details: http://www.bx.psu.edu/hg/galaxy/rev/48e83411aa91 changeset: 3528:48e83411aa91 user: Greg Von Kuster <greg@bx.psu.edu> date: Fri Mar 12 16:11:26 2010 -0500 description: New separate functional test scripts for testing admin features, library features, library security and data security. These use a new test_db_util module for all db interaction ( other functional test scripts can be enhanced to use this ). A lot of code cleanup in the functional tests. In twilltestcase, cleaned up library and security related methods to mirror names in recently merged library code. diffstat: lib/galaxy/web/controllers/library_common.py | 7 +- test/base/test_db_util.py | 123 + test/base/twilltestcase.py | 342 ++- test/functional/test_admin_features.py | 422 ++++ test/functional/test_data_security.py | 196 ++ test/functional/test_library_features.py | 606 ++++++ test/functional/test_library_security.py | 603 ++++++ test/functional/test_security_and_libraries.py | 2141 ------------------------ 8 files changed, 2167 insertions(+), 2273 deletions(-) diffs (truncated from 4641 to 3000 lines): diff -r e39c9a2a0b4c -r 48e83411aa91 lib/galaxy/web/controllers/library_common.py --- a/lib/galaxy/web/controllers/library_common.py Fri Mar 12 14:27:04 2010 -0500 +++ b/lib/galaxy/web/controllers/library_common.py Fri Mar 12 16:11:26 2010 -0500 @@ -155,7 +155,7 @@ library.root_folder.description = new_description trans.sa_session.add_all( ( library, library.root_folder ) ) trans.sa_session.flush() - msg = "Library '%s' has been renamed to '%s'" % ( old_name, new_name ) + msg = "The information has been updated." return trans.response.send_redirect( web.url_for( controller='library_common', action='library_info', cntrller=cntrller, @@ -313,7 +313,7 @@ folder.description = new_description trans.sa_session.add( folder ) trans.sa_session.flush() - msg = "Folder '%s' has been renamed to '%s'" % ( old_name, new_name ) + msg = "The information has been updated." messagetype='done' else: msg = "You are not authorized to edit this folder" @@ -698,7 +698,6 @@ trans.app.security_agent.derive_roles_from_access( trans, trans.app.security.decode_id( library_id ), cntrller, library=True, **vars ) if error: messagetype = 'error' - trans.response.send_redirect( web.url_for( controller='library_common', action='upload_library_dataset', cntrller=cntrller, @@ -1171,7 +1170,7 @@ library_dataset.info = new_info trans.sa_session.add( library_dataset ) trans.sa_session.flush() - msg = "Dataset '%s' has been renamed to '%s'" % ( old_name, new_name ) + msg = "The information has been updated." messagetype = 'done' else: msg = "You are not authorized to change the attributes of this dataset" diff -r e39c9a2a0b4c -r 48e83411aa91 test/base/test_db_util.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/base/test_db_util.py Fri Mar 12 16:11:26 2010 -0500 @@ -0,0 +1,123 @@ +import galaxy.model +from galaxy.model.orm import * +from galaxy.model.mapping import context as sa_session +from base.twilltestcase import * +import sys + +def flush( obj ): + sa_session.add( obj ) + sa_session.flush() +def get_all_histories_for_user( user ): + return sa_session.query( galaxy.model.History ) \ + .filter( and_( galaxy.model.History.table.c.user_id==user.id, + galaxy.model.History.table.c.deleted==False ) ) \ + .all() +def get_dataset_permissions_by_dataset( dataset ): + return sa_session.query( galaxy.model.DatasetPermissions ) \ + .filter( galaxy.model.DatasetPermissions.table.c.dataset_id==dataset.id ) \ + .all() +def get_dataset_permissions_by_role( role ): + return sa_session.query( galaxy.model.DatasetPermissions ) \ + .filter( galaxy.model.DatasetPermissions.table.c.role_id == role.id ) \ + .first() +def get_default_history_permissions_by_history( history ): + return sa_session.query( galaxy.model.DefaultHistoryPermissions ) \ + .filter( galaxy.model.DefaultHistoryPermissions.table.c.history_id==history.id ) \ + .all() +def get_default_history_permissions_by_role( role ): + return sa_session.query( galaxy.model.DefaultHistoryPermissions ) \ + .filter( galaxy.model.DefaultHistoryPermissions.table.c.role_id == role.id ) \ + .all() +def get_default_user_permissions_by_role( role ): + return sa_session.query( galaxy.model.DefaultUserPermissions ) \ + .filter( galaxy.model.DefaultUserPermissions.table.c.role_id == role.id ) \ + .all() +def get_default_user_permissions_by_user( user ): + return sa_session.query( galaxy.model.DefaultUserPermissions ) \ + .filter( galaxy.model.DefaultUserPermissions.table.c.user_id==user.id ) \ + .all() +def get_form( name ): + fdc_list = sa_session.query( galaxy.model.FormDefinitionCurrent ) \ + .filter( galaxy.model.FormDefinitionCurrent.table.c.deleted == False ) \ + .order_by( galaxy.model.FormDefinitionCurrent.table.c.create_time.desc() ) + for fdc in fdc_list: + sa_session.refresh( fdc ) + sa_session.refresh( fdc.latest_form ) + if fdc.latest_form.name == name: + return fdc.latest_form + return None +def get_folder( parent_id, name, description ): + return sa_session.query( galaxy.model.LibraryFolder ) \ + .filter( and_( galaxy.model.LibraryFolder.table.c.parent_id==parent_id, + galaxy.model.LibraryFolder.table.c.name==name, + galaxy.model.LibraryFolder.table.c.description==description ) ) \ + .first() +def get_group_by_name( name ): + return sa_session.query( galaxy.model.Group ).filter( galaxy.model.Group.table.c.name==name ).first() +def get_group_role_associations_by_group( group ): + return sa_session.query( galaxy.model.GroupRoleAssociation ) \ + .filter( galaxy.model.GroupRoleAssociation.table.c.group_id == group.id ) \ + .all() +def get_group_role_associations_by_role( role ): + return sa_session.query( galaxy.model.GroupRoleAssociation ) \ + .filter( galaxy.model.GroupRoleAssociation.table.c.role_id == role.id ) \ + .all() +def get_latest_dataset(): + return sa_session.query( galaxy.model.Dataset ) \ + .order_by( desc( galaxy.model.Dataset.table.c.create_time ) ) \ + .first() +def get_latest_hda(): + return sa_session.query( galaxy.model.HistoryDatasetAssociation ) \ + .order_by( desc( galaxy.model.HistoryDatasetAssociation.table.c.create_time ) ) \ + .first() +def get_latest_history_for_user( user ): + return sa_session.query( galaxy.model.History ) \ + .filter( and_( galaxy.model.History.table.c.deleted==False, + galaxy.model.History.table.c.user_id==user.id ) ) \ + .order_by( desc( galaxy.model.History.table.c.create_time ) ) \ + .first() +def get_latest_ldda(): + return sa_session.query( galaxy.model.LibraryDatasetDatasetAssociation ) \ + .order_by( desc( galaxy.model.LibraryDatasetDatasetAssociation.table.c.create_time ) ) \ + .first() +def get_latest_lddas( limit ): + return sa_session.query( galaxy.model.LibraryDatasetDatasetAssociation ) \ + .order_by( desc( galaxy.model.LibraryDatasetDatasetAssociation.table.c.update_time ) ) \ + .limit( limit ) +def get_library( name, description, synopsis ): + return sa_session.query( galaxy.model.Library ) \ + .filter( and_( galaxy.model.Library.table.c.name==name, + galaxy.model.Library.table.c.description==description, + galaxy.model.Library.table.c.synopsis==synopsis, + galaxy.model.Library.table.c.deleted==False ) ) \ + .first() +def get_private_role( user ): + for role in user.all_roles(): + if role.name == user.email and role.description == 'Private Role for %s' % user.email: + return role + raise AssertionError( "Private role not found for user '%s'" % user.email ) +def get_role_by_name( name ): + return sa_session.query( galaxy.model.Role ).filter( galaxy.model.Role.table.c.name==name ).first() +def get_user( email ): + return sa_session.query( galaxy.model.User ) \ + .filter( galaxy.model.User.table.c.email==email ) \ + .first() +def get_user_group_associations_by_group( group ): + return sa_session.query( galaxy.model.UserGroupAssociation ) \ + .filter( galaxy.model.UserGroupAssociation.table.c.group_id == group.id ) \ + .all() +def get_user_role_associations_by_role( role ): + return sa_session.query( galaxy.model.UserRoleAssociation ) \ + .filter( galaxy.model.UserRoleAssociation.table.c.role_id == role.id ) \ + .all() +def refresh( obj ): + sa_session.refresh( obj ) +def set_library_permissions( in_list ): + permissions_in = [] + permissions_out = [] + for k, v in galaxy.model.Library.permitted_actions.items(): + if k in in_list: + permissions_in.append( k ) + else: + permissions_out.append( k ) + return permissions_in, permissions_out diff -r e39c9a2a0b4c -r 48e83411aa91 test/base/twilltestcase.py --- a/test/base/twilltestcase.py Fri Mar 12 14:27:04 2010 -0500 +++ b/test/base/twilltestcase.py Fri Mar 12 16:11:26 2010 -0500 @@ -535,21 +535,55 @@ if check_str: self.check_page_for_string( check_str ) self.home() - def edit_hda_attribute_info( self, hda_id, new_name='', new_info='', new_dbkey='', new_startcol='' ): + def edit_hda_attribute_info( self, hda_id, new_name='', new_info='', new_dbkey='', new_startcol='', + check_str1='', check_str2='', check_str3='', check_str4='', + not_displayed1='', not_displayed2='', not_displayed3='' ): """Edit history_dataset_association attribute information""" self.home() self.visit_url( "%s/root/edit?id=%s" % ( self.url, hda_id ) ) + submit_required = False self.check_page_for_string( 'Edit Attributes' ) if new_name: tc.fv( 'edit_attributes', 'name', new_name ) + submit_required = True if new_info: tc.fv( 'edit_attributes', 'info', new_info ) + submit_required = True if new_dbkey: tc.fv( 'edit_attributes', 'dbkey', new_dbkey ) + submit_required = True if new_startcol: tc.fv( 'edit_attributes', 'startCol', new_startcol ) - tc.submit( 'save' ) - self.check_page_for_string( 'Attributes updated' ) + submit_required = True + if submit_required: + tc.submit( 'save' ) + self.check_page_for_string( 'Attributes updated' ) + if check_str1: + self.check_page_for_string( check_str1 ) + if check_str2: + self.check_page_for_string( check_str2 ) + if check_str3: + self.check_page_for_string( check_str3 ) + if check_str4: + self.check_page_for_string( check_str4 ) + if not_displayed1: + try: + self.check_page_for_string( not_displayed1 ) + raise AssertionError, "String (%s) incorrectly displayed on Edit Attributes page." % not_displayed + except: + pass + if not_displayed2: + try: + self.check_page_for_string( not_displayed2 ) + raise AssertionError, "String (%s) incorrectly displayed on Edit Attributes page." % not_displayed + except: + pass + if not_displayed3: + try: + self.check_page_for_string( not_displayed3 ) + raise AssertionError, "String (%s) incorrectly displayed on Edit Attributes page." % not_displayed + except: + pass self.home() def auto_detect_metadata( self, hda_id ): """Auto-detect history_dataset_association metadata""" @@ -1164,12 +1198,10 @@ check_str = "Purged 1 users" self.check_page_for_string( check_str ) self.home() - def associate_roles_and_groups_with_user( self, user_id, email, - in_role_ids=[], out_role_ids=[], - in_group_ids=[], out_group_ids=[], - check_str='' ): + def manage_roles_and_groups_for_user( self, user_id, in_role_ids=[], out_role_ids=[], + in_group_ids=[], out_group_ids=[], check_str='' ): self.home() - url = "%s/admin/manage_roles_and_groups_for_user?id=%s&user_roles_groups_edit_button=Save" % ( self.url, user_id ) + url = "%s/admin/manage_roles_and_groups_for_user?id=%s" % ( self.url, user_id ) if in_role_ids: url += "&in_roles=%s" % ','.join( in_role_ids ) if out_role_ids: @@ -1178,12 +1210,18 @@ url += "&in_groups=%s" % ','.join( in_group_ids ) if out_group_ids: url += "&out_groups=%s" % ','.join( out_group_ids ) + if in_role_ids or out_role_ids or in_group_ids or out_group_ids: + url += "&user_roles_groups_edit_button=Save" self.visit_url( url ) if check_str: self.check_page_for_string( check_str ) self.home() # Tests associated with roles + def browse_roles( self, check_str1='' ): + self.visit_url( '%s/admin/roles' % self.url ) + if check_str1: + self.check_page_for_string( check_str1 ) def create_role( self, name='Role One', description="This is Role One", @@ -1280,6 +1318,10 @@ self.visit_url( "%s/admin/groups" % self.url ) self.check_page_for_string( name ) self.home() + def browse_groups( self, check_str1='' ): + self.visit_url( '%s/admin/groups' % self.url ) + if check_str1: + self.check_page_for_string( check_str1 ) def rename_group( self, group_id, name='Group One Renamed' ): """Rename a group""" self.home() @@ -1532,6 +1574,58 @@ self.check_page_for_string( 'Address <b>%s</b> has been added' % address_dict[ 'short_desc' ] ) # Library stuff + def add_library_template( self, cntrller, item_type, library_id, form_id, form_name, folder_id=None, ldda_id=None ): + """Add a new info template to a library item""" + self.home() + if item_type == 'library': + url = "%s/library_common/add_template?cntrller=%s&item_type=%s&library_id=%s" % \ + ( self.url, cntrller, item_type, library_id ) + elif item_type == 'folder': + url = "%s/library_common/add_template?cntrller=%s&item_type=%s&library_id=%s&folder_id=%s" % \ + ( self.url, cntrller, item_type, library_id, folder_id ) + elif item_type == 'ldda': + url = "%s/library_common/add_template?cntrller=%s&item_type=%s&library_id=%s&folder_id=%s&ldda_id=%s" % \ + ( self.url, cntrller, item_type, library_id, folder_id, ldda_id ) + self.visit_url( url ) + self.check_page_for_string ( "Select a template for the" ) + tc.fv( '1', 'form_id', form_id ) + tc.fv( '1', 'inherit', '1' ) + tc.submit( 'add_template_button' ) + self.check_page_for_string = 'A template based on the form "%s" has been added to this' % form_name + self.home() + def browse_libraries_admin( self, deleted=False, check_str1='', check_str2='', not_displayed1='' ): + self.visit_url( '%s/library_admin/browse_libraries?sort=name&f-description=All&f-name=All&f-deleted=%s' % ( self.url, str( deleted ) ) ) + if check_str1: + self.check_page_for_string( check_str1 ) + if check_str2: + self.check_page_for_string( check_str2 ) + if not_displayed1: + try: + self.check_page_for_string( not_displayed1 ) + raise AssertionError, "String (%s) incorrectly displayed when browing library." % not_displayed1 + except: + pass + def browse_libraries_regular_user( self, check_str1='', check_str2='' ): + self.visit_url( '%s/library/browse_libraries' % self.url ) + if check_str1: + self.check_page_for_string( check_str1 ) + if check_str2: + self.check_page_for_string( check_str2 ) + def browse_library( self, cntrller, id, show_deleted=False, + check_str1='', check_str2='', check_str3='', not_displayed='', not_displayed2='' ): + self.visit_url( '%s/library_common/browse_library?cntrller=%s&id=%s&show_deleted=%s' % ( self.url, cntrller, id, str( show_deleted ) ) ) + if check_str1: + self.check_page_for_string( check_str1 ) + if check_str2: + self.check_page_for_string( check_str2 ) + if check_str3: + self.check_page_for_string( check_str3 ) + if not_displayed: + try: + self.check_page_for_string( not_displayed ) + raise AssertionError, "String (%s) incorrectly displayed when browing library." % not_displayed + except: + pass def create_library( self, name='Library One', description='This is Library One', synopsis='Synopsis for Library One' ): """Create a new library""" self.home() @@ -1544,6 +1638,28 @@ check_str = "The new library named '%s' has been created" % name self.check_page_for_string( check_str ) self.home() + def library_info( self, cntrller, library_id, library_name, new_name='', new_description='', new_synopsis='', + ele_1_field_name='', ele_1_contents='', ele_2_field_name='', ele_2_contents='', check_str1='' ): + """Edit information about a library, optionally using an existing template with up to 2 elements""" + self.home() + self.visit_url( "%s/library_common/library_info?cntrller=%s&id=%s" % ( self.url, cntrller, library_id ) ) + if check_str1: + self.check_page_for_string( check_str1 ) + if new_name and new_description and new_synopsis: + tc.fv( '1', 'name', new_name ) + tc.fv( '1', 'description', new_description ) + tc.fv( '1', 'synopsis', new_synopsis ) + tc.submit( 'library_info_button' ) + self.check_page_for_string( "The information has been updated." ) + # If there is a template, then there are 2 forms on this page and the template is the 2nd form + if ele_1_field_name and ele_1_contents and ele_2_field_name and ele_2_contents: + tc.fv( '2', ele_1_field_name, ele_1_contents ) + tc.fv( '2', ele_2_field_name, ele_2_contents ) + tc.submit( 'edit_info_button' ) + elif ele_1_field_name and ele_1_contents: + tc.fv( '2', ele_1_field_name, ele_1_contents ) + tc.submit( 'edit_info_button' ) + self.home() def library_permissions( self, library_id, library_name, role_ids_str, permissions_in, permissions_out, cntrller='library_admin' ): # role_ids_str must be a comma-separated string of role ids url = "library_common/library_permissions?id=%s&cntrller=%slibrary_admin&update_roles_button=Save" % ( library_id, cntrller ) @@ -1558,46 +1674,8 @@ check_str = "Permissions updated for library '%s'" % library_name self.check_page_for_string( check_str ) self.home() - def rename_library( self, library_id, old_name, name='Library One Renamed', description='This is Library One Re-described', - synopsis='This is the new synopsis for Library One ', controller='library_admin' ): - """Rename a library""" - self.home() - self.visit_url( "%s/library_common/library_info?id=%s&cntrller=%s" % ( self.url, library_id, controller ) ) - self.check_page_for_string( old_name ) - # Since twill barfs on the form submisson, we ar forced to simulate it - url = "%s/library_common/library_info?id=%s&cntrller=%s&library_info_button=Save&description=%s&name=%s&synopsis=%s" % \ - ( self.url, library_id, controller, description.replace( ' ', '+' ), name.replace( ' ', '+' ), synopsis.replace( ' ', '+' ) ) - self.home() - self.visit_url( url ) - check_str = "Library '%s' has been renamed to '%s'" % ( old_name, name ) - self.check_page_for_string( check_str ) - self.home() - def add_template( self, cntrller, item_type, library_id, form_id, form_name, folder_id=None, ldda_id=None ): - """Add a new info template to a library item""" - self.home() - if item_type == 'library': - url = "%s/library_common/add_template?cntrller=%s&item_type=%s&library_id=%s" % ( self.url, cntrller, item_type, library_id ) - elif item_type == 'folder': - url = "%s/library_common/add_template?cntrller=%s&item_type=%s&library_id=%s&folder_id=%s" % ( self.url, cntrller, item_type, library_id, folder_id ) - elif item_type == 'ldda': - url = "%s/library_common/add_template?cntrller=%s&item_type=%s&library_id=%s&folder_id=%s&ldda_id=%s" % ( self.url, cntrller, item_type, library_id, folder_id, ldda_id ) - self.visit_url( url ) - self.check_page_for_string ( "Select a template for the" ) - tc.fv( '1', 'form_id', form_id ) - tc.fv( '1', 