def test_remove_access(user_session, client):
ccpo = UserFactory.create_ccpo()
user = UserFactory.create_ccpo()
user_session(ccpo)
response = client.post(url_for("ccpo.remove_access", user_id=user.id))
assert user not in Users.get_ccpo_users()
def test_get_ccpo_users():
ccpo_1 = UserFactory.create_ccpo()
ccpo_2 = UserFactory.create_ccpo()
rando = UserFactory.create()
ccpo_users = Users.get_ccpo_users()
assert ccpo_1 in ccpo_users
assert ccpo_2 in ccpo_users
assert rando not in ccpo_users
def test_user_can_access_decorator_application_level(set_current_user,
request_ctx):
ccpo = UserFactory.create_ccpo()
port_admin = UserFactory.create()
app_user = UserFactory.create()
rando = UserFactory.create()
portfolio = PortfolioFactory.create(owner=port_admin,
applications=[{
"name": "Mos Eisley"
}])
app = portfolio.applications[0]
ApplicationRoleFactory.create(application=app, user=app_user)
request_ctx.g.portfolio = portfolio
request_ctx.g.application = app
@user_can_access_decorator(Permissions.VIEW_APPLICATION)
def _stroll_into_mos_eisley(*args, **kwargs):
return True
set_current_user(ccpo)
assert _stroll_into_mos_eisley(application_id=app.id)
set_current_user(port_admin)
assert _stroll_into_mos_eisley(application_id=app.id)
set_current_user(app_user)
assert _stroll_into_mos_eisley(application_id=app.id)
set_current_user(rando)
with pytest.raises(UnauthorizedError):
_stroll_into_mos_eisley(application_id=app.id)
def test_user_can_access_decorator_portfolio_level(set_current_user,
request_ctx):
ccpo = UserFactory.create_ccpo()
edit_admin = UserFactory.create()
view_admin = UserFactory.create()
portfolio = PortfolioFactory.create(owner=edit_admin)
# factory gives view perms by default
PortfolioRoleFactory.create(user=view_admin, portfolio=portfolio)
request_ctx.g.portfolio = portfolio
request_ctx.g.application = None
@user_can_access_decorator(Permissions.EDIT_PORTFOLIO_NAME)
def _edit_portfolio_name(*args, **kwargs):
return True
set_current_user(ccpo)
assert _edit_portfolio_name(portfolio_id=portfolio.id)
set_current_user(edit_admin)
assert _edit_portfolio_name(portfolio_id=portfolio.id)
set_current_user(view_admin)
with pytest.raises(UnauthorizedError):
_edit_portfolio_name(portfolio_id=portfolio.id)
def test_user_can_access_decorator_atat_level(set_current_user):
ccpo = UserFactory.create_ccpo()
rando = UserFactory.create()
@user_can_access_decorator(Permissions.VIEW_AUDIT_LOG)
def _access_activity_log(*args, **kwargs):
return True
set_current_user(ccpo)
assert _access_activity_log()
set_current_user(rando)
with pytest.raises(UnauthorizedError):
_access_activity_log()
def test_update_ppoc_when_cpo(client, user_session):
ccpo = UserFactory.create_ccpo()
portfolio = PortfolioFactory.create()
original_ppoc = portfolio.owner_role
new_ppoc = Portfolios.add_member(
member=UserFactory.create(),
portfolio=portfolio,
permission_sets=[PermissionSets.VIEW_PORTFOLIO],
)
user_session(ccpo)
updating_ppoc_successfully(
client=client, new_ppoc=new_ppoc, old_ppoc=original_ppoc, portfolio=portfolio
)
def test_submit_new_user(user_session, client):
ccpo = UserFactory.create_ccpo()
new_user = UserFactory.create()
random_dod_id = "1234567890"
user_session(ccpo)
# give new_user CCPO permissions
response = client.post(url_for("ccpo.submit_new_user"),
data={"dod_id": new_user.dod_id})
assert new_user.email in response.data.decode()
# give person without ATAT account CCPO permissions
response = client.post(url_for("ccpo.submit_new_user"),
data={"dod_id": random_dod_id})
assert url_for("ccpo.users") in response.location
def test_user_can_access():
ccpo = UserFactory.create_ccpo()
edit_admin = UserFactory.create()
view_admin = UserFactory.create()
portfolio = PortfolioFactory.create(owner=edit_admin)
# factory gives view perms by default
view_admin_pr = PortfolioRoleFactory.create(user=view_admin,
portfolio=portfolio)
# check a site-wide permission
assert user_can_access(ccpo, Permissions.VIEW_AUDIT_LOG)
with pytest.raises(UnauthorizedError):
user_can_access(edit_admin, Permissions.VIEW_AUDIT_LOG)
with pytest.raises(UnauthorizedError):
user_can_access(view_admin, Permissions.VIEW_AUDIT_LOG)
# check a portfolio view permission
assert user_can_access(ccpo,
Permissions.VIEW_PORTFOLIO,
portfolio=portfolio)
assert user_can_access(edit_admin,
Permissions.VIEW_PORTFOLIO,
portfolio=portfolio)
assert user_can_access(view_admin,
Permissions.VIEW_PORTFOLIO,
portfolio=portfolio)
# check a portfolio edit permission
assert user_can_access(ccpo,
Permissions.EDIT_PORTFOLIO_NAME,
portfolio=portfolio)
assert user_can_access(edit_admin,
Permissions.EDIT_PORTFOLIO_NAME,
portfolio=portfolio)
with pytest.raises(UnauthorizedError):
user_can_access(view_admin,
Permissions.EDIT_PORTFOLIO_NAME,
portfolio=portfolio)
# check when portfolio_role is disabled
PortfolioRoles.disable(portfolio_role=view_admin_pr)
with pytest.raises(UnauthorizedError):
user_can_access(view_admin,
Permissions.EDIT_PORTFOLIO_NAME,
portfolio=portfolio)
def test_confirm_new_user(user_session, client):
ccpo = UserFactory.create_ccpo()
new_user = UserFactory.create()
random_dod_id = "1234567890"
user_session(ccpo)
# give new_user CCPO permissions
response = client.post(
url_for("ccpo.confirm_new_user"),
data={"dod_id": new_user.dod_id},
follow_redirects=True,
)
assert new_user.dod_id in response.data.decode()
# give person without ATAT account CCPO permissions
response = client.post(
url_for("ccpo.confirm_new_user"),
data={"dod_id": random_dod_id},
follow_redirects=True,
)
assert random_dod_id not in response.data.decode()
def ccpo():
return UserFactory.create_ccpo()
def test_for_user_returns_all_portfolios_for_ccpo(portfolio, portfolio_owner):
sam = UserFactory.create_ccpo()
PortfolioFactory.create()
sams_portfolios = Portfolios.for_user(sam)
assert len(sams_portfolios) == 2
def test_revoke_ccpo_perms():
ccpo = UserFactory.create_ccpo()
Users.revoke_ccpo_perms(ccpo)
ccpo_users = Users.get_ccpo_users()
assert ccpo not in ccpo_users
def test_ccpo_users(user_session, client):
ccpo = UserFactory.create_ccpo()
user_session(ccpo)
response = client.get(url_for("ccpo.users"))
assert ccpo.email in response.data.decode()
