def generate_tasks_for_cycle(self, group_count, task_count): """generate number of task groups and task for current task group""" role_names = ("Task Assignees", "Task Secondary Assignees") results = {} with single_commit(): workflow = factories.WorkflowFactory() cycle = factories.CycleFactory(workflow=workflow) task_group = factories.TaskGroupFactory(workflow=workflow) for idx in range(group_count): person = PersonFactory(name="user for group {}".format(idx)) cycle_task_group = factories.CycleTaskGroupFactory( cycle=cycle, contact=person) for _ in range(task_count): task_group_task = factories.TaskGroupTaskFactory( task_group=task_group) for r_name in role_names: ggrc_factories.AccessControlListFactory( object=task_group_task, person=person, ac_role_id=self.get_role_id_for_obj( task_group_task, r_name)) task = factories.CycleTaskGroupObjectTaskFactory( cycle=cycle, cycle_task_group=cycle_task_group, task_group_task=task_group_task) for r_name in role_names: ggrc_factories.AccessControlListFactory( object=task, person=person, ac_role_id=self.get_role_id_for_obj(task, r_name)) results[task.id] = cycle_task_group.slug return results
def test_full_access_control_list(self): """Test if access_control_list property filters out propagated roles Before sending the access_control_list to the frontend, propagated roles need to be filtered out to help prevent performance issues""" with factories.single_commit(): # Create an object with one external and one propagated role obj = factories.ControlFactory() acl = factories.AccessControlListFactory(object=obj, ac_role=self.role, person=self.person) factories.AccessControlListFactory(object=obj, ac_role=self.role, person=self.person, parent=acl) # full_access_control_list should have all rows: self.assertEqual(len(obj.full_access_control_list), 2, "full_access_control_list doesn't include all roles") # access_control_list should only have non propagated ones self.assertEqual(len(obj.access_control_list), 1, "access_control_list doesn't include all the roles") obj_id, acl_id = obj.id, acl.id api = api_helper.Api() response = api.get(all_models.Control, obj_id) acl = response.json["control"]["access_control_list"] # Check if the response filtered out the propagated access_control_role self.assertEqual(len(acl), 1, "acl didn't filter out propagated roles correctly") self.assertEqual(acl[0]["id"], acl_id, "acl didn't filter out propagated roles correctly")
def test_propagate_all(self): """Test clean propagation of all ACL entries.""" with factories.single_commit(): person = factories.PersonFactory() task = wf_factories.TaskGroupTaskFactory() audit = factories.AuditFactory() factories.RelationshipFactory( source=audit, destination=audit.program, ) acl_ids = [ factories.AccessControlListFactory( ac_role=self.roles["Program"]["Program Editors"], object=audit.program, person=person, ).id ] factories.AccessControlListFactory( ac_role=self.roles["Workflow"]["Workflow Member"], object=task.workflow, person=person, ) # propagate all non WF entries propagation._propagate(acl_ids) self.assertEqual(all_models.AccessControlList.query.count(), 4) all_models.AccessControlList.query.filter( all_models.AccessControlList.parent_id.isnot(None)).delete() self.assertEqual(all_models.AccessControlList.query.count(), 2) # propagate all including WF entries propagation.propagate_all() self.assertEqual(all_models.AccessControlList.query.count(), 6)
def _create_assessments(self, audit, types, offset=1): """Create one assessment for each assessment type in a given audit.""" user = models.Person.query.first() for i, type_ in enumerate(types): assessment = self._create_obj( factories.AssessmentFactory, "Assessment {}".format(i + offset), audit=audit, assessment_type=type_, ) if i % 2 == 0: factories.RelationshipFactory(source=audit, destination=assessment) else: factories.RelationshipFactory(source=assessment, destination=audit) factories.AccessControlListFactory( ac_role_id=self.assignee_roles["Assignees"], person=user, object=assessment) factories.AccessControlListFactory( ac_role_id=self.assignee_roles["Creators"], person=user, object=assessment)
