def ensure_grant(self, grantee_slug, priv_slug, dry_run=False):
"""
Adds a parameterless grant between grantee and priv, looked up by slug.
"""
if dry_run:
grants = Grant.objects.filter(from_role__slug=grantee_slug,
to_role__slug=priv_slug)
if not grants:
logger.info('[DRY RUN] Granting privilege: %s => %s',
grantee_slug, priv_slug)
else:
grantee = Role.objects.get(slug=grantee_slug)
priv = Role.objects.get(slug=priv_slug)
Role.get_cache().clear()
if grantee.has_privilege(priv):
if self.verbose:
logger.info('Privilege already granted: %s => %s',
grantee.slug, priv.slug)
else:
if self.verbose:
logger.info('Granting privilege: %s => %s', grantee.slug,
priv.slug)
Grant.objects.create(
from_role=grantee,
to_role=priv,
)
def setUpClass(cls):
super(APIResourceTest, cls).setUpClass()
Role.get_cache().clear()
cls.domain = Domain.get_or_create_with_name('qwerty', is_active=True)
cls.list_endpoint = cls._get_list_endpoint()
cls.username = '******'
cls.password = '******'
cls.user = WebUser.create(cls.domain.name,
cls.username,
cls.password,
None,
None,
email='*****@*****.**',
first_name='rudolph',
last_name='commcare')
cls.user.set_role(cls.domain.name, 'admin')
cls.user.save()
cls.account = BillingAccount.get_or_create_account_by_domain(
cls.domain.name, created_by="automated-test")[0]
plan = DefaultProductPlan.get_default_plan_version(
edition=SoftwarePlanEdition.ADVANCED)
cls.subscription = Subscription.new_domain_subscription(
cls.account, cls.domain.name, plan)
cls.subscription.is_active = True
cls.subscription.save()
cls.api_key, _ = HQApiKey.objects.get_or_create(
user=WebUser.get_django_user(cls.user))
def setUp(self):
self.domain_name = 'test'
self.password = "******"
username = "******"
email = "*****@*****.**"
self.client = Client()
self.user = WebUser.create(self.domain_name, username, self.password, email, is_admin=True)
self.url = '/a/{}/data/edit/archive_forms/'.format(self.domain_name)
django_user = self.user.get_django_user()
try:
self.user_role = UserRole.objects.get(user=django_user)
except UserRole.DoesNotExist:
user_privs = Role.objects.get_or_create(
name="Privileges for %s" % django_user.username,
slug="%s_privileges" % django_user.username,
)[0]
self.user_role = UserRole.objects.create(
user=django_user,
role=user_privs,
)
# Setup default roles and plans
generator.instantiate_accounting_for_tests()
self.bulk_role = Role.objects.filter(slug=privileges.BULK_CASE_MANAGEMENT)[0]
Grant.objects.create(from_role=self.user_role.role, to_role=self.bulk_role)
Role.get_cache().clear()
self.client.login(username=self.user.username, password=self.password)
toggles.BULK_ARCHIVE_FORMS.set(self.user.username, True)
def ensure_grant(self, grantee_slug, priv_slug, dry_run=False):
"""
Adds a parameterless grant between grantee and priv, looked up by slug.
