VidjilAuth.py 32.3 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
#!/usr/bin/python

import unittest
from collections import Counter

class VidjilauthModel(unittest.TestCase):
        
    def __init__(self, p):
        global auth, count
        unittest.TestCase.__init__(self, p)
        count = 0
        
    def setUp(self):
HERBERT Ryan's avatar
HERBERT Ryan committed
14
15
16
17
18
19
        '''
        SetUp data for testing purposes. This data is created before each test and deleted after in the tearDown method.

        here is the current relationship status:

                    ##############
20
                    # group #
HERBERT Ryan's avatar
HERBERT Ryan committed
21
22
23
24
25
26
27
                    ##############
                      /      \
                     /        \
                #########    #############
                # group #    # group_sec #
                #########    #############

28
        patient is associated to group (group defined in testRunner.py)
HERBERT Ryan's avatar
HERBERT Ryan committed
29
30
        patient_sec is associated to group
        '''
31
32
33
        # Load the to-be-tested file
        execfile("applications/vidjil/models/VidjilAuth.py", globals())
        # set up default session/request/auth/...
34
        global auth, parent_group, group, group_sec, group_ter, group_qua, group_qui, my_user_id, user_id_sec, count, patient_id, patient_id_sec, parent_user_id, admin_user_id, patient_id_ter, patient_id_qua, first_sample_set_id, sample_set_id, sample_set_id_sec, sample_set_id_ter, config_id, file_id, fused_file_id, run_id
35
36
37
        auth = VidjilAuth(globals(), db)

        my_user_id = db.auth_user.insert(
HERBERT Ryan's avatar
HERBERT Ryan committed
38
39
            first_name='First',
            last_name='Group Tester',
40
41
42
43
            email='group.tester%d@vidjil.org' % count,
            password= db.auth_user.password.validate('1234')[0],
        )

HERBERT Ryan's avatar
HERBERT Ryan committed
44
45
46
47
48
49
50
51
52
53
54
55
56
57
        user_id_sec = db.auth_user.insert(
                first_name='Second',
                last_name='Group Tester',
                email='group.testertoo.%d@vidjil.org' % count,
                password=db.auth_user.password.validate('1234')[0]
                )

        parent_user_id = db.auth_user.insert(
                first_name='Par',
                last_name='ent',
                email='par.end.%d@vidjil.org' % count,
                password=db.auth_user.password.validate('1234')[0]
                )

58
59
60
61
62
63
64
        admin_user_id = db.auth_user.insert(
                first_name='Adm',
                last_name='in',
                email='adm.in.%d@vidjil.org' % count,
                password=db.auth_user.password.validate('1234')[0]
                )

65
66
67
68
69
        auth.login_bare("group.tester%d@vidjil.org" % count, "1234")

        count = count + 1

        # setup data used for tests
70
        first_sample_set_id = db.sample_set.insert(sample_type = 'run')
71
        sample_set_id = db.sample_set.insert(sample_type = 'patient')
HERBERT Ryan's avatar
HERBERT Ryan committed
72
        sample_set_id_sec = db.sample_set.insert(sample_type = 'patient')
73
        sample_set_id_ter = db.sample_set.insert(sample_type = 'run')
74
75
76
77
78
79
80
81
82
83

        patient_id = db.patient.insert(
                first_name="foo",
                last_name="bar",
                birth="1902-02-02",
                info="foobar",
                id_label="foobar",
                creator=my_user_id,
                sample_set_id=sample_set_id)

HERBERT Ryan's avatar
HERBERT Ryan committed
84
85
86
87
88
89
90
91
92
        patient_id_sec = db.patient.insert(
                first_name="footoo",
                last_name="bartoo",
                birth="1902-02-02",
                info="footoobartoo",
                id_label="footoobartoo",
                creator=my_user_id,
                sample_set_id=sample_set_id_sec)

93
94
95
        patient_id_ter = db.patient.insert(
                first_name="foothree",
                last_name="barthree",
96
                birth="1902-02-02",
97
98
                info="foothree",
                id_label="barthree",
99
100
101
                creator=my_user_id,
                sample_set_id=sample_set_id_sec)

