Skip to content

Commit

Permalink
[#2939] group tests and cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
@kindly
kindly committed Nov 16, 2012
1 parent 729ff64 commit 1208e16
Showing 1 changed file with 169 additions and 76 deletions.
245 changes: 169 additions & 76 deletions ckan/tests/logic/test_auth.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,7 @@
'create_unowned_dataset': False,
}

new_authz.CONFIG_PERMISSIONS.update(INITIAL_TEST_CONFIG_PERMISSIONS)

class TestAction(tests.WsgiAppCase):

class TestAuth(tests.WsgiAppCase):
@classmethod
def setup_class(cls):
admin_api = get_action('get_site_user')(
Expand All @@ -26,7 +23,7 @@ def setup_class(cls):
## add apikeys as they go along
cls.apikeys = {'sysadmin': admin_api, 'random_key': 'moo'}

cls.old_perm = new_authz.CONFIG_PERMISSIONS
cls.old_perm = new_authz.CONFIG_PERMISSIONS.copy()
new_authz.CONFIG_PERMISSIONS.update(INITIAL_TEST_CONFIG_PERMISSIONS)

@classmethod
Expand All @@ -41,128 +38,224 @@ def _action_post(self, action, data, user, status=None):
extra_environ={'Authorization': self.apikeys[user]},
status=status)

def test_1_create_orgs(self):
org = {'name': 'org_no_user',}
self._action_post('organization_create', org, 'random_key', 403)
self._action_post('organization_create', org, 'sysadmin')
def create_user(self, name):
user = {'name': name,
'password': 'pass',
'email': 'moo@moo.com'}
res = self._action_post('user_create', user, 'sysadmin', 200)
self.apikeys[name] = str(json.loads(res.body)['result']['apikey'])

org = {'name': 'org_with_user',}
self._action_post('organization_create', org, 'random_key', 403)
self._action_post('organization_create', org, 'sysadmin')

def test_2_create_users(self):
class TestAuthOrgs(TestAuth):

def test_01_create_users(self):
self.create_user('admin')
self.create_user('no_org')
self.create_user('editor')
self.create_user('editor_wannabe')

user = {'name': 'user_no_auth',
'password': 'pass',
'email': 'moo@moo.com'}

self._action_post('user_create', user, 'random_key', 403)
res = self._action_post('user_create', user, 'sysadmin')
self._action_post('user_create', user, 'no_org', 403)

self.apikeys['no_org'] = str(json.loads(res.body)['result']['apikey'])
def test_02_create_orgs(self):
org = {'name': 'org_no_user',}
self._action_post('organization_create', org, 'random_key', 403)
self._action_post('organization_create', org, 'sysadmin')

self._action_post('user_create', user, 'no_org', 403)
org = {'name': 'org_with_user',}
self._action_post('organization_create', org, 'random_key', 403)
self._action_post('organization_create', org, 'sysadmin')

def test_3_create_dataset_no_org(self):
#no user should be able to create group
self._action_post('organization_create', org, 'admin', 403)

def test_03_create_dataset_no_org(self):

dataset = {'name': 'admin_create_no_org'}
res = self._action_post('package_create', dataset, 'sysadmin', 200)
res = self._action_post('package_create', dataset, 'sysadmin', 409)

dataset = {'name': 'should_not_be_created'}
res = self._action_post('package_create', dataset, 'no_org', 403)

def test_4_create_dataset_with_org(self):
def test_04_create_dataset_with_org(self):

dataset = {'name': 'admin_create_with_org'}
dataset = {'name': 'admin_create_with_user', 'owner_org': 'org_with_user'}
res = self._action_post('package_create', dataset, 'sysadmin', 200)

dataset = {'name': 'should_not_be_created2'}
res = self._action_post('package_create', dataset, 'no_org', 403)
dataset = {'name': 'sysadmin_create_no_user', 'owner_org': 'org_no_user'}
res = self._action_post('package_create', dataset, 'sysadmin', 200)

def test_5_add_users_to_org(self):
dataset = {'name': 'user_create_with_org', 'owner_org': 'org_with_user'}
res = self._action_post('package_create', dataset, 'no_org', 403)

