root/galaxy-central/test/functional/test_admin_features.py

リビジョン 2, 28.4 KB (コミッタ: hatakeyama, 14 年 前)

import galaxy-central

行番号 
1from base.twilltestcase import *
2from base.test_db_util import *
3
4class TestDataSecurity( TwillTestCase ):
5    def test_000_initiate_users( self ):
6        """Ensuring all required user accounts exist"""
7        self.logout()
8        self.login( email='test1@bx.psu.edu', username='regular-user1' )
9        global regular_user1
10        regular_user1 = get_user( 'test1@bx.psu.edu' )
11        assert regular_user1 is not None, 'Problem retrieving user with email "test1@bx.psu.edu" from the database'
12        self.logout()
13        self.login( email='test2@bx.psu.edu', username='regular-user2' )
14        global regular_user2
15        regular_user2 = get_user( 'test2@bx.psu.edu' )
16        assert regular_user2 is not None, 'Problem retrieving user with email "test2@bx.psu.edu" from the database'
17        self.logout()
18        self.login( email='test@bx.psu.edu', username='admin-user' )
19        global admin_user
20        admin_user = get_user( 'test@bx.psu.edu' )
21        assert admin_user is not None, 'Problem retrieving user with email "test@bx.psu.edu" from the database'
22    def test_005_create_new_user_account_as_admin( self ):
23        """Testing creating a new user account as admin"""
24        # Logged in as admin_user
25        email = 'test3@bx.psu.edu'
26        password = 'testuser'
27        # Test setting the user name to one that is already taken.  Note that the account must not exist in order
28        # for this test to work as desired, so the email we're passing is important...
29        previously_created, username_taken, invalid_username = self.create_new_account_as_admin( email='diff@you.com',
30                                                                                                 password=password,
31                                                                                                 username='admin-user',
32                                                                                                 webapp='galaxy',
33                                                                                                 referer='' )
34        if not username_taken:
35            raise AssertionError, "The user name (%s) is already being used by another user, but no error was displayed" \
36                % 'admin-user'
37        # Test setting the user name to an invalid one.  Note that the account must not exist in order
38        # for this test to work as desired, so the email we're passing is important...
39        previously_created, username_taken, invalid_username = self.create_new_account_as_admin( email='diff@you.com',
40                                                                                                 password=password,
41                                                                                                 username='h',
42                                                                                                 webapp='galaxy',
43                                                                                                 referer='' )
44        if not invalid_username:
45            raise AssertionError, "The user name (%s) is is invalid, but no error was displayed" % username
46        previously_created, username_taken, invalid_username = self.create_new_account_as_admin( email=email,
47                                                                                                 password=password,
48                                                                                                 username='regular-user3',
49                                                                                                 webapp='galaxy',
50                                                                                                 referer='' )
51        # Get the user object for later tests
52        global regular_user3
53        regular_user3 = get_user( email )
54        assert regular_user3 is not None, 'Problem retrieving user with email "%s" from the database' % email
55        global regular_user3_private_role
56        regular_user3_private_role = get_private_role( regular_user3 )
57        # Make sure DefaultUserPermissions were created
58        if not regular_user3.default_permissions:
59            raise AssertionError( 'No DefaultUserPermissions were created for user %s when the admin created the account' % email )
60        # Make sure a private role was created for the user
61        if not regular_user3.roles:
62            raise AssertionError( 'No UserRoleAssociations were created for user %s when the admin created the account' % email )
63        if not previously_created and len( regular_user3.roles ) != 1:
64            raise AssertionError( '%d UserRoleAssociations were created for user %s when the admin created the account ( should have been 1 )' \
65                                  % ( len( regular_user3.roles ), regular_user3.email ) )
66        for ura in regular_user3.roles:
67            role = sa_session.query( galaxy.model.Role ).get( ura.role_id )
68            if not previously_created and role.type != 'private':
69                raise AssertionError( 'Role created for user %s when the admin created the account is not private, type is' \
