class TestIssue(TestCase):
""" Test Issue class. """
def setUp(self):
super(TestIssue, self).setUp()
self.api = Api()
with factories.single_commit():
audit = factories.AuditFactory()
for status in all_models.Issue.VALID_STATES:
factories.IssueFactory(audit=audit, status=status)
def test_filter_by_status(self):
"""Test Issue filtering by status."""
query_request_data = [{
'fields': [],
'filters': {
'expression': {
'left': {
'left': 'status',
'op': {
'name': '='
},
'right': 'Fixed'
},
'op': {
'name': 'OR'
},
'right': {
'left': 'status',
'op': {
'name': '='
},
'right': 'Fixed and Verified'
},
},
},
'object_name': 'Issue',
'permissions': 'read',
'type': 'values',
}]
response = self.api.send_request(self.api.client.post,
data=query_request_data,
api_link="/query")
self.assertEqual(response.status_code, 200)
statuses = {i["status"] for i in response.json[0]["Issue"]["values"]}
self.assertEqual(statuses, {"Fixed", "Fixed and Verified"})
class TestIssue(TestCase):
""" Test Issue class. """
def setUp(self):
super(TestIssue, self).setUp()
self.api = Api()
with factories.single_commit():
audit = factories.AuditFactory()
for status in all_models.Issue.VALID_STATES:
factories.IssueFactory(audit=audit, status=status)
def test_filter_by_status(self):
"""Test Issue filtering by status."""
query_request_data = [{
'fields': [],
'filters': {
'expression': {
'left': {
'left': 'status',
'op': {'name': '='},
'right': 'Fixed'
},
'op': {'name': 'OR'},
'right': {
'left': 'status',
'op': {'name': '='},
'right': 'Fixed and Verified'
},
},
},
'object_name': 'Issue',
'permissions': 'read',
'type': 'values',
}]
response = self.api.send_request(
self.api.client.post,
data=query_request_data,
api_link="/query"
)
self.assertEqual(response.status_code, 200)
statuses = {i["status"] for i in response.json[0]["Issue"]["values"]}
self.assertEqual(statuses, {"Fixed", "Fixed and Verified"})
class EvidenceRBACFactory(base.BaseRBACFactory):
"""Evidence RBAC factory class."""
def __init__(self, user_id, acr, parent=None):
"""Set up objects for Evidence permission tests.
Args:
user_id: Id of user under which all operations will be run.
acr: Instance of ACR that should be assigned for tested user.
parent: Model name in scope of which objects should be set up.
"""
self.setup_program_scope(user_id, acr)
with factories.single_commit():
evidence = factories.EvidenceUrlFactory()
if parent == "Audit":
self.mapping_id = factories.RelationshipFactory(
source=self.audit, destination=evidence).id
elif parent == "Assessment":
self.mapping_id = factories.RelationshipFactory(
source=self.assessment, destination=evidence).id
self.evidence_id = evidence.id
self.parent = parent
self.admin_acr_id = all_models.AccessControlRole.query.filter_by(
name="Admin",
object_type="Evidence",
).one().id
self.user_id = user_id
self.api = Api()
self.objgen = generator.ObjectGenerator()
self.objgen.api = self.api
if user_id:
user = all_models.Person.query.get(user_id)
self.api.set_user(user)
def create(self):
"""Create new Evidence object."""
result = self.api.post(
all_models.Evidence, {
"evidence": {
"access_control_list": [{
"ac_role_id": self.admin_acr_id,
"person": {
"id": self.user_id,
"type": "Person",
}
}],
"link":
factories.random_str(),
"title":
factories.random_str(),
"context":
None,
}
})
return result
def read(self):
"""Read existing Evidence object."""
res = self.api.get(all_models.Evidence, self.evidence_id)
return res
def update(self):
"""Update title of existing Evidence object."""
evidence = all_models.Evidence.query.get(self.evidence_id)
return self.api.put(evidence, {"title": factories.random_str()})
def delete(self):
"""Delete Evidence object."""
evidence = all_models.Evidence.query.get(self.evidence_id)
return self.api.delete(evidence)
def map(self, evidence=None):
"""Map Evidence to parent object."""
if self.parent == "Audit":
parent = all_models.Audit.query.get(self.audit_id)
else:
parent = all_models.Assessment.query.get(self.assessment_id)
map_evidence = evidence if evidence else factories.EvidenceUrlFactory()
return self.api.put(
parent, {
"actions": {
"add_related": [{
"id": map_evidence.id,
"type": "Evidence",
}]
}
})
def create_and_map(self):
"""Create new Evidence and map it to parent."""
response = self.create()
evidence_id = None
if response.json and response.json.get("evidence"):
evidence_id = response.json.get("evidence", {}).get("id")
if not evidence_id:
return response
evidence = all_models.Evidence.query.get(evidence_id)
return self.map(evidence)
def add_comment(self):
"""Map new comment to evidence."""
