def generate_tasks_for_cycle(group_count, task_count): """generate number of task groups and task for current task group""" role_names = ("Task Assignees", "Task Secondary Assignees") results = {} with ggrc_factories.single_commit(): workflow = factories.WorkflowFactory() cycle = factories.CycleFactory(workflow=workflow) task_group = factories.TaskGroupFactory(workflow=workflow) for idx in range(group_count): person = ggrc_factories.PersonFactory( name="user for group {}".format(idx)) cycle_task_group = factories.CycleTaskGroupFactory( cycle=cycle, contact=person) for _ in range(task_count): task_group_task = factories.TaskGroupTaskFactory( task_group=task_group) for r_name in role_names: ggrc_factories.AccessControlPersonFactory( ac_list=task_group_task.acr_name_acl_map[r_name], person=person, ) task = factories.CycleTaskGroupObjectTaskFactory( cycle=cycle, cycle_task_group=cycle_task_group, task_group_task=task_group_task) for r_name in role_names: ggrc_factories.AccessControlPersonFactory( person=person, ac_list=task.acr_name_acl_map[r_name], ) results[task.id] = cycle_task_group.slug return results
def _create_assessments(self, audit, types, offset=1): """Create one assessment for each assessment type in a given audit.""" user = models.Person.query.first() for i, type_ in enumerate(types): assessment = self._create_obj( factories.AssessmentFactory, "Assessment {}".format(i + offset), audit=audit, assessment_type=type_, ) if i % 2 == 0: factories.RelationshipFactory(source=audit, destination=assessment) else: factories.RelationshipFactory(source=assessment, destination=audit) factories.AccessControlPersonFactory( ac_list=assessment.acr_name_acl_map["Assignees"], person=user, ) factories.AccessControlPersonFactory( ac_list=assessment.acr_name_acl_map["Creators"], person=user, )
def setUp(self): super(TestRelevant, self).setUp() self.client.get("/login") with factories.single_commit(): assessment = factories.AssessmentFactory() factories.RelationshipFactory( source=assessment.audit, destination=assessment, ) people = {} for person in self.PEOPLE: people[person[0]] = factories.PersonFactory(email=person[1]) # Correct roles and propagation for a given assessment factories.AccessControlPersonFactory( ac_list=assessment.acr_name_acl_map["Assignees"], person=people["assignee"], ) factories.AccessControlPersonFactory( ac_list=assessment.audit.acr_name_acl_map["Auditors"], person=people["auditor"], ) factories.AccessControlPersonFactory( ac_list=assessment.audit.program. acr_name_acl_map["Program Editors"], person=people["program_editor"], )
def test_program_read_as_creator(self, program_role): """Test access to proposal for program reader/editor as Creator role""" with factories.single_commit(): program = factories.ProgramFactory() program_manager = factories.PersonFactory() factories.AccessControlPersonFactory( ac_list=program.acr_name_acl_map["Program Managers"], person=program_manager, ) program_id = program.id # make query to create proposal by program_manager self.api.set_user(program_manager) self.client.get("/login") acr_class = all_models.AccessControlRole acr = acr_class.query.filter( acr_class.name == 'ProposalEditor', acr_class.object_type == 'Proposal').one() create_data = self._get_create_proposal_request( program_id, acr.id, program_manager.id) self.api.post(all_models.Proposal, create_data) query_data = _get_query_proposal_request(program_id) headers = { "Content-Type": "application/json", } resp = self.api.client.post("/query", data=json.dumps(query_data), headers=headers).json self.assertEqual(1, len(resp)) self.assertEqual(resp[0]["Proposal"]["count"], 1) role_creator = all_models.Role.query.filter( all_models.Role.name == "Creator").one() # make query to check proposals by Creator role person with factories.single_commit(): person = factories.PersonFactory() rbac_factories.UserRoleFactory(role=role_creator, person=person) factories.AccessControlPersonFactory( ac_list=program.acr_name_acl_map[program_role], person=person, ) self.api.set_user(person) self.client.get("/login") query_data = _get_query_proposal_request(program_id) headers = { "Content-Type": "application/json", } resp = self.api.client.post("/query", data=json.dumps(query_data), headers=headers).json self.assertEqual(1, len(resp)) self.assertEqual(resp[0]["Proposal"]["count"], 1)
