harvester-d4science/ckanext/harvest/tests/test_auth.py

import logging
from nose.plugins.skip import SkipTest

from ckan import model
from ckan.model import Session
from ckan.lib.base import config

# TODO: remove references to old tests
try:
    from ckan.tests import CreateTestData
except ImportError:
    from ckan.tests.legacy import CreateTestData
try:
    from ckan.tests.functional.base import FunctionalTestCase
except ImportError:
    from ckan.tests.legacy.functional.base import FunctionalTestCase

from ckanext.harvest.model import HarvestSource, HarvestJob, setup as harvest_model_setup

log = logging.getLogger(__name__)


class HarvestAuthBaseCase():
    @classmethod
    def setup_class(cls):
        raise SkipTest()
        harvest_model_setup()

    @classmethod
    def teardown_class(cls):
        pass

    def _test_auth_not_allowed(self, user_name=None, source=None, status=401):

        if not source:
            # Create harvest source
            source = HarvestSource(url=u'http://test-source.com', type='ckan')
            Session.add(source)
            Session.commit()

        if user_name:
            extra_environ = {'REMOTE_USER': user_name.encode('utf8')}
        else:
            extra_environ = {}

        # List
        self.app.get('/harvest', status=status, extra_environ=extra_environ)
        # Create
        self.app.get('/harvest/new', status=status, extra_environ=extra_environ)
        # Read
        self.app.get('/harvest/%s' % source.id, status=status, extra_environ=extra_environ)
        # Edit
        self.app.get('/harvest/edit/%s' % source.id, status=status, extra_environ=extra_environ)
        # Refresh
        self.app.get('/harvest/refresh/%s' % source.id, status=status, extra_environ=extra_environ)

    def _test_auth_allowed(self, user_name, auth_profile=None):

        extra_environ = {'REMOTE_USER': user_name.encode('utf8')}

        # List
        res = self.app.get('/harvest', extra_environ=extra_environ)
        assert 'Harvesting Sources' in res

        # Create
        res = self.app.get('/harvest/new', extra_environ=extra_environ)
        assert 'New harvest source' in res
        if auth_profile == 'publisher':
            assert 'publisher_id' in res
        else:
            assert 'publisher_id' not in res

        fv = res.forms['source-new']
        fv['url'] = u'http://test-source.com'
        fv['type'] = u'ckan'
        fv['title'] = u'Test harvest source'
        fv['description'] = u'Test harvest source'
        fv['config'] = u'{"a":1,"b":2}'

        if auth_profile == 'publisher':
            fv['publisher_id'] = self.publisher1.id

        res = fv.submit('save', extra_environ=extra_environ)
        assert 'Error' not in res, res

        source = Session.query(HarvestSource).first()
        assert source.url == u'http://test-source.com'
        assert source.type == u'ckan'

        # Read
        res = self.app.get('/harvest/%s' % source.id, extra_environ=extra_environ)
        assert 'Harvest Source Details' in res
        assert source.id in res
        assert source.title in res

        # Edit
        res = self.app.get('/harvest/edit/%s' % source.id, extra_environ=extra_environ)
        assert 'Edit harvest source' in res
        if auth_profile == 'publisher':
            assert 'publisher_id' in res
        else:
            assert 'publisher_id' not in res

        fv = res.forms['source-new']
        fv['title'] = u'Test harvest source Updated'

        res = fv.submit('save', extra_environ=extra_environ)
        assert 'Error' not in res, res

        source = Session.query(HarvestSource).first()
        assert source.title == u'Test harvest source Updated'

        # Refresh
        res = self.app.get('/harvest/refresh/%s' % source.id, extra_environ=extra_environ)

        job = Session.query(HarvestJob).first()
        assert job.source_id == source.id


class TestAuthDefaultProfile(FunctionalTestCase, HarvestAuthBaseCase):

    @classmethod
    def setup_class(cls):
        if (config.get('ckan.harvest.auth.profile', '') != ''):
            raise SkipTest('Skipping default auth profile tests. Set ckan.harvest.auth.profile = \'\' to run them')

        super(TestAuthDefaultProfile, cls).setup_class()

    def setup(self):
        CreateTestData.create()
        self.sysadmin_user = model.User.get('testsysadmin')
        self.normal_user = model.User.get('annafan')

    def teardown(self):
        model.repo.rebuild_db()

    def test_auth_default_profile_sysadmin(self):
        self._test_auth_allowed(self.sysadmin_user.name)

    def test_auth_default_profile_normal(self):
        self._test_auth_not_allowed(self.normal_user.name)

    def test_auth_default_profile_notloggedin(self):
        self._test_auth_not_allowed(status=302)


class TestAuthPublisherProfile(FunctionalTestCase, HarvestAuthBaseCase):

