Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
W
wendelin-telecom
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Paul Graydon
wendelin-telecom
Commits
92a8e38a
Commit
92a8e38a
authored
Aug 26, 2024
by
Paul Graydon
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
ors_wendelin_test: Update tests
parent
e9ab7062
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
60 additions
and
44 deletions
+60
-44
bt5/ors_wendelin_test/TestTemplateItem/portal_components/test.erp5.testORSWendelin.py
...mplateItem/portal_components/test.erp5.testORSWendelin.py
+60
-44
No files found.
bt5/ors_wendelin_test/TestTemplateItem/portal_components/test.erp5.testORSWendelin.py
View file @
92a8e38a
...
@@ -68,11 +68,11 @@ class ORSWendelinTest(SecurityTestCase):
...
@@ -68,11 +68,11 @@ class ORSWendelinTest(SecurityTestCase):
module
.
manage_delObjects
(
ids
=
test_object_ids
)
module
.
manage_delObjects
(
ids
=
test_object_ids
)
self
.
tic
()
self
.
tic
()
def
_createOrsWendelinUser
(
self
,
reference
,
project
,
role
):
def
_createOrsWendelinUser
(
self
,
reference
,
project
,
function
):
# Create and validate a new Person with an assignment associated to the given project and the given
role
# Create and validate a new Person with an assignment associated to the given project and the given
function
user
=
self
.
portal
.
person_module
.
newContent
(
portal_type
=
'Person'
,
user
=
self
.
portal
.
person_module
.
newContent
(
portal_type
=
'Person'
,
reference
=
reference
)
reference
=
reference
)
user
.
newContent
(
portal_type
=
'Assignment'
,
destination_project
=
project
,
role
=
role
).
open
()
user
.
newContent
(
portal_type
=
'Assignment'
,
destination_project
=
project
,
function
=
function
).
open
()
user
.
newContent
(
portal_type
=
'ERP5 Login'
,
reference
=
reference
,
password
=
reference
).
validate
()
user
.
newContent
(
portal_type
=
'ERP5 Login'
,
reference
=
reference
,
password
=
reference
).
validate
()
user
.
validate
()
user
.
validate
()
self
.
tic
()
self
.
tic
()
...
@@ -94,7 +94,7 @@ class ORSWendelinTest(SecurityTestCase):
...
@@ -94,7 +94,7 @@ class ORSWendelinTest(SecurityTestCase):
}
}
# Call the script responsible for creating the project and all associated items and store the JSON response
# Call the script responsible for creating the project and all associated items and store the JSON response
response
=
self
.
portal
.
ERP5Sit
e_registerOrsClientProject
(
response
=
self
.
portal
.
Bas
e_registerOrsClientProject
(
references_dict
[
'project'
],
references_dict
[
'project'
],
references_dict
[
'project'
],
references_dict
[
'project'
],
references_dict
[
'client_user'
],
references_dict
[
'client_user'
],
...
@@ -219,44 +219,61 @@ class ORSWendelinTest(SecurityTestCase):
...
@@ -219,44 +219,61 @@ class ORSWendelinTest(SecurityTestCase):
else
:
else
:
self
.
failIfUserCanAddDocument
(
user_id
,
document
)
self
.
failIfUserCanAddDocument
(
user_id
,
document
)
def
_checkIngestionDocumentsPermissions
(
self
,
user
,
ingestion_objects
,
user_is_
manager
,
same_project
):
def
_checkIngestionDocumentsPermissions
(
self
,
user
,
ingestion_objects
,
user_is_
admin
,
same_project
):
# A client can only view a Data Acquisition Unit (ORS) if it is associated to their project
# A client can only view a Data Acquisition Unit (ORS) if it is associated to their project
# A
manage
r can view and edit all of them, as well as add one
# A
n administrato
r can view and edit all of them, as well as add one
self
.
_checkDocumentPermissions
(
user
,
ingestion_objects
[
'data_acquisition_unit'
],
user_is_
manager
or
same_project
,
user_is_manager
,
user_is_manager
)
self
.
_checkDocumentPermissions
(
user
,
ingestion_objects
[
'data_acquisition_unit'
],
user_is_
admin
or
same_project
,
user_is_admin
,
user_is_admin
)
# Same as above for a Data Supply (required for scoping clients to their projects)
# Same as above for a Data Supply (required for scoping clients to their projects)
self
.
_checkDocumentPermissions
(
user
,
ingestion_objects
[
'data_supply'
],
user_is_
manager
or
same_project
,
user_is_manager
,
user_is_manager
)
self
.
_checkDocumentPermissions
(
user
,
ingestion_objects
[
'data_supply'
],
user_is_
admin
or
same_project
,
user_is_admin
,
user_is_admin
)
# Only a
manage
r can view a Data Stream, and nothing else
# Only a
n administrato
r can view a Data Stream, and nothing else
self
.