def setUp(self): super(TestRevisionHistory, self).setUp() self.api = Api() roles = {r.name: r for r in all_models.Role.query.all()} with factories.single_commit(): factories.AccessControlRoleFactory( name="ACL_Reader", object_type="Control", update=0, ) factories.AccessControlRoleFactory( name="ACL_Editor", object_type="Control" ), with factories.single_commit(): self.control = factories.ControlFactory() self.program = factories.ProgramFactory() self.program.context.related_object = self.program self.relationship = factories.RelationshipFactory( source=self.program, destination=self.control, context=self.program.context, ) self.people = { "Creator": factories.PersonFactory(), "Reader": factories.PersonFactory(), "Editor": factories.PersonFactory(), "Administrator": factories.PersonFactory(), "ACL_Reader": factories.PersonFactory(), "ACL_Editor": factories.PersonFactory(), "Program Editors": factories.PersonFactory(), "Program Managers": factories.PersonFactory(), "Program Readers": factories.PersonFactory(), } for role_name in ["Creator", "Reader", "Editor", "Administrator"]: rbac_factories.UserRoleFactory(role=roles[role_name], person=self.people[role_name]) for role_name in ["Program Editors", "Program Managers", "Program Readers"]: person = self.people[role_name] rbac_factories.UserRoleFactory(role=roles["Creator"], person=person) factories.AccessControlPersonFactory( ac_list=self.program.acr_name_acl_map[role_name], person=self.people[role_name], ) with factories.single_commit(): for role_name in ["ACL_Reader", "ACL_Editor"]: rbac_factories.UserRoleFactory(role=roles["Creator"], person=self.people[role_name]) factories.AccessControlPersonFactory( ac_list=self.control.acr_name_acl_map[role_name], person=self.people[role_name], )
def create_assignees(cls, obj, persons): """Create assignees for object. This is used only during object creation because we cannot create assignees at that point yet. Args: obj: Assignable object. persons: [("(string) email", "Assignee roles"), ...] A list of people and their roles Returns: [(person, acr_role), ...] A list of persons with their roles. """ assignees = [] with factories.single_commit(): for person, roles in persons: person = factories.PersonFactory(email=person) for role in roles.split(","): factories.AccessControlPersonFactory( ac_list=obj.acr_name_acl_map[role], person=person, ) assignees.append((person, role)) return assignees
def test_update_with_wrong_acl(self): """Test update of object with wrong ACR in ACL.""" with factories.single_commit(): control = factories.ControlFactory() control_id = control.id person = factories.PersonFactory() person_id = person.id factories.AccessControlPersonFactory( ac_list=control.acr_name_acl_map["Admin"], person=person, ) response = self.api.put( control, { "access_control_list": [{ "ac_role_id": self.objective_admin_acr_id, "person": { "type": "Person", "id": person_id, } }] }) self.assert400(response) acls = all_models.AccessControlList.query.filter_by( object_type="Control", object_id=control_id) for acl in acls: acl_obj_type = acl.object_type acr_obj_type = acl.ac_role.object_type self.assertEqual(acl_obj_type, acr_obj_type)
def test_custom_role(self, url, role_name, role_read, role_update, role_delete, expected_status): """Test {0} for user with custom role {1}""" # pylint: disable=too-many-arguments role_creator = all_models.Role.query.filter( all_models.Role.name == "Creator").one() factories.AccessControlRoleFactory(name=role_name, object_type="Product", read=role_read, update=role_update, delete=role_delete) with factories.single_commit(): obj = factories.ProductFactory(folder="a") person = factories.PersonFactory() rbac_factories.UserRoleFactory(role=role_creator, person=person) factories.AccessControlPersonFactory( ac_list=obj.acr_name_acl_map[role_name], person=person, ) obj_id = obj.id person_id = person.id self.api.set_user(all_models.Person.query.get(person_id)) response = self.api.client.post(url, content_type="application/json", data=self._get_request_data( 'Product', obj_id, folder="a")) self.assertStatus(response, expected_status)
