first()[0])
self.import_data(
OrderedDict([
("object_type", "Assessment"),
("Code*", assessment.slug),
("map:control", control.slug),
]))
self.assertTrue(
db.session.query(
models.Relationship.get_related_query(
assessment, models.Snapshot()).exists()).first()[0])
def test_search_no_acl_in_content(self, field, role_name):
"""Test search older revisions without access_control_list."""
with factories.single_commit():
person = factories.PersonFactory(email="{}@example.com".format(field),
name=field)
control = factories.ControlFactory()
revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == control.id,
all_models.Revision.resource_type == control.type,
).one()
with factories.single_commit():
snapshot = factories.SnapshotFactory(
child_id=control.id,
child_type=control.type,
revision=revision)
old_content = revision.content.copy()
old_content.pop("access_control_list")
old_content[field] = {"id": person.id}
revision.content = old_content
db.session.add(revision)
person_id = person.id
snapshot_id = snapshot.id
self.client.post("/admin/full_reindex")
person = all_models.Person.query.get(person_id)
snapshot = all_models.Snapshot.query.get(snapshot_id)
self.assert_indexed_fields(snapshot, role_name, {
"{}-email".format(person.id): person.email,
"{}-name".format(person.id): person.name,
"__sort__": person.email,
})
def setUpClass(cls):
"""Prepare data needed to run the tests."""
TestCase.clear_data()
with app.app_context():
cls.response = cls._import_file("audit_rbac.csv")
cls.people = {
person.name: person
for person in all_models.Person.eager_query().all()
}
created_objects = (
(all_models.Audit, all_models.Audit.slug == 'AUDIT-1',
'audit'), (all_models.Audit,
all_models.Audit.slug == 'AUDIT-2',
'archived_audit'),
(all_models.Issue, all_models.Issue.slug == 'PMRBACISSUE-1',
'issue'), (all_models.Issue,
all_models.Issue.slug == 'PMRBACISSUE-2',
'archived_issue'),
(all_models.Assessment,
all_models.Assessment.slug == 'PMRBACASSESSMENT-1',
'assessment'),
(all_models.Assessment,
all_models.Assessment.slug == 'PMRBACASSESSMENT-2',
'archived_assessment'))
for obj, cond, name in created_objects:
setattr(cls, name, obj.eager_query().filter(cond).first())
revision = all_models.Revision.query.filter(
all_models.Revision.resource_type == 'Objective').first()
cls.rev_id = revision.id
# Create snapshot objects:
for audit, name in ((cls.audit, 'snapshot'),
(cls.archived_audit, 'archived_snapshot')):
snapshot = factories.SnapshotFactory(
child_id=revision.resource_id,
child_type=revision.resource_type,
parent=audit,
revision=revision,
context=audit.context,
)
factories.RelationshipFactory(source=audit,
destination=snapshot)
setattr(cls, name, snapshot)
# Create asessment template objects:
for audit, name in ((cls.audit, 'template'),
(cls.archived_audit, 'archived_template')):
template = factories.AssessmentTemplateFactory(
context=audit.context, )
factories.RelationshipFactory(source=audit,
destination=template,
context=audit.context)
setattr(cls, name, template)
# Refresh objects in the session
for obj in db.session:
db.session.refresh(obj)
def test_import_propagation(self):
"""Test propagation program roles via import"""
# pylint: disable=too-many-locals
with factories.single_commit():
program = factories.ProgramFactory()
control = factories.ControlFactory()
control_1 = factories.ControlFactory()
factories.RelationshipFactory(destination=program, source=control)
factories.RelationshipFactory(destination=program,
source=control_1)
revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == control.id,
all_models.Revision.resource_type == control.type,
).first()
with factories.single_commit():
audit = factories.AuditFactory(program=program)
rel = factories.RelationshipFactory(destination=audit.program,
source=audit)
snapshot = factories.SnapshotFactory(parent=audit,
revision_id=revision.id,
child_type=control.type,
child_id=control.id)
factories.RelationshipFactory(destination=audit, source=snapshot)
flask.g.new_relationship_ids = [rel.id]