'inherit', '1' ) - tc.submit( 'add_template_button' ) - self.check_page_for_string = 'A template based on the form "%s" has been added to this' % form_name - self.home() - def library_info( self, library_id, library_name, ele_1_field_name, ele_1_contents, ele_2_field_name, ele_2_contents, controller='library_admin' ): - """Add information to a library using an existing template with 2 elements""" - self.home() - self.visit_url( "%s/library_common/library_info?id=%s&cntrller=%s" % ( self.url, library_id, controller ) ) - check_str = 'Other information about library %s' % library_name - self.check_page_for_string( check_str ) - tc.fv( '2', ele_1_field_name, ele_1_contents ) - tc.fv( '2', ele_2_field_name, ele_2_contents ) - tc.submit( 'create_new_info_button' ) - self.home() + + # Library folder stuff def add_folder( self, controller, library_id, folder_id, name='Folder One', description='This is Folder One' ): """Create a new folder""" self.home() @@ -1609,27 +1687,40 @@ check_str = "The new folder named '%s' has been added to the data library." % name self.check_page_for_string( check_str ) self.home() - def folder_info( self, controller, folder_id, library_id, name, new_name, description, contents='', field_name='' ): + def folder_info( self, cntrller, folder_id, library_id, name='', new_name='', description='', + field_name='', contents='', check_str1='', check_str2='', not_displayed='' ): """Add information to a library using an existing template with 2 elements""" self.home() self.visit_url( "%s/library_common/folder_info?cntrller=%s&id=%s&library_id=%s" % \ - ( self.url, controller, folder_id, library_id) ) + ( self.url, cntrller, folder_id, library_id ) ) # Twill cannot handle the following call for some reason - it's buggy # self.check_page_for_string( "Edit folder name and description" ) - tc.fv( '1', "name", new_name ) - tc.fv( '1', "description", description ) - tc.submit( 'rename_folder_button' ) - # Twill cannot handle the following call for some reason - it's buggy - # check_str = "Folder '%s' has been renamed to '%s'" % ( name, new_name ) - # self.check_page_for_string( check_str ) - if contents and field_name: + if name and new_name and description: + tc.fv( '1', "name", new_name ) + tc.fv( '1', "description", description ) + tc.submit( 'rename_folder_button' ) + # Twill barfs on this, so keep it commented... + #self.check_page_for_string( "The information has been updated." ) + if field_name and contents: # We have an information template associated with the folder, so # there are 2 forms on this page and the template is the 2nd form tc.fv( '2', field_name, contents ) tc.submit( 'edit_info_button' ) - # Twill cannot handle the following call for some reason - it's buggy - # self.check_page_for_string( 'The information has been updated.' ) + # Twill barfs on this, so keep it commented... + #self.check_page_for_string( 'The information has been updated.' ) + if check_str1: + self.check_page_for_string( check_str1 ) + if check_str2: + self.check_page_for_string( check_str2 ) + if not_displayed: + try: + self.check_page_for_string( not_displayed ) + raise AssertionError, "String (%s) should not have been displayed on folder info page." % not_displayed + except: + pass self.home() + + # Library dataset stuff def add_library_dataset( self, cntrller, filename, library_id, folder_id, folder_name, file_type='auto', dbkey='hg18', roles=[], message='', root=False, template_field_name1='', template_field_contents1='', show_deleted='False', @@ -1638,7 +1729,7 @@ filename = self.get_filename( filename ) self.home() self.visit_url( "%s/library_common/upload_library_dataset?cntrller=%s&library_id=%s&folder_id=%s&upload_option=%s&message=%s" % \ - ( self.url, cntrller, library_id, folder_id, upload_option, message ) ) + ( self.url, cntrller, library_id, folder_id, upload_option, message.replace( ' ', '+' ) ) ) self.check_page_for_string( 'Upload files' ) tc.fv( "1", "library_id", library_id ) tc.fv( "1", "folder_id", folder_id ) @@ -1659,68 +1750,77 @@ check_str = "Added 1 datasets to the folder '%s' (each is selected)." % folder_name self.library_wait( library_id ) self.home() - def set_library_dataset_permissions( self, cntrller, library_id, folder_id, ldda_id, ldda_name, role_ids_str, permissions_in, permissions_out ): + def ldda_permissions( self, cntrller, library_id, folder_id, id, role_ids_str, + permissions_in=[], permissions_out=[], check_str1='' ): # role_ids_str must be a comma-separated string of role ids - url = "library_common/ldda_permissions?cntrller=%s&library_id=%s&folder_id=%s&id=%s&update_roles_button=Save" % \ - ( cntrller, library_id, folder_id, ldda_id ) + url = "%s/library_common/ldda_permissions?cntrller=%s&library_id=%s&folder_id=%s&id=%s" % \ + ( self.url, cntrller, library_id, folder_id, id ) for po in permissions_out: key = '%s_out' % po url ="%s&%s=%s" % ( url, key, role_ids_str ) for pi in permissions_in: key = '%s_in' % pi url ="%s&%s=%s" % ( url, key, role_ids_str ) - self.home() - self.visit_url( "%s/%s" % ( self.url, url ) ) - check_str = "Permissions have been updated on 1 datasets" + if permissions_in or permissions_out: + url += "&update_roles_button=Save" + self.visit_url( url ) + if check_str1: + check_str = check_str1 + else: + check_str = "Permissions have been updated on 1 datasets" self.check_page_for_string( check_str ) self.home() - def edit_ldda_template_element_info( self, library_id, folder_id, ldda_id, ldda_name, ele_1_field_name, - ele_1_contents, ele_2_field_name, ele_2_contents, ele_1_help='', ele_2_help='', - ele_3_field_name='', ele_3_contents='', ele_3_help='' ): - """Edit library_dataset_dataset_association template element information""" - self.home() - self.visit_url( "%s/library_common/ldda_edit_info?cntrller=library_admin&library_id=%s&folder_id=%s&id=%s" % \ - ( self.url, library_id, folder_id, ldda_id ) ) + def ldda_edit_info( self, cntrller, library_id, folder_id, ldda_id, ldda_name, new_ldda_name='', + ele_1_field_name='', ele_1_contents='', ele_1_help='', + ele_2_field_name='', ele_2_contents='', ele_2_help='', + ele_3_field_name='', ele_3_contents='', ele_3_help='', + check_str1='', check_str2='', check_str3='', not_displayed='' ): + """Edit library_dataset_dataset_association information, optionally template element information""" + self.visit_url( "%s/library_common/ldda_edit_info?cntrller=%s&library_id=%s&folder_id=%s&id=%s" % \ + ( self.url, cntrller, library_id, folder_id, ldda_id ) ) check_str = 'Edit attributes of %s' % ldda_name self.check_page_for_string( check_str ) - ele_1_contents = ele_1_contents.replace( '+', ' ' ) - ele_2_contents = ele_2_contents.replace( '+', ' ' ) - tc.fv( '4', ele_1_field_name, ele_1_contents ) - tc.fv( '4', ele_2_field_name, ele_2_contents.replace( '+', ' ' ) ) + if new_ldda_name: + tc.fv( '1', 'name', new_ldda_name ) + tc.submit( 'save' ) + check_str = 'Attributes updated for library dataset %s' % new_ldda_name + self.check_page_for_string( check_str ) + # There are 4 forms on this page and the template is the 4th form + if ele_1_field_name and ele_1_contents: + ele_1_contents = ele_1_contents.replace( '+', ' ' ) + tc.fv( '4', ele_1_field_name, ele_1_contents ) + if ele_2_field_name and ele_2_contents: + ele_2_contents = ele_2_contents.replace( '+', ' ' ) + tc.fv( '4', ele_2_field_name, ele_2_contents.replace( '+', ' ' ) ) if ele_3_field_name and ele_3_contents: ele_3_contents = ele_3_contents.replace( '+', ' ' ) tc.fv( '4', ele_3_field_name, ele_3_contents ) - tc.submit( 'edit_info_button' ) - self.check_page_for_string( 'This is the latest version of this library dataset' ) - self.check_page_for_string( 'The information has been updated.' ) - self.check_page_for_string( ele_1_contents ) - self.check_page_for_string( ele_2_contents ) - if ele_3_field_name and ele_3_contents: + if ele_1_field_name: + tc.submit( 'edit_info_button' ) + self.check_page_for_string( 'This is the latest version of this library dataset' ) + self.check_page_for_string( 'The information has been updated.' ) + self.check_page_for_string( ele_1_contents ) + if ele_2_field_name: + self.check_page_for_string( ele_2_contents ) + if ele_3_field_name: self.check_page_for_string( ele_3_contents ) if ele_1_help: check_str = ele_1_help.replace( '+', ' ' ) self.check_page_for_string( check_str ) - self.check_page_for_string( ele_2_contents ) if ele_2_help: check_str = ele_2_help.replace( '+', ' ' ) self.check_page_for_string( check_str ) if ele_2_help: check_str = ele_3_help.replace( '+', ' ' ) self.check_page_for_string( check_str ) - self.home() - def edit_ldda_attribute_info( self, cntrller, library_id, folder_id, ldda_id, ldda_name, new_ldda_name ): - """Edit library_dataset_dataset_association attribute information""" - self.home() - self.visit_url( "%s/library_common/ldda_edit_info?cntrller=%s&library_id=%s&folder_id=%s&id=%s" % \ - ( self.url, cntrller, library_id, folder_id, ldda_id ) ) - check_str = 'Edit attributes of %s' % ldda_name - self.check_page_for_string( check_str ) - tc.fv( '1', 'name', new_ldda_name ) - tc.submit( 'save' ) - check_str = 'Attributes updated for library dataset %s' % new_ldda_name - self.check_page_for_string( check_str ) - check_str = 'Edit attributes of %s' % new_ldda_name - self.check_page_for_string( check_str ) + if check_str1: + self.check_page_for_string( check_str1 ) + if not_displayed: + try: + self.check_page_for_string( not_displayed ) + raise AssertionError, "String (%s) should not have been displayed on ldda Edit Attributes page." % not_displayed + except: + pass self.home() def upload_new_dataset_version( self, cntrller, filename, library_id, folder_id, folder_name, library_dataset_id, ldda_name, file_type='auto', dbkey='hg18', message='', template_field_name1='', template_field_contents1='' ): @@ -1755,19 +1855,21 @@ check_str = "Added 1 datasets to the folder '%s' (each is selected)." % folder_name self.check_page_for_string( check_str ) self.home() - def add_dir_of_files_from_admin_view( self, library_id, folder_id, file_type='auto', dbkey='hg18', roles_tuple=[], - message='', check_str_after_submit='', template_field_name1='', template_field_contents1='' ): + def upload_directory_of_files( self, cntrller, library_id, folder_id, server_dir, file_type='auto', dbkey='hg18', roles_tuple=[], + message='', check_str1='', check_str_after_submit='', template_field_name1='', template_field_contents1='' ): """Add a directory of datasets to a folder""" # roles is a list of tuples: [ ( role_id, role_description ) ] - self.home() - self.visit_url( "%s/library_common/upload_library_dataset?cntrller=library_admin&upload_option=upload_directory&library_id=%s&folder_id=%s" % \ - ( self.url, library_id, folder_id ) ) + url = "%s/library_common/upload_library_dataset?cntrller=%s&library_id=%s&folder_id=%s&upload_option=upload_directory" % \ + ( self.url, cntrller, library_id, folder_id ) + self.visit_url( url ) self.check_page_for_string( 'Upload a directory of files' ) + if check_str1: + self.check_page_for_strin( check_str1 ) tc.fv( "1", "folder_id", folder_id ) tc.fv( "1", "file_type", file_type ) tc.fv( "1", "dbkey", dbkey ) - tc.fv( "1", "message", message.replace( '+', ' ' ) ) - tc.fv( "1", "server_dir", "library" ) + tc.fv( "1", "message", message ) + tc.fv( "1", "server_dir", server_dir ) for role_tuple in roles_tuple: tc.fv( "1", "roles", role_tuple[1] ) # role_tuple[1] is the role name # Add template field contents, if any... @@ -1778,29 +1880,13 @@ self.check_page_for_string( check_str_after_submit ) self.library_wait( library_id ) self.home() - def add_dir_of_files_from_libraries_view( self, library_id, folder_id, selected_dir, file_type='auto', dbkey='hg18', roles_tuple=[], - message='', check_str_after_submit='', template_field_name1='', template_field_contents1='' ): - """Add a directory of datasets to a folder""" - # roles is a list of tuples: [ ( role_id, role_description ) ] - self.home() - self.visit_url( "%s/library_common/upload_library_dataset?cntrller=library&upload_option=upload_directory&library_id=%s&folder_id=%s" % \ - ( self.url, library_id, folder_id ) ) - self.check_page_for_string( 'Upload a directory of files' ) - tc.fv( "1", "folder_id", folder_id ) - tc.fv( "1", "file_type", file_type ) - tc.fv( "1", "dbkey", dbkey ) - tc.fv( "1", "message", message.replace( '+', ' ' ) ) - tc.fv( "1", "server_dir", selected_dir ) - for role_tuple in roles_tuple: - tc.fv( "1", "roles", role_tuple[1] ) # role_tuple[1] is the role name - # Add template field contents, if any... - if template_field_name1: - tc.fv( "1", template_field_name1, template_field_contents1 ) - tc.submit( "runtool_btn" ) - if check_str_after_submit: - self.check_page_for_string( check_str_after_submit ) - self.library_wait( library_id, cntrller='library' ) - self.home() + def act_on_multiple_datasets( self, cntrller, library_id, do_action, ldda_ids='', check_str1='' ): + # Can't use the ~/library_admin/libraries form as twill barfs on it so we'll simulate the form submission + # by going directly to the form action + self.visit_url( '%s/library_common/act_on_multiple_datasets?cntrller=%s&library_id=%s&ldda_ids=%s&do_action=%s' \ + % ( self.url, cntrller, library_id, ldda_ids, do_action ) ) + if check_str1: + self.check_page_for_string( check_str1 ) def download_archive_of_library_files( self, cntrller, library_id, ldda_ids, format ): self.home() # Here it would be ideal to have twill set form values and submit the form, but diff -r e39c9a2a0b4c -r 48e83411aa91 test/functional/test_admin_features.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/functional/test_admin_features.py Fri Mar 12 16:11:26 2010 -0500 @@ -0,0 +1,422 @@ +from base.twilltestcase import * +from base.test_db_util import * + +class TestDataSecurity( TwillTestCase ): + def test_000_initiate_users( self ): + """Ensuring all required user accounts exist""" + self.logout() + self.login( email='test1@bx.psu.edu' ) + global regular_user1 + regular_user1 = get_user( 'test1@bx.psu.edu' ) + assert regular_user1 is not None, 'Problem retrieving user with email "test1@bx.psu.edu" from the database' + self.logout() + self.login( email='test2@bx.psu.edu' ) + global regular_user2 + regular_user2 = get_user( 'test2@bx.psu.edu' ) + assert regular_user2 is not None, 'Problem retrieving user with email "test2@bx.psu.edu" from the database' + self.logout() + self.login( email='test@bx.psu.edu' ) + global admin_user + admin_user = get_user( 'test@bx.psu.edu' ) + assert admin_user is not None, 'Problem retrieving user with email "test@bx.psu.edu" from the database' + def test_005_create_new_user_account_as_admin( self ): + """Testing creating a new user account as admin""" + # Logged in as admin_user + email = 'test3@bx.psu.edu' + password = 'testuser' + previously_created = self.create_new_account_as_admin( email=email, password=password ) + # Get the user object for later tests + global regular_user3 + regular_user3 = get_user( email ) + assert regular_user3 is not None, 'Problem retrieving user with email "%s" from the database' % email + global regular_user3_private_role + regular_user3_private_role = get_private_role( regular_user3 ) + # Make sure DefaultUserPermissions were created + if not regular_user3.default_permissions: + raise AssertionError( 'No DefaultUserPermissions were created for user %s when the admin created the account' % email ) + # Make sure a private role was created for the user + if not regular_user3.roles: + raise AssertionError( 'No UserRoleAssociations were created for user %s when the admin created the account' % email ) + if not previously_created and len( regular_user3.roles ) != 1: + raise AssertionError( '%d UserRoleAssociations were created for user %s when the admin created the account ( should have been 1 )' \ + % ( len( regular_user3.roles ), regular_user3.email ) ) + for ura in regular_user3.roles: + role = sa_session.query( galaxy.model.Role ).get( ura.role_id ) + if not previously_created and role.type != 'private': + raise AssertionError( 'Role created for user %s when the admin created the account is not private, type is' \ + % str( role.type ) ) + if not previously_created: + # Make sure a history was not created ( previous test runs may have left deleted histories ) + histories = get_all_histories_for_user( regular_user3 ) + if histories: + raise AssertionError( 'Histories were incorrectly created for user %s when the admin created the account' % email ) + # Make sure the user was not associated with any groups + if regular_user3.groups: + raise AssertionError( 'Groups were incorrectly associated with user %s when the admin created the account' % email ) + def test_010_reset_password_as_admin( self ): + """Testing reseting a user password as admin""" + self.reset_password_as_admin( user_id=self.security.encode_id( regular_user3.id ), password='testreset' ) + def test_015_login_after_password_reset( self ): + """Testing logging in after an admin reset a password - tests DefaultHistoryPermissions for accounts created by an admin""" + # logged in as admin_user + self.logout() + self.login( email=regular_user3.email, password='testreset' ) + # Make sure a History and HistoryDefaultPermissions exist for the user + latest_history = get_latest_history_for_user( regular_user3 ) + if not latest_history.user_id == regular_user3.id: + raise AssertionError( 'A history was not created for user %s when he logged in' % email ) + if not latest_history.default_permissions: + raise AssertionError( 'No DefaultHistoryPermissions were created for history id %d when it was created' % latest_history.id ) + dhps = get_default_history_permissions_by_history( latest_history ) + if len( dhps ) > 1: + raise AssertionError( 'More than 1 DefaultHistoryPermissions were created for history id %d when it was created' % latest_history.id ) + dhp = dhps[0] + if not dhp.action == galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action: + raise AssertionError( 'The DefaultHistoryPermission.action for history id %d is "%s", but it should be "manage permissions"' \ + % ( latest_history.id, dhp.action ) ) + # Upload a file to create a HistoryDatasetAssociation + self.upload_file( '1.bed' ) + latest_dataset = get_latest_dataset() + for dp in latest_dataset.actions: + # Should only have 1 DatasetPermissions + if dp.action != galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action: + raise AssertionError( 'The DatasetPermissions for dataset id %d is %s ( should have been %s )' \ + % ( latest_dataset.id, + latest_dataset.actions.action, + galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action ) ) + self.logout() + # Reset the password to the default for later tests + self.login( email='test@bx.psu.edu' ) + self.reset_password_as_admin( user_id=self.security.encode_id( regular_user3.id ), password='testuser' ) + def test_020_mark_user_deleted( self ): + """Testing marking a user account as deleted""" + # Logged in as admin_user + self.mark_user_deleted( user_id=self.security.encode_id( regular_user3.id ), email=regular_user3.email ) + if not regular_user3.active_histories: + raise AssertionError( 'HistoryDatasetAssociations for regular_user3 were incorrectly deleted when the user was marked deleted' ) + def test_025_undelete_user( self ): + """Testing undeleting a user account""" + # Logged in as admin_user + self.undelete_user( user_id=self.security.encode_id( regular_user3.id ), email=regular_user3.email ) + def test_030_create_role( self ): + """Testing creating new role with 3 members ( and a new group named the same ), then renaming the role""" + # Logged in as admin_user + name = 'Role One' + description = "This is Role Ones description" + user_ids=[ str( admin_user.id ), str( regular_user1.id ), str( regular_user3.id ) ] + self.create_role( name=name, + description=description, + in_user_ids=user_ids, + in_group_ids=[], + create_group_for_role='yes', + private_role=admin_user.email ) + # Get the role object for later tests + global role_one + role_one = sa_session.query( galaxy.model.Role ).filter( galaxy.model.Role.table.c.name==name ).first() + assert role_one is not None, 'Problem retrieving role named "Role One" from the database' + # Make sure UserRoleAssociations are correct + if len( role_one.users ) != len( user_ids ): + raise AssertionError( '%d UserRoleAssociations were created for role id %d when it was created ( should have been %d )' \ + % ( len( role_one.users ), role_one.id, len( user_ids ) ) ) + # Each of the following users should now have 2 role associations, their private role and role_one + for user in [ admin_user, regular_user1, regular_user3 ]: + refresh( user ) + if len( user.roles ) != 2: + raise AssertionError( '%d UserRoleAssociations are associated with user %s ( should be 2 )' \ + % ( len( user.roles ), user.email ) ) + # Make sure the group was created + self.visit_url( '%s/admin/groups' % self.url ) + self.check_page_for_string( name ) + global group_zero + group_zero = get_group_by_name( name ) + # Rename the role + rename = "Role One's been Renamed" + new_description="This is Role One's Re-described" + self.rename_role( self.security.encode_id( role_one.id ), name=rename, description=new_description ) + self.visit_url( '%s/admin/roles' % self.url ) + self.check_page_for_string( rename ) + self.check_page_for_string( new_description ) + # Reset the role back to the original name and description + self.rename_role( self.security.encode_id( role_one.id ), name=name, description=description ) + def test_035_create_group( self ): + """Testing creating new group with 3 members and 1 associated role, then renaming it""" + # Logged in as admin_user + name = "Group One's Name" + user_ids=[ str( admin_user.id ), str( regular_user1.id ), str( regular_user3.id ) ] + role_ids=[ str( role_one.id ) ] + self.create_group( name=name, in_user_ids=user_ids, in_role_ids=role_ids ) + # Get the group object for later tests + global group_one + group_one = get_group_by_name( name ) + assert group_one is not None, 'Problem retrieving group named "Group One" from the database' + # Make sure UserGroupAssociations are correct + if len( group_one.users ) != len( user_ids ): + raise AssertionError( '%d UserGroupAssociations were created for group id %d when it was created ( should have been %d )' \ + % ( len( group_one.users ), group_one.id, len( user_ids ) ) ) + # Each user should now have 1 group association, group_one + for user in [ admin_user, regular_user1, regular_user3 ]: + refresh( user ) + if len( user.groups ) != 1: + raise AssertionError( '%d UserGroupAssociations are associated with user %s ( should be 1 )' % ( len( user.groups ), user.email ) ) + # Make sure GroupRoleAssociations are correct + if len( group_one.roles ) != len( role_ids ): + raise AssertionError( '%d GroupRoleAssociations were created for group id %d when it was created ( should have been %d )' \ + % ( len( group_one.roles ), group_one.id, len( role_ids ) ) ) + # Rename the group + rename = "Group One's been Renamed" + self.rename_group( self.security.encode_id( group_one.id ), name=rename, ) + self.home() + self.visit_url( '%s/admin/groups' % self.url ) + self.check_page_for_string( rename ) + # Reset the group back to the original name + self.rename_group( self.security.encode_id( group_one.id ), name=name ) + def test_040_add_members_and_role_to_group( self ): + """Testing editing user membership and role associations of an existing group""" + # Logged in as admin_user + name = 'Group Two' + self.create_group( name=name, in_user_ids=[], in_role_ids=[] ) + # Get the group object for later tests + global group_two + group_two = get_group_by_name( name ) + assert group_two is not None, 'Problem retrieving group named "Group Two" from the database' + # group_two should have no associations + if group_two.users: + raise AssertionError( '%d UserGroupAssociations were created for group id %d when it was created ( should have been 0 )' \ + % ( len( group_two.users ), group_two.id ) ) + if group_two.roles: + raise AssertionError( '%d GroupRoleAssociations were created for group id %d when it was created ( should have been 0 )' \ + % ( len( group_two.roles ), group_two.id ) ) + user_ids = [ str( regular_user1.id ) ] + role_ids = [ str( role_one.id ) ] + self.associate_users_and_roles_with_group( self.security.encode_id( group_two.id ), + group_two.name, + user_ids=user_ids, + role_ids=role_ids ) + def test_045_create_role_with_user_and_group_associations( self ): + """Testing creating a role with user and group associations""" + # Logged in as admin_user + # NOTE: To get this to work with twill, all select lists on the ~/admin/role page must contain at least + # 1 option value or twill throws an exception, which is: ParseError: OPTION outside of SELECT + # Due to this bug in twill, we create the role, we bypass the page and visit the URL in the + # associate_users_and_groups_with_role() method. + name = 'Role Two' + description = 'This is Role Two' + user_ids=[ str( admin_user.id ) ] + group_ids=[ str( group_two.id ) ] + private_role=admin_user.email + # Create the role + self.create_role( name=name, + description=description, + in_user_ids=user_ids, + in_group_ids=group_ids, + private_role=private_role ) + # Get the role object for later tests + global role_two + role_two = get_role_by_name( name ) + assert role_two is not None, 'Problem retrieving role named "Role Two" from the database' + # Make sure UserRoleAssociations are correct + if len( role_two.users ) != len( user_ids ): + raise AssertionError( '%d UserRoleAssociations were created for role id %d when it was created with %d members' \ + % ( len( role_two.users ), role_two.id, len( user_ids ) ) ) + # admin_user should now have 3 role associations, private role, role_one, role_two + refresh( admin_user ) + if len( admin_user.roles ) != 3: + raise AssertionError( '%d UserRoleAssociations are associated with user %s ( should be 3 )' % ( len( admin_user.roles ), admin_user.email ) ) + # Make sure GroupRoleAssociations are correct + refresh( role_two ) + if len( role_two.groups ) != len( group_ids ): + raise AssertionError( '%d GroupRoleAssociations were created for role id %d when it was created ( should have been %d )' \ + % ( len( role_two.groups ), role_two.id, len( group_ids ) ) ) + # group_two should now be associated with 2 roles: role_one, role_two + refresh( group_two ) + if len( group_two.roles ) != 2: + raise AssertionError( '%d GroupRoleAssociations are associated with group id %d ( should be 2 )' % ( len( group_two.roles ), group_two.id ) ) + def test_050_change_user_role_associations( self ): + """Testing changing roles associated with a user""" + # Logged in as admin_user + # Create a new role with no associations + name = 'Role Three' + description = 'This is Role Three' + user_ids=[] + group_ids=[] + private_role=admin_user.email + self.create_role( name=name, + description=description, + in_user_ids=user_ids, + in_group_ids=group_ids, + private_role=private_role ) + # Get the role object for later tests + global role_three + role_three = get_role_by_name( name ) + assert role_three is not None, 'Problem retrieving role named "Role Three" from the database' + # Associate the role with a user + refresh( admin_user ) + role_ids = [] + for ura in admin_user.non_private_roles: + role_ids.append( str( ura.role_id ) ) + role_ids.append( str( role_three.id ) ) + group_ids = [] + for uga in admin_user.groups: + group_ids.append( str( uga.group_id ) ) + check_str = "User '%s' has been updated with %d associated roles and %d associated groups" % \ + ( admin_user.email, len( role_ids ), len( group_ids ) ) + self.manage_roles_and_groups_for_user( self.security.encode_id( admin_user.id ), + in_role_ids=role_ids, + in_group_ids=group_ids, + check_str=check_str ) + refresh( admin_user ) + # admin_user should now be associated with 4 roles: private, role_one, role_two, role_three + if len( admin_user.roles ) != 4: + raise AssertionError( '%d UserRoleAssociations are associated with %s ( should be 4 )' % \ + ( len( admin_user.roles ), admin_user.email ) ) + def test_055_mark_group_deleted( self ): + """Testing marking a group as deleted""" + # Logged in as admin_user + self.browse_groups( check_str1=group_two.name ) + self.mark_group_deleted( self.security.encode_id( group_two.id ), group_two.name ) + refresh( group_two ) + if not group_two.deleted: + raise AssertionError( '%s was not correctly marked as deleted.' % group_two.name ) + # Deleting a group should not delete any associations + if not group_two.members: + raise AssertionError( '%s incorrectly lost all members when it was marked as deleted.' % group_two.name ) + if not group_two.roles: + raise AssertionError( '%s incorrectly lost all role associations when it was marked as deleted.' % group_two.name ) + def test_060_undelete_group( self ): + """Testing undeleting a deleted group""" + # Logged in as admin_user + self.undelete_group( self.security.encode_id( group_two.id ), group_two.name ) + refresh( group_two ) + if group_two.deleted: + raise AssertionError( '%s was not correctly marked as not deleted.' % group_two.name ) + def test_065_mark_role_deleted( self ): + """Testing marking a role as deleted""" + # Logged in as admin_user + self.home() + self.browse_roles( check_str1=role_two.name ) + self.mark_role_deleted( self.security.encode_id( role_two.id ), role_two.name ) + refresh( role_two ) + if not role_two.deleted: + raise AssertionError( '%s was not correctly marked as deleted.' % role_two.name ) + # Deleting a role should not delete any associations + if not role_two.users: + raise AssertionError( '%s incorrectly lost all user associations when it was marked as deleted.' % role_two.name ) + if not role_two.groups: + raise AssertionError( '%s incorrectly lost all group associations when it was marked as deleted.' % role_two.name ) + def test_070_undelete_role( self ): + """Testing undeleting a deleted role""" + # Logged in as admin_user + self.undelete_role( self.security.encode_id( role_two.id ), role_two.name ) + def test_075_purge_user( self ): + """Testing purging a user account""" + # Logged in as admin_user + self.mark_user_deleted( user_id=self.security.encode_id( regular_user3.id ), email=regular_user3.email ) + refresh( regular_user3 ) + self.purge_user( self.security.encode_id( regular_user3.id ), regular_user3.email ) + refresh( regular_user3 ) + if not regular_user3.purged: + raise AssertionError( 'User %s was not marked as purged.' % regular_user3.email ) + # Make sure DefaultUserPermissions deleted EXCEPT FOR THE PRIVATE ROLE + if len( regular_user3.default_permissions ) != 1: + raise AssertionError( 'DefaultUserPermissions for user %s were not deleted.' % regular_user3.email ) + for dup in regular_user3.default_permissions: + role = sa_session.query( galaxy.model.Role ).get( dup.role_id ) + if role.type != 'private': + raise AssertionError( 'DefaultUserPermissions for user %s are not related with the private role.' % regular_user3.email ) + # Make sure History deleted + for history in regular_user3.histories: + refresh( history ) + if not history.deleted: + raise AssertionError( 'User %s has active history id %d after their account was marked as purged.' % ( regular_user3.email, hda.id ) ) + # NOTE: Not all hdas / datasets will be deleted at the time a history is deleted - the cleanup_datasets.py script + # is responsible for this. + # Make sure UserGroupAssociations deleted + if regular_user3.groups: + raise AssertionError( 'User %s has active group id %d after their account was marked as purged.' % ( regular_user3.email, uga.id ) ) + # Make sure UserRoleAssociations deleted EXCEPT FOR THE PRIVATE ROLE + if len( regular_user3.roles ) != 1: + raise AssertionError( 'UserRoleAssociations for user %s were not deleted.' % regular_user3.email ) + for ura in regular_user3.roles: + role = sa_session.query( galaxy.model.Role ).get( ura.role_id ) + if role.type != 'private': + raise AssertionError( 'UserRoleAssociations for user %s are not related with the private role.' % regular_user3.email ) + def test_080_manually_unpurge_user( self ): + """Testing manually un-purging a user account""" + # Logged in as admin_user + # Reset the user for later test runs. The user's private Role and DefaultUserPermissions for that role + # should have been preserved, so all we need to do is reset purged and deleted. + # TODO: If we decide to implement the GUI feature for un-purging a user, replace this with a method call + regular_user3.purged = False + regular_user3.deleted = False + flush( regular_user3 ) + def test_085_purge_group( self ): + """Testing purging a group""" + # Logged in as admin_user + self.mark_group_deleted( self.security.encode_id( group_two.id ), group_two.name ) + self.purge_group( self.security.encode_id( group_two.id ), group_two.name ) + # Make sure there are no UserGroupAssociations + if get_user_group_associations_by_group( group_two ): + raise AssertionError( "Purging the group did not delete the UserGroupAssociations for group_id '%s'" % group_two.id ) + # Make sure there are no GroupRoleAssociations + if get_group_role_associations_by_group( group_two ): + raise AssertionError( "Purging the group did not delete the GroupRoleAssociations for group_id '%s'" % group_two.id ) + # Undelete the group for later test runs + self.undelete_group( self.security.encode_id( group_two.id ), group_two.name ) + def test_090_purge_role( self ): + """Testing purging a role""" + # Logged in as admin_user + self.mark_role_deleted( self.security.encode_id( role_two.id ), role_two.name ) + self.purge_role( self.security.encode_id( role_two.id ), role_two.name ) + # Make sure there are no UserRoleAssociations + if get_user_role_associations_by_role( role_two ): + raise AssertionError( "Purging the role did not delete the UserRoleAssociations for role_id '%s'" % role_two.id ) + # Make sure there are no DefaultUserPermissions associated with the Role + if get_default_user_permissions_by_role( role_two ): + raise AssertionError( "Purging the role did not delete the DefaultUserPermissions for role_id '%s'" % role_two.id ) + # Make sure there are no DefaultHistoryPermissions associated with the Role + if get_default_history_permissions_by_role( role_two ): + raise AssertionError( "Purging the role did not delete the DefaultHistoryPermissions for role_id '%s'" % role_two.id ) + # Make sure there are no GroupRoleAssociations + if get_group_role_associations_by_role( role_two ): + raise AssertionError( "Purging the role did not delete the GroupRoleAssociations for role_id '%s'" % role_two.id ) + # Make sure there are no DatasetPermissionss + if get_dataset_permissions_by_role( role_two ): + raise AssertionError( "Purging the role did not delete the DatasetPermissionss for role_id '%s'" % role_two.id ) + def test_095_manually_unpurge_role( self ): + """Testing manually un-purging a role""" + # Logged in as admin_user + # Manually unpurge, then undelete the role for later test runs + # TODO: If we decide to implement the GUI feature for un-purging a role, replace this with a method call + role_two.purged = False + flush( role_two ) + self.undelete_role( self.security.encode_id( role_two.id ), role_two.name ) + def test_999_reset_data_for_later_test_runs( self ): + """Reseting data to enable later test runs to pass""" + # Logged in as admin_user + ################## + # Eliminate all non-private roles + ################## + for role in [ role_one, role_two, role_three ]: + self.mark_role_deleted( self.security.encode_id( role.id ), role.name ) + self.purge_role( self.security.encode_id( role.id ), role.name ) + # Manually delete the role from the database + refresh( role ) + sa_session.delete( role ) + sa_session.flush() + ################## + # Eliminate all groups + ################## + for group in [ group_zero, group_one, group_two ]: + self.mark_group_deleted( self.security.encode_id( group.id ), group.name ) + self.purge_group( self.security.encode_id( group.id ), group.name ) + # Manually delete the group from the database + refresh( group ) + sa_session.delete( group ) + sa_session.flush() + ################## + # Make sure all users are associated only with their private roles + ################## + for user in [ admin_user, regular_user1, regular_user2, regular_user3 ]: + refresh( user ) + if len( user.roles) != 1: + raise AssertionError( '%d UserRoleAssociations are associated with %s ( should be 1 )' % ( len( user.roles ), user.email ) ) diff -r e39c9a2a0b4c -r 48e83411aa91 test/functional/test_data_security.