def test_export_deleted_acr(self): """Test exporting snapshots with ACL entries for deleted ACRs.""" # pylint: disable=too-many-locals ac_role = factories.AccessControlRoleFactory( object_type="Control", name="Custom Role", ) with factories.single_commit(): # Create one more custom role control = factories.ControlFactory(slug="Control 1") person = factories.PersonFactory() factories.AccessControlPersonFactory( ac_list=control.acr_acl_map[ac_role], person=person, ) audit = factories.AuditFactory() # pylint: disable=protected-access # This is used to update control revision data with the new ACL entry # without making a put request to that control. factories.ModelFactory._log_event(control) self._create_snapshots(audit, [control]) db.session.delete(ac_role) db.session.commit() parsed_data = self.export_parsed_csv( self.search_request)["Control Snapshot"][0] self.assertNotIn("Custom Role", parsed_data)
def test_remove_related_forbidden_for_system_roles(self, role, system_role): """Test system roles are not allowed to delete related evidence""" asmt_id = self.asmt.id with factories.single_commit(): self._prepare_mandatory_evidence_cad() factories.RelationshipFactory( source=self.asmt, destination=self.evidence, ) person = factories.PersonFactory() creator_role = all_models.Role.query.filter( all_models.Role.name == system_role).one() rbac_factories.UserRoleFactory(role=creator_role, person=person) factories.AccessControlPersonFactory( ac_list=self.asmt.acr_name_acl_map[role], person=person, ) evid_id = self.evidence.id self.api.set_user(person) response = self.api.put(all_models.Assessment.query.get(asmt_id), { "actions": { "remove_related": [{ "id": evid_id, "type": "Evidence" }] }, }) self.assert403(response) evidence = all_models.Evidence.query.get(evid_id) self.assertIsNotNone(evidence)
def test_label_in_new_tab(self): """Test labels created by global creator in new tab""" with factories.single_commit(): role = "Creator" role_name = "Creators" person = factories.PersonFactory() creator_role = all_models.Role.query.filter( all_models.Role.name == role).one() rbac_factories.UserRoleFactory(role=creator_role, person=person) self.api.set_user(person) with factories.single_commit(): assessment = factories.AssessmentFactory() factories.AccessControlPersonFactory( ac_list=assessment.acr_name_acl_map[role_name], person=person, ) label_name = "Test Label" response = self.api.put( assessment, {'labels': [{ 'name': label_name, 'id': None, 'type': 'Label' }]}) self.assert200(response) response = self.api.get(assessment, assessment.id) self.assert200(response) labels = response.json['assessment']['labels'] self.assertEqual(len(labels), 1) self.assertEqual(labels[0]['name'], label_name)
def map_created_control(self): """Map Control that was created by user to Cycle Task.""" task_group = all_models.TaskGroup.query.get(self.task_group_id) with factories.single_commit(): control = factories.ControlFactory() for acl in control._access_control_list: if acl.ac_role_id == self.admin_control_id: factories.AccessControlPersonFactory( person_id=self.user_id, ac_list=acl, ) return self.api.post( all_models.TaskGroupObject, { "task_group_object": { "context": None, "object": { "id": control.id, "type": "Control", }, "task_group": { "id": task_group.id, "type": "TaskGroup", }, } })
def test_old_comments(self): """Test if notifications will be sent for mix of old and new comments""" cur_user = all_models.Person.query.filter_by( email="*****@*****.**").first() with factories.single_commit(): assessment = factories.AssessmentFactory() factories.AccessControlPersonFactory( ac_list=assessment.acr_name_acl_map["Assignees"], person=cur_user, ) with freeze_time("2015-04-01 17:13:10"): self.generator.generate_comment(assessment, "", "some comment1", send_notification="true") self.generator.generate_comment(assessment, "", "some comment2", send_notification="true") response = self.client.get("/_notifications/show_pending") for comment in ["some comment1", "some comment2"]: self.assertIn( comment, response.data, "Information about comment '{}' absent in report".format( comment))
def test_generation_allowed_for_assmts(self, status): """Test ticket generation allowed for Assessment in {} status""" with factories.single_commit(): audit = factories.AuditFactory() factories.IssueTrackerIssueFactory( issue_tracked_obj=audit, enabled=True, ) assmt = factories.AssessmentFactory(status=status, audit=audit) person = factories.PersonFactory() factories.AccessControlPersonFactory( ac_list=assmt.acr_name_acl_map["Verifiers"], person=person, ) factories.IssueTrackerIssueFactory( issue_tracked_obj=assmt, enabled=False, issue_id=None, ) response = self.import_data(OrderedDict([ ("object_type", "Assessment"), ("Code*", assmt.slug), ("Ticket Tracker Integration", "On"), ])) self._check_csv_response(response, {}) assmt = all_models.Assessment.query.one() self.assertTrue(assmt.issue_tracker["enabled"]) self.mock_create_issue.assert_called_once()
def test_index_by_acr(self): """Test index by ACR.""" role_name = "Test name" factories.AccessControlRoleFactory(name=role_name, object_type="Control") with factories.single_commit(): person = factories.PersonFactory(email="*****@*****.**", name='test') control = factories.ControlFactory() factories.AccessControlPersonFactory( ac_list=control.acr_name_acl_map[role_name], person=person, ) revision = all_models.Revision.query.filter( all_models.Revision.resource_id == control.id, all_models.Revision.resource_type == control.type, ).one() revision.content = control.log_json() db.session.add(revision) with factories.single_commit(): snapshot = factories.SnapshotFactory( child_id=control.id, child_type=control.type, revision=revision) db.session.expire_all() person_id = person.id snapshot_id = snapshot.id self.client.post("/admin/full_reindex") person = all_models.Person.query.get(person_id) snapshot = all_models.Snapshot.query.get(snapshot_id) self.assert_indexed_fields(snapshot, role_name, { "{}-email".format(person.id): person.email, "{}-name".format(person.id): person.name, "__sort__": person.email, })
def test_person_relevant(self, acr_name, acr_obj_resolver, email, expected_count): """Check that only assessment roles can see relevant assessments""" with factories.single_commit(): assessment = factories.AssessmentFactory() factories.RelationshipFactory( source=assessment.audit, destination=assessment, ) person = factories.PersonFactory(email=email) factories.AccessControlPersonFactory( ac_list=acr_obj_resolver( assessment).acr_name_acl_map[acr_name], person=person, ) ids = self._get_first_result_set( self._make_relevant_filter( target_type="Assessment", relevant_obj=person, ), "Assessment", "ids", ) self.assertEqual( len(ids), expected_count, "Invalid relevant assessments count ({} instead of {}) for {}.". format( len(ids), expected_count, acr_name, ))
def test_mandatory_delete(self, mandatory, exp_response): """Test set empty field via import if acr mandatory is {mandatory}""" role = factories.AccessControlRoleFactory( name=ROLE_NAME, object_type="Program", mandatory=mandatory, ) with factories.single_commit(): user = factories.PersonFactory() program = factories.ProgramFactory() role_id = role.id factories.AccessControlPersonFactory( ac_list=program.acr_name_acl_map[ROLE_NAME], person=user, ) response = self.import_data( OrderedDict([ ("object_type", "Program"), ("Code*", program.slug), (ROLE_NAME, "--"), ])) self._check_csv_response(response, exp_response) db_data = defaultdict(set) program = all_models.Program.query.get(program.id) for person, acl in program.access_control_list: db_data[acl.ac_role_id].add(person.id) if mandatory: cur_user = all_models.Person.query.filter_by( email="*****@*****.**").first() self.assertEqual(set([cur_user.id]), db_data[role_id]) else: self.assertFalse(db_data[role_id])
