Context Navigation

test_admin_features.py

リビジョン 2, 28.4 KB (コミッタ: hatakeyama, 14 年前)
import galaxy-central

行番号
1	from base.twilltestcase import *
2	from base.test_db_util import *
3
4	class TestDataSecurity( TwillTestCase ):
5	def test_000_initiate_users( self ):
6	"""Ensuring all required user accounts exist"""
7	self.logout()
8	self.login( email='test1@bx.psu.edu', username='regular-user1' )
9	global regular_user1
10	regular_user1 = get_user( 'test1@bx.psu.edu' )
11	assert regular_user1 is not None, 'Problem retrieving user with email "test1@bx.psu.edu" from the database'
12	self.logout()
13	self.login( email='test2@bx.psu.edu', username='regular-user2' )
14	global regular_user2
15	regular_user2 = get_user( 'test2@bx.psu.edu' )
16	assert regular_user2 is not None, 'Problem retrieving user with email "test2@bx.psu.edu" from the database'
17	self.logout()
18	self.login( email='test@bx.psu.edu', username='admin-user' )
19	global admin_user
20	admin_user = get_user( 'test@bx.psu.edu' )
21	assert admin_user is not None, 'Problem retrieving user with email "test@bx.psu.edu" from the database'
22	def test_005_create_new_user_account_as_admin( self ):
23	"""Testing creating a new user account as admin"""
24	# Logged in as admin_user
25	email = 'test3@bx.psu.edu'
26	password = 'testuser'
27	# Test setting the user name to one that is already taken. Note that the account must not exist in order
28	# for this test to work as desired, so the email we're passing is important...
29	previously_created, username_taken, invalid_username = self.create_new_account_as_admin( email='diff@you.com',
30	password=password,
31	username='admin-user',
32	webapp='galaxy',
33	referer='' )
34	if not username_taken:
35	raise AssertionError, "The user name (%s) is already being used by another user, but no error was displayed" \
36	% 'admin-user'
37	# Test setting the user name to an invalid one. Note that the account must not exist in order
38	# for this test to work as desired, so the email we're passing is important...
39	previously_created, username_taken, invalid_username = self.create_new_account_as_admin( email='diff@you.com',
40	password=password,
41	username='h',
42	webapp='galaxy',
43	referer='' )
44	if not invalid_username:
45	raise AssertionError, "The user name (%s) is is invalid, but no error was displayed" % username
46	previously_created, username_taken, invalid_username = self.create_new_account_as_admin( email=email,
47	password=password,
48	username='regular-user3',
49	webapp='galaxy',
50	referer='' )
51	# Get the user object for later tests
52	global regular_user3
53	regular_user3 = get_user( email )
54	assert regular_user3 is not None, 'Problem retrieving user with email "%s" from the database' % email
55	global regular_user3_private_role
56	regular_user3_private_role = get_private_role( regular_user3 )
57	# Make sure DefaultUserPermissions were created
58	if not regular_user3.default_permissions:
59	raise AssertionError( 'No DefaultUserPermissions were created for user %s when the admin created the account' % email )
60	# Make sure a private role was created for the user
61	if not regular_user3.roles:
62	raise AssertionError( 'No UserRoleAssociations were created for user %s when the admin created the account' % email )
63	if not previously_created and len( regular_user3.roles ) != 1:
64	raise AssertionError( '%d UserRoleAssociations were created for user %s when the admin created the account ( should have been 1 )' \
65	% ( len( regular_user3.roles ), regular_user3.email ) )
66	for ura in regular_user3.roles:
67	role = sa_session.query( galaxy.model.Role ).get( ura.role_id )
68	if not previously_created and role.type != 'private':
69	raise AssertionError( 'Role created for user %s when the admin created the account is not private, type is' \
70	% str( role.type ) )
71	if not previously_created:
72	# Make sure a history was not created ( previous test runs may have left deleted histories )
73	histories = get_all_histories_for_user( regular_user3 )
74	if histories:
75	raise AssertionError( 'Histories were incorrectly created for user %s when the admin created the account' % email )
76	# Make sure the user was not associated with any groups
77	if regular_user3.groups:
