def test_list_agencies_limits(monkeypatch, user_constants, domain_app):
"""List agencies should limit to only the user's agencies"""
sess = GlobalDB.db().session
user = UserFactory()
cgac = CGACFactory()
frec_cgac = CGACFactory()
frec = FRECFactory(cgac=frec_cgac)
sub_tiers = [
SubTierAgencyFactory(sub_tier_agency_code='0',
cgac=cgac,
frec=None,
is_frec=False,
sub_tier_agency_name="Test Subtier Agency 0"),
SubTierAgencyFactory(sub_tier_agency_code='1',
cgac=frec_cgac,
frec=frec,
is_frec=True,
sub_tier_agency_name="Test Subtier Agency 1")
]
user.affiliations = [
UserAffiliation(cgac=cgac, frec=None, permission_type_id=2),
UserAffiliation(cgac=None, frec=frec, permission_type_id=2)
]
sess.add_all([cgac] + [frec_cgac] + [frec] + sub_tiers + [user])
sess.commit()
monkeypatch.setattr(domainRoutes, 'g', Mock(user=user))
result = domain_app.get('/v1/list_agencies/').data.decode('UTF-8')
res = json.loads(result)
assert len(res['cgac_agency_list']) == 1
assert len(res['frec_agency_list']) == 1
assert res['cgac_agency_list'][0]['agency_name'] == cgac.agency_name
assert res['cgac_agency_list'][0]['cgac_code'] == cgac.cgac_code
assert res['frec_agency_list'][0]['agency_name'] == frec.agency_name
assert res['frec_agency_list'][0]['frec_code'] == frec.frec_code
def test_create_session_and_response(database, monkeypatch):
cgacs = [
CGACFactory(cgac_code=str(i) * 3, agency_name=str(i)) for i in range(3)
]
user = UserFactory(
name="my name",
title="my title",
affiliations=[
UserAffiliation(cgac=cgacs[1],
permission_type_id=PERMISSION_TYPE_DICT['reader']),
UserAffiliation(cgac=cgacs[2],
permission_type_id=PERMISSION_TYPE_DICT['writer']),
])
database.session.add_all(cgacs + [user])
database.session.commit()
monkeypatch.setattr(account_handler, 'LoginSession', Mock())
mock_session = {'sid': 'test sid'}
result = account_handler.AccountHandler.create_session_and_response(
mock_session, user)
result = json.loads(result.data.decode('utf-8'))
assert result['message'] == 'Login successful'
assert result['user_id'] == user.user_id
assert result['name'] == 'my name'
assert result['title'] == 'my title'
assert result['session_id'] == 'test sid'
assert dict(agency_name='1', permission='reader') in result['affiliations']
assert dict(agency_name='2', permission='writer') in result['affiliations']
def test_list_agencies_limits(domain_app, database):
""" List agencies should limit to only the user's agencies and should not duplicate the same agency even if there
are multiple instances of the same agency in the user permissions.
