def test__get_intent_by_action__not_found_raises_error(self): with self.assertRaises(Intent.DoesNotExist): model_access.get_intent_by_action("Does not exist", True)
def validate(self, data): logger.debug('inside ListingSerializer.validate') user = generic_model_access.get_profile( self.context['request'].user.username) if not data.get('title', None): raise serializers.ValidationError('Title is required') data['description'] = data.get('description', None) data['launch_url'] = data.get('launch_url', None) data['version_name'] = data.get('version_name', None) data['unique_name'] = data.get('unique_name', None) data['what_is_new'] = data.get('what_is_new', None) data['description_short'] = data.get('description_short', None) data['requirements'] = data.get('requirements', None) data['is_private'] = data.get('is_private', False) if 'security_marking' not in data: raise serializers.ValidationError('security_marking is required') data['security_marking'] = data.get('security_marking', None) # only checked on update, not create data['is_enabled'] = data.get('is_enabled', False) data['is_featured'] = data.get('is_featured', False) data['approval_status'] = data.get('approval_status', None) # agency agency_title = data.get('agency', None) if agency_title: data['agency'] = agency_model_access.get_agency_by_title(agency_title['title']) if data['agency'] is None: raise serializers.ValidationError('Invalid Agency') else: data['agency'] = user.organizations.all()[0] # listing_type type_title = data.get('listing_type', None) if type_title: data['listing_type'] = model_access.get_listing_type_by_title( data['listing_type']['title']) else: data['listing_type'] = None # small_icon small_icon = data.get('small_icon', None) if small_icon: if 'id' not in small_icon: raise serializers.ValidationError('Image(small_icon) requires a %s' % 'id') if small_icon.get('security_marking') is None: small_icon['security_marking'] = constants.DEFAULT_SECURITY_MARKING else: data['small_icon'] = None # large_icon large_icon = data.get('large_icon', None) if large_icon: if 'id' not in large_icon: raise serializers.ValidationError('Image(large_icon) requires a %s' % 'id') if large_icon.get('security_marking') is None: large_icon['security_marking'] = constants.DEFAULT_SECURITY_MARKING else: data['large_icon'] = None # banner_icon banner_icon = data.get('banner_icon', None) if banner_icon: if 'id' not in banner_icon: raise serializers.ValidationError('Image(banner_icon) requires a %s' % 'id') if banner_icon.get('security_marking') is None: banner_icon['security_marking'] = constants.DEFAULT_SECURITY_MARKING else: data['banner_icon'] = None # large_banner_icon large_banner_icon = data.get('large_banner_icon', None) if large_banner_icon: if 'id' not in large_banner_icon: raise serializers.ValidationError('Image(large_banner_icon) requires a %s' % 'id') if large_banner_icon.get('security_marking') is None: large_banner_icon['security_marking'] = constants.DEFAULT_SECURITY_MARKING else: data['large_banner_icon'] = None # Screenshot screenshots = data.get('screenshots', None) if screenshots is not None: screenshots_out = [] image_require_fields = ['id'] for screenshot_set in screenshots: if ('small_image' not in screenshot_set or 'large_image' not in screenshot_set): raise serializers.ValidationError( 'Screenshot Set requires %s fields' % 'small_image, large_icon') screenshot_small_image = screenshot_set.get('small_image') screenshot_large_image = screenshot_set.get('large_image') for field in image_require_fields: if field not in screenshot_small_image: raise serializers.ValidationError('Screenshot Small Image requires a %s' % field) for field in image_require_fields: if field not in screenshot_large_image: raise serializers.ValidationError('Screenshot Large Image requires a %s' % field) if not screenshot_small_image.get('security_marking'): screenshot_small_image['security_marking'] = constants.DEFAULT_SECURITY_MARKING if not screenshot_large_image.get('security_marking'): screenshot_large_image['security_marking'] = constants.DEFAULT_SECURITY_MARKING screenshots_out.append(screenshot_set) data['screenshots'] = screenshots_out else: data['screenshots'] = None if 'contacts' in data: required_fields = ['email', 'name', 'contact_type'] for contact in data['contacts']: if 'secure_phone' not in contact: contact['secure_phone'] = None if 'unsecure_phone' not in contact: contact['unsecure_phone'] = None for field in required_fields: if field not in contact: raise serializers.ValidationError( 'Contact requires a %s' % field) owners = [] if 'owners' in data: for owner in data['owners']: owners.append(generic_model_access.get_profile( owner['user']['username'])) data['owners'] = owners categories = [] if 'categories' in data: for category in data['categories']: categories.append(category_model_access.get_category_by_title( category['title'])) data['categories'] = categories # tags will be created (if necessary) in create() if 'tags' in data: pass intents = [] if 'intents' in data: for intent in data['intents']: intents.append(intent_model_access.get_intent_by_action( intent['action'])) data['intents'] = intents # doc urls will be created in create() if 'doc_urls' in data: pass logger.debug('leaving ListingSerializer.validate') return data