"""
if dry_run:
grants = Grant.objects.filter(from_role__slug=grantee_slug,
to_role__slug=priv_slug)
if not grants:
logger.info('[DRY RUN] Granting privilege: %s => %s', grantee_slug, priv_slug)
else:
grantee = Role.objects.get(slug=grantee_slug)
priv = Role.objects.get(slug=priv_slug)
Role.get_cache().clear()
if grantee.has_privilege(priv):
if self.verbose:
logger.info('Privilege already granted: %s => %s', grantee.slug, priv.slug)
else:
if self.verbose:
logger.info('Granting privilege: %s => %s', grantee.slug, priv.slug)
Grant.objects.create(
from_role=grantee,
to_role=priv,
)
def setUp(self):
self.client = Client()
self.url = '/a/{}/data/edit/archive_forms/'.format(DOMAIN_NAME)
Grant.objects.get_or_create(from_role=self.user_role.role, to_role=self.bulk_role)
Role.get_cache().clear()
self.client.login(username=self.user.username, password=self.password)
def setUp(self):
self.client = Client()
self.url = '/a/{}/data/edit/archive_forms/'.format(DOMAIN_NAME)
Grant.objects.get_or_create(from_role=self.user_role.role, to_role=self.bulk_role)
Role.get_cache().clear()
self.client.login(username=self.user.username, password=self.password)
def setUpClass(cls):
super(RegistrationAPITestCase, cls).setUpClass()
Role.get_cache().clear()
cls.domain1, cls.account1, cls.subscription1 = cls.setup_domain('reg-api-test-1')
cls.domain2, cls.account2, cls.subscription2 = cls.setup_domain('reg-api-test-2')
cls.admin_user1 = cls.setup_webuser('admin@reg-api-test-1', cls.domain1, 'admin')
cls.read_only_user1 = cls.setup_webuser('readonly@reg-api-test-1', cls.domain1, 'read-only')
cls.admin_user2 = cls.setup_webuser('admin@reg-api-test-2', cls.domain2, 'admin')
def setUpClass(cls):
Role.get_cache().clear()
generator.instantiate_accounting_for_tests()
cls.domain = Domain.get_or_create_with_name("qwerty", is_active=True)
cls.username = "******"
cls.password = "******"
cls.admin_user = WebUser.create(cls.domain.name, cls.username, cls.password)
cls.admin_user.set_role(cls.domain.name, "admin")
cls.admin_user.save()
cls.fake_user_es = FakeUserES()
v0_5.MOCK_BULK_USER_ES = cls.mock_es_wrapper
cls.make_users()
set_up_subscription(cls)
cls.domain = Domain.get(cls.domain._id)
def setUpClass(cls):
Role.get_cache().clear()
generator.instantiate_accounting_for_tests()
cls.domain = Domain.get_or_create_with_name("qwerty", is_active=True)
cls.list_endpoint = reverse(
"api_dispatch_list",
kwargs=dict(domain=cls.domain.name, api_name=cls.api_name, resource_name=cls.resource.Meta.resource_name),
)
cls.username = "******"
cls.password = "******"
cls.user = WebUser.create(cls.domain.name, cls.username, cls.password)
cls.user.set_role(cls.domain.name, "admin")
cls.user.save()
set_up_subscription(cls)
cls.domain = Domain.get(cls.domain._id)
def test_bulk_archive_get_form(self):
# Logged in
response = self.client.get(self.url)
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.context["bulk_upload"]["download_url"], "/static/data_interfaces/files/forms_bulk_example.xlsx"
)
grant = Grant.objects.get(from_role=self.user_role.role, to_role=self.bulk_role)
grant.delete()
Role.get_cache().clear()
# Revoked privileges should not render form
response = self.client.get(self.url)
self.assertFalse("bulk_upload" in response.context)
def test_bulk_archive_get_form(self):
# Logged in
response = self.client.get(self.url)
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.context['bulk_upload']['download_url'],
'/static/data_interfaces/xlsx/forms_bulk_example.xlsx')
grant = Grant.objects.get(from_role=self.user_role.role,
to_role=self.bulk_role)
grant.delete()
Role.get_cache().clear()
# Revoked privileges should not render form
response = self.client.get(self.url)
self.assertFalse('bulk_upload' in response.context)
def ensure_grants(grants_to_privs,
dry_run=False,
verbose=False,
roles_by_slug=None):
"""
Adds a parameterless grant between grantee and priv, looked up by slug.
:param grants_to_privs: An iterable of two-tuples:
`(grantee_slug, priv_slugs)`. Will only be iterated once.
"""
dry_run_tag = "[DRY RUN] " if dry_run else ""
if roles_by_slug is None:
roles_by_slug = {role.slug: role for role in Role.objects.all()}
granted = defaultdict(set)
for grant in Grant.objects.select_related('from_role', 'to_role').all():
granted[grant.from_role.slug].add(grant.to_role.slug)
grants_to_create = []
for grantee_slug, priv_slugs in grants_to_privs:
if grantee_slug not in roles_by_slug:
logger.info('grantee %s does not exist.', grantee_slug)
continue
for priv_slug in priv_slugs:
if priv_slug not in roles_by_slug:
logger.info('privilege %s does not exist.', priv_slug)
continue
if priv_slug in granted[grantee_slug]:
if verbose or dry_run:
logger.info('%sPrivilege already granted: %s => %s',
dry_run_tag, grantee_slug, priv_slug)
else:
granted[grantee_slug].add(priv_slug)
if verbose or dry_run:
logger.info('%sGranting privilege: %s => %s', dry_run_tag,
grantee_slug, priv_slug)
if not dry_run:
grants_to_create.append(
Grant(from_role=roles_by_slug[grantee_slug],
to_role=roles_by_slug[priv_slug]))
if grants_to_create:
Role.get_cache().clear()
Grant.objects.bulk_create(grants_to_create)
def ensure_grants(grants_to_privs, dry_run=False, verbose=False, roles_by_slug=None):
"""
Adds a parameterless grant between grantee and priv, looked up by slug.