## add admin user
user = {'name': 'admin',
'password': 'pass',
'email': 'moo@moo.com'}
res = self._action_post('user_create', user, 'sysadmin')
self.apikeys['admin'] = str(json.loads(res.body)['result']['apikey'])
def test_05_add_users_to_org(self):

member = {'username': 'admin',
'role': 'admin',
'id': 'org_with_user'}
self._action_post('organization_member_create', member, 'sysadmin')

## add editor user,
user = {'name': 'editor',
'password': 'pass',
'email': 'moo@moo.com'}
res = self._action_post('user_create', user, 'sysadmin')
self.apikeys['editor'] = str(json.loads(res.body)['result']['apikey'])

## admin user should be able to add users now
member = {'username': 'editor',
'role': 'editor',
'id': 'org_with_user'}
self._action_post('organization_member_create', member, 'admin')

## add disallowed editor.
user = {'name': 'editor_wannabe',
'password': 'pass',
'email': 'moo@moo.com'}
res = self._action_post('user_create', user, 'sysadmin')
self.apikeys['editor_wannabe'] = str(json.loads(res.body)['result']['apikey'])

## admin user should be able to add users now
## editor should not be able to approve others as editors
member = {'username': 'editor_wannabe',
'role': 'editor',
'id': 'org_with_user'}
self._action_post('organization_member_create', member, 'editor', 403)

def _add_datasets(self, user):

def test_6_admin_add_datasets(self):

#org admin should be able to add dataset to group.
dataset = {'name': 'admin_dataset', 'owner_org': 'org_with_user'}
res = self._action_post('package_create', dataset, 'admin', 200)
#org admin/editor should be able to add dataset to group.
dataset = {'name': user + '_dataset', 'owner_org': 'org_with_user'}
res = self._action_post('package_create', dataset, user, 200)

#not able to add dataset to org admin does not belong to.
dataset = {'name': 'admin_dataset_bad', 'owner_org': 'org_no_user'}
res = self._action_post('package_create', dataset, 'admin', 409)
dataset = {'name': user + '_dataset_bad', 'owner_org': 'org_no_user'}
res = self._action_post('package_create', dataset, user, 409)

#admin not able to make dataset not owned by a group
dataset = {'name': 'admin_dataset_bad' }
res = self._action_post('package_create', dataset, 'admin', 409)
dataset = {'name': user + '_dataset_bad' }
res = self._action_post('package_create', dataset, user, 409)

#not able to add org to not existant group
dataset = {'name': 'admin_dataset_bad', 'owner_org': 'org_not_exist' }
res = self._action_post('package_create', dataset, 'admin', 409)
dataset = {'name': user + '_dataset_bad', 'owner_org': 'org_not_exist' }
res = self._action_post('package_create', dataset, user, 409)

def test_7_editor_add_datasets(self):
##same as admin
dataset = {'name': 'editor_dataset', 'owner_org': 'org_with_user'}
res = self._action_post('package_create', dataset, 'editor', 200)
def test_07_add_datasets(self):
self._add_datasets('admin')
self._add_datasets('editor')

dataset = {'name': 'editor_dataset_bad', 'owner_org': 'org_no_user'}
res = self._action_post('package_create', dataset, 'editor', 409)
def _update_datasets(self, user):
##editor/admin should be able to update dataset
dataset = {'id': 'editor_dataset', 'title': 'test'}
res = self._action_post('package_update', dataset, user, 200)
# editor/admin tries to change owner org
dataset = {'id': 'editor_dataset', 'owner_org': 'org_no_user'}
res = self._action_post('package_update', dataset, user, 409)
# editor/admin tries to update dataset in different org
dataset = {'id': 'sysadmin_create_no_user', 'title': 'test'}
res = self._action_post('package_update', dataset, user, 403)
#non existant owner org
dataset = {'id': 'editor_dataset', 'owner_org': 'org_not_exist' }
res = self._action_post('package_update', dataset, user, 409)

def test_08_update_datasets(self):
self._update_datasets('admin')
self._update_datasets('editor')

def _delete_datasets(self, user):
#editor/admin should be able to update dataset
dataset = {'id': 'editor_dataset'}
res = self._action_post('package_delete', dataset, user, 200)
#not able to delete dataset in group user does not belong to
dataset = {'id': 'sysadmin_create_no_user'}
res = self._action_post('package_delete', dataset, user, 403)

def test_09_delete_datasets(self):
self._delete_datasets('admin')
self._delete_datasets('editor')

def test_10_edit_org(self):
org = {'id': 'org_no_user', 'title': 'test'}
#change an org user does not belong to
res = self._action_post('organization_update', org, 'editor', 403)
res = self._action_post('organization_update', org, 'admin', 403)