def test__get_intent_by_action__not_found(self): result = model_access.get_intent_by_action("Does not exist") self.assertIsNone(result)
def test_get_intent_by_non_existent_action(self): intent = model_access.get_intent_by_action('Does not exist') self.assertIsNone(intent)
def validate(self, data): logger.debug('inside ListingSerializer.validate') user = generic_model_access.get_profile( self.context['request'].user.username) if 'title' not in data: raise serializers.ValidationError('Title is required') data['description'] = data.get('description', None) data['launch_url'] = data.get('launch_url', None) data['version_name'] = data.get('version_name', None) data['unique_name'] = data.get('unique_name', None) data['what_is_new'] = data.get('what_is_new', None) data['description_short'] = data.get('description_short', None) data['requirements'] = data.get('requirements', None) data['is_private'] = data.get('is_private', False) data['security_marking'] = data.get('security_marking', None) # only checked on update, not create data['is_enabled'] = data.get('is_enabled', False) data['is_featured'] = data.get('is_featured', False) data['approval_status'] = data.get('approval_status', None) # agency agency_title = data.get('agency', None) if agency_title: data['agency'] = agency_model_access.get_agency_by_title(agency_title['title']) if data['agency'] not in user.organizations.all(): raise errors.PermissionDenied('User is not in this organization') else: data['agency'] = user.organizations.all()[0] # listing_type type_title = data.get('listing_type', None) if type_title: data['listing_type'] = model_access.get_listing_type_by_title( data['listing_type']['title']) else: data['listing_type'] = None # small_icon small_icon = data.get('small_icon', None) if small_icon: data['small_icon'] = image_model_access.get_image_by_id( data['small_icon']['id']) else: data['small_icon'] = None # large_icon large_icon = data.get('large_icon', None) if large_icon: data['large_icon'] = image_model_access.get_image_by_id( data['large_icon']['id']) else: data['large_icon'] = None # banner_icon banner_icon = data.get('banner_icon', None) if banner_icon: data['banner_icon'] = image_model_access.get_image_by_id( data['banner_icon']['id']) else: data['banner_icon'] = None # large_banner_icon large_banner_icon = data.get('large_banner_icon', None) if large_banner_icon: data['large_banner_icon'] = image_model_access.get_image_by_id( data['large_banner_icon']['id']) else: data['large_banner_icon'] = None if 'contacts' in data: required_fields = ['email', 'name', 'contact_type'] for contact in data['contacts']: if 'secure_phone' not in contact: contact['secure_phone'] = None if 'unsecure_phone' not in contact: contact['unsecure_phone'] = None for field in required_fields: if field not in contact: raise serializers.ValidationError( 'Contact requires a %s' % field) owners = [] if 'owners' in data: for owner in data['owners']: owners.append(generic_model_access.get_profile( owner['user']['username'])) data['owners'] = owners categories = [] if 'categories' in data: for category in data['categories']: categories.append(category_model_access.get_category_by_title( category['title'])) data['categories'] = categories # tags will be created (if necessary) in create() if 'tags' in data: pass intents = [] if 'intents' in data: for intent in data['intents']: intents.append(intent_model_access.get_intent_by_action( intent['action'])) data['intents'] = intents # doc urls will be created in create() if 'doc_urls' in data: pass # screenshots will be created in create() if 'screenshots' in data: pass logger.debug('leaving ListingSerializer.validate') return data