_checkDocumentPermissions
(
user
,
ingestion_objects
[
'data_stream'
],
user_is_
manager
,
False
,
False
)
self
.
_checkDocumentPermissions
(
user
,
ingestion_objects
[
'data_stream'
],
user_is_
admin
,
False
,
False
)
# A client can view a Data Array if it is associated to their project
# A client can view a Data Array if it is associated to their project
# A
manage
r can view all of them
# A
n administrato
r can view all of them
for
data_array
in
ingestion_objects
[
'data_arrays'
]:
for
data_array
in
ingestion_objects
[
'data_arrays'
]:
self
.
_checkDocumentPermissions
(
user
,
data_array
,
user_is_
manager
or
same_project
,
False
,
False
)
self
.
_checkDocumentPermissions
(
user
,
data_array
,
user_is_
admin
or
same_project
,
False
,
False
)
def
_checkModulePermissions
(
self
,
user
,
user_is_
manager
):
def
_checkModulePermissions
(
self
,
user
,
user_is_
admin
):
# Everyone can view the Data Acquisition Unit and Data Supply modules
# Everyone can view the Data Acquisition Unit and Data Supply modules
# Only managers can add documents to them
# Only administrators can add documents to them
self
.
_checkDocumentPermissions
(
user
,
self
.
portal
.
data_acquisition_unit_module
,
True
,
False
,
user_is_manager
)
self
.
_checkDocumentPermissions
(
user
,
self
.
portal
.
data_acquisition_unit_module
,
True
,
False
,
user_is_admin
)
self
.
_checkDocumentPermissions
(
user
,
self
.
portal
.
data_supply_module
,
True
,
False
,
user_is_manager
)
self
.
_checkDocumentPermissions
(
user
,
self
.
portal
.
data_supply_module
,
True
,
False
,
user_is_admin
)
# Only managers can view the Data Ingestion and Data Stream modules
# Everyone can view the Data Product module (required for KPI graphing)
self
.
_checkDocumentPermissions
(
user
,
self
.
portal
.
data_ingestion_module
,
user_is_manager
,
False
,
False
)
# Everyone can also view the two data products used in the KPI calculation process (required for KPI graphing)
self
.
_checkDocumentPermissions
(
user
,
self
.
portal
.
data_stream_module
,
user_is_manager
,
False
,
False
)
self
.
_checkDocumentPermissions
(
user
,
self
.
portal
.
data_product_module
,
True
,
False
,
False
)
ors_kpi
=
self
.
portal
.
portal_catalog
.
getResultValue
(
portal_type
=
'Data Product'
,
reference
=
'ors_kpi'
,
validation_state
=
'validated'
)
self
.
_checkDocumentPermissions
(
user
,
ors_kpi
,
True
,
False
,
False
)
ors_enb_log_data
=
self
.
portal
.
portal_catalog
.
getResultValue
(
portal_type
=
'Data Product'
,
reference
=
'ors_enb_log_data'
,
validation_state
=
'validated'
)
self
.
_checkDocumentPermissions
(
user
,
ors_enb_log_data
,
True
,
False
,
False
)
# Everyone can view the Data Transformation module (required for KPI graphing)
# Everyone can view the Data Transformation module (required for KPI graphing)
# Everyone can also view the data transformation used to produce the KPIs (required for KPI graphing)
self
.
_checkDocumentPermissions
(
user
,
self
.
portal
.
data_transformation_module
,
True
,
False
,
False
)
self
.
_checkDocumentPermissions
(
user
,
self
.
portal
.
data_transformation_module
,
True
,
False
,
False
)
data_transformation
=
self
.
portal
.
portal_catalog
.
getResultValue
(
portal_type
=
'Data Transformation'
,
reference
=
'ors_enb_log_data_transformation'
,
validation_state
=
'validated'
)
self
.
_checkDocumentPermissions
(
user
,
data_transformation
,
True
,
False
,
False
)
# Only managers can view the Data Analysis module
# Only administrators can view the Data Ingestion and Data Stream modules
self
.
_checkDocumentPermissions
(
user
,
self
.
portal
.
data_analysis_module
,
user_is_manager
,
False
,
False
)
self
.
_checkDocumentPermissions
(
user
,
self
.
portal
.
data_ingestion_module
,
user_is_admin
,
False
,
False
)
self
.
_checkDocumentPermissions
(
user
,
self
.
portal
.
data_stream_module
,
user_is_admin
,
False
,
False
)
# Only administrators can view the Data Analysis module
self
.