"""
user = UserFactory()
cgac = CGACFactory()
frec_cgac = CGACFactory()
frec = FRECFactory(cgac=frec_cgac)
sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code='0', cgac=cgac, frec=None, is_frec=False,
sub_tier_agency_name="Test Subtier Agency 0"),
SubTierAgencyFactory(sub_tier_agency_code='1', cgac=frec_cgac, frec=frec, is_frec=True,
sub_tier_agency_name="Test Subtier Agency 1")]
user.affiliations = [UserAffiliation(cgac=cgac, frec=None, permission_type_id=PERMISSION_SHORT_DICT['w']),
UserAffiliation(cgac=cgac, frec=None, permission_type_id=PERMISSION_SHORT_DICT['f']),
UserAffiliation(cgac=None, frec=frec, permission_type_id=PERMISSION_SHORT_DICT['w']),
UserAffiliation(cgac=None, frec=frec, permission_type_id=PERMISSION_SHORT_DICT['f'])]
database.session.add_all([cgac] + [frec_cgac] + [frec] + sub_tiers + [user])
database.session.commit()
g.user = user
result = domain_app.get('/v1/list_agencies/').data.decode('UTF-8')
res = json.loads(result)
assert len(res['cgac_agency_list']) == 1
assert len(res['frec_agency_list']) == 1
assert res['cgac_agency_list'][0]['agency_name'] == cgac.agency_name
assert res['cgac_agency_list'][0]['cgac_code'] == cgac.cgac_code
assert res['frec_agency_list'][0]['agency_name'] == frec.agency_name
assert res['frec_agency_list'][0]['frec_code'] == frec.frec_code
def perms_to_affiliations(perms, user_id):
"""Convert a list of perms from MAX to a list of UserAffiliations. Filter out and log any malformed perms"""
available_cgacs = {
cgac.cgac_code: cgac
for cgac in GlobalDB.db().session.query(CGAC)
}
available_frecs = {
frec.frec_code: frec
for frec in GlobalDB.db().session.query(FREC)
}
log_data = {'message_type': 'BrokerWarning', 'user_id': user_id}
for perm in perms:
log_data[
'message'] = 'User with ID {} has malformed permission: {}'.format(
user_id, perm)
components = perm.split('-PERM_')
if len(components) != 2:
logger.warning(log_data)
continue
codes, perm_level = components
split_codes = codes.split('-FREC_')
frec_code, cgac_code = None, None
if len(split_codes) == 2:
# permissions for FR entity code and readonly CGAC
frec_code, cgac_code = split_codes[1], split_codes[0]
if frec_code not in available_frecs or cgac_code not in available_cgacs:
logger.warning(log_data)
continue
else:
# permissions for CGAC
cgac_code = codes
if cgac_code not in available_cgacs:
logger.warning(log_data)
continue
perm_level = perm_level.lower()
if perm_level not in 'rwsf':
logger.warning(log_data)
continue
if frec_code:
yield UserAffiliation(
cgac=available_cgacs[cgac_code],
frec=None,
permission_type_id=PERMISSION_SHORT_DICT['r'])
yield UserAffiliation(
cgac=None,
frec=available_frecs[frec_code],
permission_type_id=PERMISSION_SHORT_DICT[perm_level])
else:
yield UserAffiliation(
cgac=available_cgacs[cgac_code] if cgac_code else None,
frec=None,
permission_type_id=PERMISSION_SHORT_DICT[perm_level])
def test_permissions_filter_agency_user(database, monkeypatch):
sess = database.session
# Setup agencies
db_objects = []
cgac1 = CGACFactory(cgac_code='089', agency_name='CGAC')
cgac2 = CGACFactory(cgac_code='011',
agency_name='CGAC Associated with FREC')
cgac3 = CGACFactory(cgac_code='091',
agency_name='Other CGAC Associated with FREC')
frec1 = FRECFactory(cgac=cgac2, frec_code='1125', agency_name='FREC 1')
frec2 = FRECFactory(cgac=cgac3, frec_code='0923', agency_name='FREC 2')
db_objects.extend([cgac1, cgac2, cgac3, frec1, frec2])
# Setup submissions
sub1 = SubmissionFactory(cgac_code=cgac1.cgac_code, frec_code=None)
sub2 = SubmissionFactory(cgac_code=cgac2.cgac_code,
frec_code=frec1.frec_code)