def validate_listing(serializer_instance, data): # TODO Put in listing model_access.py access_control_instance = plugin_manager.get_system_access_control_plugin() profile = generic_model_access.get_profile(serializer_instance.context['request'].user.username) # This checks to see if value exist as a key and value is not None if not data.get('title'): raise serializers.ValidationError('Title is required') if 'security_marking' not in data: raise serializers.ValidationError('Security Marking is Required') # Assign a default security_marking level if none is provided if not data.get('security_marking'): data['security_marking'] = constants.DEFAULT_SECURITY_MARKING if not access_control_instance.validate_marking(data['security_marking']): raise serializers.ValidationError('Security Marking Format is Invalid') # Don't allow user to select a security marking that is above # their own access level if not system_has_access_control(profile.user.username, data.get('security_marking')): raise serializers.ValidationError('Security marking too high for current user') # Don't allow 2nd-party user to be an submit/edit a listing if system_anonymize_identifiable_data(profile.user.username): raise serializers.ValidationError('Permissions are invalid for current profile') # TODO: errors.PermissionDenied instead of serializers.ValidationError data['description'] = data.get('description') data['launch_url'] = data.get('launch_url') data['version_name'] = data.get('version_name') data['unique_name'] = data.get('unique_name') data['what_is_new'] = data.get('what_is_new') data['description_short'] = data.get('description_short') data['usage_requirements'] = data.get('usage_requirements') data['system_requirements'] = data.get('system_requirements') data['is_private'] = data.get('is_private') data['security_marking'] = data.get('security_marking') # only checked on update, not create data['is_enabled'] = data.get('is_enabled') data['is_508_compliant'] = data.get('is_508_compliant') data['is_featured'] = data.get('is_featured') data['approval_status'] = data.get('approval_status') # Agency agency_title = None if data.get('agency') is None else data.get('agency', {}).get('title') if agency_title: data['agency'] = agency_model_access.get_agency_by_title(agency_title) if data['agency'] is None: raise serializers.ValidationError('Invalid Agency') else: data['agency'] = profile.organizations.all()[0] # Listing Type type_title = None if data.get('listing_type') is None else data.get('listing_type', {}).get('title') if type_title: data['listing_type'] = model_access.get_listing_type_by_title(type_title) else: data['listing_type'] = None # Images image_keys = ['small_icon', 'large_icon', 'banner_icon', 'large_banner_icon'] for image_key in image_keys: current_image_value = data.get(image_key) if current_image_value: if 'id' not in current_image_value: raise serializers.ValidationError('Image({!s}) requires a {!s}'.format(image_key, 'id')) if current_image_value.get('security_marking') is None: current_image_value['security_marking'] = constants.DEFAULT_SECURITY_MARKING if not access_control_instance.validate_marking(current_image_value['security_marking']): raise errors.InvalidInput('{!s} Security Marking is invalid'.format(image_key)) else: data[image_key] = None # Screenshot screenshots = data.get('screenshots') if screenshots is not None: screenshots_out = [] image_require_fields = ['id'] for screenshot_set in screenshots: if ('small_image' not in screenshot_set or 'large_image' not in screenshot_set): raise serializers.ValidationError( 'Screenshot Set requires {0!s} fields'.format('small_image, large_icon')) screenshot_small_image = screenshot_set.get('small_image') screenshot_large_image = screenshot_set.get('large_image') for field in image_require_fields: if field not in screenshot_small_image: raise serializers.ValidationError('Screenshot Small Image requires a {0!s}'.format(field)) for field in image_require_fields: if field not in screenshot_large_image: raise serializers.ValidationError('Screenshot Large Image requires a {0!s}'.format(field)) if not screenshot_small_image.get('security_marking'): screenshot_small_image['security_marking'] = constants.DEFAULT_SECURITY_MARKING if not access_control_instance.validate_marking(screenshot_small_image['security_marking']): raise errors.InvalidInput('Security Marking is invalid') if not screenshot_large_image.get('security_marking'): screenshot_large_image['security_marking'] = constants.DEFAULT_SECURITY_MARKING if not access_control_instance.validate_marking(screenshot_large_image['security_marking']): raise errors.InvalidInput('Security Marking is invalid') screenshots_out.append(screenshot_set) data['screenshots'] = screenshots_out else: data['screenshots'] = None # Contacts if 'contacts' in data: for contact in data['contacts']: if 'name' not in contact: raise serializers.ValidationError('Contact requires [name] field') if 'email' not in contact: raise serializers.ValidationError('Contact requires [email] field') if 'secure_phone' not in contact: contact['secure_phone'] = None if 'unsecure_phone' not in contact: contact['unsecure_phone'] = None if 'contact_type' not in contact: raise serializers.ValidationError('Contact requires [contact_type] field') contact_type = contact.get('contact_type') contact_type_name = None if contact_type is None else contact_type.get('name') if not contact_type_name: raise serializers.ValidationError('Contact