def generate_tasks_for_cycle(group_count, task_count):
"""generate number of task groups and task for current task group"""
role_names = ("Task Assignees", "Task Secondary Assignees")
results = {}
with ggrc_factories.single_commit():
workflow = factories.WorkflowFactory()
cycle = factories.CycleFactory(workflow=workflow)
task_group = factories.TaskGroupFactory(workflow=workflow)
for idx in range(group_count):
person = ggrc_factories.PersonFactory(
name="user for group {}".format(idx))
cycle_task_group = factories.CycleTaskGroupFactory(
cycle=cycle, contact=person)
for _ in range(task_count):
task_group_task = factories.TaskGroupTaskFactory(
task_group=task_group)
for r_name in role_names:
ggrc_factories.AccessControlPersonFactory(
ac_list=task_group_task.acr_name_acl_map[r_name],
person=person,
)
task = factories.CycleTaskGroupObjectTaskFactory(
cycle=cycle,
cycle_task_group=cycle_task_group,
task_group_task=task_group_task)
for r_name in role_names:
ggrc_factories.AccessControlPersonFactory(
person=person,
ac_list=task.acr_name_acl_map[r_name],
)
results[task.id] = cycle_task_group.slug
return results
def _create_assessments(self, audit, types, offset=1):
"""Create one assessment for each assessment type in a given audit."""
user = models.Person.query.first()
for i, type_ in enumerate(types):
assessment = self._create_obj(
factories.AssessmentFactory,
"Assessment {}".format(i + offset),
audit=audit,
assessment_type=type_,
)
if i % 2 == 0:
factories.RelationshipFactory(source=audit,
destination=assessment)
else:
factories.RelationshipFactory(source=assessment,
destination=audit)
factories.AccessControlPersonFactory(
ac_list=assessment.acr_name_acl_map["Assignees"],
person=user,
)
factories.AccessControlPersonFactory(
ac_list=assessment.acr_name_acl_map["Creators"],
person=user,
)
def setUp(self):
super(TestRelevant, self).setUp()
self.client.get("/login")
with factories.single_commit():
assessment = factories.AssessmentFactory()
factories.RelationshipFactory(
source=assessment.audit,
destination=assessment,
)
people = {}
for person in self.PEOPLE:
people[person[0]] = factories.PersonFactory(email=person[1])
# Correct roles and propagation for a given assessment
factories.AccessControlPersonFactory(
ac_list=assessment.acr_name_acl_map["Assignees"],
person=people["assignee"],
)
factories.AccessControlPersonFactory(
ac_list=assessment.audit.acr_name_acl_map["Auditors"],
person=people["auditor"],
)
factories.AccessControlPersonFactory(
ac_list=assessment.audit.program.
acr_name_acl_map["Program Editors"],
person=people["program_editor"],
)
def test_program_read_as_creator(self, program_role):
"""Test access to proposal for program reader/editor as Creator role"""
with factories.single_commit():
program = factories.ProgramFactory()
program_manager = factories.PersonFactory()
factories.AccessControlPersonFactory(
ac_list=program.acr_name_acl_map["Program Managers"],
person=program_manager,
)
program_id = program.id
# make query to create proposal by program_manager
self.api.set_user(program_manager)
self.client.get("/login")
acr_class = all_models.AccessControlRole
acr = acr_class.query.filter(
acr_class.name == 'ProposalEditor',
acr_class.object_type == 'Proposal').one()
create_data = self._get_create_proposal_request(
program_id, acr.id, program_manager.id)
self.api.post(all_models.Proposal, create_data)
query_data = _get_query_proposal_request(program_id)
headers = {
"Content-Type": "application/json",
}
resp = self.api.client.post("/query",
data=json.dumps(query_data),
headers=headers).json
self.assertEqual(1, len(resp))
self.assertEqual(resp[0]["Proposal"]["count"], 1)
role_creator = all_models.Role.query.filter(
all_models.Role.name == "Creator").one()
# make query to check proposals by Creator role person
with factories.single_commit():
person = factories.PersonFactory()
rbac_factories.UserRoleFactory(role=role_creator, person=person)
factories.AccessControlPersonFactory(
ac_list=program.acr_name_acl_map[program_role],
person=person,
)
self.api.set_user(person)
self.client.get("/login")
query_data = _get_query_proposal_request(program_id)
headers = {
"Content-Type": "application/json",
}
resp = self.api.client.post("/query",
data=json.dumps(query_data),
headers=headers).json
self.assertEqual(1, len(resp))
