mirror/peeringdb-peeringdb
1
0
Fork 0
mirror of https://github.com/peeringdb/peeringdb.git synced 2024-05-11 05:55:09 +00:00
Code Releases Activity
Files
6c390706ce93582a6db358f6b91e7beedd772c70
peeringdb-peeringdb/tests/test_orgadmin.py

667 lines
23 KiB
Python
Raw Normal View History

initial commit of code
2018-11-08 19:45:21 +00:00
import pytest
import json
from django.test import Client, TestCase, RequestFactory
from django.contrib.auth.models import Group
Gh 724 (#897) * remove log file writing from migration * run tests on mysql * fix tests (pt.1) * fix tests (pt.2) * fix all user_id errors in tests * Fix geocode typo * More test changes for mysql id issues * Add coverage config that defines coverage db should go inside test folder * update docs * fix mysql user * fix tests cli * add mysql collate settings * docs * fix sync * fix sync * docs * remove debug output * remove XXX * interim commit to move to dev box * mv db local, rm after run * updates for 724 * note layer error message and work around * fix travis * chown tests * more travis fixes * travis: touch Ctl/dev/.env * write coverage report to ./coverage * clean up docs * formatting Co-authored-by: Stefan Pratter <stefan@20c.com> Co-authored-by: Elliot Frank <elliot@20c.com>
2020-12-03 19:10:02 +00:00
from django.conf import settings
initial commit of code
2018-11-08 19:45:21 +00:00
import peeringdb_server.models as models
import peeringdb_server.org_admin_views as org_admin
import peeringdb_server.views as views
from django_namespace_perms.constants import PERM_CREATE, PERM_DELETE
Gh 724 (#897) * remove log file writing from migration * run tests on mysql * fix tests (pt.1) * fix tests (pt.2) * fix all user_id errors in tests * Fix geocode typo * More test changes for mysql id issues * Add coverage config that defines coverage db should go inside test folder * update docs * fix mysql user * fix tests cli * add mysql collate settings * docs * fix sync * fix sync * docs * remove debug output * remove XXX * interim commit to move to dev box * mv db local, rm after run * updates for 724 * note layer error message and work around * fix travis * chown tests * more travis fixes * travis: touch Ctl/dev/.env * write coverage report to ./coverage * clean up docs * formatting Co-authored-by: Stefan Pratter <stefan@20c.com> Co-authored-by: Elliot Frank <elliot@20c.com>
2020-12-03 19:10:02 +00:00
from .util import override_group_id
initial commit of code
2018-11-08 19:45:21 +00:00
class OrgAdminTests(TestCase):
"""
Test organization administration functionality, such as
org admins permissioning users and approving or denying
affiliation requests
"""
entities = ["ix", "net", "fac"]
@classmethod
def setUpTestData(cls):
# create user and guest group
Gh 724 (#897) * remove log file writing from migration * run tests on mysql * fix tests (pt.1) * fix tests (pt.2) * fix all user_id errors in tests * Fix geocode typo * More test changes for mysql id issues * Add coverage config that defines coverage db should go inside test folder * update docs * fix mysql user * fix tests cli * add mysql collate settings * docs * fix sync * fix sync * docs * remove debug output * remove XXX * interim commit to move to dev box * mv db local, rm after run * updates for 724 * note layer error message and work around * fix travis * chown tests * more travis fixes * travis: touch Ctl/dev/.env * write coverage report to ./coverage * clean up docs * formatting Co-authored-by: Stefan Pratter <stefan@20c.com> Co-authored-by: Elliot Frank <elliot@20c.com>
2020-12-03 19:10:02 +00:00
cls.guest_group = Group.objects.create(name="guest", id=settings.GUEST_GROUP_ID)
cls.user_group = Group.objects.create(name="user", id=settings.USER_GROUP_ID)
settings.USER_GROUP_ID = cls.user_group.id
settings.GUEST_GROUP_ID = cls.guest_group.id
initial commit of code
2018-11-08 19:45:21 +00:00
# create test users
for name in [
black formatted
2019-12-05 16:57:52 +00:00
"org_admin",
"user_a",
"user_b",
"user_c",
"user_d",
"user_e",
"user_f",
initial commit of code
2018-11-08 19:45:21 +00:00
]:
black formatted
2019-12-05 16:57:52 +00:00
setattr(
cls,
name,
models.User.objects.create_user(name, "%s@localhost" % name, name),
)
initial commit of code
2018-11-08 19:45:21 +00:00
getattr(cls, name).set_password(name)
# create test org
black formatted
2019-12-05 16:57:52 +00:00
cls.org = models.Organization.objects.create(name="Test org", status="ok")
initial commit of code
2018-11-08 19:45:21 +00:00
cls.org_other = models.Organization.objects.create(
black formatted
2019-12-05 16:57:52 +00:00
name="Test org other", status="ok"
)
initial commit of code
2018-11-08 19:45:21 +00:00
# create test entities
for tag in cls.entities:
kwargs = {"name": "Test %s" % tag, "status": "ok", "org": cls.org}
if tag == "net":
kwargs.update(asn=1)
setattr(cls, tag, models.REFTAG_MAP[tag].objects.create(**kwargs))
# add org_admin user to org as admin
cls.org.admin_usergroup.user_set.add(cls.org_admin)
# add user_a user to org as member
cls.org.usergroup.user_set.add(cls.user_a)
cls.org_other.usergroup.user_set.add(cls.user_b)
def setUp(self):
self.factory = RequestFactory()
def test_users(self):
"""
Tests the result of org_admin_views.users
"""
# test #1 - return a json response with the user we added to the org's member
# usergroup
black formatted
2019-12-05 16:57:52 +00:00
request = self.factory.get("/org-admin/users?org_id=%d" % (self.org.id))
initial commit of code
2018-11-08 19:45:21 +00:00
request.user = self.org_admin
resp = json.loads(org_admin.users(request).content)
self.assertEqual(resp["status"], "ok")
black formatted
2019-12-05 16:57:52 +00:00
