Skip to content

W
wendelin-telecom
Commit 92a8e38a authored by Paul Graydon's avatar Paul Graydon
Browse files
Options

ors_wendelin_test: Update tests

parent e9ab7062
Hide whitespace changes
Inline Side-by-side
Showing with 60 additions and 44 deletions
bt5/ors_wendelin_test/TestTemplateItem/portal_components/test.erp5.testORSWendelin.py
View file @ 92a8e38a
......@@ -68,11 +68,11 @@ class ORSWendelinTest(SecurityTestCase):
module.manage_delObjects(ids=test_object_ids)
self.tic()
def _createOrsWendelinUser(self, reference, project, role):
# Create and validate a new Person with an assignment associated to the given project and the given role
def _createOrsWendelinUser(self, reference, project, function):
# Create and validate a new Person with an assignment associated to the given project and the given function
user = self.portal.person_module.newContent(portal_type='Person',
reference=reference)
user.newContent(portal_type='Assignment', destination_project=project, role=role).open()
user.newContent(portal_type='Assignment', destination_project=project, function=function).open()
user.newContent(portal_type='ERP5 Login', reference=reference, password=reference).validate()
user.validate()
self.tic()
......@@ -94,7 +94,7 @@ class ORSWendelinTest(SecurityTestCase):
}
# Call the script responsible for creating the project and all associated items and store the JSON response
response = self.portal.ERP5Site_registerOrsClientProject(
response = self.portal.Base_registerOrsClientProject(
references_dict['project'],
references_dict['project'],
references_dict['client_user'],
......@@ -219,44 +219,61 @@ class ORSWendelinTest(SecurityTestCase):
else:
self.failIfUserCanAddDocument(user_id, document)
def _checkIngestionDocumentsPermissions(self, user, ingestion_objects, user_is_manager, same_project):
def _checkIngestionDocumentsPermissions(self, user, ingestion_objects, user_is_admin, same_project):
# A client can only view a Data Acquisition Unit (ORS) if it is associated to their project
# A manager can view and edit all of them, as well as add one
self._checkDocumentPermissions(user, ingestion_objects['data_acquisition_unit'], user_is_manager or same_project, user_is_manager, user_is_manager)
# An administrator can view and edit all of them, as well as add one
self._checkDocumentPermissions(user, ingestion_objects['data_acquisition_unit'], user_is_admin or same_project, user_is_admin, user_is_admin)
# Same as above for a Data Supply (required for scoping clients to their projects)
self._checkDocumentPermissions(user, ingestion_objects['data_supply'], user_is_manager or same_project, user_is_manager, user_is_manager)
self._checkDocumentPermissions(user, ingestion_objects['data_supply'], user_is_admin or same_project, user_is_admin, user_is_admin)
# Only a manager can view a Data Stream, and nothing else
self._checkDocumentPermissions(user, ingestion_objects['data_stream'], user_is_manager, False, False)
# Only an administrator can view a Data Stream, and nothing else
self._checkDocumentPermissions(user, ingestion_objects['data_stream'], user_is_admin, False, False)
# A client can view a Data Array if it is associated to their project
# A manager can view all of them
# An administrator can view all of them
for data_array in ingestion_objects['data_arrays']:
self._checkDocumentPermissions(user, data_array, user_is_manager or same_project, False, False)
self._checkDocumentPermissions(user, data_array, user_is_admin or same_project, False, False)
def _checkModulePermissions(self, user, user_is_manager):
def _checkModulePermissions(self, user, user_is_admin):
# Everyone can view the Data Acquisition Unit and Data Supply modules
# Only managers can add documents to them
self._checkDocumentPermissions(user, self.portal.data_acquisition_unit_module, True, False, user_is_manager)
self._checkDocumentPermissions(user, self.portal.data_supply_module, True, False, user_is_manager)
# Only managers can view the Data Ingestion and Data Stream modules
self._checkDocumentPermissions(user, self.portal.data_ingestion_module, user_is_manager, False, False)