self.assertEqual(resp[0]["Proposal"]["count"], 1)
def setUp(self):
super(TestRevisionHistory, self).setUp()
self.api = Api()
roles = {r.name: r for r in all_models.Role.query.all()}
with factories.single_commit():
factories.AccessControlRoleFactory(
name="ACL_Reader",
object_type="Control",
update=0,
)
factories.AccessControlRoleFactory(
name="ACL_Editor",
object_type="Control"
),
with factories.single_commit():
self.control = factories.ControlFactory()
self.program = factories.ProgramFactory()
self.program.context.related_object = self.program
self.relationship = factories.RelationshipFactory(
source=self.program,
destination=self.control,
context=self.program.context,
)
self.people = {
"Creator": factories.PersonFactory(),
"Reader": factories.PersonFactory(),
"Editor": factories.PersonFactory(),
"Administrator": factories.PersonFactory(),
"ACL_Reader": factories.PersonFactory(),
"ACL_Editor": factories.PersonFactory(),
"Program Editors": factories.PersonFactory(),
"Program Managers": factories.PersonFactory(),
"Program Readers": factories.PersonFactory(),
}
for role_name in ["Creator", "Reader", "Editor", "Administrator"]:
rbac_factories.UserRoleFactory(role=roles[role_name],
person=self.people[role_name])
for role_name in ["Program Editors",
"Program Managers",
"Program Readers"]:
person = self.people[role_name]
rbac_factories.UserRoleFactory(role=roles["Creator"], person=person)
factories.AccessControlPersonFactory(
ac_list=self.program.acr_name_acl_map[role_name],
person=self.people[role_name],
)
with factories.single_commit():
for role_name in ["ACL_Reader", "ACL_Editor"]:
rbac_factories.UserRoleFactory(role=roles["Creator"],
person=self.people[role_name])
factories.AccessControlPersonFactory(
ac_list=self.control.acr_name_acl_map[role_name],
person=self.people[role_name],
)
def create_assignees(cls, obj, persons):
"""Create assignees for object.
This is used only during object creation because we cannot create
assignees at that point yet.
Args:
obj: Assignable object.
persons: [("(string) email", "Assignee roles"), ...] A list of people
and their roles
Returns:
[(person, acr_role), ...] A list of persons with their roles.
"""
assignees = []
with factories.single_commit():
for person, roles in persons:
person = factories.PersonFactory(email=person)
for role in roles.split(","):
factories.AccessControlPersonFactory(
ac_list=obj.acr_name_acl_map[role],
person=person,
)
assignees.append((person, role))
return assignees
def test_update_with_wrong_acl(self):
"""Test update of object with wrong ACR in ACL."""
with factories.single_commit():
control = factories.ControlFactory()
control_id = control.id
person = factories.PersonFactory()
person_id = person.id
factories.AccessControlPersonFactory(
ac_list=control.acr_name_acl_map["Admin"],
person=person,
)
response = self.api.put(
control, {
"access_control_list": [{
"ac_role_id": self.objective_admin_acr_id,
"person": {
"type": "Person",
"id": person_id,
}
}]
})
self.assert400(response)
acls = all_models.AccessControlList.query.filter_by(
object_type="Control", object_id=control_id)
for acl in acls:
acl_obj_type = acl.object_type
acr_obj_type = acl.ac_role.object_type
self.assertEqual(acl_obj_type, acr_obj_type)
def test_custom_role(self, url, role_name, role_read, role_update,
role_delete, expected_status):
"""Test {0} for user with custom role {1}"""
# pylint: disable=too-many-arguments
role_creator = all_models.Role.query.filter(
all_models.Role.name == "Creator").one()
factories.AccessControlRoleFactory(name=role_name,
object_type="Product",
read=role_read,
update=role_update,
delete=role_delete)
with factories.single_commit():
obj = factories.ProductFactory(folder="a")
person = factories.PersonFactory()
rbac_factories.UserRoleFactory(role=role_creator, person=person)
factories.AccessControlPersonFactory(
ac_list=obj.acr_name_acl_map[role_name],
person=person,
)
obj_id = obj.id
person_id = person.id
self.api.set_user(all_models.Person.query.get(person_id))
response = self.api.client.post(url,
content_type="application/json",
data=self._get_request_data(
'Product', obj_id, folder="a"))
self.assertStatus(response, expected_status)
def test_export_deleted_acr(self):
"""Test exporting snapshots with ACL entries for deleted ACRs."""