evidence = all_models.Evidence.query.get(self.evidence_id)
_, comment = self.objgen.generate_object(
all_models.Comment, {
"description": factories.random_str(),
"context": None,
})
return self.objgen.generate_relationship(source=evidence,
destination=comment)[0]
def read_comments(self):
"""Read comments mapped to evidence"""
evidence = all_models.Evidence.query.get(self.evidence_id)
with factories.single_commit():
comment = factories.CommentFactory(
description=factories.random_str())
factories.RelationshipFactory(source=evidence, destination=comment)
query_request_data = [{
"fields": [],
"filters": {
"expression": {
"object_name": "Evidence",
"op": {
"name": "relevant"
},
"ids": [evidence.id]
}
},
"object_name": "Comment",
}]
response = self.api.send_request(self.api.client.post,
data=query_request_data,
api_link="/query")
return response
class TestSnapshot(TestCase):
"""Basic tests snapshots"""
def setUp(self):
super(TestSnapshot, self).setUp()
self.api = Api()
def test_search_by_reference_url(self):
"""Test search audit related snapshots of control type by reference_url"""
expected_ref_url = "xxx"
with factories.single_commit():
audit = factories.AuditFactory()
audit_id = audit.id
doc1 = factories.DocumentReferenceUrlFactory(
link=expected_ref_url, title=expected_ref_url)
doc_id1 = doc1.id
doc2 = factories.DocumentReferenceUrlFactory(link="yyy",
title="yyy")
doc_id2 = doc2.id
control = factories.ControlFactory()
control_id = control.id
response = self.api.post(
all_models.Relationship, {
"relationship": {
"source": {
"id": control_id,
"type": control.type
},
"destination": {
"id": doc_id1,
"type": doc1.type
},
"context": None
},
})
self.assertStatus(response, 201)
response = self.api.post(
all_models.Relationship, {
"relationship": {
"source": {
"id": control_id,
"type": control.type
},
"destination": {
"id": doc_id2,
"type": doc2.type
},
"context": None
},
})
self.assertStatus(response, 201)
response = self.api.post(
all_models.Relationship, {
"relationship": {
"source": {
"id": control_id,
"type": control.type
},
"destination": {
"id": audit_id,
"type": audit.type
},
"context": None
},
})
self.assertStatus(response, 201)
query_request_data = [{
"object_name": "Snapshot",
"filters": {
"expression": {
"left": {
"left": "child_type",
"op": {
"name": "="
},
"right": "Control"
},
"op": {
"name": "AND"
},
"right": {
"left": {
"object_name": "Audit",
"op": {
"name": "relevant"
},
"ids": [audit_id]
},
"op": {
"name": "AND"
},
"right": {
"left": {
"left": "Reference URL",
"op": {
"name": "~"
},
"right": expected_ref_url
},
"op": {
"name": "AND"
},
"right": {
"left": "Status",
"op": {
"name": "IN"
},
"right": ["Active", "Draft", "Deprecated"]
}
}
}
}
},
}]
response = self.api.send_request(self.api.client.post,
data=query_request_data,
api_link="/query")
self.assert200(response)
self.assertEquals(1, response.json[0]["Snapshot"]["count"])
class DocumentReferenceUrlRBACFactory(base.BaseRBACFactory):
"""Document Reference Url RBAC factory class."""
def __init__(self, user_id, acr, parent=None):
"""Set up objects for Document permission tests.
Args:
user_id: Id of user under which all operations will be run.
acr: Instance of ACR that should be assigned for tested user.
parent: Model name in scope of which objects should be set up.
"""
self.api = Api()
self.objgen = generator.ObjectGenerator()
self.objgen.api = self.api
self.acr = acr
self.user_id = user_id
self.parent_name = parent
self.document_id = None
self.parent = None
self.parent_id = None
self.admin_acr_id = all_models.AccessControlRole.query.filter_by(
name="Admin",
object_type="Document",
).one().id
self.setup_models(self.parent_name)
self.set_user(user_id)
def set_user(self, user_id):
"""Set user to send requests"""
if self.user_id:
user = all_models.Person.query.get(user_id)
self.api.set_user(user)
def setup_models(self, parent_name):
"""Setup document, parent, relationship"""
with factories.single_commit():
document = factories.DocumentReferenceUrlFactory()
self.document_id = document.id
self.parent = self.build_parent(parent_name)
self.parent_id = self.parent.id
factories.RelationshipFactory(source=self.parent, destination=document)
self.assign_person(self.parent, self.acr, self.user_id)
@staticmethod
def build_parent(parent_name):
"""Create parent based on Name"""
try:
parent = FACTORIES_MAPPING[parent_name]()
except KeyError():
raise ValueError("Unknown parent {}".format(parent_name))
return parent
def create(self):
"""Create new Document object."""
result = self.api.post(all_models.Document, {
"document": {
"access_control_list": [{
"ac_role_id": self.admin_acr_id,
"person": {
"id": self.user_id,
"type": "Person",
}
}],
"link": factories.random_str(),
"title": factories.random_str(),
"context": None,
}
})
return result
def read(self):
"""Read existing Document object."""
res = self.api.get(all_models.Document, self.document_id)
return res
def update(self):
"""Update title of existing Document object."""
document = all_models.Document.query.get(self.document_id)
return self.api.put(document, {"title": factories.random_str()})
def delete(self):
"""Delete Document object."""
document = all_models.Document.query.get(self.document_id)
return self.api.delete(document)
def map(self, document=None):
"""Map Document to parent object."""
parent = self.parent.__class__.query.get(self.parent_id)
map_document = document if document \
else factories.DocumentReferenceUrlFactory()
return self.objgen.generate_relationship(
source=parent,
destination=map_document
)[0]
def create_and_map(self):
"""Create new Document and map it to parent."""