self.assertEqual(
resp["users"],
[
{
"id": self.user_a.id,
"name": "%s <%s, %s>"
% (self.user_a.full_name, self.user_a.email, self.user_a.username),
}
],
)
initial commit of code
2018-11-08 19:45:21 +00:00
# test #2 - return 403 response when trying to access the org where org_admin
# is not administrator
black formatted
2019-12-05 16:57:52 +00:00
request = self.factory.get("/org-admin/users?org_id=%d" % (self.org_other.id))
initial commit of code
2018-11-08 19:45:21 +00:00
request.user = self.org_admin
resp = org_admin.users(request)
self.assertEqual(resp.status_code, 403)
self.assertEqual(json.loads(resp.content), {})
def test_load_all_user_permissions(self):
"""
Test the result of org_admin_views.load_all_user_permissions
"""
uid = self.user_a.id
perms = {
uid: {
black formatted
2019-12-05 16:57:52 +00:00
"perms": {"net.%d" % self.net.id: 0x01, "fac": 0x03},
initial commit of code
2018-11-08 19:45:21 +00:00
"id": self.user_a.id,
black formatted
2019-12-05 16:57:52 +00:00
"name": "%s <%s> %s"
% (self.user_a.full_name, self.user_a.email, self.user_a.username),
initial commit of code
2018-11-08 19:45:21 +00:00
}
}
black formatted
2019-12-05 16:57:52 +00:00
org_admin.save_user_permissions(self.org, self.user_a, perms[uid]["perms"])
initial commit of code
2018-11-08 19:45:21 +00:00
perms_all = org_admin.load_all_user_permissions(self.org)
self.assertEqual(perms_all, perms)
def test_user_permissions_update_remove(self):
"""
Test the result of org_admin_views.user_permissions_update
Test the result of org_admin_views.user_permissions_remove
"""
# Test #1 - test updating a user a's permission to the org
url = "/org-admin/user_permissions/update?org_id=%d&user_id=%d" % (
black formatted
2019-12-05 16:57:52 +00:00
self.org.id,
self.user_a.id,
)
request = self.factory.post(
url, data={"entity": "net.%d" % self.net.id, "perms": 0x03}
)
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.user_permission_update(request)
self.assertEqual(json.loads(resp.content).get("status"), "ok")
# test that the perms we just updated saved correctly
uperms, perms = org_admin.load_user_permissions(self.org, self.user_a)
self.assertEqual(perms, {"net.%d" % self.net.id: 0x03})
# Test #2 - should not be allowed to update user b's perms as he is not a member of
# the org
url = "/org-admin/user_permissions/update?org_id=%d&user_id=%d" % (
black formatted
2019-12-05 16:57:52 +00:00
self.org.id,
self.user_b.id,
)
request = self.factory.post(
url, data={"entity": "net.%d" % self.net.id, "perms": 0x03}
)
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.user_permission_update(request)
self.assertEqual(resp.status_code, 403)
self.assertEqual(json.loads(resp.content), {})
# Test #3 - should not be allowed to update user b's perms because we are not
# the admin of his org
url = "/org-admin/user_permissions/update?org_id=%d&user_id=%d" % (
black formatted
2019-12-05 16:57:52 +00:00
self.org_other.id,
self.user_b.id,
)
request = self.factory.post(
url, data={"entity": "net.%d" % self.net.id, "perms": 0x03}
)
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.user_permission_update(request)
self.assertEqual(resp.status_code, 403)
self.assertEqual(json.loads(resp.content), {})
# Test #4 - remove the permissions we just added
url = "/org-admin/user_permissions/remove?org_id=%d&user_id=%d" % (
black formatted
2019-12-05 16:57:52 +00:00
self.org.id,
self.user_a.id,
)
request = self.factory.post(url, data={"entity": "net.%d" % self.net.id})
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.user_permission_remove(request)
self.assertEqual(json.loads(resp.content).get("status"), "ok")
# test that the perms we just removed saved correctly
uperms, perms = org_admin.load_user_permissions(self.org, self.user_a)
self.assertEqual(perms, {})
# Test #5 - should not be allowed remove user b's permissions as he
# is not a member of the org
url = "/org-admin/user_permissions/remove?org_id=%d&user_id=%d" % (
black formatted
2019-12-05 16:57:52 +00:00
self.org.id,
self.user_b.id,
)
request = self.factory.post(url, data={"entity": "net.%d" % self.net.id})
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.user_permission_remove(request)
self.assertEqual(resp.status_code, 403)
self.assertEqual(json.loads(resp.content), {})
# Test #6 - should not be allowed to remove user b's permissions as we
# are not the admin of his org
url = "/org-admin/user_permissions/remove?org_id=%d&user_id=%d" % (
black formatted
2019-12-05 16:57:52 +00:00
self.org_other.id,
self.user_b.id,
)
request = self.factory.post(url, data={"entity": "net.%d" % self.net.id})
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.user_permission_remove(request)
self.assertEqual(resp.status_code, 403)
self.assertEqual(json.loads(resp.content), {})
def test_user_permissions(self):
"""
Test the result of org_admin_views.user_permissions
Test org_admin_views.save_user_permissions
Test org_admin_views.load_user_permissions
"""
# Test #1 - test user a's permission to the org
request = self.factory.get(
black formatted
2019-12-05 16:57:52 +00:00
"/org-admin/user_permissions?org_id=%d" % (self.org.id)
)
initial commit of code
2018-11-08 19:45:21 +00:00
request.user = self.org_admin
uid = str(self.user_a.id)
# we make some temporary perms for user_a
perms = {uid: {"net.%d" % self.net.id: 0x01, "fac": 0x03}}
org_admin.save_user_permissions(self.org, self.user_a, perms[uid])
resp = json.loads(org_admin.user_permissions(request).content)
self.assertEqual(resp["status"], "ok")
self.assertEqual(resp["user_permissions"], perms)
# Test #2 - clear the perms we just made for this test
org_admin.save_user_permissions(self.org, self.user_a, {})