#change an org a user belongs to
org = {'id': 'org_with_user', 'title': 'test'}
res = self._action_post('organization_update', org, 'editor', 403)
res = self._action_post('organization_update', org, 'admin', 200)

def test_11_delete_org(self):
org = {'id': 'org_no_user', 'title': 'test'}
res = self._action_post('organization_delete', org, 'editor', 403)
res = self._action_post('organization_delete', org, 'admin', 403)
org = {'id': 'org_with_user'}
res = self._action_post('organization_delete', org, 'editor', 403)
res = self._action_post('organization_delete', org, 'admin', 403)


class TestAuthGroups(TestAuth):

def test_01_create_groups(self):
group = {'name': 'group_no_user',}
self._action_post('group_create', group, 'random_key', 403)
self._action_post('group_create', group, 'sysadmin')

group = {'name': 'group_with_user',}
self._action_post('group_create', group, 'random_key', 403)
self._action_post('group_create', group, 'sysadmin')


def test_02_add_users_to_group(self):

self.create_user('admin')
self.create_user('editor')
self.create_user('editor_wannabe')
self.create_user('no_group')

#no owner org
dataset = {'name': 'editor_dataset_bad' }
res = self._action_post('package_create', dataset, 'editor', 409)
member = {'username': 'admin',
'role': 'admin',
'id': 'group_with_user'}
self._action_post('group_member_create', member, 'sysadmin')

#non existant owner org
dataset = {'name': 'admin_dataset_bad', 'owner_org': 'org_not_exist' }
res = self._action_post('package_create', dataset, 'editor', 409)
## admin user should be able to add users now
member = {'username': 'editor',
'role': 'editor',
'id': 'group_with_user'}
self._action_post('group_member_create', member, 'admin')

## editor should not be able to approve others as editors
member = {'username': 'editor_wannabe',
'role': 'editor',
'id': 'group_with_user'}
self._action_post('group_member_create', member, 'editor', 403)

def test_03_add_dataset_to_group(self):
org = {'name': 'org'}
self._action_post('organization_create', org, 'sysadmin')
package = {'name': 'package_added_by_admin', 'owner_org': 'org'}
self._action_post('package_create', package, 'sysadmin')
package = {'name': 'package_added_by_editor', 'owner_org': 'org'}
self._action_post('package_create', package, 'sysadmin')

group = {'id': 'group_with_user', 'packages': [{'id': 'package_added_by_admin'}]}
self._action_post('group_update', group, 'no_group', 403)
self._action_post('group_update', group, 'admin')

group = {'id': 'group_with_user',
'packages': [{'id': 'package_added_by_admin'}, {'id' :'package_added_by_editor'}]}
self._action_post('group_update', group, 'editor')

def test_04_modify_group(self):

group = {'id': 'group_with_user', 'title': 'moo',
'packages': [{'id': 'package_added_by_admin'}]}

self._action_post('group_update', group, 'admin')

###need to think about this as is horrible may just let editor edit group for this case even
## though spec says otherwise
self._action_post('group_update', group, 'editor', 403)

def test_05_delete_group(self):

org = {'id': 'group_with_user'}
res = self._action_post('group_delete', org, 'editor', 403)
res = self._action_post('group_delete', org, 'admin', 403)
org = {'id': 'group_with_user'}
res = self._action_post('group_delete', org, 'editor', 403)
res = self._action_post('group_delete', org, 'admin', 403)

def test_8_editor_update_datasets(self):

##editor should be able to update dataset
dataset = {'id': 'editor_dataset', 'title': 'test'}
res = self._action_post('package_update', dataset, 'editor', 200)

# editor tries to change owner org
dataset = {'id': 'editor_dataset', 'owner_org': 'org_no_user'}
res = self._action_post('package_update', dataset, 'editor', 409)

#non existant owner org
dataset = {'id': 'admin_dataset', 'owner_org': 'org_not_exist' }
res = self._action_post('package_update', dataset, 'editor', 409)

0 comments on commit 1208e16

Please sign in to comment.