response = self.create()
document_id = None
if response.json and response.json.get("document"):
document_id = response.json.get("document", {}).get("id")
if not document_id:
return response
document = all_models.Document.query.get(document_id)
return self.map(document)
def add_comment(self):
"""Map new comment to document."""
document = all_models.Document.query.get(self.document_id)
_, comment = self.objgen.generate_object(all_models.Comment, {
"description": factories.random_str(),
"context": None,
})
return self.objgen.generate_relationship(source=document,
destination=comment)[0]
def read_comments(self):
"""Read comments mapped to document"""
document = all_models.Document.query.get(self.document_id)
with factories.single_commit():
comment = factories.CommentFactory(description=factories.random_str())
factories.RelationshipFactory(source=document, destination=comment)
query_request_data = [{
"fields": [],
"filters": {
"expression": {
"object_name": "Document",
"op": {
"name": "relevant"
},
"ids": [document.id]
}
},
"object_name": "Comment",
}]
response = self.api.send_request(
self.api.client.post,
data=query_request_data,
api_link="/query"
)
return response
class UniversalRBACFactory(base.BaseRBACFactory):
"""Universal RBAC factory class.
Can be used in 'one rank' tests
"""
# pylint: disable=too-many-instance-attributes
def __init__(self, user_id, acr, parent=None):
"""Set up objects for permission tests.
Args:
user_id: Id of user under which all operations will be run.
acr: Instance of ACR that should be assigned for tested user.
parent: Model name in scope of which objects should be set up.
"""
self.api = Api()
self.objgen = generator.ObjectGenerator()
self.objgen.api = self.api
self.acr = acr
self.user_id = user_id
self.parent_name = parent
self.document_id = None
self.parent = None
self.parent_id = None
self.setup_models(self.parent_name)
self.set_user(user_id)
def set_user(self, user_id):
"""Set user to send requests"""
if self.user_id:
user = all_models.Person.query.get(user_id)
self.api.set_user(user)
def setup_models(self, parent_name):
"""Setup document, parent, relationship"""
with factories.single_commit():
self.parent = get_model_factory(parent_name)()
self.parent_id = self.parent.id
self.parent_name = parent_name
self.assign_person(self.parent, self.acr, self.user_id)
def _setup_document(self):
"""Crate and map document"""
with factories.single_commit():
document = factories.DocumentReferenceUrlFactory()
parent = db.session.query(self.parent.__class__).get(self.parent_id)
factories.RelationshipFactory(source=parent, destination=document)
return document.id
def _setup_comment(self):
"""Crate and map comment"""
with factories.single_commit():
comment = factories.CommentFactory(description="Hey!")
parent = db.session.query(self.parent.__class__).get(self.parent_id)
factories.RelationshipFactory(source=parent, destination=comment)
return comment.id
def read_parent(self):
"""Can Read parent info."""
res = self.api.get(self.parent, self.parent_id)
return res
def create_and_map_document(self):
"""Create and map document object to parent."""
admin_acr_id = all_models.AccessControlRole.query.filter_by(
name="Admin",
object_type="Document",
).one().id
_, document = self.objgen.generate_object(
all_models.Document, {
"link":
factories.random_str(),
"title":
factories.random_str(),
"context":
None,
"access_control_list": [
{
"ac_role_id": admin_acr_id,
"person": {
"id": self.user_id,
"type": "Person",
}
}
],
}
)
parent = db.session.query(self.parent.__class__).get(self.parent_id)
return self.objgen.generate_relationship(
source=document, destination=parent
)[0]
def read_document(self):
"""Read existing Document object."""
doc_id = self._setup_document()
res = self.api.get(all_models.Document, doc_id)
return res
def update_document(self):
"""Update title of existing Document object."""
doc_id = self._setup_document()
document = all_models.Document.query.get(doc_id)
return self.api.put(document, {"title": factories.random_str()})
def delete_document(self):
"""Delete Document object."""
doc_id = self._setup_document()
document = all_models.Document.query.get(doc_id)
return self.api.delete(document)
def create_and_map_comment(self):
"""Create new Comment object and map to parent."""
_, comment = self.objgen.generate_object(
all_models.Comment, {
"description": factories.random_str(),
"context": None,
}
)
parent = db.session.query(self.parent.__class__).get(self.parent_id)
return self.objgen.generate_relationship(
source=parent, destination=comment
)[0]
def read_comment(self):
"""Read existing Comment object."""
comment_id = self._setup_comment()
res = self.api.get(all_models.Comment, comment_id)
return res
def create_and_map_document_comment(self):
"""Map new comment to document."""
doc_id = self._setup_document()
_, comment = self.objgen.generate_object(
all_models.Comment, {
"description": factories.random_str(),
"context": None,
}
)
document = all_models.Document.query.get(doc_id)
return self.objgen.generate_relationship(
source=document, destination=comment
)[0]
def read_document_comment(self):
"""Read comments mapped to document"""
doc_id = self._setup_document()
document = all_models.Document.query.get(doc_id)
with factories.single_commit():
comment = factories.CommentFactory(description=factories.random_str())
factories.RelationshipFactory(source=document, destination=comment)
query_request_data = [
{
"fields": [],
"filters": {
"expression": {
"object_name": "Document",
"op": {
"name": "relevant"
},
"ids": [document.id]
}
},
"object_name": "Comment",
}
]
response = self.api.send_request(
self.api.client.post, data=query_request_data, api_link="/query"
)
return response
class DocumentReferenceUrlRBACFactory(base.BaseRBACFactory):
"""Document Reference Url RBAC factory class."""
def __init__(self, user_id, acr, parent=None):
"""Set up objects for Document permission tests.
