def test_new_wrong_user(self): # First we add a Dataset with user 'test_new' user = Account.by_name('test_new') assert user.api_key == 'd0610659-627b-4403-8b7f-6e2820ebc95d' u = url(controller='api/version2', action='create') params = { 'metadata': 'https://dl.dropbox.com/u/3250791/sample-openspending-model.json', 'csv_file': 'http://mk.ucant.org/info/data/sample-openspending-dataset.csv' } apikey_header = 'apikey {0}'.format(user.api_key) response = self.app.post(u, params, {'Authorization':apikey_header}) #Dataset.by_name('openspending-example').private = False assert "200" in response.status assert Dataset.by_name('openspending-example') # After that we try to update the Dataset with user 'test_new2' user = Account.by_name('test_new2') assert user.api_key == 'c011c340-8dad-419c-8138-1c6ded86ead5' u = url(controller='api/version2', action='create') params = { 'metadata': 'https://dl.dropbox.com/u/3250791/sample-openspending-model.json', 'csv_file': 'http://mk.ucant.org/info/data/sample-openspending-dataset.csv' } apikey_header = 'apikey {0}'.format(user.api_key) response = self.app.post(u, params, {'Authorization':apikey_header}, expect_errors=True) assert '403' in response.status
def test_new_wrong_user(self): # First we add a Dataset with user 'test_new' user = Account.by_name('test_new') assert user.api_key == 'd0610659-627b-4403-8b7f-6e2820ebc95d' u = url(controller='api/version2', action='create') params = { 'metadata': 'https://dl.dropbox.com/u/3250791/sample-openspending-model.json', 'csv_file': 'http://mk.ucant.org/info/data/sample-openspending-dataset.csv' } apikey_header = 'apikey {0}'.format(user.api_key) response = self.app.post(u, params, {'Authorization': apikey_header}) assert "200" in response.status assert Dataset.by_name('openspending-example') # After that we try to update the Dataset with user 'test_new2' user = Account.by_name('test_new2') assert user.api_key == 'c011c340-8dad-419c-8138-1c6ded86ead5' u = url(controller='api/version2', action='create') params = { 'metadata': 'https://dl.dropbox.com/u/3250791/sample-openspending-model.json', 'csv_file': 'http://mk.ucant.org/info/data/sample-openspending-dataset.csv' } apikey_header = 'apikey {0}'.format(user.api_key) response = self.app.post(u, params, {'Authorization': apikey_header}, expect_errors=True) assert '403' in response.status
def setup(self): super(TestRunController, self).setup() self.source = csvimport_fixture('import_errors') self.source.dataset.managers.append(Account.by_name('test')) self.importer = CSVImporter(self.source) self.importer.run()
def test_delete_successfully_loaded_source(self): """ Test source removal with a source that has been successfully loaded. Removing a source that has been successfully loaded should not be possible. """ # Add and import source without errors. # The source is added to a dataset called 'test-csv' (but # we'll just use source.dataset.name in case it changes) source = csvimport_fixture('successful_import') source.dataset.managers.append(Account.by_name('test')) importer = CSVImporter(source) importer.run() # Make sure the source is imported assert db.session.query(Source).filter_by(id=source.id).count() == 1, \ "Import of csv failed. Source not found" # Delete the source response = self.app.post(url(controller='source', action='delete', dataset=source.dataset.name, id=source.id), extra_environ={'REMOTE_USER': '******'}) # Check if source has been deleted assert db.session.query(Source).filter_by(id=source.id).count() == 1, \ "Deleting source succeeded. The source is gone."
def test_delete_source(self): """ Test source removal with a source that includes errors """ # Add and import source with errors (we want to remove it) # The source is added to a dataset called 'test-csv' (but # we'll just use source.dataset.name in case it changes) source = csvimport_fixture('import_errors') source.dataset.managers.append(Account.by_name('test')) importer = CSVImporter(source) importer.run() # Make sure the source is imported assert db.session.query(Source).filter_by(id=source.id).count() == 1, \ "Import of csv failed. Source not found" # Delete the source response = self.app.post(url(controller='source', action='delete', dataset=source.dataset.name, id=source.id), extra_environ={'REMOTE_USER': '******'}) # Check if source has been deleted assert db.session.query(Source).filter_by(id=source.id).count() == 0, \ "Deleting source unsuccessful. Source still exists."