resp = json.loads(org_admin.user_permissions(request).content)
self.assertEqual(resp["status"], "ok")
self.assertEqual(resp["user_permissions"], {uid: {}})
# Test #5 - no permissions to org
request = self.factory.get(
black formatted
2019-12-05 16:57:52 +00:00
"/org-admin/user_permissions?org_id=%d" % (self.org_other.id)
)
initial commit of code
2018-11-08 19:45:21 +00:00
request.user = self.org_admin
resp = org_admin.user_permissions(request)
self.assertEqual(resp.status_code, 403)
self.assertEqual(json.loads(resp.content), {})
def test_org_admin_tools(self):
"""
Test that users with create / delete permissions have access to the tools
on the org management page
"""
for tag in ["fac", "net", "ix"]:
black formatted
2019-12-05 16:57:52 +00:00
org_admin.save_user_permissions(self.org, self.user_a, {tag: PERM_CREATE})
initial commit of code
2018-11-08 19:45:21 +00:00
c = Client()
c.login(username=self.user_a.username, password="user_a")
resp = c.get("/org/%d" % self.org.id, follow=True)
Qu1003 (#621) * use new peeringdb client (1.0.0) for pdb_load_data sync (#599) * drop django-mobi for lack of py3/dj2 support (#492) remove django-forms-bootstrap for lack of py3/dj2 support (#492) * black formatted * django2.2 and py3 upgrade (#492) * drop ixlans (#21) ui and api changes * drop local_asn (#168) * org search (#193) * phone number validation (#50) * implement help text tooltips (#228) * Mark own ASN as transit-free (#394) * py3 fix for `pdb_migrate_ixlans` command when writing migration report * pdb_migrate_ixlans: properly handle py3 Runtime error if ixlan dict changes during iteration * set rest DEFAULT_SCHEMA_CLASS to coreapi to fix swagger apidocs fix migration 0027 missing from facsimile manifest * fix swagger doc strings * fix tests that were broken from api doc fixes * fix UniqueFieldValidator for netixlan ipaddress validation that broke during django/drf upgrade * fix org merge tool layout issues * travis config * update pipfile and lock * black formatting * update travis dist * beta mode banner (#411) * add beta banner template (#411) * automatically scheduled sync may not always be on, add a flag that lets us reflect that state in the beta banner message clean up beta banner implementation (#411) * add tests for beta banner (#411)
2020-01-08 13:29:58 -06:00
print(resp)
initial commit of code
2018-11-08 19:45:21 +00:00
for _tag in ["fac", "net", "ix"]:
if _tag != tag:
July updates (#762) * Change label from primary ASN to ASN * Raise validation error when trying to update ASN * first steps for dotf importer procotol (#697) * migrations (#697) * Add translation to error meessage * Make ASN readonly in table * Add test now that ASN should not be able to update * Set fac.rencode to '' for all entries and make it readonly in serializer * Add unique constraints to network ixlan ip addresses * Add migration to null out duplicate ipaddresses for deleted netixlans * Add unique constraints to network ixlan ip addresses * Add migration to null out duplicate ipaddresses for deleted netixlans * remove old migrations (#697) * fix netixlan ipaddr dedupe migration (#268) add netixlan ipaddr unique constraint migration (#268) * ixf_member_data migrations (#697) * fix table name (#697) * importer protocol (#697) * fix netixlan ipaddr dedupe migration (#268) add netixlan ipaddr unique constraint migration (#268) * ixf proposed changes notifications (#697) * Delete repeated query * Add a test to show rencode is readonly * Blank out rencode when mocking data * Remove validator now that constraint exists * Add back unique field validator w Check Deleted true * conflict resolving (#697) * UniqueFieldValidator raise error with code "unique" (#268) * conflict resolution (#697) * Add fixme comment to tests * conflict resolution (#697) * Remove now invalid undelete tests * UniqueFieldValidator raise error with code "unique" (#268) * delete admin tools for duplicate ip addresses * Make migration to delete duplicateipnetworkixlan * Add ixlan-ixpfx status matching validation, add corresponding test * delete redundant checking in test * resolve conflict ui (#697) * fix migrations hierarchy * squash migrations for ixf member data * clean up preview and post-mortem tools * remove non-sensical permission check when undeleting soft-deleted objects through unique integrity error handling * only include the ix-f data url in notifications to admincom (#697) * resolve on --skip-import (#697) * ac conflict resolution (#697) * Define more accurately the incompatible statuses for ixlan and ixpfx * Add another status test * Preventing disrupting changes (#697) * fix tests (#697) * Stop allow_ixp_update from being write only and add a global stat for automated networks * Add tests for global stats that appear in footer * Change how timezone is called with datetime, to get test_stats.py/test_generate_for_current_date to pass * test for protected entities (#697) * admincom conflict resolution refine readonly fields (#697) network notifications only if the problem is actually actionable by the network (#697) * ixp / ac notifcation when ix-f source cannot be parsed (#697) fix issue with ixlan prefix protection (#697) * migrations (#697) * code documentation (#697) * ux tweaks (#697) * UX tweaks (#697) * Fix typo * fix netixlan returned in IXFMemberData.apply when adding a new one (#697) * fix import log incosistencies (#697) * Add IXFMemberData to test * Update test data * Add protocol tests * Add tests for views * always persist changes to remote data on set_conflict (#697) * More tests * always persist changes to remote data on