def test_partially_rights(self): """Test generation if user has rights on part of Assessments.""" audit_id, assessment_ids = self.setup_assessments(3) changed_asmnt_id = assessment_ids[0] norights_asmnt_ids = assessment_ids[1:] _, assignee_user = self.gen.generate_person(user_role="Creator") audit_role = factories.AccessControlRoleFactory(name="Edit Role", object_type="Audit", update=True) with factories.single_commit(): assessment = all_models.Assessment.query.get(changed_asmnt_id) assessment.add_person_with_role_name(assignee_user, "Creators") acl = factories.AccessControlListFactory( object_id=audit_id, object_type="Audit", ac_role_id=audit_role.id, ) factories.AccessControlPersonFactory( person=assignee_user, ac_list=acl, ) self.api.set_user(assignee_user) response = self.generate_children_issues_for("Audit", audit_id, "Assessment") self.assert200(response) self.assert_children_asmnt_issues([changed_asmnt_id]) self.assert_not_updated("Assessment", norights_asmnt_ids)
def test_no_reindex_acr_for_same_obj(self): """Test that reindex records appear if acl is populated with current obj's role.""" system_role_name = "Admin" with factories.single_commit(): person = factories.PersonFactory(name="Test Name") system = factories.SystemFactory() audit = factories.AuditFactory() factories.AccessControlPersonFactory( ac_list=system.acr_name_acl_map[system_role_name], person=person, ) person_id = person.id person_name = person.name person_email = person.email revision = all_models.Revision.query.filter( all_models.Revision.resource_id == system.id, all_models.Revision.resource_type == system.type ).one() revision.content = system.log_json() db.session.add(revision) db.session.commit() self._create_snapshots(audit, [system]) self.assert_indexed_fields(system, system_role_name, { "{}-email".format(person_id): person_email, "{}-name".format(person_id): person_name, "__sort__": person_email, })
def test_acl_roles_clear(self): """Test clearing ACL roles for Program with '--' value""" with factories.single_commit(): program = factories.ProgramFactory() for role in [ "Program Editors", "Program Editors", "Program Readers" ]: person = factories.PersonFactory() acl = program.acr_name_acl_map[role] factories.AccessControlPersonFactory( ac_list=acl, person=person, ) for role in {"Program Editors", "Program Readers"}: response = self.import_data( OrderedDict([ ("object_type", program.type), ("code", program.slug), (role, "--"), ])) self._check_csv_response(response, {}) program = models.all_models.Program.query.first() for _, acl in program.access_control_list: self.assertNotEqual(acl.ac_role.name, role)
def create_audit(self, archived=False): """Create an audit object and fix the it's context""" audit = factories.AuditFactory(archived=archived) factories.RelationshipFactory( source=audit, destination=audit.program, ) # Add auditor & program editor roles factories.AccessControlPersonFactory( ac_list=audit.acr_name_acl_map["Auditors"], person=self.users['auditor'], ) factories.AccessControlPersonFactory( ac_list=audit.program.acr_name_acl_map["Program Editors"], person=self.users['programeditor']) return audit
def test_cc_list_during_link(self, update_mock): """Test assessment linking functionality sync appropriate cc list""" with factories.single_commit(): audit = factories.AuditFactory() reporter = factories.PersonFactory(email="*****@*****.**") audit.add_person_with_role_name( reporter, "Audit Captains", ) factories.IssueTrackerIssueFactory( enabled=True, issue_tracked_obj=audit ) assmt = factories.AssessmentFactory(audit=audit) iti = factories.IssueTrackerIssueFactory( enabled=True, issue_id=TICKET_ID, issue_tracked_obj=assmt, ) user = factories.PersonFactory(email="*****@*****.**") factories.AccessControlPersonFactory( ac_list=assmt.acr_name_acl_map["Assignees"], person=user, ) user = factories.PersonFactory(email="*****@*****.**") factories.AccessControlPersonFactory( ac_list=assmt.acr_name_acl_map["Assignees"], person=user, ) new_ticket_id = TICKET_ID + 1 new_data = {"issue_id": new_ticket_id} issue_request_payload = self.put_request_payload_builder(new_data) new_data["ccs"] = ["*****@*****.**", "*****@*****.**"] response_payload = self.response_payload_builder(new_data) with mock.patch.object( assessment_integration.AssessmentTrackerHandler, '_is_tracker_enabled', return_value=True ): with mock.patch("ggrc.integrations.issues.Client.get_issue", return_value=response_payload) as get_mock: response = self.api.put(iti.issue_tracked_obj, issue_request_payload) get_mock.assert_called_once() self.assertEqual(set(update_mock.call_args_list[0][0][1]['ccs']), {"*****@*****.**", "*****@*****.**", "*****@*****.**", "*****@*****.**"}) self.assert200(response)
