def test_commcare_user_as_user_in_location(self): is_permitted, message = is_permitted_to_restore( self.domain, self.commcare_user, self.location_user.username, ) self.assertTrue(is_permitted) self.assertIsNone(message) is_permitted, message = is_permitted_to_restore( self.domain, self.commcare_user, self.wrong_location_user.username, ) self.assertFalse(is_permitted) self.assertRegexpMatches(message, 'not in allowed locations')
def test_web_user_as_user_permitted(self): is_permitted, message = is_permitted_to_restore( self.domain, self.web_user, self.commcare_user, ) self.assertTrue(is_permitted)
def test_web_user_as_user_in_location(self): is_permitted, message = is_permitted_to_restore( self.domain, self.web_location_user, self.location_user, ) self.assertTrue(is_permitted) self.assertIsNone(message) is_permitted, message = is_permitted_to_restore( self.domain, self.web_location_user, self.wrong_location_user, ) self.assertFalse(is_permitted) self.assertRegex(message, 'not in allowed locations')
def test_web_user_as_user_permitted(self): is_permitted, message = is_permitted_to_restore( self.domain, self.web_user, self.commcare_user.username, True, ) self.assertTrue(is_permitted)
def test_web_user_as_user_bad_username(self): is_permitted, message = is_permitted_to_restore( self.domain, self.web_user, self.commcare_user.raw_username, # Malformed, should include domain ) self.assertFalse(is_permitted) self.assertRegexpMatches(message, 'Invalid restore as user')
def test_commcare_user_permitted(self): is_permitted, message = is_permitted_to_restore( self.domain, self.commcare_user, None, ) self.assertTrue(is_permitted) self.assertIsNone(message)
def test_web_user_as_self(self): is_permitted, message = is_permitted_to_restore( self.domain, self.web_user, self.web_user, ) self.assertTrue(is_permitted) self.assertIsNone(message)
def test_web_user_as_user_bad_domain(self): is_permitted, message = is_permitted_to_restore( self.domain, self.web_user, u'{}@wrong-domain'.format(self.commcare_user.raw_username), ) self.assertFalse(is_permitted) self.assertRegexpMatches(message, 'Invalid restore as user')
def test_commcare_user_as_user_disallow_no_edit_data(self): is_permitted, message = is_permitted_to_restore( self.domain, self.no_edit_commcare_user, self.location_user, ) self.assertFalse(is_permitted) self.assertRegex(message, 'does not have permission')
def test_commcare_user_wrong_domain(self): is_permitted, message = is_permitted_to_restore( 'wrong-domain', self.commcare_user, None, ) self.assertFalse(is_permitted) self.assertRegex(message, 'was not in the domain')
def test_user_limited_login_as_permitted(self): with patch("corehq.apps.ota.utils._limit_login_as", return_value=True): is_permitted, message = is_permitted_to_restore( self.domain, self.restore_user, self.commcare_user_login_as, ) self.assertIsNone(message) self.assertTrue(is_permitted)
def test_web_user_as_other_web_user(self): is_permitted, message = is_permitted_to_restore( self.domain, self.web_user, self.web_user.username, True, ) self.assertTrue(is_permitted) self.assertIsNone(message)
def test_web_user_as_user_bad_username(self): is_permitted, message = is_permitted_to_restore( self.domain, self.web_user, self.commcare_user.raw_username, # Malformed, should include domain True, ) self.assertFalse(is_permitted) self.assertRegexpMatches(message, 'Invalid restore as user')
def test_web_user_as_user_bad_username(self): is_permitted, message = is_permitted_to_restore( self.domain, self.web_user, self.commcare_user.raw_username, # Malformed, should include domain True, ) self.assertFalse(is_permitted) self.assertIsNotNone(message)
def test_commcare_user_permitted(self): is_permitted, message = is_permitted_to_restore( self.domain, self.commcare_user, None, False, ) self.assertTrue(is_permitted) self.assertIsNone(message)