:param grants_to_privs: An iterable of two-tuples:
`(grantee_slug, priv_slugs)`. Will only be iterated once.
"""
dry_run_tag = "[DRY RUN] " if dry_run else ""
if roles_by_slug is None:
roles_by_slug = {role.slug: role for role in Role.objects.all()}
granted = defaultdict(set)
for grant in Grant.objects.select_related('from_role', 'to_role').all():
granted[grant.from_role.slug].add(grant.to_role.slug)
grants_to_create = []
for grantee_slug, priv_slugs in grants_to_privs:
if grantee_slug not in roles_by_slug:
logger.info('grantee %s does not exist.', grantee_slug)
continue
for priv_slug in priv_slugs:
if priv_slug not in roles_by_slug:
logger.info('privilege %s does not exist.', priv_slug)
continue
if priv_slug in granted[grantee_slug]:
if verbose or dry_run:
logger.info('%sPrivilege already granted: %s => %s',
dry_run_tag, grantee_slug, priv_slug)
else:
granted[grantee_slug].add(priv_slug)
if verbose or dry_run:
logger.info('%sGranting privilege: %s => %s',
dry_run_tag, grantee_slug, priv_slug)
if not dry_run:
grants_to_create.append(Grant(
from_role=roles_by_slug[grantee_slug],
to_role=roles_by_slug[priv_slug]
))
if grants_to_create:
Role.get_cache().clear()
Grant.objects.bulk_create(grants_to_create)
def setUpClass(cls):
super(APIResourceTest, cls).setUpClass()
Role.get_cache().clear()
cls.domain = Domain.get_or_create_with_name('qwerty', is_active=True)
cls.list_endpoint = cls._get_list_endpoint()
cls.username = '******'
cls.password = '******'
cls.user = WebUser.create(cls.domain.name, cls.username, cls.password)
cls.user.set_role(cls.domain.name, 'admin')
cls.user.save()
cls.account = BillingAccount.get_or_create_account_by_domain(cls.domain.name, created_by="automated-test")[0]
plan = DefaultProductPlan.get_default_plan_version(edition=SoftwarePlanEdition.ADVANCED)
cls.subscription = Subscription.new_domain_subscription(cls.account, cls.domain.name, plan)
cls.subscription.is_active = True
cls.subscription.save()
cls.api_key, _ = ApiKey.objects.get_or_create(user=WebUser.get_django_user(cls.user))
def ensure_grant(grantee_slug, priv_slug, dry_run=False, verbose=False):
"""
Adds a parameterless grant between grantee and priv, looked up by slug.
"""
try:
grantee = Role.objects.get(slug=grantee_slug)
except Role.DoesNotExist:
logger.info(
'[DRY RUN] grantee {} does not exist.'.format(grantee_slug))
return
try:
priv = Role.objects.get(slug=priv_slug)
except Role.DoesNotExist:
logger.info('[DRY RUN] privilege {} does not exist.'.format(priv_slug))
return
if dry_run:
grants = Grant.objects.filter(from_role__slug=grantee_slug,
to_role__slug=priv_slug)
if not grants:
logger.info('[DRY RUN] Granting privilege: %s => %s', grantee_slug,
priv_slug)
if grantee.has_privilege(priv):
if verbose:
logger.info('[DRY RUN] Privilege already granted: %s => %s',
grantee.slug, priv.slug)
else:
Role.get_cache().clear()
if grantee.has_privilege(priv):
if verbose:
logger.info('Privilege already granted: %s => %s',
grantee.slug, priv.slug)
else:
if verbose:
logger.info('Granting privilege: %s => %s', grantee.slug,
priv.slug)
Grant.objects.create(
from_role=grantee,
to_role=priv,
)
def ensure_grants(privs_to_ensure_for_grantee,
dry_run=False,
verbose=False,
roles_by_slug=None):
"""
Adds a parameterless grant between grantee and priv, looked up by slug.
