def test_active_user_can_dabs_cgac_writer(database, monkeypatch,
user_constants):
user_cgac, other_cgac = [CGACFactory() for _ in range(2)]
user_writer = UserFactory(affiliations=[
UserAffiliation(cgac=user_cgac,
permission_type_id=PERMISSION_TYPE_DICT['writer'])
])
database.session.add_all([user_cgac, other_cgac, user_writer])
database.session.commit()
monkeypatch.setattr(permissions, 'g', Mock(user=user_writer))
# has permission level, but wrong agency
assert not permissions.active_user_can('reader',
cgac_code=other_cgac.cgac_code)
assert not permissions.active_user_can('writer',
cgac_code=other_cgac.cgac_code)
# has agency, but not permission level
assert not permissions.active_user_can('submitter',
cgac_code=user_cgac.cgac_code)
assert not permissions.active_user_can('editfabs',
cgac_code=user_cgac.cgac_code)
assert not permissions.active_user_can('fabs',
cgac_code=user_cgac.cgac_code)
# right agency, right permission
assert permissions.active_user_can('reader', cgac_code=user_cgac.cgac_code)
assert permissions.active_user_can('writer', cgac_code=user_cgac.cgac_code)
# wrong permission level, wrong agency, but superuser
user_writer.website_admin = True
assert permissions.active_user_can('submitter',
cgac_code=other_cgac.cgac_code)
def test_current_user_can_dabs_frec_reader(database, monkeypatch, user_constants):
user_cgac, other_cgac = [CGACFactory() for _ in range(2)]
user_frec, other_frec = FRECFactory(cgac=user_cgac), FRECFactory(cgac=other_cgac)
user_reader = UserFactory(affiliations=[
UserAffiliation(frec=user_frec, permission_type_id=PERMISSION_TYPE_DICT['reader'])
])
database.session.add_all([user_cgac, other_cgac, user_frec, other_frec, user_reader])
database.session.commit()
monkeypatch.setattr(permissions, 'g', Mock(user=user_reader))
# has permission level, but wrong agency
assert not permissions.current_user_can('reader', frec_code=other_frec.frec_code)
# has agency, but not permission level
assert not permissions.current_user_can('writer', frec_code=user_frec.frec_code)
assert not permissions.current_user_can('submitter', frec_code=user_frec.frec_code)
assert not permissions.current_user_can('editfabs', cgac_code=user_frec.frec_code)
assert not permissions.current_user_can('fabs', cgac_code=user_frec.frec_code)
# right agency, right permission
assert permissions.current_user_can('reader', frec_code=user_frec.frec_code)
# wrong permission level, wrong agency, but superuser
user_reader.website_admin = True
assert permissions.current_user_can('submitter', frec_code=other_frec.frec_code)
def test_current_user_can_multiple_fabs_permissions(database, monkeypatch, user_constants):
user_cgac, other_cgac = [CGACFactory() for _ in range(2)]
user_fabs = UserFactory(affiliations=[
UserAffiliation(cgac=user_cgac, permission_type_id=ALL_PERMISSION_TYPES_DICT['editfabs']),
UserAffiliation(cgac=user_cgac, permission_type_id=ALL_PERMISSION_TYPES_DICT['fabs'])
])
database.session.add_all([user_cgac, other_cgac, user_fabs])
database.session.commit()
monkeypatch.setattr(permissions, 'g', Mock(user=user_fabs))
# has permission level, but wrong agency
assert not permissions.current_user_can('reader', cgac_code=other_cgac.cgac_code)
assert not permissions.current_user_can('editfabs', cgac_code=other_cgac.cgac_code)
assert not permissions.current_user_can('fabs', cgac_code=other_cgac.cgac_code)
# has agency, but not permission level
assert not permissions.current_user_can('writer', cgac_code=user_cgac.cgac_code)
assert not permissions.current_user_can('submitter', cgac_code=user_cgac.cgac_code)
# right agency, right permission
assert permissions.current_user_can('reader', cgac_code=user_cgac.cgac_code)
assert permissions.current_user_can('editfabs', cgac_code=user_cgac.cgac_code)
assert permissions.current_user_can('fabs', cgac_code=user_cgac.cgac_code)
# wrong agency, but superuser
user_fabs.website_admin = True
