[2] | 1 | from base.twilltestcase import * |
---|
| 2 | from base.test_db_util import * |
---|
| 3 | |
---|
| 4 | class TestDataSecurity( TwillTestCase ): |
---|
| 5 | def test_000_initiate_users( self ): |
---|
| 6 | """Ensuring all required user accounts exist""" |
---|
| 7 | self.logout() |
---|
| 8 | self.login( email='test1@bx.psu.edu', username='regular-user1' ) |
---|
| 9 | global regular_user1 |
---|
| 10 | regular_user1 = get_user( 'test1@bx.psu.edu' ) |
---|
| 11 | assert regular_user1 is not None, 'Problem retrieving user with email "test1@bx.psu.edu" from the database' |
---|
| 12 | self.logout() |
---|
| 13 | self.login( email='test2@bx.psu.edu', username='regular-user2' ) |
---|
| 14 | global regular_user2 |
---|
| 15 | regular_user2 = get_user( 'test2@bx.psu.edu' ) |
---|
| 16 | assert regular_user2 is not None, 'Problem retrieving user with email "test2@bx.psu.edu" from the database' |
---|
| 17 | self.logout() |
---|
| 18 | self.login( email='test@bx.psu.edu', username='admin-user' ) |
---|
| 19 | global admin_user |
---|
| 20 | admin_user = get_user( 'test@bx.psu.edu' ) |
---|
| 21 | assert admin_user is not None, 'Problem retrieving user with email "test@bx.psu.edu" from the database' |
---|
| 22 | def test_005_create_new_user_account_as_admin( self ): |
---|
| 23 | """Testing creating a new user account as admin""" |
---|
| 24 | # Logged in as admin_user |
---|
| 25 | email = 'test3@bx.psu.edu' |
---|
| 26 | password = 'testuser' |
---|
| 27 | # Test setting the user name to one that is already taken. Note that the account must not exist in order |
---|
| 28 | # for this test to work as desired, so the email we're passing is important... |
---|
| 29 | previously_created, username_taken, invalid_username = self.create_new_account_as_admin( email='diff@you.com', |
---|
| 30 | password=password, |
---|
| 31 | username='admin-user', |
---|
| 32 | webapp='galaxy', |
---|
| 33 | referer='' ) |
---|
| 34 | if not username_taken: |
---|
| 35 | raise AssertionError, "The user name (%s) is already being used by another user, but no error was displayed" \ |
---|
| 36 | % 'admin-user' |
---|
| 37 | # Test setting the user name to an invalid one. Note that the account must not exist in order |
---|
| 38 | # for this test to work as desired, so the email we're passing is important... |
---|
| 39 | previously_created, username_taken, invalid_username = self.create_new_account_as_admin( email='diff@you.com', |
---|
| 40 | password=password, |
---|
| 41 | username='h', |
---|
| 42 | webapp='galaxy', |
---|
| 43 | referer='' ) |
---|
| 44 | if not invalid_username: |
---|
| 45 | raise AssertionError, "The user name (%s) is is invalid, but no error was displayed" % username |
---|
| 46 | previously_created, username_taken, invalid_username = self.create_new_account_as_admin( email=email, |
---|
| 47 | password=password, |
---|
| 48 | username='regular-user3', |
---|
| 49 | webapp='galaxy', |
---|
| 50 | referer='' ) |
---|
| 51 | # Get the user object for later tests |
---|
| 52 | global regular_user3 |
---|
| 53 | regular_user3 = get_user( email ) |
---|
| 54 | assert regular_user3 is not None, 'Problem retrieving user with email "%s" from the database' % email |
---|
| 55 | global regular_user3_private_role |
---|
| 56 | regular_user3_private_role = get_private_role( regular_user3 ) |
---|
| 57 | # Make sure DefaultUserPermissions were created |
---|
| 58 | if not regular_user3.default_permissions: |
---|
| 59 | raise AssertionError( 'No DefaultUserPermissions were created for user %s when the admin created the account' % email ) |
---|
| 60 | # Make sure a private role was created for the user |
---|
| 61 | if not regular_user3.roles: |
---|
