def test_program_read_as_creator(self, program_role): """Test access to proposal for program reader/editor as Creator role""" with factories.single_commit(): program = factories.ProgramFactory() program_manager = factories.PersonFactory() factories.AccessControlPersonFactory( ac_list=program.acr_name_acl_map["Program Managers"], person=program_manager, ) program_id = program.id # make query to create proposal by program_manager self.api.set_user(program_manager) self.client.get("/login") acr_class = all_models.AccessControlRole acr = acr_class.query.filter( acr_class.name == 'ProposalEditor', acr_class.object_type == 'Proposal').one() create_data = self._get_create_proposal_request( program_id, acr.id, program_manager.id) self.api.post(all_models.Proposal, create_data) query_data = _get_query_proposal_request(program_id) headers = { "Content-Type": "application/json", } resp = self.api.client.post("/query", data=json.dumps(query_data), headers=headers).json self.assertEqual(1, len(resp)) self.assertEqual(resp[0]["Proposal"]["count"], 1) role_creator = all_models.Role.query.filter( all_models.Role.name == "Creator").one() # make query to check proposals by Creator role person with factories.single_commit(): person = factories.PersonFactory() rbac_factories.UserRoleFactory(role=role_creator, person=person) factories.AccessControlPersonFactory( ac_list=program.acr_name_acl_map[program_role], person=person, ) self.api.set_user(person) self.client.get("/login") query_data = _get_query_proposal_request(program_id) headers = { "Content-Type": "application/json", } resp = self.api.client.post("/query", data=json.dumps(query_data), headers=headers).json self.assertEqual(1, len(resp)) self.assertEqual(resp[0]["Proposal"]["count"], 1)
def test_nonadmin_has_no_access(self): """Test access to proposal for non creator of proposal""" role_creator = all_models.Role.query.filter( all_models.Role.name == "Creator").one() # prepare - create program, assign roles factories.AccessControlRoleFactory(name="ACL_Reader", update=0, object_type="Program") with factories.single_commit(): program = factories.ProgramFactory() person1 = factories.PersonFactory() person2 = factories.PersonFactory() for person in (person1, person2): rbac_factories.UserRoleFactory(role=role_creator, person=person) factories.AccessControlPersonFactory( ac_list=program.acr_name_acl_map["ACL_Reader"], person=person, ) program_id = program.id person2_id = person2.id # make query to create proposal by person1 self.api.set_user(person1) self.client.get("/login") acr_class = all_models.AccessControlRole acr = acr_class.query.filter( acr_class.name == 'ProposalEditor', acr_class.object_type == 'Proposal').one() create_data = self._get_create_proposal_request( program_id, acr.id, person1.id) self.api.post(all_models.Proposal, create_data) # login as person2 and make request self.api.set_user(all_models.Person.query.get(person2_id)) self.client.get("/login") query_data = _get_query_proposal_request(program_id) headers = { "Content-Type": "application/json", } resp = self.api.client.post("/query", data=json.dumps(query_data), headers=headers).json self.assertEqual(1, len(resp)) self.assertEqual(resp[0]["Proposal"]["count"], 0)
def test_query_filter(self, role_name, expected_count): """Test query proposals for {0}. Args: role_name: string, unique key, shows the position of user in generated infrustructure expected_count: int, number of proposals, that should be filtered by query """ program_id = self.program.id data = _get_query_proposal_request(program_id) self.api.set_user(self.people[role_name]) self.client.get("/login") headers = { "Content-Type": "application/json", } resp = self.api.client.post("/query", data=json.dumps(data), headers=headers).json self.assertEqual(1, len(resp)) self.assertEqual(expected_count, resp[0]["Proposal"]["count"])