diff --git a/SAS/MoM/MoMQueryService/momqueryrpc.py b/SAS/MoM/MoMQueryService/momqueryrpc.py index 93089778081881291414f0b87dd4b9228c45a91e..7f68a155c9b6c4ead4037177c426f7b476238f60 100644 --- a/SAS/MoM/MoMQueryService/momqueryrpc.py +++ b/SAS/MoM/MoMQueryService/momqueryrpc.py @@ -20,6 +20,23 @@ class MoMQueryRPC(RPCWrapper): timeout=120): super(MoMQueryRPC, self).__init__(busname, servicename, broker, timeout=timeout) + def authorized_add_with_status(self, user_name, project_name, job_type, status): + """returns whether user is allowed in project to move a certain jobtype to a certain state + :param user_name: + :param project_name: + :param job_type: + :param status: + :return: Boolean + """ + logger.info("Requesting AutorizedAddWithStatus for user_name: %s project_name: %s job_type: %s status: %s", + user_name, project_name, job_type, status) + result = self.rpc('AutorizedAddWithStatus', user_name=user_name, project_name=project_name, job_type=job_type, + status=status) + logger.info( + "Received AutorizedAddWithStatus for user_name: %s project_name: %s job_type: %s status: %s result: %s", + user_name, project_name, job_type, status, result) + return result + def folderExists(self, folder): """returns true if folder exists :param folder: diff --git a/SAS/MoM/MoMQueryService/momqueryservice.py b/SAS/MoM/MoMQueryService/momqueryservice.py index 7a11efe922b223483ed0315cfc43bdb9423033e7..45634be8e81492b71254b42e9d2c0b6369dbc9ee 100755 --- a/SAS/MoM/MoMQueryService/momqueryservice.py +++ b/SAS/MoM/MoMQueryService/momqueryservice.py @@ -75,6 +75,8 @@ class MoMDatabaseWrapper: def __init__(self, dbcreds): self.dbcreds = dbcreds self.conn = None + self.useradministration_db = "useradministration" + self.momprivilidge_db = "momprivilege" def _connect(self): if self.conn: @@ -104,9 +106,91 @@ class MoMDatabaseWrapper: except (OperationalError, AttributeError) as e: logger.error(str(e)) + def authorized_add_with_status(self, user_name, project_name, job_type, status): + """returns whether user is allowed in project to move a certain jobtype to a certain state + :param user_name: + :param project_name: + :param job_type: should be either 'observation', 'ingest' or 'pipeline' + :param status: status should be either 'opened' or 'approved' + :return: Boolean + """ + if status not in ['opened', 'approved']: + raise ValueError("status should be either 'opened' or 'approved'") + + if job_type not in ['observation', 'ingest', 'pipeline']: + raise ValueError("job_type should be either 'observation', 'ingest' or 'pipeline'") + + logger.info("authorized_add_with_status for user_name: %s project_name: %s job_type: %s status: %s", + user_name, project_name, job_type, status) + + status_type = { + 'observation': 'OBSERVATION', + 'ingest': 'EXPORT', + 'pipeline': 'POSTPROCESS' + } + + # query have opened status hardcoded because this is domain knowledge and works for the current requirements. + # If more status transitions are needed this query will be more complex + # The or on the status will then not be valid anymore. + query_system_rights = """SELECT 1 FROM %(useradministration_db)s.useraccount as useraccount +join %(useradministration_db)s.useraccountsystemrole as system_role on useraccount.userid=system_role.useraccountid +join %(momprivilege_db)s.statustransitionrole as transition_role on system_role.systemroleid=transition_role.roleid +join %(momprivilege_db)s.statustransition as transition on transition_role.statustransitionid=transition.id +join status as open_status on open_status.code='opened' +join status as status on status.id=transition.newstatusid and (transition.oldstatusid=0 or transition.oldstatusid=open_status.id) +where status.code="%(status)s" and +status.type="%(status_type)s" and +open_status.type="%(status_type)s" and +transition_role.roletype="nl.astron.useradministration.data.entities.SystemRole" and +useraccount.username='%(user_name)s'""" % { + "user_name": user_name, + "useradministration_db": self.useradministration_db, + "momprivilege_db": self.momprivilidge_db, + "status_type": status_type[job_type], + "status": status + } + + rows_system_rights = self._executeQuery(query_system_rights) + + # query have opened status hardcoded because this is domain knowledge and works for the current requirements. + # If more status transitions are needed this query will be more complex. + # The or on the status will then not be valid anymore. + query_project_rights = """SELECT 1 FROM mom2object as project +join member as member on member.projectid=project.id +join registeredmember as registered_member on registered_member.memberid=member.id +join %(useradministration_db)s.useraccount as useraccount on registered_member.userid=useraccount.id +join memberprojectrole as member_project_role on member_project_role.memberid=member.id +join projectrole as project_role on project_role.id=member_project_role.projectroleid +join %(momprivilege_db)s.statustransitionrole as transition_role on project_role.id=transition_role.roleid +join %(momprivilege_db)s.statustransition as transition on transition_role.statustransitionid=transition.id +join status as open_status on open_status.code='opened' +join status as status on status.id=transition.newstatusid and (transition.oldstatusid=0 or transition.oldstatusid=open_status.id) +where status.code="%(status)s" and +status.type="%(status_type)s" and +open_status.type="%(status_type)s" and +transition_role.roletype="nl.astron.mom2.data.entities.ProjectRole" and +useraccount.username='%(user_name)s' and +project.name='%(project_name)s'""" % { + "user_name": user_name, + "useradministration_db": self.useradministration_db, + "momprivilege_db": self.momprivilidge_db, + "status_type": status_type[job_type], + "project_name": project_name, + "status": status + } + + rows_project_rights = self._executeQuery(query_project_rights) + + authorized = len(rows_system_rights) != 0 or len(rows_project_rights) != 0 + + logger.info("authorized_add_with_status for user_name: %s project_name: %s job_type: %s status: %s result: %s", + user_name, project_name, job_type, status, authorized) + + return authorized + def folder_exists(self, folder_path): """ returns true if folder exists - :param folder: + :param folder_path: :return: Boolean """ try: @@ -475,6 +559,7 @@ class ProjectDetailsQueryHandler(MessageHandlerInterface): self.dbcreds = kwargs.pop("dbcreds", None) self.service2MethodMap = { + 'AutorizedAddWithStatus': self.authorized_add_with_status, 'FolderExists': self.folder_exists, 'IsProjectActive': self.is_project_active, 'GetProjects': self.getProjects, @@ -491,6 +576,10 @@ class ProjectDetailsQueryHandler(MessageHandlerInterface): def prepare_loop(self): self.momdb = MoMDatabaseWrapper(self.dbcreds) + def authorized_add_with_status(self, user, project, jobtype, status): + authorized = self.momdb.authorized_add_with_status(user, project, jobtype, status) + return {"authorized": authorized} + def folder_exists(self, folder): exists = self.momdb.folder_exists(folder) return {"exists": exists} diff --git a/SAS/MoM/MoMQueryService/test/test_momqueryservice.py b/SAS/MoM/MoMQueryService/test/test_momqueryservice.py index 7b3209c38953a6ed8e84b44e5fe48fe1b95984ba..31bb47fddd77d1a9fb53b3c3b93fbb6dd4b95850 100755 --- a/SAS/MoM/MoMQueryService/test/test_momqueryservice.py +++ b/SAS/MoM/MoMQueryService/test/test_momqueryservice.py @@ -77,11 +77,28 @@ class TestProjectDetailsQueryHandler(unittest.TestCase): self.assertFalse(return_value['exists']) + def test_authorized_add_with_status_returns_autorized_false_when_mom_wrapper_returns_false(self): + user_name = "user" + project_name = "project" + job_type = "observation" + status = "approved" + + self.mom_database_wrapper_mock().authorized_add_with_status.return_value = False + + return_value = self.project_details_query_handler.authorized_add_with_status(user_name, project_name, job_type, + status) + + self.assertFalse(return_value['authorized']) + class TestMomQueryRPC(unittest.TestCase): test_id = '1234' message_id = str(uuid.uuid1()) folder = "/project/folder" + user_name = "user name" + project_name = "project name" + job_type = "observation" + status = "opened" qpid_message = QpidMessage({ str(test_id): { @@ -113,6 +130,13 @@ class TestMomQueryRPC(unittest.TestCase): "MessageId": message_id, "status": "OK" }) + qpid_message_authorized_true = QpidMessage({"authorized": True}, + properties={ + "SystemName": "LOFAR", + "MessageType": "ReplyMessage", + "MessageId": message_id, + "status": "OK" + }) def setUp(self): self.momrpc = MoMQueryRPC('busname', DEFAULT_MOMQUERY_SERVICENAME) @@ -150,7 +174,7 @@ class TestMomQueryRPC(unittest.TestCase): result = self.momrpc.isProjectActive("project") - self.assertTrue(result) + self.assertTrue(result['active']) @mock.patch('lofar.messaging.messagebus.qpid.messaging') def test_is_project_active_query(self, qpid_mock): @@ -188,6 +212,46 @@ class TestMomQueryRPC(unittest.TestCase): self.logger_mock.info.assert_any_call("Received Project exists: %s" % result) + @mock.patch('lofar.messaging.messagebus.qpid.messaging') + def test_authorized_add_with_status_logs_before_query(self, qpid_mock): + self.receiver_mock.fetch.return_value = self.qpid_message_authorized_true + + qpid_mock.Message = QpidMessage + qpid_mock.Connection().session().senders = [self.sender_mock] + qpid_mock.Connection().session().next_receiver.return_value = self.receiver_mock + + self.momrpc.authorized_add_with_status(self.user_name, self.project_name, self.job_type, self.status) + + self.logger_mock.info.assert_any_call( + "Requesting AutorizedAddWithStatus for user_name: %s project_name: %s job_type: %s status: %s", + self.user_name, self.project_name, self.job_type, self.status) + + @mock.patch('lofar.messaging.messagebus.qpid.messaging') + def test_authorized_add_with_status_logs_after_query(self, qpid_mock): + self.receiver_mock.fetch.return_value = self.qpid_message_authorized_true + + qpid_mock.Message = QpidMessage + qpid_mock.Connection().session().senders = [self.sender_mock] + qpid_mock.Connection().session().next_receiver.return_value = self.receiver_mock + + result = self.momrpc.authorized_add_with_status(self.user_name, self.project_name, self.job_type, self.status) + + self.logger_mock.info.assert_any_call( + "Received AutorizedAddWithStatus for user_name: %s project_name: %s job_type: %s status: %s result: %s", + self.user_name, self.project_name, self.job_type, self.status, result) + + @mock.patch('lofar.messaging.messagebus.qpid.messaging') + def test_iauthorized_add_with_status_query(self, qpid_mock): + self.receiver_mock.fetch.return_value = self.qpid_message_authorized_true + + qpid_mock.Message = QpidMessage + qpid_mock.Connection().session().senders = [self.sender_mock] + qpid_mock.Connection().session().next_receiver.return_value = self.receiver_mock + + result = self.momrpc.authorized_add_with_status(self.user_name, self.project_name, self.job_type, self.status) + + self.assertTrue(result['authorized']) + class TestMoMDatabaseWrapper(unittest.TestCase): database_credentials = Credentials() @@ -199,6 +263,10 @@ class TestMoMDatabaseWrapper(unittest.TestCase): project_name = "project name" folder = "/project/folder1/folder2" + user_name = "user name" + job_type = "observation" + status = "opened" + def setUp(self): logger_patcher = mock.patch('lofar.mom.momqueryservice.momqueryservice.logger') self.addCleanup(logger_patcher.stop) @@ -288,15 +356,69 @@ class TestMoMDatabaseWrapper(unittest.TestCase): self.logger_mock.error.assert_any_call( "Folder path is incorrect: %s", "Folder path (%s) should minimally have a project") + def test_authorized_add_with_status_logs_start_of_query(self): + self.mom_database_wrapper.authorized_add_with_status(self.user_name, self.project_name, self.job_type, + self.status) + + self.logger_mock.info.assert_any_call( + "authorized_add_with_status for user_name: %s project_name: %s job_type: %s status: %s", + self.user_name, self.project_name, self.job_type, self.status) + + def test_authorized_add_with_status_logs_stop_of_query(self): + authorized = False + + self.mom_database_wrapper.authorized_add_with_status(self.user_name, self.project_name, self.job_type, + self.status) + + self.logger_mock.info.assert_any_call( + "authorized_add_with_status for user_name: %s project_name: %s job_type: %s status: %s result: %s", + self.user_name, self.project_name, self.job_type, self.status, authorized) + + def test_authorized_add_with_status_returns_true_when_query_returns_rows(self): + self.mysql_mock.connect().cursor().fetchall.return_value = [{u'1': 1}] + + return_value = self.mom_database_wrapper.authorized_add_with_status(self.user_name, self.project_name, + self.job_type, self.status) + self.assertTrue(return_value) + + def test_authorized_add_with_status_returns_false_when_query_returns_no_rows(self): + self.mysql_mock.connect().cursor().fetchall.return_value = [] + + return_value = self.mom_database_wrapper.authorized_add_with_status(self.user_name, self.project_name, + self.job_type, self.status) + + self.assertFalse(return_value) + + def test_authorized_add_with_status_throws_ValueError_when_status_is_not_approved_or_opened(self): + with self.assertRaises(ValueError) as exception: + self.mom_database_wrapper.authorized_add_with_status(self.user_name, self.project_name, + self.job_type, "aborted") + + self.assertEqual(exception.exception.message, "status should be either 'opened' or 'approved'") + + def test_authorized_add_with_status_throws_ValueError_when_job_type_is_not_observation_or_pipeline_ingest(self): + with self.assertRaises(ValueError) as exception: + self.mom_database_wrapper.authorized_add_with_status(self.user_name, self.project_name, + "measurment", self.status) + + self.assertEqual(exception.exception.message, "job_type should be either 'observation', 'ingest' or 'pipeline'") -@unittest.skip("Skipping integration test") + +#@unittest.skip("Skipping integration test") class IntegrationTestMoMDatabaseWrapper(unittest.TestCase): database_credentials = Credentials() database_credentials.host = "localhost" database_credentials.user = "root" - database_credentials.database = "testdb" + database_credentials.database = "mom" database_credentials.password = None + project_name = "project name" + folder = "/project/folder1/folder2" + + user_name = "lofar" + job_type = "observation" + status = "opened" + def setUp(self): self.mysqld = testing.mysqld.Mysqld() @@ -304,38 +426,120 @@ class IntegrationTestMoMDatabaseWrapper(unittest.TestCase): self.connection = connector.connect(**self.mysqld.dsn()) cursor = self.connection.cursor(dictionary=True) - cursor.execute("CREATE DATABASE testdb") - cursor.execute("USE testdb") - cursor.execute("""CREATE TABLE mom2objectstatus ( - id int(11) NOT NULL AUTO_INCREMENT, - name varchar(255) DEFAULT NULL, - roles varchar(512) DEFAULT NULL, - userid int(11) DEFAULT NULL, - statusid int(11) DEFAULT NULL, - mom2objectid int(11) DEFAULT NULL, - indexid int(11) DEFAULT NULL, - statustime datetime NOT NULL DEFAULT '1000-01-01 00:00:00.000000', - pending tinyint(1) DEFAULT 0, - PRIMARY KEY (id) -) ENGINE=InnoDB AUTO_INCREMENT=1725902 DEFAULT CHARSET=latin1""") - cursor.execute("""CREATE TABLE mom2object ( - id int(11) NOT NULL AUTO_INCREMENT, - parentid int(11) DEFAULT NULL, - indexid int(11) DEFAULT NULL, - mom2id int(11) NOT NULL DEFAULT 0, - mom2objecttype char(25) NOT NULL, - name varchar(100) NOT NULL DEFAULT '', - description varchar(255) DEFAULT NULL, - ownerprojectid int(11) DEFAULT NULL, - currentstatusid int(11) DEFAULT NULL, - topology varchar(100) DEFAULT NULL, - predecessor varchar(512) DEFAULT NULL, - topology_parent tinyint(1) DEFAULT 0, - group_id int(11) DEFAULT 0, - datasize bigint(20) DEFAULT 0, - PRIMARY KEY (id), - UNIQUE KEY mom2object_UNIQ (mom2id) -) ENGINE=InnoDB AUTO_INCREMENT=331855 DEFAULT CHARSET=latin1""") + # mom database + cursor.execute("CREATE DATABASE mom") + cursor.execute("USE mom") + cursor.execute("CREATE TABLE mom2objectstatus ( " + "id int(11) NOT NULL AUTO_INCREMENT, " + "name varchar(255) DEFAULT NULL, " + "roles varchar(512) DEFAULT NULL, " + "userid int(11) DEFAULT NULL, " + "statusid int(11) DEFAULT NULL, " + "mom2objectid int(11) DEFAULT NULL, " + "indexid int(11) DEFAULT NULL, " + "statustime datetime NOT NULL DEFAULT '1000-01-01 00:00:00.000000', " + "pending tinyint(1) DEFAULT 0, " + "PRIMARY KEY (id) " + ") ENGINE=InnoDB AUTO_INCREMENT=1725902 DEFAULT CHARSET=latin1") + cursor.execute("CREATE TABLE mom2object (" + "id int(11) NOT NULL AUTO_INCREMENT, " + "parentid int(11) DEFAULT NULL, " + "indexid int(11) DEFAULT NULL, " + "mom2id int(11) NOT NULL DEFAULT 0, " + "mom2objecttype char(25) NOT NULL, " + "name varchar(100) NOT NULL DEFAULT '', " + "description varchar(255) DEFAULT NULL, " + "ownerprojectid int(11) DEFAULT NULL, " + "currentstatusid int(11) DEFAULT NULL, " + "topology varchar(100) DEFAULT NULL, " + "predecessor varchar(512) DEFAULT NULL, " + "topology_parent tinyint(1) DEFAULT 0, " + "group_id int(11) DEFAULT 0, " + "datasize bigint(20) DEFAULT 0, " + "PRIMARY KEY (id), " + "UNIQUE KEY mom2object_UNIQ (mom2id) " + ") ENGINE=InnoDB AUTO_INCREMENT=331855 DEFAULT CHARSET=latin1") + cursor.execute("CREATE TABLE status (" + "id int(11) NOT NULL AUTO_INCREMENT, " + "code char(15) NOT NULL DEFAULT '', " + "type char(20) NOT NULL, " + "description varchar(100) DEFAULT NULL, " + "PRIMARY KEY (id), " + "UNIQUE KEY status_UNIQ (code,type) " + ") ENGINE=InnoDB AUTO_INCREMENT=712 DEFAULT CHARSET=latin1") + cursor.execute("CREATE TABLE member ( " + "id int(11) NOT NULL AUTO_INCREMENT, " + "projectid int(11) DEFAULT NULL, " + "indexid int(11) DEFAULT NULL, " + "PRIMARY KEY (id), " + "KEY mom2object_member_FK (projectid), " + "KEY indexid_IND (indexid) " + ") ENGINE=InnoDB AUTO_INCREMENT=1010 DEFAULT CHARSET=latin1") + cursor.execute("CREATE TABLE registeredmember ( " + "id int(11) NOT NULL AUTO_INCREMENT, " + "memberid int(11) DEFAULT NULL, " + "userid int(11) DEFAULT NULL, " + "PRIMARY KEY (id), " + "KEY member_registeredmember_FK (memberid), " + "KEY userid_IND (userid) " + ") ENGINE=InnoDB AUTO_INCREMENT=768 DEFAULT CHARSET=latin1") + cursor.execute("CREATE TABLE memberprojectrole ( " + "id int(11) NOT NULL AUTO_INCREMENT, " + "memberid int(11) DEFAULT NULL, " + "indexid int(11) DEFAULT NULL, " + "projectroleid int(11) DEFAULT NULL, " + "PRIMARY KEY (id), " + "KEY member_memberprojectrole_FK (memberid), " + "KEY projectrole_memberprojectrole_FK (projectroleid), " + "KEY indexid_IND (indexid) " + ") ENGINE=InnoDB AUTO_INCREMENT=1167 DEFAULT CHARSET=latin1") + cursor.execute("CREATE TABLE projectrole ( " + "id int(11) NOT NULL AUTO_INCREMENT, " + "name char(15) NOT NULL DEFAULT '', " + "description varchar(100) DEFAULT NULL, " + "PRIMARY KEY (id), " + "UNIQUE KEY projectrole_UNIQ (name) " + ") ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1") + # useradmin db + cursor.execute("CREATE DATABASE useradministration") + cursor.execute("CREATE TABLE useradministration.useraccount ( " + "id int(11) NOT NULL AUTO_INCREMENT, " + "userid int(11) NOT NULL DEFAULT '0', " + "username varchar(20) NOT NULL DEFAULT '', " + "password varchar(32) NOT NULL DEFAULT '', " + "publickey varchar(32) DEFAULT NULL, " + "PRIMARY KEY (id), " + "UNIQUE KEY useraccount_UNIQ (username) " + ") ENGINE=InnoDB AUTO_INCREMENT=1787 DEFAULT CHARSET=latin1") + cursor.execute("CREATE TABLE useradministration.useraccountsystemrole (" + "id int(11) NOT NULL AUTO_INCREMENT, " + "useraccountid int(11) NOT NULL DEFAULT '0', " + "systemroleid int(11) NOT NULL DEFAULT '0', " + "indexid int(11) NOT NULL DEFAULT '0', " + "PRIMARY KEY (id), " + "KEY useraccount_useraccountsystemrole_IND (useraccountid), " + "KEY systemrole_useraccountsystemrole_IND (systemroleid), " + "KEY useraccount_index_useraccountsystemrole_IND (indexid) " + ") ENGINE=InnoDB AUTO_INCREMENT=3413 DEFAULT CHARSET=latin1") + # mom privilege + cursor.execute("CREATE DATABASE momprivilege") + cursor.execute("CREATE TABLE momprivilege.statustransitionrole ( " + "id int(11) NOT NULL AUTO_INCREMENT, " + "statustransitionid int(11) DEFAULT NULL, " + "roleid int(11) NOT NULL, " + "roletype char(100) NOT NULL, " + "PRIMARY KEY (id), " + "KEY roletype_IND (roleid,roletype), " + "KEY statustransition_statustransitionrole_FK (statustransitionid) " + ") ENGINE=InnoDB AUTO_INCREMENT=8572 DEFAULT CHARSET=latin1") + cursor.execute("CREATE TABLE momprivilege.statustransition (" + "id int(11) NOT NULL AUTO_INCREMENT, " + "oldstatusid int(11) NOT NULL, " + "newstatusid int(11) NOT NULL, " + "PRIMARY KEY (id), " + "KEY oldstatus_IND (oldstatusid), " + "KEY newstatus_IND (oldstatusid) " + ") ENGINE=InnoDB AUTO_INCREMENT=1272 DEFAULT CHARSET=latin1") self.mom_database_wrapper = MoMDatabaseWrapper(self.database_credentials) @@ -371,7 +575,7 @@ class IntegrationTestMoMDatabaseWrapper(unittest.TestCase): self.execute("insert into mom2object values(3, 2, NULL, 33, 'FOLDER', 'folder2', " "'Pulsar timing with LOFAR', NULL, 966855, NULL, NULL, 0, 0, 0)") - self.assertTrue(self.mom_database_wrapper.folder_exists("/project/folder1/folder2")) + self.assertTrue(self.mom_database_wrapper.folder_exists(self.folder)) def test_folder_exists_returns_true_when_folder_exists_and_path_ends_on_forward_slash(self): self.execute("insert into mom2object values(1, NULL, NULL, 11, 'PROJECT', 'project', " @@ -381,7 +585,72 @@ class IntegrationTestMoMDatabaseWrapper(unittest.TestCase): self.execute("insert into mom2object values(3, 2, NULL, 33, 'FOLDER', 'folder2', " "'Pulsar timing with LOFAR', NULL, 966855, NULL, NULL, 0, 0, 