assert permissions.current_user_can('fabs', cgac_code=other_cgac.cgac_code)
def test_get_accessible_agencies(database):
""" Test listing all the agencies (CGAC and FREC) that are accessible based on permissions given """
# The first cgac/frec don't have sub tiers associated, they should still show up when affiliations are present
cgacs = [CGACFactory(cgac_code=str(i), agency_name="Test Agency " + str(i)) for i in range(3)]
frec_cgac = CGACFactory()
frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)]
cgac_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(i), cgac=cgacs[i], frec=None, is_frec=False,
sub_tier_agency_name="Test Subtier Agency C" + str(i)) for i in range(1, 3)]
frec_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(3 + i), cgac=frec_cgac, frec=frecs[i], is_frec=True,
sub_tier_agency_name="Test Subtier Agency F" + str(i)) for i in range(1, 3)]
database.session.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers + frec_sub_tiers)
database.session.commit()
user = UserFactory(affiliations=[
UserAffiliation(user_affiliation_id=1, cgac=cgacs[0], frec=None,
permission_type_id=PERMISSION_TYPE_DICT['writer']),
UserAffiliation(user_affiliation_id=2, cgac=None, frec=frecs[1],
permission_type_id=PERMISSION_TYPE_DICT['reader']),
UserAffiliation(user_affiliation_id=3, cgac=None, frec=frecs[2],
permission_type_id=PERMISSION_TYPE_DICT['reader'])
])
database.session.add(user)
database.session.commit()
g.user = user
# Test one CGAC and 2 FRECs, have to decode it because we send it back as a response already
results = get_accessible_agencies()
frec_code_result = {el["frec_code"] for el in results["frec_agency_list"]}
frec_name_result = {el["agency_name"] for el in results["frec_agency_list"]}
assert len(results["cgac_agency_list"]) == 1
assert len(results["frec_agency_list"]) == 2
assert results["cgac_agency_list"][0]["agency_name"] == cgacs[0].agency_name
assert results["cgac_agency_list"][0]["cgac_code"] == cgacs[0].cgac_code
assert frec_name_result == {frecs[1].agency_name, frecs[2].agency_name}
assert frec_code_result == {frecs[1].frec_code, frecs[2].frec_code}
# Test when user is website admin, should return everything, but only 2 frecs because only 2 of the 3 have the
# frec flag
user.affiliations = []
user.website_admin = True
results = get_accessible_agencies()
assert len(results["cgac_agency_list"]) == 3
assert len(results["frec_agency_list"]) == 2
def test_current_user_can(database, monkeypatch, user_constants):
# Test CGAC DABS permissions
user_cgac, other_cgac = [CGACFactory() for _ in range(2)]
user_one = UserFactory(affiliations=[
UserAffiliation(cgac=user_cgac,
permission_type_id=PERMISSION_TYPE_DICT['writer'])
])
database.session.add_all([user_cgac, other_cgac, user_one])
database.session.commit()
monkeypatch.setattr(permissions, 'g', Mock(user=user_one))
# has permission level, but wrong agency
assert not permissions.current_user_can('reader', other_cgac.cgac_code,
None)
# has agency, but not permission level
assert not permissions.current_user_can('submitter', user_cgac.cgac_code,
None)
# right agency, right permission
assert permissions.current_user_can('writer', user_cgac.cgac_code, None)
assert permissions.current_user_can('reader', user_cgac.cgac_code, None)
# wrong permission level, wrong agency, but superuser
user_one.website_admin = True
assert permissions.current_user_can('submitter', other_cgac.cgac_code,
None)
# Test FREC DABS permissions
user_frec, other_frec = [FRECFactory(cgac=user_cgac) for _ in range(2)]
user_two = UserFactory(affiliations=[
UserAffiliation(frec=user_frec,
permission_type_id=PERMISSION_TYPE_DICT['writer'])
])
database.session.add_all([user_frec, other_frec, user_two])
database.session.commit()
monkeypatch.setattr(permissions, 'g', Mock(user=user_two))
# has permission level, but wrong agency
assert not permissions.current_user_can('reader', None,
other_frec.frec_code)
