def test_list_returns_all_if_omniscient_nd_collector_view_but_no_ownership(
self):
view = TestResourceViewCollector()
request = HttpRequest()
request.method = 'GET'
request.META['HTTP_AUTHORIZATION'] = \
'Bearer correct-token'
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(
permissions=['omniscient', 'collector-view'])
with HTTMock(signon):
response = view.get(request)
try:
json_response = json.loads(response.content)
except ValueError:
json_response = None
assert_that(response.status_code, is_(200))
assert_that(len(json_response), is_(2))
assert_that(json_response, contains_inanyorder(
has_entry("name", starts_with(
self.__class__.collector_type1.name)),
has_entry("name", starts_with(
self.__class__.collector_type2.name))))
def test_detail_returns_all_data_sets_if_user_has_admin_permission(self):
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(permissions=['signin', 'admin'])
with HTTMock(signon):
resp = self.client.get('/data-sets/unseen',
HTTP_AUTHORIZATION='Bearer correct-token')
assert_equal(resp.status_code, 200)
def test_detail_returns_all_data_sets_if_user_has_admin_permission(self):
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(permissions=['signin', 'admin'])
with HTTMock(signon):
resp = self.client.get(
'/data-sets/unseen',
HTTP_AUTHORIZATION='Bearer correct-token')
assert_equal(resp.status_code, 200)
def test_list_returns_no_data_sets_if_there_is_no_backdrop_user(self):
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(permissions=['signin', 'dataset'])
with HTTMock(signon):
resp = self.client.get('/data-sets',
HTTP_AUTHORIZATION='Bearer correct-token')
assert_equal(resp.status_code, 200)
response_object = json.loads(resp.content.decode('utf-8'))
assert_equal(len(response_object), 0)
def test_detail_does_not_return_data_sets_the_user_cannot_see(self):
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(
permissions=['signin', 'dataset'],
email='*****@*****.**')
with HTTMock(signon):
resp = self.client.get('/data-sets/unseen',
HTTP_AUTHORIZATION='Bearer correct-token')
assert_equal(resp.status_code, 404)
def test_user_permission_needed(self):
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(permissions=['signin'])
with HTTMock(signon):
resp = self.client.get('/users/foo%40bar.com',
HTTP_AUTHORIZATION='Bearer correct-token')
assert_that(resp, is_forbidden())
assert_that(resp, is_error_response())
settings.USE_DEVELOPMENT_USERS = True
def test_user_permission_needed(self):
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(permissions=['signin'])
with HTTMock(signon):
resp = self.client.get(
'/users/foo%40bar.com',
HTTP_AUTHORIZATION='Bearer correct-token')
assert_that(resp, is_forbidden())
assert_that(resp, is_error_response())
settings.USE_DEVELOPMENT_USERS = True
def test_detail_does_not_return_data_sets_the_user_cannot_see(self):
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(
permissions=['signin', 'dataset'],
email='*****@*****.**')
with HTTMock(signon):
resp = self.client.get(
'/data-sets/unseen',
HTTP_AUTHORIZATION='Bearer correct-token')
assert_equal(resp.status_code, 404)
def test_list_returns_no_data_sets_if_there_is_no_backdrop_user(self):
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(permissions=['signin', 'dataset'])
with HTTMock(signon):
resp = self.client.get(
'/data-sets',
HTTP_AUTHORIZATION='Bearer correct-token')
assert_equal(resp.status_code, 200)
response_object = json.loads(resp.content.decode('utf-8'))
assert_equal(len(response_object), 0)
def test_list_only_returns_data_sets_the_user_can_see(self):
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(
permissions=['signin', 'dataset'],
email='*****@*****.**')
with HTTMock(signon):
resp = self.client.get('/data-sets',
HTTP_AUTHORIZATION='Bearer correct-token')
assert_equal(resp.status_code, 200)
response_object = json.loads(resp.content.decode('utf-8'))
assert_equal(len(response_object), 4)
def test_list_only_returns_data_sets_the_user_can_see(self):