102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
        patient_id_qua = db.patient.insert(
                first_name="foofour",
                last_name="barfour",
                birth="1902-02-02",
                info="foofour",
                id_label="barfour",
                creator=my_user_id,
                sample_set_id=first_sample_set_id)

        run_id = db.run.insert(name="run",
                run_date="2010-10-25",
                info="run",
                id_label="run",
                creator=user_id,
                sample_set_id=first_sample_set_id)

        config_id = db.config.insert(name="config_test_popipo",
                info="popapipapo",
                command="-plop",
                fuse_command="-plop",
                program="plop.cpp")

        file_id = db.sequence_file.insert(sampling_date="1903-02-02",
                info="plop",
                pcr="plop",
                sequencer="plop",
                producer="plop",
                filename="plop",
                provider=user_id)

        sample_set_membership = db.sample_set_membership.insert(sample_set_id = first_sample_set_id,
            sequence_file_id = file_id)

        result_id = db.results_file.insert(sequence_file_id = file_id,
                config_id = config_id,
                run_date = "2014-09-19 00:00:00")

        fused_id = db.fused_file.insert(sample_set_id = first_sample_set_id,
                config_id = config_id,
                fuse_date = "2014-09-19 00:00:00")

        parent_group = db.auth_group.insert(role="parent_group", description="parent group")
        db.auth_membership.insert(user_id=parent_user_id, group_id=parent_group)
HERBERT Ryan's avatar
HERBERT Ryan committed
145

146
147
148
        group = db.auth_group.insert(role="group1", description="first group")
        db.auth_membership.insert(user_id=my_user_id, group_id=group)

HERBERT Ryan's avatar
HERBERT Ryan committed
149
150
151
        group_sec = db.auth_group.insert(role="group2", description="second_group")
        db.auth_membership.insert(user_id=user_id_sec, group_id=group_sec)

152
153
        group_ter = db.auth_group.insert(role="group3", description="third group")
        db.auth_membership.insert(user_id=my_user_id, group_id=group_ter)
154

HERBERT Ryan's avatar
HERBERT Ryan committed
155
156
157
        group_qua = db.auth_group.insert(role="group4", description="fourth group")
        db.auth_membership.insert(user_id=my_user_id, group_id=group_qua)

HERBERT Ryan's avatar
HERBERT Ryan committed
158
159
        group_qui = db.auth_group.insert(role="group5", description="fifth group")

160
161
162
163
        admin_group = db.auth_group.insert(role="admin", description="admin group")
        db.auth_membership.insert(user_id=admin_user_id, group_id=admin_group)

        db.group_assoc.insert(first_group_id = parent_group, second_group_id = group_sec)
HERBERT Ryan's avatar
HERBERT Ryan committed
164
        db.group_assoc.insert(first_group_id = group_qui, second_group_id = group)
165

166
167
168
169
170
171
172
        db.auth_permission.insert(name=PermissionEnum.access.value, table_name='sample_set', group_id=admin_group, record_id=0)
        db.auth_permission.insert(name=PermissionEnum.access.value, table_name='patient', group_id=admin_group, record_id=0)
        db.auth_permission.insert(name=PermissionEnum.access.value, table_name='run', group_id=admin_group, record_id=0)
        db.auth_permission.insert(name=PermissionEnum.read.value, table_name='sample_set', group_id=admin_group, record_id=0)
        db.auth_permission.insert(name=PermissionEnum.read.value, table_name='patient', group_id=admin_group, record_id=0)
        db.auth_permission.insert(name=PermissionEnum.read.value, table_name='run', group_id=admin_group, record_id=0)

HERBERT Ryan's avatar
HERBERT Ryan committed
173
174
175
176
177
178
        db.auth_permission.insert(name=PermissionEnum.upload.value, table_name='sample_set', group_id=group_qua, record_id=0)
        db.auth_permission.insert(name=PermissionEnum.run.value, table_name='sample_set', group_id=group_qua, record_id=0)
        db.auth_permission.insert(name=PermissionEnum.access.value, table_name='sample_set', group_id=group_qua, record_id=sample_set_id_ter)

        db.auth_permission.insert(name=PermissionEnum.admin.value, table_name='sample_set', group_id=group_ter, record_id=0)
        db.auth_permission.insert(name=PermissionEnum.read.value, table_name='sample_set', group_id=group_ter, record_id=0)
HERBERT Ryan's avatar
HERBERT Ryan committed
179
        db.auth_permission.insert(name=PermissionEnum.save.value, table_name='run', group_id=group_ter, record_id=0)
180
        db.auth_permission.insert(name=PermissionEnum.access.value, table_name='patient', group_id=group_ter, record_id=patient_id_ter)
181

HERBERT Ryan's avatar
HERBERT Ryan committed
182
183
184
        db.auth_permission.insert(name=PermissionEnum.admin.value, table_name='sample_set', group_id=group_sec, record_id=0)
        db.auth_permission.insert(name=PermissionEnum.read.value, table_name='sample_set', group_id=group_sec, record_id=0)
        db.auth_permission.insert(name=PermissionEnum.run.value, table_name='sample_set', group_id=group_sec, record_id=0)
HERBERT Ryan's avatar
HERBERT Ryan committed
185
        db.auth_permission.insert(name=PermissionEnum.save.value, table_name='sample_set', group_id=group_sec, record_id=0)
HERBERT Ryan's avatar
HERBERT Ryan committed
186
        db.auth_permission.insert(name=PermissionEnum.upload.value, table_name='sample_set', group_id=group_sec, record_id=0)
187
188
189
190
191
192
193
194
195
196
197
        db.auth_permission.insert(name=PermissionEnum.access.value,
                table_name='auth_group',
                group_id=group_sec,
                record_id=parent_group)
        db.auth_permission.insert(name=PermissionEnum.admin.value,
                table_name='auth_group',
                group_id=group_sec,
                record_id=parent_group)