70                                      % str( role.type ) )
71        if not previously_created:
72            # Make sure a history was not created ( previous test runs may have left deleted histories )
73            histories = get_all_histories_for_user( regular_user3 )
74            if histories:
75                raise AssertionError( 'Histories were incorrectly created for user %s when the admin created the account' % email )
76            # Make sure the user was not associated with any groups
77            if regular_user3.groups:
78                raise AssertionError( 'Groups were incorrectly associated with user %s when the admin created the account' % email )
79    def test_010_reset_password_as_admin( self ):
80        """Testing reseting a user password as admin"""
81        self.reset_password_as_admin( user_id=self.security.encode_id( regular_user3.id ), password='testreset' )
82    def test_015_login_after_password_reset( self ):
83        """Testing logging in after an admin reset a password - tests DefaultHistoryPermissions for accounts created by an admin"""
84        # logged in as admin_user
85        self.logout()
86        self.login( email=regular_user3.email, password='testreset' )
87        # Make sure a History and HistoryDefaultPermissions exist for the user
88        latest_history = get_latest_history_for_user( regular_user3 )
89        if not latest_history.user_id == regular_user3.id:
90            raise AssertionError( 'A history was not created for user %s when he logged in' % email )
91        if not latest_history.default_permissions:
92            raise AssertionError( 'No DefaultHistoryPermissions were created for history id %d when it was created' % latest_history.id )
93        dhps = get_default_history_permissions_by_history( latest_history )
94        if len( dhps ) > 1:
95            raise AssertionError( 'More than 1 DefaultHistoryPermissions were created for history id %d when it was created' % latest_history.id )
96        dhp = dhps[0]
97        if not dhp.action == galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action:
98            raise AssertionError( 'The DefaultHistoryPermission.action for history id %d is "%s", but it should be "manage permissions"' \
99                                  % ( latest_history.id, dhp.action ) )
100        # Upload a file to create a HistoryDatasetAssociation
101        self.upload_file( '1.bed' )
102        latest_dataset = get_latest_dataset()
103        for dp in latest_dataset.actions:
104            # Should only have 1 DatasetPermissions
105            if dp.action != galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action:
106                raise AssertionError( 'The DatasetPermissions for dataset id %d is %s ( should have been %s )' \
107                                      % ( latest_dataset.id,
108                                          latest_dataset.actions.action,
109                                          galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action ) )
110        self.logout()
111        # Reset the password to the default for later tests
112        self.login( email='test@bx.psu.edu' )
113        self.reset_password_as_admin( user_id=self.security.encode_id( regular_user3.id ), password='testuser' )
114    def test_020_mark_user_deleted( self ):
115        """Testing marking a user account as deleted"""
116        # Logged in as admin_user
117        self.mark_user_deleted( user_id=self.security.encode_id( regular_user3.id ), email=regular_user3.email )
118        if not regular_user3.active_histories:
119            raise AssertionError( 'HistoryDatasetAssociations for regular_user3 were incorrectly deleted when the user was marked deleted' )
120    def test_025_undelete_user( self ):
121        """Testing undeleting a user account"""
122        # Logged in as admin_user
123        self.undelete_user( user_id=self.security.encode_id( regular_user3.id ), email=regular_user3.email )
124    def test_030_create_role( self ):
125        """Testing creating new role with 3 members ( and a new group named the same ), then renaming the role"""
126        # Logged in as admin_user
127        name = 'Role One'
128        description = "This is Role Ones description"
129        user_ids=[ str( admin_user.id ), str( regular_user1.id ), str( regular_user3.id ) ]
130        self.create_role( name=name,
131                          description=description,
132                          in_user_ids=user_ids,
133                          in_group_ids=[],
134                          create_group_for_role='yes',
135                          private_role=admin_user.email )
136        # Get the role object for later tests
137        global role_one
138        role_one = sa_session.query( galaxy.model.Role ).filter( galaxy.model.Role.table.c.name==name ).first()
139        assert role_one is not None, 'Problem retrieving role named "Role One" from the database'
140        # Make sure UserRoleAssociations are correct
141        if len( role_one.users ) != len( user_ids ):
142            raise AssertionError( '%d UserRoleAssociations were created for role id %d when it was created ( should have been %d )' \
143                                  % ( len( role_one.users ), role_one.id, len( user_ids ) ) )
144        # Each of the following users should now have 2 role associations, their private role and role_one
