def test_get_permissions_as_seen_by(collection, user, superuser):
"""Test getting viewable permissions as 'user'."""
# If there are no permissions, we se no permissions.
assert collection.get_permissions_as_seen_by(user) == []
# If 'user' is not cataloging admin, they don't see regular user permissions on a collection.
other_user = UserFactory()
others_non_cataloging_admin_permission = Permission(user=other_user, collection=collection,
cataloging_admin=False).save_as(superuser)
assert others_non_cataloging_admin_permission not in \
collection.get_permissions_as_seen_by(user)
# 'user' sees own and cataloging admin permissions on a collection.
users_own_permission = Permission(user=user, collection=collection,
cataloging_admin=False).save_as(superuser)
third_user = UserFactory()
thirds_cataloging_admin_permission = Permission(user=third_user, collection=collection,
cataloging_admin=True).save_as(superuser)
assert len(collection.get_permissions_as_seen_by(user)) == 2
assert users_own_permission in collection.get_permissions_as_seen_by(user)
assert thirds_cataloging_admin_permission in collection.get_permissions_as_seen_by(user)
# When 'user' becomes a cataloging admin on a collection, they sees all permissions.
users_own_permission.cataloging_admin = True
users_own_permission.save()
assert len(collection.get_permissions_as_seen_by(user)) == 3
assert others_non_cataloging_admin_permission in collection.get_permissions_as_seen_by(user)
assert users_own_permission in collection.get_permissions_as_seen_by(user)
assert thirds_cataloging_admin_permission in collection.get_permissions_as_seen_by(user)
# As a system admin, you see all permissions on a collection.
assert len(superuser.permissions) == 0
assert len(collection.get_permissions_as_seen_by(superuser)) == 3
def test_created_at_defaults_to_datetime(superuser, user, collection):
"""Test creation date."""
permission = Permission(user=user, collection=collection)
permission.save_as(superuser)
assert bool(permission.created_at)
assert isinstance(permission.created_at, datetime)
def test_get_by_id(superuser, user, collection):
"""Get permission by ID."""
permission = Permission(user=user, collection=collection)
permission.save_as(superuser)
retrieved = Permission.get_by_id(permission.id)
assert retrieved == permission
def test_get_permissions_as_seen_by_other_user(user, superuser):
"""Test getting permissions for someone as regular user."""
collection1, collection2 = CollectionFactory(), CollectionFactory()
Permission(user=superuser, collection=collection1, cataloging_admin=True).save_as(superuser)
col2_permission = Permission(user=superuser, collection=collection2,
cataloging_admin=False).save_as(superuser)
# If we have no permissions, we see no permissions
assert superuser.get_permissions_as_seen_by(user) == []
# If we only have non-cataloging admin permissions, we see no permissions
Permission(user=user, collection=collection1, cataloging_admin=False).save_as(superuser)
assert superuser.get_permissions_as_seen_by(user) == []
# If we have cataloging admin permissions, we see permissions for that collection
Permission(user=user, collection=collection2, cataloging_admin=True).save_as(superuser)
assert superuser.get_permissions_as_seen_by(user) == [col2_permission]
def test_is_cataloging_admin_for(user, collection, superuser):
"""Test is_cataloging_admin_for return value."""
other_collection = CollectionFactory()
not_admin_permission = Permission(user=user, collection=collection,
cataloging_admin=False).save_as(superuser)
admin_permission = Permission(user=user, collection=other_collection,
cataloging_admin=True).save_as(superuser)
assert user.is_cataloging_admin_for(not_admin_permission.collection) is False
assert user.is_cataloging_admin_for(admin_permission.collection) is True
assert user.is_cataloging_admin_for(admin_permission.collection,
not_admin_permission.collection) is False
not_admin_permission.cataloging_admin = True
now_also_admin_permission = not_admin_permission.save()
assert user.is_cataloging_admin_for(admin_permission.collection,
now_also_admin_permission.collection) is True
def test_adding_permissions(collection):
"""Grant a permission to a user."""
user = UserFactory()
user.save()
permission = Permission(user=user, collection=collection)
permission.save_as(user)
assert permission in user.permissions
def test_adding_permissions(superuser, user):
"""Add a permission on the collection."""
collection = CollectionFactory()
collection.save()
permission = Permission(user=user, collection=collection)
permission.save_as(superuser)
assert permission in collection.permissions
def test_has_any_permission_for(user, collection, superuser):
"""Test has_any_permission_for return value."""
other_collection = CollectionFactory()
regular_permission = Permission(user=user, collection=other_collection,
cataloging_admin=False).save_as(superuser)
assert user.has_any_permission_for(collection) is False
regular_permission.collection = collection
regular_permission.save()
assert user.has_any_permission_for(collection) is True
def test_is_cataloging_admin(superuser, user):
"""Test is_cataloging_admin return value."""
collection1, collection2 = CollectionFactory(), CollectionFactory()
not_admin_permission = Permission(user=user, collection=collection1,
cataloging_admin=False).save_as(superuser)
admin_permission = Permission(user=user, collection=collection2,
cataloging_admin=True).save_as(superuser)
assert not_admin_permission in user.permissions and admin_permission in user.permissions
assert user.is_cataloging_admin is True
admin_permission.delete()
assert admin_permission not in user.permissions
assert user.is_cataloging_admin is False
not_admin_permission.delete()
assert user.permissions == []
assert user.is_cataloging_admin is False
def test_removing_permissions(collection):
"""Withdraw permission from a user."""
user = UserFactory()
user.save()
permission = Permission(user=user, collection=collection)
permission.save_as(user)
permission.delete()
assert permission not in user.permissions
def test_removing_permissions(superuser, user):
"""Remove the permissions an a collection."""
collection = CollectionFactory()
collection.save()
permission = Permission(user=user, collection=collection)
permission.save_as(superuser)
permission.delete()
assert permission not in collection.permissions
def test_delete_all_by_user(db, user, superuser, collection):
"""Delete all permissions for a specific user."""
permission = Permission(user=user, collection=collection)
permission.save_as(superuser)
other_permission = PermissionFactory()
db.session.commit()
Permission.delete_all_by_user(user)
permissions = Permission.query.all()
assert permission not in permissions
assert [other_permission] == permissions
def test_modified_at_defaults_to_current_datetime(superuser, user, collection):
"""Test modified date."""
permission = Permission(user=user, collection=collection)
permission.save_as(superuser)
first_modified_at = permission.modified_at
assert abs((first_modified_at - permission.created_at).total_seconds()) < 10
permission.registrant = not permission.registrant
permission.save()
assert first_modified_at != permission.modified_at
def test_created_by_and_modified_by_is_updated(superuser, user, collection):
"""Test created/modified by."""
permission = Permission(user=user, collection=collection)
permission.save_as(superuser)
assert permission.created_by_id == superuser.id
assert permission.created_by == superuser
assert permission.modified_by_id == superuser.id
assert permission.modified_by == superuser
# Another superuser updates something in the permission.
another_superuser = SuperUserFactory()
permission.update_as(another_superuser, commit=True, cataloger=not permission.cataloger)
assert permission.created_by == superuser
assert permission.modified_by == another_superuser