Args:
user_id: Id of user under which all operations will be run.
acr: Instance of ACR that should be assigned for tested user.
parent: Model name in scope of which objects should be set up.
"""
self.api = Api()
self.objgen = generator.ObjectGenerator()
self.objgen.api = self.api
self.acr = acr
self.user_id = user_id
self.parent_name = parent
self.document_id = None
self.parent = None
self.parent_id = None
self.admin_acr_id = all_models.AccessControlRole.query.filter_by(
name="Admin",
object_type="Document",
).one().id
self.setup_models(self.parent_name)
self.set_user(user_id)
def set_user(self, user_id):
"""Set user to send requests"""
if self.user_id:
user = all_models.Person.query.get(user_id)
self.api.set_user(user)
def setup_models(self, parent_name):
"""Setup document, parent, relationship"""
with factories.single_commit():
document = factories.DocumentReferenceUrlFactory()
self.document_id = document.id
self.parent = self.build_parent(parent_name)
self.parent_id = self.parent.id
factories.RelationshipFactory(source=self.parent,
destination=document)
self.assign_person(self.parent, self.acr, self.user_id)
@staticmethod
def build_parent(parent_name):
"""Create parent based on Name"""
try:
parent = FACTORIES_MAPPING[parent_name]()
except KeyError():
raise ValueError("Unknown parent {}".format(parent_name))
return parent
def create(self):
"""Create new Document object."""
result = self.api.post(
all_models.Document, {
"document": {
"access_control_list": [{
"ac_role_id": self.admin_acr_id,
"person": {
"id": self.user_id,
"type": "Person",
}
}],
"link":
factories.random_str(),
"title":
factories.random_str(),
"context":
None,
}
})
return result
def read(self):
"""Read existing Document object."""
res = self.api.get(all_models.Document, self.document_id)
return res
def update(self):
"""Update title of existing Document object."""
document = all_models.Document.query.get(self.document_id)
return self.api.put(document, {"title": factories.random_str()})
def delete(self):
"""Delete Document object."""
document = all_models.Document.query.get(self.document_id)
return self.api.delete(document)
def map(self, document=None):
"""Map Document to parent object."""
parent = self.parent.__class__.query.get(self.parent_id)
map_document = document if document \
else factories.DocumentReferenceUrlFactory()
return self.objgen.generate_relationship(source=parent,
destination=map_document)[0]
def create_and_map(self):
"""Create new Document and map it to parent."""
response = self.create()
document_id = None
if response.json and response.json.get("document"):
document_id = response.json.get("document", {}).get("id")
if not document_id:
return response
document = all_models.Document.query.get(document_id)
return self.map(document)
def add_comment(self):
"""Map new comment to document."""
document = all_models.Document.query.get(self.document_id)
_, comment = self.objgen.generate_object(
all_models.Comment, {
"description": factories.random_str(),
"context": None,
})
return self.objgen.generate_relationship(source=document,
destination=comment)[0]
def read_comments(self):
"""Read comments mapped to document"""
document = all_models.Document.query.get(self.document_id)
with factories.single_commit():
comment = factories.CommentFactory(
description=factories.random_str())
factories.RelationshipFactory(source=document, destination=comment)
query_request_data = [{
"fields": [],
"filters": {
"expression": {
"object_name": "Document",
"op": {
"name": "relevant"
},
"ids": [document.id]
}
},
"object_name": "Comment",
}]
response = self.api.send_request(self.api.client.post,
data=query_request_data,
api_link="/query")
return response
class EvidenceRBACFactory(base.BaseRBACFactory):
"""Evidence RBAC factory class."""
def __init__(self, user_id, acr, parent=None):
"""Set up objects for Evidence permission tests.
Args:
user_id: Id of user under which all operations will be run.
acr: Instance of ACR that should be assigned for tested user.
parent: Model name in scope of which objects should be set up.
"""
self.setup_program_scope(user_id, acr)
with factories.single_commit():
evidence = factories.EvidenceUrlFactory()
if parent == "Audit":
self.mapping_id = factories.RelationshipFactory(
source=self.audit, destination=evidence
).id
elif parent == "Assessment":
self.mapping_id = factories.RelationshipFactory(
source=self.assessment, destination=evidence
).id
self.evidence_id = evidence.id
self.parent = parent
self.admin_acr_id = all_models.AccessControlRole.query.filter_by(
name="Admin",
object_type="Evidence",
).one().id
self.user_id = user_id
self.api = Api()
self.objgen = generator.ObjectGenerator()
self.objgen.api = self.api
if user_id:
user = all_models.Person.query.get(user_id)
self.api.set_user(user)
def create(self):
"""Create new Evidence object."""
result = self.api.post(all_models.Evidence, {
"evidence": {
"access_control_list": [{
"ac_role_id": self.admin_acr_id,
"person": {
"id": self.user_id,
"type": "Person",
}
}],
"link": factories.random_str(),
"title": factories.random_str(),
"context": None,
}
})
return result
def read(self):
"""Read existing Evidence object."""
res = self.api.get(all_models.Evidence, self.evidence_id)
return res
def update(self):
"""Update title of existing Evidence object."""