def create_view(dataset, view_config): """ Create view for a provided dataset from a view provided as dict """ # Check if it exists (if not we create it) existing = View.by_name(dataset, view_config['name']) if existing is None: # Create the view view = View() # Set saved configurations view.widget = view_config['widget'] view.state = view_config['state'] view.name = view_config['name'] view.label = view_config['label'] view.description = view_config['description'] view.public = view_config['public'] # Set the dataset as the current dataset view.dataset = dataset # Try and set the account provided but if it doesn't exist # revert to shell account view.account = Account.by_name(view_config['account']) if view.account is None: view.account = shell_account() # Commit view to database db.session.add(view) db.session.commit()
def shell_account(): account = Account.by_name(SHELL_USER) if account is not None: return account account = Account() account.name = SHELL_USER db.session.add(account) return account
def authenticate(self, environ, identity): if not 'login' in identity or not 'password' in identity: return None account = Account.by_name(identity['login']) if account is None: return None if check_password_hash(account.password, identity['password']): return account.name return None
def grantadmin(username): """ Grant admin privileges to given user """ from openspending.core import db from openspending.model import Account a = Account.by_name(username) if a is None: raise CommandException("Account `%s` not found." % username) a.admin = True db.session.add(a) db.session.commit()
def test_new_dataset(self): user = Account.by_name('test_new') assert user.api_key == 'd0610659-627b-4403-8b7f-6e2820ebc95d' u = url(controller='api/version2', action='create') params = { 'metadata': 'https://dl.dropbox.com/u/3250791/sample-openspending-model.json', 'csv_file': 'http://mk.ucant.org/info/data/sample-openspending-dataset.csv' } apikey_header = 'apikey {0}'.format(user.api_key) response = self.app.post(u, params, {'Authorization': apikey_header}) assert "200" in response.status assert Dataset.by_name('openspending-example')
def team_update(self, dataset, format='html'): self._get_dataset(dataset) require.dataset.update(c.dataset) errors, accounts = {}, [] for account_name in request.params.getall('accounts'): account = Account.by_name(account_name) if account is None: errors[account_name] = _("User account cannot be found.") else: accounts.append(account) if c.account not in accounts: accounts.append(c.account) if not len(errors): c.dataset.managers = accounts c.dataset.updated_at = datetime.utcnow() db.session.commit() h.flash_success(_("The team has been updated.")) return self.team_edit(dataset, errors=errors, accounts=accounts)
def team_update(self, dataset, format='html'): self._get_dataset(dataset) require.dataset.update(c.dataset) errors, accounts = {}, [] for account_name in request.params.getall('accounts'): account = Account.by_name(account_name) if account is None: errors[account_name] = _("User account cannot be found.") else: accounts.append(account) if not c.account in accounts: accounts.append(c.account) if not len(errors): c.dataset.managers = accounts c.dataset.updated_at = datetime.utcnow() db.session.commit() h.flash_success(_("The team has been updated.")) return self.team_edit(dataset, errors=errors, accounts=accounts)
def make_account(name="test", fullname="Test User", email="*****@*****.**", twitter="testuser", admin=False): from openspending.model import Account # First see if the account already exists and if so, return it account = Account.by_name(name) if account: return account # Account didn't exist so we create it and return it account = Account() account.name = name account.fullname = fullname account.email = email account.twitter_handle = twitter account.admin = admin db.session.add(account) db.session.commit() return account
def make_account(name='test', fullname='Test User', email='*****@*****.**', twitter='testuser', admin=False): from openspending.model import Account # First see if the account already exists and if so, return it account = Account.by_name(name) if account: return account # Account didn't exist so we create it and return it account = Account() account.name = name account.fullname = fullname account.email = email account.twitter_handle = twitter account.admin = admin db.session.add(account) db.session.commit() return account
def test_account_lookup_by_name(self): res = Account.by_name('Joe Bloggs') assert res == self.acc
