def test_can_access_his_profile(app):
flask.g.user = Employee(id=1, first_name="Alice", last_name="Cooper",
username="******", phone_number="1",
birth_date=datetime.utcnow(),
pin_code=9999,
account_status="on",
user_status="on",
registration_date=datetime.utcnow(),
email="*****@*****.**", password="******")
assert has_privilege(method=Method.READ, resource="employee", employee_id=1)
def test_can_access_location_tables(app, db_session):
"""User with Location Admin role can access the tables
from a Location owned by the company they work at"""
company = Company(id=1, name="Foo Inc.", code="code1", address="addr")
location = Location(id=1,
name="name",
code="123",
company_id=company.id,
country="US",
region="region",
city="city",
address="address",
longitude="123",
latitude="123",
type="type",
status="status")
floor = Floor(id=1, description="1st Floor", location_id=location.id)
shape = TableShape(id=1,
description="Round Table",
picture="/path/to/file.jpg")
table = Table(id=1,
name="some table",
floor_id=floor.id,
x=40,
y=50,
width=320,
height=150,
status=1,
max_capacity=12,
multiple=False,
playstation=False,
shape_id=1)
db_session.add(company)
db_session.add(location)
db_session.add(floor)
db_session.add(shape)
db_session.commit()
db_session.add(table)
user = Employee(id=1,
first_name="Alice",
last_name="Cooper",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
pin_code=3333,
account_status="on",
user_status="on",
registration_date=datetime.utcnow(),
company_id=company.id,
email="*****@*****.**",
password="******")
flask.g.user = user
db_session.add(user)
db_session.commit()
assert has_privilege(method=Method.READ, resource="tables", id=table.id)
def test_login(db_session):
employee = Employee(first_name="Alice", last_name="Cooper",
username="******", phone_number="1", account_status="A",
birth_date=datetime.utcnow(), pin_code=4567,
registration_date=datetime.utcnow(), user_status="U",
email="*****@*****.**", password=auth_hash("pass"))
db_session.add(employee)
db_session.commit()
error = login("vgv", "pass")
assert not error
assert flask.session['user_id'] == employee.id
def create_employee():
return Employee(first_name="John",
last_name="Smith",
username="******",
phone_number="123",
birth_date=datetime.utcnow(),
registration_date=datetime.utcnow(),
account_status="A",
user_status="Working",
email="*****@*****.**",
password="******",
pin_code=1234)
def test_can_access_own_employees(app):
"""
@todo #180:30min We need to clean global object after test finish
its execution to prevent collision with other tests. Probably we need
to make a pytest fixture for this.
"""
flask.g.user = Employee(id=1, first_name="Alice", last_name="Cooper",
username="******", phone_number="1",
birth_date=datetime.utcnow(),
registration_date=datetime.utcnow(),
email="*****@*****.**", password="******")
assert has_privilege(method=Method.READ, resource="employee")
def test_cant_access_other_company_employees(app, db_session):
my_company = Company(id=1, name="Foo Inc.", code="code1", address="addr")
db_session.add(my_company)
me = Employee(id=1,
first_name="Alice",
last_name="Cooper",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
pin_code=3333,
account_status="on",
user_status="on",
registration_date=datetime.utcnow(),
company_id=my_company.id,
email="*****@*****.**",
password="******")
db_session.add(me)
flask.g.user = me
other_company = Company(id=2,
name="Bar Inc.",
code="code2",
address="addr")
db_session.add(other_company)
other = Employee(id=2,
first_name="Bob",
last_name="Cooper",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
pin_code=4444,
account_status="on",
user_status="on",
registration_date=datetime.utcnow(),
company_id=other_company.id,
email="*****@*****.**",
password="******")
db_session.add(other)
db_session.commit()
assert not has_privilege(
method=Method.READ, resource="employee", employee_id=other.id)
def test_incorrect_password(db_session):
employee = Employee(first_name="Alice",
last_name="Cooper",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
registration_date=datetime.utcnow(),
email="*****@*****.**",
password="******")
db_session.add(employee)
db_session.commit()
error = login("vgv", "unknown")
assert (error == "Incorrect password.")