flask.g.new_acl_ids = [a.id for a in program._access_control_list]
flask.g.deleted_objects = []
propagation.propagate()
acl_q = all_models.AccessControlList.query.filter(
all_models.AccessControlList.object_type == "Assessment", )
self.assertEqual(acl_q.count(), 0)
response = self.import_data(
OrderedDict([
("object_type", "Assessment"),
("Code*", ""),
("Audit*", audit.slug),
("title", "Assessment title 1"),
("Creators", "*****@*****.**"),
("Assignees", "*****@*****.**"),
("map:Control versions", control.slug),
]),
OrderedDict([
("object_type", "Assessment"),
("Code*", ""),
("Audit*", audit.slug),
("title", "Assessment title 2"),
("Creators", "*****@*****.**"),
("Assignees", "*****@*****.**"),
("map:Control versions", control.slug),
]),
)
self.check_import_errors(response)
self.assertEqual(acl_q.count(), 20)
def test_asmt_issue_similarity(self, asmnt_type, obj_factory, issue_exists):
"""Test Issues related to assessments with 'similar' operation."""
# Test object has to be created before others to produce revision
obj = obj_factory()
with factories.single_commit():
audit = factories.AuditFactory()
assessment1 = factories.AssessmentFactory(
audit=audit, assessment_type=asmnt_type
)
assessment2 = factories.AssessmentFactory(audit=audit)
issue = factories.IssueFactory()
snapshot = factories.SnapshotFactory(
parent=audit,
child_id=obj.id,
child_type=obj.type,
revision_id=models.Revision.query.filter_by(
resource_type=obj.type).one().id
)
factories.RelationshipFactory(source=audit, destination=assessment1)
factories.RelationshipFactory(source=audit, destination=assessment2)
factories.RelationshipFactory(source=audit, destination=issue)
factories.RelationshipFactory(source=snapshot, destination=assessment1)
factories.RelationshipFactory(source=snapshot, destination=issue)
query = [{
"object_name": "Issue",
"type": "ids",
"filters": {
"expression": {
"op": {"name": "similar"},
"object_name": "Assessment",
"ids": [assessment1.id],
},
},
}]
expected_ids = [issue.id]
response = self.client.post(
"/query",
data=json.dumps(query),
headers={"Content-Type": "application/json"},
)
if issue_exists:
self.assertListEqual(
response.json[0]["Issue"]["ids"],
expected_ids
)
else:
self.assertListEqual(
response.json[0]["Issue"]["ids"],
[]
)
def test_audit_snapshot_editing(self, rolename, object_role,
status, archived):
"""Test if {0}-{1} can edit objects in the audit context: {1}-snapshot"""
with factories.single_commit():
audit = factories.AuditFactory(archived=archived)
program = audit.program
factories.RelationshipFactory(source=program, destination=audit)
user = self.create_user_with_role(rolename)
if object_role:
program.add_person_with_role_name(user, object_role)
objective = factories.ObjectiveFactory(title="objective")
factories.RelationshipFactory(source=program,
destination=objective)
revision = all_models.Revision.query.filter(
all_models.Revision.resource_type == 'Objective').first()
rev_id = revision.id
# Create snapshot objects:
snapshot = factories.SnapshotFactory(
child_id=revision.resource_id,
child_type=revision.resource_type,
parent=audit,
revision=revision,
context=audit.context,
)
snapshot_id = snapshot.id
factories.RelationshipFactory(source=audit,
destination=snapshot)
self.api.set_user(user)
snapshot = all_models.Snapshot.query.get(snapshot_id)
# update obj to create new revision
self.api.put(
all_models.Objective.query.get(snapshot.revision.resource_id),
{
"status": "Active",
}
)
json = {
"update_revision": "latest"
}
response = self.api.put(snapshot, json)
assert response.status_code == status, \
"{} put returned {} instead of {} for {}".format(
rolename, response.status, status, 'snapshot')
if status != 200:
# if editing is allowed check if edit was correctly saved
return
assert response.json['snapshot'].get("revision_id", None) > rev_id, \
"snapshot has not been updated to the latest revision {}".format(
response.json['snapshot'])
def test_latest_revision_delete_cad(self, is_add_cav):
"""Test creating new revision after deleting CAD.
