test_result_auth.py
5.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
# -*- coding: utf8 -*-
# This file is part of PyBossa.
#
# Copyright (C) 2015 SciFabric LTD.
#
# PyBossa is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# PyBossa is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with PyBossa. If not, see <http://www.gnu.org/licenses/>.
from default import Test, assert_not_raises, db
from pybossa.auth import ensure_authorized_to
from nose.tools import assert_raises
from werkzeug.exceptions import Forbidden, Unauthorized
from mock import patch
from test_authorization import mock_current_user
from factories import ProjectFactory, TaskFactory, TaskRunFactory
from pybossa.model.result import Result
from pybossa.repositories import ResultRepository
class TestResultAuthorization(Test):
mock_anonymous = mock_current_user()
mock_authenticated = mock_current_user(anonymous=False, admin=False, id=2)
mock_pro = mock_current_user(anonymous=False, admin=False, id=2, pro=True)
mock_admin = mock_current_user(anonymous=False, admin=True, id=1)
mock_owner = mock_current_user(anonymous=False, admin=False, id=1)
def setUp(self):
super(TestResultAuthorization, self).setUp()
self.result_repo = ResultRepository(db)
def create_result(self, n_answers=1, filter_by=False):
task = TaskFactory.create(n_answers=n_answers)
TaskRunFactory.create(task=task)
if filter_by:
return self.result_repo.filter_by(project_id=1)
else:
return self.result_repo.get_by(project_id=1)
@patch('pybossa.auth.current_user', new=mock_anonymous)
def test_anonymous_user_can_read_result(self):
"""Test anonymous users can read results"""
result = self.create_result()
assert ensure_authorized_to('read', result)
@patch('pybossa.auth.current_user', new=mock_authenticated)
def test_auth_user_can_read_result(self):
"""Test auth users can read results"""
result = self.create_result()
assert ensure_authorized_to('read', result)
@patch('pybossa.auth.current_user', new=mock_admin)
def test_admin_user_can_read_result(self):
"""Test admin users can read results"""
result = self.create_result()
assert ensure_authorized_to('read', result)
@patch('pybossa.auth.current_user', new=mock_anonymous)
def test_anonymous_user_cannot_save_results(self):
"""Test anonymous users cannot save results of a specific project"""
result = Result()
assert_raises(Unauthorized, ensure_authorized_to, 'create', result)
@patch('pybossa.auth.current_user', new=mock_authenticated)
def test_authenticated_user_cannot_save_results(self):
"""Test authenticated users cannot save results of a specific project"""
result = Result()
assert_raises(Forbidden, ensure_authorized_to, 'create', result)
@patch('pybossa.auth.current_user', new=mock_admin)
def test_admin_user_cannot_save_results(self):
"""Test admin users cannot save results of a specific project"""
result = Result()
assert_raises(Forbidden, ensure_authorized_to, 'create', result)
@patch('pybossa.auth.current_user', new=mock_anonymous)
def test_anonymous_user_cannot_delete_results(self):
"""Test anonymous users cannot delete results of a specific project"""
result = Result()
assert_raises(Unauthorized, ensure_authorized_to, 'delete', result)
@patch('pybossa.auth.current_user', new=mock_authenticated)
def test_authenticated_user_cannot_delete_results(self):
"""Test authenticated users cannot delete results of a specific project"""
result = Result()
assert_raises(Forbidden, ensure_authorized_to, 'delete', result)
@patch('pybossa.auth.current_user', new=mock_admin)
def test_admin_user_cannot_delete_results(self):
"""Test admin users cannot delete results of a specific project"""
result = Result()
assert_raises(Forbidden, ensure_authorized_to, 'delete', result)
@patch('pybossa.auth.current_user', new=mock_anonymous)
def test_anonymous_user_cannot_update_results(self):
"""Test anonymous users cannot update results of a specific project"""
result = self.create_result()
assert_raises(Unauthorized, ensure_authorized_to, 'update', result)
@patch('pybossa.auth.current_user', new=mock_authenticated)
def test_auth_user_cannot_update_results(self):
"""Test auth users but not owner cannot update results of a specific project"""
result = self.create_result()
assert_raises(Forbidden, ensure_authorized_to, 'update', result)
@patch('pybossa.auth.current_user', new=mock_owner)
def test_auth_owner_can_update_results(self):
"""Test auth owner can update results of a specific project"""
result = self.create_result()
result.info = dict(new='value')
assert ensure_authorized_to('update', result)
updated_result = self.result_repo.get_by(id=result.id)
err_msg = "The result has not been updated"
assert updated_result.info['new'] == 'value', err_msg