self._checkDocumentPermissions(user, self.portal.data_stream_module, user_is_manager, False, False)
# Only administrators can add documents to them
self._checkDocumentPermissions(user, self.portal.data_acquisition_unit_module, True, False, user_is_admin)
self._checkDocumentPermissions(user, self.portal.data_supply_module, True, False, user_is_admin)
# Everyone can view the Data Product module (required for KPI graphing)
# Everyone can also view the two data products used in the KPI calculation process (required for KPI graphing)
self._checkDocumentPermissions(user, self.portal.data_product_module, True, False, False)
ors_kpi = self.portal.portal_catalog.getResultValue(portal_type='Data Product',
reference='ors_kpi',
validation_state='validated')
self._checkDocumentPermissions(user, ors_kpi, True, False, False)
ors_enb_log_data = self.portal.portal_catalog.getResultValue(portal_type='Data Product',
reference='ors_enb_log_data',
validation_state='validated')
self._checkDocumentPermissions(user, ors_enb_log_data, True, False, False)
# Everyone can view the Data Transformation module (required for KPI graphing)
# Everyone can also view the data transformation used to produce the KPIs (required for KPI graphing)
self._checkDocumentPermissions(user, self.portal.data_transformation_module, True, False, False)
data_transformation = self.portal.portal_catalog.getResultValue(portal_type='Data Transformation',
reference='ors_enb_log_data_transformation',
validation_state='validated')
self._checkDocumentPermissions(user, data_transformation, True, False, False)
# Only managers can view the Data Analysis module
self._checkDocumentPermissions(user, self.portal.data_analysis_module, user_is_manager, False, False)
# Only administrators can view the Data Ingestion and Data Stream modules
self._checkDocumentPermissions(user, self.portal.data_ingestion_module, user_is_admin, False, False)
self._checkDocumentPermissions(user, self.portal.data_stream_module, user_is_admin, False, False)
# Only administrators can view the Data Analysis module
self._checkDocumentPermissions(user, self.portal.data_analysis_module, user_is_admin, False, False)
# Everyone can view the Data Array module (required for KPI graphing)
self._checkDocumentPermissions(user, self.portal.data_array_module, True, False, False)
# Only managers have access to the Person and Project modules and can add items to them for client management purposes
self._checkDocumentPermissions(user, self.portal.project_module, user_is_manager, False, user_is_manager)
self._checkDocumentPermissions(user, self.portal.person_module, user_is_manager, False, user_is_manager)
# Only administrators have access to the Person and Project modules and can add items to them for client management purposes
self._checkDocumentPermissions(user, self.portal.project_module, user_is_admin, False, user_is_admin)
self._checkDocumentPermissions(user, self.portal.person_module, user_is_admin, False, user_is_admin)
def test_01_createOrsDataSupply(self):
'''
......@@ -274,6 +291,7 @@ class ORSWendelinTest(SecurityTestCase):
self.tic()
# Call the tested script which creates a related Data Supply
# No need to assign a project to it here
data_supply = data_acquisition_unit.DataAcquisitionUnit_createOrsDataSupply(batch=1)
self.tic()
......@@ -281,6 +299,8 @@ class ORSWendelinTest(SecurityTestCase):
self.assertTrue(data_supply is not None)
self.assertTrue(data_supply.getValidationState() == 'validated')
# TODO: Redo this with a destination_project
def test_02_registerOrsClientProject(self):
'''
Test the script called during slave instantiation in SlapOS to register a new client project.
......@@ -477,7 +497,7 @@ class ORSWendelinTest(SecurityTestCase):
def test_05_orsWendelinSecurityModel(self):
'''
Test ORS Wendelin's custom security model: check that different users can only access the ingestion documents relative to their role and project.
Test ORS Wendelin's custom security model: check that different users can only access the ingestion documents relative to their function and project.