# pylint: disable=too-many-locals
ac_role = factories.AccessControlRoleFactory(
object_type="Control",
name="Custom Role",
)
with factories.single_commit():
# Create one more custom role
control = factories.ControlFactory(slug="Control 1")
person = factories.PersonFactory()
factories.AccessControlPersonFactory(
ac_list=control.acr_acl_map[ac_role],
person=person,
)
audit = factories.AuditFactory()
# pylint: disable=protected-access
# This is used to update control revision data with the new ACL entry
# without making a put request to that control.
factories.ModelFactory._log_event(control)
self._create_snapshots(audit, [control])
db.session.delete(ac_role)
db.session.commit()
parsed_data = self.export_parsed_csv(
self.search_request)["Control Snapshot"][0]
self.assertNotIn("Custom Role", parsed_data)
def test_remove_related_forbidden_for_system_roles(self, role,
system_role):
"""Test system roles are not allowed to delete related evidence"""
asmt_id = self.asmt.id
with factories.single_commit():
self._prepare_mandatory_evidence_cad()
factories.RelationshipFactory(
source=self.asmt,
destination=self.evidence,
)
person = factories.PersonFactory()
creator_role = all_models.Role.query.filter(
all_models.Role.name == system_role).one()
rbac_factories.UserRoleFactory(role=creator_role, person=person)
factories.AccessControlPersonFactory(
ac_list=self.asmt.acr_name_acl_map[role],
person=person,
)
evid_id = self.evidence.id
self.api.set_user(person)
response = self.api.put(all_models.Assessment.query.get(asmt_id), {
"actions": {
"remove_related": [{
"id": evid_id,
"type": "Evidence"
}]
},
})
self.assert403(response)
evidence = all_models.Evidence.query.get(evid_id)
self.assertIsNotNone(evidence)
def test_label_in_new_tab(self):
"""Test labels created by global creator in new tab"""
with factories.single_commit():
role = "Creator"
role_name = "Creators"
person = factories.PersonFactory()
creator_role = all_models.Role.query.filter(
all_models.Role.name == role).one()
rbac_factories.UserRoleFactory(role=creator_role, person=person)
self.api.set_user(person)
with factories.single_commit():
assessment = factories.AssessmentFactory()
factories.AccessControlPersonFactory(
ac_list=assessment.acr_name_acl_map[role_name],
person=person,
)
label_name = "Test Label"
response = self.api.put(
assessment,
{'labels': [{
'name': label_name,
'id': None,
'type': 'Label'
}]})
self.assert200(response)
response = self.api.get(assessment, assessment.id)
self.assert200(response)
labels = response.json['assessment']['labels']
self.assertEqual(len(labels), 1)
self.assertEqual(labels[0]['name'], label_name)
def map_created_control(self):
"""Map Control that was created by user to Cycle Task."""
task_group = all_models.TaskGroup.query.get(self.task_group_id)
with factories.single_commit():
control = factories.ControlFactory()
for acl in control._access_control_list:
if acl.ac_role_id == self.admin_control_id:
factories.AccessControlPersonFactory(
person_id=self.user_id,
ac_list=acl,
)
return self.api.post(
all_models.TaskGroupObject, {
"task_group_object": {
"context": None,
"object": {
"id": control.id,
"type": "Control",
},
"task_group": {
"id": task_group.id,
"type": "TaskGroup",
},
}
})
def test_old_comments(self):
"""Test if notifications will be sent for mix of old and new comments"""
cur_user = all_models.Person.query.filter_by(
email="*****@*****.**").first()
with factories.single_commit():
assessment = factories.AssessmentFactory()
factories.AccessControlPersonFactory(
ac_list=assessment.acr_name_acl_map["Assignees"],
person=cur_user,
)
with freeze_time("2015-04-01 17:13:10"):
self.generator.generate_comment(assessment,
"",
"some comment1",
send_notification="true")
self.generator.generate_comment(assessment,
"",
"some comment2",
send_notification="true")
response = self.client.get("/_notifications/show_pending")
for comment in ["some comment1", "some comment2"]:
self.assertIn(
comment, response.data,
"Information about comment '{}' absent in report".format(
comment))
def test_generation_allowed_for_assmts(self, status):
"""Test ticket generation allowed for Assessment in {} status"""
with factories.single_commit():
audit = factories.AuditFactory()
factories.IssueTrackerIssueFactory(
issue_tracked_obj=audit,
enabled=True,
)
assmt = factories.AssessmentFactory(status=status, audit=audit)
person = factories.PersonFactory()
factories.AccessControlPersonFactory(
ac_list=assmt.acr_name_acl_map["Verifiers"],
person=person,
)
factories.IssueTrackerIssueFactory(
issue_tracked_obj=assmt,
enabled=False,
issue_id=None,
)
response = self.import_data(OrderedDict([
("object_type", "Assessment"),
("Code*", assmt.slug),
("Ticket Tracker Integration", "On"),
]))
self._check_csv_response(response, {})
assmt = all_models.Assessment.query.one()
self.assertTrue(assmt.issue_tracker["enabled"])
self.mock_create_issue.assert_called_once()
def test_index_by_acr(self):
"""Test index by ACR."""
