def test_no_reindex_acr_for_same_obj(self): """Test that reindex records appear if acl is populated with current obj's role.""" system_role_name = "Admin" with factories.single_commit(): person = factories.PersonFactory(name="Test Name") system = factories.SystemFactory() audit = factories.AuditFactory() factories.AccessControlPersonFactory( ac_list=system.acr_name_acl_map[system_role_name], person=person, ) person_id = person.id person_name = person.name person_email = person.email revision = all_models.Revision.query.filter( all_models.Revision.resource_id == system.id, all_models.Revision.resource_type == system.type ).one() revision.content = system.log_json() db.session.add(revision) db.session.commit() self._create_snapshots(audit, [system]) self.assert_indexed_fields(system, system_role_name, { "{}-email".format(person_id): person_email, "{}-name".format(person_id): person_name, "__sort__": person_email, })
def test_system_acl_update(self): """Test updating of SOX system with non empty acl.""" with factories.single_commit(): system = factories.SystemFactory() person = factories.PersonFactory() system.add_person_with_role_name(person, "Admin") response = self.ext_api.put(system, system.id, data={ "access_control_list": { "Admin": [ { "email": "*****@*****.**", "name": "user1", }, { "email": "*****@*****.**", "name": "user2", }, ] }, }) self.assert200(response) system = all_models.System.query.get(system.id) actual_people_ids = system.get_person_ids_for_rolename("Admin") expected_people_ids = db.session.query(all_models.Person.id).filter( all_models.Person.email.in_( ("*****@*****.**", "*****@*****.**"))).all() self.assertItemsEqual(actual_people_ids, [i[0] for i in expected_people_ids])
def test_update_ext_user_ext_relationship(self): """Validation external app user updates external relationship.""" self.api.set_user(self.person_ext) with factories.single_commit(): product = factories.ProductFactory() system = factories.SystemFactory() self.create_relationship(product, system, True, self.person_ext) response = self.api.client.post(self.REL_URL, data=self.build_relationship_json( product, system, True), headers=self.HEADERS) self.assert200(response) relationship = all_models.Relationship.query.get( response.json[0][-1]["relationship"]["id"]) self.assertEqual(relationship.source_type, "Product") self.assertEqual(relationship.source_id, product.id) self.assertEqual(relationship.destination_type, "System") self.assertEqual(relationship.destination_id, system.id) self.assertTrue(relationship.is_external) self.assertEqual(relationship.modified_by_id, self.person_ext.id) self.assertIsNone(relationship.parent_id) self.assertIsNone(relationship.automapping_id) self.assertIsNone(relationship.context_id)
def test_no_reindex_acr_for_diff_obj(self, logger): """Test that no reindex records appear if acl is populated with other's obj role.""" product_admin = all_models.AccessControlRole.query.filter_by( object_type="Product", name="Admin").first() with factories.single_commit(): person = factories.PersonFactory(name="Test Name") system = factories.SystemFactory() audit = factories.AuditFactory() factories.AccessControlListFactory( ac_role=product_admin, object=system, person=person, ) system_id = system.id revision = all_models.Revision.query.filter( all_models.Revision.resource_id == system.id, all_models.Revision.resource_type == system.type).one() revision.content = system.log_json() db.session.add(revision) db.session.commit() self._create_snapshots(audit, [system]) fulltext_records = Record.query.filter( Record.key == system_id, Record.type == "System", Record.property == "Admin", ).all() self.assertEqual(len(fulltext_records), 0) logger.warning.assert_called_once_with( "Reindex: role %s, id %s is skipped for %s, id %s, " "because it relates to %s", product_admin.name, product_admin.id, system.__class__.__name__, system.id, product_admin.object_type)
def test_delete_ext_user_reg_relationship(self): """External app user can delete regular relationship.""" self.api.set_user(self.person_ext) with factories.single_commit(): product = factories.ProductFactory() system = factories.SystemFactory() rel = self.create_relationship(product, system, False, self.person_ext) response = self.api.delete(rel) self.assert200(response)
