Skip to content
Snippets Groups Projects
Select Git revision
  • 99262d9f4ba1e6925c6697782cb4483679b1dd13
  • main default protected
  • dev protected
  • f-linkahead-rename
  • f-real-id
  • f-filesystem-import
  • f-filesystem-link
  • f-filesystem-directory
  • f-filesystem-core
  • f-filesystem-cleanup
  • f-filesystem-main
  • f-name
  • keep_changes
  • f-permission-checks-2
  • f-mysql8-tests
  • f-retrieve-history
  • t-distinct-parents
  • v8.1.0
  • v8.0.0
  • v7.0.2
  • v7.0.1
  • v7.0.0
  • v6.0.1
  • v6.0.0
  • v5.0.0
  • v4.1.0
  • v4.0.0
  • v3.0
  • v2.0.30
29 results

patch.sh

Blame
  • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    test_administration.py 16.88 KiB
    # encoding: utf-8
    #
    # ** header v3.0
    # This file is a part of the CaosDB Project.
    #
    # Copyright (C) 2018 Research Group Biomedical Physics,
    # Max-Planck-Institute for Dynamics and Self-Organization Göttingen
    #
    # This program is free software: you can redistribute it and/or modify
    # it under the terms of the GNU Affero General Public License as
    # published by the Free Software Foundation, either version 3 of the
    # License, or (at your option) any later version.
    #
    # This program is distributed in the hope that it will be useful,
    # but WITHOUT ANY WARRANTY; without even the implied warranty of
    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    # GNU Affero General Public License for more details.
    #
    # You should have received a copy of the GNU Affero General Public License
    # along with this program. If not, see <https://www.gnu.org/licenses/>.
    #
    # ** end header
    #
    """Created on 27.02.2017.
    
    @author: tf
    """
    
    from caosdb import (administration as admin, get_config)
    from nose.tools import assert_true, assert_equal, assert_is_not_none, assert_raises
    from caosdb.exceptions import (ClientErrorException, TransactionError,
                                   AuthorizationException, LoginFailedException)
    from caosdb.connection.connection import get_connection, configure_connection
    
    test_role = "test_role"
    test_user = "test_user"
    test_pw = "secret1P!"
    test_role_desc = "This is a test role."
    
    
    def setup_module():
        teardown_module()
        admin._insert_user(
            name=test_user,
            password=test_pw,
            status="ACTIVE",
            email=None,
            entity=None)
    
    
    def teardown_module():
        switch_to_admin_user()
        try:
            admin._delete_user(name=test_user)
        except Exception as e:
            print(e)
    
    
    def setup():
        switch_to_admin_user()
    
    
    def teardown():
        switch_to_admin_user()
        try:
            admin._delete_user(name=test_user + "2")
        except Exception as e:
            print(e)
        try:
            admin._delete_role(name=test_role)
        except Exception as e:
            print(e)
    
    
    def switch_to_normal_user():
        configure_connection(username=test_user, password=test_pw,
                             password_method="plain")
    
    
    def switch_to_admin_user():
        configure_connection()
    
    
    def test_get_server_properties():
        props = admin.get_server_properties()
        assert isinstance(props, dict)
        assert "CaosDB Admin" == props["ADMIN_NAME"]
    
    
    def test_set_server_property():
        admin.set_server_property("AUTH_OPTIONAL", "FALSE")
        assert admin.get_server_property("AUTH_OPTIONAL") == "FALSE"
        admin.set_server_property("AUTH_OPTIONAL", "TRUE")
        assert admin.get_server_property("AUTH_OPTIONAL") == "TRUE"
        admin.set_server_property("AUTH_OPTIONAL", "FALSE")
        assert admin.get_server_property("AUTH_OPTIONAL") == "FALSE"
    
    
    def test_insert_role_success():
        assert admin._insert_role(name=test_role, description=test_role_desc)
    
    
    def test_insert_role_failure_permission():
        switch_to_normal_user()
        with assert_raises(AuthorizationException) as cm:
            admin._insert_role(name=test_role, description=test_role_desc)
        assert_equal(
            cm.exception.msg,
            "You are not permitted to insert a new role.")
    
    
    def test_insert_role_failure_name_duplicates():
        test_insert_role_success()
        with assert_raises(ClientErrorException) as cm:
            admin._insert_role(name=test_role, description=test_role_desc)
        assert_equal(
            cm.exception.msg,
            "Role name is already in use. Choose a different name.")
    