In case of deleting CAD, snapshot attribute is_latest_revision
must be False
"""
with factories.single_commit():
control = factories.ControlFactory()
program = factories.ProgramFactory()
factories.RelationshipFactory(
source=program,
destination=control,
)
audit = factories.AuditFactory()
factories.RelationshipFactory(
source=audit,
destination=control
)
cad = factories.CustomAttributeDefinitionFactory(
title="test_name",
definition_type="control",
attribute_type="Text",
)
if is_add_cav:
factories.CustomAttributeValueFactory(
custom_attribute=cad,
attributable=control,
attribute_value="test",
)
last_revision = models.Revision.query.filter(
models.Revision.resource_id == control.id,
models.Revision.resource_type == control.type,
).order_by(models.Revision.id.desc()).first()
snapshot = factories.SnapshotFactory(
parent=audit,
child_id=control.id,
child_type=control.type,
revision=last_revision,
)
self.assertTrue(snapshot.is_latest_revision)
self.api_helper.delete(cad)
snapshot = models.Snapshot.query.filter().first()
self.assertEqual(snapshot.is_latest_revision, False)
def test_original_object_deleted_external(self):
"""
Test original_object_deleted status after
deleting object in GGRCQ side
"""
with factories.single_commit():
assessment = factories.AssessmentFactory()
assessment_id = assessment.id
control = factories.ControlFactory()
revision = models.Revision.query.filter(
models.Revision.resource_type == "Assessment",
models.Revision.resource_id == assessment_id,
).first()
snapshot = factories.SnapshotFactory(
parent=assessment.audit,
child_type=control.type,
child_id=control.id,
revision=revision,
)
factories.RelationshipFactory(
source=assessment,
destination=snapshot,
)
revision_id = revision.id
snapshot_id = snapshot.id
self.client.get("/login")
response_data = self.client.get(
'/api/assessments/{}/related_objects'.format(assessment_id)).json
snapshot = models.Snapshot.query.get(snapshot_id)
self.assertIn('original_object_deleted', response_data['Snapshot'][0])
self.assertFalse(snapshot.original_object_deleted)
self.assertEqual(
response_data['Snapshot'][0]['original_object_deleted'],
snapshot.original_object_deleted,
)
control = models.Control.query.first()
with self.api.as_external():
response = self.api.put(control, {'status': 'Deprecated'})
self.assert200(response)
response_data = self.client.get(
'/api/assessments/{}/related_objects'.format(assessment_id)).json
snapshot = models.Snapshot.query.get(snapshot_id)
self.assertTrue(snapshot.original_object_deleted)
self.assertEqual(revision_id,
response_data['Snapshot'][0]['revision_id'])
def _map_snapshot(self, obj, destination):
"""Create relationship between object and his snapshot"""
revision = self._get_latest_object_revisions([obj])[0]
parent = destination
if not isinstance(parent, all_models.Audit):
parent = destination.audit
snapshot = factories.SnapshotFactory(
child_id=revision.resource_id,
child_type=revision.resource_type,
revision=revision,
parent=parent,
parent_id=parent.id,
)
factories.RelationshipFactory(source=snapshot, destination=destination)
def setUp(self):
super(TestAssessmentGeneration, self).setUp()
self.api = Api()
self.audit = factories.AuditFactory()
self.control = factories.ControlFactory(test_plan="Control Test Plan")
revision = Revision.query.filter(
Revision.resource_id == self.control.id, Revision.resource_type ==
self.control.__class__.__name__).order_by(
Revision.id.desc()).first()
self.snapshot = factories.SnapshotFactory(
parent=self.audit,
child_id=self.control.id,
child_type=self.control.__class__.__name__,
revision_id=revision.id)
def _create_snapshots(cls, audit, objects):
"""Create snapshots of latest object revisions for given objects."""