78	raise AssertionError( 'Groups were incorrectly associated with user %s when the admin created the account' % email )
79	def test_010_reset_password_as_admin( self ):
80	"""Testing reseting a user password as admin"""
81	self.reset_password_as_admin( user_id=self.security.encode_id( regular_user3.id ), password='testreset' )
82	def test_015_login_after_password_reset( self ):
83	"""Testing logging in after an admin reset a password - tests DefaultHistoryPermissions for accounts created by an admin"""
84	# logged in as admin_user
85	self.logout()
86	self.login( email=regular_user3.email, password='testreset' )
87	# Make sure a History and HistoryDefaultPermissions exist for the user
88	latest_history = get_latest_history_for_user( regular_user3 )
89	if not latest_history.user_id == regular_user3.id:
90	raise AssertionError( 'A history was not created for user %s when he logged in' % email )
91	if not latest_history.default_permissions:
92	raise AssertionError( 'No DefaultHistoryPermissions were created for history id %d when it was created' % latest_history.id )
93	dhps = get_default_history_permissions_by_history( latest_history )
94	if len( dhps ) > 1:
95	raise AssertionError( 'More than 1 DefaultHistoryPermissions were created for history id %d when it was created' % latest_history.id )
96	dhp = dhps[0]
97	if not dhp.action == galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action:
98	raise AssertionError( 'The DefaultHistoryPermission.action for history id %d is "%s", but it should be "manage permissions"' \
99	% ( latest_history.id, dhp.action ) )
100	# Upload a file to create a HistoryDatasetAssociation
101	self.upload_file( '1.bed' )
102	latest_dataset = get_latest_dataset()
103	for dp in latest_dataset.actions:
104	# Should only have 1 DatasetPermissions
105	if dp.action != galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action:
106	raise AssertionError( 'The DatasetPermissions for dataset id %d is %s ( should have been %s )' \
107	% ( latest_dataset.id,
108	latest_dataset.actions.action,
109	galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action ) )
110	self.logout()
111	# Reset the password to the default for later tests
112	self.login( email='test@bx.psu.edu' )
113	self.reset_password_as_admin( user_id=self.security.encode_id( regular_user3.id ), password='testuser' )
114	def test_020_mark_user_deleted( self ):
115	"""Testing marking a user account as deleted"""
116	# Logged in as admin_user
117	self.mark_user_deleted( user_id=self.security.encode_id( regular_user3.id ), email=regular_user3.email )
118	if not regular_user3.active_histories:
119	raise AssertionError( 'HistoryDatasetAssociations for regular_user3 were incorrectly deleted when the user was marked deleted' )
120	def test_025_undelete_user( self ):
121	"""Testing undeleting a user account"""
122	# Logged in as admin_user
123	self.undelete_user( user_id=self.security.encode_id( regular_user3.id ), email=regular_user3.email )
124	def test_030_create_role( self ):
125	"""Testing creating new role with 3 members ( and a new group named the same ), then renaming the role"""
126	# Logged in as admin_user
127	name = 'Role One'
128	description = "This is Role Ones description"
129	user_ids=[ str( admin_user.id ), str( regular_user1.id ), str( regular_user3.id ) ]
130	self.create_role( name=name,
131	description=description,
132	in_user_ids=user_ids,
133	in_group_ids=[],
134	create_group_for_role='yes',
135	private_role=admin_user.email )
136	# Get the role object for later tests
137	global role_one
138	role_one = sa_session.query( galaxy.model.Role ).filter( galaxy.model.Role.table.c.name==name ).first()
139	assert role_one is not None, 'Problem retrieving role named "Role One" from the database'
140	# Make sure UserRoleAssociations are correct
141	if len( role_one.users ) != len( user_ids ):
142	raise AssertionError( '%d UserRoleAssociations were created for role id %d when it was created ( should have been %d )' \
143	% ( len( role_one.users ), role_one.id, len( user_ids ) ) )
144	# Each of the following users should now have 2 role associations, their private role and role_one
145	for user in [ admin_user, regular_user1, regular_user3 ]:
146	refresh( user )
147	if len( user.roles ) != 2:
148	raise AssertionError( '%d UserRoleAssociations are associated with user %s ( should be 2 )' \