set_conflict (#697) * suggest-add test * net_present_at_ix should check status (#697) * Add more protocol tests * Edit language of some tests * django-peeringdb to 2.1.1 relock pipfile, pin django-ratelimit to <3 as it breaks stuff * Add net_count_ixf field to ix object (#683) * Add the IX-F Member Export URL to the ixlan API endpoint (#249) * Lock some objects from being deleted by the owner (#696) * regenerate api docs (#249) * always persist changes to remote data on set_add and set_update (#697) * IXFMemberData: always persist remote data changes during set_add and set_update, also allow for saving without touching the updated field * always persist changes to remote data on set_add and set_update (#697) * Fix suggest-add tests * IXFMemberData: always persist remote data changes during set_add and set_update, also allow for saving without touching the updated field * IXFMemberData: always persist remote data changes during set_add and set_update, also allow for saving without touching the updated field * fix issue with deletion when ixfmemberdata for entry existed previously (#697) * fix test_suggest_delete_local_ixf_no_flag (#697 tests) * fix issue with deletion when ixfmemberdata for entry existed previously (#697) * invalid ips get logged and notified to the ix via notify_error (#697) * Fix more tests * issue with previous_data when running without save (#697) properly track speed errors (#697) * reset errors on ixfmemberdata that go into pending_save (#697) * add remote_data to admin view (#697) * fix error reset inconsistency (#697) * Refine invalid data tests * remove debug output * for notifications to ac include contact points for net and ix in the message (#697) * settings to toggle ix-f tickets / emails (#697) * allow turning off ix-f notifications for net and ix separately (#697) * add jsonschema test * Add idempotent tests to updater * remove old ixf member tests * Invalid data tests when ixp_updates are enabled * fix speed error validation (#697) * fix issue with rollback (#697) * fix migration hierarchy * fix ixfmemberdata _email * django-peeringdb to 2.2 and relock * add ixf rollback tests * ixf email notifications off by default * black formatted * pyupgrade Co-authored-by: egfrank <egfrank@20c.com> Co-authored-by: Stefan Pratter <stefan@20c.com>
2020-07-15 02:07:01 -05:00
assert f"#add_{_tag}" not in resp.content.decode()
assert f"#add_{tag}" in resp.content.decode()
initial commit of code
2018-11-08 19:45:21 +00:00
def test_manage_user_delete(self):
"""
Test the result of org_admin_views.manager_user_delete
"""
self.org.admin_usergroup.user_set.add(self.user_e)
self.org.usergroup.user_set.add(self.user_f)
# make sure that user f is currently member and not admin
self.assertEqual(self.user_f.is_org_member(self.org), True)
self.assertEqual(self.user_f.is_org_admin(self.org), False)
self.assertEqual(self.user_e.is_org_member(self.org), False)
self.assertEqual(self.user_e.is_org_admin(self.org), True)
# test #1 - remove user f (member) from org
black formatted
2019-12-05 16:57:52 +00:00
request = self.factory.post(
"/org-admin/manage_user/delete",
{"org_id": self.org.id, "user_id": self.user_f.id},
)
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.manage_user_delete(request)
self.assertEqual(json.loads(resp.content), {"status": "ok"})
self.user_a.refresh_from_db()
self.assertEqual(self.user_f.is_org_member(self.org), False)
self.assertEqual(self.user_f.is_org_admin(self.org), False)
# test #2 - remove user e (admin) from org
black formatted
2019-12-05 16:57:52 +00:00
request = self.factory.post(
"/org-admin/manage_user/delete",
{"org_id": self.org.id, "user_id": self.user_e.id},
)
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.manage_user_delete(request)
self.assertEqual(json.loads(resp.content), {"status": "ok"})
self.user_a.refresh_from_db()
self.assertEqual(self.user_e.is_org_member(self.org), False)
self.assertEqual(self.user_e.is_org_admin(self.org), False)
# test #3 - fail on user that is not currently in org
black formatted
2019-12-05 16:57:52 +00:00
request = self.factory.post(
"/org-admin/manage_user/delete",
{"org_id": self.org.id, "user_id": self.user_d.id},
)
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.manage_user_delete(request)
self.assertEqual(resp.status_code, 403)
# test #3 - fail on org that you are not an admin of
black formatted
2019-12-05 16:57:52 +00:00
request = self.factory.post(
"/org-admin/manage_user/delete",
{"org_id": self.org_other.id, "user_id": self.user_d.id},
)
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.manage_user_delete(request)
self.assertEqual(resp.status_code, 403)
def test_manage_user_update(self):
"""
Test the result of org_admin_views.manage_user_update
"""
# make sure that user a is currently member and not admin
self.assertEqual(self.user_a.is_org_member(self.org), True)
self.assertEqual(self.user_a.is_org_admin(self.org), False)
# test #1 - move user a to admin group
black formatted
2019-12-05 16:57:52 +00:00
request = self.factory.post(
"/org-admin/manage_user/update",
{"org_id": self.org.id, "user_id": self.user_a.id, "group": "admin"},
)
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.manage_user_update(request)
self.assertEqual(json.loads(resp.content), {"status": "ok"})
self.user_a.refresh_from_db()
self.assertEqual(self.user_a.is_org_member(self.org), False)
self.assertEqual(self.user_a.is_org_admin(self.org), True)
# test #2 move back to member group
black formatted
2019-12-05 16:57:52 +00:00
request = self.factory.post(
"/org-admin/manage_user/update",
{"org_id": self.org.id, "user_id": self.user_a.id, "group": "member"},
