def load_ba_fixtures(config): # This is messy. Would be cool to do it more cleanly, but how? if not len(BA_FIXTURES['entities']): with open(os.path.join(FIXTURES, 'ba.mapping.yaml'), 'rb') as fh: mapping = yaml.load(fh) mapper = Mapper(mapping, config.resolver, scope=config.base_uri) with open(os.path.join(FIXTURES, 'ba.csv'), 'rb') as csvfh: reader = unicodecsv.DictReader(csvfh) for row in reader: _, data = mapper.apply(row) BA_FIXTURES['entities'].append(data) source = Source.ensure({ 'slug': BA_SOURCE, 'title': 'BiH Parliament', 'url': 'http://foo.ba/' }) permission = Permission() permission.role_id = Role.SYSTEM_USER permission.read = True permission.write = False permission.resource_id = source.id permission.resource_type = Permission.SOURCE session.add(permission) session.commit() for entity in BA_FIXTURES['entities']: config.entities.save(entity['$schema'], entity, source_id=source.id) get_loom_indexer().index(source=BA_SOURCE)
def callback(): next_url = url_for('base.index') resp = oauth_provider.authorized_response() if resp is None or isinstance(resp, OAuthException): # FIXME: notify the user, somehow. return redirect(next_url) session['oauth'] = resp Role.create_defaults() session['roles'] = [Role.SYSTEM_GUEST, Role.SYSTEM_USER] if 'googleapis.com' in oauth_provider.base_url: me = oauth_provider.get('userinfo') user_id = 'google:%s' % me.data.get('id') role = Role.load_or_create(user_id, Role.USER, me.data.get('name'), email=me.data.get('email')) elif 'occrp.org' in oauth_provider.base_url or \ 'investigativedashboard.org' in oauth_provider.base_url: me = oauth_provider.get('api/2/accounts/profile/') user_id = 'idashboard:user:%s' % me.data.get('id') role = Role.load_or_create(user_id, Role.USER, me.data.get('display_name'), email=me.data.get('email'), is_admin=me.data.get('is_admin')) for group in me.data.get('groups', []): group_id = 'idashboard:%s' % group.get('id') Role.load_or_create(group_id, Role.GROUP, group.get('name')) session['roles'].append(group_id) else: raise RuntimeError("Unknown OAuth URL: %r" % oauth_provider.base_url) session['roles'].append(user_id) session['user'] = role.id session['is_admin'] = role.is_admin db_session.commit() return redirect(next_url)
def create_or_update(collection=None, source=None): if collection is not None: authz.require(authz.collection(authz.WRITE, collection)) if source is not None: authz.require(authz.source(authz.WRITE, source)) resource_type = Permission.COLLECTION if collection else Permission.SOURCE resource_id = collection or source data = request_data() validate(data, permissions_schema) # check that the role exists. rq = session.query(Role).filter(Role.id == data['role']) if rq.first() is None: raise BadRequest() q = session.query(Permission) q = q.filter(Permission.role_id == data['role']) q = q.filter(Permission.resource_type == resource_type) q = q.filter(Permission.resource_id == resource_id) permission = q.first() if permission is None: permission = Permission() permission.role_id = data['role'] permission.resource_type = resource_type permission.resource_id = resource_id permission.read = data['read'] permission.write = data['write'] session.add(permission) session.commit() return jsonify({ 'status': 'ok', 'updated': permission })
def setUp(self): super(EntitiesApiTestCase, self).setUp() self.coll = Collection() self.coll.title = "Test Collection" session.add(self.coll) session.flush() permission = Permission() permission.role_id = Role.SYSTEM_USER permission.read = True permission.write = True permission.resource_id = self.coll.id permission.resource_type = Permission.COLLECTION session.add(permission) self.schema_uri = 'https://schema.occrp.org/generic/organization.json#' self.entity = {'id': 'foo', 'name': 'Foobar'} self.config.entities.save(self.schema_uri, self.entity, collection_id=self.coll.id) cs = CollectionSubject(self.coll, self.entity['id']) session.add(cs) entity = {'id': 'test', 'name': 'Testing'} self.config.entities.save(self.schema_uri, entity, collection_id=self.coll.id) cs = CollectionSubject(self.coll, entity['id']) session.add(cs) session.commit()
def collection_add_entity(collection, subject): q = session.query(CollectionSubject).filter_by(subject=subject) q = q.filter_by(collection_id=collection.id) cs = q.first() if cs is None: cs = CollectionSubject(collection, subject) session.add(cs) session.commit()
