def setUpClass(cls): super(TestUpdateRoles, cls).setUpClass() cls.linked_app.save() cls.role = UserRole( domain=cls.domain, name='test', permissions=Permissions( edit_data=True, edit_reports=True, view_report_list=[ 'corehq.reports.DynamicReportmaster_report_id' ]), is_non_admin_editable=True, ) cls.role.save() cls.other_role = UserRole( domain=cls.domain, name='other_test', permissions=Permissions( edit_web_users=True, view_locations=True, ), assignable_by=[cls.role.get_id], ) cls.other_role.save()
def setUpClass(cls): delete_all_users() cls.client = Client() cls.domain = DOMAIN cls.domain_object = Domain(name=cls.domain, is_active=True) cls.domain_object.save() cls.reports_role = UserRole( domain=cls.domain, name='reports-role', default_landing_page='reports', permissions=Permissions(view_reports=True), ) cls.reports_role.save() cls.webapps_role = UserRole( domain=cls.domain, name='webapps-role', default_landing_page='webapps', permissions=Permissions(edit_data=True), ) cls.webapps_role.save() cls.global_password = '******' # make an app because not having one changes the default dashboard redirect to the apps page app = Application.new_app(domain=cls.domain, name='sympathy') app.save()
def test_OR(self): p1 = Permissions( edit_web_users=True, view_web_users=True, view_roles=True, view_reports=True, view_report_list=['report1'], ) p2 = Permissions( edit_apps=True, view_apps=True, view_reports=True, view_report_list=['report2'], ) self.assertEqual( p1 | p2, Permissions( edit_apps=True, view_apps=True, edit_web_users=True, view_web_users=True, view_roles=True, view_reports=True, view_report_list=['report1', 'report2'], ))
def _create_or_edit_facility_manager_role(domain): facility_manager_role = UserRole.by_domain_and_name(domain, 'Facility manager') reports_list = [ "corehq.apps.reports.standard.sms.MessageLogReport", "custom.ewsghana.reports.specific_reports.dashboard_report.DashboardReport", "custom.ewsghana.reports.specific_reports.stock_status_report.StockStatus", "custom.ewsghana.reports.specific_reports.reporting_rates.ReportingRatesReport", "custom.ewsghana.reports.maps.EWSMapReport" ] if facility_manager_role: permissions = Permissions( edit_web_users=True, edit_commcare_users=True, view_reports=False, view_report_list=reports_list ) facility_manager_role[0].permissions = permissions facility_manager_role[0].save() else: role = UserRole( domain=domain, permissions=Permissions( view_reports=False, edit_web_users=True, edit_commcare_users=True, view_report_list=reports_list ), name='Facility manager' ) role.save()
def _create_or_edit_administrator_role(domain): administrator_role = UserRole.by_domain_and_name(domain, 'Administrator') reports_list = [ "corehq.apps.reports.standard.sms.MessageLogReport", "custom.ewsghana.reports.specific_reports.dashboard_report.DashboardReport", "custom.ewsghana.reports.specific_reports.stock_status_report.StockStatus", "custom.ewsghana.reports.specific_reports.reporting_rates.ReportingRatesReport", "custom.ewsghana.reports.maps.EWSMapReport", "custom.ewsghana.reports.email_reports.CMSRMSReport", "custom.ewsghana.reports.email_reports.StockSummaryReport", "custom.ewsghana.comparison_report.ProductsCompareReport", "custom.ewsghana.comparison_report.LocationsCompareReport", "custom.ewsghana.comparison_report.SupplyPointsCompareReport", "custom.ewsghana.comparison_report.WebUsersCompareReport", "custom.ewsghana.comparison_report.SMSUsersCompareReport" ] if administrator_role: permissions = Permissions(edit_web_users=True, edit_commcare_users=True, edit_locations=True, view_reports=False, view_report_list=reports_list) administrator_role[0].permissions = permissions administrator_role[0].save() else: role = UserRole(domain=domain, permissions=Permissions(view_reports=False, edit_web_users=True, edit_commcare_users=True, edit_locations=True, view_report_list=reports_list), name='Administrator') role.save()
