def test_list_agencies_limits(monkeypatch, user_constants, domain_app): """List agencies should limit to only the user's agencies""" sess = GlobalDB.db().session user = UserFactory() cgac = CGACFactory() frec_cgac = CGACFactory() frec = FRECFactory(cgac=frec_cgac) sub_tiers = [ SubTierAgencyFactory(sub_tier_agency_code='0', cgac=cgac, frec=None, is_frec=False, sub_tier_agency_name="Test Subtier Agency 0"), SubTierAgencyFactory(sub_tier_agency_code='1', cgac=frec_cgac, frec=frec, is_frec=True, sub_tier_agency_name="Test Subtier Agency 1") ] user.affiliations = [ UserAffiliation(cgac=cgac, frec=None, permission_type_id=2), UserAffiliation(cgac=None, frec=frec, permission_type_id=2) ] sess.add_all([cgac] + [frec_cgac] + [frec] + sub_tiers + [user]) sess.commit() monkeypatch.setattr(domainRoutes, 'g', Mock(user=user)) result = domain_app.get('/v1/list_agencies/').data.decode('UTF-8') res = json.loads(result) assert len(res['cgac_agency_list']) == 1 assert len(res['frec_agency_list']) == 1 assert res['cgac_agency_list'][0]['agency_name'] == cgac.agency_name assert res['cgac_agency_list'][0]['cgac_code'] == cgac.cgac_code assert res['frec_agency_list'][0]['agency_name'] == frec.agency_name assert res['frec_agency_list'][0]['frec_code'] == frec.frec_code
def test_create_session_and_response(database, monkeypatch): cgacs = [ CGACFactory(cgac_code=str(i) * 3, agency_name=str(i)) for i in range(3) ] user = UserFactory( name="my name", title="my title", affiliations=[ UserAffiliation(cgac=cgacs[1], permission_type_id=PERMISSION_TYPE_DICT['reader']), UserAffiliation(cgac=cgacs[2], permission_type_id=PERMISSION_TYPE_DICT['writer']), ]) database.session.add_all(cgacs + [user]) database.session.commit() monkeypatch.setattr(account_handler, 'LoginSession', Mock()) mock_session = {'sid': 'test sid'} result = account_handler.AccountHandler.create_session_and_response( mock_session, user) result = json.loads(result.data.decode('utf-8')) assert result['message'] == 'Login successful' assert result['user_id'] == user.user_id assert result['name'] == 'my name' assert result['title'] == 'my title' assert result['session_id'] == 'test sid' assert dict(agency_name='1', permission='reader') in result['affiliations'] assert dict(agency_name='2', permission='writer') in result['affiliations']
def test_list_agencies_limits(domain_app, database): """ List agencies should limit to only the user's agencies and should not duplicate the same agency even if there are multiple instances of the same agency in the user permissions. """ user = UserFactory() cgac = CGACFactory() frec_cgac = CGACFactory() frec = FRECFactory(cgac=frec_cgac) sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code='0', cgac=cgac, frec=None, is_frec=False, sub_tier_agency_name="Test Subtier Agency 0"), SubTierAgencyFactory(sub_tier_agency_code='1', cgac=frec_cgac, frec=frec, is_frec=True, sub_tier_agency_name="Test Subtier Agency 1")] user.affiliations = [UserAffiliation(cgac=cgac, frec=None, permission_type_id=PERMISSION_SHORT_DICT['w']), UserAffiliation(cgac=cgac, frec=None, permission_type_id=PERMISSION_SHORT_DICT['f']), UserAffiliation(cgac=None, frec=frec, permission_type_id=PERMISSION_SHORT_DICT['w']), UserAffiliation(cgac=None, frec=frec, permission_type_id=PERMISSION_SHORT_DICT['f'])] database.session.add_all([cgac] + [frec_cgac] + [frec] + sub_tiers + [user]) database.session.commit() g.user = user result = domain_app.get('/v1/list_agencies/').data.decode('UTF-8') res = json.loads(result) assert len(res['cgac_agency_list']) == 1 assert len(res['frec_agency_list']) == 1 assert res['cgac_agency_list'][0]['agency_name'] == cgac.agency_name assert res['cgac_agency_list'][0]['cgac_code'] == cgac.cgac_code assert res['frec_agency_list'][0]['agency_name'] == frec.agency_name assert res['frec_agency_list'][0]['frec_code'] == frec.frec_code