    @classmethod
    def setup_class(cls):
        if (config.get('ckan.harvest.auth.profile') != 'publisher'):
            raise SkipTest('Skipping publisher auth profile tests. Set ckan.harvest.auth.profile = \'publisher\' to run them')

        super(TestAuthPublisherProfile, cls).setup_class()

    def setup(self):

        model.Session.remove()
        CreateTestData.create(auth_profile='publisher')
        self.sysadmin_user = model.User.get('testsysadmin')
        self.normal_user = model.User.get('annafan')  # Does not belong to a publisher
        self.publisher1_user = model.User.by_name('russianfan')
        self.publisher2_user = model.User.by_name('tester')

        # Create two Publishers
        model.repo.new_revision()
        self.publisher1 = model.Group(name=u'test-publisher1', title=u'Test Publihser 1', type=u'publisher')
        Session.add(self.publisher1)
        self.publisher2 = model.Group(name=u'test-publisher2', title=u'Test Publihser 2', type=u'publisher')
        Session.add(self.publisher2)

        member1 = model.Member(table_name='user',
                               table_id=self.publisher1_user.id,
                               group=self.publisher1,
                               capacity='admin')
        Session.add(member1)
        member2 = model.Member(table_name='user',
                               table_id=self.publisher2_user.id,
                               group=self.publisher2,
                               capacity='admin')
        Session.add(member2)

        Session.commit()

    def teardown(self):
        model.repo.rebuild_db()

    def test_auth_publisher_profile_normal(self):
        self._test_auth_not_allowed(self.normal_user.name)

    def test_auth_publisher_profile_notloggedin(self):
        self._test_auth_not_allowed(status=302)

    def test_auth_publisher_profile_sysadmin(self):
        self._test_auth_allowed(self.sysadmin_user.name, auth_profile='publisher')

    def test_auth_publisher_profile_publisher(self):
        self._test_auth_allowed(self.publisher1_user.name, auth_profile='publisher')

    def test_auth_publisher_profile_different_publisher(self):

        # Create a source for publisher 1
        source = HarvestSource(url=u'http://test-source.com', type='ckan',
                               publisher_id=self.publisher1.id)
        Session.add(source)
        Session.commit()

        extra_environ = {'REMOTE_USER': self.publisher2_user.name.encode('utf8')}

        # List (Publihsers can see the sources list)
        res = self.app.get('/harvest', extra_environ=extra_environ)
        assert 'Harvesting Sources' in res
        # Create
        res = self.app.get('/harvest/new', extra_environ=extra_environ)
        assert 'New harvest source' in res
        assert 'publisher_id' in res

        # Check that this publihser is not allowed to manage sources from other publishers
        status = 401
        # Read
        res = self.app.get('/harvest/%s' % source.id, status=status, extra_environ=extra_environ)
        # Edit
        res = self.app.get('/harvest/edit/%s' % source.id, status=status, extra_environ=extra_environ)
        # Refresh
        res = self.app.get('/harvest/refresh/%s' % source.id, status=status, extra_environ=extra_environ)
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00			`import logging`
Apply flake8 2019-03-06 12:19:05 +01:00			`from nose.plugins.skip import SkipTest`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00
			`from ckan import model`
Apply flake8 2019-03-06 12:19:05 +01:00			`from ckan.model import Session`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00			`from ckan.lib.base import config`

Apply flake8 2019-03-06 12:19:05 +01:00			`# TODO: remove references to old tests`
Add legacy import for CreateTestData 2016-01-11 22:35:11 +01:00			`try:`
			`from ckan.tests import CreateTestData`
			`except ImportError:`
			`from ckan.tests.legacy import CreateTestData`
Fix tests, set up Travis TODO: sort out the tests properly, avoiding imports from the legacy ones 2015-04-07 14:31:45 +02:00			`try:`
			`from ckan.tests.functional.base import FunctionalTestCase`
			`except ImportError:`
			`from ckan.tests.legacy.functional.base import FunctionalTestCase`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00
			`from ckanext.harvest.model import HarvestSource, HarvestJob, setup as harvest_model_setup`

			`log = logging.getLogger(__name__)`


			`class HarvestAuthBaseCase():`
			`@classmethod`
			`def setup_class(cls):`
Fix tests * Adapt test_queue to harvest source datasets * Don't use the same mock harvester on different datasets as it messes the tests up * Skip auth tests for the time being 2012-12-14 15:52:19 +01:00			`raise SkipTest()`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00			`harvest_model_setup()`