145        for user in [ admin_user, regular_user1, regular_user3 ]:
146            refresh( user )
147            if len( user.roles ) != 2:
148                raise AssertionError( '%d UserRoleAssociations are associated with user %s ( should be 2 )' \
149                                      % ( len( user.roles ), user.email ) )
150        # Make sure the group was created
151        self.visit_url( '%s/admin/groups' % self.url )
152        self.check_page_for_string( name )
153        global group_zero
154        group_zero = get_group_by_name( name )
155        # Rename the role
156        rename = "Role One's been Renamed"
157        new_description="This is Role One's Re-described"
158        self.rename_role( self.security.encode_id( role_one.id ), name=rename, description=new_description )
159        self.visit_url( '%s/admin/roles' % self.url )
160        self.check_page_for_string( rename )
161        self.check_page_for_string( new_description )
162        # Reset the role back to the original name and description
163        self.rename_role( self.security.encode_id( role_one.id ), name=name, description=description )
164    def test_035_create_group( self ):
165        """Testing creating new group with 3 members and 1 associated role, then renaming it"""
166        # Logged in as admin_user
167        name = "Group One's Name"
168        user_ids=[ str( admin_user.id ), str( regular_user1.id ), str( regular_user3.id ) ]
169        role_ids=[ str( role_one.id ) ]
170        self.create_group( name=name, in_user_ids=user_ids, in_role_ids=role_ids )
171        # Get the group object for later tests
172        global group_one
173        group_one = get_group_by_name( name )
174        assert group_one is not None, 'Problem retrieving group named "Group One" from the database'
175        # Make sure UserGroupAssociations are correct
176        if len( group_one.users ) != len( user_ids ):
177            raise AssertionError( '%d UserGroupAssociations were created for group id %d when it was created ( should have been %d )' \
178                                  % ( len( group_one.users ), group_one.id, len( user_ids ) ) )
179        # Each user should now have 1 group association, group_one
180        for user in [ admin_user, regular_user1, regular_user3 ]:
181            refresh( user )
182            if len( user.groups ) != 1:
183                raise AssertionError( '%d UserGroupAssociations are associated with user %s ( should be 1 )' % ( len( user.groups ), user.email ) )
184        # Make sure GroupRoleAssociations are correct
185        if len( group_one.roles ) != len( role_ids ):
186            raise AssertionError( '%d GroupRoleAssociations were created for group id %d when it was created ( should have been %d )' \
187                                  % ( len( group_one.roles ), group_one.id, len( role_ids ) ) )
188        # Rename the group
189        rename = "Group One's been Renamed"
190        self.rename_group( self.security.encode_id( group_one.id ), name=rename, )
191        self.home()
192        self.visit_url( '%s/admin/groups' % self.url )
193        self.check_page_for_string( rename )
194        # Reset the group back to the original name
195        self.rename_group( self.security.encode_id( group_one.id ), name=name )
196    def test_040_add_members_and_role_to_group( self ):
197        """Testing editing user membership and role associations of an existing group"""
198        # Logged in as admin_user
199        name = 'Group Two'
200        self.create_group( name=name, in_user_ids=[], in_role_ids=[] )
201        # Get the group object for later tests
202        global group_two
203        group_two = get_group_by_name( name )
204        assert group_two is not None, 'Problem retrieving group named "Group Two" from the database'
205        # group_two should have no associations
206        if group_two.users:
207            raise AssertionError( '%d UserGroupAssociations were created for group id %d when it was created ( should have been 0 )' \
208                              % ( len( group_two.users ), group_two.id ) )
209        if group_two.roles:
210            raise AssertionError( '%d GroupRoleAssociations were created for group id %d when it was created ( should have been 0 )' \
211                              % ( len( group_two.roles ), group_two.id ) )
212        user_ids = [ str( regular_user1.id )  ]
213        role_ids = [ str( role_one.id ) ]
214        self.associate_users_and_roles_with_group( self.security.encode_id( group_two.id ),
215                                                   group_two.name,
216                                                   user_ids=user_ids,
217                                                   role_ids=role_ids )
218    def test_045_create_role_with_user_and_group_associations( self ):
219        """Testing creating a role with user and group associations"""
220        # Logged in as admin_user
221        # NOTE: To get this to work with twill, all select lists on the ~/admin/role page must contain at least
222        # 1 option value or twill throws an exception, which is: ParseError: OPTION outside of SELECT
223        # Due to this bug in twill, we create the role, we bypass the page and visit the URL in the
224        # associate_users_and_groups_with_role() method.