    
    def test_update_role_success():
        test_insert_role_success()
        assert_is_not_none(
            admin._update_role(
                name=test_role,
                description=test_role_desc +
                "asdf"))
    
    
    def test_update_role_failure_permissions():
        test_insert_role_success()
        switch_to_normal_user()
        with assert_raises(AuthorizationException) as cm:
            admin._update_role(name=test_role, description=test_role_desc + "asdf")
        assert_equal(
            cm.exception.msg,
            "You are not permitted to update this role.")
    
    
    def test_update_role_failure_non_existing():
        with assert_raises(TransactionError) as cm:
            admin._update_role(name=test_role, description=test_role_desc + "asdf")
        assert_equal(cm.exception.msg, "Role does not exist.")
    
    
    def test_delete_role_success():
        test_insert_role_success()
        assert_true(admin._delete_role(name=test_role))
    
    
    def test_delete_role_failure_permissions():
        test_insert_role_success()
        switch_to_normal_user()
        with assert_raises(AuthorizationException) as cm:
            admin._delete_role(name=test_role)
        assert_equal(
            cm.exception.msg,
            "You are not permitted to delete this role.")
    
    
    def test_delete_role_failure_non_existing():
        with assert_raises(TransactionError) as cm:
            admin._delete_role(name=test_role)
        assert_equal(cm.exception.msg, "Role does not exist.")
    
    
    def test_retrieve_role_success():
        test_insert_role_success()
        r = admin._retrieve_role(test_role)
        assert_is_not_none(r)
    
    
    def test_retrieve_role_failure_permission():
        test_insert_role_success()
        switch_to_normal_user()
        with assert_raises(AuthorizationException) as cm:
            admin._retrieve_role(name=test_role)
        assert_equal(
            cm.exception.msg,
            "You are not permitted to retrieve this role.")
    
    
    def test_retrieve_role_failure_non_existing():
        with assert_raises(TransactionError) as cm:
            admin._retrieve_role(name=test_role)
        assert_equal(cm.exception.msg, "Role does not exist.")
    
    
    def test_set_permissions_success():
        test_insert_role_success()
        assert_true(
            admin._set_permissions(
                role=test_role,
                permission_rules=[
                    admin.PermissionRule(
                        "Grant",
                        "BLA:BLA:BLA")]))
    
    
    def test_set_permissions_failure_permissions():
        test_insert_role_success()
        switch_to_normal_user()
        with assert_raises(AuthorizationException) as cm:
            admin._set_permissions(
                role=test_role, permission_rules=[
                    admin.PermissionRule(
                        "Grant", "BLA:BLA:BLA")])
        assert_equal(
            cm.exception.msg,
            "You are not permitted to set this role's permissions.")
    
    
    def test_set_permissions_failure_non_existing():
        with assert_raises(TransactionError) as cm:
            admin._set_permissions(
                role=test_role, permission_rules=[
                    admin.PermissionRule(
                        "Grant", "BLA:BLA:BLA")])
        assert_equal(cm.exception.msg, "Role does not exist.")
    
    
    def test_get_permissions_success():
        test_set_permissions_success()
        r = admin._get_permissions(role=test_role)
        assert_equal({admin.PermissionRule("Grant", "BLA:BLA:BLA")}, r)
        assert_is_not_none(r)
    
    
    def test_get_permissions_failure_permissions():
        test_set_permissions_success()
        switch_to_normal_user()
        with assert_raises(AuthorizationException) as cm:
            admin._get_permissions(role=test_role)
        assert_equal(
            cm.exception.msg,
            "You are not permitted to retrieve this role's permissions.")
    
    
    def test_get_permissions_failure_non_existing():
        with assert_raises(TransactionError) as cm:
            admin._get_permissions(role="non-existing-role")
        assert_equal(cm.exception.msg, "Role does not exist.")
    
    
    def test_get_roles_success():
        test_insert_role_success()
        r = admin._get_roles(username=test_user)
        assert_is_not_none(r)
        return r
    
    
    def test_get_roles_failure_permissions():
        test_insert_role_success()
        switch_to_normal_user()
        with assert_raises(AuthorizationException) as cm:
            admin._get_roles(username=test_user)
        assert_equal(
            cm.exception.msg,
            "You are not permitted to retrieve this user's roles.")
    