149	% ( len( user.roles ), user.email ) )
150	# Make sure the group was created
151	self.visit_url( '%s/admin/groups' % self.url )
152	self.check_page_for_string( name )
153	global group_zero
154	group_zero = get_group_by_name( name )
155	# Rename the role
156	rename = "Role One's been Renamed"
157	new_description="This is Role One's Re-described"
158	self.rename_role( self.security.encode_id( role_one.id ), name=rename, description=new_description )
159	self.visit_url( '%s/admin/roles' % self.url )
160	self.check_page_for_string( rename )
161	self.check_page_for_string( new_description )
162	# Reset the role back to the original name and description
163	self.rename_role( self.security.encode_id( role_one.id ), name=name, description=description )
164	def test_035_create_group( self ):
165	"""Testing creating new group with 3 members and 1 associated role, then renaming it"""
166	# Logged in as admin_user
167	name = "Group One's Name"
168	user_ids=[ str( admin_user.id ), str( regular_user1.id ), str( regular_user3.id ) ]
169	role_ids=[ str( role_one.id ) ]
170	self.create_group( name=name, in_user_ids=user_ids, in_role_ids=role_ids )
171	# Get the group object for later tests
172	global group_one
173	group_one = get_group_by_name( name )
174	assert group_one is not None, 'Problem retrieving group named "Group One" from the database'
175	# Make sure UserGroupAssociations are correct
176	if len( group_one.users ) != len( user_ids ):
177	raise AssertionError( '%d UserGroupAssociations were created for group id %d when it was created ( should have been %d )' \
178	% ( len( group_one.users ), group_one.id, len( user_ids ) ) )
179	# Each user should now have 1 group association, group_one
180	for user in [ admin_user, regular_user1, regular_user3 ]:
181	refresh( user )
182	if len( user.groups ) != 1:
183	raise AssertionError( '%d UserGroupAssociations are associated with user %s ( should be 1 )' % ( len( user.groups ), user.email ) )
184	# Make sure GroupRoleAssociations are correct
185	if len( group_one.roles ) != len( role_ids ):
186	raise AssertionError( '%d GroupRoleAssociations were created for group id %d when it was created ( should have been %d )' \
187	% ( len( group_one.roles ), group_one.id, len( role_ids ) ) )
188	# Rename the group
189	rename = "Group One's been Renamed"
190	self.rename_group( self.security.encode_id( group_one.id ), name=rename, )
191	self.home()
192	self.visit_url( '%s/admin/groups' % self.url )
193	self.check_page_for_string( rename )
194	# Reset the group back to the original name
195	self.rename_group( self.security.encode_id( group_one.id ), name=name )
196	def test_040_add_members_and_role_to_group( self ):
197	"""Testing editing user membership and role associations of an existing group"""
198	# Logged in as admin_user
199	name = 'Group Two'
200	self.create_group( name=name, in_user_ids=[], in_role_ids=[] )
201	# Get the group object for later tests
202	global group_two
203	group_two = get_group_by_name( name )
204	assert group_two is not None, 'Problem retrieving group named "Group Two" from the database'
205	# group_two should have no associations
206	if group_two.users:
207	raise AssertionError( '%d UserGroupAssociations were created for group id %d when it was created ( should have been 0 )' \
208	% ( len( group_two.users ), group_two.id ) )
209	if group_two.roles:
210	raise AssertionError( '%d GroupRoleAssociations were created for group id %d when it was created ( should have been 0 )' \
211	% ( len( group_two.roles ), group_two.id ) )
212	user_ids = [ str( regular_user1.id ) ]
213	role_ids = [ str( role_one.id ) ]
214	self.associate_users_and_roles_with_group( self.security.encode_id( group_two.id ),
215	group_two.name,
216	user_ids=user_ids,
217	role_ids=role_ids )
218	def test_045_create_role_with_user_and_group_associations( self ):
219	"""Testing creating a role with user and group associations"""
220	# Logged in as admin_user
221	# NOTE: To get this to work with twill, all select lists on the ~/admin/role page must contain at least
222	# 1 option value or twill throws an exception, which is: ParseError: OPTION outside of SELECT
223	# Due to this bug in twill, we create the role, we bypass the page and visit the URL in the
224	# associate_users_and_groups_with_role() method.