sub3 = SubmissionFactory(cgac_code=cgac3.cgac_code, frec_code=None)
sub4 = SubmissionFactory(cgac_code=cgac3.cgac_code,
frec_code=frec2.frec_code)
db_objects.extend([sub1, sub2, sub3, sub4])
# Setup agency user
agency_user = UserFactory(
name='Agency User',
affiliations=[
UserAffiliation(user_affiliation_id=1,
cgac=cgac1,
permission_type_id=PERMISSION_TYPE_DICT['reader']),
UserAffiliation(user_affiliation_id=2,
cgac=cgac2,
frec=frec1,
permission_type_id=PERMISSION_TYPE_DICT['writer']),
])
db_objects.append(agency_user)
monkeypatch.setattr(filters_helper, 'g', Mock(user=agency_user))
sess.add_all(db_objects)
sess.commit()
base_query = sess.query(Submission)
# submissions should be filtered based on user access
query = filters_helper.permissions_filter(base_query)
expected_results = [sub1, sub2]
results = set(query.all())
assert results == set(expected_results)
def test_list_submission_users_cgac_frec_affil(database):
""" Test listing users based on both cgac and frec affiliations """
cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')]
frecs = [FRECFactory(frec_code='0000', cgac=cgacs[0]), FRECFactory(frec_code='1111', cgac=cgacs[1])]
first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1', email='*****@*****.**')
other_user = UserFactory.with_cgacs(cgacs[1], name='Test User', email='*****@*****.**')
third_user = UserFactory.with_cgacs(cgacs[1], name='Frec User', email='*****@*****.**')
third_user.affiliations =\
third_user.affiliations + [UserAffiliation(frec=frecs[0], user_id=third_user.user_id,
permission_type_id=PERMISSION_TYPE_DICT['reader'])]
database.session.add_all(cgacs + frecs + [first_user, other_user])
database.session.commit()
# Third user now has cgac 111 and frec 0000
sub_1 = SubmissionFactory(frec_code=frecs[0].frec_code, user_id=first_user.user_id, is_fabs=False)
sub_2 = SubmissionFactory(cgac_code=cgacs[1].cgac_code, user_id=other_user.user_id, is_fabs=False)
sub_3 = SubmissionFactory(frec_code=frecs[1].frec_code, user_id=other_user.user_id, is_fabs=False)
database.session.add_all([sub_1, sub_2, sub_3])
database.session.commit()
g.user = third_user
response = list_submission_users(False)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# List both other users because one has a frec agency and one has a cgac
assert len(user_response) == 2
assert {user_response[0]['user_id'], user_response[1]['user_id']} == {first_user.user_id, other_user.user_id}
assert {user_response[0]['name'], user_response[1]['name']} == {first_user.name, other_user.name}
assert {user_response[0]['email'], user_response[1]['email']} == {first_user.email, other_user.email}
def test_active_user_can_dabs_cgac_writer(database, monkeypatch,
user_constants):
user_cgac, other_cgac = [CGACFactory() for _ in range(2)]
user_writer = UserFactory(affiliations=[
UserAffiliation(cgac=user_cgac,
permission_type_id=PERMISSION_TYPE_DICT['writer'])
])
database.session.add_all([user_cgac, other_cgac, user_writer])
database.session.commit()
monkeypatch.setattr(permissions, 'g', Mock(user=user_writer))
# has permission level, but wrong agency
assert not permissions.active_user_can('reader',
cgac_code=other_cgac.cgac_code)
assert not permissions.active_user_can('writer',
cgac_code=other_cgac.cgac_code)
# has agency, but not permission level
assert not permissions.active_user_can('submitter',
cgac_code=user_cgac.cgac_code)
assert not permissions.active_user_can('editfabs',
cgac_code=user_cgac.cgac_code)
assert not permissions.active_user_can('fabs',
cgac_code=user_cgac.cgac_code)
