def _test_category_update_by_user_without_permissions(
self, category_code, field_name, not_allowed, many=False):
old_risk_ids = list(self.engagement.risks.values_list('id', flat=True))
category_dict = {"children": []}
parent_category = RiskCategoryFactory(code=category_code)
for i in range(0, 3):
nested_category = RiskCategoryFactory(parent=parent_category,
code=category_code)
nested_category_data = {"id": nested_category.id, "blueprints": []}
for blueprint_number in range(0, 4):
blueprint = RiskBluePrintFactory(category=nested_category)
blueprint_data = {
"id": blueprint.id,
}
risk_data = {
"value": random.randint(1, 2),
}
if not many:
blueprint_data['risk'] = risk_data
else:
blueprint_data['risks'] = [risk_data]
nested_category_data["blueprints"].append(blueprint_data)
category_dict['children'].append(nested_category_data)
self.forced_auth_req('patch',
'/api/audit/%s/%d/' % (
self.endpoint,
self.engagement.id,
),
user=not_allowed,
data={field_name: category_dict})
new_risk_ids = list(self.engagement.risks.values_list('id', flat=True))
self.assertEqual(new_risk_ids, old_risk_ids)
def test_save_code_change(self):
"""If code has changed ensure tracker is updated """
r = RiskCategoryFactory(code="123")
r.code = "321"
r.save()
self.assertEqual(r.code_tracker.previous("code"), "321")
r_updated = RiskCategory.objects.get(pk=r.pk)
self.assertEqual(r_updated.code, "321")
def test_risk_blueprint(self):
risk_category = RiskCategoryFactory.build(header='two')
instance = RiskBluePrintFactory.build(category=risk_category)
self.assertEqual(str(instance), 'RiskBluePrint at two')
risk_category = RiskCategoryFactory.build(header='tv\xe5')
instance = RiskBluePrintFactory.build(category=risk_category)
self.assertEqual(str(instance), 'RiskBluePrint at tv\xe5')
def test_save_code_change(self):
"""If code has changed ensure tracker is updated """
r = RiskCategoryFactory(code="123")
r.code = "321"
r.save()
self.assertEqual(r.code_tracker.previous("code"), "321")
r_updated = RiskCategory.objects.get(pk=r.pk)
self.assertEqual(r_updated.code, "321")
def test_risk_blueprint(self):
risk_category = RiskCategoryFactory.build(header='two')
instance = RiskBluePrintFactory.build(category=risk_category)
self.assertEqual(str(instance), 'RiskBluePrint at two')
risk_category = RiskCategoryFactory.build(header='tv\xe5')
instance = RiskBluePrintFactory.build(category=risk_category)
self.assertEqual(str(instance), 'RiskBluePrint at tv\xe5')
def _update_unexisted_blueprint(self,
field_name,
category_code,
allowed_user,
many=False):
category = RiskCategoryFactory(code=category_code)
blueprint = RiskBluePrintFactory(category=category)
blueprint_data = {
"id": blueprint.id + 1,
}
risk_data = {
"value": random.randint(1, 2),
}
if not many:
blueprint_data['risk'] = risk_data
else:
blueprint_data['risks'] = [risk_data]
data = {field_name: {"blueprints": [blueprint_data]}}
response = self.forced_auth_req('patch',
'/api/audit/%s/%d/' % (
self.endpoint,
self.engagement.id,
),
user=allowed_user,
data=data)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_clean_parent(self):
parent = RiskCategoryFactory(code="123")
r = RiskCategory(parent=parent)
self.assertIsNone(r.clean())
def test_clean_code_exists(self):
"""If code exists then validation eror"""
RiskCategoryFactory(code="123")
with self.assertRaises(ValidationError):
r = RiskCategory(code="123")
r.clean()
def test_str_with_parent(self):
parent = RiskCategoryFactory(header="Parent")
r = RiskCategoryFactory(header="Header", parent=parent)
self.assertEqual(str(r), "RiskCategory Header, parent: Parent")
def test_rick_category(self):
instance = RiskCategoryFactory.build(header='two')
self.assertEqual(str(instance), 'RiskCategory two')
instance = RiskCategoryFactory.build(header='tv\xe5')
self.assertEqual(str(instance), 'RiskCategory tv\xe5')
def _test_engagement_categories(self,
category_code,
field_name,
allowed_user,
many=False):
'''
Request example:
{
"questionnaire": {
"children": [
{
"id": 11,
"blueprints": [
{
"id": 1,
"risk: {
"value": 4
}
},
{
"id": 2,
"risk": {
"value": 0
}
}
]
},
{
"id": 12,
"blueprints": [
{
"id": 12,
"risk": {
"value": 4
}
}
]
}
]
}
}
'''
old_risk_ids = list(self.engagement.risks.values_list('id', flat=True))
category_dict = {"children": []}
parent_category = RiskCategoryFactory(code=category_code)
for i in range(0, 3):
nested_category = RiskCategoryFactory(parent=parent_category,
code=category_code)
nested_category_data = {"id": nested_category.id, "blueprints": []}
for blueprint_number in range(0, 4):
blueprint = RiskBluePrintFactory(category=nested_category)
blueprint_data = {
"id": blueprint.id,
}
risk_data = {
"value": random.randint(1, 2),
}
if not many:
blueprint_data['risk'] = risk_data
else:
blueprint_data['risks'] = [risk_data]
nested_category_data["blueprints"].append(blueprint_data)
category_dict['children'].append(nested_category_data)
response = self.forced_auth_req('patch',
'/api/audit/%s/%d/' % (
self.endpoint,
self.engagement.id,
),
user=allowed_user,
data={field_name: category_dict})
self.assertEqual(response.status_code, status.HTTP_200_OK)
new_risk_ids = list(self.engagement.risks.values_list('id', flat=True))
self.assertNotEqual(new_risk_ids, old_risk_ids)
def test_rick_category(self):
instance = RiskCategoryFactory.build(header='two')
self.assertEqual(str(instance), 'RiskCategory two')
instance = RiskCategoryFactory.build(header='tv\xe5')
self.assertEqual(str(instance), 'RiskCategory tv\xe5')