'''
# Create two distinct projects
......@@ -491,11 +511,11 @@ class ORSWendelinTest(SecurityTestCase):
ingestion_B_objects = self._getOrsIngestionObjects(self.test_ors_example_log_valid, ors_B_reference, stop_data_analysis=True)
# Create a client user not associated to a project (should not happen in practice)
client_user_N = self._createOrsWendelinUser('test_user_%s' % generateRandomString(), None, 'ors/client')
client_user_N = self._createOrsWendelinUser('test_user_%s' % generateRandomString(), None, 'user')
# Create two manager users: one associated to project_A and the second not associated to a project
manager_user_A = self._createOrsWendelinUser('test_user_%s' % generateRandomString(), project_A_objects['project'].getRelativeUrl(), 'ors/manager')
manager_user_N = self._createOrsWendelinUser('test_user_%s' % generateRandomString(), None, 'ors/manager')
# Create two administrator users: one associated to project_A and the second not associated to a project
admin_user_A = self._createOrsWendelinUser('test_user_%s' % generateRandomString(), project_A_objects['project'].getRelativeUrl(), 'administrator')
admin_user_N = self._createOrsWendelinUser('test_user_%s' % generateRandomString(), None, 'administrator')
ors_N_reference = 'ors.test_%s' % generateRandomString()
......@@ -506,13 +526,9 @@ class ORSWendelinTest(SecurityTestCase):
)
data_acquisition_unit.validate()
self.tic()
data_supply = data_acquisition_unit.DataAcquisitionUnit_createOrsDataSupply(batch=1)
data_acquisition_unit.DataAcquisitionUnit_createOrsDataSupply(batch=1)
self.tic()
# Force update on local roles to ensure proper permissions
data_acquisition_unit.updateLocalRolesOnSecurityGroups()
data_supply.updateLocalRolesOnSecurityGroups()
# Perform an ingestion for the ORS not associated to a project
ingestion_N_objects = self._getOrsIngestionObjects(self.test_ors_example_log_valid, ors_N_reference, stop_data_analysis=True)
......@@ -536,13 +552,13 @@ class ORSWendelinTest(SecurityTestCase):
self._checkIngestionDocumentsPermissions(client_user_N, ingestion_B_objects, False, False)
self._checkIngestionDocumentsPermissions(client_user_N, ingestion_N_objects, False, False)
# Check that both managers, whether assigned to a project, have access to all documents
self._checkModulePermissions(manager_user_A, True)
self._checkIngestionDocumentsPermissions(manager_user_A, ingestion_A_objects, True, True)
self._checkIngestionDocumentsPermissions(manager_user_A, ingestion_B_objects, True, False)
self._checkIngestionDocumentsPermissions(manager_user_A, ingestion_N_objects, True, False)
# Check that both administrators, whether assigned to a project, have access to all documents
self._checkModulePermissions(admin_user_A, True)
self._checkIngestionDocumentsPermissions(admin_user_A, ingestion_A_objects, True, True)
self._checkIngestionDocumentsPermissions(admin_user_A, ingestion_B_objects, True, False)
self._checkIngestionDocumentsPermissions(admin_user_A, ingestion_N_objects, True, False)
self._checkModulePermissions(manager_user_N, True)
self._checkIngestionDocumentsPermissions(manager_user_N, ingestion_A_objects, True, False)
self._checkIngestionDocumentsPermissions(manager_user_N, ingestion_B_objects, True, False)
self._checkIngestionDocumentsPermissions(manager_user_N, ingestion_N_objects, True, False)
\ No newline at end of file
self._checkModulePermissions(admin_user_N, True)
self._checkIngestionDocumentsPermissions(admin_user_N, ingestion_A_objects, True, False)
self._checkIngestionDocumentsPermissions(admin_user_N, ingestion_B_objects, True, False)
self._checkIngestionDocumentsPermissions(admin_user_N, ingestion_N_objects, True, False)
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7