def test_acl_no_reindex_snapshots(self): """Test that snapshot reindex is not happened for acl where person has the same role for different kind of objects.""" product_admin = all_models.AccessControlRole.query.filter_by( object_type="Product", name="Admin" ).first() system_admin = all_models.AccessControlRole.query.filter_by( object_type="System", name="Admin" ).first() with factories.single_commit(): person = factories.PersonFactory(name="Test Name") system = factories.SystemFactory() audit = factories.AuditFactory() factories.AccessControlListFactory( ac_role=product_admin, object=system, person=person, ) system_role = factories.AccessControlListFactory( ac_role=system_admin, object=system, person=person, ) audit_id = audit.id system_id = system.id system_role_name = system_role.ac_role.name person_id = person.id person_name = person.name person_email = person.email revision = all_models.Revision.query.filter( all_models.Revision.resource_id == system.id, all_models.Revision.resource_type == system.type ).one() revision.content = system.log_json() db.session.add(revision) db.session.commit() self._create_snapshots(audit, [system]) self.client.post("/admin/reindex_snapshots") snapshot = all_models.Snapshot.query.filter( all_models.Snapshot.parent_id == audit_id, all_models.Snapshot.parent_type == 'Audit', all_models.Snapshot.child_id == system_id, all_models.Snapshot.child_type == 'System', ).one() self.assert_indexed_fields(snapshot, system_role_name, { "{}-email".format(person_id): person_email, "{}-name".format(person_id): person_name, "__sort__": person_email, })
def test_delete_reg_user_ext_relationship(self): """Validation regular user deletes external relationship.""" with factories.single_commit(): product = factories.ProductFactory() system = factories.SystemFactory() self.create_relationship(product, system, True, self.person_ext) self.api.set_user(self.person) rel = all_models.Relationship.query.first() response = self.api.delete(rel) self.assert200(response) relationship = all_models.Relationship.query.get(rel.id) self.assertIsNone(relationship)
def test_update_reg_user_ext_relationship(self): """Validation regular app user updates external relationship.""" self.api.set_user(self.person) with factories.single_commit(): product = factories.ProductFactory() system = factories.SystemFactory() self.create_relationship(product, system, True, self.person) response = self.api.client.post(self.REL_URL, data=self.build_relationship_json( product, system, False), headers=self.HEADERS) self.assert200(response)
def test_create_ext_user_reg_relationship(self): """Validation external app user creates regular relationship.""" self.api.set_user(self.person_ext) with factories.single_commit(): product = factories.ProductFactory() system = factories.SystemFactory() response = self.api.client.post(self.REL_URL, data=self.build_relationship_json( product, system, False), headers=self.HEADERS) self.assert400(response) self.assertEqual(response.json[0], [ 400, "External application can create only external relationships." ])
def test_delete_ext_user_reg_relationship(self): """Validation external app user deletes regular relationship.""" self.api.set_user(self.person_ext) with factories.single_commit(): product = factories.ProductFactory() system = factories.SystemFactory() rel = self.create_relationship(product, system, False, self.person_ext) response = self.api.delete(rel) self.assert400(response) self.assertEqual( response.json, { 'message': 'External application can delete only external ' 'relationships.', 'code': 400 })
def test_update_ext_user_reg_relationship(self): """External app user can update regular relationship.""" self.api.set_user(self.person_ext) with factories.single_commit(): product = factories.ProductFactory() system = factories.SystemFactory() self.create_relationship(product, system, False, self.person_ext) response = self.api.client.post(self.REL_URL, data=self.build_relationship_json( product, system, True), headers=self.HEADERS) self.assert200(response) self.assertEqual(response.json[0][1]["relationship"]["is_external"], True)