)
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.manage_user_update(request)
self.assertEqual(json.loads(resp.content), {"status": "ok"})
self.user_a.refresh_from_db()
self.assertEqual(self.user_a.is_org_member(self.org), True)
self.assertEqual(self.user_a.is_org_admin(self.org), False)
# test #3 - fail on user that is not currently in org
black formatted
2019-12-05 16:57:52 +00:00
request = self.factory.post(
"/org-admin/manage_user/update",
{"org_id": self.org.id, "user_id": self.user_d.id, "group": "member"},
)
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.manage_user_update(request)
self.assertEqual(resp.status_code, 403)
# test #3 - fail on org that you are not an admin of
request = self.factory.post(
black formatted
2019-12-05 16:57:52 +00:00
"/org-admin/manage_user/update",
{"org_id": self.org_other.id, "user_id": self.user_d.id, "group": "admin"},
)
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.manage_user_update(request)
self.assertEqual(resp.status_code, 403)
def test_permissions(self):
"""
Test the result of org_admin_views.permissions
"""
# Test #1 - retrieve permissioning ids for org
black formatted
2019-12-05 16:57:52 +00:00
request = self.factory.get("/org-admin/permissions?org_id=%d" % self.org.id)
initial commit of code
2018-11-08 19:45:21 +00:00
request.user = self.org_admin
resp = json.loads(org_admin.permissions(request).content)
self.assertEqual(resp["status"], "ok")
July updates (#762) * Change label from primary ASN to ASN * Raise validation error when trying to update ASN * first steps for dotf importer procotol (#697) * migrations (#697) * Add translation to error meessage * Make ASN readonly in table * Add test now that ASN should not be able to update * Set fac.rencode to '' for all entries and make it readonly in serializer * Add unique constraints to network ixlan ip addresses * Add migration to null out duplicate ipaddresses for deleted netixlans * Add unique constraints to network ixlan ip addresses * Add migration to null out duplicate ipaddresses for deleted netixlans * remove old migrations (#697) * fix netixlan ipaddr dedupe migration (#268) add netixlan ipaddr unique constraint migration (#268) * ixf_member_data migrations (#697) * fix table name (#697) * importer protocol (#697) * fix netixlan ipaddr dedupe migration (#268) add netixlan ipaddr unique constraint migration (#268) * ixf proposed changes notifications (#697) * Delete repeated query * Add a test to show rencode is readonly * Blank out rencode when mocking data * Remove validator now that constraint exists * Add back unique field validator w Check Deleted true * conflict resolving (#697) * UniqueFieldValidator raise error with code "unique" (#268) * conflict resolution (#697) * Add fixme comment to tests * conflict resolution (#697) * Remove now invalid undelete tests * UniqueFieldValidator raise error with code "unique" (#268) * delete admin tools for duplicate ip addresses * Make migration to delete duplicateipnetworkixlan * Add ixlan-ixpfx status matching validation, add corresponding test * delete redundant checking in test * resolve conflict ui (#697) * fix migrations hierarchy * squash migrations for ixf member data * clean up preview and post-mortem tools * remove non-sensical permission check when undeleting soft-deleted objects through unique integrity error handling * only include the ix-f data url in notifications to admincom (#697) * resolve on --skip-import (#697) * ac conflict resolution (#697) * Define more accurately the incompatible statuses for ixlan and ixpfx * Add another status test * Preventing disrupting changes (#697) * fix tests (#697) * Stop allow_ixp_update from being write only and add a global stat for automated networks * Add tests for global stats that appear in footer * Change how timezone is called with datetime, to get test_stats.py/test_generate_for_current_date to pass * test for protected entities (#697) * admincom conflict resolution refine readonly fields (#697) network notifications only if the problem is actually actionable by the network (#697) * ixp / ac notifcation when ix-f source cannot be parsed (#697) fix issue with ixlan prefix protection (#697) * migrations (#697) * code documentation (#697) * ux tweaks (#697) * UX tweaks (#697) * Fix typo * fix netixlan returned in IXFMemberData.apply when adding a new one (#697) * fix import log incosistencies (#697) * Add IXFMemberData to test * Update test data * Add protocol tests * Add tests for views * always persist changes to remote data on set_conflict (#697) * More tests * always persist changes to remote data on set_conflict (#697) * suggest-add test * net_present_at_ix should check status (#697) * Add more protocol tests * Edit language of some tests * django-peeringdb to 2.1.1 relock pipfile, pin django-ratelimit to <3 as it breaks stuff * Add net_count_ixf field to ix object (#683) * Add the IX-F Member Export URL to the ixlan API endpoint (#249) * Lock some objects from being deleted by the owner (#696) * regenerate api docs (#249) * always persist changes to remote data on set_add and set_update (#697) * IXFMemberData: always persist remote data changes during set_add and set_update, also allow for saving without touching the updated field * always persist changes to remote data on set_add and set_update (#697) * Fix suggest-add tests * IXFMemberData: always persist remote data changes during set_add and set_update, also allow for saving without touching the updated field * IXFMemberData: always persist remote data changes during set_add and set_update, also allow for saving without