def load_ba_fixtures(config):
# This is messy. Would be cool to do it more cleanly, but how?
if not len(BA_FIXTURES['entities']):
with open(os.path.join(FIXTURES, 'ba.mapping.yaml'), 'rb') as fh:
mapping = yaml.load(fh)
mapper = Mapper(mapping, config.resolver, scope=config.base_uri)
with open(os.path.join(FIXTURES, 'ba.csv'), 'rb') as csvfh:
reader = unicodecsv.DictReader(csvfh)
for row in reader:
_, data = mapper.apply(row)
BA_FIXTURES['entities'].append(data)
source = Source.ensure({
'slug': BA_SOURCE,
'title': 'BiH Parliament',
'url': 'http://foo.ba/'
})
permission = Permission()
permission.role_id = Role.SYSTEM_USER
permission.read = True
permission.write = False
permission.resource_id = source.id
permission.resource_type = Permission.SOURCE
session.add(permission)
session.commit()
for entity in BA_FIXTURES['entities']:
config.entities.save(entity['$schema'], entity, source_id=source.id)
get_loom_indexer().index(source=BA_SOURCE)
def callback():
next_url = url_for('base.index')
resp = oauth_provider.authorized_response()
if resp is None or isinstance(resp, OAuthException):
# FIXME: notify the user, somehow.
return redirect(next_url)
session['oauth'] = resp
Role.create_defaults()
session['roles'] = [Role.SYSTEM_GUEST, Role.SYSTEM_USER]
if 'googleapis.com' in oauth_provider.base_url:
me = oauth_provider.get('userinfo')
user_id = 'google:%s' % me.data.get('id')
role = Role.load_or_create(user_id, Role.USER, me.data.get('name'),
email=me.data.get('email'))
elif 'occrp.org' in oauth_provider.base_url or \
'investigativedashboard.org' in oauth_provider.base_url:
me = oauth_provider.get('api/2/accounts/profile/')
user_id = 'idashboard:user:%s' % me.data.get('id')
role = Role.load_or_create(user_id, Role.USER,
me.data.get('display_name'),
email=me.data.get('email'),
is_admin=me.data.get('is_admin'))
for group in me.data.get('groups', []):
group_id = 'idashboard:%s' % group.get('id')
Role.load_or_create(group_id, Role.GROUP, group.get('name'))
session['roles'].append(group_id)
else:
raise RuntimeError("Unknown OAuth URL: %r" % oauth_provider.base_url)
session['roles'].append(user_id)
session['user'] = role.id
session['is_admin'] = role.is_admin
db_session.commit()
return redirect(next_url)
def create_or_update(collection=None, source=None):
if collection is not None:
authz.require(authz.collection(authz.WRITE, collection))
if source is not None:
authz.require(authz.source(authz.WRITE, source))
resource_type = Permission.COLLECTION if collection else Permission.SOURCE
resource_id = collection or source
data = request_data()
validate(data, permissions_schema)
# check that the role exists.
rq = session.query(Role).filter(Role.id == data['role'])
if rq.first() is None:
raise BadRequest()
q = session.query(Permission)
q = q.filter(Permission.role_id == data['role'])
q = q.filter(Permission.resource_type == resource_type)
q = q.filter(Permission.resource_id == resource_id)
permission = q.first()
if permission is None:
permission = Permission()
permission.role_id = data['role']
permission.resource_type = resource_type
permission.resource_id = resource_id
permission.read = data['read']
permission.write = data['write']
session.add(permission)
session.commit()
return jsonify({
'status': 'ok',
'updated': permission
})
def setUp(self):
super(EntitiesApiTestCase, self).setUp()
self.coll = Collection()
self.coll.title = "Test Collection"
session.add(self.coll)
session.flush()
permission = Permission()
permission.role_id = Role.SYSTEM_USER
permission.read = True
permission.write = True
permission.resource_id = self.coll.id
permission.resource_type = Permission.COLLECTION
session.add(permission)
self.schema_uri = 'https://schema.occrp.org/generic/organization.json#'
self.entity = {'id': 'foo', 'name': 'Foobar'}
self.config.entities.save(self.schema_uri, self.entity,
collection_id=self.coll.id)
cs = CollectionSubject(self.coll, self.entity['id'])
session.add(cs)
entity = {'id': 'test', 'name': 'Testing'}
self.config.entities.save(self.schema_uri, entity,
collection_id=self.coll.id)
cs = CollectionSubject(self.coll, entity['id'])
session.add(cs)
session.commit()
def collection_add_entity(collection, subject):
q = session.query(CollectionSubject).filter_by(subject=subject)
q = q.filter_by(collection_id=collection.id)
cs = q.first()
if cs is None:
cs = CollectionSubject(collection, subject)
session.add(cs)
session.commit()
def test_roles(self):
res = self.client.get('/api/roles')
assert res.json['total'] == 3, res.json
assert len(res.json['results']) == 3, res.json
res = Role.load_or_create('foo', Role.USER, 'Foo User')
session.commit()
res = self.client.get('/api/roles')
assert res.json['total'] == 4, res.json
def collection_remove_entity(collection, subject):
q = session.query(CollectionSubject).filter_by(subject=subject)
q = q.filter_by(collection_id=collection.id)
q.delete()
session.commit()
entities = get_loom_config().entities
entities.remove(subject, collection_id=collection.id)
def update(id):
collection = get_collection(id, authz.WRITE)
data = request_data()
validate(data, collections_schema)
collection.title = data.get('title')