    
    def test_get_roles_failure_non_existing():
        with assert_raises(TransactionError) as cm:
            admin._get_roles(username="non-existing-user")
        assert_equal(cm.exception.msg, "User does not exist.")
    
    
    def test_set_roles_success():
        roles_old = test_get_roles_success()
        roles = {test_role}
        roles.union(roles_old)
        assert_is_not_none(admin._set_roles(username=test_user, roles=roles_old))
        assert_is_not_none(admin._set_roles(username=test_user, roles=roles))
        assert_is_not_none(admin._set_roles(username=test_user, roles=roles_old))
    
    
    def test_set_roles_success_with_warning():
        test_insert_role_success()
        roles = {test_role}
        r = admin._set_roles(username=test_user, roles=roles)
        assert_is_not_none(r)
        assert_is_not_none(admin._set_roles(username=test_user, roles=[]))
    
    
    def test_set_roles_failure_permissions():
        roles_old = test_get_roles_success()
        roles = {test_role}
        roles.union(roles_old)
        switch_to_normal_user()
        with assert_raises(AuthorizationException) as cm:
            admin._set_roles(username=test_user, roles=roles_old)
        assert_equal(
            cm.exception.msg,
            "You are not permitted to set this user's roles.")
    
    
    def test_set_roles_failure_non_existing_role():
        roles = {"non-existing-role"}
        with assert_raises(ClientErrorException) as cm:
            admin._set_roles(username=test_user, roles=roles)
        assert_equal(cm.exception.msg, "Role does not exist.")
    
    
    def test_set_roles_failure_non_existing_user():
        test_insert_role_success()
        roles = {test_role}
        with assert_raises(TransactionError) as cm:
            admin._set_roles(username="non-existing-user", roles=roles)
        assert_equal(cm.exception.msg, "User does not exist.")
    
    
    def test_insert_user_success():
        admin._insert_user(
            name=test_user + "2",
            password="secret1P!",
            status="ACTIVE",
            email="email@example.com",
            entity=None)
    
    
    def test_insert_user_failure_permissions():
        switch_to_normal_user()
        with assert_raises(AuthorizationException) as cm:
            admin._insert_user(
                name=test_user,
                password="secret1P!",
                status="ACTIVE",
                email="email@example.com",
                entity=None)
        assert_equal(
            cm.exception.msg,
            "You are not permitted to insert a new user.")
    
    
    def test_insert_user_failure_name_in_use():
        test_insert_user_success()
        with assert_raises(ClientErrorException) as cm:
            test_insert_user_success()
        assert_equal(cm.exception.msg, "User name is already in use.")
    
    
    def test_delete_user_success():
        test_insert_user_success()
        assert_is_not_none(admin._delete_user(name=test_user + "2"))
    
    
    def test_delete_user_failure_permissions():
        test_insert_user_success()
        switch_to_normal_user()
        with assert_raises(AuthorizationException) as cm:
            admin._delete_user(name="non_existing_user")
        assert_equal(
            cm.exception.msg,
            "You are not permitted to delete this user.")
    
    
    def test_delete_user_failure_non_existing():
        with assert_raises(TransactionError) as cm:
            admin._delete_user(name="non_existing_user")
        assert_equal(cm.exception.msg, "User does not exist.")
    
    
    def test_update_user_success_status():
        assert_is_not_none(
            admin._insert_user(
                name=test_user + "2",
                password="secret1P!",
                status="INACTIVE",
                email="email@example.com",
                entity=None))
        admin._update_user(
            realm=None,
            name=test_user + "2",
            password=None,
            status="ACTIVE",
            email=None,
            entity=None)
    
    
    def test_update_user_success_email():
        assert_is_not_none(
            admin._insert_user(
                name=test_user + "2",
                password="secret1P!",
                status="ACTIVE",
                email="email@example.com",
                entity=None))
        admin._update_user(
            realm=None,
            name=test_user + "2",
            password=None,
            status=None,
            email="newemail@example.com",
            entity=None)
    
    
    def test_update_user_success_entity():
        assert_is_not_none(
            admin._insert_user(
                name=test_user + "2",
                password="secret1P!",
                status="ACTIVE",
                email="email@example.com",
                entity=None))
        admin._update_user(realm=None, name=test_user + "2", password=None,
                           status=None, email=None, entity="21")
    