225	name = 'Role Two'
226	description = 'This is Role Two'
227	user_ids=[ str( admin_user.id ) ]
228	group_ids=[ str( group_two.id ) ]
229	private_role=admin_user.email
230	# Create the role
231	self.create_role( name=name,
232	description=description,
233	in_user_ids=user_ids,
234	in_group_ids=group_ids,
235	private_role=private_role )
236	# Get the role object for later tests
237	global role_two
238	role_two = get_role_by_name( name )
239	assert role_two is not None, 'Problem retrieving role named "Role Two" from the database'
240	# Make sure UserRoleAssociations are correct
241	if len( role_two.users ) != len( user_ids ):
242	raise AssertionError( '%d UserRoleAssociations were created for role id %d when it was created with %d members' \
243	% ( len( role_two.users ), role_two.id, len( user_ids ) ) )
244	# admin_user should now have 3 role associations, private role, role_one, role_two
245	refresh( admin_user )
246	if len( admin_user.roles ) != 3:
247	raise AssertionError( '%d UserRoleAssociations are associated with user %s ( should be 3 )' % ( len( admin_user.roles ), admin_user.email ) )
248	# Make sure GroupRoleAssociations are correct
249	refresh( role_two )
250	if len( role_two.groups ) != len( group_ids ):
251	raise AssertionError( '%d GroupRoleAssociations were created for role id %d when it was created ( should have been %d )' \
252	% ( len( role_two.groups ), role_two.id, len( group_ids ) ) )
253	# group_two should now be associated with 2 roles: role_one, role_two
254	refresh( group_two )
255	if len( group_two.roles ) != 2:
256	raise AssertionError( '%d GroupRoleAssociations are associated with group id %d ( should be 2 )' % ( len( group_two.roles ), group_two.id ) )
257	def test_050_change_user_role_associations( self ):
258	"""Testing changing roles associated with a user"""
259	# Logged in as admin_user
260	# Create a new role with no associations
261	name = 'Role Three'
262	description = 'This is Role Three'
263	user_ids=[]
264	group_ids=[]
265	private_role=admin_user.email
266	self.create_role( name=name,
267	description=description,
268	in_user_ids=user_ids,
269	in_group_ids=group_ids,
270	private_role=private_role )
271	# Get the role object for later tests
272	global role_three
273	role_three = get_role_by_name( name )
274	assert role_three is not None, 'Problem retrieving role named "Role Three" from the database'
275	# Associate the role with a user
276	refresh( admin_user )
277	role_ids = []
278	for ura in admin_user.non_private_roles:
279	role_ids.append( str( ura.role_id ) )
280	role_ids.append( str( role_three.id ) )
281	group_ids = []
282	for uga in admin_user.groups:
283	group_ids.append( str( uga.group_id ) )
284	strings_displayed = [ "User '%s' has been updated with %d associated roles and %d associated groups" % \
285	( admin_user.email, len( role_ids ), len( group_ids ) ) ]
286	self.manage_roles_and_groups_for_user( self.security.encode_id( admin_user.id ),
287	in_role_ids=role_ids,
288	in_group_ids=group_ids,
289	strings_displayed=strings_displayed )
290	refresh( admin_user )
291	# admin_user should now be associated with 4 roles: private, role_one, role_two, role_three
292	if len( admin_user.roles ) != 4:
293	raise AssertionError( '%d UserRoleAssociations are associated with %s ( should be 4 )' % \
294	( len( admin_user.roles ), admin_user.email ) )
295	def test_055_mark_group_deleted( self ):
296	"""Testing marking a group as deleted"""
297	# Logged in as admin_user
298	self.browse_groups( strings_displayed=[ group_two.name ] )
299	self.mark_group_deleted( self.security.encode_id( group_two.id ), group_two.name )
300	refresh( group_two )
301	if not group_two.deleted:
302	raise AssertionError( '%s was not correctly marked as deleted.' % group_two.name )
303	# Deleting a group should not delete any associations
304	if not group_two.members:
305	raise AssertionError( '%s incorrectly lost all members when it was marked as deleted.' % group_two.name )