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/functional/test_data_security.py Fri Mar 12 16:11:26 2010 -0500 @@ -0,0 +1,196 @@ +from base.twilltestcase import * +from base.test_db_util import * + +class TestDataSecurity( TwillTestCase ): + def test_000_initiate_users( self ): + """Ensuring all required user accounts exist""" + self.logout() + self.login( email='test1@bx.psu.edu' ) + global regular_user1 + regular_user1 = get_user( 'test1@bx.psu.edu' ) + assert regular_user1 is not None, 'Problem retrieving user with email "test1@bx.psu.edu" from the database' + global regular_user1_private_role + regular_user1_private_role = get_private_role( regular_user1 ) + self.logout() + self.login( email='test2@bx.psu.edu' ) + global regular_user2 + regular_user2 = get_user( 'test2@bx.psu.edu' ) + assert regular_user2 is not None, 'Problem retrieving user with email "test2@bx.psu.edu" from the database' + global regular_user2_private_role + regular_user2_private_role = get_private_role( regular_user2 ) + self.logout() + self.login( email='test3@bx.psu.edu' ) + global regular_user3 + regular_user3 = get_user( 'test3@bx.psu.edu' ) + assert regular_user3 is not None, 'Problem retrieving user with email "test3@bx.psu.edu" from the database' + global regular_user3_private_role + regular_user3_private_role = get_private_role( regular_user3 ) + self.logout() + self.login( email='test@bx.psu.edu' ) + global admin_user + admin_user = get_user( 'test@bx.psu.edu' ) + assert admin_user is not None, 'Problem retrieving user with email "test@bx.psu.edu" from the database' + global admin_user_private_role + admin_user_private_role = get_private_role( admin_user ) + def test_005_default_permissions( self ): + """Testing initial settings for DefaultUserPermissions and DefaultHistoryPermissions""" + # Logged in as admin_user + # Make sure DefaultUserPermissions are correct + dups = get_default_user_permissions_by_user( admin_user ) + if len( dups ) > 1: + raise AssertionError( '%d DefaultUserPermissions associated with user %s ( should be 1 )' \ + % ( len( admin_user.default_permissions ), admin_user.email ) ) + dup = dups[0] + if not dup.action == galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action: + raise AssertionError( 'The DefaultUserPermission.action for user "%s" is "%s", but it should be "%s"' \ + % ( admin_user.email, dup.action, galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action ) ) + # Make sure DefaultHistoryPermissions are correct + latest_history = get_latest_history_for_user( admin_user ) + dhps = get_default_history_permissions_by_history( latest_history ) + if len( dhps ) > 1: + raise AssertionError( '%d DefaultHistoryPermissions were created for history id %d when it was created ( should have been 1 )' \ + % ( len( latest_history.default_permissions ), latest_history.id ) ) + dhp = dhps[0] + if not dhp.action == galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action: + raise AssertionError( 'The DefaultHistoryPermission.action for history id %d is "%s", but it should be "%s"' \ + % ( latest_history.id, dhp.action, galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action ) ) + self.manage_roles_and_groups_for_user( self.security.encode_id( admin_user.id ), + check_str=admin_user.email ) + # Try deleting the admin_user's private role + check_str = "You cannot eliminate a user's private role association." + self.manage_roles_and_groups_for_user( self.security.encode_id( admin_user.id ), + out_role_ids=str( admin_user_private_role.id ), + check_str=check_str ) + def test_010_private_role_creation_and_default_history_permissions( self ): + """Testing private role creation and changing DefaultHistoryPermissions for new histories""" + # Logged in as admin_user + self.logout() + # Some of the history related tests here are similar to some tests in the + # test_history_functions.py script, so we could potentially eliminate 1 or 2 of them. + self.login( email='test1@bx.psu.edu' ) + global regular_user1 + regular_user1 = get_user( 'test1@bx.psu.edu' ) + assert regular_user1 is not None, 'Problem retrieving user with email "test1@bx.psu.edu" from the database' + # Add a dataset to the history + self.upload_file( '1.bed' ) + latest_dataset = get_latest_dataset() + # Make sure DatasetPermissions are correct - default is 'manage permissions' + dps = get_dataset_permissions_by_dataset( latest_dataset ) + if len( dps ) > 1: + raise AssertionError( '%d DatasetPermissions were created for dataset id %d when it was created ( should have been 1 )' \ + % ( len( dps ), latest_dataset.id ) ) + dp = dps[0] + if not dp.action == galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action: + raise AssertionError( 'The DatasetPermissions.action for dataset id %d is "%s", but it should be "manage permissions"' \ + % ( latest_dataset.id, dp.action ) ) + # Change DefaultHistoryPermissions for regular_user1 + permissions_in = [] + actions_in = [] + for key, value in galaxy.model.Dataset.permitted_actions.items(): + # Setting the 'access' permission with the private role makes this dataset private + permissions_in.append( key ) + actions_in.append( value.action ) + # Sort actions for later comparison + actions_in.sort() + self.user_set_default_permissions( permissions_in=permissions_in, role_id=str( regular_user1_private_role.id ) ) + # Make sure the default permissions are changed for new histories + self.new_history() + # logged in as regular_user1 + latest_history = get_latest_history_for_user( regular_user1 ) + if len( latest_history.default_permissions ) != len( actions_in ): + raise AssertionError( '%d DefaultHistoryPermissions were created for history id %d, should have been %d' % \ + ( len( latest_history.default_permissions ), latest_history.id, len( actions_in ) ) ) + dhps = [] + for dhp in latest_history.default_permissions: + dhps.append( dhp.action ) + # Sort permissions for later comparison + dhps.sort() + for key, value in galaxy.model.Dataset.permitted_actions.items(): + if value.action not in dhps: + raise AssertionError( '%s not in history id %d default_permissions after they were changed' % ( value.action, latest_history.id ) ) + # Add a dataset to the history + self.upload_file( '1.bed' ) + latest_dataset = get_latest_dataset() + # Make sure DatasetPermissions are correct + if len( latest_dataset.actions ) != len( latest_history.default_permissions ): + raise AssertionError( '%d DatasetPermissions were created for dataset id %d when it was created ( should have been %d )' % \ + ( len( latest_dataset.actions ), latest_dataset.id, len( latest_history.default_permissions ) ) ) + dps = [] + for dp in latest_dataset.actions: + dps.append( dp.action ) + # Sort actions for later comparison + dps.sort() + # Compare DatasetPermissions with permissions_in - should be the same + if dps != actions_in: + raise AssertionError( 'DatasetPermissions "%s" for dataset id %d differ from changed default permissions "%s"' \ + % ( str( dps ), latest_dataset.id, str( actions_in ) ) ) + # Compare DefaultHistoryPermissions and DatasetPermissions - should be the same + if dps != dhps: + raise AssertionError( 'DatasetPermissions "%s" for dataset id %d differ from DefaultHistoryPermissions "%s" for history id %d' \ + % ( str( dps ), latest_dataset.id, str( dhps ), latest_history.id ) ) + def test_015_change_default_permissions_for_current_history( self ): + """Testing changing DefaultHistoryPermissions for the current history""" + # logged in a regular_user1 + self.logout() + self.login( email=regular_user2.email ) + latest_history = get_latest_history_for_user( regular_user2 ) + self.upload_file( '1.bed' ) + latest_dataset = get_latest_dataset() + permissions_in = [ 'DATASET_MANAGE_PERMISSIONS' ] + # Make sure these are in sorted order for later comparison + actions_in = [ 'manage permissions' ] + permissions_out = [ 'DATASET_ACCESS' ] + actions_out = [ 'access' ] + # Change DefaultHistoryPermissions for the current history + self.history_set_default_permissions( permissions_out=permissions_out, permissions_in=permissions_in, role_id=str( regular_user2_private_role.id ) ) + if len( latest_history.default_permissions ) != len( actions_in ): + raise AssertionError( '%d DefaultHistoryPermissions were created for history id %d, should have been %d' \ + % ( len( latest_history.default_permissions ), latest_history.id, len( permissions_in ) ) ) + # Make sure DefaultHistoryPermissions were correctly changed for the current history + dhps = [] + for dhp in latest_history.default_permissions: + dhps.append( dhp.action ) + # Sort permissions for later comparison + dhps.sort() + # Compare DefaultHistoryPermissions and actions_in - should be the same + if dhps != actions_in: + raise AssertionError( 'DefaultHistoryPermissions "%s" for history id %d differ from actions "%s" passed for changing' \ + % ( str( dhps ), latest_history.id, str( actions_in ) ) ) + # Make sure DatasetPermissionss are correct + if len( latest_dataset.actions ) != len( latest_history.default_permissions ): + raise AssertionError( '%d DatasetPermissionss were created for dataset id %d when it was created ( should have been %d )' \ + % ( len( latest_dataset.actions ), latest_dataset.id, len( latest_history.default_permissions ) ) ) + dps = [] + for dp in latest_dataset.actions: + dps.append( dp.action ) + # Sort actions for comparison + dps.sort() + # Compare DatasetPermissionss and DefaultHistoryPermissions - should be the same + if dps != dhps: + raise AssertionError( 'DatasetPermissionss "%s" for dataset id %d differ from DefaultHistoryPermissions "%s"' \ + % ( str( dps ), latest_dataset.id, str( dhps ) ) ) + def test_999_reset_data_for_later_test_runs( self ): + """Reseting data to enable later test runs to pass""" + # Logged in as regular_user2 + self.logout() + self.login( email=admin_user.email ) + ################## + # Make sure all users are associated only with their private roles + ################## + for user in [ admin_user, regular_user1, regular_user2, regular_user3 ]: + refresh( user ) + if len( user.roles) != 1: + raise AssertionError( '%d UserRoleAssociations are associated with %s ( should be 1 )' % ( len( user.roles ), user.email ) ) + ##################### + # Reset DefaultHistoryPermissions for regular_user1 + ##################### + self.logout() + self.login( email=regular_user1.email ) + # Change DefaultHistoryPermissions for regular_user1 back to the default + permissions_in = [ 'DATASET_MANAGE_PERMISSIONS' ] + permissions_out = [ 'DATASET_ACCESS' ] + self.user_set_default_permissions( permissions_in=permissions_in, + permissions_out=permissions_out, + role_id=str( regular_user1_private_role.id ) ) + self.logout() + self.login( email=admin_user.email ) diff -r e39c9a2a0b4c -r 48e83411aa91 test/functional/test_library_features.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/functional/test_library_features.py Fri Mar 12 16:11:26 2010 -0500 @@ -0,0 +1,606 @@ +from base.twilltestcase import * +from base.test_db_util import * + +class TestLibraryFeatures( TwillTestCase ): + def test_000_initiate_users( self ): + """Ensuring all required user accounts exist""" + self.logout() + self.login( email='test1@bx.psu.edu' ) + global regular_user1 + regular_user1 = get_user( 'test1@bx.psu.edu' ) + assert regular_user1 is not None, 'Problem retrieving user with email "test1@bx.psu.edu" from the database' + self.logout() + self.login( email='test2@bx.psu.edu' ) + global regular_user2 + regular_user2 = get_user( 'test2@bx.psu.edu' ) + assert regular_user2 is not None, 'Problem retrieving user with email "test2@bx.psu.edu" from the database' + self.logout() + self.login( email='test3@bx.psu.edu' ) + global regular_user3 + regular_user3 = get_user( 'test3@bx.psu.edu' ) + assert regular_user3 is not None, 'Problem retrieving user with email "test3@bx.psu.edu" from the database' + self.logout() + self.login( email='test@bx.psu.edu' ) + global admin_user + admin_user = get_user( 'test@bx.psu.edu' ) + assert admin_user is not None, 'Problem retrieving user with email "test@bx.psu.edu" from the database' + def test_005_create_library( self ): + """Testing creating a new library, then renaming it""" + # Logged in as admin_user + name = "library features Library1" + description = "library features Library1 description" + synopsis = "library features Library1 synopsis" + self.create_library( name=name, description=description, synopsis=synopsis ) + self.browse_libraries_admin( check_str1=name, check_str2=description ) + # Get the library object for later tests + global library_one + library_one = get_library( name, description, synopsis ) + assert library_one is not None, 'Problem retrieving library named "%s" from the database' % name + # Rename the library + new_name = "library features Library1 new name" + new_description = "library features Library1 new description" + new_synopsis = "library features Library1 new synopsis" + self.library_info( 'library_admin', + self.security.encode_id( library_one.id ), + library_one.name, + new_name=new_name, + new_description=new_description, + new_synopsis=new_synopsis ) + self.browse_libraries_admin( check_str1=new_name, check_str2=new_description ) + # Reset the library back to the original name and description + self.library_info( 'library_admin', + self.security.encode_id( library_one.id ), + library_one.name, + new_name=name, + new_description=description, + new_synopsis=synopsis ) + refresh( library_one ) + def test_010_library_template_features( self ): + """Testing adding a template to a library, then filling in the contents""" + # Logged in as admin_user + form_name = 'Library template Form One' + form_desc = 'This is Form One' + form_type = galaxy.model.FormDefinition.types.LIBRARY_INFO_TEMPLATE + # Create form for library template + self.create_form( name=form_name, desc=form_desc, formtype=form_type ) + global form_one + form_one = get_form( form_name ) + assert form_one is not None, 'Problem retrieving form named (%s) from the database' % form_name + # Add new template based on the form to the library + template_name = 'Library Template 1' + self.add_library_template( 'library_admin', + 'library', + self.security.encode_id( library_one.id ), + self.security.encode_id( form_one.id ), + form_one.name ) + # Make sure the template fields are displayed on the library information page + field_dict = form_one.fields[ 0 ] + global form_one_field_label + form_one_field_label = '%s' % str( field_dict.get( 'label', 'Field 0' ) ) + global form_one_field_help + form_one_field_help = '%s' % str( field_dict.get( 'helptext', 'Field 0 help' ) ) + global form_one_field_required + form_one_field_required = '%s' % str( field_dict.get( 'required', 'optional' ) ).capitalize() + # Add information to the library using the template + global form_one_field_name + form_one_field_name = 'field_0' + contents = '%s library contents' % form_one_field_label + self.library_info( 'library_admin', + self.security.encode_id( library_one.id ), + library_one.name, + ele_1_field_name=form_one_field_name, + ele_1_contents=contents ) + def test_015_edit_template_contents_admin_view( self ): + """Test editing template contents from the Admin view""" + # Logged in as admin_user + # Make sure the template contents were from the previous method correctly saved + # Twill barfs if this test is run in the previous method. + contents = '%s library contents' % form_one_field_label + self.library_info( 'library_admin', + self.security.encode_id( library_one.id ), + library_one.name, + check_str1=contents ) + contents = '%s library contents' % form_one_field_label + contents_edited = contents + ' edited' + # Edit the contents and then save them + self.library_info( 'library_admin', + self.security.encode_id( library_one.id ), + library_one.name, + ele_1_field_name=form_one_field_name, + ele_1_contents=contents_edited ) + # Make sure the template contents were correctly saved + self.library_info( 'library_admin', + self.security.encode_id( library_one.id ), + library_one.name, + check_str1=contents_edited ) + def test_020_add_public_dataset_to_root_folder( self ): + """Testing adding a public dataset to the root folder, making sure library template is inherited""" + # Logged in as admin_user + message = 'Testing adding a public dataset to the root folder' + # The template should be inherited to the library dataset upload form. + template_contents = "%s contents for root folder 1.bed" % form_one_field_label + self.add_library_dataset( 'library_admin', + '1.bed', + self.security.encode_id( library_one.id ), + self.security.encode_id( library_one.root_folder.id ), + library_one.root_folder.name, + file_type='bed', + dbkey='hg18', + message=message.replace( ' ', '+' ), + root=True, + template_field_name1=form_one_field_name, + template_field_contents1=template_contents ) + global ldda_one + ldda_one = get_latest_ldda() + assert ldda_one is not None, 'Problem retrieving LibraryDatasetDatasetAssociation ldda_one from the database' + self.browse_library( 'library_admin', + self.security.encode_id( library_one.id ), + check_str1='1.bed', + check_str2=message, + check_str3=admin_user.email ) + # Make sure the library template contents were correctly saved + self.ldda_edit_info( 'library_admin', + self.security.encode_id( library_one.id ), + self.security.encode_id( library_one.root_folder.id ), + self.security.encode_id( ldda_one.id ), + ldda_one.name, + check_str1=template_contents ) + def test_025_add_new_folder_to_root_folder( self ): + """Testing adding a folder to a library root folder""" + # logged in as admin_user + root_folder = library_one.root_folder + name = "Root Folder's Folder One" + description = "This is the root folder's Folder One" + self.add_folder( 'library_admin', + self.security.encode_id( library_one.id ), + self.security.encode_id( root_folder.id ), + name=name, + description=description ) + global folder_one + folder_one = get_folder( root_folder.id, name, description ) + assert folder_one is not None, 'Problem retrieving library folder named "%s" from the database' % name + self.browse_library( 'library_admin', + self.security.encode_id( library_one.id ), + check_str1=name, + check_str2=description ) + # Make sure the template was inherited, but the contents were not + contents = '%s library contents' % form_one_field_label + self.folder_info( 'library_admin', + self.security.encode_id( folder_one.id ), + self.security.encode_id( library_one.id ), + check_str1=form_one_field_name, + not_displayed=contents ) + # Add contents to the inherited template + template_contents = "%s contents for Folder One" % form_one_field_label + self.folder_info( 'library_admin', + self.security.encode_id( folder_one.id ), + self.security.encode_id( library_one.id ), + field_name=form_one_field_name, + contents=template_contents ) + def test_030_add_subfolder_to_folder( self ): + """Testing adding a folder to a library folder""" + # logged in as admin_user + name = "Folder One's Subfolder" + description = "This is the Folder One's subfolder" + self.add_folder( 'library_admin', + self.security.encode_id( library_one.id ), + self.security.encode_id( folder_one.id ), + name=name, + description=description ) + global subfolder_one + subfolder_one = get_folder( folder_one.id, name, description ) + assert subfolder_one is not None, 'Problem retrieving library folder named "Folder Ones Subfolder" from the database' + self.browse_library( 'library_admin', + self.security.encode_id( library_one.id ), + check_str1=name, + check_str2=description ) + # Make sure the template was inherited, but