def test_proposal_delete_acl(self, roles, deleted): """Test delete acl proposal for ACRs with internal flags as {roles}.""" role_person_list = [] with factories.single_commit(): control = factories.ControlFactory(title="1") for idx, role_internal_flag in enumerate(roles): role = factories.AccessControlRoleFactory(name="role_{}".format(idx), object_type="Control", internal=role_internal_flag) person = factories.PersonFactory() role_person_list.append((role, person)) acl = factories.AccessControlListFactory( ac_role=role, object=control, ) factories.AccessControlPersonFactory( ac_list=acl, person=person, ) with factories.single_commit(): latest_revision = all_models.Revision.query.filter( all_models.Revision.resource_id == control.id, all_models.Revision.resource_type == control.type ).order_by( all_models.Revision.created_at.desc() ).first() latest_revision.content = control.log_json() control_id = control.id control_content = control.log_json() control_content["access_control_list"] = [] expected_result = {} for idx, (role, person) in enumerate(role_person_list): if deleted[idx]: expected_result[str(role.id)] = { "added": [], "deleted": [{"id": person.id, "email": person.email}], } resp = self.api.post( all_models.Proposal, {"proposal": { "instance": { "id": control.id, "type": control.type, }, # "content": {"123": 123}, "full_instance_content": control_content, "agenda": "delete access control roles", "context": None, }}) self.assertEqual(201, resp.status_code) control = all_models.Control.query.get(control_id) self.assertEqual(1, len(control.proposals)) self.assertIn("access_control_list", control.proposals[0].content) acl = control.proposals[0].content["access_control_list"] self.assertEqual(expected_result, acl) self.assertEqual(1, len(control.comments))
def set_up_acl_object(self): """Set up a control with an access control role that grants RUD""" self.all_acr = factories.AccessControlRoleFactory( object_type="Control", read=True, update=True, delete=True) self.control = factories.ControlFactory() for name in ["Creator", "Reader", "Editor"]: factories.AccessControlPersonFactory( ac_list=self.control.acr_acl_map[self.all_acr], person=self.people.get(name))
def assign_person(object_, acr, person_id): """Assign person to object.""" # pylint: disable=protected-access for ac_list in object_._access_control_list: if ac_list.ac_role.name == acr.name and acr.object_type == object_.type: factories.AccessControlPersonFactory( person_id=person_id, ac_list=ac_list, )
def test_mapped_regulations_read(self): """Test if creators can CRUD mapped Regulations and Objective snapshots.""" self.api.set_user(self.people.get("Editor")) with factories.single_commit(): audit = factories.AuditFactory() assessment = factories.AssessmentFactory(audit=audit) factories.AccessControlPersonFactory( ac_list=assessment.acr_name_acl_map["Creators"], person=self.people.get("Editor"), ) factories.AccessControlPersonFactory( ac_list=assessment.acr_name_acl_map["Assignees"], person=self.people.get("Creator"), ) factories.RelationshipFactory(source=audit, destination=assessment) control = factories.ControlFactory() objective = factories.ObjectiveFactory() regulation = factories.RegulationFactory() snapshots = self._create_snapshots( audit, [control, objective, regulation]) for snapshot in snapshots: factories.RelationshipFactory(source=audit, destination=snapshot) factories.RelationshipFactory(source=snapshots[0], destination=snapshots[1]) factories.RelationshipFactory(source=snapshots[2], destination=snapshots[0]) factories.RelationshipFactory(source=assessment, destination=snapshots[0]) self.api.set_user(self.people.get("Creator")) for snapshot in snapshots: db.session.add(snapshot) response = self.api.get(type(snapshot), snapshot.id) self.assertEqual( response.status_code, 200, "Cannot GET mapped object. Received {}".format( response.status)) db.session.add(snapshot) response = self.api.delete(snapshot) self.assertEqual( response.status_code, 403, "Can DELETE mapped object. Received {}".format( response.status))
