def setup_class(self):
model.Session.remove()
model.repo.init_db()
CreateTestData.create()
model.repo.new_revision()
treasury = model.AuthorizationGroup(name=u'treasury')
health = model.AuthorizationGroup(name=u'health')
model.Session.add(treasury)
model.Session.add(health)
model.add_user_to_authorization_group(
model.User.by_name(u"russianfan"), treasury, model.Role.ADMIN)
model.repo.commit_and_remove()
def setup_class(self):
# for the authorization editing tests we set up test data so:
# three users, madeup-sysadmin , madeup-administrator, and madeup-another
# one authzgroup
# two packages test6 and test6a, m-a is admin on both
model.repo.init_db()
model.repo.new_revision()
self.sysadmin = 'madeup-sysadmin'
sysadmin_user = model.User(name=unicode(self.sysadmin))
self.admin = 'madeup-administrator'
admin_user = model.User(name=unicode(self.admin))
self.another = u'madeup-another'
another_user = model.User(name=unicode(self.another))
self.authzgroup = u'madeup-authzgroup'
authzgroup = model.AuthorizationGroup(name=unicode(self.authzgroup))
for obj in sysadmin_user, admin_user, another_user, authzgroup:
model.Session.add(obj)
model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System())
model.repo.new_revision()
self.pkgname = u'test6'
self.pkgname2 = u'test6a'
pkg = model.Package(name=self.pkgname)
pkg2 = model.Package(name=self.pkgname2)
model.Session.add(pkg)
model.Session.add(pkg2)
admin_user = model.User.by_name(unicode(self.admin))
assert admin_user
model.setup_default_user_roles(pkg, admins=[admin_user])
model.setup_default_user_roles(pkg2, admins=[admin_user])
model.repo.commit_and_remove()
def setup_class(self):
CreateTestData.create()
model.repo.new_revision()
model.Session.add(model.Package(name=u'testpkgag'))
model.Session.add(model.Group(name=u'testgroupag'))
model.Session.add(model.User(name=u'ag_member'))
model.Session.add(model.User(name=u'ag_admin'))
model.Session.add(model.User(name=u'ag_notmember'))
model.Session.add(model.AuthorizationGroup(name=u'authz_group'))
model.repo.commit_and_remove()
pkg = model.Package.by_name(u'testpkgag')
grp = model.Group.by_name(u'testgroupag')
authzgrp = model.AuthorizationGroup.by_name(u'authz_group')
member = model.User.by_name(u'ag_member')
admin = model.User.by_name(u'ag_admin')
model.setup_default_user_roles(authzgrp, [admin])
model.add_authorization_group_to_role(authzgrp, model.Role.ADMIN, pkg)
model.add_authorization_group_to_role(authzgrp, model.Role.ADMIN, grp)
model.add_user_to_authorization_group(member, authzgrp, model.Role.EDITOR)
model.repo.commit_and_remove()
self.authorizer = ckan.authz.Authorizer()
self.pkg = model.Package.by_name(u'testpkgag')
self.grp = model.Group.by_name(u'testgroupag')
self.member = model.User.by_name(u'ag_member')
self.admin = model.User.by_name(u'ag_admin')
self.notmember = model.User.by_name(u'ag_notmember')
self.authzgrp = model.AuthorizationGroup.by_name(u'authz_group')
def setup_class(self):
model.repo.init_db()
self.authorizer = authz.Authorizer()
self.admin_role = model.Role.ADMIN
self.editor_role = model.Role.EDITOR
self.reader_role = model.Role.READER
model.repo.new_revision()
anna = model.Package(name=u'annakarenina')
war = model.Package(name=u'warandpeace')
mradmin = model.User(name=u'mradmin')
mreditor = model.User(name=u'mreditor')
mrreader = model.User(name=u'mrreader')
tester = model.User(name=u'tester')
anauthzgroup = model.AuthorizationGroup(name=u'anauthzgroup')
for obj in [
anna, war, mradmin, mreditor, mrreader, tester, anauthzgroup
]:
model.Session.add(obj)
model.repo.commit_and_remove()
anna = model.Package.by_name(u'annakarenina')
tester = model.User.by_name(u'tester')
model.add_user_to_role(tester, self.admin_role, anna)
