authorization checks for task orders
This commit is contained in:
dandds
@@ -1,8 +1,14 @@
|
||||
import pytest
|
||||
|
||||
from atst.domain.task_orders import TaskOrders, TaskOrderError
|
||||
from atst.domain.exceptions import UnauthorizedError
|
||||
|
||||
from tests.factories import TaskOrderFactory, UserFactory
|
||||
from tests.factories import (
|
||||
TaskOrderFactory,
|
||||
UserFactory,
|
||||
WorkspaceRoleFactory,
|
||||
WorkspaceFactory,
|
||||
)
|
||||
|
||||
|
||||
def test_is_section_complete():
|
||||
@@ -60,3 +66,37 @@ def test_add_officer_who_is_already_workspace_member():
|
||||
assert task_order.contracting_officer == owner
|
||||
member = task_order.workspace.members[0]
|
||||
assert member.user == owner and member.role_name == "owner"
|
||||
|
||||
|
||||
def test_task_order_access():
|
||||
creator = UserFactory.create()
|
||||
member = UserFactory.create()
|
||||
rando = UserFactory.create()
|
||||
officer = UserFactory.create()
|
||||
|
||||
def check_access(can, cannot, method_name, method_args):
|
||||
method = getattr(TaskOrders, method_name)
|
||||
|
||||
for user in can:
|
||||
assert method(user, *method_args)
|
||||
|
||||
for user in cannot:
|
||||
with pytest.raises(UnauthorizedError):
|
||||
method(user, *method_args)
|
||||
|
||||
workspace = WorkspaceFactory.create(owner=creator)
|
||||
task_order = TaskOrderFactory.create(creator=creator, workspace=workspace)
|
||||
WorkspaceRoleFactory.create(user=member, workspace=task_order.workspace)
|
||||
TaskOrders.add_officer(
|
||||
creator, task_order, "contracting_officer", officer.to_dictionary()
|
||||
)
|
||||
|
||||
check_access([creator, officer], [member, rando], "get", [task_order.id])
|
||||
check_access([creator], [officer, member, rando], "create", [workspace])
|
||||
check_access([creator, officer], [member, rando], "update", [task_order])
|
||||
check_access(
|
||||
[creator],
|
||||
[officer, member, rando],
|
||||
"add_officer",
|
||||
[task_order, "contracting_officer", rando.to_dictionary()],
|
||||
)
|
||||
|
||||
@@ -5,7 +5,7 @@ from zipfile import ZipFile
|
||||
|
||||
from atst.utils.docx import Docx
|
||||
|
||||
from tests.factories import TaskOrderFactory
|
||||
from tests.factories import TaskOrderFactory, WorkspaceFactory, UserFactory
|
||||
|
||||
|
||||
def xml_translated(val):
|
||||
@@ -13,8 +13,10 @@ def xml_translated(val):
|
||||
|
||||
|
||||
def test_download_summary(client, user_session):
|
||||
user_session()
|
||||
task_order = TaskOrderFactory.create()
|
||||
user = UserFactory.create()
|
||||
workspace = WorkspaceFactory.create(owner=user)
|
||||
task_order = TaskOrderFactory.create(creator=user, workspace=workspace)
|
||||
user_session(user)
|
||||
response = client.get(
|
||||
url_for("task_orders.download_summary", task_order_id=task_order.id)
|
||||
)
|
||||
|
||||
@@ -92,11 +92,20 @@ def test_task_order_form_shows_errors(client, user_session):
|
||||
assert "Not a valid integer" in body
|
||||
|
||||
|
||||
def test_show_task_order():
|
||||
workflow = ShowTaskOrderWorkflow()
|
||||
@pytest.fixture
|
||||
def task_order():
|
||||
user = UserFactory.create()
|
||||
workspace = WorkspaceFactory.create(owner=user)
|
||||
|
||||
return TaskOrderFactory.create(creator=user, workspace=workspace)
|
||||
|
||||
|
||||
def test_show_task_order(task_order):
|
||||
workflow = ShowTaskOrderWorkflow(task_order.creator)
|
||||
assert workflow.task_order is None
|
||||
task_order = TaskOrderFactory.create()
|
||||
another_workflow = ShowTaskOrderWorkflow(task_order_id=task_order.id)
|
||||
another_workflow = ShowTaskOrderWorkflow(
|
||||
task_order.creator, task_order_id=task_order.id
|
||||
)
|
||||
assert another_workflow.task_order == task_order
