[2] | 1 | from base.twilltestcase import * |
---|
| 2 | from base.test_db_util import * |
---|
| 3 | |
---|
| 4 | class TestLibrarySecurity( TwillTestCase ): |
---|
| 5 | def test_000_initiate_users( self ): |
---|
| 6 | """Ensuring all required user accounts exist""" |
---|
| 7 | self.logout() |
---|
| 8 | self.login( email='test1@bx.psu.edu', username='regular-user1' ) |
---|
| 9 | global regular_user1 |
---|
| 10 | regular_user1 = get_user( 'test1@bx.psu.edu' ) |
---|
| 11 | assert regular_user1 is not None, 'Problem retrieving user with email "test1@bx.psu.edu" from the database' |
---|
| 12 | global regular_user1_private_role |
---|
| 13 | regular_user1_private_role = get_private_role( regular_user1 ) |
---|
| 14 | self.logout() |
---|
| 15 | self.login( email='test2@bx.psu.edu', username='regular-user2' ) |
---|
| 16 | global regular_user2 |
---|
| 17 | regular_user2 = get_user( 'test2@bx.psu.edu' ) |
---|
| 18 | assert regular_user2 is not None, 'Problem retrieving user with email "test2@bx.psu.edu" from the database' |
---|
| 19 | global regular_user2_private_role |
---|
| 20 | regular_user2_private_role = get_private_role( regular_user2 ) |
---|
| 21 | self.logout() |
---|
| 22 | self.login( email='test3@bx.psu.edu', username='regular-user3' ) |
---|
| 23 | global regular_user3 |
---|
| 24 | regular_user3 = get_user( 'test3@bx.psu.edu' ) |
---|
| 25 | assert regular_user3 is not None, 'Problem retrieving user with email "test3@bx.psu.edu" from the database' |
---|
| 26 | global regular_user3_private_role |
---|
| 27 | regular_user3_private_role = get_private_role( regular_user3 ) |
---|
| 28 | self.logout() |
---|
| 29 | self.login( email='test@bx.psu.edu', username='admin-user' ) |
---|
| 30 | global admin_user |
---|
| 31 | admin_user = get_user( 'test@bx.psu.edu' ) |
---|
| 32 | assert admin_user is not None, 'Problem retrieving user with email "test@bx.psu.edu" from the database' |
---|
| 33 | global admin_user_private_role |
---|
| 34 | admin_user_private_role = get_private_role( admin_user ) |
---|
| 35 | def test_005_create_required_groups_and_roles( self ): |
---|
| 36 | """Testing creating all required groups and roles for this script""" |
---|
| 37 | # Logged in as admin_user |
---|
| 38 | # Create Role1: admin_user, regular_user1, regular_user3 |
---|
| 39 | name = 'Role1' |
---|
| 40 | description = "Role1 description" |
---|
| 41 | self.create_role( name=name, |
---|
| 42 | description=description, |
---|
| 43 | in_user_ids=[ str( admin_user.id ), str( regular_user1.id ), str( regular_user3.id ) ], |
---|
| 44 | in_group_ids=[], |
---|
| 45 | create_group_for_role='no', |
---|
| 46 | private_role=admin_user.email ) |
---|
| 47 | global role1 |
---|
| 48 | role1 = get_role_by_name( name ) |
---|
| 49 | # Create Group1: regular_user1, admin_user, regular_user3 |
---|
| 50 | name = 'Group1' |
---|
| 51 | self.create_group( name=name, in_user_ids=[ str( regular_user1.id ) ], in_role_ids=[ str( role1.id ) ] ) |
---|
| 52 | global group1 |
---|
| 53 | group1 = get_group_by_name( name ) |
---|
| 54 | assert group1 is not None, 'Problem retrieving group named "Group1" from the database' |
---|
| 55 | # NOTE: To get this to work with twill, all select lists on the ~/admin/role page must contain at least |
---|
| 56 | # 1 option value or twill throws an exception, which is: ParseError: OPTION outside of SELECT |
---|
| 57 | # Due to this bug in twill, we create the role, we bypass the page and visit the URL in the |
---|
| 58 | # associate_users_and_groups_with_role() method. |
---|
| 59 | # |
---|
| 60 | #create Role2: admin_user, regular_user1, regular_user3 |
---|
| 61 | name = 'Role2' |
---|
| 62 | description = 'Role2 description' |
---|
| 63 | private_role = admin_user.email |
---|
| 64 | self.create_role( name=name, |
---|
| 65 | description=description, |
---|
| 66 | in_user_ids=[ str( admin_user.id ) ], |
---|
| 67 | in_group_ids=[ str( group1.id ) ], |
---|
| 68 | private_role=private_role ) |
---|
| 69 | global role2 |
---|
| 70 | role2 = get_role_by_name( name ) |
---|
| 71 | assert role2 is not None, 'Problem retrieving role named "Role2" from the database' |
---|
| 72 | def test_010_create_libraries( self ): |
---|
| 73 | """Creating new libraries used in this script""" |
---|
| 74 | # Logged in as admin_user |
---|
| 75 | for index in range( 0, 2 ): |
---|
| 76 | name = 'library%s' % str( index + 1 ) |
---|
| 77 | description = '%s description' % name |
---|
| 78 | synopsis = '%s synopsis' % name |
---|
| 79 | self.create_library( name=name, description=description, synopsis=synopsis ) |
---|
| 80 | # Get the libraries for later use |
---|
| 81 | global library1 |
---|
| 82 | library1 = get_library( 'library1', 'library1 description', 'library1 synopsis' ) |
---|
| 83 | assert library1 is not None, 'Problem retrieving library (library1) from the database' |
---|
| 84 | global library2 |
---|
| 85 | library2 = get_library( 'library2', 'library2 description', 'library2 synopsis' ) |
---|
| 86 | assert library2 is not None, 'Problem retrieving library (library2) from the database' |
---|
| 87 | def test_015_restrict_access_to_library1( self ): |
---|
| 88 | """Testing restricting access to library1""" |
---|
| 89 | # Logged in as admin_user |
---|
| 90 | # Make sure library1 is public |
---|
| 91 | assert 'access library' not in [ a.action for a in library1.actions ], 'Library %s is not public when first created' % library1.name |
---|
| 92 | # Set permissions on the library, sort for later testing. |
---|
| 93 | permissions_in = [ k for k, v in galaxy.model.Library.permitted_actions.items() ] |
---|
| 94 | permissions_out = [] |
---|
| 95 | # Role1 members are: admin_user, regular_user1, regular_user3. Each of these users will be permitted for |
---|
| 96 | # LIBRARY_ACCESS, LIBRARY_ADD, LIBRARY_MODIFY, LIBRARY_MANAGE on library1 and it's contents. |
---|
| 97 | self.library_permissions( self.security.encode_id( library1.id ), |
---|
| 98 | library1.name, |
---|
| 99 | str( role1.id ), |
---|
| 100 | permissions_in, |
---|
| 101 | permissions_out ) |
---|
| 102 | # Make sure the library is accessible by admin_user |
---|
| 103 | self.visit_url( '%s/library/browse_libraries' % self.url ) |
---|
| 104 | self.check_page_for_string( library1.name ) |
---|
| 105 | # Make sure the library is not accessible by regular_user2 since regular_user2 does not have Role1. |
---|
| 106 | self.logout() |
---|
| 107 | self.login( email=regular_user2.email ) |
---|
| 108 | self.visit_url( '%s/library/browse_libraries' % self.url ) |
---|
| 109 | try: |
---|
| 110 | self.check_page_for_string( library1.name ) |
---|
| 111 | raise AssertionError, 'Library %s is accessible by %s when it should be restricted' % ( library1.name, regular_user2.email ) |
---|
| 112 | except: |
---|
| 113 | pass |
---|
| 114 | self.logout() |
---|
| 115 | self.login( email=admin_user.email ) |
---|
| 116 | def test_020_add_folder_to_library1( self ): |
---|
| 117 | """Testing adding a folder1 to a library1""" |
---|
| 118 | # logged in as admin_user |
---|
| 119 | root_folder = library1.root_folder |
---|
| 120 | name = "Folder1" |
---|
| 121 | description = "Folder1 description" |
---|
| 122 | self.add_folder( 'library_admin', |
---|
| 123 | self.security.encode_id( library1.id ), |
---|
| 124 | self.security.encode_id( root_folder.id ), |
---|
| 125 | name=name, |
---|
| 126 | description=description ) |
---|
| 127 | global folder1 |
---|
| 128 | folder1 = get_folder( root_folder.id, name, description ) |
---|
| 129 | assert folder1 is not None, 'Problem retrieving folder1 from the database' |
---|
| 130 | def test_025_create_ldda1_with_private_role_restriction( self ): |
---|
| 131 | """Testing create ldda1 with a private role restriction""" |
---|
| 132 | # Logged in as admin_user |
---|
| 133 | # |
---|
| 134 | # Library1 LIBRARY_ACCESS = Role1: admin_user, regular_user1, regular_user3 |
---|
| 135 | # |
---|
| 136 | # Add a dataset restricted by the following: |
---|
| 137 | # DATASET_MANAGE_PERMISSIONS = admin_user via DefaultUserPermissions |
---|
| 138 | # DATASET_ACCESS = regular_user1 private role via this test method |
---|
| 139 | # LIBRARY_ADD = "Role1" via inheritance from parent folder |
---|
| 140 | # LIBRARY_MODIFY = "Role1" via inheritance from parent folder |
---|
| 141 | # LIBRARY_MANAGE = "Role1" via inheritance from parent folder |
---|
| 142 | # |
---|
| 143 | # This means that only regular_user1 can see the dataset from the Data Libraries view |
---|
| 144 | filename = '1.bed' |
---|
| 145 | ldda_message ='ldda1' |
---|
| 146 | self.upload_library_dataset( cntrller='library_admin', |
---|
| 147 | library_id=self.security.encode_id( library1.id ), |
---|
| 148 | folder_id=self.security.encode_id( folder1.id ), |
---|
| 149 | filename=filename, |
---|
| 150 | file_type='bed', |
---|
| 151 | dbkey='hg18', |
---|
| 152 | roles=[ str( regular_user1_private_role.id ) ], |
---|
| 153 | ldda_message=ldda_message, |
---|
| 154 | strings_displayed=[ 'Upload files' ] ) |
---|
| 155 | global ldda1 |
---|
| 156 | ldda1 = get_latest_ldda_by_name( filename ) |
---|
| 157 | assert ldda1 is not None, 'Problem retrieving LibraryDatasetDatasetAssociation ldda1 from the database' |
---|
| 158 | self.browse_library( 'library_admin', |
---|
| 159 | self.security.encode_id( library1.id ), |
---|
| 160 | strings_displayed=[ ldda1.name, ldda1.message, admin_user.email ] ) |
---|
| 161 | def test_030_access_ldda1_with_private_role_restriction( self ): |
---|
| 162 | """Testing accessing ldda1 with a private role restriction""" |
---|
| 163 | # Logged in as admin_user |
---|
| 164 | # |
---|
| 165 | # LIBRARY_ACCESS = Role1: admin_user, regular_user1, regular_user3. Each of these users will be permitted for |
---|
| 166 | # LIBRARY_ACCESS, LIBRARY_ADD, LIBRARY_MODIFY, LIBRARY_MANAGE on this library and it's contents. |
---|
| 167 | # |
---|
| 168 | # Legitimate roles displayed on the permission form are as follows: |
---|
| 169 | # 'Role1' since the LIBRARY_ACCESS permission is associated with Role1. # Role one members are: admin_user, regular_user1, regular_user3. |
---|
| 170 | # 'test@bx.psu.edu' ( admin_user's private role ) since admin_user has Role1 |
---|
| 171 | # 'Role2' since admin_user has Role2 |
---|
| 172 | # 'Role Three' since admin_user has Role Three |
---|
| 173 | # 'test1@bx.psu.edu' ( regular_user1's private role ) since regular_user1 has Role1 |
---|
| 174 | # 'test3@bx.psu.edu' ( regular_user3's private role ) since regular_user3 has Role1 |
---|
| 175 | # |
---|
| 176 | # admin_user should not be able to see 1.bed from the analysis view's access libraries |
---|
| 177 | self.browse_library( 'library', |
---|
| 178 | self.security.encode_id( library1.id ), |
---|
| 179 | strings_not_displayed=[ folder1.name, ldda1.name, ldda1.message ] ) |
---|
| 180 | self.logout() |
---|
| 181 | # regular_user1 should be able to see 1.bed from the Data Libraries view |
---|
| 182 | # since it was associated with regular_user1's private role |
---|
| 183 | self.login( email=regular_user1.email ) |
---|
| 184 | self.browse_library( 'library', |
---|
| 185 | self.security.encode_id( library1.id ), |
---|
| 186 | strings_displayed=[ folder1.name, ldda1.name, ldda1.message ] ) |
---|
| 187 | self.logout() |
---|
| 188 | # regular_user2 should not be to see library1 since they do not have |
---|
| 189 | # Role1 which is associated with the LIBRARY_ACCESS permission |
---|
| 190 | self.login( email=regular_user2.email ) |
---|
| 191 | self.browse_libraries_regular_user( strings_not_displayed=[ library1.name ] ) |
---|
| 192 | self.logout() |
---|
| 193 | # regular_user3 should not be able to see 1.bed from the analysis view's access librarys |
---|
| 194 | self.login( email=regular_user3.email ) |
---|
| 195 | self.browse_library( 'library', |
---|
| 196 | self.security.encode_id( library1.id ), |
---|
| 197 | strings_not_displayed=[ folder1.name ] ) |
---|
| 198 | self.logout() |
---|
| 199 | self.login( email=admin_user.email ) |
---|
| 200 | def test_035_change_ldda1_access_permission( self ): |
---|
| 201 | """Testing changing the access permission on ldda1 with a private role restriction""" |
---|
| 202 | # Logged in as admin_user |
---|
| 203 | # We need admin_user to be able to access 1.bed |
---|
| 204 | permissions_in = [ k for k, v in galaxy.model.Dataset.permitted_actions.items() ] |
---|
| 205 | for k, v in galaxy.model.Library.permitted_actions.items(): |
---|
| 206 | if k != 'LIBRARY_ACCESS': |
---|
| 207 | permissions_in.append( k ) |
---|
| 208 | permissions_out = [] |
---|
| 209 | # Attempt to associate multiple roles with the library dataset, with one of the |
---|
| 210 | # roles being private. |
---|
| 211 | role_ids_str = '%s,%s' % ( str( role1.id ), str( admin_user_private_role.id ) ) |
---|
| 212 | check_str = "At least 1 user must have every role associated with accessing datasets. " |
---|
| 213 | check_str += "Since you are associating more than 1 role, no private roles are allowed." |
---|
| 214 | self.ldda_permissions( 'library_admin', |
---|
| 215 | self.security.encode_id( library1.id ), |
---|
| 216 | self.security.encode_id( folder1.id ), |
---|
| 217 | self.security.encode_id( ldda1.id ), |
---|
| 218 | role_ids_str, |
---|
| 219 | permissions_in, |
---|
| 220 | permissions_out, |
---|
| 221 | strings_displayed=[ check_str ] ) |
---|
| 222 | role_ids_str = str( role1.id ) |
---|
| 223 | self.ldda_permissions( 'library_admin', |
---|
| 224 | self.security.encode_id( library1.id ), |
---|
| 225 | self.security.encode_id( folder1.id ), |
---|
| 226 | self.security.encode_id( ldda1.id ), |
---|
| 227 | role_ids_str, |
---|
| 228 | permissions_in, |
---|
| 229 | permissions_out, |
---|
| 230 | ldda_name=ldda1.name ) |
---|
| 231 | # admin_user should now be able to see 1.bed from the analysis view's access libraries |
---|
| 232 | self.browse_library( 'library', |
---|
| 233 | self.security.encode_id( library1.id ), |
---|
| 234 | strings_displayed=[ ldda1.name, ldda1.message ] ) |
---|
| 235 | def test_040_create_ldda2_with_role2_associated_with_group_and_users( self ): |
---|
| 236 | """Testing creating ldda2 with a role that is associated with a group and users""" |
---|
| 237 | # Logged in as admin_user |
---|
| 238 | # Add a dataset restricted by role2, which is currently associated as follows: |
---|
| 239 | # groups: group1 |
---|
| 240 | # users: test@bx.psu.edu, test1@bx.psu.edu via group1 |
---|
| 241 | # |
---|
| 242 | # We first need to make library1 public, but leave it's contents permissions unchanged |
---|
| 243 | self.make_library_item_public( self.security.encode_id( library1.id ), |
---|
| 244 | self.security.encode_id( library1.id ), |
---|
| 245 | item_type='library', |
---|
| 246 | contents=False, |
---|
| 247 | library_name=library1.name ) |
---|
| 248 | refresh( library1 ) |
---|
| 249 | filename = '2.bed' |
---|
| 250 | ldda_message = 'ldda2' |
---|
| 251 | self.upload_library_dataset( cntrller='library_admin', |
---|
| 252 | library_id=self.security.encode_id( library1.id ), |
---|
| 253 | folder_id=self.security.encode_id( folder1.id ), |
---|
| 254 | filename=filename, |
---|
| 255 | file_type='bed', |
---|
| 256 | dbkey='hg17', |
---|
| 257 | roles=[ str( role2.id ) ], |
---|
| 258 | ldda_message=ldda_message, |
---|
| 259 | strings_displayed=[ 'Upload files' ] ) |
---|
| 260 | global ldda2 |
---|
| 261 | ldda2 = get_latest_ldda_by_name( filename ) |
---|
| 262 | assert ldda2 is not None, 'Problem retrieving LibraryDatasetDatasetAssociation ldda2 from the database' |
---|
| 263 | self.browse_library( cntrller='library', |
---|
| 264 | id=self.security.encode_id( library1.id ), |
---|
| 265 | strings_displayed=[ ldda2.name, ldda2.message, admin_user.email ] ) |
---|
| 266 | def test_045_accessing_ldda2_with_role_associated_with_group_and_users( self ): |
---|
| 267 | """Testing accessing ldda2 with a role that is associated with a group and users""" |
---|
| 268 | # Logged in as admin_user |
---|
| 269 | # admin_user should be able to see 2.bed since she is associated with role2 |
---|
| 270 | self.browse_library( 'library', |
---|
| 271 | self.security.encode_id( library1.id ), |
---|
| 272 | strings_displayed=[ ldda2.name, ldda2.message, admin_user.email ] ) |
---|
| 273 | self.logout() |
---|
| 274 | # regular_user1 should be able to see 2.bed since she is associated with group_two |
---|
| 275 | self.login( email = regular_user1.email ) |
---|
| 276 | self.browse_library( 'library', |
---|
| 277 | self.security.encode_id( library1.id ), |
---|
| 278 | strings_displayed=[ folder1.name, ldda2.name, ldda2.message, admin_user.email ] ) |
---|
| 279 | # Check the permissions on the dataset 2.bed - they are as folows: |
---|
| 280 | # DATASET_MANAGE_PERMISSIONS = test@bx.psu.edu |
---|
| 281 | # DATASET_ACCESS = Role2 |
---|
| 282 | # Role2 associations: test@bx.psu.edu and Group2 |
---|
| 283 | # Group2 members: Role1, Role2, test1@bx.psu.edu |
---|
| 284 | # Role1 associations: test@bx.psu.edu, test1@bx.psu.edu, test3@bx.psu.edu |
---|
| 285 | # LIBRARY_ADD = Role1 |
---|
| 286 | # Role1 aassociations: test@bx.psu.edu, test1@bx.psu.edu, test3@bx.psu.edu |
---|
| 287 | # LIBRARY_MODIFY = Role1 |
---|
| 288 | # Role1 aassociations: test@bx.psu.edu, test1@bx.psu.edu, test3@bx.psu.edu |
---|
| 289 | # LIBRARY_MANAGE = Role1 |
---|
| 290 | # Role1 aassociations: test@bx.psu.edu, test1@bx.psu.edu, test3@bx.psu.edu |
---|
| 291 | self.ldda_edit_info( 'library', |
---|
| 292 | self.security.encode_id( library1.id ), |
---|
| 293 | self.security.encode_id( folder1.id ), |
---|
| 294 | self.security.encode_id( ldda2.id ), |
---|
| 295 | ldda2.name, |
---|
| 296 | strings_displayed=[ '2.bed', |
---|
| 297 | 'This is the latest version of this library dataset', |
---|
| 298 | 'Edit attributes of 2.bed' ] ) |
---|
| 299 | self.act_on_multiple_datasets( 'library', |
---|
| 300 | self.security.encode_id( library1.id ), |
---|
| 301 | 'import_to_history', |
---|
| 302 | ldda_ids=self.security.encode_id( ldda2.id ), |
---|
| 303 | strings_displayed=[ '1 dataset(s) have been imported into your history' ] ) |
---|
| 304 | self.logout() |
---|
| 305 | # regular_user2 should not be able to see ldda2 |
---|
| 306 | self.login( email=regular_user2.email ) |
---|
| 307 | self.browse_library( 'library', |
---|
| 308 | self.security.encode_id( library1.id ), |
---|
| 309 | strings_not_displayed=[ folder1.name, ldda2.name, ldda2.message ] ) |
---|
| 310 | |
---|
| 311 | self.logout() |
---|
| 312 | # regular_user3 should not be able to see ldda2 |
---|
| 313 | self.login( email=regular_user3.email ) |
---|
| 314 | self.browse_library( 'library', |
---|
| 315 | self.security.encode_id( library1.id ), |
---|
| 316 | strings_displayed=[ folder1.name ], |
---|
| 317 | strings_not_displayed=[ ldda2.name, ldda2.message ] ) |
---|
| 318 | self.logout() |
---|
| 319 | self.login( email=admin_user.email ) |
---|
| 320 | # Now makse ldda2 publicly accessible |
---|
| 321 | self.make_library_item_public( self.security.encode_id( library1.id ), |
---|
| 322 | self.security.encode_id( ldda2.id ), |
---|
| 323 | item_type='ldda', |
---|
| 324 | ldda_name=ldda2.name ) |
---|
| 325 | self.logout() |
---|
| 326 | # regular_user2 should now be able to see ldda2 |
---|
| 327 | self.login( email=regular_user2.email ) |
---|
| 328 | self.browse_library( 'library', |
---|
| 329 | self.security.encode_id( library1.id ), |
---|
| 330 | strings_displayed=[ folder1.name, ldda2.name, ldda2.message ] ) |
---|
| 331 | self.logout() |
---|
| 332 | self.login( email=admin_user.email ) |
---|
| 333 | # Now make folder1 publicly acessible |
---|
| 334 | self.make_library_item_public( self.security.encode_id( library1.id ), |
---|
| 335 | self.security.encode_id( folder1.id ), |
---|
| 336 | item_type='folder', |
---|
| 337 | folder_name=folder1.name ) |
---|
| 338 | self.logout() |
---|
| 339 | # regular_user3 should now be able to see ldda1 |
---|
| 340 | self.login( email=regular_user3.email ) |
---|
| 341 | self.browse_library( 'library', |
---|
| 342 | self.security.encode_id( library1.id ), |
---|
| 343 | strings_displayed=[ folder1.name, ldda1.name, ldda1.message ] ) |
---|
| 344 | self.logout() |
---|
| 345 | self.login( email=admin_user.email ) |
---|
| 346 | def test_050_upload_directory_of_files_from_admin_view( self ): |
---|
| 347 | """Testing uploading a directory of files to library1 from the Admin view""" |
---|
| 348 | # logged in as admin_user |
---|
| 349 | ldda_message = 'This is a test for uploading a directory of files' |
---|
| 350 | self.upload_library_dataset( cntrller='library_admin', |
---|
| 351 | library_id=self.security.encode_id( library1.id ), |
---|
| 352 | folder_id=self.security.encode_id( library1.root_folder.id ), |
---|
| 353 | upload_option='upload_directory', |
---|
| 354 | server_dir='library', |
---|
| 355 | ldda_message=ldda_message, |
---|
| 356 | strings_displayed=[ "Upload a directory of files" ] ) |
---|
| 357 | self.browse_library( 'library_admin', |
---|
| 358 | self.security.encode_id( library1.id ), |
---|
| 359 | strings_displayed=[ admin_user.email, ldda_message ] ) |
---|
| 360 | def test_055_change_permissions_on_datasets_uploaded_from_library_dir( self ): |
---|
| 361 | """Testing changing the permissions on datasets uploaded from a directory from the Admin view""" |
---|
| 362 | # logged in as admin_user |
---|
| 363 | # It would be nice if twill functioned such that the above test resulted in a |
---|
| 364 | # form with the uploaded datasets selected, but it does not ( they're not checked ), |
---|
| 365 | # so we'll have to simulate this behavior ( not ideal ) for the 'edit' action. We |
---|
| 366 | # first need to get the ldda.id for the 3 new datasets |
---|
| 367 | latest_3_lddas = get_latest_lddas( 3 ) |
---|
| 368 | ldda_ids = '' |
---|
| 369 | for ldda in latest_3_lddas: |
---|
| 370 | ldda_ids += '%s,' % self.security.encode_id( ldda.id ) |
---|
| 371 | ldda_ids = ldda_ids.rstrip( ',' ) |
---|
| 372 | # Set permissions |
---|
| 373 | self.ldda_permissions( 'library_admin', |
---|
| 374 | self.security.encode_id( library1.id ), |
---|
| 375 | self.security.encode_id( folder1.id ), |
---|
| 376 | ldda_ids, |
---|
| 377 | str( role1.id ), |
---|
| 378 | permissions_in=[ 'DATASET_ACCESS', 'LIBRARY_MANAGE' ], |
---|
| 379 | strings_displayed=[ 'Permissions updated for 3 datasets.' ] ) |
---|
| 380 | # Make sure the permissions have been correctly updated for the 3 datasets. Permissions should |
---|
| 381 | # be all of the above on any of the 3 datasets that are imported into a history. |
---|
| 382 | def check_edit_page( lddas, strings_displayed=[], strings_not_displayed=[] ): |
---|
| 383 | for ldda in lddas: |
---|
| 384 | # Import each library dataset into our history |
---|
| 385 | self.act_on_multiple_datasets( 'library', |
---|
| 386 | self.security.encode_id( library1.id ), |
---|
| 387 | 'import_to_history', |
---|
| 388 | ldda_ids=self.security.encode_id( ldda.id ) ) |
---|
| 389 | # Determine the new HistoryDatasetAssociation id created when the library dataset was imported into our history |
---|
| 390 | last_hda_created = get_latest_hda() |
---|
| 391 | self.edit_hda_attribute_info( str( last_hda_created.id ), |
---|
| 392 | strings_displayed=strings_displayed ) |
---|
| 393 | # admin_user is associated with role1, so should have all permissions on imported datasets |
---|
| 394 | check_edit_page( latest_3_lddas, |
---|
| 395 | strings_displayed=[ 'Manage dataset permissions on', |
---|
| 396 | 'Role members can manage the roles associated with permissions on this dataset', |
---|
| 397 | 'Role members can import this dataset into their history for analysis' ] ) |
---|
| 398 | self.logout() |
---|
| 399 | # regular_user1 is associated with role1, so should have all permissions on imported datasets |
---|
| 400 | self.login( email=regular_user1.email ) |
---|
| 401 | check_edit_page( latest_3_lddas ) |
---|
| 402 | self.logout() |
---|
| 403 | # Since regular_user2 is not associated with role1, she should not have |
---|
| 404 | # access to any of the 3 datasets, so she will not see folder1 on the libraries page |
---|
| 405 | self.login( email=regular_user2.email ) |
---|
| 406 | self.browse_library( 'library', |
---|
| 407 | self.security.encode_id( library1.id ), |
---|
| 408 | strings_not_displayed=[ folder1.name ] ) |
---|
| 409 | self.logout() |
---|
| 410 | # regular_user3 is associated with role1, so should have all permissions on imported datasets |
---|
| 411 | self.login( email=regular_user3.email ) |
---|
| 412 | check_edit_page( latest_3_lddas ) |
---|
| 413 | self.logout() |
---|
| 414 | self.login( email=admin_user.email ) |
---|
| 415 | # Change the permissions and test again |
---|
| 416 | self.ldda_permissions( 'library_admin', |
---|
| 417 | self.security.encode_id( library1.id ), |
---|
| 418 | self.security.encode_id( folder1.id ), |
---|
| 419 | ldda_ids, |
---|
| 420 | str( role1.id ), |
---|
| 421 | permissions_in=[ 'DATASET_ACCESS' ], |
---|
| 422 | strings_displayed=[ 'Permissions updated for 3 datasets.' ] ) |
---|
| 423 | check_edit_page( latest_3_lddas, |
---|
| 424 | strings_displayed=[ 'View Permissions' ], |
---|
| 425 | strings_not_displayed=[ 'Manage dataset permissions on', |
---|
| 426 | 'Role members can manage roles associated with permissions on this library item', |
---|
| 427 | 'Role members can import this dataset into their history for analysis' ] ) |
---|
| 428 | def test_060_restrict_access_to_library2( self ): |
---|
| 429 | """Testing restricting access to library2""" |
---|
| 430 | # Logged in as admin_user |
---|
| 431 | # Make sure library2 is public |
---|
| 432 | assert 'access library' not in [ a.action for a in library2.actions ], 'Library %s is not public when first created' % library2.name |
---|
| 433 | # Set permissions on the library2 |
---|
| 434 | permissions_in = [ k for k, v in galaxy.model.Library.permitted_actions.items() ] |
---|
| 435 | permissions_out = [] |
---|
| 436 | # Only admin_user will be permitted for |
---|
| 437 | # LIBRARY_ACCESS, LIBRARY_ADD, LIBRARY_MODIFY, LIBRARY_MANAGE on library2 and it's contents. |
---|
| 438 | self.library_permissions( self.security.encode_id( library1.id ), |
---|
| 439 | library1.name, |
---|
| 440 | str( admin_user_private_role.id ), |
---|
| 441 | permissions_in, |
---|
| 442 | permissions_out ) |
---|
| 443 | # Make sure library2 is not accessible by regular_user2. |
---|
| 444 | self.logout() |
---|
| 445 | self.login( email=regular_user2.email ) |
---|
| 446 | self.visit_url( '%s/library/browse_libraries' % self.url ) |
---|
| 447 | try: |
---|
| 448 | self.check_page_for_string( library2.name ) |
---|
| 449 | raise AssertionError, 'Library %s is accessible by %s when it should be restricted' % ( library2.name, regular_user2.email ) |
---|
| 450 | except: |
---|
| 451 | pass |
---|
| 452 | self.logout() |
---|
| 453 | self.login( email=admin_user.email ) |
---|
| 454 | def test_065_create_ldda6( self ): |
---|
| 455 | """Testing create ldda6, restricting access on upload form to admin_user's private role""" |
---|
| 456 | filename = '6.bed' |
---|
| 457 | ldda_message = 'ldda6' |
---|
| 458 | self.upload_library_dataset( cntrller='library_admin', |
---|
| 459 | library_id=self.security.encode_id( library2.id ), |
---|
| 460 | folder_id=self.security.encode_id( library2.root_folder.id ), |
---|
| 461 | filename=filename, |
---|
| 462 | file_type='bed', |
---|
| 463 | dbkey='hg18', |
---|
| 464 | roles=[ str( admin_user_private_role.id ) ], |
---|
| 465 | ldda_message=ldda_message, |
---|
| 466 | strings_displayed=[ 'Upload files' ] ) |
---|
| 467 | global ldda6 |
---|
| 468 | ldda6 = get_latest_ldda_by_name( filename ) |
---|
| 469 | assert ldda6 is not None, 'Problem retrieving LibraryDatasetDatasetAssociation ldda6 from the database' |
---|
| 470 | def test_070_add_folder2_to_library2( self ): |
---|
| 471 | """Testing adding folder2 to a library2""" |
---|
| 472 | # logged in as admin_user |
---|
| 473 | root_folder = library2.root_folder |
---|
| 474 | name = "Folder2" |
---|
| 475 | description = "Folder2 description" |
---|
| 476 | self.add_folder( 'library_admin', |
---|
| 477 | self.security.encode_id( library2.id ), |
---|
| 478 | self.security.encode_id( root_folder.id ), |
---|
| 479 | name=name, |
---|
| 480 | description=description ) |
---|
| 481 | global folder2 |
---|
| 482 | folder2 = get_folder( root_folder.id, name, description ) |
---|
| 483 | assert folder2 is not None, 'Problem retrieving folder2 from the database' |
---|
| 484 | def test_075_create_ldda7( self ): |
---|
| 485 | """Testing create ldda7, restricting access on upload form to admin_user's private role""" |
---|
| 486 | filename = '7.bed' |
---|
| 487 | ldda_message = 'ldda7' |
---|
| 488 | self.upload_library_dataset( cntrller='library_admin', |
---|
| 489 | library_id=self.security.encode_id( library2.id ), |
---|
| 490 | folder_id=self.security.encode_id( folder2.id ), |
---|
| 491 | filename=filename, |
---|
| 492 | file_type='bed', |
---|
| 493 | dbkey='hg18', |
---|
| 494 | roles=[ str( admin_user_private_role.id ) ], |
---|
| 495 | ldda_message=ldda_message, |
---|
| 496 | strings_displayed=[ 'Upload files' ] ) |
---|
| 497 | global ldda7 |
---|
| 498 | ldda7 = get_latest_ldda_by_name( filename ) |
---|
| 499 | assert ldda7 is not None, 'Problem retrieving LibraryDatasetDatasetAssociation ldda7 from the database' |
---|
| 500 | def test_080_add_subfolder2_to_folder2( self ): |
---|
| 501 | """Testing adding subfolder2 to a folder2""" |
---|
| 502 | # logged in as admin_user |
---|
| 503 | name = "Subfolder2" |
---|
| 504 | description = "Subfolder2 description" |
---|
| 505 | self.add_folder( 'library_admin', |
---|
| 506 | self.security.encode_id( library2.id ), |
---|