# right agency, right permission
assert permissions.active_user_can('reader', cgac_code=user_cgac.cgac_code)
assert permissions.active_user_can('writer', cgac_code=user_cgac.cgac_code)
# wrong permission level, wrong agency, but superuser
user_writer.website_admin = True
assert permissions.active_user_can('submitter',
cgac_code=other_cgac.cgac_code)
def test_list_submission_users_frec_affil(database):
""" Test listing users based on frec affiliations """
cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')]
frecs = [FRECFactory(frec_code='0000', cgac=cgacs[0]), FRECFactory(frec_code='1111', cgac=cgacs[1])]
first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1', email='*****@*****.**')
other_user = UserFactory.with_cgacs(cgacs[1], name='Test User', email='*****@*****.**')
third_user = UserFactory(name='Frec User', email='*****@*****.**')
third_user.affiliations = [UserAffiliation(frec=frecs[0], user_id=third_user.user_id,
permission_type_id=PERMISSION_TYPE_DICT['reader'])]
database.session.add_all(cgacs + frecs + [first_user, other_user])
database.session.commit()
sub_1 = SubmissionFactory(frec_code=frecs[0].frec_code, user_id=first_user.user_id, is_fabs=False)
sub_2 = SubmissionFactory(cgac_code=cgacs[1].cgac_code, user_id=other_user.user_id, is_fabs=False)
sub_3 = SubmissionFactory(frec_code=frecs[1].frec_code, user_id=other_user.user_id, is_fabs=False)
database.session.add_all([sub_1, sub_2, sub_3])
database.session.commit()
g.user = third_user
response = list_submission_users(False)
user_response = json.loads(response.data.decode('UTF-8'))['users']
# List the first user because they have a submission with that frec
assert len(user_response) == 1
assert user_response[0]['user_id'] == first_user.user_id
assert user_response[0]['name'] == first_user.name
assert user_response[0]['email'] == first_user.email
def test_get_accessible_agencies(database):
""" Test listing all the agencies (CGAC and FREC) that are accessible based on permissions given """
# The first cgac/frec don't have sub tiers associated, they should still show up when affiliations are present
cgacs = [CGACFactory(cgac_code=str(i), agency_name="Test Agency " + str(i)) for i in range(3)]
frec_cgac = CGACFactory()
frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)]
cgac_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(i), cgac=cgacs[i], frec=None, is_frec=False,
sub_tier_agency_name="Test Subtier Agency C" + str(i)) for i in range(1, 3)]
frec_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(3 + i), cgac=frec_cgac, frec=frecs[i], is_frec=True,
sub_tier_agency_name="Test Subtier Agency F" + str(i)) for i in range(1, 3)]
database.session.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers + frec_sub_tiers)
database.session.commit()
user = UserFactory(affiliations=[
UserAffiliation(user_affiliation_id=1, cgac=cgacs[0], frec=None,
permission_type_id=PERMISSION_TYPE_DICT['writer']),
UserAffiliation(user_affiliation_id=2, cgac=None, frec=frecs[1],
permission_type_id=PERMISSION_TYPE_DICT['reader']),
UserAffiliation(user_affiliation_id=3, cgac=None, frec=frecs[2],
permission_type_id=PERMISSION_TYPE_DICT['reader'])
])
database.session.add(user)
database.session.commit()
g.user = user
# Test one CGAC and 2 FRECs, have to decode it because we send it back as a response already
results = get_accessible_agencies()
frec_code_result = {el["frec_code"] for el in results["frec_agency_list"]}
frec_name_result = {el["agency_name"] for el in results["frec_agency_list"]}
assert len(results["cgac_agency_list"]) == 1
assert len(results["frec_agency_list"]) == 2