|
||||
|
||||
|
||||
@@ -108,19 +117,19 @@ def test_show_task_order_form_list_data():
|
||||
assert workflow.form.complexity.data == complexity
|
||||
|
||||
|
||||
def test_show_task_order_form():
|
||||
workflow = ShowTaskOrderWorkflow()
|
||||
def test_show_task_order_form(task_order):
|
||||
workflow = ShowTaskOrderWorkflow(task_order.creator)
|
||||
assert not workflow.form.data["app_migration"]
|
||||
task_order = TaskOrderFactory.create()
|
||||
another_workflow = ShowTaskOrderWorkflow(task_order_id=task_order.id)
|
||||
another_workflow = ShowTaskOrderWorkflow(
|
||||
task_order.creator, task_order_id=task_order.id
|
||||
)
|
||||
assert (
|
||||
another_workflow.form.data["defense_component"] == task_order.defense_component
|
||||
)
|
||||
|
||||
|
||||
def test_show_task_order_display_screen():
|
||||
task_order = TaskOrderFactory.create()
|
||||
workflow = ShowTaskOrderWorkflow(task_order_id=task_order.id)
|
||||
def test_show_task_order_display_screen(task_order):
|
||||
workflow = ShowTaskOrderWorkflow(task_order.creator, task_order_id=task_order.id)
|
||||
screens = workflow.display_screens
|
||||
# every form section is complete
|
||||
for i in range(2):
|
||||
@@ -139,22 +148,17 @@ def test_update_task_order_with_no_task_order():
|
||||
assert workflow.task_order.scope == to_data["scope"]
|
||||
|
||||
|
||||
def test_update_task_order_with_existing_task_order():
|
||||
user = UserFactory.create()
|
||||
task_order = TaskOrderFactory.create()
|
||||
def test_update_task_order_with_existing_task_order(task_order):
|
||||
to_data = serialize_dates(TaskOrderFactory.dictionary())
|
||||
workflow = UpdateTaskOrderWorkflow(
|
||||
to_data, user, screen=2, task_order_id=task_order.id
|
||||
to_data, task_order.creator, screen=2, task_order_id=task_order.id
|
||||
)
|
||||
assert workflow.task_order.start_date != to_data["start_date"]
|
||||
workflow.update()
|
||||
assert workflow.task_order.start_date.strftime("%m/%d/%Y") == to_data["start_date"]
|
||||
|
||||
|
||||
def test_invite_officers_to_task_order(queue):
|
||||
user = UserFactory.create()
|
||||
workspace = WorkspaceFactory.create(owner=user)
|
||||
task_order = TaskOrderFactory.create(creator=user, workspace=workspace)
|
||||
def test_invite_officers_to_task_order(task_order, queue):
|
||||
to_data = {
|
||||
**TaskOrderFactory.dictionary(),
|
||||
"ko_invite": True,
|
||||
@@ -162,7 +166,7 @@ def test_invite_officers_to_task_order(queue):
|
||||
"so_invite": True,
|
||||
}
|
||||
workflow = UpdateTaskOrderWorkflow(
|
||||
to_data, user, screen=3, task_order_id=task_order.id
|
||||
to_data, task_order.creator, screen=3, task_order_id=task_order.id
|
||||
)
|
||||
workflow.update()
|
||||
workspace = task_order.workspace
|
||||
@@ -179,10 +183,7 @@ def test_invite_officers_to_task_order(queue):
|
||||
assert task_order.security_officer.dod_id == to_data["so_dod_id"]
|
||||
|
||||
|
||||
def test_add_officer_but_do_not_invite(queue):
|
||||
user = UserFactory.create()
|
||||
workspace = WorkspaceFactory.create(owner=user)
|
||||
task_order = TaskOrderFactory.create(creator=user, workspace=workspace)
|
||||
def test_add_officer_but_do_not_invite(task_order, queue):
|
||||
to_data = {
|
||||
**TaskOrderFactory.dictionary(),
|
||||
"ko_invite": False,
|
||||
@@ -190,7 +191,7 @@ def test_add_officer_but_do_not_invite(queue):
|
||||
"so_invite": False,
|
||||
}
|
||||
workflow = UpdateTaskOrderWorkflow(
|
||||
to_data, user, screen=3, task_order_id=task_order.id
|
||||
to_data, task_order.creator, screen=3, task_order_id=task_order.id
|
||||
)
|
||||
workflow.update()
|
||||
workspace = task_order.workspace
|
||||
|
||||
Reference in New Issue
Block a user