    
    def test_update_user_success_password():
        assert_is_not_none(
            admin._insert_user(
                name=test_user + "2",
                password="secret1P!",
                status="ACTIVE",
                email="email@example.com",
                entity=None))
        admin._update_user(
            realm=None,
            name=test_user + "2",
            password="newsecret1P!",
            status=None,
            email=None,
            entity=None)
    
    
    def test_update_user_failure_permissions_status():
        assert_is_not_none(
            admin._insert_user(
                name=test_user + "2",
                password="secret1P!",
                status="INACTIVE",
                email="email@example.com",
                entity=None))
        switch_to_normal_user()
        with assert_raises(AuthorizationException) as cm:
            admin._update_user(
                realm=None,
                name=test_user + "2",
                password=None,
                status="ACTIVE",
                email=None,
                entity=None)
        assert_equal(
            cm.exception.msg,
            "You are not permitted to update this user.")
    
    
    def test_update_user_failure_permissions_email():
        assert_is_not_none(
            admin._insert_user(
                name=test_user + "2",
                password="secret1P!",
                status="ACTIVE",
                email="email@example.com",
                entity=None))
        switch_to_normal_user()
        with assert_raises(AuthorizationException) as cm:
            admin._update_user(
                realm=None,
                name=test_user + "2",
                password=None,
                status=None,
                email="newemail@example.com",
                entity=None)
        assert_equal(
            cm.exception.msg,
            "You are not permitted to update this user.")
    
    
    def test_update_user_failure_permissions_entity():
        assert_is_not_none(
            admin._insert_user(
                name=test_user + "2",
                password="secret1P!",
                status="ACTIVE",
                email="email@example.com",
                entity=None))
        switch_to_normal_user()
        with assert_raises(AuthorizationException) as cm:
            admin._update_user(
                realm=None,
                name=test_user + "2",
                password=None,
                status=None,
                email=None,
                entity=21)
        assert_equal(
            cm.exception.msg,
            "You are not permitted to update this user.")
    
    
    def test_update_user_failure_permissions_password():
        assert_is_not_none(
            admin._insert_user(
                name=test_user + "2",
                password="secret1P!",
                status="ACTIVE",
                email="email@example.com",
                entity=None))
        switch_to_normal_user()
        with assert_raises(AuthorizationException) as cm:
            admin._update_user(
                realm=None,
                name=test_user + "2",
                password="newsecret1P!",
                status=None,
                email=None,
                entity=None)
        assert_equal(
            cm.exception.msg,
            "You are not permitted to update this user.")
    
    
    def test_update_user_failure_non_existing_user():
        with assert_raises(TransactionError) as cm:
            admin._update_user(
                realm=None,
                name="non-existing-user",
                password="newsecret1P!",
                status="ACTIVE",
                email="email@example.com",
                entity=None)
        assert_equal(cm.exception.msg, "User does not exist.")
    
    
    def test_update_user_failure_non_existing_entity():
        assert_is_not_none(
            admin._insert_user(
                name=test_user + "2",
                password="secret1P!",
                status="ACTIVE",
                email="email@example.com",
                entity=None))
        with assert_raises(ClientErrorException) as cm:
            admin._update_user(
                realm=None,
                name=test_user + "2",
                password=None,
                status=None,
                email=None,
                entity=100000)
        assert_equal(cm.exception.msg, "Entity does not exist.")
    
    
    def test_retrieve_user_success():
        test_insert_user_success()
        assert_is_not_none(admin._retrieve_user(realm=None, name=test_user + "2"))
    
    
    def test_retrieve_user_failure_permissions():
        test_insert_user_success()
        switch_to_normal_user()
        with assert_raises(AuthorizationException) as cm:
            admin._retrieve_user(realm=None, name=test_user + "2")
        assert_equal(
            cm.exception.msg,
            "You are not permitted to retrieve this user.")
    
    
    def test_retrieve_user_failure_non_existing():
        with assert_raises(TransactionError) as cm:
            admin._retrieve_user(realm=None, name="non_existing")
        assert_equal(cm.exception.msg, "User does not exist.")
    
    
    def test_login_with_inactive_user_failure():
        assert_is_not_none(
            admin._insert_user(
                name=test_user + "2",
                password="secret1P!",
                status="INACTIVE",
                email="email@example.com",
                entity=None))
        configure_connection(username=test_user + "2", password="secret1P!")
        with assert_raises(LoginFailedException):
            get_connection()._login()