def test_dump_roles(self): from corehq.apps.users.models import UserRole, Permissions, RoleAssignableBy, RolePermission expected_object_counts = Counter({ UserRole: 2, RolePermission: 11, RoleAssignableBy: 1 }) role1 = UserRole.create(self.domain_name, 'role1') role2 = UserRole.create(self.domain_name, 'role1', permissions=Permissions(edit_web_users=True), assignable_by=[role1.id]) self.addCleanup(role1.delete) self.addCleanup(role2.delete) self._dump_and_load(expected_object_counts) role1_loaded = UserRole.objects.get(id=role1.id) role2_loaded = UserRole.objects.get(id=role2.id) self.assertEqual(role1_loaded.permissions.to_list(), Permissions().to_list()) self.assertEqual(role1_loaded.assignable_by, []) self.assertEqual(role2_loaded.permissions.to_list(), Permissions(edit_web_users=True).to_list()) self.assertEqual(role2_loaded.assignable_by, [role1_loaded.get_id])
def test_has_permission_to_view_report_all(self): self.assertFalse( has_permission_to_view_report(self.web_user, self.domain, ODATA_FEED_PERMISSION)) self.permissions = Permissions(view_reports=True) self.assertTrue( has_permission_to_view_report(self.web_user, self.domain, ODATA_FEED_PERMISSION))
def test_parameterized_permission_covers_all(): list_names = set(PARAMETERIZED_PERMISSIONS.values()) list_properties = { name for name, type_ in Permissions.properties().items() if isinstance(type_, ListProperty) } eq(list_names, list_properties) parameterized_perms = set(PARAMETERIZED_PERMISSIONS.keys()) eq(set(), parameterized_perms - set(Permissions.properties()))
def test_deid_permission(self): self.assertFalse(user_can_view_deid_exports(self.domain, self.web_user)) self.permissions = Permissions(view_report_list=[DEID_EXPORT_PERMISSION]) self.assertTrue( self.permissions.has(get_permission_name(Permissions.view_report), data=DEID_EXPORT_PERMISSION)) self.assertTrue( self.web_user.has_permission( self.domain, get_permission_name(Permissions.view_report), data=DEID_EXPORT_PERMISSION) ) self.assertTrue(user_can_view_deid_exports(self.domain, self.web_user))
def create(cls, domain, name, permissions=None, assignable_by=None, **kwargs): from corehq.apps.users.models import Permissions with transaction.atomic(): role = UserRole.objects.create(domain=domain, name=name, **kwargs) if permissions is None: # match couch functionality and set default permissions permissions = Permissions() role.set_permissions(permissions.to_list()) if assignable_by: if not isinstance(assignable_by, list): assignable_by = [assignable_by] role.set_assignable_by(assignable_by) return role
def setUpClass(cls): super(TestUpdateRoles, cls).setUpClass() permissions = Permissions( edit_data=True, edit_reports=True, view_report_list=['corehq.reports.DynamicReportmaster_report_id']) cls.role = UserRole.create(cls.domain, 'test', permissions, is_non_admin_editable=True) cls.other_role = UserRole.create( cls.domain, 'other_test', Permissions(edit_web_users=True, view_locations=True)) cls.other_role.set_assignable_by([cls.role.id])
def setUpClass(cls): super(TestAccessRestrictions, cls).setUpClass() cls.suffolk_user = WebUser.create(cls.domain, 'suffolk-joe', 'password') cls.suffolk_user.set_location(cls.domain, cls.locations['Suffolk'].couch_location) role = UserRole( domain=cls.domain, name='Regional Supervisor', permissions=Permissions(access_all_locations=False, edit_commcare_users=True), ) role.save() cls.suffolk_user.set_role(cls.domain, role.get_qualified_id()) cls.suffolk_user.save() def make_mobile_worker(username, location): worker = CommCareUser.create(cls.domain, username, '123') worker.set_location(cls.locations[location]) UserESFake.save_doc(worker._doc) return worker cls.boston_worker = make_mobile_worker('boston_worker', 'Boston') cls.cambridge_worker = make_mobile_worker('cambridge_worker', 'Cambridge')