def test_partially_rights(self): """Test generation if user has rights on part of Assessments.""" audit_id, assessment_ids = self.setup_assessments(3) changed_asmnt_id = assessment_ids[0] norights_asmnt_ids = assessment_ids[1:] _, assignee_user = self.gen.generate_person(user_role="Creator") with factories.single_commit(): factories.AccessControlListFactory( object_id=changed_asmnt_id, object_type="Assessment", ac_role_id=role.get_ac_roles_for("Assessment")["Creators"].id, person_id=assignee_user.id, ) audit_role = factories.AccessControlRoleFactory( name="Edit Role", object_type="Audit", update=True) factories.AccessControlListFactory( object_id=audit_id, object_type="Audit", ac_role_id=audit_role.id, person_id=assignee_user.id, ) self.api.set_user(assignee_user) response = self.generate_children_issues_for("Audit", audit_id, "Assessment") self.assert200(response) self.assert_children_asmnt_issues([changed_asmnt_id]) self.assert_not_updated("Assessment", norights_asmnt_ids)
def test_put_mapped_roles(self): """Test mapped roles creation when assessment updated""" with factories.single_commit(): person = factories.PersonFactory() person_email = person.email audit = factories.AuditFactory() assessment = factories.AssessmentFactory(audit=audit) factories.AccessControlListFactory( ac_role_id=self.assignee_roles["Assignees"], person=person, object=assessment ) factories.AccessControlListFactory( ac_role_id=self.assignee_roles["Creators"], person=person, object=assessment ) factories.RelationshipFactory(source=audit, destination=assessment) # Add verifier to Assessment response = self.api.put(assessment, { "access_control_list": [ acl_helper.get_acl_json(role_id, person.id) for role_id in self.assignee_roles.values() ] }) self.assertEqual(response.status_code, 200) db.session.add_all([audit, assessment]) self.assert_mapped_role("Verifiers", person_email, assessment) self.assert_propagated_role("Verifiers", person_email, audit)
def setUp(self): super(TestRevisionHistory, self).setUp() self.api = Api() roles = {r.name: r for r in all_models.Role.query.all()} ac_roles = { r.name: r for r in all_models.AccessControlRole.query.all() } with factories.single_commit(): self.control = factories.ControlFactory() acrs = { "ACL_Reader": factories.AccessControlRoleFactory(name="ACL_Reader", object_type="Control", update=0), "ACL_Editor": factories.AccessControlRoleFactory(name="ACL_Editor", object_type="Control"), } self.program = factories.ProgramFactory() self.program.context.related_object = self.program self.relationship = factories.RelationshipFactory( source=self.program, destination=self.control, context=self.program.context, ) self.people = { "Creator": factories.PersonFactory(), "Reader": factories.PersonFactory(), "Editor": factories.PersonFactory(), "Administrator": factories.PersonFactory(), "ACL_Reader": factories.PersonFactory(), "ACL_Editor": factories.PersonFactory(), "Program Editors": factories.PersonFactory(), "Program Managers": factories.PersonFactory(), "Program Readers": factories.PersonFactory(), } for role_name in ["Creator", "Reader", "Editor", "Administrator"]: rbac_factories.UserRoleFactory(role=roles[role_name], person=self.people[role_name]) for role_name in [ "Program Editors", "Program Managers", "Program Readers" ]: person = self.people[role_name] rbac_factories.UserRoleFactory(role=roles["Creator"], person=person) factories.AccessControlListFactory( ac_role=ac_roles[role_name], object=self.program, person=self.people[role_name]) with factories.single_commit(): for role_name in ["ACL_Reader", "ACL_Editor"]: rbac_factories.UserRoleFactory(role=roles["Creator"], person=self.people[role_name]) factories.AccessControlListFactory( ac_role=acrs[role_name], object=self.control, person=self.people[role_name])
def test_relationship_single_layer(self): """Test single layer propagation through relationships. Test propagation of a new relationship between audit and assessment. Here we check that propagation happens both ways on the relationship creation. """ with factories.single_commit(): person = factories.PersonFactory() audit = factories.AuditFactory() assessment1 = factories.AssessmentFactory(audit=audit) assessment2 = factories.AssessmentFactory(audit=audit) # This is excluded from propagation to test for proper filtering assessment3 = factories.AssessmentFactory(audit=audit) factories.RelationshipFactory(source=assessment3, destination=audit) relationship_ids = [ factories.RelationshipFactory( source=assessment1, destination=audit, ).id, factories.RelationshipFactory( source=audit, destination=assessment2, ).id, ] factories.AccessControlListFactory( ac_role=self.roles["Audit"]["Audit Captains"], object=audit, person=person, ) factories.AccessControlListFactory( ac_role=self.roles["Assessment"]["Assignees"], object=assessment1, person=person, ) factories.AccessControlListFactory( ac_role=self.roles["Assessment"]["Assignees"], object=assessment2, person=person, ) child_ids = propagation._handle_relationship_step(relationship_ids, []) self.assertEqual( all_models.AccessControlList.query.count(), 3 + 2 + 2 + 4 # 3 Initial roles # 2 roles for assessment 1 propagation to relationship and audit # 2 roles for assessment 2 propagation to relationship and audit # 4 for audit role propagation to two relationships and assessments ) self.assertEqual( db.session.execute(child_ids.alias("counts").count()).scalar(), 4, # audit captain to both assessments and both assignees to audit )