def perms_to_affiliations(perms, user_id): """Convert a list of perms from MAX to a list of UserAffiliations. Filter out and log any malformed perms""" available_cgacs = { cgac.cgac_code: cgac for cgac in GlobalDB.db().session.query(CGAC) } available_frecs = { frec.frec_code: frec for frec in GlobalDB.db().session.query(FREC) } log_data = {'message_type': 'BrokerWarning', 'user_id': user_id} for perm in perms: log_data[ 'message'] = 'User with ID {} has malformed permission: {}'.format( user_id, perm) components = perm.split('-PERM_') if len(components) != 2: logger.warning(log_data) continue codes, perm_level = components split_codes = codes.split('-FREC_') frec_code, cgac_code = None, None if len(split_codes) == 2: # permissions for FR entity code and readonly CGAC frec_code, cgac_code = split_codes[1], split_codes[0] if frec_code not in available_frecs or cgac_code not in available_cgacs: logger.warning(log_data) continue else: # permissions for CGAC cgac_code = codes if cgac_code not in available_cgacs: logger.warning(log_data) continue perm_level = perm_level.lower() if perm_level not in 'rwsf': logger.warning(log_data) continue if frec_code: yield UserAffiliation( cgac=available_cgacs[cgac_code], frec=None, permission_type_id=PERMISSION_SHORT_DICT['r']) yield UserAffiliation( cgac=None, frec=available_frecs[frec_code], permission_type_id=PERMISSION_SHORT_DICT[perm_level]) else: yield UserAffiliation( cgac=available_cgacs[cgac_code] if cgac_code else None, frec=None, permission_type_id=PERMISSION_SHORT_DICT[perm_level])
def test_permissions_filter_agency_user(database, monkeypatch): sess = database.session # Setup agencies db_objects = [] cgac1 = CGACFactory(cgac_code='089', agency_name='CGAC') cgac2 = CGACFactory(cgac_code='011', agency_name='CGAC Associated with FREC') cgac3 = CGACFactory(cgac_code='091', agency_name='Other CGAC Associated with FREC') frec1 = FRECFactory(cgac=cgac2, frec_code='1125', agency_name='FREC 1') frec2 = FRECFactory(cgac=cgac3, frec_code='0923', agency_name='FREC 2') db_objects.extend([cgac1, cgac2, cgac3, frec1, frec2]) # Setup submissions sub1 = SubmissionFactory(cgac_code=cgac1.cgac_code, frec_code=None) sub2 = SubmissionFactory(cgac_code=cgac2.cgac_code, frec_code=frec1.frec_code) sub3 = SubmissionFactory(cgac_code=cgac3.cgac_code, frec_code=None) sub4 = SubmissionFactory(cgac_code=cgac3.cgac_code, frec_code=frec2.frec_code) db_objects.extend([sub1, sub2, sub3, sub4]) # Setup agency user agency_user = UserFactory( name='Agency User', affiliations=[ UserAffiliation(user_affiliation_id=1, cgac=cgac1, permission_type_id=PERMISSION_TYPE_DICT['reader']), UserAffiliation(user_affiliation_id=2, cgac=cgac2, frec=frec1, permission_type_id=PERMISSION_TYPE_DICT['writer']), ]) db_objects.append(agency_user) monkeypatch.setattr(filters_helper, 'g', Mock(user=agency_user)) sess.add_all(db_objects) sess.commit() base_query = sess.query(Submission) # submissions should be filtered based on user access query = filters_helper.permissions_filter(base_query) expected_results = [sub1, sub2] results = set(query.all()) assert results == set(expected_results)
def test_list_submission_users_cgac_frec_affil(database): """ Test listing users based on both cgac and frec affiliations """ cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')] frecs = [FRECFactory(frec_code='0000', cgac=cgacs[0]), FRECFactory(frec_code='1111', cgac=cgacs[1])] first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1', email='*****@*****.**') other_user = UserFactory.with_cgacs(cgacs[1], name='Test User', email='*****@*****.**') third_user = UserFactory.with_cgacs(cgacs[1], name='Frec User', email='*****@*****.