session.add(collection)
update_subjects(collection, data)
session.commit()
return jsonify({'status': 'ok', 'data': collection})
def test_create_source(self):
source = {'slug': 'foo', 'title': 'Foo source', 'url': 'http://foo'}
Source.ensure(source)
session.commit()
cnt = session.query(Source).count()
assert cnt == 1, cnt
Source.ensure(source)
session.commit()
cnt = session.query(Source).count()
assert cnt == 1, cnt
def update(id):
source = session.query(Source).filter(Source.id == id).first()
source = obj_or_404(source)
authz.require(authz.source(authz.WRITE, source.id))
data = request_data()
validate(data, sources_schema)
source.title = data.get('title')
source.url = data.get('url')
session.add(source)
session.commit()
return jsonify({'status': 'ok', 'data': source})
def test_admin_all_access(self):
self.setUpFixtures()
self.coll = Collection()
self.coll.title = "Test Collection"
session.add(self.coll)
session.commit()
res = self.client.get('/api/session')
assert not len(res.json['sources']['write']), res.json
assert not len(res.json['collections']['write']), res.json
self.login(id='admin', is_admin=True)
res = self.client.get('/api/session')
assert len(res.json['sources']['write']), res.json
assert len(res.json['collections']['write']), res.json
def test_admin_all_access(self):
self.setUpFixtures()
self.coll = Collection()
self.coll.title = "Test Collection"
session.add(self.coll)
session.commit()
res = self.client.get('/api/session')
assert not len(res.json['sources']['write']), res.json
assert not len(res.json['collections']['write']), res.json
self.login(id='admin', is_admin=True)
res = self.client.get('/api/session')
assert len(res.json['sources']['write']), res.json
assert len(res.json['collections']['write']), res.json
def setUp(self):
super(PermissionsApiTestCase, self).setUp()
self.coll = Collection()
self.coll.title = "Test Collection"
session.add(self.coll)
session.flush()
permission = Permission()
permission.role_id = Role.SYSTEM_USER
permission.read = True
permission.write = True
permission.resource_id = self.coll.id
permission.resource_type = Permission.COLLECTION
session.add(permission)
session.flush()
session.commit()
def setUp(self):
super(PermissionsApiTestCase, self).setUp()
self.coll = Collection()
self.coll.title = "Test Collection"
session.add(self.coll)
session.flush()
permission = Permission()
permission.role_id = Role.SYSTEM_USER
permission.read = True
permission.write = True
permission.resource_id = self.coll.id
permission.resource_type = Permission.COLLECTION
session.add(permission)
session.flush()
session.commit()
def setUp(self):
super(SourcesApiTestCase, self).setUp()
self.source = Source()
self.source.slug = "test"
self.source.title = "Test Collection"
self.source.url = "http://test.com/"
session.add(self.source)
session.flush()
permission = Permission()
permission.role_id = Role.SYSTEM_USER
permission.read = True
permission.write = True
permission.resource_id = self.source.id
permission.resource_type = Permission.SOURCE
session.add(permission)
session.commit()
def setUp(self):
super(SourcesApiTestCase, self).setUp()
self.source = Source()
self.source.slug = "test"
self.source.title = "Test Collection"
self.source.url = "http://test.com/"
session.add(self.source)
session.flush()
permission = Permission()
permission.role_id = Role.SYSTEM_USER
permission.read = True
permission.write = True
permission.resource_id = self.source.id
permission.resource_type = Permission.SOURCE
session.add(permission)
session.commit()
def create():
authz.require(authz.logged_in())
data = request_data()
validate(data, collections_schema)
collection = Collection()
collection.title = data.get('title')
session.add(collection)
update_subjects(collection, data)
session.flush()
permission = Permission()
permission.resource_id = collection.id
permission.resource_type = Permission.COLLECTION
permission.read = True
permission.write = True
permission.role_id = request.auth_user
session.add(permission)
session.commit()
return jsonify({'status': 'ok', 'data': collection}, status=201)
def setUp(self):
super(CollectionsApiTestCase, self).setUp()
self.coll = Collection()
self.coll.title = "Test Collection"
session.add(self.coll)
session.flush()
permission = Permission()
permission.role_id = Role.SYSTEM_USER
permission.read = True
permission.write = True
permission.resource_id = self.coll.id
permission.resource_type = Permission.COLLECTION
session.add(permission)
session.commit()
self.schema_uri = 'https://schema.occrp.org/generic/organization.json#'
self.entity = {'id': 'foo', 'name': 'Foobar'}
self.config.entities.save(self.schema_uri,
self.entity,
collection_id=self.coll.id)
def init():
"Initialize all parts of the system"
indexer = get_loom_indexer()
indexer.configure()
Role.create_defaults()
session.commit()
def create_user(self, id='tester', name=None, email=None, is_admin=False):
role = Role.load_or_create(id, Role.USER, name or id, email=email,
is_admin=is_admin)
session.commit()
return role
def init():
"Initialize all parts of the system"
indexer = get_loom_indexer()
indexer.configure()
Role.create_defaults()
session.commit()