def test_audit_clone_auditors(self): """Test that auditors get cloned correctly""" auditor_role = AccessControlRole.query.filter_by( name="Auditors").first() audit = factories.AuditFactory() audit_context = factories.ContextFactory() audit.context = audit_context users = ["*****@*****.**", "*****@*****.**", "*****@*****.**"] auditors = [] for user in users: person = factories.PersonFactory(email=user) auditors += [person] for auditor in auditors: factories.AccessControlListFactory(ac_role=auditor_role, object=audit, person=auditor) self.assertEqual( AccessControlList.query.filter_by(ac_role_id=auditor_role.id, object_type="Audit", object_id=audit.id).count(), 3, "Auditors not present") self.clone_audit(audit) audit_copy = db.session.query(models.Audit).filter( models.Audit.title.like("%copy%")).first() self.assertEqual( AccessControlList.query.filter_by(ac_role_id=auditor_role.id, object_type="Audit", object_id=audit_copy.id).count(), 3, "Auditors not present on copy") # Verify that contexts are different for original and copy audit another_user_4 = factories.PersonFactory(email="*****@*****.**") factories.AccessControlListFactory(ac_role=auditor_role, object=audit, person=another_user_4) self.assertEqual( AccessControlList.query.filter_by(ac_role_id=auditor_role.id, object_type="Audit", object_id=audit.id).count(), 4, "Auditors not present") self.assertEqual( AccessControlList.query.filter_by(ac_role_id=auditor_role.id, object_type="Audit", object_id=audit_copy.id).count(), 3, "Auditors not present on copy")
def test_acl_no_reindex_snapshots(self): """Test that snapshot reindex is not happened for acl where person has the same role for different kind of objects.""" product_admin = all_models.AccessControlRole.query.filter_by( object_type="Product", name="Admin" ).first() system_admin = all_models.AccessControlRole.query.filter_by( object_type="System", name="Admin" ).first() with factories.single_commit(): person = factories.PersonFactory(name="Test Name") system = factories.SystemFactory() audit = factories.AuditFactory() factories.AccessControlListFactory( ac_role=product_admin, object=system, person=person, ) system_role = factories.AccessControlListFactory( ac_role=system_admin, object=system, person=person, ) audit_id = audit.id system_id = system.id system_role_name = system_role.ac_role.name person_id = person.id person_name = person.name person_email = person.email revision = all_models.Revision.query.filter( all_models.Revision.resource_id == system.id, all_models.Revision.resource_type == system.type ).one() revision.content = system.log_json() db.session.add(revision) db.session.commit() self._create_snapshots(audit, [system]) self.client.post("/admin/reindex_snapshots") snapshot = all_models.Snapshot.query.filter( all_models.Snapshot.parent_id == audit_id, all_models.Snapshot.parent_type == 'Audit', all_models.Snapshot.child_id == system_id, all_models.Snapshot.child_type == 'System', ).one() self.assert_indexed_fields(snapshot, system_role_name, { "{}-email".format(person_id): person_email, "{}-name".format(person_id): person_name, "__sort__": person_email, })
def setUp(self): super(TestCTGOT, self).setUp() self.api = api_helper.Api() with factories.single_commit(): assignee_1 = factories.PersonFactory(email=self.TASK_ASSIGNEE_1) assignee_2 = factories.PersonFactory(email=self.TASK_ASSIGNEE_2) workflow_admin = factories.PersonFactory(email=self.WORKFLOW_ADMIN) nobody = factories.PersonFactory(email=self.NOBODY) reader_role = all_models.Role.query.filter_by(name="Reader").one() for person in [assignee_1, assignee_2, workflow_admin, nobody]: bp_factories.UserRoleFactory(person=person, role=reader_role, context=None) workflow = wf_factories.WorkflowFactory() taskgroup = wf_factories.TaskGroupFactory(workflow=workflow) task_1 = wf_factories.TaskGroupTaskFactory(task_group=taskgroup) task_2 = wf_factories.TaskGroupTaskFactory(task_group=taskgroup) task_role = all_models.AccessControlRole.query.filter( all_models.AccessControlRole.name == "Task Assignees", all_models.AccessControlRole.object_type == task_1.type, ).one() factories.AccessControlListFactory(ac_role=task_role, object=task_1, person=assignee_1) factories.AccessControlListFactory(ac_role=task_role, object=task_2, person=assignee_2) sec_assignee = factories.PersonFactory( email=self.TASK_SEC_ASSIGNEE) task_role = all_models.AccessControlRole.query.filter( all_models.AccessControlRole.name == "Task Secondary Assignees", all_models.AccessControlRole.object_type == task_1.type, ).one() factories.AccessControlListFactory(ac_role=task_role, object=task_1, person=sec_assignee) wf_admin_role = all_models.AccessControlRole.query.filter( all_models.AccessControlRole.name == "Admin", all_models.AccessControlRole.object_type == workflow.type, ).one() factories.AccessControlListFactory(ac_role=wf_admin_role, object=workflow, person=workflow_admin) generator = wf_generator.WorkflowsGenerator() self.cycle_id = generator.generate_cycle(workflow)[1].id generator.activate_workflow(workflow)
def create_audit(self, archived=False): """Create an audit object and fix the it's context""" audit = factories.AuditFactory(archived=archived) # Add auditor & program editor roles factories.AccessControlListFactory(ac_role=self.roles['auditors'], object=audit, person=self.users['auditor']) factories.AccessControlListFactory( ac_role=self.roles['program_editors'], object=audit, person=self.users['programeditor']) return audit
def test_assignee_deletion_unmap(self): """Test deletion of assignee roles when snapshot is unmapped.""" with factories.single_commit(): person = factories.PersonFactory() person_email = person.email audit = factories.AuditFactory() assessment = factories.AssessmentFactory(audit=audit) for ac_role_id in self.assignee_roles.values(): factories.AccessControlListFactory( ac_role_id=ac_role_id, person=person, object=assessment ) factories.RelationshipFactory(source=audit, destination=assessment) snapshot = self._create_snapshots(audit, [factories.ControlFactory()])[0] rel = factories.RelationshipFactory( source=assessment, destination=snapshot ) for ac_role in self.assignee_roles.keys(): self.assert_propagated_role( "{}".format(ac_role), person_email, snapshot ) response = self.api.delete(rel) self.assertEqual(response.status_code, 200) snap_acls = all_models.AccessControlList.query.filter_by( object_type="Snapshot" ) self.assertEqual(snap_acls.count(), 0)
def test_index_by_acr(self): """Test index by ACR.""" role_name = "Test name" with factories.single_commit(): acr = factories.AccessControlRoleFactory(name=role_name, object_type="Control") person = factories.PersonFactory(email="*****@*****.**", name='test') control = factories.ControlFactory() factories.AccessControlListFactory(ac_role=acr, person=person, object=control) revision = all_models.Revision.query.filter( all_models.Revision.resource_id == control.id, all_models.Revision.resource_type == control.type, ).one() revision.content = control.log_json() db.session.add(revision) with factories.single_commit(): snapshot = factories.SnapshotFactory(child_id=control.id, child_type=control.type, revision=revision) db.session.expire_all() person_id = person.id snapshot_id = snapshot.id self.client.post("/admin/full_reindex") person = all_models.Person.query.get(person_id) snapshot = all_models.Snapshot.query.get(snapshot_id) self.assert_indexed_fields( snapshot, role_name, { "{}-email".format(person.id): person.email, "{}-name".format(person.id): person.name, "__sort__": person.email, })
def test_single_acl_to_multiple(self, count): """Test propagation of single ACL entry to multiple children.""" with factories.single_commit(): person = factories.PersonFactory() program = factories.ProgramFactory() for i in range(count): audit = factories.AuditFactory(program=program) factories.RelationshipFactory( source=program if i % 2 == 0 else audit, destination=program if i % 2 == 1 else audit, ) acl_entry = factories.AccessControlListFactory( ac_role=self.roles["Program"]["Program Editors"], object=program, person=person, ) self.assertEqual(all_models.AccessControlList.query.count(), 1) child_ids = propagation._handle_acl_step([acl_entry.id]) self.assertEqual( all_models.AccessControlList.query.count(), # 1 original ACL entry, 2*count for objects+relationships 1 + count * 2) self.assertEqual( db.session.execute(child_ids.alias("counts").count()).scalar(), count, )