the contents were not + contents = '%s library contents' % form_one_field_label + self.folder_info( 'library_admin', + self.security.encode_id( subfolder_one.id ), + self.security.encode_id( library_one.id ), + check_str1=form_one_field_name, + not_displayed=contents ) + # Add contents to the inherited template + template_contents = "%s contents for Folder One" % form_one_field_label + self.folder_info( 'library_admin', + self.security.encode_id( subfolder_one.id ), + self.security.encode_id( library_one.id ), + field_name=form_one_field_name, + contents=template_contents ) + def test_035_add_2nd_new_folder_to_root_folder( self ): + """Testing adding a 2nd folder to a library root folder""" + # logged in as admin_user + root_folder = library_one.root_folder + name = "Folder Two" + description = "This is the root folder's Folder Two" + self.add_folder( 'library_admin', + self.security.encode_id( library_one.id ), + self.security.encode_id( root_folder.id ), + name=name, + description=description ) + global folder_two + folder_two = get_folder( root_folder.id, name, description ) + assert folder_two is not None, 'Problem retrieving library folder named "%s" from the database' % name + self.browse_library( 'library_admin', + self.security.encode_id( library_one.id ), + check_str1=name, + check_str2=description ) + def test_040_add_public_dataset_to_root_folders_2nd_subfolder( self ): + """Testing adding a public dataset to the root folder's 2nd sub-folder""" + # Logged in as admin_user + message = "Testing adding a public dataset to the folder named %s" % folder_two.name + # The form_one template should be inherited to the library dataset upload form. + template_contents = "%s contents for %s 2.bed" % ( form_one_field_label, folder_two.name ) + self.add_library_dataset( 'library_admin', + '2.bed', + self.security.encode_id( library_one.id ), + self.security.encode_id( folder_two.id ), + folder_two.name, + file_type='bed', + dbkey='hg18', + message=message.replace( ' ', '+' ), + root=False, + template_field_name1=form_one_field_name, + template_field_contents1=template_contents ) + global ldda_two + ldda_two = get_latest_ldda() + assert ldda_two is not None, 'Problem retrieving LibraryDatasetDatasetAssociation ldda_two from the database' + self.browse_library( 'library_admin', + self.security.encode_id( library_one.id ), + check_str1='2.bed', + check_str2=message, + check_str3=admin_user.email ) + # Make sure the library template contents were correctly saved + self.ldda_edit_info( 'library_admin', + self.security.encode_id( library_one.id ), + self.security.encode_id( folder_two.id ), + self.security.encode_id( ldda_two.id ), + ldda_two.name, + check_str1=template_contents ) + def test_045_add_2nd_public_dataset_to_root_folders_2nd_subfolder( self ): + """Testing adding a 2nd public dataset to the root folder's 2nd sub-folder""" + # Logged in as admin_user + message = "Testing adding a 2nd public dataset to the folder named %s" % folder_two.name + # The form_one template should be inherited to the library dataset upload form. + template_contents = "%s contents for %s 3.bed" % ( form_one_field_label, folder_two.name ) + self.add_library_dataset( 'library_admin', + '3.bed', + self.security.encode_id( library_one.id ), + self.security.encode_id( folder_two.id ), + folder_two.name, + file_type='bed', + dbkey='hg18', + message=message.replace( ' ', '+' ), + root=False, + template_field_name1=form_one_field_name, + template_field_contents1=template_contents ) + global ldda_three + ldda_three = get_latest_ldda() + assert ldda_three is not None, 'Problem retrieving LibraryDatasetDatasetAssociation ldda_three from the database' + self.browse_library( 'library_admin', + self.security.encode_id( library_one.id ), + check_str1='3.bed', + check_str2=message, + check_str3=admin_user.email ) + # Make sure the library template contents were correctly saved + self.ldda_edit_info( 'library_admin', + self.security.encode_id( library_one.id ), + self.security.encode_id( folder_two.id ), + self.security.encode_id( ldda_three.id ), + ldda_three.name, + check_str1=template_contents ) + def test_050_copy_dataset_from_history_to_subfolder( self ): + """Testing copying a dataset from the current history to a subfolder""" + # logged in as admin_user + self.new_history() + self.upload_file( "4.bed" ) + latest_hda = get_latest_hda() + self.add_history_datasets_to_library( 'library_admin', + self.security.encode_id( library_one.id ), + self.security.encode_id( subfolder_one.id ), + subfolder_one.name, + self.security.encode_id( latest_hda.id ), + root=False ) + global ldda_four + ldda_four = get_latest_ldda() + assert ldda_four is not None, 'Problem retrieving LibraryDatasetDatasetAssociation ldda_four from the database' + # Make sure the correct template was inherited but the contents were not inherited + contents = "%s contents for Folder One's Subfolder" % form_one_field_label + self.ldda_edit_info( 'library_admin', + self.security.encode_id( library_one.id ), + self.security.encode_id( subfolder_one.id ), + self.security.encode_id( ldda_four.id ), + ldda_four.name, + check_str1=form_one_field_name, + not_displayed=contents ) + def test_055_editing_dataset_attribute_info( self ): + """Testing editing a library dataset's attribute information""" + # logged in as admin_user + new_ldda_name = '4.bed ( version 1 )' + self.ldda_edit_info( 'library_admin', + self.security.encode_id( library_one.id ), + self.security.encode_id( subfolder_one.id ), + self.security.encode_id( ldda_four.id ), + ldda_four.name, + new_ldda_name=new_ldda_name ) + refresh( ldda_four ) + self.browse_library( 'library_admin', self.security.encode_id( library_one.id ), check_str1=new_ldda_name ) + # Make sure the correct template was inherited but the contents were not inherited + contents = "%s contents for Folder One's Subfolder" % form_one_field_label + self.ldda_edit_info( 'library_admin', + self.security.encode_id( library_one.id ), + self.security.encode_id( subfolder_one.id ), + self.security.encode_id( ldda_four.id ), + ldda_four.name, + check_str1=form_one_field_name, + not_displayed=contents ) + def test_060_uploading_new_dataset_version( self ): + """Testing uploading a new version of a library dataset""" + # logged in as admin_user + message = 'Testing uploading a new version of a dataset' + # The form_one template should be inherited to the library dataset upload form. + template_contents = "%s contents for %s new version of 4.bed" % ( form_one_field_label, folder_one.name ) + self.upload_new_dataset_version( 'library_admin', + '4.bed', + self.security.encode_id( library_one.id ), + self.security.encode_id( subfolder_one.id ), + subfolder_one.name, + self.security.encode_id( ldda_four.library_dataset.id ), + ldda_four.name, + file_type='auto', + dbkey='hg18', + message=message.replace( ' ', '+' ), + template_field_name1=form_one_field_name, + template_field_contents1=template_contents ) + global ldda_four_version_two + ldda_four_version_two = get_latest_ldda() + assert ldda_four_version_two is not None, 'Problem retrieving LibraryDatasetDatasetAssociation ldda_four_version_two from the database' + # Make sure the correct template was inherited, but does not include any contents + contents = "%s contents for Folder One's Subfolder" % form_one_field_label + self.ldda_edit_info( 'library_admin', + self.security.encode_id( library_one.id ), + self.security.encode_id( subfolder_one.id ), + self.security.encode_id( ldda_four_version_two.id ), + ldda_four_version_two.name, + check_str1='This is the latest version of this library dataset', + not_displayed=contents ) + # Fill in the template contents + self.ldda_edit_info( 'library_admin', + self.security.encode_id( library_one.id ), + self.security.encode_id( subfolder_one.id ), + self.security.encode_id( ldda_four_version_two.id ), + ldda_four_version_two.name, + ele_1_field_name=form_one_field_name, + ele_1_contents=template_contents ) + # Check the previous version + self.ldda_edit_info( 'library_admin', + self.security.encode_id( library_one.id ), + self.security.encode_id( subfolder_one.id ), + self.security.encode_id( ldda_four.id ), + ldda_four.name, + check_str1='This is an expired version of this library dataset' ) + # Make sure ldda_four is no longer displayed in the library + self.browse_library( 'library_admin', + self.security.encode_id( library_one.id ), + not_displayed=ldda_four.name ) + def test_065_upload_directory_of_files_from_libraries_view( self ): + """Testing uploading a directory of files to a root folder from the Data Libraries view""" + # logged in as admin_user + # admin_user will not have the option to upload a directory of files from the + # Libraries view since a sub-directory named the same as their email is not contained + # in the configured user_library_import_dir. However, since members of role_one have + # the LIBRARY_ADD permission, we can test this feature as regular_user1 or regular_user3 + self.logout() + self.login( email=regular_user1.email ) + message = 'Uploaded all files in test-data/users/test1...' + # Since regular_user1 does not have any sub-directories contained within her configured + # user_library_import_dir, the only option in her server_dir select list will be the + # directory named the same as her email + check_str_after_submit = "Added 1 datasets to the library '%s' (each is selected)." % library_one.root_folder.name + # TODO: gvk( 3/12/10 )this is broken, so commenting until I have time to discover why... + """ + self.upload_directory_of_files( 'library', + self.security.encode_id( library_one.id ), + self.security.encode_id( library_one.root_folder.id ), + server_dir=regular_user1.email, + message=message, + check_str_after_submit=check_str_after_submit ) + self.browse_library( 'library', + self.security.encode_id( library_one.id ), + check_str1=regular_user1.email, + check_str2=message ) + self.logout() + self.login( regular_user3.email ) + message = 'Uploaded all files in test-data/users/test3.../run1' + # Since regular_user2 has a subdirectory contained within her configured user_library_import_dir, + # she will have a "None" option in her server_dir select list + self.upload_directory_of_files( 'library', + self.security.encode_id( library_one.id ), + self.security.encode_id( library_one.root_folder.id ), + server_dir='run1', + message=message, + check_str1='<option>None</option>', + check_str_after_submit=check_str_after_submit ) + self.browse_library( 'library', + self.security.encode_id( library_one.id ), + check_str1=regular_user3.email, + check_str2=message ) + """ + def test_070_download_archive_of_library_files( self ): + """Testing downloading an archive of files from the library""" + # logged in as regular_user3 + self.logout() + self.login( email=admin_user.email ) + for format in ( 'tbz', 'tgz', 'zip' ): + archive = self.download_archive_of_library_files( cntrller='library', + library_id=self.security.encode_id( library_one.id ), + ldda_ids=[ self.security.encode_id( ldda_one.id ), self.security.encode_id( ldda_two.id ) ], + format=format ) + self.check_archive_contents( archive, ( ldda_one, ldda_two ) ) + os.remove( archive ) + def test_075_mark_dataset_deleted( self ): + """Testing marking a library dataset as deleted""" + # Logged in as admin_user + self.delete_library_item( self.security.encode_id( library_one.id ), + self.security.encode_id( ldda_two.library_dataset.id ), + ldda_two.name, + item_type='library_dataset' ) + self.browse_library( 'library_admin', + self.security.encode_id( library_one.id ), + not_displayed=ldda_two.name ) + def test_080_display_and_hide_deleted_dataset( self ): + """Testing displaying and hiding a deleted library dataset""" + # Logged in as admin_user + self.browse_library( 'library_admin', + self.security.encode_id( library_one.id ), + show_deleted=True, + check_str1=ldda_two.name ) + self.browse_library( 'library_admin', + self.security.encode_id( library_one.id ), + not_displayed=ldda_two.name ) + def test_085_mark_folder_deleted( self ): + """Testing marking a library folder as deleted""" + # Logged in as admin_user + self.delete_library_item( self.security.encode_id( library_one.id ), + self.security.encode_id( folder_two.id ), + folder_two.name, + item_type='folder' ) + self.browse_library( 'library_admin', + self.security.encode_id( library_one.id ), + not_displayed=folder_two.name ) + def test_090_mark_folder_undeleted( self ): + """Testing marking a library folder as undeleted""" + # Logged in as admin_user + self.undelete_library_item( self.security.encode_id( library_one.id ), + self.security.encode_id( folder_two.id ), + folder_two.name, + item_type='folder' ) + # 2.bed was deleted before the folder was deleted, so state should have been saved. In order + # for 2.bed to be displayed, it would itself have to be marked undeleted. + self.browse_library( 'library_admin', + self.security.encode_id( library_one.id ), + check_str1=folder_two.name, + not_displayed=ldda_two.name ) + def test_095_mark_library_deleted( self ): + """Testing marking a library as deleted""" + # Logged in as admin_user + # First mark folder_two as deleted to further test state saving when we undelete the library + self.delete_library_item( self.security.encode_id( library_one.id ), + self.security.encode_id( folder_two.id ), + folder_two.name, + item_type='folder' ) + self.delete_library_item( self.security.encode_id( library_one.id ), + self.security.encode_id( library_one.id ), + library_one.name, + item_type='library' ) + self.browse_libraries_admin( not_displayed1=library_one.name ) + self.browse_libraries_admin( deleted=True, check_str1=library_one.name ) + def test_100_mark_library_undeleted( self ): + """Testing marking a library as undeleted""" + # Logged in as admin_user + self.undelete_library_item( self.security.encode_id( library_one.id ), + self.security.encode_id( library_one.id ), + library_one.name, + item_type='library' ) + self.browse_libraries_admin( check_str1=library_one.name ) + self.browse_library( 'library_admin', + self.security.encode_id( library_one.id ), + check_str1=library_one.name, + not_displayed=folder_two.name ) + def test_105_purge_library( self ): + """Testing purging a library""" + # Logged in as admin_user + self.delete_library_item( self.security.encode_id( library_one.id ), + self.security.encode_id( library_one.id ), + library_one.name, + item_type='library' ) + self.purge_library( self.security.encode_id( library_one.id ), library_one.name ) + # Make sure the library was purged + refresh( library_one ) + if not ( library_one.deleted and library_one.purged ): + raise AssertionError( 'The library id %s named "%s" has not been marked as deleted and purged.' % ( str( library_one.id ), library_one.name ) ) + def check_folder( library_folder ): + for folder in library_folder.folders: + refresh( folder ) + # Make sure all of the library_folders are purged + if not folder.purged: + raise AssertionError( 'The library_folder id %s named "%s" has not been marked purged.' % ( str( folder.id ), folder.name ) ) + check_folder( folder ) + # Make sure all of the LibraryDatasets and associated objects are deleted + refresh( library_folder ) + for library_dataset in library_folder.datasets: + refresh( library_dataset ) + ldda = library_dataset.library_dataset_dataset_association + if ldda: + refresh( ldda ) + if not ldda.deleted: + raise AssertionError( 'The library_dataset_dataset_association id %s named "%s" has not been marked as deleted.' % \ + ( str( ldda.id ), ldda.name ) ) + # Make sure all of the datasets have been deleted + dataset = ldda.dataset + refresh( dataset ) + if not dataset.deleted: + raise AssertionError( 'The dataset with id "%s" has not been marked as deleted when it should have been.' % \ + str( ldda.dataset.id ) ) + if not library_dataset.deleted: + raise AssertionError( 'The library_dataset id %s named "%s" has not been marked as deleted.' % \ + ( str( library_dataset.id ), library_dataset.name ) ) + check_folder( library_one.root_folder ) + def test_110_no_library_template( self ): + """Test library features when library has no template""" + # Logged in as admin_user + name = "library features Library Two" + description = "library features This is Library Two" + synopsis = "library features Library Two synopsis" + # Create a library, adding no template + self.create_library( name=name, description=description, synopsis=synopsis ) + self.browse_libraries_admin( check_str1=name, check_str2=description ) + global library_two + library_two = get_library( name, description, synopsis ) + assert library_two is not None, 'Problem retrieving library named "%s" from the database' % name + # Add a dataset to the library + self.add_library_dataset( 'library_admin', + '3.bed', + self.security.encode_id( library_two.id ), + self.security.encode_id( library_two.root_folder.id ), + library_two.root_folder.name, + file_type='bed', + dbkey='hg18', + message='', + root=True ) + ldda_three = get_latest_ldda() + assert ldda_three is not None, 'Problem retrieving LibraryDatasetDatasetAssociation ldda_three from the database' + self.browse_library( 'library_admin', + self.security.encode_id( library_two.id ), + check_str1='3.bed', + check_str2=admin_user.email ) + # TODO: add a functional test to cover adding a library dataset via url_paste here... + # TODO: Add a functional test to cover checking the space_to_tab checkbox here... + # Delete and purge the library + self.delete_library_item( self.security.encode_id( library_two.id ), + self.security.encode_id( library_two.id ), + library_two.name, + item_type='library' ) + self.purge_library( self.security.encode_id( library_two.id ), library_two.name ) + self.home() + def test_999_reset_data_for_later_test_runs( self ): + """Reseting data to enable later test runs to pass""" + # Logged in as admin_user + ################## + # Purge all libraries + ################## + for library in [ library_one, library_two ]: + self.delete_library_item( self.security.encode_id( library.id ), + self.security.encode_id( library.id ), + library.name, + item_type='library' ) + self.purge_library( self.security.encode_id( library.id ), library.name ) + ################## + # Make sure all users are associated only with their private roles + ################## + for user in [ admin_user, regular_user1, regular_user2, regular_user3 ]: + refresh( user ) + if len( user.roles) != 1: + raise AssertionError( '%d UserRoleAssociations are associated with %s ( should be 1 )' % ( len( user.roles ), user.email ) ) + self.logout() diff -r e39c9a2a0b4c -r 48e83411aa91 test/functional/test_library_security.