306	if not group_two.roles:
307	raise AssertionError( '%s incorrectly lost all role associations when it was marked as deleted.' % group_two.name )
308	def test_060_undelete_group( self ):
309	"""Testing undeleting a deleted group"""
310	# Logged in as admin_user
311	self.undelete_group( self.security.encode_id( group_two.id ), group_two.name )
312	refresh( group_two )
313	if group_two.deleted:
314	raise AssertionError( '%s was not correctly marked as not deleted.' % group_two.name )
315	def test_065_mark_role_deleted( self ):
316	"""Testing marking a role as deleted"""
317	# Logged in as admin_user
318	self.home()
319	self.browse_roles( strings_displayed=[ role_two.name ] )
320	self.mark_role_deleted( self.security.encode_id( role_two.id ), role_two.name )
321	refresh( role_two )
322	if not role_two.deleted:
323	raise AssertionError( '%s was not correctly marked as deleted.' % role_two.name )
324	# Deleting a role should not delete any associations
325	if not role_two.users:
326	raise AssertionError( '%s incorrectly lost all user associations when it was marked as deleted.' % role_two.name )
327	if not role_two.groups:
328	raise AssertionError( '%s incorrectly lost all group associations when it was marked as deleted.' % role_two.name )
329	def test_070_undelete_role( self ):
330	"""Testing undeleting a deleted role"""
331	# Logged in as admin_user
332	self.undelete_role( self.security.encode_id( role_two.id ), role_two.name )
333	def test_075_purge_user( self ):
334	"""Testing purging a user account"""
335	# Logged in as admin_user
336	self.mark_user_deleted( user_id=self.security.encode_id( regular_user3.id ), email=regular_user3.email )
337	refresh( regular_user3 )
338	self.purge_user( self.security.encode_id( regular_user3.id ), regular_user3.email )
339	refresh( regular_user3 )
340	if not regular_user3.purged:
341	raise AssertionError( 'User %s was not marked as purged.' % regular_user3.email )
342	# Make sure DefaultUserPermissions deleted EXCEPT FOR THE PRIVATE ROLE
343	if len( regular_user3.default_permissions ) != 1:
344	raise AssertionError( 'DefaultUserPermissions for user %s were not deleted.' % regular_user3.email )
345	for dup in regular_user3.default_permissions:
346	role = sa_session.query( galaxy.model.Role ).get( dup.role_id )
347	if role.type != 'private':
348	raise AssertionError( 'DefaultUserPermissions for user %s are not related with the private role.' % regular_user3.email )
349	# Make sure History deleted
350	for history in regular_user3.histories:
351	refresh( history )
352	if not history.deleted:
353	raise AssertionError( 'User %s has active history id %d after their account was marked as purged.' % ( regular_user3.email, hda.id ) )
354	# NOTE: Not all hdas / datasets will be deleted at the time a history is deleted - the cleanup_datasets.py script
355	# is responsible for this.
356	# Make sure UserGroupAssociations deleted
357	if regular_user3.groups:
358	raise AssertionError( 'User %s has active group id %d after their account was marked as purged.' % ( regular_user3.email, uga.id ) )
359	# Make sure UserRoleAssociations deleted EXCEPT FOR THE PRIVATE ROLE
360	if len( regular_user3.roles ) != 1:
361	raise AssertionError( 'UserRoleAssociations for user %s were not deleted.' % regular_user3.email )
362	for ura in regular_user3.roles:
363	role = sa_session.query( galaxy.model.Role ).get( ura.role_id )
364	if role.type != 'private':
365	raise AssertionError( 'UserRoleAssociations for user %s are not related with the private role.' % regular_user3.email )
366	def test_080_manually_unpurge_user( self ):
367	"""Testing manually un-purging a user account"""
368	# Logged in as admin_user
369	# Reset the user for later test runs. The user's private Role and DefaultUserPermissions for that role
370	# should have been preserved, so all we need to do is reset purged and deleted.