**') third_user.affiliations =\ third_user.affiliations + [UserAffiliation(frec=frecs[0], user_id=third_user.user_id, permission_type_id=PERMISSION_TYPE_DICT['reader'])] database.session.add_all(cgacs + frecs + [first_user, other_user]) database.session.commit() # Third user now has cgac 111 and frec 0000 sub_1 = SubmissionFactory(frec_code=frecs[0].frec_code, user_id=first_user.user_id, is_fabs=False) sub_2 = SubmissionFactory(cgac_code=cgacs[1].cgac_code, user_id=other_user.user_id, is_fabs=False) sub_3 = SubmissionFactory(frec_code=frecs[1].frec_code, user_id=other_user.user_id, is_fabs=False) database.session.add_all([sub_1, sub_2, sub_3]) database.session.commit() g.user = third_user response = list_submission_users(False) user_response = json.loads(response.data.decode('UTF-8'))['users'] # List both other users because one has a frec agency and one has a cgac assert len(user_response) == 2 assert {user_response[0]['user_id'], user_response[1]['user_id']} == {first_user.user_id, other_user.user_id} assert {user_response[0]['name'], user_response[1]['name']} == {first_user.name, other_user.name} assert {user_response[0]['email'], user_response[1]['email']} == {first_user.email, other_user.email}
def test_active_user_can_dabs_cgac_writer(database, monkeypatch, user_constants): user_cgac, other_cgac = [CGACFactory() for _ in range(2)] user_writer = UserFactory(affiliations=[ UserAffiliation(cgac=user_cgac, permission_type_id=PERMISSION_TYPE_DICT['writer']) ]) database.session.add_all([user_cgac, other_cgac, user_writer]) database.session.commit() monkeypatch.setattr(permissions, 'g', Mock(user=user_writer)) # has permission level, but wrong agency assert not permissions.active_user_can('reader', cgac_code=other_cgac.cgac_code) assert not permissions.active_user_can('writer', cgac_code=other_cgac.cgac_code) # has agency, but not permission level assert not permissions.active_user_can('submitter', cgac_code=user_cgac.cgac_code) assert not permissions.active_user_can('editfabs', cgac_code=user_cgac.cgac_code) assert not permissions.active_user_can('fabs', cgac_code=user_cgac.cgac_code) # right agency, right permission assert permissions.active_user_can('reader', cgac_code=user_cgac.cgac_code) assert permissions.active_user_can('writer', cgac_code=user_cgac.cgac_code) # wrong permission level, wrong agency, but superuser user_writer.website_admin = True assert permissions.active_user_can('submitter', cgac_code=other_cgac.cgac_code)
def test_list_submission_users_frec_affil(database): """ Test listing users based on frec affiliations """ cgacs = [CGACFactory(cgac_code='000'), CGACFactory(cgac_code='111')] frecs = [FRECFactory(frec_code='0000', cgac=cgacs[0]), FRECFactory(frec_code='1111', cgac=cgacs[1])] first_user = UserFactory.with_cgacs(cgacs[0], name='Test User 1', email='*****@*****.**') other_user = UserFactory.with_cgacs(cgacs[1], name='Test User', email='*****@*****.**') third_user = UserFactory(name='Frec User', email='*****@*****.**') third_user.affiliations = [UserAffiliation(frec=frecs[0], user_id=third_user.user_id, permission_type_id=PERMISSION_TYPE_DICT['reader'])] database.session.add_all(cgacs + frecs + [first_user, other_user]) database.session.commit() sub_1 = SubmissionFactory(frec_code=frecs[0].frec_code, user_id=first_user.user_id, is_fabs=False) sub_2 = SubmissionFactory(cgac_code=cgacs[1].cgac_code, user_id=other_user.user_id, is_fabs=False) sub_3 = SubmissionFactory(frec_code=frecs[1].frec_code, user_id=other_user.user_id, is_fabs=False) database.session.add_all([sub_1, sub_2, sub_3]) database.session.commit() g.user = third_user response = list_submission_users(False) user_response = json.loads(response.data.decode('UTF-8'))['users'] # List the first user because they have a submission with that frec assert len(user_response) == 1 assert user_response[0]['user_id'] == first_user.user_id assert user_response[0]['name'] == first_user.name assert user_response[0]['email'] == first_user.email