| 507 | self.security.encode_id( folder2.id ), |
---|
| 508 | name=name, |
---|
| 509 | description=description ) |
---|
| 510 | global subfolder2 |
---|
| 511 | subfolder2 = get_folder( folder2.id, name, description ) |
---|
| 512 | assert subfolder2 is not None, 'Problem retrieving subfolder2 from the database' |
---|
| 513 | def test_085_create_ldda8( self ): |
---|
| 514 | """Testing create ldda8, restricting access on upload form to admin_user's private role""" |
---|
| 515 | filename = '8.bed' |
---|
| 516 | ldda_message = 'ldda8' |
---|
| 517 | self.upload_library_dataset( cntrller='library_admin', |
---|
| 518 | library_id=self.security.encode_id( library2.id ), |
---|
| 519 | folder_id=self.security.encode_id( subfolder2.id ), |
---|
| 520 | filename=filename, |
---|
| 521 | file_type='bed', |
---|
| 522 | dbkey='hg18', |
---|
| 523 | roles=[ str( admin_user_private_role.id ) ], |
---|
| 524 | ldda_message=ldda_message, |
---|
| 525 | strings_displayed=[ 'Upload files' ] ) |
---|
| 526 | global ldda8 |
---|
| 527 | ldda8 = get_latest_ldda_by_name( filename ) |
---|
| 528 | assert ldda8 is not None, 'Problem retrieving LibraryDatasetDatasetAssociation ldda8 from the database' |
---|
| 529 | def test_090_make_library2_and_contents_public( self ): |
---|
| 530 | """Testing making library2 and all of it's contents public""" |
---|
| 531 | self.make_library_item_public( self.security.encode_id( library2.id ), |
---|
| 532 | self.security.encode_id( library2.id ), |
---|
| 533 | item_type='library', |
---|
| 534 | contents=True, |
---|
| 535 | library_name=library2.name ) |
---|
| 536 | # Make sure library2 is now accessible by regular_user2 |
---|
| 537 | self.logout() |
---|
| 538 | self.login( email=regular_user2.email ) |
---|
| 539 | self.visit_url( '%s/library/browse_libraries' % self.url ) |
---|
| 540 | self.check_page_for_string( library2.name ) |
---|
| 541 | self.browse_library( 'library', |
---|
| 542 | self.security.encode_id( library2.id ), |
---|
| 543 | strings_displayed=[ ldda6.name, ldda6.message, ldda7.name, ldda7.message, ldda8.name, ldda8.message ] ) |
---|
| 544 | def test_999_reset_data_for_later_test_runs( self ): |
---|
| 545 | """Reseting data to enable later test runs to pass""" |
---|
| 546 | # Logged in as regular_user2 |
---|
| 547 | self.logout() |
---|
| 548 | self.login( email=admin_user.email ) |
---|
| 549 | ################## |
---|
| 550 | # Purge all libraries |
---|
| 551 | ################## |
---|
| 552 | for library in [ library1, library2 ]: |
---|
| 553 | self.delete_library_item( 'library_admin', |
---|
| 554 | self.security.encode_id( library.id ), |
---|
| 555 | self.security.encode_id( library.id ), |
---|
| 556 | library.name, |
---|
| 557 | item_type='library' ) |
---|
| 558 | self.purge_library( self.security.encode_id( library.id ), library.name ) |
---|
| 559 | ################## |
---|
| 560 | # Eliminate all non-private roles |
---|
| 561 | ################## |
---|
| 562 | for role in [ role1, role2 ]: |
---|
| 563 | self.mark_role_deleted( self.security.encode_id( role.id ), role.name ) |
---|
| 564 | self.purge_role( self.security.encode_id( role.id ), role.name ) |
---|
| 565 | # Manually delete the role from the database |
---|
| 566 | refresh( role ) |
---|
| 567 | sa_session.delete( role ) |
---|
| 568 | sa_session.flush() |
---|
| 569 | ################## |
---|
| 570 | # Eliminate all groups |
---|
| 571 | ################## |
---|
| 572 | for group in [ group1 ]: |
---|
| 573 | self.mark_group_deleted( self.security.encode_id( group.id ), group.name ) |
---|
| 574 | self.purge_group( self.security.encode_id( group.id ), group.name ) |
---|
| 575 | # Manually delete the group from the database |
---|
| 576 | refresh( group ) |
---|
| 577 | sa_session.delete( group ) |
---|
| 578 | sa_session.flush() |
---|
| 579 | ################## |
---|
| 580 | # Make sure all users are associated only with their private roles |
---|
| 581 | ################## |
---|
| 582 | for user in [ admin_user, regular_user1, regular_user2, regular_user3 ]: |
---|
| 583 | refresh( user ) |
---|
| 584 | if len( user.roles) != 1: |
---|
| 585 | raise AssertionError( '%d UserRoleAssociations are associated with %s ( should be 1 )' % ( len( user.roles ), user.email ) ) |
---|