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/functional/test_library_security.py Fri Mar 12 16:11:26 2010 -0500 @@ -0,0 +1,603 @@ +from base.twilltestcase import * +from base.test_db_util import * + +class TestLibrarySecurity( TwillTestCase ): + def test_000_initiate_users( self ): + """Ensuring all required user accounts exist""" + self.logout() + self.login( email='test1@bx.psu.edu' ) + global regular_user1 + regular_user1 = get_user( 'test1@bx.psu.edu' ) + assert regular_user1 is not None, 'Problem retrieving user with email "test1@bx.psu.edu" from the database' + global regular_user1_private_role + regular_user1_private_role = get_private_role( regular_user1 ) + self.logout() + self.login( email='test2@bx.psu.edu' ) + global regular_user2 + regular_user2 = get_user( 'test2@bx.psu.edu' ) + assert regular_user2 is not None, 'Problem retrieving user with email "test2@bx.psu.edu" from the database' + global regular_user2_private_role + regular_user2_private_role = get_private_role( regular_user2 ) + self.logout() + self.login( email='test3@bx.psu.edu' ) + global regular_user3 + regular_user3 = get_user( 'test3@bx.psu.edu' ) + assert regular_user3 is not None, 'Problem retrieving user with email "test3@bx.psu.edu" from the database' + global regular_user3_private_role + regular_user3_private_role = get_private_role( regular_user3 ) + self.logout() + self.login( email='test@bx.psu.edu' ) + global admin_user + admin_user = get_user( 'test@bx.psu.edu' ) + assert admin_user is not None, 'Problem retrieving user with email "test@bx.psu.edu" from the database' + global admin_user_private_role + admin_user_private_role = get_private_role( admin_user ) + def test_005_create_required_groups_and_roles( self ): + """Testing creating all required groups and roles for this script""" + # Logged in as admin_user + # Create role_one + name = 'library security Role One' + description = "library security This is Role One's description" + user_ids = [ str( admin_user.id ), str( regular_user1.id ), str( regular_user3.id ) ] + self.create_role( name=name, + description=description, + in_user_ids=user_ids, + in_group_ids=[], + create_group_for_role='no', + private_role=admin_user.email ) + # Get the role object for later tests + global role_one + role_one = get_role_by_name( name ) + # Create group_one + name = 'Group One' + self.create_group( name=name, in_user_ids=[ str( regular_user1.id ) ], in_role_ids=[ str( role_one.id ) ] ) + # Get the group object for later tests + global group_one + group_one = get_group_by_name( name ) + assert group_one is not None, 'Problem retrieving group named "Group One" from the database' + # NOTE: To get this to work with twill, all select lists on the ~/admin/role page must contain at least + # 1 option value or twill throws an exception, which is: ParseError: OPTION outside of SELECT + # Due to this bug in twill, we create the role, we bypass the page and visit the URL in the + # associate_users_and_groups_with_role() method. + # + #create role_two + name = 'library security Role Two' + description = 'library security This is Role Two' + user_ids = [ str( admin_user.id ) ] + group_ids = [ str( group_one.id ) ] + private_role = admin_user.email + self.create_role( name=name, + description=description, + in_user_ids=user_ids, + in_group_ids=group_ids, + private_role=private_role ) + # Get the role object for later tests + global role_two + role_two = get_role_by_name( name ) + assert role_two is not None, 'Problem retrieving role named "Role Two" from the database' + def test_010_create_library( self ): + """Testing creating a new library, then renaming it""" + # Logged in as admin_user + name = "library security Library1" + description = "library security Library1 description" + synopsis = "library security Library1 synopsis" + self.create_library( name=name, description=description, synopsis=synopsis ) + # Get the library object for later tests + global library_one + library_one = get_library( name, description, synopsis ) + assert library_one is not None, 'Problem retrieving library named "%s" from the database' % name + # Make sure library_one is public + assert 'access library' not in [ a.action for a in library_one.actions ], 'Library %s is not public when first created' % library_one.name + # Set permissions on the library, sort for later testing. + permissions_in = [ k for k, v in galaxy.model.Library.permitted_actions.items() ] + permissions_out = [] + # Role one members are: admin_user, regular_user1, regular_user3. Each of these users will be permitted for + # LIBRARY_ACCESS, LIBRARY_ADD, LIBRARY_MODIFY, LIBRARY_MANAGE on this library and it's contents. + self.library_permissions( self.security.encode_id( library_one.id ), + library_one.name, + str( role_one.id ), + permissions_in, + permissions_out ) + # Make sure the library is accessible by admin_user + self.visit_url( '%s/library/browse_libraries' % self.url ) + self.check_page_for_string( library_one.name ) + # Make sure the library is not accessible by regular_user2 since regular_user2 does not have Role1. + self.logout() + self.login( email=regular_user2.email ) + self.visit_url( '%s/library/browse_libraries' % self.url ) + try: + self.check_page_for_string( library_one.name ) + raise AssertionError, 'Library %s is accessible by %s when it should be restricted' % ( library_one.name, regular_user2.email ) + except: + pass + self.logout() + self.login( email=admin_user.email ) + def test_015_add_new_folder_to_root_folder( self ): + """Testing adding a folder to a library root folder""" + # logged in as admin_user + root_folder = library_one.root_folder + name = "Root Folder's Folder One" + description = "This is the root folder's Folder One" + self.add_folder( 'library_admin', + self.security.encode_id( library_one.id ), + self.security.encode_id( root_folder.id ), + name=name, + description=description ) + global folder_one + folder_one = get_folder( root_folder.id, name, description ) + assert folder_one is not None, 'Problem retrieving library folder named "%s" from the database' % name + def test_020_add_dataset_with_private_role_restriction_to_folder( self ): + """Testing adding a dataset with a private role restriction to a folder""" + # Logged in as admin_user + # + # Keep in mind that # LIBRARY_ACCESS = "Role One" on the whole library + # + # Add a dataset restricted by the following: + # DATASET_MANAGE_PERMISSIONS = "test@bx.psu.edu" via DefaultUserPermissions + # DATASET_ACCESS = "regular_user1" private role via this test method + # LIBRARY_ADD = "Role One" via inheritance from parent folder + # LIBRARY_MODIFY = "Role One" via inheritance from parent folder + # LIBRARY_MANAGE = "Role One" via inheritance from parent folder + # "Role One" members are: test@bx.psu.edu, test1@bx.psu.edu, test3@bx.psu.edu + # This means that only user test1@bx.psu.edu can see the dataset from the Libraries view + message ='This is a test of the fourth dataset uploaded' + self.add_library_dataset( 'library_admin', + '1.bed', + self.security.encode_id( library_one.id ), + self.security.encode_id( folder_one.id ), + folder_one.name, + file_type='bed', + dbkey='hg18', + roles=[ str( regular_user1_private_role.id ) ], + message=message.replace( ' ', '+' ), + root=False ) + global ldda_one + ldda_one = get_latest_ldda() + assert ldda_one is not None, 'Problem retrieving LibraryDatasetDatasetAssociation ldda_one from the database' + self.browse_library( 'library_admin', + self.security.encode_id( library_one.id ), + check_str1='1.bed', + check_str2=message, + check_str3=admin_user.email ) + def test_025_accessing_dataset_with_private_role_restriction( self ): + """Testing accessing a dataset with a private role restriction""" + # Logged in as admin_user + # + # Keep in mind that # LIBRARY_ACCESS = "Role One" on the whole library + # Role one members are: admin_user, regular_user1, regular_user3. Each of these users will be permitted for + # LIBRARY_ACCESS, LIBRARY_ADD, LIBRARY_MODIFY, LIBRARY_MANAGE on this library and it's contents. + # + # Legitimate roles displayed on the permission form are as follows: + # 'Role One' since the LIBRARY_ACCESS permission is associated with Role One. # Role one members are: admin_user, regular_user1, regular_user3. + # 'test@bx.psu.edu' ( admin_user's private role ) since admin_user has Role One + # 'Role Two' since admin_user has Role Two + # 'Role Three' since admin_user has Role Three + # 'test1@bx.psu.edu' ( regular_user1's private role ) since regular_user1 has Role One + # 'test3@bx.psu.edu' ( regular_user3's private role ) since regular_user3 has Role One + # + # admin_user should not be able to see 1.bed from the analysis view's access libraries + self.browse_library( 'library', + self.security.encode_id( library_one.id ), + not_displayed=folder_one.name, + not_displayed2='1.bed' ) + self.logout() + # regular_user1 should be able to see 1.bed from the analysis view's access librarys + # since it was associated with regular_user1's private role + self.login( email=regular_user1.email ) + self.browse_library( 'library', + self.security.encode_id( library_one.id ), + check_str1=folder_one.name, + check_str2='1.bed' ) + self.logout() + # regular_user2 should not be to see the library since they do not have + # Role One which is associated with the LIBRARY_ACCESS permission + self.login( email=regular_user2.email ) + self.browse_libraries_regular_user( check_str1="You are not authorized to access any libraries" ) + self.logout() + # regular_user3 should not be able to see 1.bed from the analysis view's access librarys + self.login( email=regular_user3.email ) + self.browse_library( 'library', + self.security.encode_id( library_one.id ), + not_displayed=folder_one.name, + not_displayed2='1.bed' ) + self.logout() + self.login( email=admin_user.email ) + def test_030_change_dataset_access_permission( self ): + """Testing changing the access permission on a dataset with a private role restriction""" + # Logged in as admin_user + # We need admin_user to be able to access 1.bed + permissions_in = [ k for k, v in galaxy.model.Dataset.permitted_actions.items() ] + for k, v in galaxy.model.Library.permitted_actions.items(): + if k != 'LIBRARY_ACCESS': + permissions_in.append( k ) + permissions_out = [] + # Attempt to associate multiple roles with the library dataset, with one of the + # roles being private. + role_ids_str = '%s,%s' % ( str( role_one.id ), str( admin_user_private_role.id ) ) + check_str = "At least 1 user must have every role associated with accessing datasets. " + check_str += "Since you are associating more than 1 role, no private roles are allowed." + self.ldda_permissions( 'library_admin', + self.security.encode_id( library_one.id ), + self.security.encode_id( folder_one.id ), + self.security.encode_id( ldda_one.id ), + role_ids_str, + permissions_in, + permissions_out, + check_str1=check_str ) + role_ids_str = str( role_one.id ) + self.ldda_permissions( 'library_admin', + self.security.encode_id( library_one.id ), + self.security.encode_id( folder_one.id ), + self.security.encode_id( ldda_one.id ), + role_ids_str, + permissions_in, + permissions_out ) + # admin_user should now be able to see 1.bed from the analysis view's access libraries + self.browse_library( 'library', + self.security.encode_id( library_one.id ), + check_str1=ldda_one.name ) + def test_035_add_dataset_with_role_associated_with_group_and_users( self ): + """Testing adding a dataset with a role that is associated with a group and users""" + # Logged in as admin_user + # Add a dataset restricted by role_two, which is currently associated as follows: + # groups: group_one + # users: test@bx.psu.edu, test1@bx.psu.edu via group_one + # + # We first need to make library_one public + permissions_in = [] + for k, v in galaxy.model.Library.permitted_actions.items(): + if k != 'LIBRARY_ACCESS': + permissions_in.append( k ) + permissions_out = [] + # Role one members are: admin_user, regular_user1, regular_user3. Each of these users will now be permitted for + # LIBRARY_ADD, LIBRARY_MODIFY, LIBRARY_MANAGE on this library and it's contents. The library will be public from + # this point on. + self.library_permissions( self.security.encode_id( library_one.id ), + library_one.name, + str( role_one.id ), + permissions_in, + permissions_out ) + refresh( library_one ) + message = 'Testing adding a dataset with a role that is associated with a group and users' + self.add_library_dataset( 'library_admin', + '2.bed', + self.security.encode_id( library_one.id ), + self.security.encode_id( folder_one.id ), + folder_one.name, + file_type='bed', + dbkey='hg17', + roles=[ str( role_two.id ) ], + message=message.replace( ' ', '+' ), + root=False ) + global ldda_two + ldda_two = get_latest_ldda() + assert ldda_two is not None, 'Problem retrieving LibraryDatasetDatasetAssociation ldda_two from the database' + self.browse_library( 'library', + self.security.encode_id( library_one.id ), + check_str1='2.bed', + check_str2=message, + check_str3=admin_user.email ) + def test_040_accessing_dataset_with_role_associated_with_group_and_users( self ): + """Testing accessing a dataset with a role that is associated with a group and users""" + # Logged in as admin_user + # admin_user should be able to see 2.bed since she is associated with role_two + self.browse_library( 'library', + self.security.encode_id( library_one.id ), + check_str1='2.bed', + check_str2=admin_user.email ) + self.logout() + # regular_user1 should be able to see 2.bed since she is associated with group_two + self.login( email = 'test1@bx.psu.edu' ) + self.browse_library( 'library', + self.security.encode_id( library_one.id ), + check_str1=folder_one.name, + check_str2='2.bed', + check_str3=admin_user.email ) + # Check the permissions on the dataset 2.bed - they are as folows: + # DATASET_MANAGE_PERMISSIONS = test@bx.psu.edu + # DATASET_ACCESS = Role Two + # Role Two associations: test@bx.psu.edu and Group Two + # Group Two members: Role One, Role Two, test1@bx.psu.edu + # Role One associations: test@bx.psu.edu, test1@bx.psu.edu, test3@bx.psu.edu + # LIBRARY_ADD = Role One + # Role One aassociations: test@bx.psu.edu, test1@bx.psu.edu, test3@bx.psu.edu + # LIBRARY_MODIFY = Role One + # Role One aassociations: test@bx.psu.edu, test1@bx.psu.edu, test3@bx.psu.edu + # LIBRARY_MANAGE = Role One + # Role One aassociations: test@bx.psu.edu, test1@bx.psu.edu, test3@bx.psu.edu + self.ldda_edit_info( 'library', + self.security.encode_id( library_one.id ), + self.security.encode_id( folder_one.id ), + self.security.encode_id( ldda_two.id ), + ldda_two.name, + check_str1='2.bed', + check_str2='This is the latest version of this library dataset', + check_str3='Edit attributes of 2.bed' ) + self.act_on_multiple_datasets( 'library', + self.security.encode_id( library_one.id ), + 'import_to_history', + ldda_ids=self.security.encode_id( ldda_two.id ), + check_str1='1 dataset(s) have been imported into your history' ) + self.logout() + # regular_user2 should not be able to see 2.bed + self.login( email = 'test2@bx.psu.edu' ) + self.browse_library( 'library', + self.security.encode_id( library_one.id ), + not_displayed=folder_one.name, + not_displayed2='2.bed' ) + + self.logout() + # regular_user3 should not be able to see folder_one ( even though it does not contain any datasets that she + # can access ) since she has Role One, and Role One has all library permissions ( see above ). + self.login( email = 'test3@bx.psu.edu' ) + self.browse_library( 'library', + self.security.encode_id( library_one.id ), + check_str1=folder_one.name, + not_displayed='2.bed' ) + self.logout() + self.login( email='test@bx.psu.edu' ) + def test_045_upload_directory_of_files_from_admin_view( self ): + """Testing uploading a directory of files to a root folder from the Admin view""" + # logged in as admin_user + message = 'This is a test for uploading a directory of files' + check_str_after_submit="Added 3 datasets to the library '%s' (each is selected)." % library_one.root_folder.name + self.upload_directory_of_files( 'library_admin', + self.security.encode_id( library_one.id ), + self.security.encode_id( library_one.root_folder.id ), + server_dir='library', + message=message, + check_str_after_submit=check_str_after_submit ) + self.browse_library( 'library_admin', + self.security.encode_id( library_one.id ), + check_str1=admin_user.email, + check_str2=message ) + def test_050_change_permissions_on_datasets_uploaded_from_library_dir( self ): + """Testing changing the permissions on datasets uploaded from a directory from the Admin view""" + # logged in as admin_user + # It would be nice if twill functioned such that the above test resulted in a + # form with the uploaded datasets selected, but it does not ( they're not checked ), + # so we'll have to simulate this behavior ( not ideal ) for the 'edit' action. We + # first need to get the ldda.id for the 3 new datasets + latest_3_lddas = get_latest_lddas( 3 ) + ldda_ids = '' + for ldda in latest_3_lddas: + ldda_ids += '%s,' % self.security.encode_id( ldda.id ) + ldda_ids = ldda_ids.rstrip( ',' ) + # Set permissions + self.ldda_permissions( 'library_admin', + self.security.encode_id( library_one.id ), + self.security.encode_id( folder_one.id ), + ldda_ids, + str( role_one.id ), + permissions_in=[ 'DATASET_ACCESS', 'LIBRARY_MANAGE' ], + check_str1='Permissions have been updated on 3 datasets' ) + # Make sure the permissions have been correctly updated for the 3 datasets. Permissions should + # be all of the above on any of the 3 datasets that are imported into a history. + def check_edit_page( lddas, check_str1='', check_str2='', check_str3='', check_str4='', + not_displayed1='', not_displayed2='', not_displayed3='' ): + for ldda in lddas: + # Import each library dataset into our history + self.act_on_multiple_datasets( 'library', + self.security.encode_id( library_one.id ), + 'import_to_history', + ldda_ids=self.security.encode_id( ldda.id ) ) + # Determine the new HistoryDatasetAssociation id created when the library dataset was imported into our history + last_hda_created = get_latest_hda() + self.edit_hda_attribute_info( str( last_hda_created.id ), + check_str1=check_str1, + check_str2=check_str2, + check_str3=check_str3, + check_str4=check_str4 ) + # admin_user is associated with role_one, so should have all permissions on imported datasets + check_edit_page( latest_3_lddas, + check_str1='Manage dataset permissions on', + check_str2='Role members can manage the roles associated with permissions on this dataset', + check_str3='Role members can import this dataset into their history for analysis' ) + self.logout() + # regular_user1 is associated with role_one, so should