205 lines
6.3 KiB
Python
205 lines
6.3 KiB
Python
# -*- coding: utf-8 -*-
|
|
|
|
import os
|
|
|
|
import pytest
|
|
from utilities import clean_temporary_pub, create_temporary_pub, get_app, login
|
|
|
|
from wcs.qommon.http_request import HTTPRequest
|
|
from wcs.qommon.ident.password_accounts import PasswordAccount
|
|
|
|
|
|
def pytest_generate_tests(metafunc):
|
|
if 'pub' in metafunc.fixturenames:
|
|
metafunc.parametrize('pub', ['pickle', 'sql', 'pickle-templates'], indirect=True)
|
|
|
|
|
|
@pytest.fixture
|
|
def pub(request):
|
|
pub = create_temporary_pub(
|
|
sql_mode=bool('sql' in request.param), templates_mode=bool('templates' in request.param)
|
|
)
|
|
|
|
req = HTTPRequest(None, {'SCRIPT_NAME': '/', 'SERVER_NAME': 'example.net'})
|
|
pub.set_app_dir(req)
|
|
pub.cfg['identification'] = {'methods': ['password']}
|
|
pub.cfg['language'] = {'language': 'en'}
|
|
pub.write_cfg()
|
|
|
|
return pub
|
|
|
|
|
|
def create_superuser(pub):
|
|
if pub.user_class.select(lambda x: x.name == 'admin'):
|
|
user1 = pub.user_class.select(lambda x: x.name == 'admin')[0]
|
|
user1.is_admin = True
|
|
user1.store()
|
|
return user1
|
|
|
|
user1 = pub.user_class(name='admin')
|
|
user1.is_admin = True
|
|
user1.store()
|
|
|
|
account1 = PasswordAccount(id='admin')
|
|
account1.set_password('admin')
|
|
account1.user_id = user1.id
|
|
account1.store()
|
|
|
|
return user1
|
|
|
|
|
|
def create_role(pub):
|
|
pub.role_class.wipe()
|
|
role = pub.role_class(name='foobar')
|
|
role.store()
|
|
return role
|
|
|
|
|
|
def teardown_module(module):
|
|
clean_temporary_pub()
|
|
|
|
|
|
def test_empty_site(pub):
|
|
resp = get_app(pub).get('/backoffice/')
|
|
resp = resp.click('Users', index=0)
|
|
resp = resp.click('New User')
|
|
resp = get_app(pub).get('/backoffice/')
|
|
resp = resp.click('Settings', index=0)
|
|
|
|
|
|
def test_empty_site_but_idp_settings(pub):
|
|
pub.cfg['idp'] = {'xxx': {}}
|
|
pub.write_cfg()
|
|
resp = get_app(pub).get('/backoffice/')
|
|
assert resp.location == 'http://example.net/login/?next=http%3A%2F%2Fexample.net%2Fbackoffice%2F'
|
|
|
|
|
|
def test_with_user(pub):
|
|
create_superuser(pub)
|
|
resp = get_app(pub).get('/backoffice/', status=302)
|
|
assert resp.location == 'http://example.net/login/?next=http%3A%2F%2Fexample.net%2Fbackoffice%2F'
|
|
|
|
|
|
def test_with_superuser(pub):
|
|
create_superuser(pub)
|
|
app = login(get_app(pub))
|
|
app.get('/backoffice/')
|
|
|
|
|
|
def test_admin_redirect(pub):
|
|
create_superuser(pub)
|
|
app = login(get_app(pub))
|
|
assert app.get('/admin/whatever', status=302).location == 'http://example.net/backoffice/whatever'
|
|
|
|
|
|
def test_admin_for_all(pub):
|
|
user = create_superuser(pub)
|
|
role = create_role(pub)
|
|
|
|
try:
|
|
open(os.path.join(pub.app_dir, 'ADMIN_FOR_ALL'), 'w').close()
|
|
resp = get_app(pub).get('/backoffice/', status=200)
|
|
# check there is a CSS class
|
|
assert resp.pyquery.find('body.admin-for-all')
|
|
# check there are menu items
|
|
resp.click('Management', index=0)
|
|
resp.click('Forms', index=0)
|
|
resp.click('Settings', index=0)
|
|
|
|
# cheeck it's possible to get inside the subdirectories
|
|
resp = get_app(pub).get('/backoffice/settings/', status=200)