        db.auth_permission.insert(name=PermissionEnum.read.value, table_name='sample_set', group_id=parent_group, record_id=0)
        db.auth_permission.insert(name=PermissionEnum.access.value, table_name='patient', group_id=parent_group, record_id = patient_id)
198

HERBERT Ryan's avatar
HERBERT Ryan committed
199
200
        db.auth_permission.insert(name=PermissionEnum.read.value, table_name='sample_set', group_id=group, record_id=0)
        db.auth_permission.insert(name=PermissionEnum.access.value, table_name='patient', group_id=group, record_id = patient_id_sec)
HERBERT Ryan's avatar
HERBERT Ryan committed
201

202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
        db.auth_permission.insert(group_id = parent_group,
                        name = PermissionEnum.access.value,
                        table_name = "config",
                        record_id = config_id
                        )

        db.auth_permission.insert(group_id = parent_group,
                        name = PermissionEnum.access.value,
                        table_name = 'run',
                        record_id = run_id)

        db.auth_permission.insert(group_id = parent_group,
                        name = PermissionEnum.access.value,
                        table_name = 'patient',
                        record_id = patient_id_qua)
217
218
219
        db.commit()

    def tearDown(self):
HERBERT Ryan's avatar
HERBERT Ryan committed
220
221
222
223
224
225
226
        db((db.auth_group.id == group) |
            (db.auth_group.id == group_sec)).delete()

        db((db.auth_membership.group_id == group) |
            (db.auth_membership.group_id == group_sec)).delete

        db((db.patient.id == patient_id) |
227
            (db.patient.id == patient_id_sec) |
228
            (db.patient.id == patient_id_ter)).delete()
HERBERT Ryan's avatar
HERBERT Ryan committed
229

230
        auth.logout(next=None, onlogout=None, log=None)
HERBERT Ryan's avatar
HERBERT Ryan committed
231
232
233
        db((db.auth_user.id == my_user_id) |
            (db.auth_user.id == user_id_sec) |
            (db.auth_user.id == parent_user_id)).delete()
234
235

    def testGetGroupNames(self):
236
        expected = ["group1", "group3", "group4"]
237
238
239
240
        result = auth.get_group_names()
        self.assertEqual(Counter(expected), Counter(result), msg="Expected: %s, but got: %s" % (str(expected), str(result)))

    def testGetPermission(self):
HERBERT Ryan's avatar
HERBERT Ryan committed
241
        result = auth.get_permission(PermissionEnum.read.value, 'patient', patient_id, user=user_id_sec)
242
243
244
        self.assertTrue(result,
            "The user %d does not have the expected permission: read on patient for %d" % (auth.user_id, patient_id))

245
        result = auth.get_permission(PermissionEnum.read.value, 'config', config_id, user=auth.user_id)
246
        self.assertFalse(result,
247
            "The user %d has some unexpected permissions: read on config for %d" % (auth.user_id, config_id))
248
249
250
251
252
253
254
255
256

    def testIsAdmin(self):
        result = auth.is_admin(user=auth.user_id)
        self.assertFalse(result, "User %d should not have admin permissions" % auth.user_id)

        result = auth.is_admin(user=user_id)
        self.assertTrue(result, "User %d should have admin permissions" % user_id)

    def testIsInGroup(self):
257
        parent_group_name = db(db.auth_group.id == parent_group).select()[0].role
258
259
        group_name = db(db.auth_group.id == group).select()[0].role

260
261
        result = auth.is_in_group(parent_group_name)
        self.assertFalse(result, "User %d should not be in group %d" % (auth.user_id, parent_group))
262
263
264
265
266
267
268
269
270
271
272
273

        result = auth.is_in_group(group_name)
        self.assertTrue(result, "User %d should be in group %d" % (auth.user_id, group))

    def testCanCreatePatient(self):
        result = auth.can_create_patient()
        self.assertFalse(result, "User %d should not have patient creation permissions" % auth.user_id)

        result = auth.can_create_patient(user_id)
        self.assertTrue(result, "User %d is missing patient creation permissions" % user_id)

    def testCanModifyPatient(self):
274
275
        result = auth.can_modify_patient(patient_id_qua)
        self.assertFalse(result, "User %d should not be able to modify patient %d" % (auth.user_id, patient_id_qua))
276