def _create_acl(role, obj, user): """Propagate acl for obj""" ac_role = all_models.AccessControlRole.query.filter( all_models.AccessControlRole.name == role, all_models.AccessControlRole.object_type == obj.__class__.__name__, ).one() factories.AccessControlPersonFactory( ac_list=obj.acr_acl_map[ac_role], person=user, )
def setUp(self): super(TestCTGOT, self).setUp() self.api = api_helper.Api() with factories.single_commit(): assignee_1 = factories.PersonFactory(email=self.TASK_ASSIGNEE_1) assignee_2 = factories.PersonFactory(email=self.TASK_ASSIGNEE_2) workflow_admin = factories.PersonFactory(email=self.WORKFLOW_ADMIN) nobody = factories.PersonFactory(email=self.NOBODY) reader_role = all_models.Role.query.filter_by(name="Reader").one() for person in [assignee_1, assignee_2, workflow_admin, nobody]: bp_factories.UserRoleFactory(person=person, role=reader_role, context=None) workflow = wf_factories.WorkflowFactory() taskgroup = wf_factories.TaskGroupFactory(workflow=workflow) task_1 = wf_factories.TaskGroupTaskFactory(task_group=taskgroup) task_2 = wf_factories.TaskGroupTaskFactory(task_group=taskgroup) factories.AccessControlPersonFactory( ac_list=task_1.acr_name_acl_map["Task Assignees"], person=assignee_1, ) factories.AccessControlPersonFactory( ac_list=task_2.acr_name_acl_map["Task Assignees"], person=assignee_2, ) sec_assignee = factories.PersonFactory( email=self.TASK_SEC_ASSIGNEE) factories.AccessControlPersonFactory( ac_list=task_1.acr_name_acl_map["Task Secondary Assignees"], person=sec_assignee, ) factories.AccessControlPersonFactory( ac_list=workflow.acr_name_acl_map["Admin"], person=workflow_admin, ) generator = wf_generator.WorkflowsGenerator() self.cycle_id = generator.generate_cycle(workflow)[1].id generator.activate_workflow(workflow)
def test_autogenerated_assignees_base_on_role(self, assessor_role, verifier_role): """Test autogenerated assessment assignees base on template settings.""" assessor = "*****@*****.**" verifier = "*****@*****.**" auditors = collections.defaultdict(list) with factories.single_commit(): self.audit.context = factories.ContextFactory() auditors[assessor_role].append( factories.PersonFactory(email=assessor)) if verifier_role is not None: auditors[verifier_role].append( factories.PersonFactory(email=verifier)) for role, people in auditors.iteritems(): ac_role = all_models.AccessControlRole.query.filter_by( name=role, object_type=self.snapshot.child_type, ).first() if not ac_role: ac_role = factories.AccessControlRoleFactory( name=role, object_type=self.snapshot.child_type, ) factories.AccessControlListFactory( ac_role=ac_role, object=self.control, # snapshot child ) db.session.commit() for user in people: factories.AccessControlPersonFactory( ac_list=self.control.acr_acl_map[ac_role], person=user, ) default_people = {"assignees": assessor_role} if verifier_role is not None: default_people["verifiers"] = verifier_role template = factories.AssessmentTemplateFactory( test_plan_procedure=False, procedure_description="Assessment Template Test Plan", default_people=default_people) self.snapshot.revision.content = self.control.log_json() db.session.add(self.snapshot.revision) response = self.assessment_post(template) if assessor_role == verifier_role: self.assert_assignees("Verifiers", response, assessor, verifier) self.assert_assignees("Assignees", response, assessor, verifier) elif verifier_role is None: self.assert_assignees("Verifiers", response) self.assert_assignees("Assignees", response, assessor) else: self.assert_assignees("Verifiers", response, verifier) self.assert_assignees("Assignees", response, assessor) self.assert_assignees("Creators", response, "*****@*****.**")
def generate_acls(self, users, role): """Helper method to generate audit acls for auditors/captains""" people = [] for user in users: person = factories.PersonFactory(email=user) people += [person] for person in people: factories.AccessControlPersonFactory( ac_list=self.audit.acr_acl_map[role], person=person, )