def test_remove_access(user_session, client): ccpo = UserFactory.create_ccpo() user = UserFactory.create_ccpo() user_session(ccpo) response = client.post(url_for("ccpo.remove_access", user_id=user.id)) assert user not in Users.get_ccpo_users()
def test_get_ccpo_users(): ccpo_1 = UserFactory.create_ccpo() ccpo_2 = UserFactory.create_ccpo() rando = UserFactory.create() ccpo_users = Users.get_ccpo_users() assert ccpo_1 in ccpo_users assert ccpo_2 in ccpo_users assert rando not in ccpo_users
def test_user_can_access_decorator_application_level(set_current_user, request_ctx): ccpo = UserFactory.create_ccpo() port_admin = UserFactory.create() app_user = UserFactory.create() rando = UserFactory.create() portfolio = PortfolioFactory.create(owner=port_admin, applications=[{ "name": "Mos Eisley" }]) app = portfolio.applications[0] ApplicationRoleFactory.create(application=app, user=app_user) request_ctx.g.portfolio = portfolio request_ctx.g.application = app @user_can_access_decorator(Permissions.VIEW_APPLICATION) def _stroll_into_mos_eisley(*args, **kwargs): return True set_current_user(ccpo) assert _stroll_into_mos_eisley(application_id=app.id) set_current_user(port_admin) assert _stroll_into_mos_eisley(application_id=app.id) set_current_user(app_user) assert _stroll_into_mos_eisley(application_id=app.id) set_current_user(rando) with pytest.raises(UnauthorizedError): _stroll_into_mos_eisley(application_id=app.id)
def test_user_can_access_decorator_portfolio_level(set_current_user, request_ctx): ccpo = UserFactory.create_ccpo() edit_admin = UserFactory.create() view_admin = UserFactory.create() portfolio = PortfolioFactory.create(owner=edit_admin) # factory gives view perms by default PortfolioRoleFactory.create(user=view_admin, portfolio=portfolio) request_ctx.g.portfolio = portfolio request_ctx.g.application = None @user_can_access_decorator(Permissions.EDIT_PORTFOLIO_NAME) def _edit_portfolio_name(*args, **kwargs): return True set_current_user(ccpo) assert _edit_portfolio_name(portfolio_id=portfolio.id) set_current_user(edit_admin) assert _edit_portfolio_name(portfolio_id=portfolio.id) set_current_user(view_admin) with pytest.raises(UnauthorizedError): _edit_portfolio_name(portfolio_id=portfolio.id)
def test_user_can_access_decorator_atat_level(set_current_user): ccpo = UserFactory.create_ccpo() rando = UserFactory.create() @user_can_access_decorator(Permissions.VIEW_AUDIT_LOG) def _access_activity_log(*args, **kwargs): return True set_current_user(ccpo) assert _access_activity_log() set_current_user(rando) with pytest.raises(UnauthorizedError): _access_activity_log()
def test_update_ppoc_when_cpo(client, user_session): ccpo = UserFactory.create_ccpo() portfolio = PortfolioFactory.create() original_ppoc = portfolio.owner_role new_ppoc = Portfolios.add_member( member=UserFactory.create(), portfolio=portfolio, permission_sets=[PermissionSets.VIEW_PORTFOLIO], ) user_session(ccpo) updating_ppoc_successfully( client=client, new_ppoc=new_ppoc, old_ppoc=original_ppoc, portfolio=portfolio )
def test_submit_new_user(user_session, client): ccpo = UserFactory.create_ccpo() new_user = UserFactory.create() random_dod_id = "1234567890" user_session(ccpo) # give new_user CCPO permissions response = client.post(url_for("ccpo.submit_new_user"), data={"dod_id": new_user.dod_id}) assert new_user.email in response.data.decode() # give person without ATAT account CCPO permissions response = client.post(url_for("ccpo.submit_new_user"), data={"dod_id": random_dod_id}) assert url_for("ccpo.users") in response.location
def test_user_can_access(): ccpo = UserFactory.create_ccpo() edit_admin = UserFactory.create() view_admin = UserFactory.create() portfolio = PortfolioFactory.create(owner=edit_admin) # factory gives view perms by default view_admin_pr = PortfolioRoleFactory.create(user=view_admin, portfolio=portfolio) # check a site-wide permission assert user_can_access(ccpo, Permissions.VIEW_AUDIT_LOG) with pytest.raises(UnauthorizedError): user_can_access(edit_admin, Permissions.VIEW_AUDIT_LOG) with pytest.raises(UnauthorizedError): user_can_access(view_admin, Permissions.VIEW_AUDIT_LOG) # check a portfolio view permission assert user_can_access(ccpo, Permissions.VIEW_PORTFOLIO, portfolio=portfolio) assert user_can_access(edit_admin, Permissions.VIEW_PORTFOLIO, portfolio=portfolio) assert user_can_access(view_admin, Permissions.VIEW_PORTFOLIO, portfolio=portfolio) # check a portfolio edit permission assert user_can_access(ccpo, Permissions.EDIT_PORTFOLIO_NAME, portfolio=portfolio) assert user_can_access(edit_admin, Permissions.EDIT_PORTFOLIO_NAME, portfolio=portfolio) with pytest.raises(UnauthorizedError): user_can_access(view_admin, Permissions.EDIT_PORTFOLIO_NAME, portfolio=portfolio) # check when portfolio_role is disabled PortfolioRoles.disable(portfolio_role=view_admin_pr) with pytest.raises(UnauthorizedError): user_can_access(view_admin, Permissions.EDIT_PORTFOLIO_NAME, portfolio=portfolio)
def test_confirm_new_user(user_session, client): ccpo = UserFactory.create_ccpo() new_user = UserFactory.create() random_dod_id = "1234567890" user_session(ccpo) # give new_user CCPO permissions response = client.post( url_for("ccpo.confirm_new_user"), data={"dod_id": new_user.dod_id}, follow_redirects=True, ) assert new_user.dod_id in response.data.decode() # give person without ATAT account CCPO permissions response = client.post( url_for("ccpo.confirm_new_user"), data={"dod_id": random_dod_id}, follow_redirects=True, ) assert random_dod_id not in response.data.decode()
def ccpo(): return UserFactory.create_ccpo()
def test_for_user_returns_all_portfolios_for_ccpo(portfolio, portfolio_owner): sam = UserFactory.create_ccpo() PortfolioFactory.create() sams_portfolios = Portfolios.for_user(sam) assert len(sams_portfolios) == 2
def test_revoke_ccpo_perms(): ccpo = UserFactory.create_ccpo() Users.revoke_ccpo_perms(ccpo) ccpo_users = Users.get_ccpo_users() assert ccpo not in ccpo_users
def test_ccpo_users(user_session, client): ccpo = UserFactory.create_ccpo() user_session(ccpo) response = client.get(url_for("ccpo.users")) assert ccpo.email in response.data.decode()