self.context = unicode(model.Package.__name__)
ra1 = model.RoleAction(
role=self.admin_role,
context=self.context,
action=model.Action.EDIT,
)
ra2 = model.RoleAction(
role=self.editor_role,
context=self.context,
action=model.Action.EDIT,
)
ra3 = model.RoleAction(
role=self.reader_role,
context=self.context,
action=model.Action.READ,
)
for obj in [ra1, ra2, ra3]:
model.Session.add(obj)
model.repo.commit_and_remove()
mradmin = model.User.by_name(u'mradmin')
mreditor = model.User.by_name(u'mreditor')
mrreader = model.User.by_name(u'mrreader')
model.add_user_to_role(mradmin, self.admin_role, anna)
model.add_user_to_role(mreditor, self.editor_role, anna)
model.add_user_to_role(mrreader, self.reader_role, anna)
model.repo.commit_and_remove()
self.mradmin = model.User.by_name(u'mradmin')
self.mreditor = model.User.by_name(u'mreditor')
self.mrreader = model.User.by_name(u'mrreader')
self.war = model.Package.by_name(u'warandpeace')
self.anna = model.Package.by_name(u'annakarenina')
def setup(cls):
CreateTestData.create()
for ag_name in [u'anauthzgroup', u'anotherauthzgroup']:
ag = model.AuthorizationGroup.by_name(ag_name)
if not ag: #may already exist, if not create
ag = model.AuthorizationGroup(name=ag_name)
model.Session.add(ag)
model.Session.commit()
def setup_class(self):
# for the authorization editing tests we set up test data so:
# three users, sysadmin , administrator, and another
# one authzgroup, one group, one package
# and administrator is admin on all three
# one extra authzgroup, authzgroup2, with no permissions to start with
model.repo.init_db()
model.repo.new_revision()
self.sysadmin = 'sysadmin'
sysadmin_user = model.User(name=unicode(self.sysadmin))
self.admin = 'administrator'
admin_user = model.User(name=unicode(self.admin))
self.another = 'another'
another_user = model.User(name=unicode(self.another))
self.authzgroup = 'authzgroup'
authzgroup = model.AuthorizationGroup(name=unicode(self.authzgroup))
self.group = 'group'
group = model.Group(name=unicode(self.group))
self.authzgroup2 = 'authzgroup2'
authzgroup2 = model.AuthorizationGroup(name=unicode(self.authzgroup2))
for obj in sysadmin_user, admin_user, another_user, authzgroup, group, authzgroup2:
model.Session.add(obj)
model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
model.repo.new_revision()
self.pkg = u'dataset'
pkg = model.Package(name=self.pkg)
model.Session.add(pkg)
admin_user = model.User.by_name(unicode(self.admin))
assert admin_user
# setup all three authorization objects to have logged in and visitor as editors, and the admin as admin
model.setup_user_roles(pkg, ['editor'], ['editor'], [admin_user])
model.setup_user_roles(authzgroup, ['editor'], ['editor'],
[admin_user])
model.setup_user_roles(group, ['editor'], ['editor'], [admin_user])
model.repo.commit_and_remove()
def setup_class(cls):
# setup test data including testsysadmin user
CreateTestData.create()
# Creating a couple of authorization groups, which are enough to break
# some things just by their existence
for ag_name in [u'anauthzgroup', u'anotherauthzgroup']:
ag=model.AuthorizationGroup.by_name(ag_name)
if not ag: #may already exist, if not create
ag=model.AuthorizationGroup(name=ag_name)
model.Session.add(ag)
model.Session.commit()
#they are especially dangerous if they have a role on the System
ag = model.AuthorizationGroup.by_name(u'anauthzgroup')
model.add_authorization_group_to_role(ag, u'editor', model.System())
model.Session.commit()
def create(cls, auth_profile="", package_type=None):
import ckan.model as model
model.Session.remove()
rev = model.repo.new_revision()
# same name as user we create below
rev.author = cls.author
rev.message = u'''Creating test data.