evidence = all_models.Evidence.query.get(self.evidence_id)
return self.api.put(evidence, {"title": factories.random_str()})
def delete(self):
"""Delete Evidence object."""
evidence = all_models.Evidence.query.get(self.evidence_id)
return self.api.delete(evidence)
def map(self, evidence=None):
"""Map Evidence to parent object."""
if self.parent == "Audit":
parent = all_models.Audit.query.get(self.audit_id)
else:
parent = all_models.Assessment.query.get(self.assessment_id)
map_evidence = evidence if evidence else factories.EvidenceUrlFactory()
return self.api.put(parent, {
"actions": {
"add_related": [{
"id": map_evidence.id,
"type": "Evidence",
}]
}
})
def create_and_map(self):
"""Create new Evidence and map it to parent."""
response = self.create()
evidence_id = None
if response.json and response.json.get("evidence"):
evidence_id = response.json.get("evidence", {}).get("id")
if not evidence_id:
return response
evidence = all_models.Evidence.query.get(evidence_id)
return self.map(evidence)
def add_comment(self):
"""Map new comment to evidence."""
evidence = all_models.Evidence.query.get(self.evidence_id)
_, comment = self.objgen.generate_object(all_models.Comment, {
"description": factories.random_str(),
"context": None,
})
return self.objgen.generate_relationship(source=evidence,
destination=comment)[0]
def read_comments(self):
"""Read comments mapped to evidence"""
evidence = all_models.Evidence.query.get(self.evidence_id)
with factories.single_commit():
comment = factories.CommentFactory(description=factories.random_str())
factories.RelationshipFactory(source=evidence, destination=comment)
query_request_data = [{
"fields": [],
"filters": {
"expression": {
"object_name": "Evidence",
"op": {
"name": "relevant"
},
"ids": [evidence.id]
}
},
"object_name": "Comment",
}]
response = self.api.send_request(
self.api.client.post,
data=query_request_data,
api_link="/query"
)
return response
class TestSnapshot(TestCase):
"""Basic tests snapshots"""
def setUp(self):
super(TestSnapshot, self).setUp()
self.api = Api()
self.generator = generator.ObjectGenerator()
def test_search_by_reference_url(self):
"""Test search audit related snapshots of control type by reference_url"""
expected_ref_url = "xxx"
with factories.single_commit():
audit = factories.AuditFactory()
audit_id = audit.id
doc1 = factories.DocumentReferenceUrlFactory(link=expected_ref_url,
title=expected_ref_url)
doc_id1 = doc1.id
doc2 = factories.DocumentReferenceUrlFactory(link="yyy", title="yyy")
doc_id2 = doc2.id
control = factories.ControlFactory()
control_id = control.id
response = self.api.post(all_models.Relationship, {
"relationship": {
"source": {"id": control_id, "type": control.type},
"destination": {"id": doc_id1, "type": doc1.type},
"context": None
},
})
self.assertStatus(response, 201)
response = self.api.post(all_models.Relationship, {
"relationship": {
"source": {"id": control_id, "type": control.type},
"destination": {"id": doc_id2, "type": doc2.type},
"context": None
},
})
self.assertStatus(response, 201)
response = self.api.post(all_models.Relationship, {
"relationship": {
"source": {"id": control_id, "type": control.type},
"destination": {"id": audit_id, "type": audit.type},
"context": None
},
})
self.assertStatus(response, 201)
query_request_data = [{
"object_name": "Snapshot",
"filters": {
"expression": {
"left": {
"left": "child_type",
"op": {"name": "="},
"right": "Control"
},
"op": {"name": "AND"},
"right": {
"left": {
"object_name": "Audit",
"op": {"name": "relevant"},
"ids": [audit_id]
},
"op": {"name": "AND"},
"right": {
"left": {
"left": "Reference URL",
"op": {"name": "~"},
"right": expected_ref_url
},
"op": {"name": "AND"},
"right": {
"left": "Status",
"op": {"name": "IN"},
"right": ["Active", "Draft", "Deprecated"]
}
}
}
}
},
}]
response = self.api.send_request(
self.api.client.post,
data=query_request_data,
api_link="/query"
)
self.assert200(response)
self.assertEquals(1, response.json[0]["Snapshot"]["count"])
# pylint: disable=invalid-name
def test_identity_revision_after_adding_comment(self):
"""Test checks identity of revisions after adding comment"""
with factories.single_commit():
audit = factories.AuditFactory()
standard = factories.StandardFactory()
snapshot = self._create_snapshots(audit, [standard])[0]
snapshot_id = snapshot.id
self.generator.generate_comment(standard, "", "some comment")
response = self.api.get(snapshot.__class__, snapshot_id)
self.assertStatus(response, 200)
self.assertTrue(response.json['snapshot']['is_identical_revision'])
def test_is_identical_revision(self):
"""Test checks correctly work of is_identical_revision flag"""
with factories.single_commit():
audit = factories.AuditFactory()
standard = factories.StandardFactory()
standard_id = standard.id
snapshot = self._create_snapshots(audit, [standard])[0]
snapshot_id = snapshot.id
standard = all_models.Standard.query.get(standard_id)
self.api.put(standard, {"title": "Test standard 1"})
snapshot = all_models.Snapshot.query.get(snapshot_id)
self.assertFalse(snapshot.is_identical_revision)
class UniversalRBACFactory(base.BaseRBACFactory):
"""Universal RBAC factory class.