touching the updated field * fix issue with deletion when ixfmemberdata for entry existed previously (#697) * fix test_suggest_delete_local_ixf_no_flag (#697 tests) * fix issue with deletion when ixfmemberdata for entry existed previously (#697) * invalid ips get logged and notified to the ix via notify_error (#697) * Fix more tests * issue with previous_data when running without save (#697) properly track speed errors (#697) * reset errors on ixfmemberdata that go into pending_save (#697) * add remote_data to admin view (#697) * fix error reset inconsistency (#697) * Refine invalid data tests * remove debug output * for notifications to ac include contact points for net and ix in the message (#697) * settings to toggle ix-f tickets / emails (#697) * allow turning off ix-f notifications for net and ix separately (#697) * add jsonschema test * Add idempotent tests to updater * remove old ixf member tests * Invalid data tests when ixp_updates are enabled * fix speed error validation (#697) * fix issue with rollback (#697) * fix migration hierarchy * fix ixfmemberdata _email * django-peeringdb to 2.2 and relock * add ixf rollback tests * ixf email notifications off by default * black formatted * pyupgrade Co-authored-by: egfrank <egfrank@20c.com> Co-authored-by: Stefan Pratter <stefan@20c.com>
2020-07-15 02:07:01 -05:00
ids = {r["id"]: r["name"] for r in resp["permissions"]}
initial commit of code
2018-11-08 19:45:21 +00:00
self.assertEqual(len(ids), 7)
self.assertIn("org.%d" % self.org.id, ids)
self.assertIn("ix.%d" % self.ix.id, ids)
self.assertIn("net.%d" % self.net.id, ids)
self.assertIn("fac.%d" % self.fac.id, ids)
# Test #2 - cannot retrieve ids for other org as we are not admin
request = self.factory.get(
black formatted
2019-12-05 16:57:52 +00:00
"/org-admin/permissions?org_id=%d" % self.org_other.id
)
initial commit of code
2018-11-08 19:45:21 +00:00
request.user = self.org_admin
resp = org_admin.permissions(request)
self.assertEqual(resp.status_code, 403)
self.assertEqual(json.loads(resp.content), {})
def test_permission_ids(self):
"""
Test the result of org_admin_views.permission_ids
"""
ids = org_admin.permission_ids(self.org)
self.assertEqual(type(ids), dict)
self.assertEqual(len(ids), 7)
self.assertIn("org.%d" % self.org.id, ids)
self.assertIn("ix.%d" % self.ix.id, ids)
self.assertIn("net.%d" % self.net.id, ids)
self.assertIn("fac.%d" % self.fac.id, ids)
def test_extract_permission_id(self):
"""
Test the result of org_admin_views.extract_permission_id
"""
# extract permission ids to here
dest = {}
# prepare source dict with nsp namespaces
source = {
self.net.nsp_namespace: 0x01,
self.ix.nsp_namespace: 0x01,
black formatted
2019-12-05 16:57:52 +00:00
self.fac.nsp_namespace: 0x01,
initial commit of code
2018-11-08 19:45:21 +00:00
}
# extract ids
org_admin.extract_permission_id(source, dest, self.net, self.org)
org_admin.extract_permission_id(source, dest, self.ix, self.org)
org_admin.extract_permission_id(source, dest, self.fac, self.org)
black formatted
2019-12-05 16:57:52 +00:00
self.assertEqual(
{
"net.%d" % self.net.id: 0x01,
"ix.%d" % self.ix.id: 0x01,
"fac.%d" % self.fac.id: 0x01,
},
dest,
)
initial commit of code
2018-11-08 19:45:21 +00:00
# test with just the models
# extract permission ids to here
dest = {}
# prepare source dict with nsp namespaces
source = {
self.net.nsp_namespace_from_id(self.org.id, "*").strip(".*"): 0x01,
self.fac.nsp_namespace_from_id(self.org.id, "*").strip(".*"): 0x03,
self.ix.nsp_namespace_from_id(self.org.id, "*").strip(".*"): 0x01,
}
# extract ids
org_admin.extract_permission_id(source, dest, models.Network, self.org)
black formatted
2019-12-05 16:57:52 +00:00
org_admin.extract_permission_id(source, dest, models.InternetExchange, self.org)
org_admin.extract_permission_id(source, dest, models.Facility, self.org)
initial commit of code
2018-11-08 19:45:21 +00:00
self.assertEqual({"net": 0x01, "fac": 0x03, "ix": 0x01}, dest)
def test_uoar_approve(self):
"""
June updates (#751) * Add pointer from API docs to tutorial #650 * Sorting by clicking table headers should use local-compare #356 * Mark IXP peering LAN as bogon #352 * Add help text to "Add (Facility, Network, Exchange)" tab #669 * Add Looking Glass field to the IX object #672 * Add read-only Superuser #679 * Make spelling of traffic levels consistent #519 (#723) * Offer 2FA (#290) * Show "Last Updated" fields on fac, ix, org records (#526) * Enable sort and reverse sort of IP column in IX display (#72) * IRR validation not handling unexpected characters gracefully (#712) * Support alternative direction of writing, e.g. Arabic (#618) * Undeleting an ixlan with an emtpy IPv4 XOR IPv6 field throws a silly error (#644) * Changing org while adding net results in 500 #654 * missing delete button for organisations (#121) * When changing owner of an ix admin GUI borks because of "Ixlan for exchange already exists" #666 * Selection should only present undeleted objects (#664) * change default encoding of API calls to 'utf-8' #663 * Posting https://www.peeringdb.com onto social media doesn't select a good preview image #537 * Revert "Add Looking Glass field to the IX object #672" This reverts commit 4daf2520043c241fabe9a521757efa86a274e28a. Conflicts: peeringdb_server/migrations/0037_ix_looking_glass.py peeringdb_server/views.py * 500 Internal Error when creating IX where prefix already exists elsewhere #718 * Fix graceful restore of soft-deleted objects with translation active (#580) * Don't return any POC data with status=deleted #569 Hard delete soft-deleted pocs after grace period #566 * django-peeringdb from github@2.0.0.2-beta Co-authored-by: Stefan Pratter <stefan@20c.com>
