class TestFolderField(TestCase): """Test class about all folder field activities.""" FOLDERABLE_FACTORIES = [ factories.AccessGroupFactory, factories.AccountBalanceFactory, factories.ContractFactory, factories.ControlFactory, factories.DataAssetFactory, factories.DirectiveFactory, factories.FacilityFactory, factories.IssueFactory, factories.KeyReportFactory, factories.MarketFactory, factories.MetricFactory, factories.ObjectiveFactory, factories.OrgGroupFactory, factories.PolicyFactory, factories.ProcessFactory, factories.ProductFactory, factories.ProductGroupFactory, factories.ProgramFactory, factories.ProjectFactory, factories.RegulationFactory, factories.RequirementFactory, factories.RiskFactory, factories.StandardFactory, factories.SystemFactory, factories.TechnologyEnvironmentFactory, factories.ThreatFactory, factories.VendorFactory, ] def setUp(self): super(TestFolderField, self).setUp() self.api = Api() self.api.login_as_normal() @ddt.data(*FOLDERABLE_FACTORIES) def test_create_object(self, factory): """Test create folder field for {0._meta.model.__name__}.""" test_folder_name = "tmp_folder_create_name" self.assertEqual( test_folder_name, factory(folder=test_folder_name).folder ) @ddt.data(*FOLDERABLE_FACTORIES) def test_get_object(self, factory): """Test get folder field for {0._meta.model.__name__}.""" test_folder_name = "tmp_folder_get_name" obj = factory(folder=test_folder_name) data = self.api.get(obj, obj.id).json self.assertEqual( test_folder_name, data[obj._inflector.table_singular.lower()]["folder"] ) NOT_PUTABLE_FACTORIES = NOT_POSTABLE_FACTORIES = [ factories.DirectiveFactory, ] @ddt.data(*FOLDERABLE_FACTORIES) def test_put_object(self, factory): """Test put folder field for {0._meta.model.__name__}.""" test_folder_name = "tmp_folder_put_name" obj = factory(folder=test_folder_name) update_test_folder_name = "upd_tmp_folder_put_name" obj_id = obj.id if factory in self.NOT_PUTABLE_FACTORIES: with self.assertRaises(NotImplementedError): self.api.put(obj, {"folder": update_test_folder_name}) else: if isinstance(obj, Synchronizable): # Currently external user can't modify folder field # because of WithProtectedAttributes mixin return self.api.put(obj, {"folder": update_test_folder_name}) self.assertEqual( update_test_folder_name, obj.__class__.query.get(obj_id).folder ) @ddt.data(*FOLDERABLE_FACTORIES) def test_post_object(self, factory): """Test post folder field for {0._meta.model.__name__}.""" test_folder_name = "tmp_folder_put_name" obj = factory(folder=test_folder_name) obj_id = obj.id key = obj._inflector.table_singular.lower() post_data = self.api.get(obj, obj.id).json model = obj.__class__ db.session.delete(obj) db.session.commit() del post_data[key]["id"] if factory in self.NOT_POSTABLE_FACTORIES: with self.assertRaises(NotImplementedError): self.api.post(model, post_data) else: if isinstance(obj, Synchronizable): self.api.login_as_external() resp = self.api.post(model, post_data) new_obj_id = resp.json[key]["id"] self.assertNotEqual(obj_id, new_obj_id) self.assertEqual( test_folder_name, model.query.get(new_obj_id).folder )
class TestAccessControlListValidation(TestCase): """Test AccessControlList validation.""" def setUp(self): super(TestAccessControlListValidation, self).setUp() self.api = Api() self.api.login_as_external() role_ids = db.session.query(all_models.AccessControlRole.id).filter( all_models.AccessControlRole.object_type.in_( ("Control", "Objective")), all_models.AccessControlRole.name == "Admin").order_by( all_models.AccessControlRole.object_type) role_ids = [id_[0] for id_ in role_ids] self.control_admin_acr_id, self.objective_admin_acr_id = role_ids @mock.patch("ggrc.settings.INTEGRATION_SERVICE_URL", "mock") def test_create_with_wrong_acl(self): """Test creation of object with wrong ACR in ACL.""" response = self.api.post( all_models.Control, { "control": { "title": "Control title", "context": None, "access_control_list": [{ "ac_role_id": self.objective_admin_acr_id, "person": { "type": "Person", "id": factories.PersonFactory().id, } }], }, }) self.assert400(response) self.assertEqual(all_models.Control.query.count(), 0) def test_update_with_wrong_acl(self): """Test update of object with wrong ACR in ACL.""" with factories.single_commit(): control = factories.ControlFactory() control_id = control.id person = factories.PersonFactory() person_id = person.id factories.AccessControlPersonFactory( ac_list=control.acr_name_acl_map["Admin"], person=person, ) response = self.api.put( control, { "access_control_list": [{ "ac_role_id": self.objective_admin_acr_id, "person": { "type": "Person", "id": person_id, } }] }) self.assert400(response) acls = all_models.AccessControlList.query.filter_by( object_type="Control", object_id=control_id) for acl in acls: acl_obj_type = acl.object_type acr_obj_type = acl.ac_role.object_type self.assertEqual(acl_obj_type, acr_obj_type)
class TestFolderField(TestCase): """Test class about all folder field activities.""" FOLDERABLE_FACTORIES = [ factories.AccessGroupFactory, factories.AccountBalanceFactory, factories.ContractFactory, factories.ControlFactory, factories.DataAssetFactory, factories.DirectiveFactory, factories.FacilityFactory, factories.IssueFactory, factories.KeyReportFactory, factories.MarketFactory, factories.MetricFactory, factories.ObjectiveFactory, factories.OrgGroupFactory, factories.PolicyFactory, factories.ProcessFactory, factories.ProductFactory, factories.ProductGroupFactory, factories.ProgramFactory, factories.ProjectFactory, factories.RegulationFactory, factories.RequirementFactory, factories.RiskFactory, factories.StandardFactory, factories.SystemFactory, factories.TechnologyEnvironmentFactory, factories.ThreatFactory, factories.VendorFactory, ] def setUp(self): super(TestFolderField, self).setUp() self.api = Api() self.api.login_as_normal() @ddt.data(*FOLDERABLE_FACTORIES) def test_create_object(self, factory): """Test create folder field for {0._meta.model.__name__}.""" test_folder_name = "tmp_folder_create_name" self.assertEqual(test_folder_name, factory(folder=test_folder_name).folder) @ddt.data(*FOLDERABLE_FACTORIES) def test_get_object(self, factory): """Test get folder field for {0._meta.model.__name__}.""" test_folder_name = "tmp_folder_get_name" obj = factory(folder=test_folder_name) data = self.api.get(obj, obj.id).json self.assertEqual(test_folder_name, data[obj._inflector.table_singular.lower()]["folder"]) NOT_PUTABLE_FACTORIES = NOT_POSTABLE_FACTORIES = [ factories.DirectiveFactory, ] @ddt.data(*FOLDERABLE_FACTORIES) def test_put_object(self, factory): """Test put folder field for {0._meta.model.__name__}.""" test_folder_name = "tmp_folder_put_name" obj = factory(folder=test_folder_name) update_test_folder_name = "upd_tmp_folder_put_name" obj_id = obj.id if factory in self.NOT_PUTABLE_FACTORIES: with self.assertRaises(NotImplementedError): self.api.put(obj, {"folder": update_test_folder_name}) else: if isinstance(obj, Synchronizable): # Currently external user can't modify folder field # because of WithProtectedAttributes mixin return self.api.put(obj, {"folder": update_test_folder_name}) self.assertEqual(update_test_folder_name, obj.__class__.query.get(obj_id).folder) @ddt.data(*FOLDERABLE_FACTORIES) def test_post_object(self, factory): """Test post folder field for {0._meta.model.__name__}.""" test_folder_name = "tmp_folder_put_name" obj = factory(folder=test_folder_name) obj_id = obj.id key = obj._inflector.table_singular.lower() post_data = self.api.get(obj, obj.id).json model = obj.__class__ db.session.delete(obj) db.session.commit() del post_data[key]["id"] if factory in self.NOT_POSTABLE_FACTORIES: with self.assertRaises(NotImplementedError): self.api.post(model, post_data) else: if isinstance(obj, Synchronizable): self.api.login_as_external() resp = self.api.post(model, post_data) new_obj_id = resp.json[key]["id"] self.assertNotEqual(obj_id, new_obj_id) self.assertEqual(test_folder_name, model.query.get(new_obj_id).folder)