def test_report_fixtures_provider_with_cloudcare(self): """ ReportFixturesProvider should iterate only allowed apps if sync is from cloudcare """ from corehq.apps.userreports.reports.data_source import ConfigurableReportDataSource role = UserRole( domain=self.domain, permissions=Permissions( view_web_apps=False, view_web_apps_list=[self.app1._id] ), name='WebApp Restricted' ) role.save() self.user._couch_user.set_role(self.domain, role.get_qualified_id()) with patch.object(ConfigurableReportDataSource, 'get_data') as get_data_mock: get_data_mock.return_value = self.rows with mock_sql_backend(): with mock_datasource_config(): fixtures = call_fixture_generator( report_fixture_generator, self.user, device_id="WebAppsLogin|[email protected]" ) reports = fixtures[0].findall('.//report') self.assertEqual(len(reports), 1) self.assertEqual(reports[0].attrib.get('id'), '123456')
def create_view(can_edit_reports): rolename = 'edit_role' if can_edit_reports else 'view_role' username = '******' if can_edit_reports else 'viewer' toggles.USER_CONFIGURABLE_REPORTS.set(username, True, toggles.NAMESPACE_USER) # user_role should be deleted along with the domain. user_role = UserRole.create(domain=domain.name, name=rolename, permissions=Permissions( edit_commcare_users=True, view_commcare_users=True, edit_groups=True, view_groups=True, edit_locations=True, view_locations=True, access_all_locations=False, edit_data=True, edit_reports=can_edit_reports, view_reports=True)) web_user = WebUser.create(domain.name, username, '***', None, None) web_user.set_role(domain.name, user_role.get_qualified_id()) web_user.current_domain = domain.name web_user.save() self.addCleanup(web_user.delete, domain.name, deleted_by=None) request = HttpRequest() request.can_access_all_locations = True request.user = web_user.get_django_user() request.couch_user = web_user request.session = {} _, view = self._build_report_and_view(request=request) return view
def test_static_role_admin(self): static_admin_role = StaticRole.domain_admin(self.domain) expected = self.expected_role_dict.copy() expected["name"] = "Admin" expected["permissions"] = Permissions.max().to_json() self.assertDictEqual(expected, static_admin_role.to_json()) self.assertEqual(static_admin_role.get_qualified_id(), "admin")
def _master_role(cls): return UserRole(domain='state', permissions=Permissions( view_web_users=True, edit_web_users=False, view_groups=True, edit_groups=False, ))
def restrict_user_to_location(self, user): role = UserRole( domain=self.domain, name='Regional Supervisor', permissions=Permissions(access_all_locations=False), ) role.save() user.set_role(self.domain, role.get_qualified_id())
def setUpTestData(cls): cls.domain = 'my-domain' cls.domain_obj = create_domain(cls.domain) cls.user = cls._create_user(cls.domain) cls.test_role = UserRole.create( cls.domain, 'test role', permissions=Permissions(edit_web_users=True))
def _change_std_roles(self): for u in self.user_roles: user_role = UserRole.get(u.get_id) user_role.permissions = Permissions(view_reports=True, edit_commcare_users=True, edit_apps=True, edit_data=True) user_role.save()
def make_role(self, name): role = UserRole( domain=self.domain, name=name, permissions=Permissions(), ) role.save() self.addCleanup(role.delete)
def setUpClass(cls): cls.domain = 'export-permissions-test' cls.web_user = WebUser(username='******', domains=[cls.domain]) cls.web_user.domain_memberships = [ DomainMembership(domain=cls.domain, role_id='MYROLE') ] cls.permissions = Permissions()
