PageRenderTime 57ms CodeModel.GetById 12ms app.highlight 39ms RepoModel.GetById 1ms app.codeStats 0ms

/test/functional/test_library_security.py

https://bitbucket.org/cistrome/cistrome-harvard/
Python | 586 lines | 474 code | 3 blank | 109 comment | 33 complexity | 199b9175e4f5b6825576c9027d69cfa2 MD5 | raw file
  1from base.twilltestcase import *
  2from base.test_db_util import *
  3
  4
  5# TODO: Functional tests start failing at 050, fix or eliminate rest of tests.
  6class TestLibrarySecurity( TwillTestCase ):
  7    def test_000_initiate_users( self ):
  8        """Ensuring all required user accounts exist"""
  9        self.logout()
 10        self.login( email='test1@bx.psu.edu', username='regular-user1' )
 11        global regular_user1
 12        regular_user1 = get_user( 'test1@bx.psu.edu' )
 13        assert regular_user1 is not None, 'Problem retrieving user with email "test1@bx.psu.edu" from the database'
 14        global regular_user1_private_role
 15        regular_user1_private_role = get_private_role( regular_user1 )
 16        self.logout()
 17        self.login( email='test2@bx.psu.edu', username='regular-user2' )
 18        global regular_user2
 19        regular_user2 = get_user( 'test2@bx.psu.edu' )
 20        assert regular_user2 is not None, 'Problem retrieving user with email "test2@bx.psu.edu" from the database'
 21        global regular_user2_private_role
 22        regular_user2_private_role = get_private_role( regular_user2 )
 23        self.logout()
 24        self.login( email='test3@bx.psu.edu', username='regular-user3' )
 25        global regular_user3
 26        regular_user3 = get_user( 'test3@bx.psu.edu' )
 27        assert regular_user3 is not None, 'Problem retrieving user with email "test3@bx.psu.edu" from the database'
 28        global regular_user3_private_role
 29        regular_user3_private_role = get_private_role( regular_user3 )
 30        self.logout()
 31        self.login( email='test@bx.psu.edu', username='admin-user' )
 32        global admin_user
 33        admin_user = get_user( 'test@bx.psu.edu' )
 34        assert admin_user is not None, 'Problem retrieving user with email "test@bx.psu.edu" from the database'
 35        global admin_user_private_role
 36        admin_user_private_role = get_private_role( admin_user )
 37    def test_005_create_required_groups_and_roles( self ):
 38        """Testing creating all required groups and roles for this script"""
 39        # Logged in as admin_user
 40        # Create Role1: admin_user, regular_user1, regular_user3
 41        name = 'Role1'
 42        description = "Role1 description"
 43        self.create_role( name=name,
 44                          description=description,
 45                          in_user_ids=[ str( admin_user.id ), str( regular_user1.id ), str( regular_user3.id ) ],
 46                          in_group_ids=[],
 47                          create_group_for_role='no',
 48                          private_role=admin_user.email )
 49        global role1
 50        role1 = get_role_by_name( name )
 51        # Create Group1: regular_user1, admin_user, regular_user3
 52        name = 'Group1'
 53        self.create_group( name=name, in_user_ids=[ str( regular_user1.id ) ], in_role_ids=[ str( role1.id ) ] )
 54        global group1
 55        group1 = get_group_by_name( name )
 56        assert group1 is not None, 'Problem retrieving group named "Group1" from the database'
 57        # NOTE: To get this to work with twill, all select lists on the ~/admin/role page must contain at least
 58        # 1 option value or twill throws an exception, which is: ParseError: OPTION outside of SELECT
 59        # Due to this bug in twill, we create the role, we bypass the page and visit the URL in the
 60        # associate_users_and_groups_with_role() method.
 61        #
 62        #create Role2: admin_user, regular_user1, regular_user3
 63        name = 'Role2'
 64        description = 'Role2 description'
 65        private_role = admin_user.email
 66        self.create_role( name=name,
 67                          description=description,
 68                          in_user_ids=[ str( admin_user.id ) ],
 69                          in_group_ids=[ str( group1.id ) ],
 70                          private_role=private_role )
 71        global role2
 72        role2 = get_role_by_name( name )
 73        assert role2 is not None, 'Problem retrieving role named "Role2" from the database'
 74    def test_010_create_libraries( self ):
 75        """Creating new libraries used in this script"""
 76        # Logged in as admin_user
 77        for index in range( 0, 2 ):
 78            name = 'library%s' % str( index + 1 )
 79            description = '%s description' % name
 80            synopsis = '%s synopsis' % name
 81            self.create_library( name=name, description=description, synopsis=synopsis )
 82        # Get the libraries for later use
 83        global library1
 84        library1 = get_library( 'library1', 'library1 description', 'library1 synopsis' )
 85        assert library1 is not None, 'Problem retrieving library (library1) from the database'
 86        global library2
 87        library2 = get_library( 'library2', 'library2 description', 'library2 synopsis' )
 88        assert library2 is not None, 'Problem retrieving library (library2) from the database'
 89    def test_015_restrict_access_to_library1( self ):
 90        """Testing restricting access to library1"""
 91        # Logged in as admin_user
 92        # Make sure library1 is public
 93        assert 'access library' not in [ a.action for a in library1.actions ], 'Library %s is not public when first created' % library1.name
 94        # Set permissions on the library, sort for later testing.
 95        permissions_in = [ k for k, v in galaxy.model.Library.permitted_actions.items() ]
 96        permissions_out = []
 97        # Role1 members are: admin_user, regular_user1, regular_user3.  Each of these users will be permitted for
 98        # LIBRARY_ACCESS, LIBRARY_ADD, LIBRARY_MODIFY, LIBRARY_MANAGE on library1 and its contents.
 99        self.library_permissions( self.security.encode_id( library1.id ),
100                                  library1.name,
101                                  str( role1.id ),
102                                  permissions_in,
103                                  permissions_out )
104        # Make sure the library is accessible by admin_user
105        self.visit_url( '%s/library/browse_libraries' % self.url )
106        self.check_page_for_string( library1.name )
107        # Make sure the library is not accessible by regular_user2 since regular_user2 does not have Role1.
108        self.logout()
109        self.login( email=regular_user2.email )
110        self.visit_url( '%s/library/browse_libraries' % self.url )
111        try:
112            self.check_page_for_string( library1.name )
113            raise AssertionError, 'Library %s is accessible by %s when it should be restricted' % ( library1.name, regular_user2.email )
114        except:
115            pass
116        self.logout()
117        self.login( email=admin_user.email )
118    def test_020_add_folder_to_library1( self ):
119        """Testing adding a folder1 to a library1"""
120        # logged in as admin_user
121        root_folder = library1.root_folder
122        name = "Folder1"
123        description = "Folder1 description"
124        self.add_folder( 'library_admin',
125                         self.security.encode_id( library1.id ),
126                         self.security.encode_id( root_folder.id ),
127                         name=name,
128                         description=description )
129        global folder1
130        folder1 = get_folder( root_folder.id, name, description )
131        assert folder1 is not None, 'Problem retrieving folder1 from the database'
132    def test_025_create_ldda1_with_private_role_restriction( self ):
133        """Testing create ldda1 with a private role restriction"""
134        # Logged in as admin_user
135        #
136        # Library1 LIBRARY_ACCESS = Role1: admin_user, regular_user1, regular_user3
137        #
138        # Add a dataset restricted by the following:
139        # DATASET_MANAGE_PERMISSIONS = admin_user via DefaultUserPermissions
140        # DATASET_ACCESS = regular_user1 private role via this test method
141        # LIBRARY_ADD = "Role1" via inheritance from parent folder
142        # LIBRARY_MODIFY = "Role1" via inheritance from parent folder
143        # LIBRARY_MANAGE = "Role1" via inheritance from parent folder
144        #
145        # This means that only regular_user1 can see the dataset from the Data Libraries view
146        filename = '1.bed'
147        ldda_message ='ldda1'
148        self.upload_library_dataset( cntrller='library_admin',
149                                     library_id=self.security.encode_id( library1.id ),
150                                     folder_id=self.security.encode_id( folder1.id ),
151                                     filename=filename,
152                                     file_type='bed',
153                                     dbkey='hg18',
154                                     roles=[ str( regular_user1_private_role.id ) ],
155                                     ldda_message=ldda_message,
156                                     strings_displayed=[ 'Upload files' ] )
157        global ldda1
158        ldda1 = get_latest_ldda_by_name( filename )
159        assert ldda1 is not None, 'Problem retrieving LibraryDatasetDatasetAssociation ldda1 from the database'
160        self.browse_library( cntrller='library_admin',
161                             library_id=self.security.encode_id( library1.id ),
162                             strings_displayed=[ ldda1.name, ldda1.message, 'bed' ] )
163    def test_030_access_ldda1_with_private_role_restriction( self ):
164        """Testing accessing ldda1 with a private role restriction"""
165        # Logged in as admin_user
166        #
167        # LIBRARY_ACCESS = Role1: admin_user, regular_user1, regular_user3.  Each of these users will be permitted for
168        # LIBRARY_ACCESS, LIBRARY_ADD, LIBRARY_MODIFY, LIBRARY_MANAGE on this library and its contents.
169        #
170        # Legitimate roles displayed on the permission form are as follows:
171        # 'Role1' since the LIBRARY_ACCESS permission is associated with Role1.  # Role one members are: admin_user, regular_user1, regular_user3.
172        # 'test@bx.psu.edu' ( admin_user's private role ) since admin_user has Role1
173        # 'Role2' since admin_user has Role2
174        # 'Role Three' since admin_user has Role Three
175        # 'test1@bx.psu.edu' ( regular_user1's private role ) since regular_user1 has Role1
176        # 'test3@bx.psu.edu' ( regular_user3's private role ) since regular_user3 has Role1
177        #
178        # admin_user should not be able to see 1.bed from the analysis view's access libraries
179        self.browse_library( cntrller='library',
180                             library_id=self.security.encode_id( library1.id ),
181                             strings_not_displayed=[ folder1.name, ldda1.name, ldda1.message ] )
182        self.logout()
183        # regular_user1 should be able to see 1.bed from the Data Libraries view
184        # since it was associated with regular_user1's private role
185        self.login( email=regular_user1.email )
186        self.browse_library( cntrller='library',
187                             library_id=self.security.encode_id( library1.id ),
188                             strings_displayed=[ folder1.name, ldda1.name, ldda1.message ] )
189        self.logout()
190        # regular_user2 should not be to see library1 since they do not have 
191        # Role1 which is associated with the LIBRARY_ACCESS permission
192        self.login( email=regular_user2.email )
193        self.browse_libraries_regular_user( strings_not_displayed=[ library1.name ] )
194        self.logout()
195        # regular_user3 should not be able to see 1.bed from the analysis view's access librarys
196        self.login( email=regular_user3.email )
197        self.browse_library( cntrller='library',
198                             library_id=self.security.encode_id( library1.id ),
199                             strings_not_displayed=[ folder1.name ] )
200        self.logout()
201        self.login( email=admin_user.email )
202    def test_035_change_ldda1_access_permission( self ):
203        """Testing changing the access permission on ldda1 with a private role restriction"""
204        # Logged in as admin_user
205        # We need admin_user to be able to access 1.bed
206        permissions_in = [ k for k, v in galaxy.model.Dataset.permitted_actions.items() ]
207        for k, v in galaxy.model.Library.permitted_actions.items():
208            if k != 'LIBRARY_ACCESS':
209                permissions_in.append( k )
210        permissions_out = []
211        # Attempt to associate multiple roles with the library dataset, with one of the
212        # roles being private.
213        role_ids_str = '%s,%s' % ( str( role1.id ), str( admin_user_private_role.id ) )
214        check_str = "At least 1 user must have every role associated with accessing datasets.  "
215        check_str += "Since you are associating more than 1 role, no private roles are allowed."
216        self.ldda_permissions( 'library_admin',
217                                self.security.encode_id( library1.id ),
218                                self.security.encode_id( folder1.id ),
219                                self.security.encode_id( ldda1.id ),
220                                role_ids_str,
221                                permissions_in,
222                                permissions_out,
223                                strings_displayed=[ check_str ] )
224        role_ids_str = str( role1.id )
225        self.ldda_permissions( 'library_admin',
226                                self.security.encode_id( library1.id ),
227                                self.security.encode_id( folder1.id ),
228                                self.security.encode_id( ldda1.id ),
229                                role_ids_str,
230                                permissions_in,
231                                permissions_out,
232                                ldda_name=ldda1.name )
233        # admin_user should now be able to see 1.bed from the analysis view's access libraries
234        self.browse_library( cntrller='library',
235                             library_id=self.security.encode_id( library1.id ),
236                             strings_displayed=[ ldda1.name, ldda1.message ] )
237    def test_040_create_ldda2_with_role2_associated_with_group_and_users( self ):
238        """Testing creating ldda2 with a role that is associated with a group and users"""
239        # Logged in as admin_user
240        # Add a dataset restricted by role2, which is currently associated as follows:
241        # groups: group1
242        # users: test@bx.psu.edu, test1@bx.psu.edu via group1
243        #
244        # We first need to make library1 public, but leave its contents permissions unchanged
245        self.make_library_item_public( self.security.encode_id( library1.id ),
246                                       self.security.encode_id( library1.id ),
247                                       item_type='library',