def test_index_deleted_acr(self): """Test index by removed ACR.""" role_name = "Test name" with factories.single_commit(): acr = factories.AccessControlRoleFactory(name=role_name, object_type="Control") person = factories.PersonFactory(email="*****@*****.**", name='test') control = factories.ControlFactory() factories.AccessControlListFactory(ac_role=acr, person=person, object=control) revision = all_models.Revision.query.filter( all_models.Revision.resource_id == control.id, all_models.Revision.resource_type == control.type, ).one() revision.content = control.log_json() db.session.add(revision) with factories.single_commit(): snapshot = factories.SnapshotFactory(child_id=control.id, child_type=control.type, revision=revision) db.session.expire_all() db.session.delete(acr) db.session.commit() snapshot_id = snapshot.id self.client.post("/admin/full_reindex") snapshot = all_models.Snapshot.query.get(snapshot_id) all_found_records = dict( Record.query.filter(Record.key == snapshot.id, Record.type == snapshot.type, Record.property == role_name.lower()).values( "subproperty", "content")) self.assertFalse(all_found_records)
def test_propagation_conflict(self): """Test propagation conflicts When we create a new acl entry and a new relationship in the same commit some roles would be propagated twice and would cause unique constraint errors. This test checks for the most basic such scenario. """ with factories.single_commit(): person = factories.PersonFactory() audit = factories.AuditFactory() relationship = factories.RelationshipFactory( source=audit, destination=audit.program, ) acl_entry = factories.AccessControlListFactory( ac_role=self.roles["Program"]["Program Editors"], object=audit.program, person=person, ) with app.app.app_context(): flask.g.new_acl_ids = {acl_entry.id} flask.g.new_relationship_ids = {relationship.id} flask.g.deleted_objects = set() propagation.propagate() db.session.commit() self.assertEqual(all_models.AccessControlList.query.count(), 3)
def test_acl_roles_clear(self): """Test clearing ACL roles for Program with '--' value""" with factories.single_commit(): program = factories.ProgramFactory() for role in [ "Program Editors", "Program Editors", "Program Readers" ]: person = factories.PersonFactory() ac_role = models.all_models.AccessControlRole.query.filter_by( object_type=program.type, name=role, ).first() factories.AccessControlListFactory( ac_role=ac_role, object=program, person=person, ) for role in {"Program Editors", "Program Readers"}: response = self.import_data( OrderedDict([ ("object_type", program.type), ("code", program.slug), (role, "--"), ])) self._check_csv_response(response, {}) program = models.all_models.Program.query.first() for acl in program.access_control_list: self.assertNotEqual(acl.ac_role.name, role)
def test_partial_acl_to_multiple(self, partial_count): """Test propagating only a few acl entries to multiple objects.""" audit_count = 3 people_count = 4 program_roles = ["Program Editors", "Program Readers"] with factories.single_commit(): people = [factories.PersonFactory() for _ in range(people_count)] program = factories.ProgramFactory() for i in range(audit_count): audit = factories.AuditFactory(program=program) factories.RelationshipFactory( source=program if i % 2 == 0 else audit, destination=program if i % 2 == 1 else audit, ) acl_ids = [] for person in people: for role_name in program_roles: acl_ids.append( factories.AccessControlListFactory( ac_role=self.roles["Program"][role_name], object=program, person=person, ).id, ) self.assertEqual(all_models.AccessControlList.query.count(), people_count * len(program_roles)) propagate_acl_ids = acl_ids[:partial_count] child_ids = propagation._handle_acl_step(propagate_acl_ids) self.assertEqual( all_models.AccessControlList.query.count(), len(acl_ids) + len(propagate_acl_ids) * audit_count * 2) self.assertEqual( db.session.execute(child_ids.alias("counts").count()).scalar(), audit_count * len(propagate_acl_ids))
def create_assignees(cls, obj, persons): """Create assignees for object. This is used only during object creation because we cannot create assignees at that point yet. Args: obj: Assignable object. persons: [("(string) email", "Assignee roles"), ...] A list of people and their roles Returns: [(person, acr_role), ...] A list of persons with their roles. """ from ggrc.access_control.role import get_custom_roles_for ac_roles = { acr_name: acr_id for acr_id, acr_name in get_custom_roles_for(obj.type).items() } assignees = [] with factories.single_commit(): for person, roles in persons: person = factories.PersonFactory(email=person) for role in roles.split(","): factories.AccessControlListFactory( person=person, ac_role_id=ac_roles[role], object=obj ) assignees.append((person, role)) return assignees