def test_login(db_session):
employee = Employee(first_name="Alice", last_name="Cooper",
username="******", phone_number="1", account_status="A",
birth_date=datetime.utcnow(), pin_code=4567,
registration_date=datetime.utcnow(), user_status="U",
email="*****@*****.**", password="******")
db_session.add(employee)
db_session.commit()
"""error = login("vgv", "pass")"""
error = login("unknown", "unknown");
db_session.delete(employee)
db_session.commit()
db_session.remove()
assert (error == "login.failed")
def test_insert_employee(db_session):
"""Integration test for adding and selecting Employee"""
employee = Employee(first_name="Alice",
last_name="Cooper",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
registration_date=datetime.utcnow(),
email="*****@*****.**",
password="******")
db_session.add(employee)
db_session.commit()
row = db_session.query(Employee).get(employee.id)
assert row.username == "alice"
def create_employee():
""" Create new instance of Employee to reuse it in other tests """
return Employee(first_name="John",
last_name="Smith",
username="******",
phone_number="123",
birth_date=datetime.utcnow(),
registration_date=datetime.utcnow(),
account_status="A",
user_status="Working",
email="*****@*****.**",
password="******",
pin_code=1234,
comment="No comments",
)
def test_login(db_session):
employee = Employee(first_name="Alice",
last_name="Cooper",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
registration_date=datetime.utcnow(),
email="*****@*****.**",
password="******")
db_session.add(employee)
db_session.commit()
error = login("vgv", "pass")
db_session.delete(employee)
db_session.commit()
db_session.remove()
assert (error is None)
def test_can_not_manage_locations_from_different_company(
clean_app, db_session):
my_company = Company(id=1, name="Foo Inc.", code="code1", address="addr")
db_session.add(my_company)
me = Employee(id=1,
first_name="Bob",
last_name="Cooper",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
pin_code=1111,
account_status="on",
user_status="on",
registration_date=datetime.utcnow(),
company_id=my_company.id,
email="*****@*****.**",
password="******")
db_session.add(me)
flask.g.user = me
other_company = Company(id=2,
name="Bar Inc.",
code="code2",
address="addr")
db_session.add(other_company)
location = Location(name="name",
code="123",
company_id=other_company.id,
country="US",
region="region",
city="city",
address="address",
longitude="123",
latitude="123",
type="type",
status="status")
db_session.add(location)
db_session.commit()
assert not has_privilege(
method=Method.READ, resource="location", id=location.id)
assert not has_privilege(
method=Method.CREATE, resource="location", id=location.id)
assert not has_privilege(
method=Method.UPDATE, resource="location", id=location.id)
assert not has_privilege(
method=Method.DELETE, resource="location", id=location.id)
def setup_class(cls, mocked_auth):
cls.port = free_port()
start_server(cls.port, locations=cls.locations)
cls.company = Company(
name="Any company",
code="Cpny",
employees=[
Employee(username="******",
password="******",
first_name="Richard",
last_name="Myers",
phone_number="112233",
birth_date=datetime.datetime.utcnow(),
pin_code=4567,
email="*****@*****.**")
],
locations=[
Location(id=40,
name="Tapper",
code="T",
company_id=50,
poster_id=2,
synchronized_on=datetime.datetime(1983, 5, 10)),
Location(id=150,
name="Hard Rock",
code="H",
company_id=50,
poster_id=10,
synchronized_on=datetime.datetime(1983, 5, 10))
])
access_token = Authenticated(
PosterAuthData(
application_id="test_application_id",
application_secret="test_application_secret",
redirect_uri="test_redirect_uri",
code="test_code",
))
cls.poster_sync = PosterSync
cls.poster = Poster(url="http://localhost:{port}".format(
port=cls.port))
def test_item_assign():
""" Test item assign """
company = Company(id=223,
name="Bad Company",
code="Bad Cmpny",
address="addr")
item = Item(id=1,
name="Duck Eggs",
stock_date=datetime.utcnow,
comment="Eggs from ducks",
company_id=company.id,
created_on=datetime.utcnow,
updated_on=datetime.utcnow,
company=company)
assignee = Employee(id=15,
first_name="Johnny",
last_name="Cash",
username="******",
phone_number="555-5555",
birth_date=datetime.utcnow(),
registration_date=datetime.utcnow(),
account_status="active",
user_status="active",
email="*****@*****.**",
password="******",
pin_code=55,
comment="A famous american country singer",
company_id=223)
assert not item.employee_id
item.assign(employee=assignee)
assert (item.employee_id == assignee.id, "Item assigned to wrong employee")
assert (item.item_history()[0].employee_id == assignee.id,
"ItemHistory with wrong employee")
def test_can_not_manage_employees_from_different_company(
clean_app, db_session):
boss_company = Company(name="Mothers Of Invention Inc.",
code="code1",
address="addr")
db_session.add(boss_company)
db_session.commit()
owner_role = Role(id=1,
name="owner",
works_on_shifts=False,
company_id=boss_company.id)
db_session.add(owner_role)
db_session.commit()
boss = Employee(first_name="Frank",
last_name="Zappa",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
pin_code=6547,
account_status="on",
user_status="on",
registration_date=datetime.utcnow(),
company_id=boss_company.id,
email="*****@*****.**",
password="******",
role_id=owner_role.id)
db_session.add(boss)
flask.g.user = boss
employee_company = Company(name="Damage Inc.",
code="code2",
address="addr")
db_session.add(employee_company)
db_session.commit()
employee_role = Role(id=2,
name="employee",
works_on_shifts=False,
company_id=employee_company.id)
db_session.add(employee_role)
db_session.commit()
employee = Employee(first_name="James",
last_name="Hetfield",
username="******",
phone_number="1",
birth_date=datetime.utcnow(),
pin_code=7777,
account_status="on",
user_status="on",
registration_date=datetime.utcnow(),
company_id=employee_company.id,
email="*****@*****.**",
password="******",
role_id=employee_role.id)
db_session.add(employee)
db_session.commit()
assert not has_privilege(
method=Method.READ, resource="employee", employee_id=employee.id)
assert not has_privilege(method=Method.CREATE, resource="employee")
assert not has_privilege(
method=Method.UPDATE, resource="employee", employee_id=employee.id)
assert not has_privilege(
method=Method.DELETE, resource="employee", employee_id=employee.id)
