def test__get_readable_descendants(self):
project = ProjectFactory(creator=self.user)
child = NodeFactory(parent=project, creator=self.user)
nodes, all_readable = _get_readable_descendants(auth=Auth(
project.creator),
node=project)
assert_equal(nodes[0]._id, child._id)
assert_true(all_readable)
def test__get_readable_descendants_includes_pointers(self):
project = ProjectFactory(creator=self.user)
pointed = ProjectFactory()
node_relation = project.add_pointer(pointed, auth=Auth(self.user))
project.save()
nodes, all_readable = _get_readable_descendants(auth=Auth(project.creator), node=project)
assert_equal(len(nodes), 1)
assert_equal(nodes[0].title, pointed.title)
assert_equal(nodes[0]._id, pointed._id)
assert_true(all_readable)
def test__get_readable_descendants_masked_by_permissions(self):
# Users should be able to see through components they do not have
# permissions to.
# Users should not be able to see through links to nodes they do not
# have permissions to.
#
# 1(AB)
# / | \
# * | \
# / | \
# 2(A) 4(B) 7(A)
# | | | \
# | | | \
# 3(AB) 5(B) 8(AB) 9(B)
# |
# |
# 6(A)
#
#
userA = UserFactory(fullname='User A')
userB = UserFactory(fullname='User B')
project1 = ProjectFactory(creator=self.user, title='One')
project1.add_contributor(userA,
auth=Auth(self.user),
permissions=['read'])
project1.add_contributor(userB,
auth=Auth(self.user),
permissions=['read'])
component2 = ProjectFactory(creator=self.user, title='Two')
component2.add_contributor(userA,
auth=Auth(self.user),
permissions=['read'])
component3 = ProjectFactory(creator=self.user, title='Three')
component3.add_contributor(userA,
auth=Auth(self.user),
permissions=['read'])
component3.add_contributor(userB,
auth=Auth(self.user),
permissions=['read'])
component4 = ProjectFactory(creator=self.user, title='Four')
component4.add_contributor(userB,
auth=Auth(self.user),
permissions=['read'])
component5 = ProjectFactory(creator=self.user, title='Five')
component5.add_contributor(userB,
auth=Auth(self.user),
permissions=['read'])
component6 = ProjectFactory(creator=self.user, title='Six')
component6.add_contributor(userA,
auth=Auth(self.user),
permissions=['read'])
component7 = ProjectFactory(creator=self.user, title='Seven')
component7.add_contributor(userA,
auth=Auth(self.user),
permissions=['read'])
component8 = ProjectFactory(creator=self.user, title='Eight')
component8.add_contributor(userA,
auth=Auth(self.user),
permissions=['read'])
component8.add_contributor(userB,
auth=Auth(self.user),
permissions=['read'])
component9 = ProjectFactory(creator=self.user, title='Nine')
component9.add_contributor(userB,
auth=Auth(self.user),
permissions=['read'])
project1.add_pointer(component2, Auth(self.user))
NodeRelation.objects.create(parent=project1, child=component4)
NodeRelation.objects.create(parent=project1, child=component7)
NodeRelation.objects.create(parent=component2, child=component3)
NodeRelation.objects.create(parent=component4, child=component5)
NodeRelation.objects.create(parent=component5, child=component6)
NodeRelation.objects.create(parent=component7, child=component8)
NodeRelation.objects.create(parent=component7, child=component9)
nodes, all_readable = _get_readable_descendants(auth=Auth(userA),
node=project1)
assert_equal(len(nodes), 3)
assert_false(all_readable)
for node in nodes:
assert_in(node.title, ['Two', 'Six', 'Seven'])
nodes, all_readable = _get_readable_descendants(auth=Auth(userB),
node=project1)
assert_equal(len(nodes), 3)
assert_false(all_readable)
for node in nodes:
assert_in(node.title, ['Four', 'Eight', 'Nine'])
def test__get_readable_descendants_masked_by_permissions(self):
# Users should be able to see through components they do not have
# permissions to.
# Users should not be able to see through links to nodes they do not
# have permissions to.
#
# 1(AB)
# / | \
# * | \
# / | \
# 2(A) 4(B) 7(A)
# | | | \
# | | | \
# 3(AB) 5(B) 8(AB) 9(B)
# |
# |
# 6(A)
#
#
userA = UserFactory(fullname='User A')
userB = UserFactory(fullname='User B')
project1 = ProjectFactory(creator=self.user, title='One')
project1.add_contributor(userA, auth=Auth(self.user), permissions=['read'])
project1.add_contributor(userB, auth=Auth(self.user), permissions=['read'])
component2 = ProjectFactory(creator=self.user, title='Two')
component2.add_contributor(userA, auth=Auth(self.user), permissions=['read'])
component3 = ProjectFactory(creator=self.user, title='Three')
component3.add_contributor(userA, auth=Auth(self.user), permissions=['read'])
component3.add_contributor(userB, auth=Auth(self.user), permissions=['read'])
component4 = ProjectFactory(creator=self.user, title='Four')
component4.add_contributor(userB, auth=Auth(self.user), permissions=['read'])
component5 = ProjectFactory(creator=self.user, title='Five')
component5.add_contributor(userB, auth=Auth(self.user), permissions=['read'])
component6 = ProjectFactory(creator=self.user, title='Six')
component6.add_contributor(userA, auth=Auth(self.user), permissions=['read'])
component7 = ProjectFactory(creator=self.user, title='Seven')
component7.add_contributor(userA, auth=Auth(self.user), permissions=['read'])
component8 = ProjectFactory(creator=self.user, title='Eight')
component8.add_contributor(userA, auth=Auth(self.user), permissions=['read'])
component8.add_contributor(userB, auth=Auth(self.user), permissions=['read'])
component9 = ProjectFactory(creator=self.user, title='Nine')
component9.add_contributor(userB, auth=Auth(self.user), permissions=['read'])
project1.add_pointer(component2, Auth(self.user))
NodeRelation.objects.create(parent=project1, child=component4)
NodeRelation.objects.create(parent=project1, child=component7)
NodeRelation.objects.create(parent=component2, child=component3)
NodeRelation.objects.create(parent=component4, child=component5)
NodeRelation.objects.create(parent=component5, child=component6)
NodeRelation.objects.create(parent=component7, child=component8)
NodeRelation.objects.create(parent=component7, child=component9)
nodes, all_readable = _get_readable_descendants(auth=Auth(userA), node=project1)
assert_equal(len(nodes), 3)
assert_false(all_readable)
for node in nodes:
assert_in(node.title, ['Two', 'Six', 'Seven'])
nodes, all_readable = _get_readable_descendants(auth=Auth(userB), node=project1)
assert_equal(len(nodes), 3)
assert_false(all_readable)
for node in nodes:
assert_in(node.title, ['Four', 'Eight', 'Nine'])
def test__get_readable_descendants(self):
project = ProjectFactory(creator=self.user)
child = NodeFactory(parent=project, creator=self.user)
nodes, all_readable = _get_readable_descendants(auth=Auth(project.creator), node=project)
assert_equal(nodes[0]._id, child._id)
assert_true(all_readable)