assert results["cgac_agency_list"][0]["agency_name"] == cgacs[0].agency_name
assert results["cgac_agency_list"][0]["cgac_code"] == cgacs[0].cgac_code
assert frec_name_result == {frecs[1].agency_name, frecs[2].agency_name}
assert frec_code_result == {frecs[1].frec_code, frecs[2].frec_code}
# Test when user is website admin, should return everything, but only 2 frecs because only 2 of the 3 have the
# frec flag
user.affiliations = []
user.website_admin = True
results = get_accessible_agencies()
assert len(results["cgac_agency_list"]) == 3
assert len(results["frec_agency_list"]) == 2
def test_list_sub_tier_agencies_admin(domain_app, database):
""" List all sub tiers that a user has FABS permissions for """
user = UserFactory(website_admin=True)
cgacs = [CGACFactory(cgac_code=str(i)) for i in range(3)]
frec_cgac = CGACFactory()
frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)]
cgac_sub_tiers = [
SubTierAgencyFactory(sub_tier_agency_code=str(i),
cgac=cgacs[i],
frec=None,
is_frec=False,
sub_tier_agency_name="Test Subtier Agency " +
str(i)) for i in range(3)
]
frec_sub_tiers = [
SubTierAgencyFactory(sub_tier_agency_code=str(3 + i),
cgac=frec_cgac,
frec=frecs[i],
is_frec=True,
sub_tier_agency_name="Test Subtier Agency " +
str(3 + i)) for i in range(3)
]
user.affiliations = [
UserAffiliation(cgac=cgacs[0],
frec=None,
permission_type_id=PERMISSION_SHORT_DICT['f']),
UserAffiliation(cgac=None,
frec=frecs[2],
permission_type_id=PERMISSION_SHORT_DICT['f'])
]
database.session.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers +
frec_sub_tiers + [user])
database.session.commit()
g.user = user
result = domain_app.get('/v1/list_sub_tier_agencies/').data.decode('UTF-8')
response = json.loads(result)
result = {el['agency_code'] for el in response['sub_tier_agency_list']}
assert len(response["sub_tier_agency_list"]
) == 6 # All of them, ignores affiliations
assert result == {'0', '1', '2', '3', '4',
'5'} # All of them, ignores affiliations
def add_user(email, name, username, website_admin=False):
user = UserFactory(
email=email, website_admin=website_admin,
name=name, username=username,
affiliations=[UserAffiliation(
cgac=cgac,
permission_type_id=PERMISSION_TYPE_DICT['writer']
)]
)
user.salt, user.password_hash = get_password_hash(user_password, Bcrypt())
sess.add(user)
def test_user_affiliation_fks(database, user_constants):
sess = database.session
users = [UserFactory() for _ in range(3)]
cgacs = [CGACFactory() for _ in range(6)]
permission = PERMISSION_TYPE_DICT['reader']
for idx, user in enumerate(users):
user.affiliations = [
UserAffiliation(cgac=cgacs[idx * 2],
permission_type_id=permission),
UserAffiliation(cgac=cgacs[idx * 2 + 1],
permission_type_id=permission),
]
sess.add_all(users)
sess.commit()
assert sess.query(UserAffiliation).count() == 6
# Deleting a user also deletes the affiliations
sess.delete(users[0])
sess.commit()
assert sess.query(UserAffiliation).count() == 4
# Deleting a CGAC also deletes the affiliations
sess.delete(cgacs[2])
sess.commit()
assert sess.query(UserAffiliation).count() == 3
assert len(users[1].affiliations) == 1
assert users[1].affiliations[0].cgac == cgacs[3]
# Deleting an affiliation doesn't delete the user or CGAC
assert sess.query(User).count() == 2
assert sess.query(CGAC).count() == 5
assert sess.query(UserAffiliation).count() == 3
sess.delete(users[2].affiliations[0])
sess.commit()
assert sess.query(User).count() == 2
assert sess.query(CGAC).count() == 5
assert sess.query(UserAffiliation).count() == 2
def setUpClass(cls):
"""Set up class-wide resources like users."""
super(DomainTests, cls).setUpClass()
with create_app().app_context():
sess = GlobalDB.db().session
user = User()
r_cgac = CGACFactory()
w_cgac = CGACFactory()
s_frec_cgac = CGACFactory()
s_frec = FRECFactory(cgac=s_frec_cgac)
e_frec_cgac = CGACFactory()
e_frec = FRECFactory(cgac=e_frec_cgac)
f_cgac = CGACFactory()
user.affiliations = [
UserAffiliation(cgac=r_cgac,
frec=None,
permission_type_id=PERMISSION_SHORT_DICT['r']),
UserAffiliation(cgac=w_cgac,
frec=None,
permission_type_id=PERMISSION_SHORT_DICT['w']),
UserAffiliation(cgac=None,
frec=s_frec,
permission_type_id=PERMISSION_SHORT_DICT['s']),
UserAffiliation(cgac=None,
frec=e_frec,
permission_type_id=PERMISSION_SHORT_DICT['e']),
UserAffiliation(cgac=f_cgac,
frec=None,
permission_type_id=PERMISSION_SHORT_DICT['f'])
]
sess.add_all([
r_cgac, w_cgac, s_frec_cgac, s_frec, e_frec_cgac, e_frec,
f_cgac
])
sess.commit()
def test_list_agencies_all(domain_app, database):
""" All agencies should be visible to website admins """
user = UserFactory()
cgacs = [CGACFactory(cgac_code=str(i)) for i in range(3)]
frec_cgac = CGACFactory()
frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)]
cgac_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(i), cgac=cgacs[i], frec=None, is_frec=False,
sub_tier_agency_name="Test Subtier Agency "+str(i)) for i in range(3)]
frec_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(3+i), cgac=frec_cgac, frec=frecs[i], is_frec=True,
sub_tier_agency_name="Test Subtier Agency "+str(3+i)) for i in range(3)]
user.affiliations = [UserAffiliation(cgac=cgacs[0], frec=frecs[0], permission_type_id=PERMISSION_SHORT_DICT['w'])]
database.session.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers + frec_sub_tiers + [user])
database.session.commit()
g.user = user
result = domain_app.get('/v1/list_all_agencies/').data.decode('UTF-8')
response = json.loads(result)
result = {el['cgac_code'] for el in response['agency_list']}
assert result == {'0', '1', '2'} # i.e. all of them
result = {el['frec_code'] for el in response['shared_agency_list']}
assert result == {'0', '1', '2'} # i.e. all of them
def test_list_agencies_all(monkeypatch, user_constants, domain_app):
"""All agencies should be visible to website admins"""
sess = GlobalDB.db().session
user = UserFactory()
cgacs = [CGACFactory(cgac_code=str(i)) for i in range(3)]
frec_cgac = CGACFactory()
frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)]
cgac_sub_tiers = [
SubTierAgencyFactory(sub_tier_agency_code=str(i),
cgac=cgacs[i],
frec=None,
is_frec=False,
sub_tier_agency_name="Test Subtier Agency " +
str(i)) for i in range(3)
]
frec_sub_tiers = [
SubTierAgencyFactory(sub_tier_agency_code=str(3 + i),
cgac=frec_cgac,
frec=frecs[i],
is_frec=True,
sub_tier_agency_name="Test Subtier Agency " +
str(3 + i)) for i in range(3)
]
user.affiliations = [
UserAffiliation(cgac=cgacs[0], frec=frecs[0], permission_type_id=2)
]
sess.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers +
frec_sub_tiers + [user])
sess.commit()
monkeypatch.setattr(domainRoutes, 'g', Mock(user=user))
result = domain_app.get('/v1/list_all_agencies/').data.decode('UTF-8')
response = json.loads(result)
result = {el['cgac_code'] for el in response['agency_list']}
assert result == {'0', '1', '2'} # i.e. all of them
result = {el['frec_code'] for el in response['shared_agency_list']}
assert result == {'0', '1', '2'} # i.e. all of them
def test_current_user_can(database, monkeypatch, user_constants):
# Test CGAC DABS permissions
user_cgac, other_cgac = [CGACFactory() for _ in range(2)]