def test_no_reindex_acr_for_diff_obj(self, logger): """Test that no reindex records appear if acl is populated with other's obj role.""" product_admin = all_models.AccessControlRole.query.filter_by( object_type="Product", name="Admin").first() with factories.single_commit(): person = factories.PersonFactory(name="Test Name") system = factories.SystemFactory() audit = factories.AuditFactory() factories.AccessControlListFactory( ac_role=product_admin, object=system, person=person, ) system_id = system.id revision = all_models.Revision.query.filter( all_models.Revision.resource_id == system.id, all_models.Revision.resource_type == system.type).one() revision.content = system.log_json() db.session.add(revision) db.session.commit() self._create_snapshots(audit, [system]) fulltext_records = Record.query.filter( Record.key == system_id, Record.type == "System", Record.property == "Admin", ).all() self.assertEqual(len(fulltext_records), 0) logger.warning.assert_called_once_with( "Reindex: role %s, id %s is skipped for %s, id %s, " "because it relates to %s", product_admin.name, product_admin.id, system.__class__.__name__, system.id, product_admin.object_type)
def test_mapped_regulations_acl(self): """Test creation of acl roles for Regulations and Objective snapshots.""" with factories.single_commit(): person = factories.PersonFactory() person_email = person.email audit = factories.AuditFactory() assessment = factories.AssessmentFactory(audit=audit) for ac_role_id in self.assignee_roles.values(): factories.AccessControlListFactory( ac_role_id=ac_role_id, person=person, object=assessment ) factories.RelationshipFactory(source=audit, destination=assessment) control = factories.ControlFactory() objective = factories.ObjectiveFactory() regulation = factories.RegulationFactory() snapshots = self._create_snapshots( audit, [control, objective, regulation] ) factories.RelationshipFactory( source=snapshots[0], destination=snapshots[1] ) factories.RelationshipFactory( source=snapshots[2], destination=snapshots[0] ) factories.RelationshipFactory( source=assessment, destination=snapshots[0] ) for role in ["Assignees", "Creators", "Verifiers"]: for snapshot in snapshots: # Mapped Assignee roles should be created for all snapshots, not only # for control that related to assessment self.assert_propagated_role(role, person_email, snapshot)
def test_no_reindex_acr_for_same_obj(self): """Test that reindex records appear if acl is populated with current obj's role.""" system_admin = all_models.AccessControlRole.query.filter_by( object_type="System", name="Admin").first() with factories.single_commit(): person = factories.PersonFactory(name="Test Name") system = factories.SystemFactory() audit = factories.AuditFactory() system_role = factories.AccessControlListFactory( ac_role=system_admin, object=system, person=person, ) system_role_name = system_role.ac_role.name person_id = person.id person_name = person.name person_email = person.email revision = all_models.Revision.query.filter( all_models.Revision.resource_id == system.id, all_models.Revision.resource_type == system.type).one() revision.content = system.log_json() db.session.add(revision) db.session.commit() self._create_snapshots(audit, [system]) self.assert_indexed_fields( system, system_role_name, { "{}-email".format(person_id): person_email, "{}-name".format(person_id): person_name, "__sort__": person_email, })
def test_acl_people(self, my_work_flags, should_return): """Owned returns objects where person has role with my_work set.""" with factories.single_commit(): for my_work in my_work_flags: role = factories.AccessControlRoleFactory( object_type="Control", my_work=my_work) factories.AccessControlListFactory( ac_role=role, person=self.person, object=self.control, ) control_id = self.control.id ids = self._get_first_result_set( { "object_name": "Control", "type": "ids", "filters": { "expression": { "object_name": "Person", "op": { "name": "owned" }, "ids": [self.person.id] } } }, "Control", "ids") if should_return: self.assertEqual(ids, [control_id]) else: self.assertEqual(ids, [])