_checkDocumentPermissions
(
user
,
self
.
portal
.
data_analysis_module
,
user_is_admin
,
False
,
False
)
# Everyone can view the Data Array module (required for KPI graphing)
# Everyone can view the Data Array module (required for KPI graphing)
self
.
_checkDocumentPermissions
(
user
,
self
.
portal
.
data_array_module
,
True
,
False
,
False
)
self
.
_checkDocumentPermissions
(
user
,
self
.
portal
.
data_array_module
,
True
,
False
,
False
)
# Only
manage
rs have access to the Person and Project modules and can add items to them for client management purposes
# Only
administrato
rs have access to the Person and Project modules and can add items to them for client management purposes
self
.
_checkDocumentPermissions
(
user
,
self
.
portal
.
project_module
,
user_is_
manager
,
False
,
user_is_manager
)
self
.
_checkDocumentPermissions
(
user
,
self
.
portal
.
project_module
,
user_is_
admin
,
False
,
user_is_admin
)
self
.
_checkDocumentPermissions
(
user
,
self
.
portal
.
person_module
,
user_is_
manager
,
False
,
user_is_manager
)
self
.
_checkDocumentPermissions
(
user
,
self
.
portal
.
person_module
,
user_is_
admin
,
False
,
user_is_admin
)
def
test_01_createOrsDataSupply
(
self
):
def
test_01_createOrsDataSupply
(
self
):
'''
'''
...
@@ -274,6 +291,7 @@ class ORSWendelinTest(SecurityTestCase):
...
@@ -274,6 +291,7 @@ class ORSWendelinTest(SecurityTestCase):
self
.
tic
()
self
.
tic
()
# Call the tested script which creates a related Data Supply
# Call the tested script which creates a related Data Supply
# No need to assign a project to it here
data_supply
=
data_acquisition_unit
.
DataAcquisitionUnit_createOrsDataSupply
(
batch
=
1
)
data_supply
=
data_acquisition_unit
.
DataAcquisitionUnit_createOrsDataSupply
(
batch
=
1
)
self
.
tic
()
self
.
tic
()
...
@@ -281,6 +299,8 @@ class ORSWendelinTest(SecurityTestCase):
...
@@ -281,6 +299,8 @@ class ORSWendelinTest(SecurityTestCase):
self
.
assertTrue
(
data_supply
is
not
None
)
self
.
assertTrue
(
data_supply
is
not
None
)
self
.
assertTrue
(
data_supply
.
getValidationState
()
==
'validated'
)
self
.
assertTrue
(
data_supply
.
getValidationState
()
==
'validated'
)
# TODO: Redo this with a destination_project
def
test_02_registerOrsClientProject
(
self
):
def
test_02_registerOrsClientProject
(
self
):
'''
'''
Test the script called during slave instantiation in SlapOS to register a new client project.
Test the script called during slave instantiation in SlapOS to register a new client project.
...
@@ -477,7 +497,7 @@ class ORSWendelinTest(SecurityTestCase):
...
@@ -477,7 +497,7 @@ class ORSWendelinTest(SecurityTestCase):
def
test_05_orsWendelinSecurityModel
(
self
):
def
test_05_orsWendelinSecurityModel
(
self
):
'''
'''
Test ORS Wendelin's custom security model: check that different users can only access the ingestion documents relative to their
role
and project.
Test ORS Wendelin's custom security model: check that different users can only access the ingestion documents relative to their
function
and project.
'''
'''
# Create two distinct projects
# Create two distinct projects
...
@@ -491,11 +511,11 @@ class ORSWendelinTest(SecurityTestCase):
...
@@ -491,11 +511,11 @@ class ORSWendelinTest(SecurityTestCase):
ingestion_B_objects
=
self
.
_getOrsIngestionObjects
(
self
.
test_ors_example_log_valid
,
ors_B_reference
,
stop_data_analysis
=
True
)
ingestion_B_objects
=
self
.
_getOrsIngestionObjects
(
self
.
test_ors_example_log_valid
,
ors_B_reference
,
stop_data_analysis
=
True
)
# Create a client user not associated to a project (should not happen in practice)
# Create a client user not associated to a project (should not happen in practice)
client_user_N
=
self
.
_createOrsWendelinUser
(
'test_user_%s'
%
generateRandomString
(),
None
,
'
ors/client
'
)
client_user_N
=
self
.
_createOrsWendelinUser
(
'test_user_%s'
%
generateRandomString
(),
None
,
'
user
'
)
# Create two
manage
r users: one associated to project_A and the second not associated to a project
# Create two
administrato
r users: one associated to project_A and the second not associated to a project
manager_user_A
=
self
.
_createOrsWendelinUser
(
'test_user_%s'
%
generateRandomString
(),
project_A_objects
[
'project'
].
getRelativeUrl
(),
'ors/manage
r'
)
admin_user_A
=
self
.