role_name = "Test name"
factories.AccessControlRoleFactory(name=role_name, object_type="Control")
with factories.single_commit():
person = factories.PersonFactory(email="*****@*****.**", name='test')
control = factories.ControlFactory()
factories.AccessControlPersonFactory(
ac_list=control.acr_name_acl_map[role_name],
person=person,
)
revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == control.id,
all_models.Revision.resource_type == control.type,
).one()
revision.content = control.log_json()
db.session.add(revision)
with factories.single_commit():
snapshot = factories.SnapshotFactory(
child_id=control.id,
child_type=control.type,
revision=revision)
db.session.expire_all()
person_id = person.id
snapshot_id = snapshot.id
self.client.post("/admin/full_reindex")
person = all_models.Person.query.get(person_id)
snapshot = all_models.Snapshot.query.get(snapshot_id)
self.assert_indexed_fields(snapshot, role_name, {
"{}-email".format(person.id): person.email,
"{}-name".format(person.id): person.name,
"__sort__": person.email,
})
def test_person_relevant(self, acr_name, acr_obj_resolver, email,
expected_count):
"""Check that only assessment roles can see relevant assessments"""
with factories.single_commit():
assessment = factories.AssessmentFactory()
factories.RelationshipFactory(
source=assessment.audit,
destination=assessment,
)
person = factories.PersonFactory(email=email)
factories.AccessControlPersonFactory(
ac_list=acr_obj_resolver(
assessment).acr_name_acl_map[acr_name],
person=person,
)
ids = self._get_first_result_set(
self._make_relevant_filter(
target_type="Assessment",
relevant_obj=person,
),
"Assessment",
"ids",
)
self.assertEqual(
len(ids), expected_count,
"Invalid relevant assessments count ({} instead of {}) for {}.".
format(
len(ids),
expected_count,
acr_name,
))
def test_mandatory_delete(self, mandatory, exp_response):
"""Test set empty field via import if acr mandatory is {mandatory}"""
role = factories.AccessControlRoleFactory(
name=ROLE_NAME,
object_type="Program",
mandatory=mandatory,
)
with factories.single_commit():
user = factories.PersonFactory()
program = factories.ProgramFactory()
role_id = role.id
factories.AccessControlPersonFactory(
ac_list=program.acr_name_acl_map[ROLE_NAME],
person=user,
)
response = self.import_data(
OrderedDict([
("object_type", "Program"),
("Code*", program.slug),
(ROLE_NAME, "--"),
]))
self._check_csv_response(response, exp_response)
db_data = defaultdict(set)
program = all_models.Program.query.get(program.id)
for person, acl in program.access_control_list:
db_data[acl.ac_role_id].add(person.id)
if mandatory:
cur_user = all_models.Person.query.filter_by(
email="*****@*****.**").first()
self.assertEqual(set([cur_user.id]), db_data[role_id])
else:
self.assertFalse(db_data[role_id])
def test_partially_rights(self):
"""Test generation if user has rights on part of Assessments."""
audit_id, assessment_ids = self.setup_assessments(3)
changed_asmnt_id = assessment_ids[0]
norights_asmnt_ids = assessment_ids[1:]
_, assignee_user = self.gen.generate_person(user_role="Creator")
audit_role = factories.AccessControlRoleFactory(name="Edit Role",
object_type="Audit",
update=True)
with factories.single_commit():
assessment = all_models.Assessment.query.get(changed_asmnt_id)
assessment.add_person_with_role_name(assignee_user, "Creators")
acl = factories.AccessControlListFactory(
object_id=audit_id,
object_type="Audit",
ac_role_id=audit_role.id,
)
factories.AccessControlPersonFactory(
person=assignee_user,
ac_list=acl,
)
self.api.set_user(assignee_user)
response = self.generate_children_issues_for("Audit", audit_id,
"Assessment")
self.assert200(response)
self.assert_children_asmnt_issues([changed_asmnt_id])
self.assert_not_updated("Assessment", norights_asmnt_ids)
def test_no_reindex_acr_for_same_obj(self):
"""Test that reindex records appear if
acl is populated with current obj's role."""
system_role_name = "Admin"
with factories.single_commit():
person = factories.PersonFactory(name="Test Name")
system = factories.SystemFactory()
audit = factories.AuditFactory()
factories.AccessControlPersonFactory(
ac_list=system.acr_name_acl_map[system_role_name],
person=person,
)
person_id = person.id
person_name = person.name
person_email = person.email
revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == system.id,
all_models.Revision.resource_type == system.type
).one()
revision.content = system.log_json()
db.session.add(revision)
db.session.commit()
self._create_snapshots(audit, [system])
self.assert_indexed_fields(system, system_role_name, {
"{}-email".format(person_id): person_email,
"{}-name".format(person_id): person_name,
"__sort__": person_email,
})
def test_acl_roles_clear(self):
"""Test clearing ACL roles for Program with '--' value"""
with factories.single_commit():
program = factories.ProgramFactory()
for role in [
"Program Editors", "Program Editors", "Program Readers"
]:
person = factories.PersonFactory()
acl = program.acr_name_acl_map[role]
factories.AccessControlPersonFactory(
ac_list=acl,
person=person,
)
for role in {"Program Editors", "Program Readers"}:
response = self.import_data(
OrderedDict([
("object_type", program.type),
("code", program.slug),
(role, "--"),
]))
self._check_csv_response(response, {})
program = models.all_models.Program.query.first()
for _, acl in program.access_control_list:
self.assertNotEqual(acl.ac_role.name, role)
def create_audit(self, archived=False):
"""Create an audit object and fix the it's context"""
audit = factories.AuditFactory(archived=archived)
factories.RelationshipFactory(
source=audit,
destination=audit.program,
)
# Add auditor & program editor roles
factories.AccessControlPersonFactory(
ac_list=audit.acr_name_acl_map["Auditors"],
person=self.users['auditor'],
)
factories.AccessControlPersonFactory(
ac_list=audit.program.acr_name_acl_map["Program Editors"],
person=self.users['programeditor'])
return audit
def test_cc_list_during_link(self, update_mock):
"""Test assessment linking functionality sync appropriate cc list"""
with factories.single_commit():
audit = factories.AuditFactory()
reporter = factories.PersonFactory(email="*****@*****.**")
audit.add_person_with_role_name(
reporter,
"Audit Captains",
)
factories.IssueTrackerIssueFactory(
enabled=True,
issue_tracked_obj=audit
)
assmt = factories.AssessmentFactory(audit=audit)
iti = factories.IssueTrackerIssueFactory(
enabled=True,
issue_id=TICKET_ID,
issue_tracked_obj=assmt,
)
user = factories.PersonFactory(email="*****@*****.**")
factories.AccessControlPersonFactory(
ac_list=assmt.acr_name_acl_map["Assignees"],
person=user,
)
user = factories.PersonFactory(email="*****@*****.**")
factories.AccessControlPersonFactory(
ac_list=assmt.acr_name_acl_map["Assignees"],
person=user,
)
new_ticket_id = TICKET_ID + 1
new_data = {"issue_id": new_ticket_id}
issue_request_payload = self.put_request_payload_builder(new_data)
new_data["ccs"] = ["*****@*****.**", "*****@*****.**"]
response_payload = self.response_payload_builder(new_data)
with mock.patch.object(
assessment_integration.AssessmentTrackerHandler,
'_is_tracker_enabled',
return_value=True
):
with mock.patch("ggrc.integrations.issues.Client.get_issue",
return_value=response_payload) as get_mock:
response = self.api.put(iti.issue_tracked_obj, issue_request_payload)
get_mock.assert_called_once()
self.assertEqual(set(update_mock.call_args_list[0][0][1]['ccs']),
{"*****@*****.**", "*****@*****.**", "*****@*****.**", "*****@*****.**"})
self.assert200(response)
def test_proposal_delete_acl(self, roles, deleted):
"""Test delete acl proposal for ACRs with internal flags as {roles}."""