def setUpClass(cls): super().setUpClass() delete_all_users() cls.domain_name = 'mydomain' cls.domain = Domain.get_or_create_with_name(name=cls.domain_name) permissions = Permissions(edit_apps=True, view_reports=True) cls.role = UserRole.get_or_create_with_permissions( cls.domain.name, permissions, 'edit-apps')
def setUpClass(cls): super(AllCommCareUsersTest, cls).setUpClass() delete_all_users() hard_delete_deleted_users() cls.ccdomain = Domain(name='cc_user_domain') cls.ccdomain.save() cls.other_domain = Domain(name='other_domain') cls.other_domain.save() UserRole.init_domain_with_presets(cls.ccdomain.name) cls.user_roles = UserRole.by_domain(cls.ccdomain.name) cls.custom_role = UserRole.get_or_create_with_permissions( cls.ccdomain.name, Permissions( edit_apps=True, edit_web_users=True, view_web_users=True, view_roles=True, ), "Custom Role") cls.custom_role.save() cls.ccuser_1 = CommCareUser.create( domain=cls.ccdomain.name, username='******', password='******', email='*****@*****.**', ) cls.ccuser_2 = CommCareUser.create( domain=cls.ccdomain.name, username='******', password='******', email='*****@*****.**', ) cls.ccuser_2.set_role(cls.ccdomain.name, cls.custom_role.get_qualified_id()) cls.ccuser_2.save() cls.web_user = WebUser.create( domain=cls.ccdomain.name, username='******', password='******', email='*****@*****.**', ) cls.ccuser_other_domain = CommCareUser.create( domain=cls.other_domain.name, username='******', password='******', email='*****@*****.**', ) cls.retired_user = CommCareUser.create( domain=cls.ccdomain.name, username='******', password='******', email='*****@*****.**', ) cls.retired_user.retire()
def restrict_user_to_location(cls, user): role = UserRole( domain=cls.domain, name='Regional Supervisor', permissions=Permissions(edit_commcare_users=True, access_all_locations=False), ) role.save() user.set_role(cls.domain, role.get_qualified_id()) user.save()
def _master_role(cls): return UserRole( domain='state', permissions=Permissions( view_web_users=True, edit_web_users=False, view_groups=True, edit_groups=False, edit_apps=True, # needed for InternalFixtureResource ))
def test_set_permissions_clear_prefetch_cache(self): role = UserRole.create(domain=self.domain, name="test-role", permissions=Permissions()) self.assertEqual(set(role.get_permission_infos()), set(Permissions().to_list())) role_with_prefetch = UserRole.objects.prefetch_related( "rolepermission_set").get(id=role.id) new_permissions = {PermissionInfo(Permissions.access_api.name)} role_with_prefetch.set_permissions(new_permissions) self.assertEqual(set(role_with_prefetch.get_permission_infos()), new_permissions) role_with_prefetch = UserRole.objects.prefetch_related( "rolepermission_set").get(id=role.id) role_with_prefetch.set_permissions([]) self.assertEqual(list(role_with_prefetch.get_permission_infos()), [])
def _mock_user(domain, permission_name, permission_allow): membership = DomainMembership(domain=domain) permissions = [] if permission_allow is not None: permissions = [PermissionInfo(permission_name, permission_allow)] mock_role = Mock(permissions=Permissions.from_permission_list(permissions)) # prime membership.role memoize cache (avoids DB lookup) setattr(membership, '_role_cache', {(): mock_role}) return WebUser(domain_memberships=[membership])