def test_autogenerated_no_tmpl(self): """Test autogenerated assessment without template .""" auditors = ["*****@*****.**", "*****@*****.**"] prince_assignees = ["*****@*****.**", "*****@*****.**"] with factories.single_commit(): self.generate_acls(auditors, self.auditor_role) ac_role_id = all_models.AccessControlRole.query.filter_by( name="Principal Assignees", object_type=self.snapshot.child_type, ).first().id users = [factories.PersonFactory(email=e) for e in prince_assignees] for user in users: factories.AccessControlListFactory( person=user, object_id=self.snapshot.child_id, object_type=self.snapshot.child_type, ac_role_id=ac_role_id, ) self.snapshot.revision.content = self.control.log_json() db.session.add(self.snapshot.revision) response = self.assessment_post() self.assert_assignees("Assignees", response, *prince_assignees) self.assert_assignees("Verifiers", response, *auditors) self.assert_assignees("Creators", response, "*****@*****.**")
def test_deletion_mapped_roles(self): """Test deletion of mapped roles.""" with factories.single_commit(): person = factories.PersonFactory() person_email = person.email audit = factories.AuditFactory() assessment = factories.AssessmentFactory(audit=audit) for ac_role_id in self.assignee_roles.values(): factories.AccessControlListFactory( ac_role_id=ac_role_id, person=person, object=assessment ) factories.RelationshipFactory(source=audit, destination=assessment) # Remove verifier and assignee from Assessment response = self.api.put(assessment, { "access_control_list": [ acl_helper.get_acl_json(self.assignee_roles["Creators"], person.id) ] }) self.assertEqual(response.status_code, 200) db.session.add(audit) self.assert_mapped_role("Creators", person_email, assessment) self.assert_propagated_role("Creators", person_email, audit)
def create_ac_roles(cls, obj, person_id, role_name="Admin"): """Create access control roles""" ac_role = models.AccessControlRole.query.filter_by( object_type=obj.type, name=role_name).first() factories.AccessControlListFactory(ac_role=ac_role, object=obj, person_id=person_id)
def test_mapped_roles_saving(self): """Test that removing roles for one assessment will not touch second""" with factories.single_commit(): person = factories.PersonFactory() person_email = person.email audit = factories.AuditFactory() assessments = [ factories.AssessmentFactory(audit=audit) for _ in range(2) ] snapshot = self._create_snapshots(audit, [factories.ControlFactory()])[0] snapshot_id = snapshot.id snap_rels = [] for assessment in assessments: for ac_role_id in self.assignee_roles.values(): factories.AccessControlListFactory( ac_role_id=ac_role_id, person=person, object=assessment ) factories.RelationshipFactory(source=audit, destination=assessment) snap_rels.append(factories.RelationshipFactory( source=assessment, destination=snapshot )) response = self.api.delete(snap_rels[0]) self.assertEqual(response.status_code, 200) snapshot = all_models.Snapshot.query.get(snapshot_id) for ac_role in self.assignee_roles.keys(): self.assert_propagated_role( "{}".format(ac_role), person_email, snapshot )
def test_old_comments(self): """Test if notifications will be sent for mix of old and new comments""" cur_user = all_models.Person.query.filter_by( email="*****@*****.**").first() assigee_role_id = { v: k for k, v in get_custom_roles_for("Assessment").items() }["Assignees"] with factories.single_commit(): assessment = factories.AssessmentFactory() factories.AccessControlListFactory(ac_role_id=assigee_role_id, person=cur_user, object=assessment) with freeze_time("2015-04-01 17:13:10"): self.generator.generate_comment(assessment, "", "some comment1", send_notification="true") self.generator.generate_comment(assessment, "", "some comment2", send_notification="true") response = self.client.get("/_notifications/show_pending") for comment in ["some comment1", "some comment2"]: self.assertIn( comment, response.data, "Information about comment '{}' absent in report".format( comment))
def test_audit_roles_saving(self): """Test that snapshot unmapping will not affect audit""" with factories.single_commit(): person = factories.PersonFactory() person_email = person.email audit = factories.AuditFactory() assessment = factories.AssessmentFactory(audit=audit) snapshot = self._create_snapshots(audit, [factories.ControlFactory()])[0] for ac_role_id in self.assignee_roles.values(): factories.AccessControlListFactory( ac_role_id=ac_role_id, person=person, object=assessment ) factories.RelationshipFactory(source=audit, destination=assessment) snap_rel = factories.RelationshipFactory( source=assessment, destination=snapshot ) response = self.api.delete(snap_rel) self.assertEqual(response.status_code, 200) db.session.add(audit) for ac_role in self.assignee_roles.keys(): self.assert_propagated_role( "{}".format(ac_role), person_email, audit )