def test_fields_saved(self):
ap = Permission.get_by(name=u'users-test1').id
dp = Permission.get_by(name=u'users-test2').id
gp = Group.get_by(name=u'test-group') or Group.add_iu(
name=u'test-group',
approved_permissions=[],
denied_permissions=[],
assigned_users=[])
gp = gp.id
topost = {
'login_id': 'usersavedsu',
'password': '******',
'email_address': '*****@*****.**',
'password-confirm': 'testtest',
'email': '*****@*****.**',
'user-submit-flag': 'submitted',
'approved_permissions': ap,
'denied_permissions': dp,
'assigned_groups': gp,
'super_user': 1,
'inactive_flag': False,
'inactive_date': '',
'name_first': '',
'name_last': ''
}
req, r = self.c.post('users/add', data=topost, follow_redirects=True)
assert r.status_code == 200, r.status
assert b'User added' in r.data
assert req.url.endswith('users/manage')
user = User.get_by_email(u'*****@*****.**')
assert user.login_id == 'usersavedsu'
assert user.reset_required
assert user.super_user
assert user.pass_hash
assert user.groups[0].name == 'test-group'
assert len(user.groups) == 1
found = 3
for permrow in user.permission_map:
if permrow['permission_name'] == u'users-test1':
assert permrow['resulting_approval']
found -= 1
if permrow['permission_name'] in (u'users-test2', u'auth-manage'):
assert not permrow['resulting_approval']
found -= 1
assert found == 0
def testing_create(cls,
loginid=None,
approved_perms=[],
denied_perms=[],
reset_required=False,
groups=[]):
# use the hierarchy to find the Permission in case the app has changed
# it
from compstack.auth.model.orm import Permission
login_id = loginid or randchars()
email_address = '*****@*****.**' % login_id
password = randchars(15)
appr_perm_ids = []
denied_perm_ids = []
# create the permissions
for perm in tolist(approved_perms):
p = Permission.get_by(name=perm)
if p is None:
raise ValueError('permission %s does not exist' % perm)
appr_perm_ids.append(p.id)
for perm in tolist(denied_perms):
p = Permission.get_by(name=perm)
if p is None:
raise ValueError('permission %s does not exist' % perm)
denied_perm_ids.append(p.id)
u = cls.add(
login_id=login_id,
email_address=email_address,
password=password,
reset_required=reset_required,
# don't let the update method set reset_required
pass_reset_ok=False,
approved_permissions=appr_perm_ids,
denied_permissions=denied_perm_ids,
# not quite sure why these are needed, they should default, but I
# ran into an issue when testing that would throw SAValidation
# errors up when I leave them out.
inactive_flag=False,
super_user=False,
)
u.groups.extend(tolist(groups))
db.sess.commit()
u.text_password = password
return u
def test_perm_changes(self):
p1 = Permission.get_by(name=u'prof-test-1').id
p2 = Permission.get_by(name=u'prof-test-2').id
# add user to group
user = User.get(self.userid)
gp = Group.add_iu(name=u'test-group',
approved_permissions=[],
denied_permissions=[],
assigned_users=[user.id]).id
r = self.c.post('users/profile', data=self.get_to_post())
assert r.status_code == 200, r.status
user = User.get(self.userid)
approved, denied = user.assigned_permission_ids
assert p1 in approved
assert p2 in denied
assert gp in [g.id for g in user.groups]
def test_user_permission_map_groups(self):
# test group perms map
perm_map = User.get(self.user.id).permission_map_groups
assert not Permission.get_by(name=u'ugp_approved').id in perm_map
assert not Permission.get_by(name=u'ugp_not_approved').id in perm_map
assert len(perm_map[self.perm_approved_grp.id]['approved']) == 1
assert perm_map[self.perm_approved_grp.id]['approved'][0]['id'] == self.g1.id
assert len(perm_map[self.perm_approved_grp.id]['denied']) == 0
assert len(perm_map[self.perm_denied.id]['approved']) == 1
assert perm_map[self.perm_denied.id]['approved'][0]['id'] == self.g1.id
assert len(perm_map[self.perm_denied.id]['denied']) == 0
assert len(perm_map[self.perm_denied_grp.id]['approved']) == 1
assert perm_map[self.perm_denied_grp.id]['approved'][0]['id'] == self.g1.id
assert len(perm_map[self.perm_denied_grp.id]['denied']) == 1