|
|
|
|
pub.cfg['admin-permissions'] = {'settings': [role.id]}
|
|
pub.write_cfg()
|
|
resp = get_app(pub).get('/backoffice/settings/', status=200)
|
|
|
|
# check it doesn't work with a non-empty ADMIN_FOR_ALL file
|
|
fd = open(os.path.join(pub.app_dir, 'ADMIN_FOR_ALL'), 'w')
|
|
fd.write('x.x.x.x')
|
|
fd.close()
|
|
resp = get_app(pub).get('/backoffice/settings/', status=302)
|
|
|
|
# check it works if the file contains the user IP address
|
|
fd = open(os.path.join(pub.app_dir, 'ADMIN_FOR_ALL'), 'w')
|
|
fd.write('127.0.0.1')
|
|
fd.close()
|
|
resp = get_app(pub).get('/backoffice/settings/', status=200)
|
|
|
|
# check it's also ok if the user is logged in but doesn't have the
|
|
# permissions
|
|
user.is_admin = False
|
|
user.store()
|
|
resp = login(get_app(pub)).get('/backoffice/settings/', status=200)
|
|
# check there are menu items
|
|
resp.click('Management', index=0)
|
|
resp.click('Forms', index=0)
|
|
resp.click('Settings', index=0)
|
|
|
|
finally:
|
|
if 'admin-permissions' in pub.cfg:
|
|
del pub.cfg['admin-permissions']
|
|
pub.write_cfg()
|
|
os.unlink(os.path.join(pub.app_dir, 'ADMIN_FOR_ALL'))
|
|
role.remove_self()
|
|
user.is_admin = True
|
|
user.store()
|
|
|
|
|
|
def test_users_roles_menu_entries(pub):
|
|
create_superuser(pub)
|
|
app = login(get_app(pub))
|
|
resp = app.get('/backoffice/')
|
|
assert 'Users' in resp.text
|
|
assert 'Roles' in resp.text
|
|
resp = app.get('/backoffice/menu.json')
|
|
assert 'Users' in [x['label'] for x in resp.json]
|
|
assert 'Roles' in [x['label'] for x in resp.json]
|
|
|
|
# don't include users/roles in menu if roles are managed by an external
|
|
# identity provider.
|
|
pub.cfg['sp'] = {'idp-manage-roles': True}
|
|
pub.write_cfg()
|
|
|
|
resp = app.get('/backoffice/')
|
|
assert 'Users' not in resp.text
|
|
assert 'Roles' not in resp.text
|
|
resp = app.get('/backoffice/menu.json')
|
|
assert 'Users' not in [x['label'] for x in resp.json]
|
|
assert 'Roles' not in [x['label'] for x in resp.json]
|
|
|
|
|
|
def test_studio_home(pub):
|
|
create_superuser(pub)
|
|
app = login(get_app(pub))
|
|
resp = app.get('/backoffice/')
|
|
assert 'studio' in resp.text
|
|
resp = app.get('/backoffice/studio/')
|
|
assert '../forms/' in resp.text
|
|
assert '../cards/' in resp.text
|
|
assert '../workflows/' in resp.text
|
|
assert 'Logged Errors' in resp.text
|
|
|
|
pub.cfg['admin-permissions'] = {}
|
|
for part in ('forms', 'cards', 'workflows'):
|
|
# check section link are not displayed if user has no access right
|
|
pub.cfg['admin-permissions'].update({part: ['x']}) # block access
|
|
pub.write_cfg()
|
|
if part != 'workflows':
|
|
resp = app.get('/backoffice/studio/')
|
|
assert '../%s/' % part not in resp.text
|
|
else:
|
|
resp = app.get('/backoffice/studio/', status=403) # totally closed
|
|
|
|
resp = app.get('/backoffice/')
|
|
assert 'studio' not in resp.text
|
|
|
|
|
|
def test_studio_workflows(pub):
|
|
create_superuser(pub)
|
|
app = login(get_app(pub))
|
|
resp = app.get('/backoffice/workflows/')
|
|
resp = resp.click(r'Default \(cards\)')
|
|
assert 'status/recorded/' in resp.text
|
|
assert 'status/deleted/' in resp.text
|
|
assert 'This is the default workflow,' in resp.text
|