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(
permissions=['signin', 'dataset'],
email='*****@*****.**')
with HTTMock(signon):
resp = self.client.get(
'/data-sets',
HTTP_AUTHORIZATION='Bearer correct-token')
assert_equal(resp.status_code, 200)
response_object = json.loads(resp.content.decode('utf-8'))
assert_equal(len(response_object), 4)
def test_detail_returns_404_if_collector_view_not_omniscient(self):
view = TestResourceViewCollector()
request = HttpRequest()
request.method = 'GET'
request.META['HTTP_AUTHORIZATION'] = \
'Bearer correct-token'
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(permissions=['collector-view'])
with HTTMock(signon):
response = view.get(request, **{'id': self.collector1.id})
assert_that(response.status_code, is_(404))
def test_list_with_trailing_slash_still_routed(self):
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(
permissions=['signin', 'dataset'],
email='*****@*****.**')
with HTTMock(signon):
resp = self.client.get('/data-sets/?data-type=type1',
HTTP_AUTHORIZATION=('Bearer correct-token'),
follow=True)
assert_equal(resp.status_code, 200)
response_object = json.loads(resp.content.decode('utf-8'))
assert_equal(len(response_object), 2)
def test_list_returns_403_if_omniscient_no_collector_view(
self):
view = TestResourceViewCollector()
request = HttpRequest()
request.method = 'GET'
request.META['HTTP_AUTHORIZATION'] = \
'Bearer correct-token'
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(permissions=['omniscient'])
with HTTMock(signon):
response = view.get(request)
assert_that(response.status_code, is_(403))
def test_list_with_trailing_slash_still_routed(self):
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(
permissions=['signin', 'dataset'],
email='*****@*****.**')
with HTTMock(signon):
resp = self.client.get(
'/data-sets/?data-type=type1',
HTTP_AUTHORIZATION=('Bearer correct-token'),
follow=True)
assert_equal(resp.status_code, 200)
response_object = json.loads(resp.content.decode('utf-8'))
assert_equal(len(response_object), 2)
def test_add_node_without_permission(self):
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(
permissions=['signin'],
email='*****@*****.**')
with HTTMock(signon):
resp = self.client.post(
'/organisation/node',
data=json.dumps({
'name': 'Edam',
'type_id': 'ea72e3e1-13b8-4bf6-9ffb-7cd0d2f168d4'
}),
HTTP_AUTHORIZATION='Bearer correct-token',
content_type='application/json')
assert_that(resp.status_code, equal_to(403))
def test_add_node_without_permission(self):
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(
permissions=['signin'],
email='*****@*****.**')
with HTTMock(signon):
resp = self.client.post('/organisation/node',
data=json.dumps({
'name':
'Edam',
'type_id':
'ea72e3e1-13b8-4bf6-9ffb-7cd0d2f168d4'
}),
HTTP_AUTHORIZATION='Bearer correct-token',
content_type='application/json')
assert_that(resp.status_code, equal_to(403))
def test_detail_returns_unowned_if_user_has_admin_permission(self):
view = TestResourceViewCollector()
request = HttpRequest()
request.method = 'GET'
request.META['HTTP_AUTHORIZATION'] = \
'Bearer correct-token'
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(permissions=['admin'])
with HTTMock(signon):
response = view.get(request, **{'id': self.collector1.id})
try:
json_response = json.loads(response.content)
except ValueError:
json_response = None
assert_that(response.status_code, is_(200))
assert_that(json_response['id'], equal_to(
str(self.__class__.collector1.id)))
def test_list_returns_empty_list_if_collector_view_not_omniscient(
self):
view = TestResourceViewCollector()
request = HttpRequest()
request.method = 'GET'
request.META['HTTP_AUTHORIZATION'] = \
'Bearer correct-token'
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(permissions=['collector-view'])
with HTTMock(signon):
response = view.get(request)
try:
json_response = json.loads(response.content)
except ValueError:
json_response = None
assert_that(response.status_code, is_(200))
assert_that(len(json_response), is_(0))