Can be used in 'one rank' tests
"""
# pylint: disable=too-many-instance-attributes
def __init__(self, user_id, acr, parent=None):
"""Set up objects for permission tests.
Args:
user_id: Id of user under which all operations will be run.
acr: Instance of ACR that should be assigned for tested user.
parent: Model name in scope of which objects should be set up.
"""
self.api = Api()
self.objgen = generator.ObjectGenerator()
self.objgen.api = self.api
self.acr = acr
self.user_id = user_id
self.parent_name = parent
self.document_id = None
self.parent = None
self.parent_id = None
self.setup_models(self.parent_name)
self.set_user(user_id)
def set_user(self, user_id):
"""Set user to send requests"""
if self.user_id:
user = all_models.Person.query.get(user_id)
self.api.set_user(user)
def setup_models(self, parent_name):
"""Setup document, parent, relationship"""
with factories.single_commit():
self.parent = get_model_factory(parent_name)()
self.parent_id = self.parent.id
self.parent_name = parent_name
self.assign_person(self.parent, self.acr, self.user_id)
def _setup_document(self):
"""Crate and map document"""
with factories.single_commit():
document = factories.DocumentReferenceUrlFactory()
parent = db.session.query(self.parent.__class__).get(self.parent_id)
factories.RelationshipFactory(source=parent, destination=document)
return document.id
def _setup_comment(self):
"""Crate and map comment"""
with factories.single_commit():
comment = factories.CommentFactory(description="Hey!")
parent = db.session.query(self.parent.__class__).get(self.parent_id)
factories.RelationshipFactory(source=parent, destination=comment)
return comment.id
def read_parent(self):
"""Can Read parent info."""
res = self.api.get(self.parent, self.parent_id)
return res
def create_and_map_document(self):
"""Create and map document object to parent."""
admin_acr_id = all_models.AccessControlRole.query.filter_by(
name="Admin",
object_type="Document",
).one().id
_, document = self.objgen.generate_object(
all_models.Document, {
"link":
factories.random_str(),
"title":
factories.random_str(),
"context":
None,
"access_control_list": [
{
"ac_role_id": admin_acr_id,
"person": {
"id": self.user_id,
"type": "Person",
}
}
],
}
)
parent = db.session.query(self.parent.__class__).get(self.parent_id)
return self.objgen.generate_relationship(
source=document, destination=parent
)[0]
def read_document(self):
"""Read existing Document object."""
doc_id = self._setup_document()
res = self.api.get(all_models.Document, doc_id)
return res
def update_document(self):
"""Update title of existing Document object."""
doc_id = self._setup_document()
document = all_models.Document.query.get(doc_id)
return self.api.put(document, {"title": factories.random_str()})
def delete_document(self):
"""Delete Document object."""
doc_id = self._setup_document()
document = all_models.Document.query.get(doc_id)
return self.api.delete(document)
def create_and_map_comment(self):
"""Create new Comment object and map to parent."""
_, comment = self.objgen.generate_object(
all_models.Comment, {
"description": factories.random_str(),
"context": None,
}
)
parent = db.session.query(self.parent.__class__).get(self.parent_id)
return self.objgen.generate_relationship(
source=parent, destination=comment
)[0]
def read_comment(self):
"""Read existing Comment object."""
comment_id = self._setup_comment()
res = self.api.get(all_models.Comment, comment_id)
return res
def create_and_map_document_comment(self):
"""Map new comment to document."""
doc_id = self._setup_document()
_, comment = self.objgen.generate_object(
all_models.Comment, {
"description": factories.random_str(),
"context": None,
}
)
document = all_models.Document.query.get(doc_id)
return self.objgen.generate_relationship(
source=document, destination=comment
)[0]
def read_document_comment(self):
"""Read comments mapped to document"""
doc_id = self._setup_document()
document = all_models.Document.query.get(doc_id)
with factories.single_commit():
comment = factories.CommentFactory(description=factories.random_str())
factories.RelationshipFactory(source=document, destination=comment)
query_request_data = [
{
"fields": [],
"filters": {
"expression": {
"object_name": "Document",
"op": {
"name": "relevant"
},
"ids": [document.id]
}
},
"object_name": "Comment",
}
]
response = self.api.send_request(
self.api.client.post, data=query_request_data, api_link="/query"
)
return response
class CycleTaskRBACFactory(base.BaseRBACFactory):
"""Cycle Task RBAC factory class."""
def __init__(self, user_id, acr, parent=None):
"""Set up objects for Cycle Task permission tests.
Args:
user_id: Id of user under which all operations will be run.
acr: Instance of ACR that should be assigned for tested user.
parent: Model name in scope of which objects should be set up.