* Package: annakarenina
* Package: warandpeace
* Associated tags, etc etc
'''
if auth_profile == "publisher":
publisher_group = model.Group(name=u"publisher_group", type="publisher")
cls.pkg_names = [u'annakarenina', u'warandpeace']
pkg1 = model.Package(name=cls.pkg_names[0], type=package_type)
if auth_profile == "publisher":
pkg1.group = publisher_group
model.Session.add(pkg1)
pkg1.title = u'A Novel By Tolstoy'
pkg1.version = u'0.7a'
pkg1.url = u'http://www.annakarenina.com'
# put an & in the url string to test escaping
if 'alt_url' in model.Resource.get_extra_columns():
configured_extras = ({'alt_url': u'alt123'},
{'alt_url': u'alt345'})
else:
configured_extras = ({}, {})
pr1 = model.Resource(
url=u'http://www.annakarenina.com/download/x=1&y=2',
format=u'plain text',
description=u'Full text. Needs escaping: " Umlaut: \xfc',
hash=u'abc123',
extras={'size_extra': u'123'},
**configured_extras[0]
)
pr2 = model.Resource(
url=u'http://www.annakarenina.com/index.json',
format=u'json',
description=u'Index of the novel',
hash=u'def456',
extras={'size_extra': u'345'},
**configured_extras[1]
)
model.Session.add(pr1)
model.Session.add(pr2)
pkg1.resources.append(pr1)
pkg1.resources.append(pr2)
pkg1.notes = u'''Some test notes
### A 3rd level heading
**Some bolded text.**
*Some italicized text.*
Foreign characters:
u with umlaut \xfc
66-style quote \u201c
foreign word: th\xfcmb
Needs escaping:
left arrow <
<http://ckan.net/>
'''
pkg2 = model.Package(name=cls.pkg_names[1], type=package_type)
tag1 = model.Tag(name=u'russian')
tag2 = model.Tag(name=u'tolstoy')
if auth_profile == "publisher":
pkg2.group = publisher_group
# Flexible tag, allows spaces, upper-case,
# and all punctuation except commas
tag3 = model.Tag(name=u'Flexible \u30a1')
for obj in [pkg2, tag1, tag2, tag3]:
model.Session.add(obj)
pkg1.add_tags([tag1, tag2, tag3])
pkg2.add_tags([ tag1, tag3 ])
cls.tag_names = [ t.name for t in (tag1, tag2, tag3) ]
pkg1.license_id = u'other-open'
pkg2.license_id = u'cc-nc' # closed license
pkg2.title = u'A Wonderful Story'
pkg1.extras = {u'genre':'romantic novel',
u'original media':'book'}
# group
david = model.Group(name=u'david',
title=u'Dave\'s books',
description=u'These are books that David likes.',
type=auth_profile or 'group')
roger = model.Group(name=u'roger',
title=u'Roger\'s books',
description=u'Roger likes these books.',
type=auth_profile or 'group')
for obj in [david, roger]:
model.Session.add(obj)
cls.group_names.add(u'david')
cls.group_names.add(u'roger')
model.Session.flush()
model.Session.add(model.Member(table_id=pkg1.id, table_name='package', group=david))
model.Session.add(model.Member(table_id=pkg2.id, table_name='package', group=david))
model.Session.add(model.Member(table_id=pkg1.id, table_name='package', group=roger))
# authz
model.Session.add_all([
model.User(name=u'tester', apikey=u'tester', password=u'tester'),
model.User(name=u'joeadmin', password=u'joeadmin'),
model.User(name=u'annafan', about=u'I love reading Annakarenina. My site: <a href="http://anna.com">anna.com</a>', password=u'annafan'),
model.User(name=u'russianfan', password=u'russianfan'),
model.User(name=u'testsysadmin', password=u'testsysadmin'),
])
cls.user_refs.extend([u'tester', u'joeadmin', u'annafan', u'russianfan', u'testsysadmin'])
model.repo.commit_and_remove()
visitor = model.User.by_name(model.PSEUDO_USER__VISITOR)
anna = model.Package.by_name(u'annakarenina')
war = model.Package.by_name(u'warandpeace')
annafan = model.User.by_name(u'annafan')
russianfan = model.User.by_name(u'russianfan')
model.setup_default_user_roles(anna, [annafan])
model.setup_default_user_roles(war, [russianfan])
model.add_user_to_role(visitor, model.Role.ADMIN, war)
david = model.Group.by_name(u'david')
roger = model.Group.by_name(u'roger')
model.setup_default_user_roles(david, [russianfan])
model.setup_default_user_roles(roger, [russianfan])
model.add_user_to_role(visitor, model.Role.ADMIN, roger)
testsysadmin = model.User.by_name(u'testsysadmin')
model.add_user_to_role(testsysadmin, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
# Create a couple of authorization groups
for ag_name in [u'anauthzgroup', u'anotherauthzgroup']:
ag=model.AuthorizationGroup.by_name(ag_name)
if not ag: #may already exist, if not create
ag=model.AuthorizationGroup(name=ag_name)
model.Session.add(ag)
model.repo.commit_and_remove()
# and give them a range of roles on various things
ag = model.AuthorizationGroup.by_name(u'anauthzgroup')
aag = model.AuthorizationGroup.by_name(u'anotherauthzgroup')
pkg = model.Package.by_name(u'warandpeace')
g = model.Group.by_name('david')
model.add_authorization_group_to_role(ag, u'editor', model.System())
model.add_authorization_group_to_role(ag, u'reader', pkg)
model.add_authorization_group_to_role(ag, u'admin', aag)
model.add_authorization_group_to_role(aag, u'editor', ag)
model.add_authorization_group_to_role(ag, u'editor', g)
model.repo.commit_and_remove()
def get_authorization_groups(self, username):
return [model.AuthorizationGroup(name=u'authz_plugin_group')]