371	# TODO: If we decide to implement the GUI feature for un-purging a user, replace this with a method call
372	regular_user3.purged = False
373	regular_user3.deleted = False
374	flush( regular_user3 )
375	def test_085_purge_group( self ):
376	"""Testing purging a group"""
377	# Logged in as admin_user
378	self.mark_group_deleted( self.security.encode_id( group_two.id ), group_two.name )
379	self.purge_group( self.security.encode_id( group_two.id ), group_two.name )
380	# Make sure there are no UserGroupAssociations
381	if get_user_group_associations_by_group( group_two ):
382	raise AssertionError( "Purging the group did not delete the UserGroupAssociations for group_id '%s'" % group_two.id )
383	# Make sure there are no GroupRoleAssociations
384	if get_group_role_associations_by_group( group_two ):
385	raise AssertionError( "Purging the group did not delete the GroupRoleAssociations for group_id '%s'" % group_two.id )
386	# Undelete the group for later test runs
387	self.undelete_group( self.security.encode_id( group_two.id ), group_two.name )
388	def test_090_purge_role( self ):
389	"""Testing purging a role"""
390	# Logged in as admin_user
391	self.mark_role_deleted( self.security.encode_id( role_two.id ), role_two.name )
392	self.purge_role( self.security.encode_id( role_two.id ), role_two.name )
393	# Make sure there are no UserRoleAssociations
394	if get_user_role_associations_by_role( role_two ):
395	raise AssertionError( "Purging the role did not delete the UserRoleAssociations for role_id '%s'" % role_two.id )
396	# Make sure there are no DefaultUserPermissions associated with the Role
397	if get_default_user_permissions_by_role( role_two ):
398	raise AssertionError( "Purging the role did not delete the DefaultUserPermissions for role_id '%s'" % role_two.id )
399	# Make sure there are no DefaultHistoryPermissions associated with the Role
400	if get_default_history_permissions_by_role( role_two ):
401	raise AssertionError( "Purging the role did not delete the DefaultHistoryPermissions for role_id '%s'" % role_two.id )
402	# Make sure there are no GroupRoleAssociations
403	if get_group_role_associations_by_role( role_two ):
404	raise AssertionError( "Purging the role did not delete the GroupRoleAssociations for role_id '%s'" % role_two.id )
405	# Make sure there are no DatasetPermissionss
406	if get_dataset_permissions_by_role( role_two ):
407	raise AssertionError( "Purging the role did not delete the DatasetPermissionss for role_id '%s'" % role_two.id )
408	def test_095_manually_unpurge_role( self ):
409	"""Testing manually un-purging a role"""
410	# Logged in as admin_user
411	# Manually unpurge, then undelete the role for later test runs
412	# TODO: If we decide to implement the GUI feature for un-purging a role, replace this with a method call
413	role_two.purged = False
414	flush( role_two )
415	self.undelete_role( self.security.encode_id( role_two.id ), role_two.name )
416	def test_999_reset_data_for_later_test_runs( self ):
417	"""Reseting data to enable later test runs to pass"""
418	# Logged in as admin_user
419	##################
420	# Eliminate all non-private roles
421	##################
422	for role in [ role_one, role_two, role_three ]:
423	self.mark_role_deleted( self.security.encode_id( role.id ), role.name )
424	self.purge_role( self.security.encode_id( role.id ), role.name )
425	# Manually delete the role from the database
426	refresh( role )
427	sa_session.delete( role )
428	sa_session.flush()
429	##################
430	# Eliminate all groups
431	##################
432	for group in [ group_zero, group_one, group_two ]:
433	self.mark_group_deleted( self.security.encode_id( group.id ), group.name )
434	self.purge_group( self.security.encode_id( group.id ), group.name )
435	# Manually delete the group from the database
436	refresh( group )
437	sa_session.delete( group )
438	sa_session.flush()
439	##################
440	# Make sure all users are associated only with their private roles
441	##################
442	for user in [ admin_user, regular_user1, regular_user2, regular_user3 ]:
443	refresh( user )
444	if len( user.roles) != 1:
445	raise AssertionError( '%d UserRoleAssociations are associated with %s ( should be 1 )' % ( len( user.roles ), user.email ) )

Note: リポジトリブラウザについてのヘルプは TracBrowser を参照してください。

Context Navigation

root/galaxy-central/test/functional/test_admin_features.py

異なるフォーマットでダウンロード: