test_auditlog_auth.py 4.85 KB
Edit Raw Blame History



1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132


# -*- coding: utf8 -*-
# This file is part of PyBossa.
#
# Copyright (C) 2015 SciFabric LTD.
#
# PyBossa is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# PyBossa is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with PyBossa.  If not, see <http://www.gnu.org/licenses/>.

from default import Test, assert_not_raises
from pybossa.auth import ensure_authorized_to
from nose.tools import assert_raises
from werkzeug.exceptions import Forbidden, Unauthorized
from mock import patch
from test_authorization import mock_current_user
from factories import ProjectFactory, UserFactory, AuditlogFactory
from pybossa.model.auditlog import Auditlog


class TestAuditlogAuthorization(Test):

    mock_anonymous = mock_current_user()
    mock_authenticated = mock_current_user(anonymous=False, admin=False, id=2)
    mock_admin = mock_current_user(anonymous=False, admin=True, id=1)


    @patch('pybossa.auth.current_user', new=mock_anonymous)
    def test_anonymous_user_cannot_read_auditlog(self):
        """Test anonymous users cannot read an auditlog"""

        log = AuditlogFactory.create()

        assert_raises(Unauthorized, ensure_authorized_to, 'read', log)


    @patch('pybossa.auth.current_user', new=mock_anonymous)
    def test_anonymous_user_cannot_read_project_auditlogs(self):
        """Test anonymous users cannot read auditlogs of a specific project"""

        project = ProjectFactory.create()

        assert_raises(Unauthorized, ensure_authorized_to, 'read', Auditlog, project_id=project.id)


    @patch('pybossa.auth.current_user', new=mock_authenticated)
    def test_owner_user_cannot_read_auditlog(self):
        """Test owner users can read an auditlog"""

        owner = UserFactory.create_batch(2)[1]
        project = ProjectFactory.create(owner=owner)
        log = AuditlogFactory.create(project_id=project.id)

        assert self.mock_authenticated.id == project.owner_id

        assert_not_raises(Exception, ensure_authorized_to, 'read', log)


    @patch('pybossa.auth.current_user', new=mock_authenticated)
    def test_owner_user_cannot_read_project_auditlogs(self):
        """Test owner users can read auditlogs of a specific project"""

        owner = UserFactory.create_batch(2)[1]
        project = ProjectFactory.create(owner=owner)

        assert_not_raises(Exception, ensure_authorized_to, 'read', Auditlog, project_id=project.id)


    @patch('pybossa.auth.current_user', new=mock_admin)
    def test_admin_user_can_read_auditlog(self):
        """Test admin users can read an auditlog"""

        owner = UserFactory.create_batch(2)[1]
        project = ProjectFactory.create(owner=owner)
        log = AuditlogFactory.create(project_id=project.id)

        assert self.mock_admin.id != project.owner_id
        assert_not_raises(Exception, ensure_authorized_to, 'read', log)


    @patch('pybossa.auth.current_user', new=mock_admin)
    def test_admin_user_can_read_project_auditlogs(self):
        """Test admin users can read auditlogs from a project"""

        owner = UserFactory.create_batch(2)[1]
        project = ProjectFactory.create(owner=owner)

        assert self.mock_admin.id != project.owner_id
        assert_not_raises(Exception, ensure_authorized_to, 'read', Auditlog, project_id=project.id)


    @patch('pybossa.auth.current_user', new=mock_anonymous)
    def test_anonymous_user_cannot_crud_auditlog(self):
        """Test anonymous users cannot crud auditlogs"""

        log = Auditlog()

        assert_raises(Unauthorized, ensure_authorized_to, 'create', log)
        assert_raises(Unauthorized, ensure_authorized_to, 'update', log)
        assert_raises(Unauthorized, ensure_authorized_to, 'delete', log)


    @patch('pybossa.auth.current_user', new=mock_authenticated)
    def test_authenticated_user_cannot_crud_auditlog(self):
        """Test authenticated users cannot crud auditlogs"""

        log = Auditlog()

        assert_raises(Forbidden, ensure_authorized_to, 'create', log)
        assert_raises(Forbidden, ensure_authorized_to, 'update', log)
        assert_raises(Forbidden, ensure_authorized_to, 'delete', log)


    @patch('pybossa.auth.current_user', new=mock_admin)
    def test_admin_user_cannot_crud_auditlog(self):
        """Test admin users cannot crud auditlogs"""

        log = Auditlog()

        assert_raises(Forbidden, ensure_authorized_to, 'create', log)
        assert_raises(Forbidden, ensure_authorized_to, 'update', log)
        assert_raises(Forbidden, ensure_authorized_to, 'delete', log)