role_person_list = []
with factories.single_commit():
control = factories.ControlFactory(title="1")
for idx, role_internal_flag in enumerate(roles):
role = factories.AccessControlRoleFactory(name="role_{}".format(idx),
object_type="Control",
internal=role_internal_flag)
person = factories.PersonFactory()
role_person_list.append((role, person))
acl = factories.AccessControlListFactory(
ac_role=role,
object=control,
)
factories.AccessControlPersonFactory(
ac_list=acl,
person=person,
)
with factories.single_commit():
latest_revision = all_models.Revision.query.filter(
all_models.Revision.resource_id == control.id,
all_models.Revision.resource_type == control.type
).order_by(
all_models.Revision.created_at.desc()
).first()
latest_revision.content = control.log_json()
control_id = control.id
control_content = control.log_json()
control_content["access_control_list"] = []
expected_result = {}
for idx, (role, person) in enumerate(role_person_list):
if deleted[idx]:
expected_result[str(role.id)] = {
"added": [],
"deleted": [{"id": person.id, "email": person.email}],
}
resp = self.api.post(
all_models.Proposal,
{"proposal": {
"instance": {
"id": control.id,
"type": control.type,
},
# "content": {"123": 123},
"full_instance_content": control_content,
"agenda": "delete access control roles",
"context": None,
}})
self.assertEqual(201, resp.status_code)
control = all_models.Control.query.get(control_id)
self.assertEqual(1, len(control.proposals))
self.assertIn("access_control_list", control.proposals[0].content)
acl = control.proposals[0].content["access_control_list"]
self.assertEqual(expected_result, acl)
self.assertEqual(1, len(control.comments))
def set_up_acl_object(self):
"""Set up a control with an access control role that grants RUD"""
self.all_acr = factories.AccessControlRoleFactory(
object_type="Control", read=True, update=True, delete=True)
self.control = factories.ControlFactory()
for name in ["Creator", "Reader", "Editor"]:
factories.AccessControlPersonFactory(
ac_list=self.control.acr_acl_map[self.all_acr],
person=self.people.get(name))
def assign_person(object_, acr, person_id):
"""Assign person to object."""
# pylint: disable=protected-access
for ac_list in object_._access_control_list:
if ac_list.ac_role.name == acr.name and acr.object_type == object_.type:
factories.AccessControlPersonFactory(
person_id=person_id,
ac_list=ac_list,
)
def test_mapped_regulations_read(self):
"""Test if creators can CRUD mapped Regulations and Objective snapshots."""
self.api.set_user(self.people.get("Editor"))
with factories.single_commit():
audit = factories.AuditFactory()
assessment = factories.AssessmentFactory(audit=audit)
factories.AccessControlPersonFactory(
ac_list=assessment.acr_name_acl_map["Creators"],
person=self.people.get("Editor"),
)
factories.AccessControlPersonFactory(
ac_list=assessment.acr_name_acl_map["Assignees"],
person=self.people.get("Creator"),
)
factories.RelationshipFactory(source=audit, destination=assessment)
control = factories.ControlFactory()
objective = factories.ObjectiveFactory()
regulation = factories.RegulationFactory()
snapshots = self._create_snapshots(
audit, [control, objective, regulation])
for snapshot in snapshots:
factories.RelationshipFactory(source=audit,
destination=snapshot)
factories.RelationshipFactory(source=snapshots[0],
destination=snapshots[1])
factories.RelationshipFactory(source=snapshots[2],
destination=snapshots[0])
factories.RelationshipFactory(source=assessment,
destination=snapshots[0])
self.api.set_user(self.people.get("Creator"))
for snapshot in snapshots:
db.session.add(snapshot)
response = self.api.get(type(snapshot), snapshot.id)
self.assertEqual(
response.status_code, 200,
"Cannot GET mapped object. Received {}".format(
response.status))
db.session.add(snapshot)
response = self.api.delete(snapshot)
self.assertEqual(
response.status_code, 403,
"Can DELETE mapped object. Received {}".format(
response.status))
def _create_acl(role, obj, user):