277
278
        result = auth.can_modify_patient(patient_id_qua, user_id_sec)
        self.assertTrue(result, "User %d should be able to modify patient %d" % (user_id_sec, patient_id_qua))
279

280
        result = auth.can_modify_patient(patient_id_qua, user_id)
281
        self.assertTrue(result,
282
                "User %d is a member of admin group and is missing permissions to modify patient %d" % (user_id, patient_id_qua))
283
284

    def testCanModifyRun(self):
285
286
        result = auth.can_modify_run(run_id)
        self.assertFalse(result, "User %d should not be able to modify run %d" % (auth.user_id, run_id))
287

288
289
        result = auth.can_modify_run(run_id, user_id_sec)
        self.assertTrue(result, "User %d should be able to modify run %d" % (user_id_sec, run_id))
290

291
        result = auth.can_modify_run(run_id, user_id)
292
        self.assertTrue(result,
293
                "User %d is a member of admin group and is missing permissions to modify run %d" % (user_id, run_id))
294
295

    def testCanModifySampleSet(self):
296
297
        result = auth.can_modify_sample_set(first_sample_set_id)
        self.assertFalse(result, "User %d should not be able to modify sample_set %d" % (auth.user_id, first_sample_set_id))
298

299
300
        result = auth.can_modify_sample_set(first_sample_set_id, user_id_sec)
        self.assertTrue(result, "User %d should be able to modify sample_set %d" % (user_id_sec, first_sample_set_id))
301

302
        result = auth.can_modify_sample_set(first_sample_set_id, user_id)
303
        self.assertTrue(result,
304
                "User %d is a member of admin group and is missing permissions to modify sample_set %d" % (user_id, first_sample_set_id))
305
306

    def testCanModifyFile(self):
307
308
        result = auth.can_modify_file(file_id)
        self.assertFalse(result, "User %d should not be able to modify file %d" % (auth.user_id, file_id))
309

310
311
        result = auth.can_modify_file(file_id, user_id_sec)
        self.assertTrue(result, "User %d should be able to modify file %d" % (user_id_sec, file_id))
312

313
        result = auth.can_modify_file(file_id, user_id)
314
        self.assertTrue(result,
315
                "User %d is a member of admin group and is missing permissions to modify file %d" % (user_id, file_id))
316
317

    def testCanModifyConfig(self):
318
319
        result = auth.can_modify_config(config_id)
        self.assertFalse(result, "User %d should not be able to modify config %d" % (auth.user_id, config_id))
320

321
322
        result = auth.can_modify_config(config_id, user_id_sec)
        self.assertTrue(result, "User %d should be able to modify config %d" % (user_id_sec, config_id))
323

324
        result = auth.can_modify_config(config_id, user_id)
325
        self.assertTrue(result,
326
                "User %d is a member of admin group and is missing permissions to modify config %d" % (user_id, config_id))
327
328

    def testCanModifyGroup(self):
329
330
        result = auth.can_modify_group(parent_group)
        self.assertFalse(result, "User %d should not be able to modify group %d" % (auth.user_id, parent_group))
331

332
333
        result = auth.can_modify_group(parent_group, user_id_sec)
        self.assertTrue(result, "User %d should be able to modify group %d" % (user_id_sec, parent_group))
334

335
        result = auth.can_modify_group(parent_group, user_id)
336
        self.assertTrue(result,
337
                "User %d is a member of admin group and is missing permissions to modify group %d" % (user_id, parent_group))
338
339

    def testCanProcessFile(self):
340
341
342
343
344
345
346
347
348
349
350
        result = auth.can_process_file('patient', patient_id_sec)
        self.assertFalse(result,
                "User %d should not be able to process files for patient %d" % (auth.user_id, patient_id_sec))

        result = auth.can_process_file('patient', patient_id, user_id_sec)
        self.assertTrue(result,
                "User %d should be able to process files for patient %d" % (user_id_sec, patient_id))

        result = auth.can_process_file('patient', patient_id, user_id)
        self.assertTrue(result,
                "User %d is a member of admin group and is missing permissions to process files" % user_id)
351

352
353
354
355
356
357
358
359
360
361
362
363
    def testCanProcessSampleSet(self):
        result = auth.can_process_sample_set(sample_set_id_sec)
        self.assertFalse(result,
                "User %d should not be able to process files for sample_set %d" % (auth.user_id, sample_set_id_sec))

        result = auth.can_process_sample_set(sample_set_id_ter)
        self.assertTrue(result,
                "User %d should be able to process files for sample_set %d" % (auth.user_id, sample_set_id_ter))

        result = auth.can_process_sample_set(sample_set_id, user_id_sec)
        self.assertTrue(result,
                "User %d should be able to process files for sample_set %d" % (user_id_sec, sample_set_id))
364