def test_user_scoreboard(self): """ Test if the user scoreboard works and is only accessible by administrators """ # Create dataset and users and make normal user owner of dataset admin_user = h.make_account('test_admin', admin=True) dataset = h.load_fixture('cra') normal_user = h.make_account('test_user') normal_user.datasets.append(dataset) db.session.add(normal_user) db.session.commit() # Refetch the accounts into scope after the commit admin_user = Account.by_name('test_admin') normal_user = Account.by_name('test_user') # Get the URL to user scoreboard scoreboard_url = url(controller='account', action='scoreboard') # Get the home page (could be just any page user_response = self.app.get(url(controller='home', action='index'), extra_environ={'REMOTE_USER': str(normal_user.name)}) admin_response = self.app.get(url(controller='home', action='index'), extra_environ={'REMOTE_USER': str(admin_user.name)}) # Admin user should be the only one to see a link # to the user scoreboard (not the normal user) assert scoreboard_url not in user_response.body, \ "Normal user can see scoreboard url on the home page" assert scoreboard_url in admin_response.body, \ "Admin user cannot see the scoreboard url on the home page" # Normal user should not be able to access the scoreboard url user_response = self.app.get(scoreboard_url, expect_errors=True, extra_environ={'REMOTE_USER': str(normal_user.name)}) assert '403' in user_response.status, \ "Normal user is authorized to see user scoreboard" # Administrator should see scoreboard and users should be there in # in the following order normal user - admin user (with 10 and 0 points # respectively) admin_response = self.app.get(scoreboard_url, extra_environ={'REMOTE_USER': str(admin_user.name)}) assert '200' in admin_response.status, \ "Administrator did not get a 200 status for user scoreboard" # We need to remove everything before an 'Dataset Maintainers' because # the admin user name comes first because of the navigational bar heading_index = admin_response.body.find('Dataset Maintainers') check_body = admin_response.body[heading_index:] admin_index = check_body.find(admin_user.name) user_index = check_body.find(normal_user.name) assert admin_index > user_index, \ "Admin index comes before normal user index" # Same thing as with the username we check for the scores # they are represented as <p>10</p> and <p>0</p> admin_index = check_body.find('<p>0</p>') user_index = check_body.find('<p>10</p>') assert admin_index > user_index, \ "Admin score does not come before the user score"
def test_user_scoreboard(self): """ Test if the user scoreboard works and is only accessible by administrators """ # Create dataset and users and make normal user owner of dataset admin_user = make_account('test_admin', admin=True) dataset = load_fixture('cra') normal_user = make_account('test_user') normal_user.datasets.append(dataset) db.session.add(normal_user) db.session.commit() # Refetch the accounts into scope after the commit admin_user = Account.by_name('test_admin') normal_user = Account.by_name('test_user') # Get the URL to user scoreboard scoreboard_url = url(controller='account', action='scoreboard') # Get the home page (could be just any page user_response = self.app.get(url(controller='home', action='index'), extra_environ={'REMOTE_USER': str(normal_user.name)}) admin_response = self.app.get(url(controller='home', action='index'), extra_environ={'REMOTE_USER': str(admin_user.name)}) # Admin user should be the only one to see a link # to the user scoreboard (not the normal user) assert scoreboard_url not in user_response.body, \ "Normal user can see scoreboard url on the home page" assert scoreboard_url in admin_response.body, \ "Admin user cannot see the scoreboard url on the home page" # Normal user should not be able to access the scoreboard url user_response = self.app.get(scoreboard_url, expect_errors=True, extra_environ={'REMOTE_USER': str(normal_user.name)}) assert '403' in user_response.status, \ "Normal user is authorized to see user scoreboard" # Administrator should see scoreboard and users should be there in # in the following order normal user - admin user (with 10 and 0 points # respectively) admin_response = self.app.get(scoreboard_url, extra_environ={'REMOTE_USER': str(admin_user.name)}) assert '200' in admin_response.status, \ "Administrator did not get a 200 status for user scoreboard" # We need to remove everything before an 'Dataset Maintainers' because # the admin user name comes first because of the navigational bar heading_index = admin_response.body.find('Dataset Maintainers') check_body = admin_response.body[heading_index:] admin_index = check_body.find(admin_user.name) user_index = check_body.find(normal_user.name) assert admin_index > user_index, \ "Admin index comes before normal user index" # Same thing as with the username we check for the scores # they are represented as <p>10</p> and <p>0</p> admin_index = check_body.find('<p>0</p>') user_index = check_body.find('<p>10</p>') assert admin_index > user_index, \ "Admin score does not come before the user score"