field requires correct format') contact_type_instance = contact_type_model_access.get_contact_type_by_name(contact_type_name) if not contact_type_instance: raise serializers.ValidationError('Contact Type [{}] not found'.format(contact_type_name)) # owners owners = [] if 'owners' in data: for owner in data['owners']: user_dict = owner.get('user') user_username = None if user_dict is None else user_dict.get('username') if not user_username: raise serializers.ValidationError('Owner field requires correct format') owner_profile = generic_model_access.get_profile(user_username) if not owner_profile: raise serializers.ValidationError('Owner Profile not found') # Don't allow user to select a security marking that is above # their own access level if not system_has_access_control(owner_profile.user.username, data.get('security_marking')): raise serializers.ValidationError('Security marking too high for current owner profile') # Don't allow 2nd-party user to be an owner of a listing if system_anonymize_identifiable_data(owner_profile.user.username): raise serializers.ValidationError('Permissions are invalid for current owner profile') owners.append(owner_profile) data['owners'] = owners # Categories categories = [] if 'categories' in data: for category in data['categories']: category_title = category.get('title') if not category_title: raise serializers.ValidationError('Categories field requires correct format') category_instance = category_model_access.get_category_by_title(category_title) if not category_instance: raise serializers.ValidationError('Category [{}] not found'.format(category_title)) categories.append(category_instance) data['categories'] = categories # Intents intents = [] if 'intents' in data: for intent in data['intents']: intent_action = intent.get('action') if not intent_action: raise serializers.ValidationError('Intent field requires correct format') intent_instance = intent_model_access.get_intent_by_action(intent_action) if not intent_instance: raise serializers.ValidationError('Intent Action [{}] not found'.format(intent_action)) intents.append(intent_instance) data['intents'] = intents # doc urls will be created in create() if 'doc_urls' in data: pass # tags will be created (if necessary) in create() if 'tags' in data: pass return data
def validate(self, data): access_control_instance = plugin_manager.get_system_access_control_plugin( ) # logger.debug('inside ListingSerializer.validate', extra={'request':self.context.get('request')}) profile = generic_model_access.get_profile( self.context['request'].user.username) # This checks to see if value exist as a key and value is not None if not data.get('title'): raise serializers.ValidationError('Title is required') if 'security_marking' not in data: raise serializers.ValidationError('Security Marking is Required') # Assign a default security_marking level if none is provided if not data.get('security_marking'): data['security_marking'] = constants.DEFAULT_SECURITY_MARKING if not access_control_instance.validate_marking( data['security_marking']): raise serializers.ValidationError( 'Security Marking Format is Invalid') # Don't allow user to select a security marking that is above # their own access level if not system_has_access_control(profile.user.username, data.get('security_marking')): raise serializers.ValidationError( 'Security marking too high for current user') data['description'] = data.get('description') data['launch_url'] = data.get('launch_url') data['version_name'] = data.get('version_name') data['unique_name'] = data.get('unique_name') data['what_is_new'] = data.get('what_is_new') data['description_short'] = data.get('description_short') data['requirements'] = data.get('requirements') data['is_private'] = data.get('is_private', False) data['security_marking'] = data.get('security_marking') # only checked on update, not create data['is_enabled'] = data.get('is_enabled', False) data['is_featured'] = data.get('is_featured', False) data['approval_status'] = data.get('approval_status') # Agency agency_title = None if data.get('agency') is None else data.get( 'agency', {}).get('title') if agency_title: data['agency'] = agency_model_access.get_agency_by_title( agency_title) if data['agency'] is None: raise serializers.ValidationError('Invalid Agency') else: data['agency'] = profile.organizations.all()[0] # Listing Type type_title = None if data.get('listing_type') is None else data.get( 'listing_type', {}).get('title') if type_title: data['listing_type'] = model_access.get_listing_type_by_title( type_title) else: data['listing_type'] = None # Images image_keys = [ 'small_icon', 'large_icon', 'banner_icon', 'large_banner_icon' ] for image_key in image_keys: current_image_value = data.get(image_key) if current_image_value: if 'id' not in current_image_value: raise serializers.ValidationError( 'Image({!s}) requires a {!s}'.format(image_key, 'id')) if current_image_value.get('security_marking') is None: current_image_value[ 'security_marking'] = constants.DEFAULT_SECURITY_MARKING if not access_control_instance.validate_marking( current_image_value['security_marking']): raise errors.InvalidInput( '{!s} Security Marking is invalid'.format(image_key)) else: data[image_key] = None # Screenshot screenshots = data.get('screenshots') if screenshots is not None: screenshots_out = [] image_require_fields = ['id'] for screenshot_set in screenshots: if ('small_image' not in screenshot_set or 'large_image' not in screenshot_set): raise serializers.ValidationError( 'Screenshot Set requires {0!s} fields'.format( 'small_image, large_icon')) screenshot_small_image = screenshot_set.get('small_image') screenshot_large_image = screenshot_set.get('large_image') for field in image_require_fields: if field not in screenshot_small_image: raise serializers.ValidationError( 'Screenshot Small Image requires a {0!s}'.format( field)) for field in image_require_fields: if field not in screenshot_large_image: raise serializers.ValidationError( 'Screenshot Large Image requires a {0!s}'.format( field)) if not screenshot_small_image.get('security_marking'): screenshot_small_image[ 'security_marking'] = constants.DEFAULT_SECURITY_MARKING if not access_control_instance.validate_marking( screenshot_small_image['security_marking']): raise errors.InvalidInput('Security Marking is invalid') if not screenshot_large_image.get('security_marking'): screenshot_large_image[ 'security_marking'] = constants.DEFAULT_SECURITY_MARKING if not access_control_instance.validate_marking( screenshot_large_image['security_marking']): raise errors.InvalidInput('Security Marking is invalid') screenshots_out.append(screenshot_set) data['screenshots'] = screenshots_out else: data['screenshots'] = None # Contacts if 'contacts' in data: for contact in data['contacts']: if 'name' not in contact: raise serializers.ValidationError( 'Contact requires [name] field') if 'email' not in contact: raise serializers.ValidationError( 'Contact requires [email] field') if 'secure_phone' not in contact: contact['secure_phone'] = None if 'unsecure_phone' not in contact: contact['unsecure_phone'] = None if 'contact_type' not in contact: raise serializers.ValidationError( 'Contact requires [contact_type] field') contact_type = contact.get('contact_type') contact_type_name = None if contact_type is None else contact_type.get( 'name') if not contact_type_name: raise serializers.ValidationError( 'Contact field requires correct format') contact_type_instance = contact_type_model_access.get_contact_type_by_name( contact_type_name) if not contact_type_instance: raise serializers.ValidationError( 'Contact Type [{}] not found'.format( contact_type_name)) # owners owners = [] if 'owners' in data: for owner in data['owners']: user_dict = owner.get('user') user_username = None if user_dict is None else user_dict.get( 'username') if not user_username: raise serializers.ValidationError( 'Owner field requires correct format') owner_profile = generic_model_access.get_profile(user_username) if not owner_profile: raise serializers.ValidationError( 'Owner Profile not found') # Don't allow user to select a security marking that is above # their own access level if not system_has_access_control(owner_profile.user.username, data.get('security_marking')): raise serializers.ValidationError( 'Security marking too high for current owner profile') owners.append(owner_profile) data['owners'] = owners # Categories categories = [] if 'categories' in data: for category in data['categories']: category_title = category.get('title') if not category_title: raise serializers.ValidationError( 'Categories field requires correct format') category_instance = category_model_access.get_category_by_title( category_title) if not category_instance: raise serializers.ValidationError( 'Category [{}] not found'.format(category_title)) categories.append(category_instance) data['categories'] = categories # Intents intents = [] if 'intents' in data: for intent in data['intents']: intent_action = intent.get('action') if not intent_action: raise serializers.ValidationError( 'Intent field requires correct format') intent_instance = intent_model_access.get_intent_by_action( intent_action) if not intent_instance: raise serializers.ValidationError( 'Intent Action [{}] not found'.format(intent_action)) intents.append(intent_instance) data['intents'] = intents # doc urls will be created in create() if 'doc_urls' in data: pass # tags will be created (if necessary) in create() if 'tags' in data: pass # logger.debug('leaving ListingSerializer.validate', extra={'request':self.context.get('request')}) return data