"""
# pylint: disable=unused-argument
self.setup_workflow_scope(user_id, acr)
self.admin_control_id = {
name: id
for id, name in access_control.role.get_custom_roles_for(
"Control").items()
}["Admin"]
self.api = Api()
self.objgen = generator.ObjectGenerator()
self.objgen.api = self.api
if user_id:
self.user_id = user_id
user = all_models.Person.query.get(user_id)
self.api.set_user(user)
def create(self):
"""Create new Cycle Task object."""
cycle_tg = all_models.CycleTaskGroup.query.first()
return self.api.post(
all_models.CycleTaskGroupObjectTask, {
"cycle_task_group_object_task": {
"title": "New Cycle Task",
"start_date": datetime.now().strftime("%Y-%m-%d"),
"end_date": datetime.now().strftime("%Y-%m-%d"),
"context": None,
"task_type": "text",
"cycle_task_group": {
"id": cycle_tg.id,
"type": "Task Group",
},
"cycle": {
"id": cycle_tg.cycle.id,
"type": "Cycle",
},
}
})
def read(self):
"""Read existing Cycle Task object."""
cycle_task = all_models.CycleTaskGroupObjectTask.query.first()
return self.api.get(cycle_task, cycle_task.id)
def update(self):
"""Update title of existing Cycle Task object."""
cycle_task = all_models.CycleTaskGroupObjectTask.query.first()
return self.api.put(cycle_task, {"title": factories.random_str()})
def delete(self):
"""Delete Cycle Task object."""
cycle_task = all_models.CycleTaskGroupObjectTask.query.first()
return self.api.delete(cycle_task)
def read_revisions(self):
"""Read revisions for Cycle Task object."""
responses = []
cycle_task = all_models.CycleTaskGroupObjectTask.query.first()
for query in [
"source_type={}&source_id={}",
"destination_type={}&destination_id={}",
"resource_type={}&resource_id={}"
]:
responses.append(
self.api.get_query(
all_models.CycleTaskGroupObjectTask,
query.format("cycle_task_group_object_task",
cycle_task.id)))
return responses
def add_comment(self):
"""Map new comment to cycle task."""
cycle_task = all_models.CycleTaskGroupObjectTask.query.get(
self.cycle_task_id)
_, comment = self.objgen.generate_object(
all_models.Comment, {
"description": factories.random_str(),
"context": None,
})
return self.objgen.generate_relationship(source=cycle_task,
destination=comment)[0]
def read_comment(self):
"""Read comments mapped to cycle task"""
cycle_task = all_models.CycleTaskGroupObjectTask.query.get(
self.cycle_task_id)
with factories.single_commit():
comment = factories.CommentFactory(
description=factories.random_str())
factories.RelationshipFactory(source=cycle_task,
destination=comment)
query_request_data = [{
"fields": [],
"filters": {
"expression": {
"object_name": "CycleTaskGroupObjectTask",
"op": {
"name": "relevant"
},
"ids": [cycle_task.id]
}
},
"object_name": "Comment",
}]
response = self.api.send_request(self.api.client.post,
data=query_request_data,
api_link="/query")
return response
def map_control(self):
"""Map Control on which user don't have any rights to Cycle Task."""
cycle_task = all_models.CycleTaskGroupObjectTask.query.first()
control = factories.ControlFactory()
return self.objgen.generate_relationship(
source=cycle_task,
destination=control,
)[0]
def map_created_control(self):
"""Map Control that was created by user to Cycle Task."""
cycle_task = all_models.CycleTaskGroupObjectTask.query.first()
control = factories.ControlFactory()
# pylint: disable=protected-access
for acl in control._access_control_list:
if acl.ac_role_id == self.admin_control_id:
factories.AccessControlPersonFactory(
person_id=self.user_id,
ac_list=acl,
)
return self.objgen.generate_relationship(
source=cycle_task,
destination=control,
)[0]
def read_mapped_control(self):
"""Read Control object mapped to Cycle Task."""
cycle_task = all_models.CycleTaskGroupObjectTask.query.first()
with factories.single_commit():
control = factories.ControlFactory()
factories.RelationshipFactory(source=cycle_task,
destination=control)
return self.api.get(control, control.id)
def upmap_control(self):
"""Unmap Control from Task Group."""
cycle_task = all_models.CycleTaskGroupObjectTask.query.first()
with factories.single_commit():
control = factories.ControlFactory()
rel = factories.RelationshipFactory(source=cycle_task,
destination=control)
return self.api.delete(rel)
def start(self):
"""Start Cycle Task."""
cycle_task = all_models.CycleTaskGroupObjectTask.query.first()
return self.api.put(cycle_task, {"status": "InProgress"})
def end(self):
"""End Cycle Task."""
cycle_task = all_models.CycleTaskGroupObjectTask.query.first()
return self.api.put(cycle_task, {"status": "Finished"})
def verify(self):
"""Verify Cycle Task."""
cycle_task = all_models.CycleTaskGroupObjectTask.query.first()
return self.api.put(cycle_task, {"status": "Verified"})
def decline(self):
"""Decline Cycle Task."""
cycle_task = all_models.CycleTaskGroupObjectTask.query.first()
return self.api.put(cycle_task, {"status": "Declined"})
def deprecate(self):
"""Deprecate Cycle Task."""
cycle_task = all_models.CycleTaskGroupObjectTask.query.first()
return self.api.put(cycle_task, {"status": "Deprecated"})
def restore(self):
"""Restore Cycle Task."""