# This commit is needed if we're using factories with single_commit, so
# that the latest revisions will be fetched properly.
db.session.commit()
revisions = cls._get_latest_object_revisions(objects)
snapshots = [
factories.SnapshotFactory(
child_id=revision.resource_id,
child_type=revision.resource_type,
revision=revision,
parent=audit,
) for revision in revisions
]
return snapshots
def setUp(self):
super(TestAssessmentHook, self).setUp()
control = factories.ControlFactory()
with factories.single_commit():
self.assessment = factories.AssessmentFactory()
audit = factories.AuditFactory()
revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == control.id,
all_models.Revision.resource_type == control.type,
).first()
self.snapshot = factories.SnapshotFactory(
parent=audit,
revision_id=revision.id,
child_type=control.type,
child_id=control.id,
)
def test_export_assesments_without_map_control(self):
"""Test export assesment without related control instance"""
audit = factories.AuditFactory()
assessment = factories.AssessmentFactory(audit=audit)
factories.RelationshipFactory(source=audit, destination=assessment)
control = factories.ControlFactory()
revision = models.Revision.query.filter(
models.Revision.resource_id == control.id,
models.Revision.resource_type ==
control.__class__.__name__).order_by(
models.Revision.id.desc()).first()
factories.SnapshotFactory(parent=audit,
child_id=control.id,
child_type=control.__class__.__name__,
revision_id=revision.id)
db.session.commit()
self.assertColumnExportedValue("", assessment, "map:control")
def _setup_objects():
"""Create and reindex objects needed for tests"""
text_cad = factories.CustomAttributeDefinitionFactory(
title="text cad",
definition_type="market",
)
date_cad = factories.CustomAttributeDefinitionFactory(
title="date cad",
definition_type="market",
attribute_type="Date",
)
audit = factories.AuditFactory()
for i in range(5):
factories.OrgGroupFactory()
market = factories.MarketFactory()
factories.CustomAttributeValueFactory(
custom_attribute=date_cad,
attributable=market,
attribute_value="2016-11-0{}".format(i + 3),
)
factories.CustomAttributeValueFactory(
custom_attribute=text_cad,
attributable=market,
attribute_value="2016-11-0{}".format(i + 1),
)
revisions = models.Revision.query.filter(
models.Revision.resource_type.in_(["OrgGroup", "Market"]),
models.Revision.id.in_(
db.session.query(func.max(models.Revision.id)).group_by(
models.Revision.resource_type,
models.Revision.resource_id,
)
),
)
for revision in revisions:
factories.SnapshotFactory(
child_id=revision.resource_id,
child_type=revision.resource_type,
revision=revision,
parent=audit,
)
views.do_reindex()
def _create_snapshot():
"""Create snapshot for test"""
audit = factories.AuditFactory()
assessment = factories.AssessmentFactory(audit=audit)
context = factories.ContextFactory(related_object=assessment)
assessment.context = context
factories.RelationshipFactory(source=audit, destination=assessment)
control = factories.ControlFactory(description='control-9')
revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == control.id,
all_models.Revision.resource_type ==
control.__class__.__name__).order_by(
all_models.Revision.id.desc()).first()
snapshot = factories.SnapshotFactory(parent=audit,
child_id=control.id,
child_type=control.__class__.__name__,
revision_id=revision.id)
return assessment, snapshot
def test_asmt_issue_similarity(self):
"""Test Issues related to assessments."""