| 62 | raise AssertionError( 'No UserRoleAssociations were created for user %s when the admin created the account' % email ) |
---|
| 63 | if not previously_created and len( regular_user3.roles ) != 1: |
---|
| 64 | raise AssertionError( '%d UserRoleAssociations were created for user %s when the admin created the account ( should have been 1 )' \ |
---|
| 65 | % ( len( regular_user3.roles ), regular_user3.email ) ) |
---|
| 66 | for ura in regular_user3.roles: |
---|
| 67 | role = sa_session.query( galaxy.model.Role ).get( ura.role_id ) |
---|
| 68 | if not previously_created and role.type != 'private': |
---|
| 69 | raise AssertionError( 'Role created for user %s when the admin created the account is not private, type is' \ |
---|
| 70 | % str( role.type ) ) |
---|
| 71 | if not previously_created: |
---|
| 72 | # Make sure a history was not created ( previous test runs may have left deleted histories ) |
---|
| 73 | histories = get_all_histories_for_user( regular_user3 ) |
---|
| 74 | if histories: |
---|
| 75 | raise AssertionError( 'Histories were incorrectly created for user %s when the admin created the account' % email ) |
---|
| 76 | # Make sure the user was not associated with any groups |
---|
| 77 | if regular_user3.groups: |
---|
| 78 | raise AssertionError( 'Groups were incorrectly associated with user %s when the admin created the account' % email ) |
---|
| 79 | def test_010_reset_password_as_admin( self ): |
---|
| 80 | """Testing reseting a user password as admin""" |
---|
| 81 | self.reset_password_as_admin( user_id=self.security.encode_id( regular_user3.id ), password='testreset' ) |
---|
| 82 | def test_015_login_after_password_reset( self ): |
---|
| 83 | """Testing logging in after an admin reset a password - tests DefaultHistoryPermissions for accounts created by an admin""" |
---|
| 84 | # logged in as admin_user |
---|
| 85 | self.logout() |
---|
| 86 | self.login( email=regular_user3.email, password='testreset' ) |
---|
| 87 | # Make sure a History and HistoryDefaultPermissions exist for the user |
---|
| 88 | latest_history = get_latest_history_for_user( regular_user3 ) |
---|
| 89 | if not latest_history.user_id == regular_user3.id: |
---|
| 90 | raise AssertionError( 'A history was not created for user %s when he logged in' % email ) |
---|
| 91 | if not latest_history.default_permissions: |
---|
| 92 | raise AssertionError( 'No DefaultHistoryPermissions were created for history id %d when it was created' % latest_history.id ) |
---|
| 93 | dhps = get_default_history_permissions_by_history( latest_history ) |
---|
| 94 | if len( dhps ) > 1: |
---|
| 95 | raise AssertionError( 'More than 1 DefaultHistoryPermissions were created for history id %d when it was created' % latest_history.id ) |
---|
| 96 | dhp = dhps[0] |
---|
| 97 | if not dhp.action == galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action: |
---|
| 98 | raise AssertionError( 'The DefaultHistoryPermission.action for history id %d is "%s", but it should be "manage permissions"' \ |
---|
| 99 | % ( latest_history.id, dhp.action ) ) |
---|
| 100 | # Upload a file to create a HistoryDatasetAssociation |
---|
| 101 | self.upload_file( '1.bed' ) |
---|
| 102 | latest_dataset = get_latest_dataset() |
---|
| 103 | for dp in latest_dataset.actions: |
---|
| 104 | # Should only have 1 DatasetPermissions |
---|
| 105 | if dp.action != galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action: |
---|
| 106 | raise AssertionError( 'The DatasetPermissions for dataset id %d is %s ( should have been %s )' \ |
---|
| 107 | % ( latest_dataset.id, |
---|
| 108 | latest_dataset.actions.action, |
---|
| 109 | galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action ) ) |
