def test_can_execute_constitution(self): """Test that users with can_execute permissions can execute any constitution action and mark it as 'passed'""" all_actions_fail_policy = { **all_actions_pass_policy, "check": "return FAILED", } policy = ConstitutionPolicy( **all_actions_fail_policy, community=self.community, description="all actions fail", name="all actions fail", ) policy.save() # create a test user with can_execute permissions for PolicykitAddCommunityDoc can_add = Permission.objects.get( name="Can add policykit add community doc") can_execute = Permission.objects.get( name="Can execute policykit add community doc") user_with_can_execute = SlackUser.objects.create( username="******", community=self.community) user_with_can_execute.user_permissions.add(can_add) user_with_can_execute.user_permissions.add(can_execute) self.assertTrue( user_with_can_execute.has_perm( "policyengine.add_policykitaddcommunitydoc")) self.assertTrue( user_with_can_execute.has_perm( "policyengine.can_execute_policykitaddcommunitydoc")) # action initiated by user with "can_execute" should pass action = PolicykitAddCommunityDoc(name="my doc", initiator=user_with_can_execute, community=self.community) action.save() self.assertEqual(action.proposal.status, "passed") # action initiated by user without "can_execute" should fail action = PolicykitAddCommunityDoc(name="my other doc", initiator=self.user, community=self.community) action.save() self.assertEqual(action.proposal.status, "failed")
def test_cannot_propose_constitution(self): """Test that action fails when a user does not have permission to propose constitution change""" policy = ConstitutionPolicy( **all_actions_pass_policy, community=self.community, description="all actions pass", name="all actions pass", ) policy.save() # action initiated by user without "can_add" should fail user = SlackUser.objects.create(username="******", community=self.community) self.assertEqual( user.has_perm("policyengine.add_policykitaddcommunitydoc"), False) action = PolicykitAddCommunityDoc(name="my doc", initiator=user, community=self.community) action.save() action.refresh_from_db( ) # test that it was saved to the db with correct proposal self.assertEqual(action.proposal.status, "failed") # action initiated by user with "can_add" should pass user = SlackUser.objects.create(username="******", community=self.community) can_add = Permission.objects.get( name="Can add policykit add community doc") user.user_permissions.add(can_add) self.assertTrue( user.has_perm("policyengine.add_policykitaddcommunitydoc")) action = PolicykitAddCommunityDoc(name="my other doc", initiator=user, community=self.community) action.save() action.refresh_from_db( ) # test that it was saved to the db with correct proposal self.assertEqual(action.proposal.status, "passed")
def init_kit(self, community, creator_token=None): for policy in self.genericpolicy_set.all(): if policy.is_constitution: p = ConstitutionPolicy() p.community = community p.filter = policy.filter p.initialize = policy.initialize p.check = policy.check p.notify = policy.notify p.success = policy.success p.fail = policy.fail p.description = policy.description p.name = policy.name proposal = Proposal.objects.create(author=None, status=Proposal.PASSED) p.proposal = proposal p.save() else: p = PlatformPolicy() p.community = community p.filter = policy.filter p.initialize = policy.initialize p.check = policy.check p.notify = policy.notify p.success = policy.success p.fail = policy.fail p.description = policy.description p.name = policy.name proposal = Proposal.objects.create(author=None, status=Proposal.PASSED) p.proposal = proposal p.save() for role in self.genericrole_set.all(): c = None if role.is_base_role: c = community.base_role role.is_base_role = False else: c = CommunityRole() c.community = community c.role_name = role.role_name c.name = "Discord: " + community.community_name + ": " + role.role_name c.description = role.description c.save() for perm in role.permissions.all(): c.permissions.add(perm) jsonDec = json.decoder.JSONDecoder() perm_set = jsonDec.decode(role.plat_perm_set) if 'view' in perm_set: for perm in DISCORD_VIEW_PERMS: p1 = Permission.objects.get(name=perm) c.permissions.add(p1) if 'propose' in perm_set: for perm in DISCORD_PROPOSE_PERMS: p1 = Permission.objects.get(name=perm) c.permissions.add(p1) if 'execute' in perm_set: for perm in DISCORD_EXECUTE_PERMS: p1 = Permission.objects.get(name=perm) c.permissions.add(p1) if role.user_group == "admins": group = CommunityUser.objects.filter(community = community, is_community_admin = True) for user in group: c.user_set.add(user) elif role.user_group == "nonadmins": group = CommunityUser.objects.filter(community = community, is_community_admin = False) for user in group: c.user_set.add(user) elif role.user_group == "all": group = CommunityUser.objects.filter(community = community) for user in group: c.user_set.add(user) elif role.user_group == "creator": user = CommunityUser.objects.get(access_token=creator_token) c.user_set.add(user) c.save()