def test_define_invalid_action_list(self): result, _ = self.test_action('permission_define', should_error=True, actions=[ 1, ]) assert_error(result, 'actions', 'Not a string')
def test_user_role_assign_invalid_already_assigned(self): user_role = ckanext_factories.UserRole() result, _ = self.test_action('user_role_assign', should_error=True, user_id=user_role['user_id'], role_id=user_role['role_id'], organization_id=user_role['organization_id']) assert_error(result, 'message', 'The role has already been assigned to the user')
def test_sysadmin_user(self): user = ckan_factories.Sysadmin() result, _ = self.test_action('user_privilege_check', action='package_create', user_id=user['id']) assert result['success'] is True assert_error(result, 'msg', 'User is a sysadmin')
def test_valid(self): self._prepare_user_privilege() result, _ = self.test_action('user_privilege_check', action=self.permission['actions'][0], user_id=self.user['name']) assert result['success'] is True assert_error(result, 'msg', 'User is permitted to perform the action')
def test_permission_grant_invalid_already_granted(self): role_permission = ckanext_factories.RolePermission() result, _ = self.test_action('role_permission_grant', should_error=True, role_id=role_permission['role_id'], content_type=role_permission['content_type'], operation=role_permission['operation']) assert_error(result, 'message', 'The specified permission has already been granted to the role')
def test_automatic_privilege(self): for action in _default_allow_actions: result, _ = self.test_action('user_privilege_check', action=action, user_id='') assert result['success'] is True assert_error(result, 'msg', 'The action %s is allowed by default' % action)
def test_deleted_user(self): user = ckan_factories.User() call_action('user_delete', id=user['id']) result, _ = self.test_action('user_privilege_check', action='package_create', user_id=user['id']) assert result['success'] is False assert_error(result, 'msg', 'Unknown user')
def test_user_role_unassign_invalid_not_assigned(self): role = ckanext_factories.Role() org = ckan_factories.Organization() result, _ = self.test_action('user_role_unassign', should_error=True, user_id=self.normal_user['id'], role_id=role['id'], organization_id=org['id']) assert_error(result, 'message', 'The user does not have the specified role')
def test_permission_revoke_invalid_not_granted(self): role = ckanext_factories.Role() permission = ckanext_factories.Permission() result, _ = self.test_action('role_permission_revoke', should_error=True, role_id=role['name'], content_type=permission['content_type'], operation=permission['operation']) assert_error(result, 'message', 'The role does not have the specified permission')
def test_user_role_assign_invalid_deleted_role(self): role = ckanext_factories.Role() org = ckan_factories.Organization() call_action('role_delete', id=role['id']) result, _ = self.test_action('user_role_assign', should_error=True, exception_class=tk.ObjectNotFound, user_id=self.normal_user['name'], role_id=role['name'], organization_id=org['name']) assert_error(result, '', 'Not found: Role')
def test_update_invalid_duplicate_name(self): role1 = ckanext_factories.Role() role2 = ckanext_factories.Role() input_dict = { 'id': role1['id'], 'name': role2['name'], } result, obj = self.test_action('role_update', should_error=True, **input_dict) assert_error(result, 'name', 'Duplicate name')
def test_deleted_role(self): self._prepare_user_privilege() call_action('role_delete', id=self.role['id']) result, _ = self.test_action('user_privilege_check', action=self.permission['actions'][0], user_id=self.user['name']) assert result['success'] is False assert_error(result, 'msg', 'User is not permitted to perform the action')
def test_undefined_permission(self): self._prepare_user_privilege() call_action('permission_undefine', content_type=self.permission['content_type'], operation=self.permission['operation'], actions=self.permission['actions'][0:1]) result, _ = self.test_action('user_privilege_check', action=self.permission['actions'][0], user_id=self.user['name']) assert result['success'] is False assert_error(result, 'msg', 'User is not permitted to perform the action')
def test_deleted_permissions(self): self._prepare_user_privilege() call_action('permission_delete_all') result, _ = self.test_action('user_privilege_check', action=self.permission['actions'][0], user_id=self.user['name']) assert result['success'] is False assert_error(result, 'msg', 'User is not permitted to perform the action') # restore the permissions - since the role_permissions still exist, # the user should again be privileged to perform the action call_action('permission_define', content_type=self.permission['content_type'], operation=self.permission['operation'], actions=self.permission['actions']) result, _ = self.test_action('user_privilege_check', action=self.permission['actions'][0], user_id=self.user['name']) assert result['success'] is True assert_error(result, 'msg', 'User is permitted to perform the action') result, _ = self.test_action('user_privilege_check', action=self.permission['actions'][1], user_id=self.user['name']) assert result['success'] is True assert_error(result, 'msg', 'User is permitted to perform the action')
def test_define_invalid_missing_values(self): result, _ = self.test_action('permission_define', should_error=True, content_type='', operation='', actions=[]) assert_error(result, 'content_type', 'Missing value') assert_error(result, 'operation', 'Missing value') assert_error(result, 'actions', 'Missing value')
def test_invalid_user(self): result, _ = self.test_action('user_privilege_check', action='package_create', user_id='foo') assert result['success'] is False assert_error(result, 'msg', 'Unknown user')
def test_create_invalid_missing_name(self): result, obj = self.test_action('role_create', should_error=True, name='') assert_error(result, 'name', 'Missing value')
def test_invalid_action(self): result, _ = self.test_action('user_privilege_check', should_error=True, action='foo', user_id='') assert_error(result, 'action', 'The action foo does not exist')
def test_create_invalid_duplicate_name(self): role = ckanext_factories.Role() result, obj = self.test_action('role_create', should_error=True, name=role['name']) assert_error(result, 'name', 'Duplicate name')
def test_define_invalid_action_not_exist(self): result, _ = self.test_action('permission_define', should_error=True, actions=['foo', 'package_create', 'bar']) assert_error(result, 'actions', 'The action foo does not exist') assert_error(result, 'actions', 'The action bar does not exist')
def test_missing_values(self): result, _ = self.test_action('user_privilege_check', should_error=True) assert_error(result, 'user_id', 'Missing value') assert_error(result, 'action', 'Missing value')