365
366
367
368
369
        result = auth.can_process_sample_set(sample_set_id_ter, user_id_sec)
        self.assertFalse(result,
                "User %d should not be able to process files for sample_set %d" % (user_id_sec, sample_set_id_ter))

        result = auth.can_process_sample_set(sample_set_id, user_id)
370
371
        self.assertTrue(result,
                "User %d is a member of admin group and is missing permissions to process files" % user_id)
372
373

    def testCanUploadFile(self):
HERBERT Ryan's avatar
HERBERT Ryan committed
374
375
376
377
378
379
380
381
382
383
384
        result = auth.can_upload_file('patient', patient_id_sec)
        self.assertFalse(result,
                "User %d should not have permission to upload files for patient %d" % (auth.user_id, patient_id_sec))

        result = auth.can_upload_file('patient', patient_id, user_id_sec)
        self.assertTrue(result,
                "User %d should be able to upload files for patient %d" % (user_id_sec, patient_id))

        result = auth.can_upload_file('patient', patient_id, user_id)
        self.assertTrue(result,
                "User %d is a member of admin group and is missing permissions to upload files" % user_id)
385

386
387
388
389
390
391
392
393
    def testCanUploadSampleSet(self):
        result = auth.can_upload_sample_set(sample_set_id_sec)
        self.assertFalse(result,
                "User %d should not have permission to upload files for sample_set %d" % (auth.user_id, sample_set_id_sec))

        result = auth.can_upload_sample_set(sample_set_id, user_id_sec)
        self.assertTrue(result,
                "User %d should be able to upload files for sample_set %d" % (user_id_sec, sample_set_id))
394

395
        result = auth.can_upload_sample_set(sample_set_id, user_id)
396
397
        self.assertTrue(result,
                "User %d is a member of admin group and is missing permissions to upload files" % user_id)
398
399

    def testCanUseConfig(self):
400
401
        result = auth.can_use_config(config_id)
        self.assertFalse(result, "User %d should not have permission to use config %d" % (auth.user_id, config_id))
402

403
404
        result = auth.can_use_config(config_id, user_id_sec)
        self.assertTrue(result, "User %d should be able to use config %d" % (user_id_sec, config_id))
405

406
        result = auth.can_use_config(config_id, user_id)
407
        self.assertTrue(result,
408
                "User %d is a member of admin group and is missing permissions to use config %d" % (user_id, config_id))
409
410

    def testCanViewPatient(self):
411
412
        result = auth.can_view_patient(patient_id_qua)
        self.assertFalse(result, "User %d should not have permission to view patient %d" % (auth.user_id, patient_id_qua))
413

414
415
        result = auth.can_view_patient(patient_id_qua, user_id_sec)
        self.assertTrue(result, "User %d should be able to view patient %d" % (user_id_sec, patient_id_qua))
416

417
        result = auth.can_view_patient(patient_id_qua, user_id)
418
        self.assertTrue(result,
419
                "User %d is a member of admin group and is missing permissions to view patient %d" % (user_id, patient_id_qua))
420
421

    def testCanViewRun(self):
422
423
        result = auth.can_view_run(run_id)
        self.assertFalse(result, "User %d should not have permission to view run %d" % (auth.user_id, run_id))
424

425
426
        result = auth.can_view_run(run_id, user_id_sec)
        self.assertTrue(result, "User %d should be able to view run %d" % (user_id_sec, run_id))
427

428
        result = auth.can_view_run(run_id, user_id)
429
        self.assertTrue(result,
430
                "User %d is a member of admin group and is missing permissions to view run %d" % (user_id, run_id))
431
432

    def testCanViewSampleSet(self):
433
434
        result = auth.can_view_sample_set(first_sample_set_id)
        self.assertFalse(result, "User %d should not have permission to view sample_set %d" % (auth.user_id, first_sample_set_id))
435

436
437
        result = auth.can_view_sample_set(first_sample_set_id, user_id_sec)
        self.assertTrue(result, "User %d should be able to view sample_set %d" % (user_id_sec, first_sample_set_id))
438

439
        result = auth.can_view_sample_set(first_sample_set_id, user_id)
440
        self.assertTrue(result,
441
                "User %d is a member of admin group and is missing permissions to view sample_set %d" % (user_id, first_sample_set_id))
442

HERBERT Ryan's avatar
HERBERT Ryan committed
443
    def testCanSavePatient(self):
444
445
        result = auth.can_save_patient(patient_id_qua)
        self.assertFalse(result, "User %d should not have permission to save patient %d" % (auth.user_id, patient_id_qua))
HERBERT Ryan's avatar
HERBERT Ryan committed
446

447
448
        result = auth.can_save_patient(patient_id_qua, user_id_sec)
        self.assertTrue(result, "User %d should be able to save patient %d" % (user_id_sec, patient_id_qua))
HERBERT Ryan's avatar
HERBERT Ryan committed
449

450
        result = auth.can_save_patient(patient_id_qua, user_id)
HERBERT Ryan's avatar
HERBERT Ryan committed
451
        self.assertTrue(result,
452
                "User %d is a member of admin group and is missing permissions to save patient %d" % (user_id, patient_id_qua))
HERBERT Ryan's avatar
HERBERT Ryan committed
453
454

    def testCanSaveRun(self):
455
456
        result = auth.can_save_run(run_id)
        self.assertFalse(result, "User %d should not have permission to save run %d" % (auth.user_id, run_id))
HERBERT Ryan's avatar
HERBERT Ryan committed
457

458
459
        result = auth.can_save_run(run_id, user_id_sec)
        self.assertTrue(result, "User %d should be able to save run %d" % (user_id_sec, run_id))
HERBERT Ryan's avatar
HERBERT Ryan committed
460

461
        result = auth.can_save_run(run_id, user_id)
HERBERT Ryan's avatar
HERBERT Ryan committed
462
        self.assertTrue(result,
463
                "User %d is a member of admin group and is missing permissions to save run %d" % (user_id, run_id))
HERBERT Ryan's avatar
HERBERT Ryan committed
464
465

    def testCanSaveSampleSet(self):
466
467
        result = auth.can_save_sample_set(first_sample_set_id)
        self.assertFalse(result, "User %d should not have permission to save sample_set %d" % (auth.user_id, first_sample_set_id))
HERBERT Ryan's avatar
HERBERT Ryan committed
468

469
470
        result = auth.can_save_sample_set(first_sample_set_id, user_id_sec)
        self.assertTrue(result, "User %d should be able to save sample_set %d" % (user_id_sec, first_sample_set_id))
HERBERT Ryan's avatar
HERBERT Ryan committed
471

472
        result = auth.can_save_sample_set(first_sample_set_id, user_id)
HERBERT Ryan's avatar
HERBERT Ryan committed
473
        self.assertTrue(result,
474
                "User %d is a member of admin group and is missing permissions to save sample_set %d" % (user_id, first_sample_set_id))
HERBERT Ryan's avatar
HERBERT Ryan committed
475

476
    def testCanViewPatientInfo(self):
477
478
479
        result = auth.can_view_patient_info(patient_id_sec, auth.user_id)
        self.assertFalse(result, "User %d should not have permission anon for patient %d" % (auth.user_id, patient_id_sec))

HERBERT Ryan's avatar
HERBERT Ryan committed
480
        db.auth_permission.insert(group_id=group, name=PermissionEnum.anon.value, table_name='sample_set', record_id=0)
481
        db.commit()
482
483
        result = auth.can_view_patient_info(patient_id_sec, auth.user_id)
        self.assertTrue(result, "User %d is missing permission anon for patient: %d" % (auth.user_id, patient_id_sec))
484
485

    def testGetGroupParent(self):
486
        expected = [parent_group]
487
        result = auth.get_group_parent(group_sec)
488
489
490
        self.assertEqual(Counter(expected), Counter(result), "Expected: %s, but got: %s" % (str(expected), str(result)))

    def testGetUserGroups(self):
491
        expected = [group, group_ter, group_qua]
492
493
494
        result = [g.id for g in auth.get_user_groups()]
        self.assertEqual(Counter(expected), Counter(result), "Expected: %s, but got: %s" % (str(expected), str(result)))

HERBERT Ryan's avatar
HERBERT Ryan committed
495
        expected = [group_sec]
496
497
498
        result = [g.id for g in auth.get_user_groups(user_id_sec)]
        self.assertEqual(Counter(expected), Counter(result), "Expected: %s, but got: %s" % (str(expected), str(result)))

HERBERT Ryan's avatar
HERBERT Ryan committed
499
500
501
502
503
    def testGetUserGroupParents(self):
        expected = [group_qui]
        result = [g.id for g in auth.get_user_group_parents()]
        self.assertEqual(Counter(expected), Counter(result), "Expected: %s, but got: %s" % (str(expected), str(result)))

504
        expected = [parent_group]
HERBERT Ryan's avatar
HERBERT Ryan committed
505
506
507
        result = [g.id for g in auth.get_user_group_parents(user_id_sec)]
        self.assertEqual(Counter(expected), Counter(result), "Expected: %s, but got: %s" % (str(expected), str(result)))

508
    def testVidjilAccessibleQuery(self):
509
        expected = [patient_id_sec, patient_id_ter]
HERBERT Ryan's avatar
HERBERT Ryan committed
510
        result = [p.id for p in db(auth.vidjil_accessible_query(PermissionEnum.read.value, 'patient', auth.user_id)).select()]
HERBERT Ryan's avatar
HERBERT Ryan committed
511
512
513
        self.assertEqual(Counter(expected), Counter(result),
                "Expected: %s, but got: %s for user: %d" % (str(expected), str(result), auth.user_id))

514
        expected = [patient_id, patient_id_qua]
HERBERT Ryan's avatar
HERBERT Ryan committed
515
        result = [p.id for p in db(auth.vidjil_accessible_query(PermissionEnum.read.value, 'patient', user_id_sec)).select()]
516
517
518
        self.assertEqual(Counter(expected), Counter(result),
                "Expected: %s, but got: %s for user: %d" % (str(expected), str(result), user_id_sec))

519
520
        expected = [patient_id_sec, patient_id_ter]
        result = [p.id for p in db(auth.vidjil_accessible_query(PermissionEnum.read.value, 'patient', my_user_id)).select()]
HERBERT Ryan's avatar
HERBERT Ryan committed
521
522
523
        self.assertEqual(Counter(expected), Counter(result),
                "Expected: %s, but got: %s for user: %d" % (str(expected), str(result), user_id))

524
    def testChildParentShare(self):
HERBERT Ryan's avatar
HERBERT Ryan committed
525
526
527
        '''
        Tests that a child does not share permissions with a parent group
        '''
HERBERT Ryan's avatar
HERBERT Ryan committed
528
        child_perm = auth.get_permission(PermissionEnum.read.value, 'patient', patient_id_sec, user=auth.user_id)
HERBERT Ryan's avatar
HERBERT Ryan committed
529
530
        self.assertTrue(child_perm, "User %d is missing permissions on patient %d" % (auth.user_id, patient_id_sec))

HERBERT Ryan's avatar
HERBERT Ryan committed
531
        parent_perm = auth.get_permission(PermissionEnum.read.value, 'patient', patient_id_sec, user=parent_user_id)
532
        self.assertFalse(parent_perm, "Child group %d is conferring permissions to parent group %d" % (group, parent_group))
HERBERT Ryan's avatar
HERBERT Ryan committed
533

534
    def testParentChildShare(self):
HERBERT Ryan's avatar
HERBERT Ryan committed
535
536
537
        '''
        Tests that a parent group shares permissions with a child group
        '''
HERBERT Ryan's avatar
HERBERT Ryan committed
538
        parent_perm = auth.get_permission(PermissionEnum.read.value, 'patient', patient_id, user=parent_user_id)
HERBERT Ryan's avatar
HERBERT Ryan committed
539
540
        self.assertTrue(parent_perm, "User %d is missing permissions on patient %d" % (parent_user_id, patient_id))

HERBERT Ryan's avatar
HERBERT Ryan committed
541
        child_perm = auth.get_permission(PermissionEnum.read.value, 'patient', patient_id, user=user_id_sec)
542
        self.assertTrue(child_perm, "Parent group %d failed to pass permissions to child group %d" % (parent_group, group_sec))
HERBERT Ryan's avatar
HERBERT Ryan committed
543

544
    def testSiblingShare(self):
HERBERT Ryan's avatar
HERBERT Ryan committed
545
546
547
        '''
        Tests that two groups that share a parent do not share their own permissions between them
        '''
HERBERT Ryan's avatar
HERBERT Ryan committed
548
        owner_perm = auth.get_permission(PermissionEnum.read.value, 'patient', patient_id_sec, user=auth.user_id)
HERBERT Ryan's avatar
HERBERT Ryan committed
549
550
        self.assertTrue(owner_perm, "User %d is missing permissions on patient %d" % (auth.user_id, patient_id_sec))

HERBERT Ryan's avatar
HERBERT Ryan committed
551
        sibling_perm = auth.get_permission(PermissionEnum.read.value, 'patient', patient_id_sec, user=user_id_sec)
HERBERT Ryan's avatar
HERBERT Ryan committed
552
553
        self.assertFalse(sibling_perm, "A read permission had been passed from group %d to group %d" % (group, group_sec))

554
    def testAdminShare(self):
555
556
557
        '''
        Tests that being part of the group admin grants permissions on all patients
        '''
HERBERT Ryan's avatar
HERBERT Ryan committed
558
        expected = [p.id for p in db(db.patient).select()]
559
        result = [p.id for p in db(auth.vidjil_accessible_query(PermissionEnum.read.value, 'patient', admin_user_id)).select()]
HERBERT Ryan's avatar
HERBERT Ryan committed
560
561
562
563
564
565
        self.assertEqual(Counter(expected), Counter(result), "Expected: %s, but got: %s" % (str(expected), str(result)))

        for patient_id in expected:
            res = auth.can_modify_patient(patient_id, user_id)
            self.assertTrue(res, "User %d is missing permissions on patient %d" % (user_id, patient_id))

566
    def testAccessibleCanConcordance(self):
HERBERT Ryan's avatar
HERBERT Ryan committed
567
        res_accessible = [p.id for p in db(auth.vidjil_accessible_query(PermissionEnum.read.value, 'patient', auth.user_id)).select()]
HERBERT Ryan's avatar
HERBERT Ryan committed
568
569
570
571
572
573
574
575
576
        full_patient_list = [p.id for p in db(db.patient).select()]

        res_can = []
        for p in full_patient_list:
            if auth.can_view_patient(p, auth.user_id):
                res_can.append(p)

        self.assertEqual(Counter(res_accessible), Counter(res_can),
                "The two methods returned different results. accessible: %s, can: %s" % (res_accessible, res_can))
577

578
    def testAdminCrossBleed(self):
579
580
581
        '''
        Tests that having admin permissions in one group will not share admin permissions to another
        '''
582
583
        res = auth.can_modify_patient(patient_id_qua, user_id_sec)
        self.assertTrue(res, "User %d is missing admin permissions on patient %d" % (user_id_sec, patient_id_qua))
584

585
586
        res = auth.can_view_patient(patient_id, user_id_sec)
        self.assertTrue(res, "User %d is missing read permissions on patient %d" % (user_id_sec, patient_id))
587

588
589
        res = auth.can_modify_patient(patient_id_sec, auth.user_id)
        self.assertFalse(res, "User %d should not have admin permissions on patient %d" % (auth.user_id, patient_id_sec))
590
591
592
593
594

    def testGetPermissionCache(self):
        res = auth.can_modify_patient(patient_id)
        self.assertFalse(res, "User %d should not have admin permissions on patient %d" % (auth.user_id, patient_id))

HERBERT Ryan's avatar
HERBERT Ryan committed
595
        db.auth_permission.insert(group_id=group, name=PermissionEnum.admin.value, table_name='sample_set', record_id=0)
596
597
598
599
600

        res = auth.can_modify_patient(patient_id)
        self.assertFalse(res, "User %d should not have admin permissions on patient %d" % (auth.user_id, patient_id))

    def testGetPermissionGroups(self):
HERBERT Ryan's avatar
HERBERT Ryan committed
601
        res = auth.get_permission_groups(PermissionEnum.admin.value, 'patient', user_id_sec)
602
603
604
605
606
607
608
609
610
611
612
        expected = [group_sec]
        self.assertEqual(Counter(expected), Counter(res),
                "Expected: %s, but got %s for user %d" % (str(expected), str(res), auth.user_id))

    def testGetAccessGroups(self):
        res = auth.get_access_groups('patient', patient_id, user_id_sec)
        expected = [group_sec]
        self.assertEqual(Counter(expected), Counter(res),
                "Expected: %s, but for %s for user %d" % (str(expected), str(res), user_id_sec))

    def testLoadPermissions(self):
HERBERT Ryan's avatar
HERBERT Ryan committed
613
        query = auth.load_permissions(PermissionEnum.admin.value, 'patient')
614
        res = [p.id for p in query]
615
        expected = [patient_id_ter]
616
617
618
        self.assertEqual(Counter(expected), Counter(res),
                "Expected %s, but got %s for user %d" % (str(expected), str(res), auth.user_id))

HERBERT Ryan's avatar
HERBERT Ryan committed
619
        key = auth.get_cache_key(PermissionEnum.admin.value, 'patient')
620
        cache_content = auth.permissions[key][patient_id_ter]
621
        self.assertTrue(cache_content, "The results from load_permissions were not loaded into cache")
HERBERT Ryan's avatar
HERBERT Ryan committed
622
623
624
625
626

    def testGetGroupPermission(self):
        res = auth.get_group_permission(PermissionEnum.admin.value, 'sample_set', 0, group_sec)
        self.assertTrue(res, "Group %d is missing admin permissions" % group_sec)

627
628
        res = auth.get_group_permission(PermissionEnum.read.value, 'patient', patient_id, parent_group)
        self.assertTrue(res, "Group %d is missing permission access on patient %d" % (parent_group, patient_id))
HERBERT Ryan's avatar
HERBERT Ryan committed
629
630
631
632
633

        res = auth.get_group_permission(PermissionEnum.admin.value, 'patient', patient_id, group)
        self.assertFalse(res, "Group %d should not have admin permission on patient %d" % (group, patient_id))

    def testGetGroupAccess(self):
634
635
        res = auth.get_group_access('patient', patient_id, parent_group)
        self.assertTrue(res, "Group %d is missing access to patient %d" % (parent_group, patient_id))
HERBERT Ryan's avatar
HERBERT Ryan committed
636
637
638

        res = auth.get_group_access('patient', patient_id, group_sec)
        self.assertFalse(res, "Group %d should not have direct access to patient %d" % (group_sec, patient_id))