def test_relationship_creation(self): """Test external relationship post on behalf of external user.""" destination = factories.SystemFactory() source = factories.MarketFactory() relationship_data = json.dumps([{ "relationship": { "source": { "id": source.id, "type": source.type }, "destination": { "id": destination.id, "type": destination.type }, "context": { "id": None }, "is_external": True } }]) response = self._post("/api/relationships", data=relationship_data, headers=self.headers) self.assert200(response) ext_person = all_models.Person.query.filter_by( email="*****@*****.**").first() ext_person_id = ext_person.id relationship = all_models.Relationship.query.get( response.json[0][-1]["relationship"]["id"]) self.assertEqual(relationship.source_type, source.type) self.assertEqual(relationship.source_id, source.id) self.assertEqual(relationship.destination_type, "System") self.assertEqual(relationship.destination_id, destination.id) self.assertTrue(relationship.is_external) self.assertEqual(relationship.modified_by_id, ext_person_id) self.assertIsNone(relationship.parent_id) self.assertIsNone(relationship.automapping_id) self.assertIsNone(relationship.context_id) # check that POST on creation of existing relation return 200 code response = self._post("/api/relationships", data=relationship_data, headers=self.headers) self.assert200(response)
def test_system_external_put(self): """Test updating of System without If-Match/If-Unmodified-Since headers.""" system = factories.SystemFactory() data = { "system": { "id": system.id, "title": "updated system", "test_plan": "test plan", "notes": "test notes", "description": "test description", "slug": "SYSTEM-{}".format(system.id), } } response = self.ext_api.put(system, system.id, data=data) self.assert200(response, response.data) system = all_models.System.query.get(system.id) self.assertEqual(system.title, "updated system")
def test_post_modifier(self, model): """Test modifier of models when working as external user.""" headers = { "Content-Type": "application/json", "X-requested-by": "GGRC", "X-appengine-inbound-appid": self.allowed_appid, "X-ggrc-user": json.dumps({"email": "*****@*****.**"}), "X-external-user": json.dumps({"email": "*****@*****.**"}) } model_plural = model._inflector.table_plural model_singular = model._inflector.table_singular with mock.patch.multiple(PersonClient, _post=self._mock_post): self.client.get("/login", headers=headers) response = self._post("api/{}".format(model_plural), data=json.dumps({ model_singular: { "title": "{}1".format(model_singular), "context": 0 } }), headers=headers) self.assertEqual(response.status_code, 201) # check object modifier person = all_models.Person.query.filter_by( email="*****@*****.**").first() person_id = person.id model_json = response.json[model_singular] self.assertEqual(model_json['modified_by']['id'], person_id) self.assertEqual(person.system_wide_role, "Creator") # check revision modifier revision = all_models.Revision.query.filter( all_models.Revision.resource_type == model.__name__).order_by( all_models.Revision.id.desc()).first() self.assertEqual(revision.modified_by_id, person_id) # check event modifier event = all_models.Event.query.filter( all_models.Event.resource_type == model.__name__).order_by( all_models.Event.id.desc()).first() self.assertEqual(event.modified_by_id, person_id) # check relationship post destination = factories.SystemFactory() with mock.patch.multiple(PersonClient, _post=self._mock_post): response = self._post("/api/relationships", data=json.dumps([{ "relationship": { "source": { "id": model_json['id'], "type": model_json['type'] }, "destination": { "id": destination.id, "type": destination.type }, "context": { "id": None }, "is_external": True } }]), headers=headers) self.assert200(response) relationship = all_models.Relationship.query.get( response.json[0][-1]["relationship"]["id"]) self.assertEqual(relationship.source_type, model_json['type']) self.assertEqual(relationship.source_id, model_json['id']) self.assertEqual(relationship.destination_type, "System") self.assertEqual(relationship.destination_id, destination.id) self.assertTrue(relationship.is_external) self.assertEqual(relationship.modified_by_id, person_id) self.assertIsNone(relationship.parent_id) self.assertIsNone(relationship.automapping_id) self.assertIsNone(relationship.context_id)