def test_roles(self): res = self.client.get('/api/roles') assert res.json['total'] == 3, res.json assert len(res.json['results']) == 3, res.json res = Role.load_or_create('foo', Role.USER, 'Foo User') session.commit() res = self.client.get('/api/roles') assert res.json['total'] == 4, res.json
def collection_remove_entity(collection, subject): q = session.query(CollectionSubject).filter_by(subject=subject) q = q.filter_by(collection_id=collection.id) q.delete() session.commit() entities = get_loom_config().entities entities.remove(subject, collection_id=collection.id)
def update(id): collection = get_collection(id, authz.WRITE) data = request_data() validate(data, collections_schema) collection.title = data.get('title') session.add(collection) update_subjects(collection, data) session.commit() return jsonify({'status': 'ok', 'data': collection})
def test_create_source(self): source = {'slug': 'foo', 'title': 'Foo source', 'url': 'http://foo'} Source.ensure(source) session.commit() cnt = session.query(Source).count() assert cnt == 1, cnt Source.ensure(source) session.commit() cnt = session.query(Source).count() assert cnt == 1, cnt
def update(id): source = session.query(Source).filter(Source.id == id).first() source = obj_or_404(source) authz.require(authz.source(authz.WRITE, source.id)) data = request_data() validate(data, sources_schema) source.title = data.get('title') source.url = data.get('url') session.add(source) session.commit() return jsonify({'status': 'ok', 'data': source})
def test_admin_all_access(self): self.setUpFixtures() self.coll = Collection() self.coll.title = "Test Collection" session.add(self.coll) session.commit() res = self.client.get('/api/session') assert not len(res.json['sources']['write']), res.json assert not len(res.json['collections']['write']), res.json self.login(id='admin', is_admin=True) res = self.client.get('/api/session') assert len(res.json['sources']['write']), res.json assert len(res.json['collections']['write']), res.json
def setUp(self): super(PermissionsApiTestCase, self).setUp() self.coll = Collection() self.coll.title = "Test Collection" session.add(self.coll) session.flush() permission = Permission() permission.role_id = Role.SYSTEM_USER permission.read = True permission.write = True permission.resource_id = self.coll.id permission.resource_type = Permission.COLLECTION session.add(permission) session.flush() session.commit()
def setUp(self): super(SourcesApiTestCase, self).setUp() self.source = Source() self.source.slug = "test" self.source.title = "Test Collection" self.source.url = "http://test.com/" session.add(self.source) session.flush() permission = Permission() permission.role_id = Role.SYSTEM_USER permission.read = True permission.write = True permission.resource_id = self.source.id permission.resource_type = Permission.SOURCE session.add(permission) session.commit()
def create(): authz.require(authz.logged_in()) data = request_data() validate(data, collections_schema) collection = Collection() collection.title = data.get('title') session.add(collection) update_subjects(collection, data) session.flush() permission = Permission() permission.resource_id = collection.id permission.resource_type = Permission.COLLECTION permission.read = True permission.write = True permission.role_id = request.auth_user session.add(permission) session.commit() return jsonify({'status': 'ok', 'data': collection}, status=201)
def setUp(self): super(CollectionsApiTestCase, self).setUp() self.coll = Collection() self.coll.title = "Test Collection" session.add(self.coll) session.flush() permission = Permission() permission.role_id = Role.SYSTEM_USER permission.read = True permission.write = True permission.resource_id = self.coll.id permission.resource_type = Permission.COLLECTION session.add(permission) session.commit() self.schema_uri = 'https://schema.occrp.org/generic/organization.json#' self.entity = {'id': 'foo', 'name': 'Foobar'} self.config.entities.save(self.schema_uri, self.entity, collection_id=self.coll.id)
def init(): "Initialize all parts of the system" indexer = get_loom_indexer() indexer.configure() Role.create_defaults() session.commit()
def create_user(self, id='tester', name=None, email=None, is_admin=False): role = Role.load_or_create(id, Role.USER, name or id, email=email, is_admin=is_admin) session.commit() return role