import pytest from ckan.plugins.toolkit import url_for import ckan.tests.factories as factories import ckan.logic as logic from ckan.plugins.toolkit import NotAuthorized @pytest.mark.usefixtures('clean_db', 'with_plugins', 'with_request_context') @pytest.mark.slow class TestAuthorization: def test_unauthenticated_user_gets_error_page(self, app): url = url_for("user.index") assert url == "/user/" response = app.get(url) assert response.status_code == 403 assert "Zugriff nicht erlaubt" in response user = factories.User() username = user["name"] url = url_for("user.edit", id=username) assert url == f"/user/edit/{username}" response = app.get(url) assert response.status_code == 403 assert "Zugriff nicht erlaubt" in response url = url_for("user.activity", id=username) response = app.get(url) assert response.status_code == 500 def test_user_actions_not_accessible_by_regular_user(self): def assert_not_authorized(action, context, data_dict): with pytest.raises(NotAuthorized): logic.check_access(action, context, data_dict=data_dict) user = factories.User() username = user["name"] assert_not_authorized("user_list", {"user": username}, {}) assert_not_authorized("user_update", {"user": username}, {"id": username}) assert_not_authorized("user_delete", {"user": username}, {"id": username}) assert_not_authorized("user_create", {"user": username}, {"name": "foo"}) assert_not_authorized("user_invite", {"user": username}, {}) assert_not_authorized("user_activity_list", {"user": username}, {"id": username}) def test_user_list_accessible_for_sysadmin(self): adminuser = factories.Sysadmin() adminusername = adminuser["name"] user = factories.User() username = user["name"] logic.check_access("user_list", {"user": adminusername}, {}) logic.check_access("user_update", {"user": adminusername}, {"id": username}) logic.check_access("user_delete", {"user": adminusername}, {"id": username}) logic.check_access("user_create", {"user": adminusername}, {"name": "foo"}) logic.check_access("user_invite", {"user": adminusername}, {})