def _mock_signon(self, permissions):
return HTTMock(govuk_signon_mock(permissions=permissions))
def _mock_signon(self, permissions):
return HTTMock(
govuk_signon_mock(
permissions=permissions))
def test_list(self):
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(
permissions=['signin', 'dataset'],
email='*****@*****.**')
with HTTMock(signon):
resp = self.client.get('/data-sets',
HTTP_AUTHORIZATION='Bearer correct-token')
assert_equal(resp.status_code, 200)
expected = [{
'bearer_token': '',
'capped_size': None,
'name': 'group1_type1',
'data_type': 'type1',
'realtime': False,
'auto_ids': ['aa'],
'max_age_expected': 86400,
'data_group': 'group1',
'upload_filters': ['backdrop.filter.1'],
'queryable': True,
'upload_format': '',
'raw_queries_allowed': True,
'published': False
}, {
'bearer_token':
'',
'capped_size':
None,
'name':
'set2',
'data_type':
'type1',
'realtime':
False,
'auto_ids': ['aa', 'bb'],
'max_age_expected':
86400,
'data_group':
'group2',
'upload_filters': ['backdrop.filter.1', 'backdrop.filter.2'],
'queryable':
True,
'upload_format':
'',
'raw_queries_allowed':
True,
'published':
False
}, {
'name': 'abc_-0123456789',
'data_group': 'group3',
'data_type': 'type3',
'bearer_token': '',
'capped_size': None,
'realtime': False,
'auto_ids': [],
'max_age_expected': 86400,
'upload_filters': [],
'queryable': True,
'upload_format': '',
'raw_queries_allowed': True,
'published': False
}, {
'name': 'monitoring-data-set',
'data_group': 'group3',
'data_type': 'monitoring',
'bearer_token': '',
'capped_size': None,
'realtime': False,
'auto_ids': [],
'max_age_expected': 86400,
'upload_filters': [],
'queryable': True,
'upload_format': '',
'raw_queries_allowed': True,
'published': False
}]
response_object = json.loads(resp.content.decode('utf-8'))
assert_equal(len(response_object), len(expected))
for i, record in enumerate(expected):
if record['data_type'] != 'monitoring':
record['schema'] = self._get_default_schema(
record['data_group'] + "/" + record['data_type'])
else:
record['schema'] = self.monitoring_schema
assert_equal(record, response_object[i])
def test_list(self):
settings.USE_DEVELOPMENT_USERS = False
signon = govuk_signon_mock(
permissions=['signin', 'dataset'],
email='*****@*****.**')
with HTTMock(signon):
resp = self.client.get(
'/data-sets',
HTTP_AUTHORIZATION='Bearer correct-token')
assert_equal(resp.status_code, 200)
expected = [
{
'bearer_token': '',
'capped_size': None,
'name': 'group1_type1',
'data_type': 'type1',
'realtime': False,
'auto_ids': ['aa'],
'max_age_expected': 86400,
'data_group': 'group1',
'upload_filters': ['backdrop.filter.1'],
'queryable': True,
'upload_format': '',
'raw_queries_allowed': True,
'published': False
},
{
'bearer_token': '',
'capped_size': None,
'name': 'set2',
'data_type': 'type1',
'realtime': False,
'auto_ids': ['aa', 'bb'],
'max_age_expected': 86400,
'data_group': 'group2',
'upload_filters': ['backdrop.filter.1', 'backdrop.filter.2'],
'queryable': True,
'upload_format': '',
'raw_queries_allowed': True,
'published': False
},
{
'name': 'abc_-0123456789',
'data_group': 'group3',
'data_type': 'type3',
'bearer_token': '',
'capped_size': None,
'realtime': False,
'auto_ids': [],
'max_age_expected': 86400,
'upload_filters': [],
'queryable': True,
'upload_format': '',
'raw_queries_allowed': True,
'published': False
},
{
'name': 'monitoring-data-set',
'data_group': 'group3',
'data_type': 'monitoring',
'bearer_token': '',
'capped_size': None,
'realtime': False,
'auto_ids': [],
'max_age_expected': 86400,
'upload_filters': [],
'queryable': True,
'upload_format': '',
'raw_queries_allowed': True,
'published': False
}
]
response_object = json.loads(resp.content.decode('utf-8'))
assert_equal(len(response_object), len(expected))
for i, record in enumerate(expected):
if record['data_type'] != 'monitoring':
record['schema'] = self._get_default_schema(
record['data_group'] + "/" +
record['data_type']
)
else:
record['schema'] = self.monitoring_schema
assert_equal(
record, response_object[i]
)