_createOrsWendelinUser
(
'test_user_%s'
%
generateRandomString
(),
project_A_objects
[
'project'
].
getRelativeUrl
(),
'administrato
r'
)
manager_user_N
=
self
.
_createOrsWendelinUser
(
'test_user_%s'
%
generateRandomString
(),
None
,
'ors/manage
r'
)
admin_user_N
=
self
.
_createOrsWendelinUser
(
'test_user_%s'
%
generateRandomString
(),
None
,
'administrato
r'
)
ors_N_reference
=
'ors.test_%s'
%
generateRandomString
()
ors_N_reference
=
'ors.test_%s'
%
generateRandomString
()
...
@@ -506,13 +526,9 @@ class ORSWendelinTest(SecurityTestCase):
...
@@ -506,13 +526,9 @@ class ORSWendelinTest(SecurityTestCase):
)
)
data_acquisition_unit
.
validate
()
data_acquisition_unit
.
validate
()
self
.
tic
()
self
.
tic
()
data_
supply
=
data_
acquisition_unit
.
DataAcquisitionUnit_createOrsDataSupply
(
batch
=
1
)
data_acquisition_unit
.
DataAcquisitionUnit_createOrsDataSupply
(
batch
=
1
)
self
.
tic
()
self
.
tic
()
# Force update on local roles to ensure proper permissions
data_acquisition_unit
.
updateLocalRolesOnSecurityGroups
()
data_supply
.
updateLocalRolesOnSecurityGroups
()
# Perform an ingestion for the ORS not associated to a project
# Perform an ingestion for the ORS not associated to a project
ingestion_N_objects
=
self
.
_getOrsIngestionObjects
(
self
.
test_ors_example_log_valid
,
ors_N_reference
,
stop_data_analysis
=
True
)
ingestion_N_objects
=
self
.
_getOrsIngestionObjects
(
self
.
test_ors_example_log_valid
,
ors_N_reference
,
stop_data_analysis
=
True
)
...
@@ -536,13 +552,13 @@ class ORSWendelinTest(SecurityTestCase):
...
@@ -536,13 +552,13 @@ class ORSWendelinTest(SecurityTestCase):
self
.
_checkIngestionDocumentsPermissions
(
client_user_N
,
ingestion_B_objects
,
False
,
False
)
self
.
_checkIngestionDocumentsPermissions
(
client_user_N
,
ingestion_B_objects
,
False
,
False
)
self
.
_checkIngestionDocumentsPermissions
(
client_user_N
,
ingestion_N_objects
,
False
,
False
)
self
.
_checkIngestionDocumentsPermissions
(
client_user_N
,
ingestion_N_objects
,
False
,
False
)
# Check that both
manage
rs, whether assigned to a project, have access to all documents
# Check that both
administrato
rs, whether assigned to a project, have access to all documents
self
.
_checkModulePermissions
(
manager
_user_A
,
True
)
self
.
_checkModulePermissions
(
admin
_user_A
,
True
)
self
.
_checkIngestionDocumentsPermissions
(
manager
_user_A
,
ingestion_A_objects
,
True
,
True
)
self
.
_checkIngestionDocumentsPermissions
(
admin
_user_A
,
ingestion_A_objects
,
True
,
True
)
self
.
_checkIngestionDocumentsPermissions
(
manager
_user_A
,
ingestion_B_objects
,
True
,
False
)
self
.
_checkIngestionDocumentsPermissions
(
admin
_user_A
,
ingestion_B_objects
,
True
,
False
)
self
.
_checkIngestionDocumentsPermissions
(
manager
_user_A
,
ingestion_N_objects
,
True
,
False
)
self
.
_checkIngestionDocumentsPermissions
(
admin
_user_A
,
ingestion_N_objects
,
True
,
False
)
self
.
_checkModulePermissions
(
manager_user_N
,
True
)
self
.
_checkModulePermissions
(
admin_user_N
,
True
)
self
.
_checkIngestionDocumentsPermissions
(
manager_user_N
,
ingestion_A_objects
,
True
,
False
)
self
.
_checkIngestionDocumentsPermissions
(
admin_user_N
,
ingestion_A_objects
,
True
,
False
)
self
.
_checkIngestionDocumentsPermissions
(
manager_user_N
,
ingestion_B_objects
,
True
,
False
)
self
.
_checkIngestionDocumentsPermissions
(
admin_user_N
,
ingestion_B_objects
,
True
,
False
)
self
.
_checkIngestionDocumentsPermissions
(
manager_user_N
,
ingestion_N_objects
,
True
,
False
)
self
.
_checkIngestionDocumentsPermissions
(
admin_user_N
,
ingestion_N_objects
,
True
,
False
)
\ No newline at end of file
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment