def test_active_user_can_dabs_cgac_writer(database, monkeypatch, user_constants): user_cgac, other_cgac = [CGACFactory() for _ in range(2)] user_writer = UserFactory(affiliations=[ UserAffiliation(cgac=user_cgac, permission_type_id=PERMISSION_TYPE_DICT['writer']) ]) database.session.add_all([user_cgac, other_cgac, user_writer]) database.session.commit() monkeypatch.setattr(permissions, 'g', Mock(user=user_writer)) # has permission level, but wrong agency assert not permissions.active_user_can('reader', cgac_code=other_cgac.cgac_code) assert not permissions.active_user_can('writer', cgac_code=other_cgac.cgac_code) # has agency, but not permission level assert not permissions.active_user_can('submitter', cgac_code=user_cgac.cgac_code) assert not permissions.active_user_can('editfabs', cgac_code=user_cgac.cgac_code) assert not permissions.active_user_can('fabs', cgac_code=user_cgac.cgac_code) # right agency, right permission assert permissions.active_user_can('reader', cgac_code=user_cgac.cgac_code) assert permissions.active_user_can('writer', cgac_code=user_cgac.cgac_code) # wrong permission level, wrong agency, but superuser user_writer.website_admin = True assert permissions.active_user_can('submitter', cgac_code=other_cgac.cgac_code)
def test_current_user_can_dabs_frec_reader(database, monkeypatch, user_constants): user_cgac, other_cgac = [CGACFactory() for _ in range(2)] user_frec, other_frec = FRECFactory(cgac=user_cgac), FRECFactory(cgac=other_cgac) user_reader = UserFactory(affiliations=[ UserAffiliation(frec=user_frec, permission_type_id=PERMISSION_TYPE_DICT['reader']) ]) database.session.add_all([user_cgac, other_cgac, user_frec, other_frec, user_reader]) database.session.commit() monkeypatch.setattr(permissions, 'g', Mock(user=user_reader)) # has permission level, but wrong agency assert not permissions.current_user_can('reader', frec_code=other_frec.frec_code) # has agency, but not permission level assert not permissions.current_user_can('writer', frec_code=user_frec.frec_code) assert not permissions.current_user_can('submitter', frec_code=user_frec.frec_code) assert not permissions.current_user_can('editfabs', cgac_code=user_frec.frec_code) assert not permissions.current_user_can('fabs', cgac_code=user_frec.frec_code) # right agency, right permission assert permissions.current_user_can('reader', frec_code=user_frec.frec_code) # wrong permission level, wrong agency, but superuser user_reader.website_admin = True assert permissions.current_user_can('submitter', frec_code=other_frec.frec_code)
def test_current_user_can_multiple_fabs_permissions(database, monkeypatch, user_constants): user_cgac, other_cgac = [CGACFactory() for _ in range(2)] user_fabs = UserFactory(affiliations=[ UserAffiliation(cgac=user_cgac, permission_type_id=ALL_PERMISSION_TYPES_DICT['editfabs']), UserAffiliation(cgac=user_cgac, permission_type_id=ALL_PERMISSION_TYPES_DICT['fabs']) ]) database.session.add_all([user_cgac, other_cgac, user_fabs]) database.session.commit() monkeypatch.setattr(permissions, 'g', Mock(user=user_fabs)) # has permission level, but wrong agency assert not permissions.current_user_can('reader', cgac_code=other_cgac.cgac_code) assert not permissions.current_user_can('editfabs', cgac_code=other_cgac.cgac_code) assert not permissions.current_user_can('fabs', cgac_code=other_cgac.cgac_code) # has agency, but not permission level assert not permissions.current_user_can('writer', cgac_code=user_cgac.cgac_code) assert not permissions.current_user_can('submitter', cgac_code=user_cgac.cgac_code) # right agency, right permission assert permissions.current_user_can('reader', cgac_code=user_cgac.cgac_code) assert permissions.current_user_can('editfabs', cgac_code=user_cgac.cgac_code) assert permissions.current_user_can('fabs', cgac_code=user_cgac.cgac_code) # wrong agency, but superuser user_fabs.website_admin = True assert permissions.current_user_can('fabs', cgac_code=other_cgac.cgac_code)
def test_get_accessible_agencies(database): """ Test listing all the agencies (CGAC and FREC) that are accessible based on permissions given """ # The first cgac/frec don't have sub tiers associated, they should still show up when affiliations are present cgacs = [CGACFactory(cgac_code=str(i), agency_name="Test Agency " + str(i)) for i in range(3)] frec_cgac = CGACFactory() frecs = [FRECFactory(frec_code=str(i), cgac=frec_cgac) for i in range(3)] cgac_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(i), cgac=cgacs[i], frec=None, is_frec=False, sub_tier_agency_name="Test Subtier Agency C" + str(i)) for i in range(1, 3)] frec_sub_tiers = [SubTierAgencyFactory(sub_tier_agency_code=str(3 + i), cgac=frec_cgac, frec=frecs[i], is_frec=True, sub_tier_agency_name="Test Subtier Agency F" + str(i)) for i in range(1, 3)] database.session.add_all(cgacs + [frec_cgac] + frecs + cgac_sub_tiers + frec_sub_tiers) database.session.commit() user = UserFactory(affiliations=[ UserAffiliation(user_affiliation_id=1, cgac=cgacs[0], frec=None, permission_type_id=PERMISSION_TYPE_DICT['writer']), UserAffiliation(user_affiliation_id=2, cgac=None, frec=frecs[1], permission_type_id=PERMISSION_TYPE_DICT['reader']), UserAffiliation(user_affiliation_id=3, cgac=None, frec=frecs[2], permission_type_id=PERMISSION_TYPE_DICT['reader']) ]) database.session.add(user) database.session.commit() g.user = user # Test one CGAC and 2 FRECs, have to decode it because we send it back as a response already results = get_accessible_agencies() frec_code_result = {el["frec_code"] for el in results["frec_agency_list"]} frec_name_result = {el["agency_name"] for el in results["frec_agency_list"]} assert len(results["cgac_agency_list"]) == 1 assert len(results["frec_agency_list"]) == 2 assert results["cgac_agency_list"][0]["agency_name"] == cgacs[0].agency_name assert results["cgac_agency_list"][0]["cgac_code"] == cgacs[0].cgac_code assert frec_name_result == {frecs[1].agency_name, frecs[2].agency_name} assert frec_code_result == {frecs[1].frec_code, frecs[2].frec_code} # Test when user is website admin, should return everything, but only 2 frecs because only 2 of the 3 have the # frec flag user.affiliations = [] user.website_admin = True results = get_accessible_agencies() assert len(results["cgac_agency_list"]) == 3 assert len(results["frec_agency_list"]) == 2
def test_current_user_can(database, monkeypatch, user_constants): # Test CGAC DABS permissions user_cgac, other_cgac = [CGACFactory() for _ in range(2)] user_one = UserFactory(affiliations=[ UserAffiliation(cgac=user_cgac, permission_type_id=PERMISSION_TYPE_DICT['writer']) ]) database.session.add_all([user_cgac, other_cgac, user_one]) database.session.commit() monkeypatch.setattr(permissions, 'g', Mock(user=user_one)) # has permission level, but wrong agency assert not permissions.current_user_can('reader', other_cgac.cgac_code, None) # has agency, but not permission level assert not permissions.current_user_can('submitter', user_cgac.cgac_code, None) # right agency, right permission assert permissions.current_user_can('writer', user_cgac.cgac_code, None) assert permissions.current_user_can('reader', user_cgac.cgac_code, None) # wrong permission level, wrong agency, but superuser user_one.website_admin = True assert permissions.current_user_can('submitter', other_cgac.cgac_code, None) # Test FREC DABS permissions user_frec, other_frec = [FRECFactory(cgac=user_cgac) for _ in range(2)] user_two = UserFactory(affiliations=[ UserAffiliation(frec=user_frec, permission_type_id=PERMISSION_TYPE_DICT['writer']) ]) database.session.add_all([user_frec, other_frec, user_two]) database.session.commit() monkeypatch.setattr(permissions, 'g', Mock(user=user_two)) # has permission level, but wrong agency assert not permissions.current_user_can('reader', None, other_frec.frec_code) # has agency, but not permission level assert not permissions.current_user_can('submitter', None, user_frec.frec_code) # right agency, right permission assert permissions.current_user_can('writer', None, user_frec.frec_code) assert permissions.current_user_can('reader', None, user_frec.frec_code) # wrong permission level, wrong agency, but superuser user_two.website_admin = True assert permissions.current_user_can('submitter', None, other_frec.frec_code) # Test FABS permissions user_three = UserFactory(affiliations=[ UserAffiliation(cgac=user_cgac, permission_type_id=PERMISSION_SHORT_DICT['f']) ]) database.session.add(user_three) database.session.commit() monkeypatch.setattr(permissions, 'g', Mock(user=user_three)) # has permission level, but wrong agency assert not permissions.current_user_can('fabs', other_cgac.cgac_code, None) # has agency, but not permission level assert not permissions.current_user_can('submitter', user_cgac.cgac_code, None) # right agency, right permission assert permissions.current_user_can('fabs', user_cgac.cgac_code, None) # wrong permission level, wrong agency, but superuser user_three.website_admin = True assert permissions.current_user_can('submitter', other_cgac.cgac_code, None)
def test_current_user_can(database, monkeypatch, user_constants): # Test CGAC DABS permissions user_cgac, other_cgac = [CGACFactory() for _ in range(2)] user_one = UserFactory(affiliations=[ UserAffiliation(cgac=user_cgac, permission_type_id=PERMISSION_TYPE_DICT['writer']) ]) database.session.add_all([user_cgac, other_cgac, user_one]) database.session.commit() monkeypatch.setattr(permissions, 'g', Mock(user=user_one)) # has permission level, but wrong agency assert not permissions.current_user_can('reader', other_cgac.cgac_code, None) # has agency, but not permission level assert not permissions.current_user_can('submitter', user_cgac.cgac_code, None) # right agency, right permission assert permissions.current_user_can('writer', user_cgac.cgac_code, None) assert permissions.current_user_can('reader', user_cgac.cgac_code, None) # wrong permission level, wrong agency, but superuser user_one.website_admin = True assert permissions.current_user_can('submitter', other_cgac.cgac_code, None) # Test FREC DABS permissions user_frec, other_frec = [FRECFactory(cgac=user_cgac) for _ in range(2)] user_two = UserFactory(affiliations=[ UserAffiliation(frec=user_frec, permission_type_id=PERMISSION_TYPE_DICT['writer']) ]) database.session.add_all([user_frec, other_frec, user_two]) database.session.commit() monkeypatch.setattr(permissions, 'g', Mock(user=user_two)) # has permission level, but wrong agency assert not permissions.current_user_can('reader', None, other_frec.frec_code) # has agency, but not permission level assert not permissions.current_user_can('submitter', None, user_frec.frec_code) # right agency, right permission assert permissions.current_user_can('writer', None, user_frec.frec_code) assert permissions.current_user_can('reader', None, user_frec.frec_code) # wrong permission level, wrong agency, but superuser user_two.website_admin = True assert permissions.current_user_can('submitter', None, other_frec.frec_code) # Test FABS permissions user_three = UserFactory(affiliations=[ UserAffiliation(cgac=user_cgac, permission_type_id=PERMISSION_SHORT_DICT['f']) ]) database.session.add(user_three) database.session.commit() monkeypatch.setattr(permissions, 'g', Mock(user=user_three)) # has permission level, but wrong agency assert not permissions.current_user_can('fabs', other_cgac.cgac_code, None) # has agency, but not permission level assert not permissions.current_user_can('submitter', user_cgac.cgac_code, None) # right agency, right permission assert permissions.current_user_can('fabs', user_cgac.cgac_code, None) # wrong permission level, wrong agency, but superuser user_three.website_admin = True assert permissions.current_user_can('submitter', other_cgac.cgac_code, None)