"""Propagate acl for obj"""
ac_role = all_models.AccessControlRole.query.filter(
all_models.AccessControlRole.name == role,
all_models.AccessControlRole.object_type == obj.__class__.__name__,
).one()
factories.AccessControlPersonFactory(
ac_list=obj.acr_acl_map[ac_role],
person=user,
)
def setUp(self):
super(TestCTGOT, self).setUp()
self.api = api_helper.Api()
with factories.single_commit():
assignee_1 = factories.PersonFactory(email=self.TASK_ASSIGNEE_1)
assignee_2 = factories.PersonFactory(email=self.TASK_ASSIGNEE_2)
workflow_admin = factories.PersonFactory(email=self.WORKFLOW_ADMIN)
nobody = factories.PersonFactory(email=self.NOBODY)
reader_role = all_models.Role.query.filter_by(name="Reader").one()
for person in [assignee_1, assignee_2, workflow_admin, nobody]:
bp_factories.UserRoleFactory(person=person,
role=reader_role,
context=None)
workflow = wf_factories.WorkflowFactory()
taskgroup = wf_factories.TaskGroupFactory(workflow=workflow)
task_1 = wf_factories.TaskGroupTaskFactory(task_group=taskgroup)
task_2 = wf_factories.TaskGroupTaskFactory(task_group=taskgroup)
factories.AccessControlPersonFactory(
ac_list=task_1.acr_name_acl_map["Task Assignees"],
person=assignee_1,
)
factories.AccessControlPersonFactory(
ac_list=task_2.acr_name_acl_map["Task Assignees"],
person=assignee_2,
)
sec_assignee = factories.PersonFactory(
email=self.TASK_SEC_ASSIGNEE)
factories.AccessControlPersonFactory(
ac_list=task_1.acr_name_acl_map["Task Secondary Assignees"],
person=sec_assignee,
)
factories.AccessControlPersonFactory(
ac_list=workflow.acr_name_acl_map["Admin"],
person=workflow_admin,
)
generator = wf_generator.WorkflowsGenerator()
self.cycle_id = generator.generate_cycle(workflow)[1].id
generator.activate_workflow(workflow)
def test_autogenerated_assignees_base_on_role(self, assessor_role,
verifier_role):
"""Test autogenerated assessment assignees base on template settings."""
assessor = "*****@*****.**"
verifier = "*****@*****.**"
auditors = collections.defaultdict(list)
with factories.single_commit():
self.audit.context = factories.ContextFactory()
auditors[assessor_role].append(
factories.PersonFactory(email=assessor))
if verifier_role is not None:
auditors[verifier_role].append(
factories.PersonFactory(email=verifier))
for role, people in auditors.iteritems():
ac_role = all_models.AccessControlRole.query.filter_by(
name=role,
object_type=self.snapshot.child_type,
).first()
if not ac_role:
ac_role = factories.AccessControlRoleFactory(
name=role,
object_type=self.snapshot.child_type,
)
factories.AccessControlListFactory(
ac_role=ac_role,
object=self.control, # snapshot child
)
db.session.commit()
for user in people:
factories.AccessControlPersonFactory(
ac_list=self.control.acr_acl_map[ac_role],
person=user,
)
default_people = {"assignees": assessor_role}
if verifier_role is not None:
default_people["verifiers"] = verifier_role
template = factories.AssessmentTemplateFactory(
test_plan_procedure=False,
procedure_description="Assessment Template Test Plan",
default_people=default_people)
self.snapshot.revision.content = self.control.log_json()
db.session.add(self.snapshot.revision)
response = self.assessment_post(template)
if assessor_role == verifier_role:
self.assert_assignees("Verifiers", response, assessor, verifier)
self.assert_assignees("Assignees", response, assessor, verifier)
elif verifier_role is None:
self.assert_assignees("Verifiers", response)
self.assert_assignees("Assignees", response, assessor)
else:
self.assert_assignees("Verifiers", response, verifier)
self.assert_assignees("Assignees", response, assessor)
self.assert_assignees("Creators", response, "*****@*****.**")
def generate_acls(self, users, role):
"""Helper method to generate audit acls for auditors/captains"""
people = []
for user in users:
person = factories.PersonFactory(email=user)
people += [person]
for person in people:
factories.AccessControlPersonFactory(
ac_list=self.audit.acr_acl_map[role],
person=person,
)