			`@classmethod`
			`def teardown_class(cls):`
			`pass`

Apply flake8 2019-03-06 12:19:05 +01:00			`def _test_auth_not_allowed(self, user_name=None, source=None, status=401):`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00
			`if not source:`
			`# Create harvest source`
Apply flake8 2019-03-06 12:19:05 +01:00			`source = HarvestSource(url=u'http://test-source.com', type='ckan')`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00			`Session.add(source)`
			`Session.commit()`

			`if user_name:`
			`extra_environ = {'REMOTE_USER': user_name.encode('utf8')}`
			`else:`
			`extra_environ = {}`

			`# List`
Apply flake8 2019-03-06 12:19:05 +01:00			`self.app.get('/harvest', status=status, extra_environ=extra_environ)`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00			`# Create`
Apply flake8 2019-03-06 12:19:05 +01:00			`self.app.get('/harvest/new', status=status, extra_environ=extra_environ)`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00			`# Read`
Apply flake8 2019-03-06 12:19:05 +01:00			`self.app.get('/harvest/%s' % source.id, status=status, extra_environ=extra_environ)`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00			`# Edit`
Apply flake8 2019-03-06 12:19:05 +01:00			`self.app.get('/harvest/edit/%s' % source.id, status=status, extra_environ=extra_environ)`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00			`# Refresh`
Apply flake8 2019-03-06 12:19:05 +01:00			`self.app.get('/harvest/refresh/%s' % source.id, status=status, extra_environ=extra_environ)`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00
Apply flake8 2019-03-06 12:19:05 +01:00			`def _test_auth_allowed(self, user_name, auth_profile=None):`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00
Apply flake8 2019-03-06 12:19:05 +01:00			`extra_environ = {'REMOTE_USER': user_name.encode('utf8')}`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00
			`# List`
			`res = self.app.get('/harvest', extra_environ=extra_environ)`
			`assert 'Harvesting Sources' in res`

			`# Create`
			`res = self.app.get('/harvest/new', extra_environ=extra_environ)`
			`assert 'New harvest source' in res`
			`if auth_profile == 'publisher':`
			`assert 'publisher_id' in res`
			`else:`
Apply flake8 2019-03-06 12:19:05 +01:00			`assert 'publisher_id' not in res`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00
			`fv = res.forms['source-new']`
			`fv['url'] = u'http://test-source.com'`
			`fv['type'] = u'ckan'`
			`fv['title'] = u'Test harvest source'`
			`fv['description'] = u'Test harvest source'`
			`fv['config'] = u'{"a":1,"b":2}'`

			`if auth_profile == 'publisher':`
			`fv['publisher_id'] = self.publisher1.id`

			`res = fv.submit('save', extra_environ=extra_environ)`
Apply flake8 2019-03-06 12:19:05 +01:00			`assert 'Error' not in res, res`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00
			`source = Session.query(HarvestSource).first()`
			`assert source.url == u'http://test-source.com'`
			`assert source.type == u'ckan'`

			`# Read`
			`res = self.app.get('/harvest/%s' % source.id, extra_environ=extra_environ)`
			`assert 'Harvest Source Details' in res`
			`assert source.id in res`
			`assert source.title in res`

			`# Edit`
			`res = self.app.get('/harvest/edit/%s' % source.id, extra_environ=extra_environ)`
			`assert 'Edit harvest source' in res`
			`if auth_profile == 'publisher':`
			`assert 'publisher_id' in res`
			`else:`
Apply flake8 2019-03-06 12:19:05 +01:00			`assert 'publisher_id' not in res`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00
			`fv = res.forms['source-new']`
			`fv['title'] = u'Test harvest source Updated'`

			`res = fv.submit('save', extra_environ=extra_environ)`
Apply flake8 2019-03-06 12:19:05 +01:00			`assert 'Error' not in res, res`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00
			`source = Session.query(HarvestSource).first()`
			`assert source.title == u'Test harvest source Updated'`

			`# Refresh`
			`res = self.app.get('/harvest/refresh/%s' % source.id, extra_environ=extra_environ)`

			`job = Session.query(HarvestJob).first()`
			`assert job.source_id == source.id`


Apply flake8 2019-03-06 12:19:05 +01:00			`class TestAuthDefaultProfile(FunctionalTestCase, HarvestAuthBaseCase):`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00
			`@classmethod`
			`def setup_class(cls):`
Apply flake8 2019-03-06 12:19:05 +01:00			`if (config.get('ckan.harvest.auth.profile', '') != ''):`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00			`raise SkipTest('Skipping default auth profile tests. Set ckan.harvest.auth.profile = \'\' to run them')`

Apply flake8 2019-03-06 12:19:05 +01:00			`super(TestAuthDefaultProfile, cls).setup_class()`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00
			`def setup(self):`
			`CreateTestData.create()`
			`self.sysadmin_user = model.User.get('testsysadmin')`
			`self.normal_user = model.User.get('annafan')`