# has agency, but not permission level
assert not permissions.current_user_can('submitter', None,
user_frec.frec_code)
# right agency, right permission
assert permissions.current_user_can('writer', None, user_frec.frec_code)
assert permissions.current_user_can('reader', None, user_frec.frec_code)
# wrong permission level, wrong agency, but superuser
user_two.website_admin = True
assert permissions.current_user_can('submitter', None,
other_frec.frec_code)
# Test FABS permissions
user_three = UserFactory(affiliations=[
UserAffiliation(cgac=user_cgac,
permission_type_id=PERMISSION_SHORT_DICT['f'])
])
database.session.add(user_three)
database.session.commit()
monkeypatch.setattr(permissions, 'g', Mock(user=user_three))
# has permission level, but wrong agency
assert not permissions.current_user_can('fabs', other_cgac.cgac_code, None)
# has agency, but not permission level
assert not permissions.current_user_can('submitter', user_cgac.cgac_code,
None)
# right agency, right permission
assert permissions.current_user_can('fabs', user_cgac.cgac_code, None)
# wrong permission level, wrong agency, but superuser
user_three.website_admin = True
assert permissions.current_user_can('submitter', other_cgac.cgac_code,
None)
def test_current_user_can(database, monkeypatch, user_constants):
# Test CGAC DABS permissions
user_cgac, other_cgac = [CGACFactory() for _ in range(2)]
user_one = UserFactory(affiliations=[
UserAffiliation(cgac=user_cgac, permission_type_id=PERMISSION_TYPE_DICT['writer'])
])
database.session.add_all([user_cgac, other_cgac, user_one])
database.session.commit()
monkeypatch.setattr(permissions, 'g', Mock(user=user_one))
# has permission level, but wrong agency
assert not permissions.current_user_can('reader', other_cgac.cgac_code, None)
# has agency, but not permission level
assert not permissions.current_user_can('submitter', user_cgac.cgac_code, None)
# right agency, right permission
assert permissions.current_user_can('writer', user_cgac.cgac_code, None)
assert permissions.current_user_can('reader', user_cgac.cgac_code, None)
# wrong permission level, wrong agency, but superuser
user_one.website_admin = True
assert permissions.current_user_can('submitter', other_cgac.cgac_code, None)
# Test FREC DABS permissions
user_frec, other_frec = [FRECFactory(cgac=user_cgac) for _ in range(2)]
user_two = UserFactory(affiliations=[
UserAffiliation(frec=user_frec, permission_type_id=PERMISSION_TYPE_DICT['writer'])
])
database.session.add_all([user_frec, other_frec, user_two])
database.session.commit()
monkeypatch.setattr(permissions, 'g', Mock(user=user_two))
# has permission level, but wrong agency
assert not permissions.current_user_can('reader', None, other_frec.frec_code)
# has agency, but not permission level
assert not permissions.current_user_can('submitter', None, user_frec.frec_code)
# right agency, right permission
assert permissions.current_user_can('writer', None, user_frec.frec_code)
assert permissions.current_user_can('reader', None, user_frec.frec_code)
# wrong permission level, wrong agency, but superuser
user_two.website_admin = True
assert permissions.current_user_can('submitter', None, other_frec.frec_code)
# Test FABS permissions
user_three = UserFactory(affiliations=[
UserAffiliation(cgac=user_cgac, permission_type_id=PERMISSION_SHORT_DICT['f'])
])
database.session.add(user_three)
database.session.commit()
monkeypatch.setattr(permissions, 'g', Mock(user=user_three))
# has permission level, but wrong agency
assert not permissions.current_user_can('fabs', other_cgac.cgac_code, None)
# has agency, but not permission level
assert not permissions.current_user_can('submitter', user_cgac.cgac_code, None)
# right agency, right permission
assert permissions.current_user_can('fabs', user_cgac.cgac_code, None)
# wrong permission level, wrong agency, but superuser
user_three.website_admin = True
assert permissions.current_user_can('submitter', other_cgac.cgac_code, None)