:param privs_to_ensure_for_grantee: An iterable of tuples: `(grantee_slug, [priv_slugs])`
:param dry_run: if True, will not make any changes to the DB
:param verbose: if True, will log additional output
:param roles_by_slug: can specify your own roles to consider, otherwise will fetch all Role objects
"""
dry_run_tag = "[DRY RUN] " if dry_run else ""
roles_by_slug = roles_by_slug or get_all_roles_by_slug()
granted_privs_for_grantee = get_granted_privs_for_grantee()
grants_to_create = []
for grantee_slug, priv_slugs in privs_to_ensure_for_grantee:
if grantee_slug not in roles_by_slug:
logger.info('grantee %s does not exist.', grantee_slug)
continue
for priv_slug in priv_slugs:
if priv_slug not in roles_by_slug:
logger.info('privilege %s does not exist.', priv_slug)
continue
if priv_slug in granted_privs_for_grantee[grantee_slug]:
if verbose or dry_run:
logger.info('%sPrivilege already granted: %s => %s',
dry_run_tag, grantee_slug, priv_slug)
else:
granted_privs_for_grantee[grantee_slug].add(priv_slug)
if verbose or dry_run:
logger.info('%sGranting privilege: %s => %s', dry_run_tag,
grantee_slug, priv_slug)
if not dry_run:
grants_to_create.append(
Grant(from_role=roles_by_slug[grantee_slug],
to_role=roles_by_slug[priv_slug]))
if grants_to_create:
Role.get_cache().clear()
Grant.objects.bulk_create(grants_to_create)
def ensure_grant(grantee_slug, priv_slug, dry_run=False, verbose=False):
"""
Adds a parameterless grant between grantee and priv, looked up by slug.
"""
try:
grantee = Role.objects.get(slug=grantee_slug)
except Role.DoesNotExist:
logger.info('[DRY RUN] grantee {} does not exist.'.format(grantee_slug))
return
try:
priv = Role.objects.get(slug=priv_slug)
except Role.DoesNotExist:
logger.info('[DRY RUN] privilege {} does not exist.'.format(priv_slug))
return
if dry_run:
grants = Grant.objects.filter(from_role__slug=grantee_slug,
to_role__slug=priv_slug)
if not grants:
logger.info('[DRY RUN] Granting privilege: %s => %s', grantee_slug, priv_slug)
if grantee.has_privilege(priv):
if verbose:
logger.info('[DRY RUN] Privilege already granted: %s => %s', grantee.slug, priv.slug)
else:
Role.get_cache().clear()
if grantee.has_privilege(priv):
if verbose:
logger.info('Privilege already granted: %s => %s', grantee.slug, priv.slug)
else:
if verbose:
logger.info('Granting privilege: %s => %s', grantee.slug, priv.slug)
Grant.objects.create(
from_role=grantee,
to_role=priv,
)
def setUp(self):
Role.get_cache().clear()
self.zazzle_privilege = arbitrary.role(
slug=arbitrary.unique_slug('zazzle'), parameters=set(['domain']))
def setUp(self):
Role.get_cache().clear()
def setUpClass(cls):
super(BaseAccountingTest, cls).setUpClass()
Role.get_cache().clear()
def delete_grants(grants):
Role.get_cache().clear()
for grant in grants:
grant.delete()
def setUpClass(cls):
Role.get_cache().clear()
generator.instantiate_accounting_for_tests()
def setUp(self):
Role.get_cache().clear()
generator.instantiate_accounting_for_tests()
def setUp(self):
Role.get_cache().clear()
self.zazzle_privilege = arbitrary.role(slug=arbitrary.unique_slug('zazzle'), parameters=set(['domain']))
def setUpClass(cls):
super(BaseAccountingTest, cls).setUpClass()
Role.get_cache().clear()
generator.instantiate_accounting()
def setUpClass(cls):
super(BaseAccountingTest, cls).setUpClass()
Role.get_cache().clear()
generator.instantiate_accounting_for_tests()