---|
| 110 | self.logout() |
---|
| 111 | # Reset the password to the default for later tests |
---|
| 112 | self.login( email='test@bx.psu.edu' ) |
---|
| 113 | self.reset_password_as_admin( user_id=self.security.encode_id( regular_user3.id ), password='testuser' ) |
---|
| 114 | def test_020_mark_user_deleted( self ): |
---|
| 115 | """Testing marking a user account as deleted""" |
---|
| 116 | # Logged in as admin_user |
---|
| 117 | self.mark_user_deleted( user_id=self.security.encode_id( regular_user3.id ), email=regular_user3.email ) |
---|
| 118 | if not regular_user3.active_histories: |
---|
| 119 | raise AssertionError( 'HistoryDatasetAssociations for regular_user3 were incorrectly deleted when the user was marked deleted' ) |
---|
| 120 | def test_025_undelete_user( self ): |
---|
| 121 | """Testing undeleting a user account""" |
---|
| 122 | # Logged in as admin_user |
---|
| 123 | self.undelete_user( user_id=self.security.encode_id( regular_user3.id ), email=regular_user3.email ) |
---|
| 124 | def test_030_create_role( self ): |
---|
| 125 | """Testing creating new role with 3 members ( and a new group named the same ), then renaming the role""" |
---|
| 126 | # Logged in as admin_user |
---|
| 127 | name = 'Role One' |
---|
| 128 | description = "This is Role Ones description" |
---|
| 129 | user_ids=[ str( admin_user.id ), str( regular_user1.id ), str( regular_user3.id ) ] |
---|
| 130 | self.create_role( name=name, |
---|
| 131 | description=description, |
---|
| 132 | in_user_ids=user_ids, |
---|
| 133 | in_group_ids=[], |
---|
| 134 | create_group_for_role='yes', |
---|
| 135 | private_role=admin_user.email ) |
---|
| 136 | # Get the role object for later tests |
---|
| 137 | global role_one |
---|
| 138 | role_one = sa_session.query( galaxy.model.Role ).filter( galaxy.model.Role.table.c.name==name ).first() |
---|
| 139 | assert role_one is not None, 'Problem retrieving role named "Role One" from the database' |
---|
| 140 | # Make sure UserRoleAssociations are correct |
---|
| 141 | if len( role_one.users ) != len( user_ids ): |
---|
| 142 | raise AssertionError( '%d UserRoleAssociations were created for role id %d when it was created ( should have been %d )' \ |
---|
| 143 | % ( len( role_one.users ), role_one.id, len( user_ids ) ) ) |
---|
| 144 | # Each of the following users should now have 2 role associations, their private role and role_one |
---|
| 145 | for user in [ admin_user, regular_user1, regular_user3 ]: |
---|
| 146 | refresh( user ) |
---|
| 147 | if len( user.roles ) != 2: |
---|
| 148 | raise AssertionError( '%d UserRoleAssociations are associated with user %s ( should be 2 )' \ |
---|
| 149 | % ( len( user.roles ), user.email ) ) |
---|
| 150 | # Make sure the group was created |
---|
| 151 | self.visit_url( '%s/admin/groups' % self.url ) |
---|
| 152 | self.check_page_for_string( name ) |
---|
| 153 | global group_zero |
---|
| 154 | group_zero = get_group_by_name( name ) |
---|
| 155 | # Rename the role |
---|
| 156 | rename = "Role One's been Renamed" |
---|
| 157 | new_description="This is Role One's Re-described" |
---|
| 158 | self.rename_role( self.security.encode_id( role_one.id ), name=rename, description=new_description ) |
---|
| 159 | self.visit_url( '%s/admin/roles' % self.url ) |
---|
| 160 | self.check_page_for_string( rename ) |
---|
| 161 | self.check_page_for_string( new_description ) |
---|
| 162 | # Reset the role back to the original name and description |
---|
| 163 | self.rename_role( self.security.encode_id( role_one.id ), name=name, description=description ) |
---|
| 164 | def test_035_create_group( self ): |
---|
| 165 | """Testing creating new group with 3 members and 1 associated role, then renaming it""" |
---|
| 166 | # Logged in as admin_user |
---|
| 167 | name = "Group One's Name" |
---|
| 168 | user_ids=[ str( admin_user.id ), str( regular_user1.id ), str( regular_user3.id ) ] |
---|
| 169 | role_ids=[ str( role_one.id ) ] |
---|
| 170 | self.create_group( name=name, in_user_ids=user_ids, in_role_ids=role_ids ) |
---|
| 171 | # Get the group object for later tests |
---|
| 172 | global group_one |
---|
| 173 | group_one = get_group_by_name( name ) |
---|
| 174 | assert group_one is not None, 'Problem retrieving group named "Group One" from the database' |
---|
| 175 | # Make sure UserGroupAssociations are correct |
---|
| 176 | if len( group_one.users ) != len( user_ids ): |
---|
| 177 | raise AssertionError( '%d UserGroupAssociations were created for group id %d when it was created ( should have been %d )' \ |
---|
| 178 | % ( len( group_one.users ), group_one.id, len( user_ids ) ) ) |
---|
| 179 | # Each user should now have 1 group association, group_one |
---|
| 180 | for user in [ admin_user, regular_user1, regular_user3 ]: |
---|
| 181 | refresh( user ) |
---|
| 182 | if len( user.groups ) != 1: |
---|
| 183 | raise AssertionError( '%d UserGroupAssociations are associated with user %s ( should be 1 )' % ( len( user.groups ), user.email ) ) |
---|
| 184 | # Make sure GroupRoleAssociations are correct |
---|
| 185 | if len( group_one.roles ) != len( role_ids ): |
---|
| 186 | raise AssertionError( '%d GroupRoleAssociations were created for group id %d when it was created ( should have been %d )' \ |
---|
| 187 | % ( len( group_one.roles ), group_one.id, len( role_ids ) ) ) |
---|
| 188 | # Rename the group |
---|
| 189 | rename = "Group One's been Renamed" |
---|
| 190 | self.rename_group( self.security.encode_id( group_one.id ), name=rename, ) |
---|
| 191 | self.home() |
---|
| 192 | self.visit_url( '%s/admin/groups' % self.url ) |
---|
| 193 | self.check_page_for_string( rename ) |
---|
| 194 | # Reset the group back to the original name |
---|
| 195 | self.rename_group( self.security.encode_id( group_one.id ), name=name ) |
---|
| 196 | def test_040_add_members_and_role_to_group( self ): |
---|
| 197 | """Testing editing user membership and role associations of an existing group""" |
---|
| 198 | # Logged in as admin_user |
---|
| 199 | name = 'Group Two' |
---|
| 200 | self.create_group( name=name, in_user_ids=[], in_role_ids=[] ) |
---|
| 201 | # Get the group object for later tests |
---|
| 202 | global group_two |
---|
| 203 | group_two = get_group_by_name( name ) |
---|
| 204 | assert group_two is not None, 'Problem retrieving group named "Group Two" from the database' |
---|
| 205 | # group_two should have no associations |
---|
| 206 | if group_two.users: |
---|
| 207 | raise AssertionError( '%d UserGroupAssociations were created for group id %d when it was created ( should have been 0 )' \ |
---|
| 208 | % ( len( group_two.users ), group_two.id ) ) |
---|
| 209 | if group_two.roles: |
---|
| 210 | raise AssertionError( '%d GroupRoleAssociations were created for group id %d when it was created ( should have been 0 )' \ |
---|
| 211 | % ( len( group_two.roles ), group_two.id ) ) |
---|
| 212 | user_ids = [ str( regular_user1.id ) ] |
---|
| 213 | role_ids = [ str( role_one.id ) ] |
---|
| 214 | self.associate_users_and_roles_with_group( self.security.encode_id( group_two.id ), |
---|
| 215 | group_two.name, |
---|
| 216 | user_ids=user_ids, |
---|
| 217 | role_ids=role_ids ) |
---|
| 218 | def test_045_create_role_with_user_and_group_associations( self ): |
---|
| 219 | """Testing creating a role with user and group associations""" |
---|
| 220 | # Logged in as admin_user |
---|
| 221 | # NOTE: To get this to work with twill, all select lists on the ~/admin/role page must contain at least |
---|
| 222 | # 1 option value or twill throws an exception, which is: ParseError: OPTION outside of SELECT |
---|
| 223 | # Due to this bug in twill, we create the role, we bypass the page and visit the URL in the |
---|
| 224 | # associate_users_and_groups_with_role() method. |
---|
| 225 | name = 'Role Two' |
---|
| 226 | description = 'This is Role Two' |
---|
| 227 | user_ids=[ str( admin_user.id ) ] |
---|
| 228 | group_ids=[ str( group_two.id ) ] |
---|
| 229 | private_role=admin_user.email |
---|
| 230 | # Create the role |
---|
| 231 | self.create_role( name=name, |
---|
| 232 | description=description, |
---|
| 233 | in_user_ids=user_ids, |
---|
| 234 | in_group_ids=group_ids, |
---|
| 235 | private_role=private_role ) |
---|
| 236 | # Get the role object for later tests |
---|
| 237 | global role_two |
---|
| 238 | role_two = get_role_by_name( name ) |
---|
| 239 | assert role_two is not None, 'Problem retrieving role named "Role Two" from the database' |
---|
| 240 | # Make sure UserRoleAssociations are correct |
---|
| 241 | if len( role_two.users ) != len( user_ids ): |
---|
| 242 | raise AssertionError( '%d UserRoleAssociations were created for role id %d when it was created with %d members' \ |
---|
| 243 | % ( len( role_two.users ), role_two.id, len( user_ids ) ) ) |
---|
| 244 | # admin_user should now have 3 role associations, private role, role_one, role_two |
---|
| 245 | refresh( admin_user ) |
---|
| 246 | if len( admin_user.roles ) != 3: |
---|
| 247 | raise AssertionError( '%d UserRoleAssociations are associated with user %s ( should be 3 )' % ( len( admin_user.roles ), admin_user.email ) ) |
---|
| 248 | # Make sure GroupRoleAssociations are correct |
---|
| 249 | refresh( role_two ) |
---|
| 250 | if len( role_two.groups ) != len( group_ids ): |
---|
| 251 | raise AssertionError( '%d GroupRoleAssociations were created for role id %d when it was created ( should have been %d )' \ |
---|
| 252 | % ( len( role_two.groups ), role_two.id, len( group_ids ) ) ) |
---|
| 253 | # group_two should now be associated with 2 roles: role_one, role_two |
---|
| 254 | refresh( group_two ) |
---|
| 255 | if len( group_two.roles ) != 2: |
---|
| 256 | raise AssertionError( '%d GroupRoleAssociations are associated with group id %d ( should be 2 )' % ( len( group_two.roles ), group_two.id ) ) |
---|
| 257 | def test_050_change_user_role_associations( self ): |
---|
| 258 | """Testing changing roles associated with a user""" |
---|
| 259 | # Logged in as admin_user |
---|
| 260 | # Create a new role with no associations |
---|
| 261 | name = 'Role Three' |
---|
| 262 | description = 'This is Role Three' |
---|
| 263 | user_ids=[] |
---|
| 264 | group_ids=[] |
---|
| 265 | private_role=admin_user.email |
---|
| 266 | self.create_role( name=name, |
---|
| 267 | description=description, |
---|
| 268 | in_user_ids=user_ids, |
---|
| 269 | in_group_ids=group_ids, |
---|
| 270 | private_role=private_role ) |
---|
| 271 | # Get the role object for later tests |
---|
| 272 | global role_three |
---|
| 273 | role_three = get_role_by_name( name ) |
---|
| 274 | assert role_three is not None, 'Problem retrieving role named "Role Three" from the database' |
---|
| 275 | # Associate the role with a user |
---|
| 276 | refresh( admin_user ) |
---|
| 277 | role_ids = [] |
---|
| 278 | for ura in admin_user.non_private_roles: |
---|
| 279 | role_ids.append( str( ura.role_id ) ) |
---|
| 280 | role_ids.append( str( role_three.id ) ) |
---|
| 281 | group_ids = [] |
---|
| 282 | for uga in admin_user.groups: |
---|
| 283 | group_ids.append( str( uga.group_id ) ) |
---|
| 284 | strings_displayed = [ "User '%s' has been updated with %d associated roles and %d associated groups" % \ |
---|
| 285 | ( admin_user.email, len( role_ids ), len( group_ids ) ) ] |
---|
| 286 | self.manage_roles_and_groups_for_user( self.security.encode_id( admin_user.id ), |
---|
| 287 | in_role_ids=role_ids, |
---|
| 288 | in_group_ids=group_ids, |
---|
| 289 | strings_displayed=strings_displayed ) |
---|
| 290 | refresh( admin_user ) |
---|
| 291 | # admin_user should now be associated with 4 roles: private, role_one, role_two, role_three |
---|
| 292 | if len( admin_user.roles ) != 4: |
---|
| 293 | raise AssertionError( '%d UserRoleAssociations are associated with %s ( should be 4 )' % \ |
---|
| 294 | ( len( admin_user.roles ), admin_user.email ) ) |
---|
| 295 | def test_055_mark_group_deleted( self ): |
---|
| 296 | """Testing marking a group as deleted""" |
---|
| 297 | # Logged in as admin_user |
---|
| 298 | self.browse_groups( strings_displayed=[ group_two.name ] ) |
---|
| 299 | self.mark_group_deleted( self.security.encode_id( group_two.id ), group_two.name ) |
---|
| 300 | refresh( group_two ) |
---|
| 301 | if not group_two.deleted: |
---|
| 302 | raise AssertionError( '%s was not correctly marked as deleted.' % group_two.name ) |
---|
| 303 | # Deleting a group should not delete any associations |
---|
| 304 | if not group_two.members: |
---|
| 305 | raise AssertionError( '%s incorrectly lost all members when it was marked as deleted.' % group_two.name ) |
---|
| 306 | if not group_two.roles: |
---|
| 307 | raise AssertionError( '%s incorrectly lost all role associations when it was marked as deleted.' % group_two.name ) |
---|
| 308 | def test_060_undelete_group( self ): |
---|
| 309 | """Testing undeleting a deleted group""" |
---|
| 310 | # Logged in as admin_user |
---|
| 311 | self.undelete_group( self.security.encode_id( group_two.id ), group_two.name ) |
---|
| 312 | refresh( group_two ) |
---|
| 313 | if group_two.deleted: |
---|
| 314 | raise AssertionError( '%s was not correctly marked as not deleted.' % group_two.name ) |
---|
| 315 | def test_065_mark_role_deleted( self ): |
---|
| 316 | """Testing marking a role as deleted""" |
---|
| 317 | # Logged in as admin_user |
---|
| 318 | self.home() |
---|
| 319 | self.browse_roles( strings_displayed=[ role_two.name ] ) |
---|
| 320 | self.mark_role_deleted( self.security.encode_id( role_two.id ), role_two.name ) |
---|
| 321 | refresh( role_two ) |
---|
| 322 | if not role_two.deleted: |
---|
| 323 | raise AssertionError( '%s was not correctly marked as deleted.' % role_two.name ) |
---|
| 324 | # Deleting a role should not delete any associations |
---|
| 325 | if not role_two.users: |
---|
| 326 | raise AssertionError( '%s incorrectly lost all user associations when it was marked as deleted.' % role_two.name ) |
---|
| 327 | if not role_two.groups: |
---|
| 328 | raise AssertionError( '%s incorrectly lost all group associations when it was marked as deleted.' % role_two.name ) |
---|
| 329 | def test_070_undelete_role( self ): |
---|
| 330 | """Testing undeleting a deleted role""" |
---|
| 331 | # Logged in as admin_user |
---|
| 332 | self.undelete_role( self.security.encode_id( role_two.id ), role_two.name ) |
---|
| 333 | def test_075_purge_user( self ): |
---|
| 334 | """Testing purging a user account""" |
---|
| 335 | # Logged in as admin_user |
---|
| 336 | self.mark_user_deleted( user_id=self.security.encode_id( regular_user3.id ), email=regular_user3.email ) |
---|
| 337 | refresh( regular_user3 ) |
---|
| 338 | self.purge_user( self.security.encode_id( regular_user3.id ), regular_user3.email ) |
---|
| 339 | refresh( regular_user3 ) |
---|
| 340 | if not regular_user3.purged: |
---|
| 341 | raise AssertionError( 'User %s was not marked as purged.' % regular_user3.email ) |
---|
| 342 | # Make sure DefaultUserPermissions deleted EXCEPT FOR THE PRIVATE ROLE |
---|
| 343 | if len( regular_user3.default_permissions ) != 1: |
---|
| 344 | raise AssertionError( 'DefaultUserPermissions for user %s were not deleted.' % regular_user3.email ) |
---|
| 345 | for dup in regular_user3.default_permissions: |
---|
| 346 | role = sa_session.query( galaxy.model.Role ).get( dup.role_id ) |
---|
| 347 | if role.type != 'private': |
---|
| 348 | raise AssertionError( 'DefaultUserPermissions for user %s are not related with the private role.' % regular_user3.email ) |
---|
| 349 | # Make sure History deleted |
---|
| 350 | for history in regular_user3.histories: |
---|
| 351 | refresh( history ) |
---|
| 352 | if not history.deleted: |
---|
| 353 | raise AssertionError( 'User %s has active history id %d after their account was marked as purged.' % ( regular_user3.email, hda.id ) ) |
---|
| 354 | # NOTE: Not all hdas / datasets will be deleted at the time a history is deleted - the cleanup_datasets.py script |
---|
| 355 | # is responsible for this. |
---|
| 356 | # Make sure UserGroupAssociations deleted |
---|
| 357 | if regular_user3.groups: |
---|
| 358 | raise AssertionError( 'User %s has active group id %d after their account was marked as purged.' % ( regular_user3.email, uga.id ) ) |
---|
| 359 | # Make sure UserRoleAssociations deleted EXCEPT FOR THE PRIVATE ROLE |
---|
| 360 | if len( regular_user3.roles ) != 1: |
---|
| 361 | raise AssertionError( 'UserRoleAssociations for user %s were not deleted.' % regular_user3.email ) |
---|
| 362 | for ura in regular_user3.roles: |
---|
| 363 | role = sa_session.query( galaxy.model.Role ).get( ura.role_id ) |
---|
| 364 | if role.type != 'private': |
---|
| 365 | raise AssertionError( 'UserRoleAssociations for user %s are not related with the private role.' % regular_user3.email ) |
---|
| 366 | def test_080_manually_unpurge_user( self ): |
---|
| 367 | """Testing manually un-purging a user account""" |
---|
| 368 | # Logged in as admin_user |
---|
| 369 | # Reset the user for later test runs. The user's private Role and DefaultUserPermissions for that role |
---|
| 370 | # should have been preserved, so all we need to do is reset purged and deleted. |
---|
| 371 | # TODO: If we decide to implement the GUI feature for un-purging a user, replace this with a method call |
---|
| 372 | regular_user3.purged = False |
---|
| 373 | regular_user3.deleted = False |
---|
| 374 | flush( regular_user3 ) |
---|
| 375 | def test_085_purge_group( self ): |
---|
| 376 | """Testing purging a group""" |
---|
| 377 | # Logged in as admin_user |
---|
| 378 | self.mark_group_deleted( self.security.encode_id( group_two.id ), group_two.name ) |
---|
| 379 | self.purge_group( self.security.encode_id( group_two.id ), group_two.name ) |
---|
| 380 | # Make sure there are no UserGroupAssociations |
---|
| 381 | if get_user_group_associations_by_group( group_two ): |
---|
| 382 | raise AssertionError( "Purging the group did not delete the UserGroupAssociations for group_id '%s'" % group_two.id ) |
---|
| 383 | # Make sure there are no GroupRoleAssociations |
---|
| 384 | if get_group_role_associations_by_group( group_two ): |
---|
| 385 | raise AssertionError( "Purging the group did not delete the GroupRoleAssociations for group_id '%s'" % group_two.id ) |
---|
| 386 | # Undelete the group for later test runs |
---|
| 387 | self.undelete_group( self.security.encode_id( group_two.id ), group_two.name ) |
---|
| 388 | def test_090_purge_role( self ): |
---|
| 389 | """Testing purging a role""" |
---|
| 390 | # Logged in as admin_user |
---|
| 391 | self.mark_role_deleted( self.security.encode_id( role_two.id ), role_two.name ) |
---|
| 392 | self.purge_role( self.security.encode_id( role_two.id ), role_two.name ) |
---|
| 393 | # Make sure there are no UserRoleAssociations |
---|
| 394 | if get_user_role_associations_by_role( role_two ): |
---|
| 395 | raise AssertionError( "Purging the role did not delete the UserRoleAssociations for role_id '%s'" % role_two.id ) |
---|
| 396 | # Make sure there are no DefaultUserPermissions associated with the Role |
---|
| 397 | if get_default_user_permissions_by_role( role_two ): |
---|
| 398 | raise AssertionError( "Purging the role did not delete the DefaultUserPermissions for role_id '%s'" % role_two.id ) |
---|
| 399 | # Make sure there are no DefaultHistoryPermissions associated with the Role |
---|
| 400 | if get_default_history_permissions_by_role( role_two ): |
---|
| 401 | raise AssertionError( "Purging the role did not delete the DefaultHistoryPermissions for role_id '%s'" % role_two.id ) |
---|
| 402 | # Make sure there are no GroupRoleAssociations |
---|
| 403 | if get_group_role_associations_by_role( role_two ): |
---|
| 404 | raise AssertionError( "Purging the role did not delete the GroupRoleAssociations for role_id '%s'" % role_two.id ) |
---|
| 405 | # Make sure there are no DatasetPermissionss |
---|
| 406 | if get_dataset_permissions_by_role( role_two ): |
---|
| 407 | raise AssertionError( "Purging the role did not delete the DatasetPermissionss for role_id '%s'" % role_two.id ) |
---|
| 408 | def test_095_manually_unpurge_role( self ): |
---|
| 409 | """Testing manually un-purging a role""" |
---|
| 410 | # Logged in as admin_user |
---|
| 411 | # Manually unpurge, then undelete the role for later test runs |
---|
| 412 | # TODO: If we decide to implement the GUI feature for un-purging a role, replace this with a method call |
---|
| 413 | role_two.purged = False |
---|
| 414 | flush( role_two ) |
---|
| 415 | self.undelete_role( self.security.encode_id( role_two.id ), role_two.name ) |
---|
| 416 | def test_999_reset_data_for_later_test_runs( self ): |
---|
| 417 | """Reseting data to enable later test runs to pass""" |
---|
| 418 | # Logged in as admin_user |
---|
| 419 | ################## |
---|
| 420 | # Eliminate all non-private roles |
---|
| 421 | ################## |
---|
| 422 | for role in [ role_one, role_two, role_three ]: |
---|
| 423 | self.mark_role_deleted( self.security.encode_id( role.id ), role.name ) |
---|
| 424 | self.purge_role( self.security.encode_id( role.id ), role.name ) |
---|
| 425 | # Manually delete the role from the database |
---|
| 426 | refresh( role ) |
---|
| 427 | sa_session.delete( role ) |
---|
| 428 | sa_session.flush() |
---|
| 429 | ################## |
---|
| 430 | # Eliminate all groups |
---|
| 431 | ################## |
---|
| 432 | for group in [ group_zero, group_one, group_two ]: |
---|
| 433 | self.mark_group_deleted( self.security.encode_id( group.id ), group.name ) |
---|
| 434 | self.purge_group( self.security.encode_id( group.id ), group.name ) |
---|
| 435 | # Manually delete the group from the database |
---|
| 436 | refresh( group ) |
---|
| 437 | sa_session.delete( group ) |
---|
| 438 | sa_session.flush() |
---|
| 439 | ################## |
---|
| 440 | # Make sure all users are associated only with their private roles |
---|
| 441 | ################## |
---|
| 442 | for user in [ admin_user, regular_user1, regular_user2, regular_user3 ]: |
---|
| 443 | refresh( user ) |
---|
| 444 | if len( user.roles) != 1: |
---|
| 445 | raise AssertionError( '%d UserRoleAssociations are associated with %s ( should be 1 )' % ( len( user.roles ), user.email ) ) |
---|