225        name = 'Role Two'
226        description = 'This is Role Two'
227        user_ids=[ str( admin_user.id ) ]
228        group_ids=[ str( group_two.id ) ]
229        private_role=admin_user.email
230        # Create the role
231        self.create_role( name=name,
232                          description=description,
233                          in_user_ids=user_ids,
234                          in_group_ids=group_ids,
235                          private_role=private_role )
236        # Get the role object for later tests
237        global role_two
238        role_two = get_role_by_name( name )
239        assert role_two is not None, 'Problem retrieving role named "Role Two" from the database'
240        # Make sure UserRoleAssociations are correct
241        if len( role_two.users ) != len( user_ids ):
242            raise AssertionError( '%d UserRoleAssociations were created for role id %d when it was created with %d members' \
243                                  % ( len( role_two.users ), role_two.id, len( user_ids ) ) )
244        # admin_user should now have 3 role associations, private role, role_one, role_two
245        refresh( admin_user )
246        if len( admin_user.roles ) != 3:
247            raise AssertionError( '%d UserRoleAssociations are associated with user %s ( should be 3 )' % ( len( admin_user.roles ), admin_user.email ) )
248        # Make sure GroupRoleAssociations are correct
249        refresh( role_two )
250        if len( role_two.groups ) != len( group_ids ):
251            raise AssertionError( '%d GroupRoleAssociations were created for role id %d when it was created ( should have been %d )' \
252                                  % ( len( role_two.groups ), role_two.id, len( group_ids ) ) )
253        # group_two should now be associated with 2 roles: role_one, role_two
254        refresh( group_two )
255        if len( group_two.roles ) != 2:
256            raise AssertionError( '%d GroupRoleAssociations are associated with group id %d ( should be 2 )' % ( len( group_two.roles ), group_two.id ) )
257    def test_050_change_user_role_associations( self ):
258        """Testing changing roles associated with a user"""
259        # Logged in as admin_user
260        # Create a new role with no associations
261        name = 'Role Three'
262        description = 'This is Role Three'
263        user_ids=[]
264        group_ids=[]
265        private_role=admin_user.email
266        self.create_role( name=name,
267                          description=description,
268                          in_user_ids=user_ids,
269                          in_group_ids=group_ids,
270                          private_role=private_role )
271        # Get the role object for later tests
272        global role_three
273        role_three = get_role_by_name( name )
274        assert role_three is not None, 'Problem retrieving role named "Role Three" from the database'
275        # Associate the role with a user
276        refresh( admin_user )
277        role_ids = []
278        for ura in admin_user.non_private_roles:
279            role_ids.append( str( ura.role_id ) )
280        role_ids.append( str( role_three.id ) )
281        group_ids = []
282        for uga in admin_user.groups:
283            group_ids.append( str( uga.group_id ) )
284        strings_displayed = [ "User '%s' has been updated with %d associated roles and %d associated groups" % \
285                            ( admin_user.email, len( role_ids ), len( group_ids ) ) ]
286        self.manage_roles_and_groups_for_user( self.security.encode_id( admin_user.id ),
287                                               in_role_ids=role_ids,
288                                               in_group_ids=group_ids,
289                                               strings_displayed=strings_displayed )
290        refresh( admin_user )
291        # admin_user should now be associated with 4 roles: private, role_one, role_two, role_three
292        if len( admin_user.roles ) != 4:
293            raise AssertionError( '%d UserRoleAssociations are associated with %s ( should be 4 )' % \
294                                  ( len( admin_user.roles ), admin_user.email ) )
295    def test_055_mark_group_deleted( self ):
296        """Testing marking a group as deleted"""
297        # Logged in as admin_user
298        self.browse_groups( strings_displayed=[ group_two.name ] )
299        self.mark_group_deleted( self.security.encode_id( group_two.id ), group_two.name )
300        refresh( group_two )
301        if not group_two.deleted:
302            raise AssertionError( '%s was not correctly marked as deleted.' % group_two.name )
303        # Deleting a group should not delete any associations
304        if not group_two.members:
305            raise AssertionError( '%s incorrectly lost all members when it was marked as deleted.' % group_two.name )
306        if not group_two.roles:
307            raise AssertionError( '%s incorrectly lost all role associations when it was marked as deleted.' % group_two.name )
308    def test_060_undelete_group( self ):
309        """Testing undeleting a deleted group"""
310        # Logged in as admin_user
311        self.undelete_group( self.security.encode_id( group_two.id ), group_two.name )
312        refresh( group_two )
313        if group_two.deleted:
314            raise AssertionError( '%s was not correctly marked as not deleted.' % group_two.name )
315    def test_065_mark_role_deleted( self ):
316        """Testing marking a role as deleted"""
317        # Logged in as admin_user
318        self.home()
319        self.browse_roles( strings_displayed=[ role_two.name ] )
320        self.mark_role_deleted( self.security.encode_id( role_two.id ), role_two.name )
321        refresh( role_two )
322        if not role_two.deleted:
323            raise AssertionError( '%s was not correctly marked as deleted.' % role_two.name )
324        # Deleting a role should not delete any associations
325        if not role_two.users:
326            raise AssertionError( '%s incorrectly lost all user associations when it was marked as deleted.' % role_two.name )
327        if not role_two.groups:
328            raise AssertionError( '%s incorrectly lost all group associations when it was marked as deleted.' % role_two.name )
329    def test_070_undelete_role( self ):
330        """Testing undeleting a deleted role"""
331        # Logged in as admin_user
332        self.undelete_role( self.security.encode_id( role_two.id ), role_two.name )
333    def test_075_purge_user( self ):
334        """Testing purging a user account"""
335        # Logged in as admin_user
336        self.mark_user_deleted( user_id=self.security.encode_id( regular_user3.id ), email=regular_user3.email )
337        refresh( regular_user3 )
338        self.purge_user( self.security.encode_id( regular_user3.id ), regular_user3.email )
339        refresh( regular_user3 )
340        if not regular_user3.purged:
341            raise AssertionError( 'User %s was not marked as purged.' % regular_user3.email )
342        # Make sure DefaultUserPermissions deleted EXCEPT FOR THE PRIVATE ROLE
343        if len( regular_user3.default_permissions ) != 1:
344            raise AssertionError( 'DefaultUserPermissions for user %s were not deleted.' % regular_user3.email )
345        for dup in regular_user3.default_permissions:
346            role = sa_session.query( galaxy.model.Role ).get( dup.role_id )
347            if role.type != 'private':
348                raise AssertionError( 'DefaultUserPermissions for user %s are not related with the private role.' % regular_user3.email )
349        # Make sure History deleted
350        for history in regular_user3.histories:
351            refresh( history )
352            if not history.deleted:
353                raise AssertionError( 'User %s has active history id %d after their account was marked as purged.' % ( regular_user3.email, hda.id ) )
354            # NOTE: Not all hdas / datasets will be deleted at the time a history is deleted - the cleanup_datasets.py script
355            # is responsible for this.
356        # Make sure UserGroupAssociations deleted
357        if regular_user3.groups:
358            raise AssertionError( 'User %s has active group id %d after their account was marked as purged.' % ( regular_user3.email, uga.id ) )
359        # Make sure UserRoleAssociations deleted EXCEPT FOR THE PRIVATE ROLE
360        if len( regular_user3.roles ) != 1:
361            raise AssertionError( 'UserRoleAssociations for user %s were not deleted.' % regular_user3.email )
362        for ura in regular_user3.roles:
363            role = sa_session.query( galaxy.model.Role ).get( ura.role_id )
364            if role.type != 'private':
365                raise AssertionError( 'UserRoleAssociations for user %s are not related with the private role.' % regular_user3.email )
366    def test_080_manually_unpurge_user( self ):
367        """Testing manually un-purging a user account"""
368        # Logged in as admin_user
369        # Reset the user for later test runs.  The user's private Role and DefaultUserPermissions for that role
370        # should have been preserved, so all we need to do is reset purged and deleted.