user_one = UserFactory(affiliations=[
UserAffiliation(cgac=user_cgac,
permission_type_id=PERMISSION_TYPE_DICT['writer'])
])
database.session.add_all([user_cgac, other_cgac, user_one])
database.session.commit()
monkeypatch.setattr(permissions, 'g', Mock(user=user_one))
# has permission level, but wrong agency
assert not permissions.current_user_can('reader', other_cgac.cgac_code,
None)
# has agency, but not permission level
assert not permissions.current_user_can('submitter', user_cgac.cgac_code,
None)
# right agency, right permission
assert permissions.current_user_can('writer', user_cgac.cgac_code, None)
assert permissions.current_user_can('reader', user_cgac.cgac_code, None)
# wrong permission level, wrong agency, but superuser
user_one.website_admin = True
assert permissions.current_user_can('submitter', other_cgac.cgac_code,
None)
# Test FREC DABS permissions
user_frec, other_frec = [FRECFactory(cgac=user_cgac) for _ in range(2)]
user_two = UserFactory(affiliations=[
UserAffiliation(frec=user_frec,
permission_type_id=PERMISSION_TYPE_DICT['writer'])
])
database.session.add_all([user_frec, other_frec, user_two])
database.session.commit()
monkeypatch.setattr(permissions, 'g', Mock(user=user_two))
# has permission level, but wrong agency
assert not permissions.current_user_can('reader', None,
other_frec.frec_code)
# has agency, but not permission level
assert not permissions.current_user_can('submitter', None,
user_frec.frec_code)
# right agency, right permission
assert permissions.current_user_can('writer', None, user_frec.frec_code)
assert permissions.current_user_can('reader', None, user_frec.frec_code)
# wrong permission level, wrong agency, but superuser
user_two.website_admin = True
assert permissions.current_user_can('submitter', None,
other_frec.frec_code)
# Test FABS permissions
user_three = UserFactory(affiliations=[
UserAffiliation(cgac=user_cgac,
permission_type_id=PERMISSION_SHORT_DICT['f'])
])
database.session.add(user_three)
database.session.commit()
monkeypatch.setattr(permissions, 'g', Mock(user=user_three))
# has permission level, but wrong agency
assert not permissions.current_user_can('fabs', other_cgac.cgac_code, None)
# has agency, but not permission level
assert not permissions.current_user_can('submitter', user_cgac.cgac_code,
None)
# right agency, right permission
assert permissions.current_user_can('fabs', user_cgac.cgac_code, None)
# wrong permission level, wrong agency, but superuser
user_three.website_admin = True
assert permissions.current_user_can('submitter', other_cgac.cgac_code,
None)
def perms_to_affiliations(perms, user_id, service_account_flag=False):
""" Convert a list of perms from MAX to a list of UserAffiliations. Filter out and log any malformed perms
Args:
perms: list of permissions (as strings) for the user
user_id: the ID of the user
service_account_flag: flag to indicate a service account
Yields:
UserAffiliations based on the permissions provided
"""
available_cgacs = {
cgac.cgac_code: cgac
for cgac in GlobalDB.db().session.query(CGAC)
}
available_frecs = {
frec.frec_code: frec
for frec in GlobalDB.db().session.query(FREC)
}
log_data = {'message_type': 'BrokerWarning', 'user_id': user_id}
for perm in perms:
log_data[
'message'] = 'User with ID {} has malformed permission: {}'.format(
user_id, perm)
components = perm.split('-PERM_')
if len(components) != 2:
logger.warning(log_data)
continue
codes, perm_level = components
split_codes = codes.split('-FREC_')