assert perm_map[self.perm_denied_grp.id]['denied'][0]['id'] == self.g2.id
def assign_permissions_by_name(cls,
group_name,
approved_perm_list=[],
denied_perm_list=[]):
# Note: this function is a wrapper for assign_permissions and will commit db trans
from compstack.auth.model.orm import Permission
group = cls.get_by(name=six.text_type(group_name))
approved_perm_ids = [
item.id for item in [
Permission.get_by(name=six.text_type(perm))
for perm in tolist(approved_perm_list)
]
]
denied_perm_ids = [
item.id for item in [
Permission.get_by(name=six.text_type(perm))
for perm in tolist(denied_perm_list)
]
]
group.assign_permissions(approved_perm_ids, denied_perm_ids)
def setup_class(cls):
permissions = [
'ugp_approved_grp', 'ugp_not_approved', 'ugp_denied_grp']
for permission in permissions:
Permission.add(name=six.text_type(permission))
cls.user = create_user_with_permissions(u'ugp_approved', u'ugp_denied')
cls.user2 = create_user_with_permissions(u'ugp_approved')
cls.g1 = Group.add(name=u'ugp_g1')
cls.g2 = Group.add(name=u'ugp_g2')
Group.assign_permissions_by_name(u'ugp_g1', (u'ugp_approved_grp', u'ugp_denied',
u'ugp_denied_grp'))
Group.assign_permissions_by_name(u'ugp_g2', None, u'ugp_denied_grp')
cls.user.groups.append(cls.g1)
cls.user.groups.append(cls.g2)
db.sess.commit()
cls.perm_approved_grp = Permission.get_by(name=u'ugp_approved_grp')
cls.perm_denied = Permission.get_by(name=u'ugp_denied')
cls.perm_denied_grp = Permission.get_by(name=u'ugp_denied_grp')
def create_user_with_permissions(approved_perms=None,
denied_perms=None,
super_user=False):
from compstack.auth.model.orm import User, Permission
appr_perm_ids = []
denied_perm_ids = []
# create the permissions
for perm in tolist(approved_perms):
p = Permission.get_by(name=perm)
if p is None:
raise ValueError('permission %s does not exist' % perm)
appr_perm_ids.append(p.id)
for perm in tolist(denied_perms):
p = Permission.get_by(name=perm)
if p is None:
raise ValueError('permission %s does not exist' % perm)
denied_perm_ids.append(p.id)
# create the user
username = u'user_for_testing_%s' % randchars(15)
password = randchars(15)
user = User.add(login_id=username,
email_address=u'*****@*****.**' % username,
password=password,
super_user=super_user,
assigned_groups=[],
approved_permissions=appr_perm_ids,
denied_permissions=denied_perm_ids)
# turn login flag off
user.reset_required = False
db.sess.commit()
# make text password available
user.text_password = password
return user
def test_perms_legit(self):
p = Permission.get_by(name=u'users-test1')
perm = [str(p.id)]
topost = {
'login_id': 'newuser',
'password': '******',
'email_address': '*****@*****.**',
'password-confirm': 'testtest',
'email': '*****@*****.**',
'user-submit-flag': 'submitted',
'approved_permissions': perm,
'denied_permissions': perm
}
r = self.c.post('users/add', data=topost)
assert r.status_code == 200, r.status
assert b'Denied: you can not approve and deny the same permission' in r.data
assert b'Approved: you can not approve and deny the same permission' in r.data
def test_permission_get_by_name():
p = Permission.add_iu(name=u'permission_for_testing_%s' % randchars(15))
assert Permission.get_by(name=p.name).id == p.id
def test_fields_saved(self):
ap = Permission.get_by(name=u'users-test1').id
dp = Permission.get_by(name=u'users-test2').id
gp = Group.get_by(name=u'test-group') or Group.add_iu(
name=u'test-group',
approved_permissions=[],
denied_permissions=[],
assigned_users=[])
gp = gp.id
topost = {
'login_id': 'usersaved',
'email_address': '*****@*****.**',
'user-submit-flag': 'submitted',
'approved_permissions': ap,
'denied_permissions': dp,
'assigned_groups': gp,
'super_user': 1,
'inactive_flag': False,
'inactive_date': '10/11/2010',
'name_first': 'test',
'name_last': 'user',
'email_notify': 1
}
# setup the mock objects so we can test the email getting sent out
tt = minimock.TraceTracker()
smtplib.SMTP = minimock.Mock('smtplib.SMTP', tracker=None)
smtplib.SMTP.mock_returns = minimock.Mock('smtp_connection',
tracker=tt)
req, r = self.c.post('users/add', data=topost, follow_redirects=True)
assert r.status_code == 200, r.status
assert b'User added' in r.data
assert req.url.endswith('users/manage')
mmdump = tt.dump()
assert 'To: [email protected]' in mmdump
assert 'You have been added to our system of registered users.' in mmdump
assert 'user name: usersaved' in mmdump
assert re.search(r'password: [a-zA-Z0-9]*', mmdump) is not None
assert re.search(r'password: None', mmdump) is None
minimock.restore()
user = User.get_by_email(u'*****@*****.**')
assert user.login_id == 'usersaved'
assert user.reset_required
assert not user.super_user
assert user.pass_hash
assert user.groups[0].name == 'test-group'
assert len(user.groups) == 1
assert user.inactive_date == datetime.datetime(2010, 10,
11), user.inactive_date
assert user.name_first == 'test'
assert user.name_last == 'user'
found = 3
for permrow in user.permission_map:
if permrow['permission_name'] == u'users-test1':
assert permrow['resulting_approval']
found -= 1
if permrow['permission_name'] in (u'users-test2', u'auth-manage'):
assert not permrow['resulting_approval']
found -= 1
assert found == 0
# now test an edit
topost = {
'login_id': 'usersaved',
'email_address': '*****@*****.**',
'user-submit-flag': 'submitted',
'approved_permissions': dp,
'denied_permissions': ap,
'assigned_groups': None,
'super_user': 1,
'inactive_flag': False,
'inactive_date': '10/10/2010',
'name_first': 'test2',
'name_last': 'user2',
'email_notify': 1,
'password': '******',
'password-confirm': 'test_new_password'
}
# setup the mock objects so we can test the email getting sent out
tt = minimock.TraceTracker()
smtplib.SMTP = minimock.Mock('smtplib.SMTP', tracker=None)
smtplib.SMTP.mock_returns = minimock.Mock('smtp_connection',
tracker=tt)
req, r = self.c.post('users/edit/%s' % user.id,
data=topost,
follow_redirects=True)
assert b'User edited successfully' in r.data
assert req.url.endswith('users/manage')
assert tt.check(
'Called smtp_connection.sendmail([email protected] '
'password for this site has been reset'
'...first successful login...')
# restore the mocked objects
minimock.restore()
mmdump = tt.dump()
assert 'To: [email protected]' in mmdump
assert 'Your password for this site has been reset by an administrator.' in mmdump
assert 'user name: usersaved' in mmdump
assert re.search(r'password: [a-zA-Z0-9]*', mmdump) is not None
assert re.search(r'password: None', mmdump) is None
minimock.restore()
db.sess.expire(user)
assert user.login_id == 'usersaved'
assert user.reset_required
assert not user.super_user
assert user.pass_hash
assert len(user.groups) == 0
assert user.inactive_date == datetime.datetime(2010, 10,
10), user.inactive_date
assert user.name_first == 'test2'
assert user.name_last == 'user2'
found = 3
for permrow in user.permission_map:
if permrow['permission_name'] == u'users-test2':
assert permrow['resulting_approval']
found -= 1
if permrow['permission_name'] in (u'users-test1', u'auth-manage'):
assert not permrow['resulting_approval']
found -= 1
assert found == 0
# test edit w/ reset required and email notify (no email sent)
topost = {
'login_id': 'usersaved',
'email_address': '*****@*****.**',
'user-submit-flag': 'submitted',
'approved_permissions': dp,
'denied_permissions': ap,
'assigned_groups': None,
'super_user': 1,
'reset_required': 1,
'inactive_flag': False,
'inactive_date': '',
'name_first': '',
'name_last': '',
'email_notify': 1
}
req, r = self.c.post('users/edit/%s' % user.id,
data=topost,
follow_redirects=True)
assert b'User edited successfully' in r.data
assert req.url.endswith('users/manage')
db.sess.expire(user)
assert user.login_id == 'usersaved'
assert user.reset_required
assert not user.super_user
assert user.pass_hash
assert len(user.groups) == 0
# now test a delete
req, r = self.c.get('users/delete/%s' % user.id, follow_redirects=True)
assert r.status_code == 200, r.status
assert b'User deleted' in r.data
assert req.url.endswith('users/manage')