def test_get_accessible_agencies(database): """ Test listing all the agencies (CGAC and FREC) that are accessible based on permissions given """ # The first cgac/frec don't have sub tiers associated, they should still show up when affiliations are present cgacs = [CGACFactory(cgac_code=str(i), agency_name="Test Agency " + str(i)) for i in range(3)] frec_cgac = CGACFactory() frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)] cgac_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(i), cgac=cgacs[i], frec=None, is_frec=False, sub_tier_agency_name="Test Subtier Agency C" + str(i)) for i in range(1, 3)] frec_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(3 + i), cgac=frec_cgac, frec=frecs[i], is_frec=True, sub_tier_agency_name="Test Subtier Agency F" + str(i)) for i in range(1, 3)] database.session.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers + frec_sub_tiers) database.session.commit() user = UserFactory(affiliations=[ UserAffiliation(user_affiliation_id=1, cgac=cgacs[0], frec=None, permission_type_id=PERMISSION_TYPE_DICT['writer']), UserAffiliation(user_affiliation_id=2, cgac=None, frec=frecs[1], permission_type_id=PERMISSION_TYPE_DICT['reader']), UserAffiliation(user_affiliation_id=3, cgac=None, frec=frecs[2], permission_type_id=PERMISSION_TYPE_DICT['reader']) ]) database.session.add(user) database.session.commit() g.user = user # Test one CGAC and 2 FRECs, have to decode it because we send it back as a response already results = get_accessible_agencies() frec_code_result = {el["frec_code"] for el in results["frec_agency_list"]} frec_name_result = {el["agency_name"] for el in results["frec_agency_list"]} assert len(results["cgac_agency_list"]) == 1 assert len(results["frec_agency_list"]) == 2 assert results["cgac_agency_list"][0]["agency_name"] == cgacs[0].agency_name assert results["cgac_agency_list"][0]["cgac_code"] == cgacs[0].cgac_code assert frec_name_result == {frecs[1].agency_name, frecs[2].agency_name} assert frec_code_result == {frecs[1].frec_code, frecs[2].frec_code} # Test when user is website admin, should return everything, but only 2 frecs because only 2 of the 3 have the # frec flag user.affiliations = [] user.website_admin = True results = get_accessible_agencies() assert len(results["cgac_agency_list"]) == 3 assert len(results["frec_agency_list"]) == 2
def test_list_sub_tier_agencies_admin(domain_app, database): """ List all sub tiers that a user has FABS permissions for """ user = UserFactory(website_admin=True) cgacs = [CGACFactory(cgac_code=str(i)) for i in range(3)] frec_cgac = CGACFactory() frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)] cgac_sub_tiers = [ SubTierAgencyFactory(sub_tier_agency_code=str(i), cgac=cgacs[i], frec=None, is_frec=False, sub_tier_agency_name="Test Subtier Agency " + str(i)) for i in range(3) ] frec_sub_tiers = [ SubTierAgencyFactory(sub_tier_agency_code=str(3 + i), cgac=frec_cgac, frec=frecs[i], is_frec=True, sub_tier_agency_name="Test Subtier Agency " + str(3 + i)) for i in range(3) ] user.affiliations = [ UserAffiliation(cgac=cgacs[0], frec=None, permission_type_id=PERMISSION_SHORT_DICT['f']), UserAffiliation(cgac=None, frec=frecs[2], permission_type_id=PERMISSION_SHORT_DICT['f']) ] database.session.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers + frec_sub_tiers + [user]) database.session.commit() g.user = user result = domain_app.get('/v1/list_sub_tier_agencies/').data.decode('UTF-8') response = json.loads(result) result = {el['agency_code'] for el in response['sub_tier_agency_list']} assert len(response["sub_tier_agency_list"] ) == 6 # All of them, ignores affiliations assert result == {'0', '1', '2', '3', '4', '5'} # All of them, ignores affiliations
def add_user(email, name, username, website_admin=False): user = UserFactory( email=email, website_admin=website_admin, name=name, username=username, affiliations=[UserAffiliation( cgac=cgac, permission_type_id=PERMISSION_TYPE_DICT['writer'] )] ) user.salt, user.password_hash = get_password_hash(user_password, Bcrypt()) sess.add(user)