0)") - self.assertTrue(self.mom_database_wrapper.folder_exists("/project/folder1/folder2/")) + self.assertTrue(self.mom_database_wrapper.folder_exists(self.folder)) + + def test_authorized_add_with_status_returns_false_on_empty_db(self): + self.assertFalse(self.mom_database_wrapper.authorized_add_with_status(self.user_name, self.project_name, + self.job_type, self.status)) + + def test_authorized_add_with_status_returns_true_on_when_rights_are_on_system_role(self): + # insert user + self.execute("insert into useradministration.useraccount " + "values(1, 1, '%s', '26dcf77e2de89027e8895baea8e45057', 'sNgmwwN7fk')" + % self.user_name) + # setup status + self.execute("insert into status values(101, 'opened', 'OBSERVATION', '')") + self.execute("insert into status values(104, 'approved', 'OBSERVATION', " + "'The specification is in accordance with wishes of the PI.')") + # setup status transitions + self.execute("insert into momprivilege.statustransition values(1003, 0, 101)") + self.execute("insert into momprivilege.statustransition values(1059, 101, 104)") + # setup transition role + self.execute("insert into momprivilege.statustransitionrole " + "values(1, 1003, 9, 'nl.astron.useradministration.data.entities.SystemRole')") + self.execute("insert into momprivilege.statustransitionrole " + "values(2, 1059, 9, 'nl.astron.useradministration.data.entities.SystemRole')") + # user account system role + self.execute("insert into useradministration.useraccountsystemrole values(533, 1, 9, 0)") + + self.assertTrue(self.mom_database_wrapper.authorized_add_with_status(self.user_name, self.project_name, + 'observation', "approved")) + self.assertTrue(self.mom_database_wrapper.authorized_add_with_status(self.user_name, self.project_name, + 'observation', "opened")) + + + def test_authorized_add_with_status_returns_true_on_when_rights_are_on_project_role(self): + # insert user + self.execute("insert into useradministration.useraccount " + "values(1, 1, '%s', '26dcf77e2de89027e8895baea8e45057', 'sNgmwwN7fk')" + % self.user_name) + # setup status + self.execute("insert into status values(101, 'opened', 'OBSERVATION', '')") + self.execute("insert into status values(104, 'approved', 'OBSERVATION', " + "'The specification is in accordance with wishes of the PI.')") + # setup status transitions + self.execute("insert into momprivilege.statustransition values(1003, 0, 101)") + self.execute("insert into momprivilege.statustransition values(1059, 101, 104)") + # setup transition role + self.execute("insert into momprivilege.statustransitionrole " + "values(1, 1003, 1, 'nl.astron.mom2.data.entities.ProjectRole')") + self.execute("insert into momprivilege.statustransitionrole " + "values(2, 1059, 1, 'nl.astron.mom2.data.entities.ProjectRole')") + # setup project role + self.execute("insert into projectrole values(1, 'Pi', NULL)") + # setup member project role + self.execute("insert into memberprojectrole values(1, 1, 0, 1)") + # setup registered member + self.execute("insert into registeredmember values(1, 1, 1)") + # setup member + self.execute("insert into member values(1, 1, 0)") + # setup project + self.execute("insert into mom2object values(1, NULL, NULL, 2, 'PROJECT', '%(project_name)s', 'test-lofar', " + "NULL, 1704653, NULL, NULL, 0, 0, 0)" % {"project_name": self.project_name}) + + self.assertTrue(self.mom_database_wrapper.authorized_add_with_status(self.user_name, self.project_name, + 'observation', 'approved')) + self.assertTrue(self.mom_database_wrapper.authorized_add_with_status(self.user_name, self.project_name, + 'observation', 'opened')) + if __name__ == "__main__": unittest.main()