have all permissions on imported datasets + self.login( email='test1@bx.psu.edu' ) + check_edit_page( latest_3_lddas ) + self.logout() + # Since regular_user2 is not associated with role_one, she should not have + # access to any of the 3 datasets, so she will not see folder_one on the libraries page + self.login( email='test2@bx.psu.edu' ) + self.browse_library( 'library', + self.security.encode_id( library_one.id ), + not_displayed=folder_one.name ) + self.logout() + # regular_user3 is associated with role_one, so should have all permissions on imported datasets + self.login( email='test3@bx.psu.edu' ) + check_edit_page( latest_3_lddas ) + self.logout() + self.login( email='test@bx.psu.edu' ) + # Change the permissions and test again + self.ldda_permissions( 'library_admin', + self.security.encode_id( library_one.id ), + self.security.encode_id( folder_one.id ), + ldda_ids, + str( role_one.id ), + permissions_in=[ 'DATASET_ACCESS' ], + check_str1='Permissions have been updated on 3 datasets' ) + check_edit_page( latest_3_lddas, + check_str1='View Permissions', + not_displayed1='Manage dataset permissions on', + not_displayed2='Role members can manage roles associated with permissions on this library item', + not_displayed3='Role members can import this dataset into their history for analysis' ) + def test_055_library_permissions( self ): + """Test library permissions""" + # Logged in as admin_user + form_name = 'Library template Form One' + form_desc = 'This is Form One' + form_type = galaxy.model.FormDefinition.types.LIBRARY_INFO_TEMPLATE + # Create form for library template + self.create_form( name=form_name, desc=form_desc, formtype=form_type ) + global form_one + form_one = get_form( form_name ) + assert form_one is not None, 'Problem retrieving form named (%s) from the database' % form_name + # Make sure the template fields are displayed on the library information page + field_dict = form_one.fields[ 0 ] + global form_one_field_label + form_one_field_label = '%s' % str( field_dict.get( 'label', 'Field 0' ) ) + global form_one_field_help + form_one_field_help = '%s' % str( field_dict.get( 'helptext', 'Field 0 help' ) ) + global form_one_field_required + form_one_field_required = '%s' % str( field_dict.get( 'required', 'optional' ) ).capitalize() + # Add information to the library using the template + global form_one_field_name + form_one_field_name = 'field_0' + # Create a library, adding no template + name = "library security Library Two" + description = "library security This is Library Two" + synopsis = "library security Library Two synopsis" + self.create_library( name=name, description=description, synopsis=synopsis ) + self.browse_libraries_admin( check_str1=name, check_str2=description ) + global library_two + library_two = get_library( name, description, synopsis ) + assert library_two is not None, 'Problem retrieving library named "%s" from the database' % name + # Set library permissions for regular_user1 and regular_user2. Each of these users will be permitted to + # LIBRARY_ADD, LIBRARY_MODIFY, LIBRARY_MANAGE for library items. + permissions_in = [ k for k, v in galaxy.model.Library.permitted_actions.items() ] + permissions_out = [] + role_ids_str = '%s,%s' % ( str( regular_user1_private_role.id ), str( regular_user2_private_role.id ) ) + self.library_permissions( self.security.encode_id( library_two.id ), + library_two.name, + role_ids_str, + permissions_in, + permissions_out ) + self.logout() + # Login as regular_user1 and make sure they can see the library + self.login( email=regular_user1.email ) + self.browse_libraries_regular_user( check_str1=name ) + self.logout() + # Login as regular_user2 and make sure they can see the library + self.login( email=regular_user2.email ) + self.browse_libraries_regular_user( check_str1=name ) + # Add a dataset to the library + message = 'Testing adding 1.bed to Library Two root folder' + self.add_library_dataset( 'library', + '1.bed', + self.security.encode_id( library_two.id ), + self.security.encode_id( library_two.root_folder.id ), + library_two.root_folder.name, + file_type='bed', + dbkey='hg18', + message=message, + root=True ) + # Add a folder to the library + name = "Root Folder's Folder X" + description = "This is the root folder's Folder X" + self.add_folder( 'library', + self.security.encode_id( library_two.id ), + self.security.encode_id( library_two.root_folder.id ), + name=name, + description=description ) + global folder_x + folder_x = get_folder( library_two.root_folder.id, name, description ) + # Add an information template to the folder + template_name = 'Folder Template 1' + self.add_library_template( 'library', + 'folder', + self.security.encode_id( library_one.id ), + self.security.encode_id( form_one.id ), + form_one.name, + folder_id=self.security.encode_id( folder_x.id ) ) + # Modify the folder's information + contents = '%s folder contents' % form_one_field_label + new_name = "Root Folder's Folder Y" + new_description = "This is the root folder's Folder Y" + self.folder_info( 'library', + self.security.encode_id( folder_x.id ), + self.security.encode_id( library_two.id ), + name, + new_name, + new_description, + contents=contents, + field_name=form_one_field_name ) + # Twill barfs when self.check_page_for_string() is called after dealing with an information template, + # the exception is: TypeError: 'str' object is not callable + # the work-around it to end this method so any calls are in the next method. + def test_060_template_features_and_permissions( self ): + """Test library template and more permissions behavior from the Data Libraries view""" + # Logged in as regular_user2 + refresh( folder_x ) + # Add a dataset to the folder + message = 'Testing adding 2.bed to Library Three root folder' + self.add_library_dataset( 'library', + '2.bed', + self.security.encode_id( library_two.id ), + self.security.encode_id( folder_x.id ), + folder_x.name, + file_type='bed', + dbkey='hg18', + message=message.replace( ' ', '+' ), + root=False ) + global ldda_x + ldda_x = get_latest_ldda() + assert ldda_x is not None, 'Problem retrieving ldda_x from the database' + # Add an information template to the library + template_name = 'Library Template 3' + self.add_library_template( 'library', + 'library', + self.security.encode_id( library_two.id ), + self.security.encode_id( form_one.id ), + form_one.name ) + # Add information to the library using the template + contents = '%s library contents' % form_one_field_label + self.visit_url( '%s/library_common/library_info?cntrller=library&id=%s' % ( self.url, self.security.encode_id( library_two.id ) ) ) + # There are 2 forms on this page and the template is the 2nd form + tc.fv( '2', form_one_field_name, contents ) + tc.submit( 'edit_info_button' ) + # For some reason, the following check: + # self.check_page_for_string ( 'The information has been updated.' ) + # ...throws the following exception - I have not idea why! + # TypeError: 'str' object is not callable + # The work-around is to not make ANY self.check_page_for_string() calls until the next method + def test_065_permissions_as_different_regular_user( self ): + """Test library template and more permissions behavior from the Data Libraries view as a different user""" + # Logged in as regular_user2 + self.logout() + self.login( email=regular_user1.email ) + self.browse_library( 'library', + self.security.encode_id( library_two.id ), + check_str1=ldda_x.name ) + def test_999_reset_data_for_later_test_runs( self ): + """Reseting data to enable later test runs to pass""" + # Logged in as regular_user1 + self.logout() + self.login( email=admin_user.email ) + ################## + # Purge all libraries + ################## + for library in [ library_one, library_two ]: + self.delete_library_item( self.security.encode_id( library.id ), + self.security.encode_id( library.id ), + library.name, + item_type='library' ) + self.purge_library( self.security.encode_id( library.id ), library.name ) + ################## + # Eliminate all non-private roles + ################## + for role in [ role_one, role_two ]: + self.mark_role_deleted( self.security.encode_id( role.id ), role.name ) + self.purge_role( self.security.encode_id( role.id ), role.name ) + # Manually delete the role from the database + refresh( role ) + sa_session.delete( role ) + sa_session.flush() + ################## + # Eliminate all groups + ################## + for group in [ group_one ]: + self.mark_group_deleted( self.security.encode_id( group.id ), group.name ) + self.purge_group( self.security.encode_id( group.id ), group.name ) + # Manually delete the group from the database + refresh( group ) + sa_session.delete( group ) + sa_session.flush() + ################## + # Make sure all users are associated only with their private roles + ################## + for user in [ admin_user, regular_user1, regular_user2, regular_user3 ]: + refresh( user ) + if len( user.roles) != 1: + raise AssertionError( '%d UserRoleAssociations are associated with %s ( should be 1 )' % ( len( user.roles ), user.email ) ) diff -r e39c9a2a0b4c -r 48e83411aa91 test/functional/test_security_and_libraries.py --- a/test/functional/test_security_and_libraries.py Fri Mar 12 14:27:04 2010 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,2141 +0,0 @@ -import galaxy.model -from galaxy.model.orm import * -from galaxy.model.mapping import context as sa_session -from base.twilltestcase import * - -not_logged_in_security_msg = 'You must be logged in as an administrator to access this feature.' -logged_in_security_msg = 'You must be an administrator to access this feature.' - -import sys -class TestSecurityAndLibraries( TwillTestCase ): - def test_000_admin_features_when_not_logged_in( self ): - """Testing admin_features when not logged in""" - self.logout() - self.visit_url( "%s/admin" % self.url ) - self.check_page_for_string( not_logged_in_security_msg ) - self.visit_url( "%s/admin/reload_tool?tool_id=upload1" % self.url ) - self.check_page_for_string( not_logged_in_security_msg ) - self.visit_url( "%s/admin/roles" % self.url ) - self.check_page_for_string( not_logged_in_security_msg ) - self.visit_url( "%s/admin/create_role" % self.url ) - self.check_page_for_string( not_logged_in_security_msg ) - self.visit_url( "%s/admin/create_role" % self.url ) - self.check_page_for_string( not_logged_in_security_msg ) - self.visit_url( "%s/admin/manage_users_and_groups_for_role" % self.url ) - self.check_page_for_string( not_logged_in_security_msg ) - self.visit_url( "%s/admin/groups" % self.url ) - self.check_page_for_string( not_logged_in_security_msg ) - self.visit_url( "%s/admin/create_group" % self.url ) - self.check_page_for_string( not_logged_in_security_msg ) - self.check_page_for_string( not_logged_in_security_msg ) - self.visit_url( "%s/admin/users" % self.url ) - self.check_page_for_string( not_logged_in_security_msg ) - def test_005_login_as_admin_user( self ): - """Testing logging in as an admin user test@bx.psu.edu - tests initial settings for DefaultUserPermissions and DefaultHistoryPermissions""" - self.login( email='test@bx.psu.edu' ) # test@bx.psu.edu is configured as our admin user - self.visit_page( "admin" ) - self.check_page_for_string( 'Administration' ) - global admin_user - admin_user = sa_session.query( galaxy.model.User ) \ - .filter( galaxy.model.User.table.c.email=='test@bx.psu.edu' ) \ - .first() - assert admin_user is not None, 'Problem retrieving user with email "test@bx.psu.edu" from the database' - # Get the admin user's private role for later use - global admin_user_private_role - admin_user_private_role = None - for role in admin_user.all_roles(): - if role.name == admin_user.email and role.description == 'Private Role for %s' % admin_user.email: - admin_user_private_role = role - break - if not admin_user_private_role: - raise AssertionError( "Private role not found for user '%s'" % admin_user.email ) - # Make sure DefaultUserPermissions are correct - if len( admin_user.default_permissions ) > 1: - raise AssertionError( '%d DefaultUserPermissions associated with user %s ( should be 1 )' \ - % ( len( admin_user.default_permissions ), admin_user.email ) ) - dup = sa_session.query( galaxy.model.DefaultUserPermissions ) \ - .filter( galaxy.model.DefaultUserPermissions.table.c.user_id==admin_user.id ) \ - .first() - if not dup.action == galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action: - raise AssertionError( 'The DefaultUserPermission.action for user "%s" is "%s", but it should be "%s"' \ - % ( admin_user.email, dup.action, galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action ) ) - # Make sure DefaultHistoryPermissions are correct - # Logged in as admin_user - latest_history = sa_session.query( galaxy.model.History ) \ - .filter( and_( galaxy.model.History.table.c.deleted==False, - galaxy.model.History.table.c.user_id==admin_user.id ) ) \ - .order_by( desc( galaxy.model.History.table.c.create_time ) ) \ - .first() - if len( latest_history.default_permissions ) > 1: - raise AssertionError( '%d DefaultHistoryPermissions were created for history id %d when it was created ( should have been 1 )' \ - % ( len( latest_history.default_permissions ), latest_history.id ) ) - dhp = sa_session.query( galaxy.model.DefaultHistoryPermissions ) \ - .filter( galaxy.model.DefaultHistoryPermissions.table.c.history_id==latest_history.id ) \ - .first() - if not dhp.action == galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action: - raise AssertionError( 'The DefaultHistoryPermission.action for history id %d is "%s", but it should be "%s"' \ - % ( latest_history.id, dhp.action, galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action ) ) - self.home() - self.visit_url( "%s/admin/manage_roles_and_groups_for_user?id=%s" % ( self.url, self.security.encode_id( admin_user.id ) ) ) - self.check_page_for_string( admin_user.email ) - # Try deleting the admin_user's private role - check_str = "You cannot eliminate a user's private role association." - self.associate_roles_and_groups_with_user( self.security.encode_id( admin_user.id ), admin_user.email, - out_role_ids=str( admin_user_private_role.id ), - check_str=check_str ) - self.logout() - def test_010_login_as_regular_user1( self ): - """Testing logging in as regular user test1@bx.psu.edu - tests private role creation and changing DefaultHistoryPermissions for new histories""" - # Some of the history related tests here are similar to some tests in the - # test_history_functions.py script, so we could potentially eliminate 1 or 2 of them. - self.login( email='test1@bx.psu.edu' ) # test1@bx.psu.edu is not an admin user - global regular_user1 - regular_user1 = sa_session.query( galaxy.model.User ) \ - .filter( galaxy.model.User.table.c.email=='test1@bx.psu.edu' ) \ - .first() - assert regular_user1 is not None, 'Problem retrieving user with email "test1@bx.psu.edu" from the database' - self.visit_page( "admin" ) - self.check_page_for_string( logged_in_security_msg ) - # Make sure a private role exists for regular_user1 - private_role = None - for role in regular_user1.all_roles(): - if role.name == regular_user1.email and role.description == 'Private Role for %s' % regular_user1.email: - private_role = role - break - if not private_role: - raise AssertionError( "Private role not found for user '%s'" % regular_user1.email ) - global regular_user1_private_role - regular_user1_private_role = private_role - # Add a dataset to the history - self.upload_file( '1.bed' ) - latest_dataset = sa_session.query( galaxy.model.Dataset ) \ - .order_by( desc( galaxy.model.Dataset.table.c.create_time ) ) \ - .first() - # Make sure DatasetPermissions is correct - default is 'manage permissions' - if len( latest_dataset.actions ) > 1: - actions = [ a.action for a in latest_dataset.actions ] - raise AssertionError( '%d DatasetPermissions (%s) were created for dataset id %d when it was created ( should have been 1 )' \ - % ( len( latest_dataset.actions ), str( actions ), latest_dataset.id ) ) - dp = sa_session.query( galaxy.model.DatasetPermissions ) \ - .filter( galaxy.model.DatasetPermissions.table.c.dataset_id==latest_dataset.id ) \ - .first() - if not dp.action: - raise AssertionError( 'The Dataset id %d has no associated DatasetPermissions when is should have "manage permissions".' \ - % latest_dataset.id ) - elif not dp.action == galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action: - raise AssertionError( 'The DatasetPermissions.action for dataset id %d is "%s", but it should be "manage permissions"' \ - % ( latest_dataset.id, dp.action ) ) - # Change DefaultHistoryPermissions for regular_user1 - permissions_in = [] - actions_in = [] - for key, value in galaxy.model.Dataset.permitted_actions.items(): - # NOTE: setting the 'access' permission with the private role makes this dataset private - permissions_in.append( key ) - actions_in.append( value.action ) - # Sort actions for later comparison - actions_in.sort() - role_id = str( private_role.id ) - self.user_set_default_permissions( permissions_in=permissions_in, role_id=role_id ) - # Make sure the default permissions are changed for new histories - self.new_history() - # logged in as regular_user1 - latest_history = sa_session.query( galaxy.model.History ) \ - .filter( and_( galaxy.model.History.table.c.deleted==False, - galaxy.model.History.table.c.user_id==regular_user1.id ) ) \ - .order_by( desc( galaxy.model.History.table.c.create_time ) ) \ - .first() - if len( latest_history.default_permissions ) != len( galaxy.model.Dataset.permitted_actions.items() ): - raise AssertionError( '%d DefaultHistoryPermissions were created for history id %d, should have been %d' % \ - ( len( latest_history.default_permissions ), latest_history.id, len( galaxy.model.Dataset.permitted_actions.items() ) ) ) - dhps = [] - for dhp in latest_history.default_permissions: - dhps.append( dhp.action ) - # Sort permissions for later comparison - dhps.sort() - for key, value in galaxy.model.Dataset.permitted_actions.items(): - if value.action not in dhps: - raise AssertionError( '%s not in history id %d default_permissions after they were changed' % ( value.action, latest_history.id ) ) - # Add a dataset to the history - self.upload_file( '1.bed' ) - latest_dataset = sa_session.query( galaxy.model.Dataset ).order_by( desc( galaxy.model.Dataset.table.c.create_time ) ).first() - # Make sure DatasetPermissionss are correct - if len( latest_dataset.actions ) != len( latest_history.default_permissions ): - raise AssertionError( '%d DatasetPermissionss were created for dataset id %d when it was created ( should have been %d )' % \ - ( len( latest_dataset.actions ), latest_dataset.id, len( latest_history.default_permissions ) ) ) - dps = [] - for dp in latest_dataset.actions: - dps.append( dp.action ) - # Sort actions for later comparison - dps.sort() - # Compare DatasetPermissions with permissions_in - should be the same - if dps != actions_in: - raise AssertionError( 'DatasetPermissionss "%s" for dataset id %d differ from changed default permissions "%s"' \ - % ( str( dps ), latest_dataset.id, str( actions_in ) ) ) - # Compare DefaultHistoryPermissions and DatasetPermissionss - should be the same - if dps != dhps: - raise AssertionError( 'DatasetPermissionss "%s" for dataset id %d differ from DefaultHistoryPermissions "%s" for history id %d' \ - % ( str( dps ), latest_dataset.id, str( dhps ), latest_history.id ) ) - self.logout() - - def test_015_login_as_regular_user2( self ): - """Testing logging in as regular user test2@bx.psu.edu - tests changing DefaultHistoryPermissions for the current history""" - email = 'test2@bx.psu.edu' - self.login( email=email ) # This will not be an admin user - global regular_user2 - regular_user2 = sa_session.query( galaxy.model.User ) \ - .filter( galaxy.model.User.table.c.email==email ) \ - .first() - assert regular_user2 is not None, 'Problem retrieving user with email "" from the database' % email - # Logged in as regular_user2 - latest_history = sa_session.query( galaxy.model.History ) \ - .filter( and_( galaxy.model.History.table.c.deleted==False, - galaxy.model.History.table.c.user_id==regular_user2.id ) ) \ - .order_by( desc( galaxy.model.History.table.c.create_time ) ) \ - .first() - self.upload_file( '1.bed' ) - latest_dataset = sa_session.query( galaxy.model.Dataset ).order_by( desc( galaxy.model.Dataset.table.c.create_time ) ).first() - permissions_in = [ 'DATASET_MANAGE_PERMISSIONS' ] - # Make sure these are in sorted order for later comparison - actions_in = [ 'manage permissions' ] - permissions_out = [ 'DATASET_ACCESS' ] - actions_out = [ 'access' ] - global regular_user2_private_role - regular_user2_private_role = None - for role in regular_user2.all_roles(): - if role.name == regular_user2.email and role.description == 'Private Role for %s' % regular_user2.email: - regular_user2_private_role = role - break - if not regular_user2_private_role: - raise AssertionError( "Private role not found for user '%s'" % regular_user2.email ) - role_id = str( regular_user2_private_role.id ) - # Change DefaultHistoryPermissions for the current history - self.history_set_default_permissions( permissions_out=permissions_out, permissions_in=permissions_in, role_id=role_id ) - if len( latest_history.default_permissions ) != len( actions_in ): - raise AssertionError( '%d DefaultHistoryPermissions were created for history id %d, should have been %d' \ - % ( len( latest_history.default_permissions ), latest_history.id, len( permissions_in ) ) ) - # Make sure DefaultHistoryPermissions were correctly changed for the current history - dhps = [] - for dhp in latest_history.default_permissions: - dhps.append( dhp.action ) - # Sort permissions for later comparison - dhps.sort() - # Compare DefaultHistoryPermissions and actions_in - should be the same - if dhps != actions_in: - raise AssertionError( 'DefaultHistoryPermissions "%s" for history id %d differ from actions "%s" passed for changing' \ - % ( str( dhps ), latest_history.id, str( actions_in ) ) ) - # Make sure DatasetPermissionss are correct - if len( latest_dataset.actions ) != len( latest_history.default_permissions ): - raise AssertionError( '%d DatasetPermissionss were created for dataset id %d when it was created ( should have been %d )' \ - % ( len( latest_dataset.actions ), latest_dataset.id, len( latest_history.default_permissions ) ) ) - dps = [] - for dp in latest_dataset.actions: - dps.append( dp.action ) - # Sort actions for comparison - dps.sort() - # Compare DatasetPermissionss and DefaultHistoryPermissions - should be the same - if dps != dhps: - raise AssertionError( 'DatasetPermissionss "%s" for dataset id %d differ from DefaultHistoryPermissions "%s"' \ - % ( str( dps ), latest_dataset.id, str( dhps ) ) ) - self.logout() - def test_020_create_new_user_account_as_admin( self ): - """Testing creating a new user account as admin""" - self.login( email=admin_user.email ) - email = 'test3@bx.psu.edu' - password = 'testuser' - previously_created = self.create_new_account_as_admin( email=email, password=password ) - # Get the user object for later tests - global regular_user3 - regular_user3 = sa_session.query( galaxy.model.User ).filter( galaxy.model.User.table.c.email==email ).first() - assert regular_user3 is not None, 'Problem retrieving user with email "%s" from the database' % email - global regular_user3_private_role - regular_user3_private_role = None - for role in regular_user3.all_roles(): - if role.name == regular_user3.email and role.description == 'Private Role for %s' % regular_user3.email: - regular_user3_private_role = role - break - if not regular_user3_private_role: - raise AssertionError( "Private role not found for user '%s'" % regular_user3.email ) - # Make sure DefaultUserPermissions were created - if not regular_user3.default_permissions: - raise AssertionError( 'No DefaultUserPermissions were created for user %s when the admin created the account' % email ) - # Make sure a private role was created for the user - if not regular_user3.roles: - raise AssertionError( 'No UserRoleAssociations were created for user %s when the admin created the account' % email ) - if not previously_created and len( regular_user3.roles ) != 1: - raise AssertionError( '%d UserRoleAssociations were created for user %s when the admin created the account ( should have been 1 )' \ - % ( len( regular_user3.roles ), regular_user3.email ) ) - for ura in regular_user3.roles: - role = sa_session.query( galaxy.model.Role ).get( ura.role_id ) - if not previously_created and role.type != 'private': - raise AssertionError( 'Role created for user %s when the admin created the account is not private, type is' \ - % str( role.type ) ) - if not previously_created: - # Make sure a history was not created ( previous test runs may have left deleted histories ) - histories = sa_session.query( galaxy.model.History ) \ - .filter( and_( galaxy.model.History.table.c.user_id==regular_user3.id, - galaxy.model.History.table.c.deleted==False ) ) \ - .all() - if histories: - raise AssertionError( 'Histories were incorrectly created for user %s when the admin created the account' % email ) - # Make sure the user was not associated with any groups - if regular_user3.groups: - raise AssertionError( 'Groups were incorrectly associated with user %s when the admin created the account' % email ) - def test_025_reset_password_as_admin( self ): - """Testing reseting a user password as admin""" - email = 'test3@bx.psu.edu' - self.reset_password_as_admin( user_id=self.security.encode_id( regular_user3.id ), password='testreset' ) - self.logout() - def test_030_login_after_password_reset( self ): - """Testing logging in after an admin reset a password - tests DefaultHistoryPermissions for accounts created by an admin""" - self.login( email='test3@bx.psu.edu', password='testreset' ) - # Make sure a History and HistoryDefaultPermissions exist for the user - # Logged in as regular_user3 - latest_history = sa_session.query( galaxy.model.History ) \ - .filter( and_( galaxy.model.History.table.c.deleted==False, - galaxy.model.History.table.c.user_id==regular_user3.id ) ) \ - .order_by( desc( galaxy.model.History.table.c.create_time ) ) \ - .first() - if not latest_history.user_id == regular_user3.id: - raise AssertionError( 'A history was not created for user %s when he logged in' % email ) - if not latest_history.default_permissions: - raise AssertionError( 'No DefaultHistoryPermissions were created for history id %d when it was created' % latest_history.id ) - if len( latest_history.default_permissions ) > 1: - raise AssertionError( 'More than 1 DefaultHistoryPermissions were created for history id %d when it was created' % latest_history.id ) - dhp = sa_session.query( galaxy.model.DefaultHistoryPermissions ) \ - .filter( galaxy.model.DefaultHistoryPermissions.table.c.history_id==latest_history.id ) \ - .first() - if not dhp.action == galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action: - raise AssertionError( 'The DefaultHistoryPermission.action for history id %d is "%s", but it should be "manage permissions"' \ - % ( latest_history.id, dhp.action ) ) - # Upload a file to create a HistoryDatasetAssociation - self.upload_file( '1.bed' ) - latest_dataset = sa_session.query( galaxy.model.Dataset ).order_by( desc( galaxy.model.Dataset.table.c.create_time ) ).first() - for dp in latest_dataset.actions: - # Should only have 1 DatasetPermissions - if dp.action != galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action: - raise AssertionError( 'The DatasetPermissions for dataset id %d is %s ( should have been %s )' \ - % ( latest_dataset.id, - latest_dataset.actions.action, - galaxy.model.Dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS.action ) ) - self.logout() - # Reset the password to the default for later tests - self.login( email='test@bx.psu.edu' ) - self.reset_password_as_admin( user_id=self.security.encode_id( regular_user3.id ), password='testuser' ) - def test_035_mark_user_deleted( self ): - """Testing marking a user account as deleted""" - # Logged in as admin_user - self.mark_user_deleted( user_id=self.security.encode_id( regular_user3.id ), email=regular_user3.email ) - # Deleting a user should not delete any associations - sa_session.refresh( regular_user3 ) - if not regular_user3.active_histories: - raise AssertionError( 'HistoryDatasetAssociations for regular_user3 were incorrectly deleted when the user was marked deleted' ) - def test_040_undelete_user( self ): - """Testing undeleting a user account""" - # Logged in as admin_user - self.undelete_user( user_id=self.security.encode_id( regular_user3.id ), email=regular_user3.email ) - def test_045_create_role( self ): - """Testing creating new role with 3 members ( and a new group named the same ), then renaming the role""" - # Logged in as admin_user - name = 'Role One' - description = "This is Role Ones description" - user_ids=[ str( admin_user.id ), str( regular_user1.id ), str( regular_user3.id ) ] - self.create_role( name=name, - description=description, - in_user_ids=user_ids, - in_group_ids=[], - create_group_for_role='yes', - private_role=admin_user.email ) - # Get the role object for later tests - global role_one - role_one = sa_session.query( galaxy.model.Role ).filter( galaxy.model.Role.table.c.name==name ).first() - assert role_one is not None, 'Problem retrieving role named "Role One" from the database' - # Make sure UserRoleAssociations are correct - if len( role_one.users ) != len( user_ids ): - raise AssertionError( '%d UserRoleAssociations were created for role id %d when it was created ( should have been %d )' \ - % ( len( role_one.users ), role_one.id, len( user_ids ) ) ) - # Each of the following users should now have 2 role associations, their private role and role_one - for user in [ admin_user, regular_user1, regular_user3 ]: - sa_session.refresh( user ) - if len( user.roles ) != 2: - raise AssertionError( '%d UserRoleAssociations are associated with user %s ( should be 2 )' \ - % ( len( user.roles ), user.email ) ) - # Make sure the group was created - self.home() - self.visit_page( 'admin/groups' ) - self.check_page_for_string( name ) - global group_zero - group_zero = sa_session.query( galaxy.model.Group ).filter( galaxy.model.Group.table.c.name==name ).first() - # Rename the role - rename = "Role One's been Renamed" - new_description="This is Role One's Re-described" - self.rename_role( self.security.encode_id( role_one.id ), name=rename, description=new_description ) - self.home() - self.visit_page( 'admin/roles' ) - self.check_page_for_string( rename ) - self.check_page_for_string( new_description ) - # Reset the role back to the original name and description - self.rename_role( self.security.encode_id( role_one.id ), name=name, description=description ) - def test_050_create_group( self ): - """Testing creating new group with 3 members and 1 associated role, then renaming it""" - # Logged in as admin_user - name = "Group One's Name" - user_ids=[ str( admin_user.id ), str( regular_user1.id ), str( regular_user3.id ) ] - role_ids=[ str( role_one.id ) ] - self.create_group( name=name, in_user_ids=user_ids, in_role_ids=role_ids ) - # Get the group object for later tests - global group_one - group_one = sa_session.query( galaxy.model.Group ).filter( galaxy.model.Group.table.c.name==name ).first() - assert group_one is not None, 'Problem retrieving group named "Group One" from the database' - # Make sure UserGroupAssociations are correct - if len( group_one.users ) != len( user_ids ): - raise AssertionError( '%d UserGroupAssociations were created for group id %d when it was created ( should have been %d )' \ - % ( len( group_one.users ), group_one.id, len( user_ids ) ) ) - # Each user should now have 1 group association, group_one - for user in [ admin_user, regular_user1, regular_user3 ]: - sa_session.refresh( user ) - if len( user.groups ) != 1: - raise AssertionError( '%d UserGroupAssociations are associated with user %s ( should be 1 )' % ( len( user.groups ), user.email ) ) - # Make sure GroupRoleAssociations are correct - if len( group_one.roles ) != len( role_ids ): - raise AssertionError( '%d GroupRoleAssociations were created for group id %d when it was created ( should have been %d )' \ - % ( len( group_one.roles ), group_one.id, len( role_ids ) ) ) - # Rename the group - rename = "Group One's been Renamed" - self.rename_group( self.security.encode_id( group_one.id ), name=rename, ) - self.home() - self.visit_page( 'admin/groups' ) - self.check_page_for_string( rename ) - # Reset the group back to the original name - self.rename_group( self.security.encode_id( group_one.id ), name=name ) - def test_055_add_members_and_role_to_group( self ): - """Testing editing user membership and role associations of an existing group""" - # Logged in as admin_user - name = 'Group Two' - self.create_group( name=name, in_user_ids=[], in_role_ids=[] ) - # Get the group object for later tests - global group_two - group_two = sa_session.query( galaxy.model.Group ).filter( galaxy.model.Group.table.c.name==name ).first() - assert group_two is not None, 'Problem retrieving group named "Group Two" from the database' - # group_two should have no associations - if group_two.users: - raise AssertionError( '%d UserGroupAssociations were created for group id %d when it was created ( should have been 0 )' \ - % ( len( group_two.users ), group_two.id ) ) - if group_two.roles: - raise AssertionError( '%d GroupRoleAssociations were created for group id %d when it was created ( should have been 0 )' \ - % ( len( group_two.roles ), group_two.id ) ) - user_ids = [ str( regular_user1.id ) ] - role_ids = [ str( role_one.id ) ] - self.associate_users_and_roles_with_group( self.security.encode_id( group_two.id ), - group_two.name, - user_ids=user_ids, - role_ids=role_ids ) - def test_060_create_role_with_user_and_group_associations( self ): - """Testing creating a role with user and group associations""" - # Logged in as admin_user - # NOTE: To get this to work with twill, all select lists on the ~/admin/role page must contain at least - # 1 option value or twill throws an exception, which is: ParseError: OPTION outside of SELECT - # Due to this bug in twill, we create the role, we bypass the page and visit the URL in the - # associate_users_and_groups_with_role() method. - name = 'Role Two' - description = 'This is Role Two' - user_ids=[ str( admin_user.id ) ] - group_ids=[ str( group_two.id ) ] - private_role=admin_user.email - # Create the role - self.create_role( name=name, - description=description, - in_user_ids=user_ids, - in_group_ids=group_ids, - private_role=private_role ) - # Get the role object for later tests - global role_two - role_two = sa_session.query( galaxy.model.Role ).filter( galaxy.model.Role.table.c.name==name ).first() - assert role_two is not None, 'Problem retrieving role named "Role Two" from the database' - # Make sure UserRoleAssociations are correct - if len( role_two.users ) != len( user_ids ): - raise AssertionError( '%d UserRoleAssociations were created for role id %d when it was created with %d members' \ - % ( len( role_two.users ), role_two.id, len( user_ids ) ) ) - # admin_user should now have 3 role associations, private role, role_one, role_two - sa_session.refresh( admin_user ) - if len( admin_user.roles ) != 3: - raise AssertionError( '%d UserRoleAssociations are associated with user %s ( should be 3 )' % ( len( admin_user.roles ), admin_user.email ) ) - # Make sure GroupRoleAssociations are correct - sa_session.refresh( role_two ) - if len( role_two.groups ) != len( group_ids ): - raise AssertionError( '%d GroupRoleAssociations were created for role id %d when it was created ( should have been %d )' \ - % ( len( role_two.groups ), role_two.id, len( group_ids ) ) ) - # group_two should now be associated with 2 roles: role_one, role_two - sa_session.refresh( group_two ) - if len( group_two.roles ) != 2: - raise AssertionError( '%d GroupRoleAssociations are associated with group id %d ( should be 2 )' % ( len( group_two.roles ), group_two.id ) ) - def test_065_change_user_role_associations( self ): - """Testing changing roles associated with a user""" - # Logged in as admin_user - # Create a new role with no associations - name = 'Role Three' - description = 'This is Role Three' - user_ids=[] - group_ids=[] - private_role=admin_user.email - self.create_role( name=name, - description=description, - in_user_ids=user_ids, - in_group_ids=group_ids, - private_role=private_role ) - # Get the role object for later tests - global role_three - role_three = sa_session.query( galaxy.model.Role ).filter( galaxy.model.Role.table.c.name==name ).first() - assert role_three is not None, 'Problem retrieving role named "Role Three" from the database' - # Associate the role with a user - sa_session.refresh( admin_user ) - role_ids = [] - for ura in admin_user.non_private_roles: - role_ids.append( str( ura.role_id ) ) - role_ids.append( str( role_three.id ) ) - group_ids = [] - for uga in admin_user.groups: - group_ids.append( str( uga.group_id ) ) - check_str = "User '%s' has been updated with %d associated roles and %d associated groups" % ( admin_user.email, len( role_ids ), len( group_ids ) ) - self.associate_roles_and_groups_with_user( self.security.encode_id( admin_user.id ), - str( admin_user.email ),