audit = factories.AuditFactory()
assessment1 = factories.AssessmentFactory(audit=audit)
assessment2 = factories.AssessmentFactory(audit=audit)
issue = factories.IssueFactory(audit=audit)
control = factories.ControlFactory()
snapshot = factories.SnapshotFactory(
parent=audit,
child_id=control.id,
child_type=control.type,
revision_id=models.Revision.query.filter_by(
resource_type=control.type).one().id
)
factories.RelationshipFactory(source=audit, destination=assessment1)
factories.RelationshipFactory(source=audit, destination=assessment2)
factories.RelationshipFactory(source=audit, destination=issue)
factories.RelationshipFactory(source=snapshot, destination=assessment1)
factories.RelationshipFactory(source=snapshot, destination=issue)
query = [{
"object_name": "Issue",
"type": "ids",
"filters": {
"expression": {
"op": {"name": "similar"},
"object_name": "Assessment",
"ids": [assessment1.id],
},
},
}]
expected_ids = [issue.id]
response = self.client.post(
"/query",
data=json.dumps(query),
headers={"Content-Type": "application/json"},
)
self.assertListEqual(
response.json[0]["Issue"]["ids"],
expected_ids
)
def test_asmt_state_updating_verifiers_with_map_fields(
self, map_factory, map_column_name, new_verifier
):
"""Test assessment In Progress after updating Verifiers and map fields"""
with factories.single_commit():
audit = factories.AuditFactory()
map_object = map_factory()
spanpshot = factories.SnapshotFactory(
parent=audit,
child_id=map_object.id,
child_type=map_object.__class__.__name__,
revision=factories.RevisionFactory()
)
assessment = factories.AssessmentFactory(
audit=audit,
status=all_models.Assessment.DONE_STATE,
)
person = factories.PersonFactory(email="*****@*****.**")
factories.RelationshipFactory(source=assessment, destination=spanpshot)
factories.AccessControlPersonFactory(
ac_list=assessment.acr_name_acl_map["Verifiers"],
person=person,
)
self.assertEqual(
all_models.Assessment.query.get(assessment.id).status,
all_models.Assessment.DONE_STATE)
response = self.import_data(OrderedDict([
("object_type", "Assessment"),
("Code", assessment.slug),
("Verifiers", new_verifier),
(map_column_name, map_object.slug),
]))
expected_response = {
"Assessment": {
"row_warnings": {
errors.STATE_WILL_BE_IGNORED.format(line=3),
}
}
}
self._check_csv_response(response, expected_response)
assessment = all_models.Assessment.query.get(assessment.id)
verifiers = [v.email for v in assessment.verifiers]
self.assertEqual(assessment.status, all_models.Assessment.PROGRESS_STATE)
self.assertEqual(verifiers or [""], [new_verifier])
def test_relationship_disallowed_type(self):
"""Validation fails when source-destination types pair disallowed."""
audit = factories.AuditFactory()
snapshottable = factories.ControlFactory()
ctrl_revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == snapshottable.id,
all_models.Revision.resource_type == snapshottable.type,
).first()
snapshot = factories.SnapshotFactory(
parent=audit,
revision_id=ctrl_revision.id,
child_type=snapshottable.type,
child_id=snapshottable.id,
)
with self.assertRaises(ValidationError):
factories.RelationshipFactory(source=snapshottable, destination=snapshot)
with self.assertRaises(ValidationError):
factories.RelationshipFactory(source=snapshot, destination=snapshottable)
def setUp(self):
super(TestIssueAuditMapping, self).setUp()
self.generator = generator.ObjectGenerator(fail_no_json=False)
control = factories.ControlFactory()
revision = all_models.Revision.query.filter(
all_models.Revision.resource_type == control.type,
all_models.Revision.resource_id == control.id,
).first()
with factories.single_commit():
self.audit = factories.AuditFactory()
self.snapshot = factories.SnapshotFactory(parent=self.audit,
revision=revision)
self.other_audits = [factories.AuditFactory() for _ in range(2)]
self.issue_mapped = factories.IssueFactory()
self.issue_unmapped = factories.IssueFactory()
self.issue_audit_mapping = factories.RelationshipFactory(
source=self.audit,
destination=self.issue_mapped,
context=self.audit.context,
)