def test_user_affiliation_fks(database, user_constants): sess = database.session users = [UserFactory() for _ in range(3)] cgacs = [CGACFactory() for _ in range(6)] permission = PERMISSION_TYPE_DICT['reader'] for idx, user in enumerate(users): user.affiliations = [ UserAffiliation(cgac=cgacs[idx * 2], permission_type_id=permission), UserAffiliation(cgac=cgacs[idx * 2 + 1], permission_type_id=permission), ] sess.add_all(users) sess.commit() assert sess.query(UserAffiliation).count() == 6 # Deleting a user also deletes the affiliations sess.delete(users[0]) sess.commit() assert sess.query(UserAffiliation).count() == 4 # Deleting a CGAC also deletes the affiliations sess.delete(cgacs[2]) sess.commit() assert sess.query(UserAffiliation).count() == 3 assert len(users[1].affiliations) == 1 assert users[1].affiliations[0].cgac == cgacs[3] # Deleting an affiliation doesn't delete the user or CGAC assert sess.query(User).count() == 2 assert sess.query(CGAC).count() == 5 assert sess.query(UserAffiliation).count() == 3 sess.delete(users[2].affiliations[0]) sess.commit() assert sess.query(User).count() == 2 assert sess.query(CGAC).count() == 5 assert sess.query(UserAffiliation).count() == 2
def setUpClass(cls): """Set up class-wide resources like users.""" super(DomainTests, cls).setUpClass() with create_app().app_context(): sess = GlobalDB.db().session user = User() r_cgac = CGACFactory() w_cgac = CGACFactory() s_frec_cgac = CGACFactory() s_frec = FRECFactory(cgac=s_frec_cgac) e_frec_cgac = CGACFactory() e_frec = FRECFactory(cgac=e_frec_cgac) f_cgac = CGACFactory() user.affiliations = [ UserAffiliation(cgac=r_cgac, frec=None, permission_type_id=PERMISSION_SHORT_DICT['r']), UserAffiliation(cgac=w_cgac, frec=None, permission_type_id=PERMISSION_SHORT_DICT['w']), UserAffiliation(cgac=None, frec=s_frec, permission_type_id=PERMISSION_SHORT_DICT['s']), UserAffiliation(cgac=None, frec=e_frec, permission_type_id=PERMISSION_SHORT_DICT['e']), UserAffiliation(cgac=f_cgac, frec=None, permission_type_id=PERMISSION_SHORT_DICT['f']) ] sess.add_all([ r_cgac, w_cgac, s_frec_cgac, s_frec, e_frec_cgac, e_frec, f_cgac ]) sess.commit()
def test_list_agencies_all(domain_app, database): """ All agencies should be visible to website admins """ user = UserFactory() cgacs = [CGACFactory(cgac_code=str(i)) for i in range(3)] frec_cgac = CGACFactory() frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)] cgac_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(i), cgac=cgacs[i], frec=None, is_frec=False, sub_tier_agency_name="Test Subtier Agency "+str(i)) for i in range(3)] frec_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(3+i), cgac=frec_cgac, frec=frecs[i], is_frec=True, sub_tier_agency_name="Test Subtier Agency "+str(3+i)) for i in range(3)] user.affiliations = [UserAffiliation(cgac=cgacs[0], frec=frecs[0], permission_type_id=PERMISSION_SHORT_DICT['w'])] database.session.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers + frec_sub_tiers + [user]) database.session.commit() g.user = user result = domain_app.get('/v1/list_all_agencies/').data.decode('UTF-8') response = json.loads(result) result = {el['cgac_code'] for el in response['agency_list']} assert result == {'0', '1', '2'} # i.e. all of them result = {el['frec_code'] for el in response['shared_agency_list']} assert result == {'0', '1', '2'} # i.e. all of them