			`def teardown(self):`
			`model.repo.rebuild_db()`

			`def test_auth_default_profile_sysadmin(self):`
			`self._test_auth_allowed(self.sysadmin_user.name)`

			`def test_auth_default_profile_normal(self):`
			`self._test_auth_not_allowed(self.normal_user.name)`

			`def test_auth_default_profile_notloggedin(self):`
			`self._test_auth_not_allowed(status=302)`

Apply flake8 2019-03-06 12:19:05 +01:00
			`class TestAuthPublisherProfile(FunctionalTestCase, HarvestAuthBaseCase):`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00
			`@classmethod`
			`def setup_class(cls):`
			`if (config.get('ckan.harvest.auth.profile') != 'publisher'):`
			`raise SkipTest('Skipping publisher auth profile tests. Set ckan.harvest.auth.profile = \'publisher\' to run them')`

Apply flake8 2019-03-06 12:19:05 +01:00			`super(TestAuthPublisherProfile, cls).setup_class()`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00
			`def setup(self):`

			`model.Session.remove()`
			`CreateTestData.create(auth_profile='publisher')`
			`self.sysadmin_user = model.User.get('testsysadmin')`
Apply flake8 2019-03-06 12:19:05 +01:00			`self.normal_user = model.User.get('annafan') # Does not belong to a publisher`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00			`self.publisher1_user = model.User.by_name('russianfan')`
			`self.publisher2_user = model.User.by_name('tester')`

			`# Create two Publishers`
Apply flake8 2019-03-06 12:19:05 +01:00			`model.repo.new_revision()`
			`self.publisher1 = model.Group(name=u'test-publisher1', title=u'Test Publihser 1', type=u'publisher')`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00			`Session.add(self.publisher1)`
Apply flake8 2019-03-06 12:19:05 +01:00			`self.publisher2 = model.Group(name=u'test-publisher2', title=u'Test Publihser 2', type=u'publisher')`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00			`Session.add(self.publisher2)`

Apply flake8 2019-03-06 12:19:05 +01:00			`member1 = model.Member(table_name='user',`
			`table_id=self.publisher1_user.id,`
			`group=self.publisher1,`
			`capacity='admin')`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00			`Session.add(member1)`
Apply flake8 2019-03-06 12:19:05 +01:00			`member2 = model.Member(table_name='user',`
			`table_id=self.publisher2_user.id,`
			`group=self.publisher2,`
			`capacity='admin')`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00			`Session.add(member2)`

			`Session.commit()`

			`def teardown(self):`
			`model.repo.rebuild_db()`

			`def test_auth_publisher_profile_normal(self):`
			`self._test_auth_not_allowed(self.normal_user.name)`

			`def test_auth_publisher_profile_notloggedin(self):`
			`self._test_auth_not_allowed(status=302)`

			`def test_auth_publisher_profile_sysadmin(self):`
Apply flake8 2019-03-06 12:19:05 +01:00			`self._test_auth_allowed(self.sysadmin_user.name, auth_profile='publisher')`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00
			`def test_auth_publisher_profile_publisher(self):`
Apply flake8 2019-03-06 12:19:05 +01:00			`self._test_auth_allowed(self.publisher1_user.name, auth_profile='publisher')`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00
			`def test_auth_publisher_profile_different_publisher(self):`

			`# Create a source for publisher 1`
Apply flake8 2019-03-06 12:19:05 +01:00			`source = HarvestSource(url=u'http://test-source.com', type='ckan',`
[tests,auth] Add tests for the auth profiles Note that only the tests related to the currently loaded auth profile will be run. 2012-03-08 17:14:44 +01:00			`publisher_id=self.publisher1.id)`
			`Session.add(source)`
			`Session.commit()`

			`extra_environ = {'REMOTE_USER': self.publisher2_user.name.encode('utf8')}`

			`# List (Publihsers can see the sources list)`
			`res = self.app.get('/harvest', extra_environ=extra_environ)`
			`assert 'Harvesting Sources' in res`
			`# Create`
			`res = self.app.get('/harvest/new', extra_environ=extra_environ)`
			`assert 'New harvest source' in res`
			`assert 'publisher_id' in res`

			`# Check that this publihser is not allowed to manage sources from other publishers`
			`status = 401`
			`# Read`
			`res = self.app.get('/harvest/%s' % source.id, status=status, extra_environ=extra_environ)`
			`# Edit`
			`res = self.app.get('/harvest/edit/%s' % source.id, status=status, extra_environ=extra_environ)`
			`# Refresh`
			`res = self.app.get('/harvest/refresh/%s' % source.id, status=status, extra_environ=extra_environ)`