frec_code, cgac_code = None, None
if len(split_codes) == 2:
# permissions for FR entity code and readonly CGAC
frec_code, cgac_code = split_codes[1], split_codes[0]
if frec_code not in available_frecs or cgac_code not in available_cgacs:
logger.warning(log_data)
continue
else:
# permissions for CGAC
cgac_code = codes
if cgac_code not in available_cgacs:
logger.warning(log_data)
continue
perm_level = perm_level.lower()
if service_account_flag:
# Replace MAX Service Account permissions with Broker "write" and "editfabs" permissions
perm_level = 'we'
elif perm_level not in 'rwsef':
logger.warning(log_data)
continue
for permission in perm_level:
if frec_code:
yield UserAffiliation(
cgac=available_cgacs[cgac_code],
frec=None,
permission_type_id=PERMISSION_SHORT_DICT['r'])
yield UserAffiliation(
cgac=None,
frec=available_frecs[frec_code],
permission_type_id=PERMISSION_SHORT_DICT[permission])
else:
yield UserAffiliation(
cgac=available_cgacs[cgac_code] if cgac_code else None,
frec=None,
permission_type_id=PERMISSION_SHORT_DICT[permission])
def test_list_agencies_perm_params(domain_app, database):
""" Users should be able to filter their affiliations based on the arguments provided """
user = UserFactory()
r_cgac = CGACFactory()
w_cgac = CGACFactory()
s_frec_cgac = CGACFactory()
s_frec = FRECFactory(cgac=s_frec_cgac)
e_frec_cgac = CGACFactory()
e_frec = FRECFactory(cgac=e_frec_cgac)
f_cgac = CGACFactory()
user.affiliations = [
UserAffiliation(cgac=r_cgac,
frec=None,
permission_type_id=PERMISSION_SHORT_DICT['r']),
UserAffiliation(cgac=w_cgac,
frec=None,
permission_type_id=PERMISSION_SHORT_DICT['w']),
UserAffiliation(cgac=None,
frec=s_frec,
permission_type_id=PERMISSION_SHORT_DICT['s']),
UserAffiliation(cgac=None,
frec=e_frec,
permission_type_id=PERMISSION_SHORT_DICT['e']),
UserAffiliation(cgac=f_cgac,
frec=None,
permission_type_id=PERMISSION_SHORT_DICT['f'])
]
database.session.add_all(
[r_cgac, w_cgac, s_frec_cgac, s_frec, e_frec_cgac, e_frec, f_cgac])
database.session.commit()
g.user = user
def call_list_agencies(perm_level='reader', perm_type='mixed'):
result = domain_app.get('/v1/list_agencies/?perm_level={}&perm_type={}'.format(perm_level, perm_type))\
.data.decode('UTF-8')
resp = json.loads(result)
cgac_codes = [
agency['cgac_code'] for agency in resp['cgac_agency_list']
]
frec_codes = [
agency['frec_code'] for agency in resp['frec_agency_list']
]
return cgac_codes, frec_codes
default_cgacs, default_frecs = call_list_agencies()
assert {r_cgac.cgac_code, w_cgac.cgac_code,
f_cgac.cgac_code} == set(default_cgacs)
assert {s_frec.frec_code, e_frec.frec_code} == set(default_frecs)
writer_cgacs, writer_frecs = call_list_agencies(perm_level='writer')
assert {w_cgac.cgac_code, f_cgac.cgac_code} == set(writer_cgacs)
assert {s_frec.frec_code, e_frec.frec_code} == set(writer_frecs)
submitter_cgacs, submitter_frecs = call_list_agencies(
perm_level='submitter')
assert {f_cgac.cgac_code} == set(submitter_cgacs)
assert {s_frec.frec_code} == set(submitter_frecs)
dabs_cgacs, dabs_frecs = call_list_agencies(perm_type='dabs')
assert {r_cgac.cgac_code, w_cgac.cgac_code} == set(dabs_cgacs)
assert {s_frec.frec_code} == set(dabs_frecs)
fabs_cgacs, fabs_frecs = call_list_agencies(perm_type='fabs')
assert {f_cgac.cgac_code} == set(fabs_cgacs)
assert {e_frec.frec_code} == set(fabs_frecs)
# mix
mix_cgacs, mix_frecs = call_list_agencies(perm_level='submitter',
perm_type='fabs')
assert {f_cgac.cgac_code} == set(mix_cgacs)
assert set() == set(mix_frecs)