def test_list_agencies_all(monkeypatch, user_constants, domain_app): """All agencies should be visible to website admins""" sess = GlobalDB.db().session user = UserFactory() cgacs = [CGACFactory(cgac_code=str(i)) for i in range(3)] frec_cgac = CGACFactory() frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)] cgac_sub_tiers = [ SubTierAgencyFactory(sub_tier_agency_code=str(i), cgac=cgacs[i], frec=None, is_frec=False, sub_tier_agency_name="Test Subtier Agency " + str(i)) for i in range(3) ] frec_sub_tiers = [ SubTierAgencyFactory(sub_tier_agency_code=str(3 + i), cgac=frec_cgac, frec=frecs[i], is_frec=True, sub_tier_agency_name="Test Subtier Agency " + str(3 + i)) for i in range(3) ] user.affiliations = [ UserAffiliation(cgac=cgacs[0], frec=frecs[0], permission_type_id=2) ] sess.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers + frec_sub_tiers + [user]) sess.commit() monkeypatch.setattr(domainRoutes, 'g', Mock(user=user)) result = domain_app.get('/v1/list_all_agencies/').data.decode('UTF-8') response = json.loads(result) result = {el['cgac_code'] for el in response['agency_list']} assert result == {'0', '1', '2'} # i.e. all of them result = {el['frec_code'] for el in response['shared_agency_list']} assert result == {'0', '1', '2'} # i.e. all of them
def test_current_user_can(database, monkeypatch, user_constants): # Test CGAC DABS permissions user_cgac, other_cgac = [CGACFactory() for _ in range(2)] user_one = UserFactory(affiliations=[ UserAffiliation(cgac=user_cgac, permission_type_id=PERMISSION_TYPE_DICT['writer']) ]) database.session.add_all([user_cgac, other_cgac, user_one]) database.session.commit() monkeypatch.setattr(permissions, 'g', Mock(user=user_one)) # has permission level, but wrong agency assert not permissions.current_user_can('reader', other_cgac.cgac_code, None) # has agency, but not permission level assert not permissions.current_user_can('submitter', user_cgac.cgac_code, None) # right agency, right permission assert permissions.current_user_can('writer', user_cgac.cgac_code, None) assert permissions.current_user_can('reader', user_cgac.cgac_code, None) # wrong permission level, wrong agency, but superuser user_one.website_admin = True assert permissions.current_user_can('submitter', other_cgac.cgac_code, None) # Test FREC DABS permissions user_frec, other_frec = [FRECFactory(cgac=user_cgac) for _ in range(2)] user_two = UserFactory(affiliations=[ UserAffiliation(frec=user_frec, permission_type_id=PERMISSION_TYPE_DICT['writer']) ]) database.session.add_all([user_frec, other_frec, user_two]) database.session.commit() monkeypatch.setattr(permissions, 'g', Mock(user=user_two)) # has permission level, but wrong agency assert not permissions.current_user_can('reader', None, other_frec.frec_code) # has agency, but not permission level assert not permissions.current_user_can('submitter', None, user_frec.frec_code) # right agency, right permission assert permissions.current_user_can('writer', None, user_frec.frec_code) assert permissions.current_user_can('reader', None, user_frec.frec_code) # wrong permission level, wrong agency, but superuser user_two.website_admin = True assert permissions.current_user_can('submitter', None, other_frec.frec_code) # Test FABS permissions user_three = UserFactory(affiliations=[ UserAffiliation(cgac=user_cgac, permission_type_id=PERMISSION_SHORT_DICT['f']) ]) database.session.add(user_three) database.session.commit() monkeypatch.setattr(permissions, 'g', Mock(user=user_three)) # has permission level, but wrong agency assert not permissions.current_user_can('fabs', other_cgac.cgac_code, None) # has agency, but not permission level assert not permissions.current_user_can('submitter', user_cgac.cgac_code, None) # right agency, right permission assert permissions.current_user_can('fabs', user_cgac.cgac_code, None) # wrong permission level, wrong agency, but superuser user_three.website_admin = True assert permissions.current_user_can('submitter', other_cgac.cgac_code, None)