2020-06-24 12:55:01 -05:00
Test approving of a user-org-affiliation-request
initial commit of code
2018-11-08 19:45:21 +00:00
org_admin_views.uoar_approve
"""
# create a uoar for user c
uoar = models.UserOrgAffiliationRequest.objects.create(
black formatted
2019-12-05 16:57:52 +00:00
user=self.user_c, asn=1, status="pending"
)
initial commit of code
2018-11-08 19:45:21 +00:00
# test that org id was properly derived from network asn
self.assertEqual(uoar.org.id, self.org.id)
# test approval
Gh 724 (#897) * remove log file writing from migration * run tests on mysql * fix tests (pt.1) * fix tests (pt.2) * fix all user_id errors in tests * Fix geocode typo * More test changes for mysql id issues * Add coverage config that defines coverage db should go inside test folder * update docs * fix mysql user * fix tests cli * add mysql collate settings * docs * fix sync * fix sync * docs * remove debug output * remove XXX * interim commit to move to dev box * mv db local, rm after run * updates for 724 * note layer error message and work around * fix travis * chown tests * more travis fixes * travis: touch Ctl/dev/.env * write coverage report to ./coverage * clean up docs * formatting Co-authored-by: Stefan Pratter <stefan@20c.com> Co-authored-by: Elliot Frank <elliot@20c.com>
2020-12-03 19:10:02 +00:00
with override_group_id():
request = self.factory.post(
"/org-admin/uoar/approve?org_id=%d" % self.org.id, data={"id": uoar.id}
)
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = json.loads(org_admin.uoar_approve(request).content)
black formatted
2019-12-05 16:57:52 +00:00
self.assertEqual(
{
"status": "ok",
"full_name": self.user_c.full_name,
"id": self.user_c.id,
"email": self.user_c.email,
},
resp,
)
initial commit of code
2018-11-08 19:45:21 +00:00
# check that user is now a member of the org
self.assertEqual(
black formatted
2019-12-05 16:57:52 +00:00
self.org.usergroup.user_set.filter(id=self.user_c.id).exists(), True
)
initial commit of code
2018-11-08 19:45:21 +00:00
# check that the UOAR is gone
self.assertEqual(
black formatted
2019-12-05 16:57:52 +00:00
models.UserOrgAffiliationRequest.objects.filter(id=uoar.id).exists(), False
)
initial commit of code
2018-11-08 19:45:21 +00:00
# test: we shouldnt be allowed to approve uoar's for the org we are not
# admins of
Gh 724 (#897) * remove log file writing from migration * run tests on mysql * fix tests (pt.1) * fix tests (pt.2) * fix all user_id errors in tests * Fix geocode typo * More test changes for mysql id issues * Add coverage config that defines coverage db should go inside test folder * update docs * fix mysql user * fix tests cli * add mysql collate settings * docs * fix sync * fix sync * docs * remove debug output * remove XXX * interim commit to move to dev box * mv db local, rm after run * updates for 724 * note layer error message and work around * fix travis * chown tests * more travis fixes * travis: touch Ctl/dev/.env * write coverage report to ./coverage * clean up docs * formatting Co-authored-by: Stefan Pratter <stefan@20c.com> Co-authored-by: Elliot Frank <elliot@20c.com>
2020-12-03 19:10:02 +00:00
with override_group_id():
request = self.factory.post(
"/org-admin/uoar/approve?org_id=%d" % self.org_other.id,
data={"id": uoar.id},
)
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.uoar_approve(request)
self.assertEqual(resp.status_code, 403)
self.assertEqual(json.loads(resp.content), {})
# test: trying to approve an uoar that doesn't belong to the org shouldn't
# be allowed
uoar_b = models.UserOrgAffiliationRequest.objects.create(
black formatted
2019-12-05 16:57:52 +00:00
user=self.user_d, asn=22, status="pending"
)
initial commit of code
2018-11-08 19:45:21 +00:00
Gh 724 (#897) * remove log file writing from migration * run tests on mysql * fix tests (pt.1) * fix tests (pt.2) * fix all user_id errors in tests * Fix geocode typo * More test changes for mysql id issues * Add coverage config that defines coverage db should go inside test folder * update docs * fix mysql user * fix tests cli * add mysql collate settings * docs * fix sync * fix sync * docs * remove debug output * remove XXX * interim commit to move to dev box * mv db local, rm after run * updates for 724 * note layer error message and work around * fix travis * chown tests * more travis fixes * travis: touch Ctl/dev/.env * write coverage report to ./coverage * clean up docs * formatting Co-authored-by: Stefan Pratter <stefan@20c.com> Co-authored-by: Elliot Frank <elliot@20c.com>
2020-12-03 19:10:02 +00:00
with override_group_id():
request = self.factory.post(
"/org-admin/uoar/approve?org_id=%d" % self.org.id, data={"id": uoar_b.id}
)
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.uoar_approve(request)
self.assertEqual(resp.status_code, 403)
self.assertEqual(json.loads(resp.content), {})
uoar_b.delete()
def test_uoar_deny(self):
"""