371        # TODO: If we decide to implement the GUI feature for un-purging a user, replace this with a method call
372        regular_user3.purged = False
373        regular_user3.deleted = False
374        flush( regular_user3 )
375    def test_085_purge_group( self ):
376        """Testing purging a group"""
377        # Logged in as admin_user
378        self.mark_group_deleted( self.security.encode_id( group_two.id ), group_two.name )
379        self.purge_group( self.security.encode_id( group_two.id ), group_two.name )
380        # Make sure there are no UserGroupAssociations
381        if get_user_group_associations_by_group( group_two ):
382            raise AssertionError( "Purging the group did not delete the UserGroupAssociations for group_id '%s'" % group_two.id )
383        # Make sure there are no GroupRoleAssociations
384        if get_group_role_associations_by_group( group_two ):
385            raise AssertionError( "Purging the group did not delete the GroupRoleAssociations for group_id '%s'" % group_two.id )
386        # Undelete the group for later test runs
387        self.undelete_group( self.security.encode_id( group_two.id ), group_two.name )
388    def test_090_purge_role( self ):
389        """Testing purging a role"""
390        # Logged in as admin_user
391        self.mark_role_deleted( self.security.encode_id( role_two.id ), role_two.name )
392        self.purge_role( self.security.encode_id( role_two.id ), role_two.name )
393        # Make sure there are no UserRoleAssociations
394        if get_user_role_associations_by_role( role_two ):
395            raise AssertionError( "Purging the role did not delete the UserRoleAssociations for role_id '%s'" % role_two.id )
396        # Make sure there are no DefaultUserPermissions associated with the Role
397        if get_default_user_permissions_by_role( role_two ):
398            raise AssertionError( "Purging the role did not delete the DefaultUserPermissions for role_id '%s'" % role_two.id )
399        # Make sure there are no DefaultHistoryPermissions associated with the Role
400        if get_default_history_permissions_by_role( role_two ):
401            raise AssertionError( "Purging the role did not delete the DefaultHistoryPermissions for role_id '%s'" % role_two.id )
402        # Make sure there are no GroupRoleAssociations
403        if get_group_role_associations_by_role( role_two ):
404            raise AssertionError( "Purging the role did not delete the GroupRoleAssociations for role_id '%s'" % role_two.id )
405        # Make sure there are no DatasetPermissionss
406        if get_dataset_permissions_by_role( role_two ):
407            raise AssertionError( "Purging the role did not delete the DatasetPermissionss for role_id '%s'" % role_two.id )
408    def test_095_manually_unpurge_role( self ):
409        """Testing manually un-purging a role"""
410        # Logged in as admin_user
411        # Manually unpurge, then undelete the role for later test runs
412        # TODO: If we decide to implement the GUI feature for un-purging a role, replace this with a method call
413        role_two.purged = False
414        flush( role_two )
415        self.undelete_role( self.security.encode_id( role_two.id ), role_two.name )
416    def test_999_reset_data_for_later_test_runs( self ):
417        """Reseting data to enable later test runs to pass"""
418        # Logged in as admin_user
419        ##################
420        # Eliminate all non-private roles
421        ##################
422        for role in [ role_one, role_two, role_three ]:
423            self.mark_role_deleted( self.security.encode_id( role.id ), role.name )
424            self.purge_role( self.security.encode_id( role.id ), role.name )
425            # Manually delete the role from the database
426            refresh( role )
427            sa_session.delete( role )
428            sa_session.flush()
429        ##################
430        # Eliminate all groups
431        ##################
432        for group in [ group_zero, group_one, group_two ]:
433            self.mark_group_deleted( self.security.encode_id( group.id ), group.name )
434            self.purge_group( self.security.encode_id( group.id ), group.name )
435            # Manually delete the group from the database
436            refresh( group )
437            sa_session.delete( group )
438            sa_session.flush()
439        ##################
440        # Make sure all users are associated only with their private roles
441        ##################
442        for user in [ admin_user, regular_user1, regular_user2, regular_user3 ]:
443            refresh( user )
444            if len( user.roles) != 1:
445                raise AssertionError( '%d UserRoleAssociations are associated with %s ( should be 1 )' % ( len( user.roles ), user.email ) )
Note: リポジトリブラウザについてのヘルプは TracBrowser を参照してください。