예제 #1
0
def test_remove_access(user_session, client):
    ccpo = UserFactory.create_ccpo()
    user = UserFactory.create_ccpo()
    user_session(ccpo)

    response = client.post(url_for("ccpo.remove_access", user_id=user.id))
    assert user not in Users.get_ccpo_users()
예제 #2
0
파일: test_users.py 프로젝트: robgil/atst
def test_get_ccpo_users():
    ccpo_1 = UserFactory.create_ccpo()
    ccpo_2 = UserFactory.create_ccpo()
    rando = UserFactory.create()

    ccpo_users = Users.get_ccpo_users()
    assert ccpo_1 in ccpo_users
    assert ccpo_2 in ccpo_users
    assert rando not in ccpo_users
예제 #3
0
def test_user_can_access_decorator_application_level(set_current_user,
                                                     request_ctx):
    ccpo = UserFactory.create_ccpo()
    port_admin = UserFactory.create()
    app_user = UserFactory.create()
    rando = UserFactory.create()

    portfolio = PortfolioFactory.create(owner=port_admin,
                                        applications=[{
                                            "name": "Mos Eisley"
                                        }])
    app = portfolio.applications[0]
    ApplicationRoleFactory.create(application=app, user=app_user)

    request_ctx.g.portfolio = portfolio
    request_ctx.g.application = app

    @user_can_access_decorator(Permissions.VIEW_APPLICATION)
    def _stroll_into_mos_eisley(*args, **kwargs):
        return True

    set_current_user(ccpo)
    assert _stroll_into_mos_eisley(application_id=app.id)

    set_current_user(port_admin)
    assert _stroll_into_mos_eisley(application_id=app.id)

    set_current_user(app_user)
    assert _stroll_into_mos_eisley(application_id=app.id)

    set_current_user(rando)
    with pytest.raises(UnauthorizedError):
        _stroll_into_mos_eisley(application_id=app.id)
예제 #4
0
def test_user_can_access_decorator_portfolio_level(set_current_user,
                                                   request_ctx):
    ccpo = UserFactory.create_ccpo()
    edit_admin = UserFactory.create()
    view_admin = UserFactory.create()

    portfolio = PortfolioFactory.create(owner=edit_admin)
    # factory gives view perms by default
    PortfolioRoleFactory.create(user=view_admin, portfolio=portfolio)

    request_ctx.g.portfolio = portfolio
    request_ctx.g.application = None

    @user_can_access_decorator(Permissions.EDIT_PORTFOLIO_NAME)
    def _edit_portfolio_name(*args, **kwargs):
        return True

    set_current_user(ccpo)
    assert _edit_portfolio_name(portfolio_id=portfolio.id)

    set_current_user(edit_admin)
    assert _edit_portfolio_name(portfolio_id=portfolio.id)

    set_current_user(view_admin)
    with pytest.raises(UnauthorizedError):
        _edit_portfolio_name(portfolio_id=portfolio.id)
예제 #5
0
def test_user_can_access_decorator_atat_level(set_current_user):
    ccpo = UserFactory.create_ccpo()
    rando = UserFactory.create()

    @user_can_access_decorator(Permissions.VIEW_AUDIT_LOG)
    def _access_activity_log(*args, **kwargs):
        return True

    set_current_user(ccpo)
    assert _access_activity_log()

    set_current_user(rando)
    with pytest.raises(UnauthorizedError):
        _access_activity_log()
예제 #6
0
def test_update_ppoc_when_cpo(client, user_session):
    ccpo = UserFactory.create_ccpo()
    portfolio = PortfolioFactory.create()
    original_ppoc = portfolio.owner_role
    new_ppoc = Portfolios.add_member(
        member=UserFactory.create(),
        portfolio=portfolio,
        permission_sets=[PermissionSets.VIEW_PORTFOLIO],
    )

    user_session(ccpo)

    updating_ppoc_successfully(
        client=client, new_ppoc=new_ppoc, old_ppoc=original_ppoc, portfolio=portfolio
    )
예제 #7
0
def test_submit_new_user(user_session, client):
    ccpo = UserFactory.create_ccpo()
    new_user = UserFactory.create()
    random_dod_id = "1234567890"
    user_session(ccpo)

    # give new_user CCPO permissions
    response = client.post(url_for("ccpo.submit_new_user"),
                           data={"dod_id": new_user.dod_id})
    assert new_user.email in response.data.decode()

    # give person without ATAT account CCPO permissions
    response = client.post(url_for("ccpo.submit_new_user"),
                           data={"dod_id": random_dod_id})
    assert url_for("ccpo.users") in response.location
예제 #8
0
def test_user_can_access():
    ccpo = UserFactory.create_ccpo()
    edit_admin = UserFactory.create()
    view_admin = UserFactory.create()

    portfolio = PortfolioFactory.create(owner=edit_admin)
    # factory gives view perms by default
    view_admin_pr = PortfolioRoleFactory.create(user=view_admin,
                                                portfolio=portfolio)

    # check a site-wide permission
    assert user_can_access(ccpo, Permissions.VIEW_AUDIT_LOG)

    with pytest.raises(UnauthorizedError):
        user_can_access(edit_admin, Permissions.VIEW_AUDIT_LOG)

    with pytest.raises(UnauthorizedError):
        user_can_access(view_admin, Permissions.VIEW_AUDIT_LOG)

    # check a portfolio view permission
    assert user_can_access(ccpo,
                           Permissions.VIEW_PORTFOLIO,
                           portfolio=portfolio)
    assert user_can_access(edit_admin,
                           Permissions.VIEW_PORTFOLIO,
                           portfolio=portfolio)
    assert user_can_access(view_admin,
                           Permissions.VIEW_PORTFOLIO,
                           portfolio=portfolio)

    # check a portfolio edit permission
    assert user_can_access(ccpo,
                           Permissions.EDIT_PORTFOLIO_NAME,
                           portfolio=portfolio)
    assert user_can_access(edit_admin,
                           Permissions.EDIT_PORTFOLIO_NAME,
                           portfolio=portfolio)
    with pytest.raises(UnauthorizedError):
        user_can_access(view_admin,
                        Permissions.EDIT_PORTFOLIO_NAME,
                        portfolio=portfolio)

    # check when portfolio_role is disabled
    PortfolioRoles.disable(portfolio_role=view_admin_pr)
    with pytest.raises(UnauthorizedError):
        user_can_access(view_admin,
                        Permissions.EDIT_PORTFOLIO_NAME,
                        portfolio=portfolio)
예제 #9
0
def test_confirm_new_user(user_session, client):
    ccpo = UserFactory.create_ccpo()
    new_user = UserFactory.create()
    random_dod_id = "1234567890"
    user_session(ccpo)

    # give new_user CCPO permissions
    response = client.post(
        url_for("ccpo.confirm_new_user"),
        data={"dod_id": new_user.dod_id},
        follow_redirects=True,
    )
    assert new_user.dod_id in response.data.decode()

    # give person without ATAT account CCPO permissions
    response = client.post(
        url_for("ccpo.confirm_new_user"),
        data={"dod_id": random_dod_id},
        follow_redirects=True,
    )
    assert random_dod_id not in response.data.decode()
예제 #10
0
def ccpo():
    return UserFactory.create_ccpo()
예제 #11
0
def test_for_user_returns_all_portfolios_for_ccpo(portfolio, portfolio_owner):
    sam = UserFactory.create_ccpo()
    PortfolioFactory.create()

    sams_portfolios = Portfolios.for_user(sam)
    assert len(sams_portfolios) == 2
예제 #12
0
파일: test_users.py 프로젝트: robgil/atst
def test_revoke_ccpo_perms():
    ccpo = UserFactory.create_ccpo()
    Users.revoke_ccpo_perms(ccpo)
    ccpo_users = Users.get_ccpo_users()
    assert ccpo not in ccpo_users
예제 #13
0
def test_ccpo_users(user_session, client):
    ccpo = UserFactory.create_ccpo()
    user_session(ccpo)
    response = client.get(url_for("ccpo.users"))
    assert ccpo.email in response.data.decode()