def test_web_user_as_user_in_location(self): is_permitted, message = is_permitted_to_restore( self.domain, self.web_location_user, self.location_user.username, True, ) self.assertTrue(is_permitted) self.assertIsNone(message) is_permitted, message = is_permitted_to_restore( self.domain, self.web_location_user, self.wrong_location_user.username, True, ) self.assertFalse(is_permitted) self.assertRegexpMatches(message, 'not in allowed locations')
def test_commcare_user_as_user_disallow_no_edit_data(self): is_permitted, message = is_permitted_to_restore( self.domain, self.no_edit_commcare_user, self.location_user.username, True, ) self.assertFalse(is_permitted) self.assertRegexpMatches(message, 'does not have permission')
def test_web_user_as_self(self): is_permitted, message = is_permitted_to_restore( self.domain, self.web_user, self.web_user.username, True, ) self.assertTrue(is_permitted) self.assertIsNone(message)
def test_web_user_as_user_bad_domain(self): is_permitted, message = is_permitted_to_restore( self.domain, self.web_user, u'{}@wrong-domain'.format(self.commcare_user.raw_username), True, ) self.assertFalse(is_permitted) self.assertRegexpMatches(message, 'Invalid restore as user')
def test_user_limited_login_as_permitted_case_insensitive_match_multiple_users(self): with patch("corehq.apps.ota.utils._limit_login_as", return_value=True): is_permitted, message = is_permitted_to_restore( self.domain, self.restore_user, self.commcare_user_login_as_multiple_upper_case, ) self.assertIsNone(message) self.assertTrue(is_permitted)
def test_commcare_user_wrong_domain(self): is_permitted, message = is_permitted_to_restore( 'wrong-domain', self.commcare_user, None, False, ) self.assertFalse(is_permitted) self.assertRegexpMatches(message, 'was not in the domain')
def test_user_limited_login_as_default_denied(self): with patch("corehq.apps.ota.utils._limit_login_as", return_value=True): is_permitted, message = is_permitted_to_restore( self.domain, self.restore_user, self.commcare_user_default_login_as, ) self.assertFalse(is_permitted) self.assertRegex(message, "not available as login-as user")
def test_commcare_user_wrong_domain(self): is_permitted, message = is_permitted_to_restore( 'wrong-domain', self.commcare_user, None, False, ) self.assertFalse(is_permitted) self.assertIsNotNone(message)
def test_web_user_as_user_bad_privelege(self): is_permitted, message = is_permitted_to_restore( self.domain, self.web_user, u'{}@{}'.format(self.commcare_user.raw_username, self.domain), False, ) self.assertFalse(is_permitted) self.assertIsNotNone(message)
def test_web_user_as_user_bad_privilege(self): is_permitted, message = is_permitted_to_restore( self.domain, self.web_user, self.commcare_user.username, False, ) self.assertFalse(is_permitted) self.assertRegexpMatches(message, 'does not have permissions')
def test_web_user_as_user_bad_domain(self): is_permitted, message = is_permitted_to_restore( self.domain, self.web_user, u'{}@wrong-domain'.format(self.commcare_user.raw_username), True, ) self.assertFalse(is_permitted) self.assertIsNotNone(message)
def test_web_user_as_user_bad_privilege(self): is_permitted, message = is_permitted_to_restore( self.domain, self.web_user, self.commcare_user.username, False, ) self.assertFalse(is_permitted) self.assertRegexpMatches(message, 'does not have permissions')
def test_web_user_as_user_permitted(self): is_permitted, message = is_permitted_to_restore( self.domain, self.web_user, u'{}@{}'.format(self.commcare_user.raw_username, self.domain), True, ) self.assertTrue(is_permitted) self.assertIsNone(message)
def test_super_user_as_user_other_domain(self): """ Superusers should be able to restore as other mobile users even if it's the wrong domain """ is_permitted, message = is_permitted_to_restore( self.domain, self.super_user, self.commcare_user, ) self.assertTrue(is_permitted) self.assertIsNone(message)
def test_super_user_as_user_other_domain(self): """ Superusers should be able to restore as other mobile users even if it's the wrong domain """ is_permitted, message = is_permitted_to_restore( self.domain, self.super_user, self.commcare_user.username, False, ) self.assertTrue(is_permitted) self.assertIsNone(message)