cycle_task = all_models.CycleTaskGroupObjectTask.query.first()
return self.api.put(cycle_task, {"status": "Assigned"})
class TestSnapshot(TestCase):
"""Basic tests snapshots"""
def setUp(self):
super(TestSnapshot, self).setUp()
self.api = Api()
def test_search_by_reference_url(self):
"""Test search audit related snapshots of control type by reference_url"""
expected_ref_url = "xxx"
with factories.single_commit():
audit = factories.AuditFactory()
audit_id = audit.id
doc1 = factories.DocumentReferenceUrlFactory(link=expected_ref_url,
title=expected_ref_url)
doc_id1 = doc1.id
doc2 = factories.DocumentReferenceUrlFactory(link="yyy", title="yyy")
doc_id2 = doc2.id
control = factories.ControlFactory()
control_id = control.id
response = self.api.post(all_models.Relationship, {
"relationship": {
"source": {"id": control_id, "type": control.type},
"destination": {"id": doc_id1, "type": doc1.type},
"context": None
},
})
self.assertStatus(response, 201)
response = self.api.post(all_models.Relationship, {
"relationship": {
"source": {"id": control_id, "type": control.type},
"destination": {"id": doc_id2, "type": doc2.type},
"context": None
},
})
self.assertStatus(response, 201)
response = self.api.post(all_models.Relationship, {
"relationship": {
"source": {"id": control_id, "type": control.type},
"destination": {"id": audit_id, "type": audit.type},
"context": None
},
})
self.assertStatus(response, 201)
query_request_data = [{
"object_name": "Snapshot",
"filters": {
"expression": {
"left": {
"left": "child_type",
"op": {"name": "="},
"right": "Control"
},
"op": {"name": "AND"},
"right": {
"left": {
"object_name": "Audit",
"op": {"name": "relevant"},
"ids": [audit_id]
},
"op": {"name": "AND"},
"right": {
"left": {
"left": "Reference URL",
"op": {"name": "~"},
"right": expected_ref_url
},
"op": {"name": "AND"},
"right": {
"left": "Status",
"op": {"name": "IN"},
"right": ["Active", "Draft", "Deprecated"]
}
}
}
}
},
}]
response = self.api.send_request(
self.api.client.post,
data=query_request_data,
api_link="/query"
)
self.assert200(response)
self.assertEquals(1, response.json[0]["Snapshot"]["count"])
class TestManualAudit(TestCase):
""" Test Audit with manual snapshot mapping"""
# pylint: disable=invalid-name
def setUp(self):
super(TestManualAudit, self).setUp()
self.api = Api()
self.gen = generator.ObjectGenerator()
def assertSnapshotCount(self, count):
"""Assert snapshots count"""
snapshot_count = all_models.Snapshot.query.count()
self.assertEqual(snapshot_count, count)
def count_related_objectives(self, snapshot_id):
"""Returns related objectives count for control snapshot"""
query_data = [{
"object_name":
"Snapshot",
"filters": {
"expression": {
"left": {
"left": "child_type",
"op": {
"name": "="
},
"right": "Objective"
},
"op": {
"name": "AND"
},
"right": {
"object_name": "Snapshot",
"op": {
"name": "relevant"
},
"ids": [str(snapshot_id)]
}
}
},
"fields": ["child_id", "child_type", "revision", "parent"]
}]
response = self.api.send_request(self.api.client.post,
data=query_data,
api_link="/query")
self.assert200(response)
return response.json[0]["Snapshot"]["count"]
def test_audit_upsert(self):
"""Test upsert audit with manual mapping
Audit with manual mapping should not add new snapshots
after calling "Update objects to latest version"
"""
with factories.single_commit():
program = factories.ProgramFactory()
control = factories.ControlFactory()
factories.RelationshipFactory(source=program, destination=control)
self.api.post(all_models.Audit, [{
"audit": {
"title": "New Audit",
"program": {
"id": program.id,
"type": program.type
},
"status": "Planned",
"context": None,
"manual_snapshots": True,
}
}])
self.assertSnapshotCount(0)
audit = all_models.Audit.query.first()
self.api.put(audit, data={"snapshots": {"operation": "upsert"}})
self.assertSnapshotCount(0)
def test_audit_manual_snapshots(self):
"""Test audit with manual snapshot mapping"""
with factories.single_commit():
program = factories.ProgramFactory()
control = factories.ControlFactory()
control_id = control.id
control2 = factories.ControlFactory(
) # wouldn't be mapped to objective
control2_id = control2.id
objective = factories.ObjectiveFactory()
factories.RelationshipFactory(source=program, destination=control)
factories.RelationshipFactory(source=program, destination=control2)
factories.RelationshipFactory(source=program,
destination=objective)
factories.RelationshipFactory(source=control,
destination=objective)
self.api.post(all_models.Audit, [{
"audit": {
"title": "New Audit",
"program": {
"id": program.id,
"type": program.type
},
"status": "Planned",
"context": None,
"manual_snapshots": True,
}
}])
self.assertSnapshotCount(0)
audit = all_models.Audit.query.first()
control = all_models.Control.query.get(control_id)
control2 = all_models.Control.query.get(control2_id)
objective = all_models.Objective.query.first()
self.gen.generate_relationship(audit, control)
control_snapshot_id = all_models.Snapshot.query.filter_by(
child_id=control_id, child_type="Control").first().id
self.assertEqual(self.count_related_objectives(control_snapshot_id), 0)
self.gen.generate_relationship(audit, objective)
self.assertEqual(self.count_related_objectives(control_snapshot_id), 1)
self.gen.generate_relationship(audit, control2)
control2_snapshot_id = all_models.Snapshot.query.filter_by(
child_id=control2_id, child_type="Control").first().id
self.assertEqual(self.count_related_objectives(control2_snapshot_id),
0)
self.assertSnapshotCount(3)