June updates (#751) * Add pointer from API docs to tutorial #650 * Sorting by clicking table headers should use local-compare #356 * Mark IXP peering LAN as bogon #352 * Add help text to "Add (Facility, Network, Exchange)" tab #669 * Add Looking Glass field to the IX object #672 * Add read-only Superuser #679 * Make spelling of traffic levels consistent #519 (#723) * Offer 2FA (#290) * Show "Last Updated" fields on fac, ix, org records (#526) * Enable sort and reverse sort of IP column in IX display (#72) * IRR validation not handling unexpected characters gracefully (#712) * Support alternative direction of writing, e.g. Arabic (#618) * Undeleting an ixlan with an emtpy IPv4 XOR IPv6 field throws a silly error (#644) * Changing org while adding net results in 500 #654 * missing delete button for organisations (#121) * When changing owner of an ix admin GUI borks because of "Ixlan for exchange already exists" #666 * Selection should only present undeleted objects (#664) * change default encoding of API calls to 'utf-8' #663 * Posting https://www.peeringdb.com onto social media doesn't select a good preview image #537 * Revert "Add Looking Glass field to the IX object #672" This reverts commit 4daf2520043c241fabe9a521757efa86a274e28a. Conflicts: peeringdb_server/migrations/0037_ix_looking_glass.py peeringdb_server/views.py * 500 Internal Error when creating IX where prefix already exists elsewhere #718 * Fix graceful restore of soft-deleted objects with translation active (#580) * Don't return any POC data with status=deleted #569 Hard delete soft-deleted pocs after grace period #566 * django-peeringdb from github@2.0.0.2-beta Co-authored-by: Stefan Pratter <stefan@20c.com>
2020-06-24 12:55:01 -05:00
Test denying of a user-org-affiliation-request
initial commit of code
2018-11-08 19:45:21 +00:00
org_admin_views.uoar_deny
"""
# create a uoar for user d
uoar = models.UserOrgAffiliationRequest.objects.create(
black formatted
2019-12-05 16:57:52 +00:00
user=self.user_d, asn=1, status="pending"
)
initial commit of code
2018-11-08 19:45:21 +00:00
# test that org id was properly derived from network asn
self.assertEqual(uoar.org.id, self.org.id)
# test deny
request = self.factory.post(
black formatted
2019-12-05 16:57:52 +00:00
"/org-admin/uoar/deny?org_id=%d" % self.org.id, data={"id": uoar.id}
)
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = json.loads(org_admin.uoar_deny(request).content)
Updates 2.23 (#843) * pipenv lock and pyupgrade * pyupgrade, black format, add docs * update for py3.7
2020-09-30 01:13:38 +00:00
self.assertEqual(
{
"status": "ok",
},
resp,
)
initial commit of code
2018-11-08 19:45:21 +00:00
# check that user is not a member of the org
self.assertEqual(
black formatted
2019-12-05 16:57:52 +00:00
self.org.usergroup.user_set.filter(id=self.user_d.id).exists(), False
)
initial commit of code
2018-11-08 19:45:21 +00:00
# check that the UOAR is there, but status is denyed
uoar = models.UserOrgAffiliationRequest.objects.get(id=uoar.id)
self.assertEqual(uoar.status, "denied")
# test: we shouldnt be allowed to deny uoars for the org we are not
# admins of
request = self.factory.post(
black formatted
2019-12-05 16:57:52 +00:00
"/org-admin/uoar/deny?org_id=%d" % self.org_other.id, data={"id": uoar.id}
)
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.uoar_approve(request)
self.assertEqual(resp.status_code, 403)
self.assertEqual(json.loads(resp.content), {})
# test: trying to deny an uoar that doesn't belong to the org shouldn't
# be allowed
uoar_b = models.UserOrgAffiliationRequest.objects.create(
black formatted
2019-12-05 16:57:52 +00:00
user=self.user_d, asn=22, status="pending"
)
initial commit of code
2018-11-08 19:45:21 +00:00
request = self.factory.post(
black formatted
2019-12-05 16:57:52 +00:00
"/org-admin/uoar/deny?org_id=%d" % self.org.id, data={"id": uoar_b.id}
)
initial commit of code
2018-11-08 19:45:21 +00:00
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.uoar_deny(request)
self.assertEqual(resp.status_code, 403)
self.assertEqual(json.loads(resp.content), {})
uoar_b.delete()
June updates (#751) * Add pointer from API docs to tutorial #650 * Sorting by clicking table headers should use local-compare #356 * Mark IXP peering LAN as bogon #352 * Add help text to "Add (Facility, Network, Exchange)" tab #669 * Add Looking Glass field to the IX object #672 * Add read-only Superuser #679 * Make spelling of traffic levels consistent #519 (#723) * Offer 2FA (#290) * Show "Last Updated" fields on fac, ix, org records (#526) * Enable sort and reverse sort of IP column in IX display (#72) * IRR validation not handling unexpected characters gracefully (#712) * Support alternative direction of writing, e.g. Arabic (#618) * Undeleting an ixlan with an emtpy IPv4 XOR IPv6 field throws a silly error (#644) * Changing org while adding net results in 500 #654 * missing delete button for organisations (#121) * When changing owner of an ix admin GUI borks because of "Ixlan for exchange already exists" #666 * Selection should only present undeleted objects (#664) * change default encoding of API calls to 'utf-8' #663 * Posting https://www.peeringdb.com onto social media doesn't select a good preview image #537 * Revert "Add Looking Glass field to the IX object #672" This reverts commit 4daf2520043c241fabe9a521757efa86a274e28a. Conflicts: peeringdb_server/migrations/0037_ix_looking_glass.py peeringdb_server/views.py * 500 Internal Error when creating IX where prefix already exists elsewhere #718 * Fix graceful restore of soft-deleted objects with translation active (#580) * Don't return any POC data with status=deleted #569 Hard delete soft-deleted pocs after grace period #566 * django-peeringdb from github@2.0.0.2-beta Co-authored-by: Stefan Pratter <stefan@20c.com>
2020-06-24 12:55:01 -05:00
def test_uoar_cancel_on_delete(self):
"""
Test that user affiliation requests get canceled if the
organization is deleted
"""
org = models.Organization.objects.create(name="TestCoD", status="ok")
uoar = models.UserOrgAffiliationRequest.objects.create(
user=self.user_c, org=org, status="pending"
)
assert uoar.status == "pending"
assert uoar.id
org.delete()
with pytest.raises(models.UserOrgAffiliationRequest.DoesNotExist):
uoar.refresh_from_db()
org.refresh_from_db()
assert org.status == "deleted"
Copy Permalink