class TestFolderField(TestCase):
"""Test class about all folder field activities."""
FOLDERABLE_FACTORIES = [
factories.AccessGroupFactory,
factories.AccountBalanceFactory,
factories.ContractFactory,
factories.ControlFactory,
factories.DataAssetFactory,
factories.DirectiveFactory,
factories.FacilityFactory,
factories.IssueFactory,
factories.KeyReportFactory,
factories.MarketFactory,
factories.MetricFactory,
factories.ObjectiveFactory,
factories.OrgGroupFactory,
factories.PolicyFactory,
factories.ProcessFactory,
factories.ProductFactory,
factories.ProductGroupFactory,
factories.ProgramFactory,
factories.ProjectFactory,
factories.RegulationFactory,
factories.RequirementFactory,
factories.RiskFactory,
factories.StandardFactory,
factories.SystemFactory,
factories.TechnologyEnvironmentFactory,
factories.ThreatFactory,
factories.VendorFactory,
]
def setUp(self):
super(TestFolderField, self).setUp()
self.api = Api()
self.api.login_as_normal()
@ddt.data(*FOLDERABLE_FACTORIES)
def test_create_object(self, factory):
"""Test create folder field for {0._meta.model.__name__}."""
test_folder_name = "tmp_folder_create_name"
self.assertEqual(
test_folder_name,
factory(folder=test_folder_name).folder
)
@ddt.data(*FOLDERABLE_FACTORIES)
def test_get_object(self, factory):
"""Test get folder field for {0._meta.model.__name__}."""
test_folder_name = "tmp_folder_get_name"
obj = factory(folder=test_folder_name)
data = self.api.get(obj, obj.id).json
self.assertEqual(
test_folder_name,
data[obj._inflector.table_singular.lower()]["folder"]
)
NOT_PUTABLE_FACTORIES = NOT_POSTABLE_FACTORIES = [
factories.DirectiveFactory,
]
@ddt.data(*FOLDERABLE_FACTORIES)
def test_put_object(self, factory):
"""Test put folder field for {0._meta.model.__name__}."""
test_folder_name = "tmp_folder_put_name"
obj = factory(folder=test_folder_name)
update_test_folder_name = "upd_tmp_folder_put_name"
obj_id = obj.id
if factory in self.NOT_PUTABLE_FACTORIES:
with self.assertRaises(NotImplementedError):
self.api.put(obj, {"folder": update_test_folder_name})
else:
if isinstance(obj, Synchronizable):
# Currently external user can't modify folder field
# because of WithProtectedAttributes mixin
return
self.api.put(obj, {"folder": update_test_folder_name})
self.assertEqual(
update_test_folder_name,
obj.__class__.query.get(obj_id).folder
)
@ddt.data(*FOLDERABLE_FACTORIES)
def test_post_object(self, factory):
"""Test post folder field for {0._meta.model.__name__}."""
test_folder_name = "tmp_folder_put_name"
obj = factory(folder=test_folder_name)
obj_id = obj.id
key = obj._inflector.table_singular.lower()
post_data = self.api.get(obj, obj.id).json
model = obj.__class__
db.session.delete(obj)
db.session.commit()
del post_data[key]["id"]
if factory in self.NOT_POSTABLE_FACTORIES:
with self.assertRaises(NotImplementedError):
self.api.post(model, post_data)
else:
if isinstance(obj, Synchronizable):
self.api.login_as_external()
resp = self.api.post(model, post_data)
new_obj_id = resp.json[key]["id"]
self.assertNotEqual(obj_id, new_obj_id)
self.assertEqual(
test_folder_name,
model.query.get(new_obj_id).folder
)
class TestAccessControlListValidation(TestCase):
"""Test AccessControlList validation."""
def setUp(self):
super(TestAccessControlListValidation, self).setUp()
self.api = Api()
self.api.login_as_external()
role_ids = db.session.query(all_models.AccessControlRole.id).filter(
all_models.AccessControlRole.object_type.in_(
("Control", "Objective")),
all_models.AccessControlRole.name == "Admin").order_by(
all_models.AccessControlRole.object_type)
role_ids = [id_[0] for id_ in role_ids]
self.control_admin_acr_id, self.objective_admin_acr_id = role_ids
@mock.patch("ggrc.settings.INTEGRATION_SERVICE_URL", "mock")
def test_create_with_wrong_acl(self):
"""Test creation of object with wrong ACR in ACL."""
