def test_delete_assessment_by_role(self, role_name):
"""Delete assessment not allowed for based on Assignee Type."""
with factories.single_commit():
assessment = factories.AssessmentFactory()
context = factories.ContextFactory(related_object=assessment)
assessment.context = context
person = factories.PersonFactory()
object_person_rel = factories.RelationshipFactory(
source=assessment, destination=person)
factories.RelationshipAttrFactory(
relationship_id=object_person_rel.id,
attr_name="AssigneeType",
attr_value=role_name,
)
assessment_id = assessment.id
role = all_models.Role.query.filter(
all_models.Role.name == "Creator").first()
self.generator.generate_user_role(person, role, context)
self.api.set_user(person)
assessment = all_models.Assessment.query.get(assessment_id)
resp = self.api.delete(assessment)
self.assert403(resp)
self.assertTrue(
all_models.Assessment.query.filter(
all_models.Assessment.id == assessment_id).one())
def create_assignees(cls, obj, persons):
"""Create assignees for object.
This is used only during object creation because we cannot create
assignees at that point yet.
Args:
obj: Assignable object.
persons: [("(string) email", "Assignee roles"), ...] A list of people
and their roles
Returns:
[(person, object-person relationship,
object-person relationship attributes), ...] A list of persons with
their relationships and relationship attributes.
"""
assignees = []
for person, roles in persons:
person = factories.PersonFactory(email=person)
object_person_rel = factories.RelationshipFactory(
source=obj,
destination=person
)
object_person_rel_attrs = factories.RelationshipAttrFactory(
relationship_id=object_person_rel.id,
attr_name="AssigneeType",
attr_value=roles
)
assignees += [(person, object_person_rel, object_person_rel_attrs)]
return assignees
def test_add_comment(self):
"""Test add comment action."""
generator = ObjectGenerator()
_, reader = generator.generate_person(user_role="Reader")
self.api.set_user(reader)
assessment = factories.AssessmentFactory()
context = factories.ContextFactory(related_object=assessment)
assessment.context = context
object_person_rel = factories.RelationshipFactory(source=assessment,
destination=reader)
factories.RelationshipAttrFactory(relationship_id=object_person_rel.id,
attr_name="AssigneeType",
attr_value="Creator,Assessor")
response = self.api.put(
assessment, {
"actions": {
"add_related": [{
"id": None,
"type": "Comment",
"description": "comment",
"custom_attribute_definition_id": None,
}]
}
})
self.assert200(response)
# last relationship id (newly created relationship)
rel_id = max(
i["id"]
for i in response.json["assessment"]["related_destinations"])
relationship = all_models.Relationship.query.get(rel_id)
self.assertIsNotNone(relationship)
comment = all_models.Comment.query.get(relationship.destination_id)
self.assertEqual(comment.description, "comment")
self.assertEqual(comment.assignee_type, "Creator,Assessor")
self.assertEqual(comment.context_id, assessment.context_id)
def setUp(self):
super(TestPermissionsOnAssessmentRelatedAssignables, self).setUp()
self.api = Api()
self.generator = ObjectGenerator()
_, self.reader = self.generator.generate_person(user_role="Reader")
audit = factories.AuditFactory()
assessment = factories.AssessmentFactory(audit=audit)
object_person_rel = factories.RelationshipFactory(
source=assessment, destination=self.reader)
factories.RelationshipAttrFactory(relationship_id=object_person_rel.id,
attr_name="AssigneeType",
attr_value="Assessor")
factories.RelationshipFactory(source=audit, destination=assessment)
document = factories.DocumentFactory()
document_id = document.id
doc_rel = factories.RelationshipFactory(source=assessment,
destination=document)
doc_rel_id = doc_rel.id
self.api.set_user(self.reader)
self.document = all_models.Document.query.get(document_id)
self.doc_relationship = all_models.Relationship.query.get(doc_rel_id)
def setUp(self):
super(TestAssessmentNotification, self).setUp()
self.client.get("/login")
self.api = api_helper.Api()
self.auditor = Person.query.filter_by(email="*****@*****.**").one()
self.api.set_user(self.auditor)
audit = factories.AuditFactory()
self.api.post(
Assessment, {
"assessment": {
"title":
"Assessment1",
"context":
None,
"audit": {
"id": audit.id,
"type": "Audit",
},
"access_control_list": [{
"person": {
"id": self.auditor.id,
"type": "Person",
},
"ac_role_id": self.primary_role_id,
"context": None
}],
"status":
"In Progress",
}
})
self.assessment = Assessment.query.filter_by(title="Assessment1").one()
auditor = Person.query.filter_by(email="*****@*****.**").one()
assessment_person_rel = factories.RelationshipFactory(
source=self.assessment, destination=auditor)
factories.RelationshipAttrFactory(
relationship_id=assessment_person_rel.id,
attr_name="AssigneeType",
attr_value="Assessor")
self.cad1 = factories.CustomAttributeDefinitionFactory(
definition_type="assessment",
title="ca1",
)
factories.CustomAttributeValueFactory(custom_attribute=self.cad1,
attributable=self.assessment)
self.cad2 = factories.CustomAttributeDefinitionFactory(
definition_type="assessment",
attribute_type="Map:Person",
title="ca2",
)
factories.CustomAttributeValueFactory(custom_attribute=self.cad2,
attributable=self.assessment)
self.cad3 = factories.CustomAttributeDefinitionFactory(
definition_type="assessment",
attribute_type="Checkbox",
title="ca3",
)
factories.CustomAttributeValueFactory(custom_attribute=self.cad3,
attributable=self.assessment)
db.engine.execute("""
UPDATE notifications
SET sent_at = NOW()
""")