def perms_to_affiliations(perms, user_id, service_account_flag=False): """ Convert a list of perms from MAX to a list of UserAffiliations. Filter out and log any malformed perms Args: perms: list of permissions (as strings) for the user user_id: the ID of the user service_account_flag: flag to indicate a service account Yields: UserAffiliations based on the permissions provided """ available_cgacs = { cgac.cgac_code: cgac for cgac in GlobalDB.db().session.query(CGAC) } available_frecs = { frec.frec_code: frec for frec in GlobalDB.db().session.query(FREC) } log_data = {'message_type': 'BrokerWarning', 'user_id': user_id} for perm in perms: log_data[ 'message'] = 'User with ID {} has malformed permission: {}'.format( user_id, perm) components = perm.split('-PERM_') if len(components) != 2: logger.warning(log_data) continue codes, perm_level = components split_codes = codes.split('-FREC_') frec_code, cgac_code = None, None if len(split_codes) == 2: # permissions for FR entity code and readonly CGAC frec_code, cgac_code = split_codes[1], split_codes[0] if frec_code not in available_frecs or cgac_code not in available_cgacs: logger.warning(log_data) continue else: # permissions for CGAC cgac_code = codes if cgac_code not in available_cgacs: logger.warning(log_data) continue perm_level = perm_level.lower() if service_account_flag: # Replace MAX Service Account permissions with Broker "write" and "editfabs" permissions perm_level = 'we' elif perm_level not in 'rwsef': logger.warning(log_data) continue for permission in perm_level: if frec_code: yield UserAffiliation( cgac=available_cgacs[cgac_code], frec=None, permission_type_id=PERMISSION_SHORT_DICT['r']) yield UserAffiliation( cgac=None, frec=available_frecs[frec_code], permission_type_id=PERMISSION_SHORT_DICT[permission]) else: yield UserAffiliation( cgac=available_cgacs[cgac_code] if cgac_code else None, frec=None, permission_type_id=PERMISSION_SHORT_DICT[permission])
def test_list_agencies_perm_params(domain_app, database): """ Users should be able to filter their affiliations based on the arguments provided """ user = UserFactory() r_cgac = CGACFactory() w_cgac = CGACFactory() s_frec_cgac = CGACFactory() s_frec = FRECFactory(cgac=s_frec_cgac) e_frec_cgac = CGACFactory() e_frec = FRECFactory(cgac=e_frec_cgac) f_cgac = CGACFactory() user.affiliations = [ UserAffiliation(cgac=r_cgac, frec=None, permission_type_id=PERMISSION_SHORT_DICT['r']), UserAffiliation(cgac=w_cgac, frec=None, permission_type_id=PERMISSION_SHORT_DICT['w']), UserAffiliation(cgac=None, frec=s_frec, permission_type_id=PERMISSION_SHORT_DICT['s']), UserAffiliation(cgac=None, frec=e_frec, permission_type_id=PERMISSION_SHORT_DICT['e']), UserAffiliation(cgac=f_cgac, frec=None, permission_type_id=PERMISSION_SHORT_DICT['f']) ] database.session.add_all( [r_cgac, w_cgac, s_frec_cgac, s_frec, e_frec_cgac, e_frec, f_cgac]) database.session.commit() g.user = user def call_list_agencies(perm_level='reader', perm_type='mixed'): result = domain_app.get('/v1/list_agencies/?perm_level={}&perm_type={}'.format(perm_level, perm_type))\ .data.decode('UTF-8') resp = json.loads(result) cgac_codes = [ agency['cgac_code'] for agency in resp['cgac_agency_list'] ] frec_codes = [ agency['frec_code'] for agency in resp['frec_agency_list'] ] return cgac_codes, frec_codes default_cgacs, default_frecs = call_list_agencies() assert {r_cgac.cgac_code, w_cgac.cgac_code, f_cgac.cgac_code} == set(default_cgacs) assert {s_frec.frec_code, e_frec.frec_code} == set(default_frecs) writer_cgacs, writer_frecs = call_list_agencies(perm_level='writer') assert {w_cgac.cgac_code, f_cgac.cgac_code} == set(writer_cgacs) assert {s_frec.frec_code, e_frec.frec_code} == set(writer_frecs) submitter_cgacs, submitter_frecs = call_list_agencies( perm_level='submitter') assert {f_cgac.cgac_code} == set(submitter_cgacs) assert {s_frec.frec_code} == set(submitter_frecs) dabs_cgacs, dabs_frecs = call_list_agencies(perm_type='dabs') assert {r_cgac.cgac_code, w_cgac.cgac_code} == set(dabs_cgacs) assert {s_frec.frec_code} == set(dabs_frecs) fabs_cgacs, fabs_frecs = call_list_agencies(perm_type='fabs') assert {f_cgac.cgac_code} == set(fabs_cgacs) assert {e_frec.frec_code} == set(fabs_frecs) # mix mix_cgacs, mix_frecs = call_list_agencies(perm_level='submitter', perm_type='fabs') assert {f_cgac.cgac_code} == set(mix_cgacs) assert set() == set(mix_frecs)