response = self.api.post(
all_models.Control, {
"control": {
"title":
"Control title",
"context":
None,
"access_control_list": [{
"ac_role_id": self.objective_admin_acr_id,
"person": {
"type": "Person",
"id": factories.PersonFactory().id,
}
}],
},
})
self.assert400(response)
self.assertEqual(all_models.Control.query.count(), 0)
def test_update_with_wrong_acl(self):
"""Test update of object with wrong ACR in ACL."""
with factories.single_commit():
control = factories.ControlFactory()
control_id = control.id
person = factories.PersonFactory()
person_id = person.id
factories.AccessControlPersonFactory(
ac_list=control.acr_name_acl_map["Admin"],
person=person,
)
response = self.api.put(
control, {
"access_control_list": [{
"ac_role_id": self.objective_admin_acr_id,
"person": {
"type": "Person",
"id": person_id,
}
}]
})
self.assert400(response)
acls = all_models.AccessControlList.query.filter_by(
object_type="Control", object_id=control_id)
for acl in acls:
acl_obj_type = acl.object_type
acr_obj_type = acl.ac_role.object_type
self.assertEqual(acl_obj_type, acr_obj_type)
class TestFolderField(TestCase):
"""Test class about all folder field activities."""
FOLDERABLE_FACTORIES = [
factories.AccessGroupFactory,
factories.AccountBalanceFactory,
factories.ContractFactory,
factories.ControlFactory,
factories.DataAssetFactory,
factories.DirectiveFactory,
factories.FacilityFactory,
factories.IssueFactory,
factories.KeyReportFactory,
factories.MarketFactory,
factories.MetricFactory,
factories.ObjectiveFactory,
factories.OrgGroupFactory,
factories.PolicyFactory,
factories.ProcessFactory,
factories.ProductFactory,
factories.ProductGroupFactory,
factories.ProgramFactory,
factories.ProjectFactory,
factories.RegulationFactory,
factories.RequirementFactory,
factories.RiskFactory,
factories.StandardFactory,
factories.SystemFactory,
factories.TechnologyEnvironmentFactory,
factories.ThreatFactory,
factories.VendorFactory,
]
def setUp(self):
super(TestFolderField, self).setUp()
self.api = Api()
self.api.login_as_normal()
@ddt.data(*FOLDERABLE_FACTORIES)
def test_create_object(self, factory):
"""Test create folder field for {0._meta.model.__name__}."""
test_folder_name = "tmp_folder_create_name"
self.assertEqual(test_folder_name,
factory(folder=test_folder_name).folder)
@ddt.data(*FOLDERABLE_FACTORIES)
def test_get_object(self, factory):
"""Test get folder field for {0._meta.model.__name__}."""
test_folder_name = "tmp_folder_get_name"
obj = factory(folder=test_folder_name)
data = self.api.get(obj, obj.id).json
self.assertEqual(test_folder_name,
data[obj._inflector.table_singular.lower()]["folder"])
NOT_PUTABLE_FACTORIES = NOT_POSTABLE_FACTORIES = [
factories.DirectiveFactory,
]
@ddt.data(*FOLDERABLE_FACTORIES)
def test_put_object(self, factory):
"""Test put folder field for {0._meta.model.__name__}."""
test_folder_name = "tmp_folder_put_name"
obj = factory(folder=test_folder_name)
update_test_folder_name = "upd_tmp_folder_put_name"
obj_id = obj.id
if factory in self.NOT_PUTABLE_FACTORIES:
with self.assertRaises(NotImplementedError):
self.api.put(obj, {"folder": update_test_folder_name})
else:
if isinstance(obj, Synchronizable):
# Currently external user can't modify folder field
# because of WithProtectedAttributes mixin
return
self.api.put(obj, {"folder": update_test_folder_name})
self.assertEqual(update_test_folder_name,
obj.__class__.query.get(obj_id).folder)
@ddt.data(*FOLDERABLE_FACTORIES)
def test_post_object(self, factory):
"""Test post folder field for {0._meta.model.__name__}."""
test_folder_name = "tmp_folder_put_name"
obj = factory(folder=test_folder_name)
obj_id = obj.id
key = obj._inflector.table_singular.lower()
post_data = self.api.get(obj, obj.id).json
model = obj.__class__
db.session.delete(obj)
db.session.commit()
del post_data[key]["id"]
if factory in self.NOT_POSTABLE_FACTORIES:
with self.assertRaises(NotImplementedError):
self.api.post(model, post_data)
else:
if isinstance(obj, Synchronizable):
self.api.login_as_external()
resp = self.api.post(model, post_data)
new_obj_id = resp.json[key]["id"]
self.assertNotEqual(obj_id, new_obj_id)
self.assertEqual(test_folder_name,
model.query.get(new_obj_id).folder)