class ExportPermissionsTest(SimpleTestCase): @classmethod def setUpClass(cls): super(ExportPermissionsTest, cls).setUpClass() cls.domain = 'export-permissions-test' cls.web_user = WebUser(username='******', domains=[cls.domain]) cls.web_user.domain_memberships = [ DomainMembership(domain=cls.domain, role_id='MYROLE') ] cls.permissions = Permissions() def setUp(self): super(ExportPermissionsTest, self).setUp() test_self = self def get_role(self): return UserRole(domain=test_self.domain, permissions=test_self.permissions) patches = [ mock.patch.object(DomainMembership, 'role', property(get_role)), mock.patch.object( Memoized, '__call__', lambda self, *args, **kwargs: self.func(*args, **kwargs)) ] for patch in patches: patch.start() self.addCleanup(patch.stop) def tearDown(self): self.permissions = Permissions() super(ExportPermissionsTest, self).tearDown() def test_deid_permission(self): self.assertFalse(user_can_view_deid_exports(self.domain, self.web_user)) self.permissions = Permissions( view_report_list=[DEID_EXPORT_PERMISSION]) self.assertTrue( self.permissions.has(get_permission_name(Permissions.view_report), data=DEID_EXPORT_PERMISSION)) self.assertTrue( self.web_user.has_permission(self.domain, get_permission_name( Permissions.view_report), data=DEID_EXPORT_PERMISSION)) self.assertTrue(user_can_view_deid_exports(self.domain, self.web_user)) def test_view_reports(self): self.assertFalse(self.web_user.can_view_reports(self.domain)) self.permissions = Permissions(view_reports=True) self.assertTrue(self.web_user.can_view_reports(self.domain))
def __init__(self, domain, couch_user): self.domain = domain self.couch_user = couch_user role = couch_user.get_role(domain, allow_enterprise=True) self._permissions = role.permissions if role else Permissions() self.manageable_slugs = set( self._permissions.manage_data_registry_list) self.can_manage_all = self._permissions.manage_data_registry self.can_manage_some = self.can_manage_all or bool( self.manageable_slugs)
def setUpClass(cls): super(PermissionsHelpersTest, cls).setUpClass() cls.domain = 'export-permissions-test' cls.admin_domain = 'export-permissions-test-admin' cls.web_user = WebUser(username='******', domains=[cls.domain, cls.admin_domain]) cls.web_user.domain_memberships = [ DomainMembership(domain=cls.domain, role_id='MYROLE'), DomainMembership(domain=cls.admin_domain, is_admin=True) ] cls.permissions = Permissions()
class ExportPermissionsTest(SimpleTestCase): @classmethod def setUpClass(cls): super(ExportPermissionsTest, cls).setUpClass() cls.domain = 'export-permissions-test' cls.web_user = WebUser(username='******', domains=[cls.domain]) cls.web_user.domain_memberships = [DomainMembership(domain=cls.domain, role_id='MYROLE')] cls.permissions = Permissions() def setUp(self): super(ExportPermissionsTest, self).setUp() test_self = self def get_role(self): return UserRole( domain=test_self.domain, permissions=test_self.permissions ) patches = [ mock.patch.object(DomainMembership, 'role', property(get_role)), mock.patch.object(Memoized, '__call__', lambda self, *args, **kwargs: self.func(*args, **kwargs)) ] for patch in patches: patch.start() self.addCleanup(patch.stop) def tearDown(self): self.permissions = Permissions() super(ExportPermissionsTest, self).tearDown() def test_deid_permission(self): self.assertFalse(user_can_view_deid_exports(self.domain, self.web_user)) self.permissions = Permissions(view_report_list=[DEID_EXPORT_PERMISSION]) self.assertTrue( self.permissions.has(get_permission_name(Permissions.view_report), data=DEID_EXPORT_PERMISSION)) self.assertTrue( self.web_user.has_permission( self.domain, get_permission_name(Permissions.view_report), data=DEID_EXPORT_PERMISSION) ) self.assertTrue(user_can_view_deid_exports(self.domain, self.web_user)) def test_view_reports(self): self.assertFalse(self.web_user.can_view_reports(self.domain)) self.permissions = Permissions(view_reports=True) self.assertTrue(self.web_user.can_view_reports(self.domain))
def tearDown(self): self.permissions = Permissions()
def tearDown(self): self.permissions = Permissions() super(ExportPermissionsTest, self).tearDown()
def test_view_reports(self): self.assertFalse(self.web_user.can_view_reports(self.domain)) self.permissions = Permissions(view_reports=True) self.assertTrue(self.web_user.can_view_reports(self.domain))