248                                       contents=False,
249                                       library_name=library1.name )
250        refresh( library1 )
251        filename = '2.bed'
252        ldda_message = 'ldda2'
253        self.upload_library_dataset( cntrller='library_admin',
254                                     library_id=self.security.encode_id( library1.id ),
255                                     folder_id=self.security.encode_id( folder1.id ),
256                                     filename=filename,
257                                     file_type='bed',
258                                     dbkey='hg17',
259                                     roles=[ str( role2.id ) ],
260                                     ldda_message=ldda_message,
261                                     strings_displayed=[ 'Upload files' ] )
262        global ldda2
263        ldda2 = get_latest_ldda_by_name( filename )
264        assert ldda2 is not None, 'Problem retrieving LibraryDatasetDatasetAssociation ldda2 from the database'
265        self.browse_library( cntrller='library',
266                             library_id=self.security.encode_id( library1.id ),
267                             strings_displayed=[ ldda2.name, ldda2.message, 'bed' ] )
268    def test_045_accessing_ldda2_with_role_associated_with_group_and_users( self ):
269        """Testing accessing ldda2 with a role that is associated with a group and users"""
270        # Logged in as admin_user
271        # admin_user should be able to see 2.bed since she is associated with role2
272        self.browse_library( cntrller='library',
273                             library_id=self.security.encode_id( library1.id ),
274                             strings_displayed=[ ldda2.name, ldda2.message, 'bed' ] )
275        self.logout()
276        # regular_user1 should be able to see 2.bed since she is associated with group_two
277        self.login( email = regular_user1.email )
278        self.browse_library( cntrller='library',
279                             library_id=self.security.encode_id( library1.id ),
280                             strings_displayed=[ folder1.name, ldda2.name, ldda2.message, 'bed' ] )
281        # Check the permissions on the dataset 2.bed - they are as folows:
282        # DATASET_MANAGE_PERMISSIONS = test@bx.psu.edu
283        # DATASET_ACCESS = Role2
284        #                  Role2 associations: test@bx.psu.edu and Group2
285        #                  Group2 members: Role1, Role2, test1@bx.psu.edu
286        #                  Role1 associations: test@bx.psu.edu, test1@bx.psu.edu, test3@bx.psu.edu
287        # LIBRARY_ADD = Role1
288        #               Role1 aassociations: test@bx.psu.edu, test1@bx.psu.edu, test3@bx.psu.edu
289        # LIBRARY_MODIFY = Role1
290        #                  Role1 aassociations: test@bx.psu.edu, test1@bx.psu.edu, test3@bx.psu.edu
291        # LIBRARY_MANAGE = Role1
292        #                  Role1 aassociations: test@bx.psu.edu, test1@bx.psu.edu, test3@bx.psu.edu        
293        self.ldda_edit_info( 'library',
294                             self.security.encode_id( library1.id ),
295                             self.security.encode_id( folder1.id ),
296                             self.security.encode_id( ldda2.id ),
297                             ldda2.name,
298                             strings_displayed=[ '2.bed',
299                                                 'This is the latest version of this library dataset',
300                                                 'Edit attributes of 2.bed' ] )
301        self.import_datasets_to_histories( cntrller='library',
302                                           library_id=self.security.encode_id( library1.id ),
303                                           ldda_ids=self.security.encode_id( ldda2.id ),
304                                           new_history_name='goodbye',
305                                           strings_displayed=[ '1 dataset imported into 1 history' ] )
306        self.logout()
307        # regular_user2 should not be able to see ldda2
308        self.login( email=regular_user2.email )
309        self.browse_library( cntrller='library',
310                             library_id=self.security.encode_id( library1.id ),
311                             strings_not_displayed=[ folder1.name, ldda2.name, ldda2.message ] )
312        
313        self.logout()
314        # regular_user3 should not be able to see ldda2
315        self.login( email=regular_user3.email )
316        self.browse_library( cntrller='library',
317                             library_id=self.security.encode_id( library1.id ),
318                             strings_displayed=[ folder1.name ],
319                             strings_not_displayed=[ ldda2.name, ldda2.message ] )
320        self.logout()
321        self.login( email=admin_user.email )
322        # Now makse ldda2 publicly accessible
323        self.make_library_item_public( self.security.encode_id( library1.id ),
324                                       self.security.encode_id( ldda2.id ),
325                                       item_type='ldda',
326                                       ldda_name=ldda2.name )
327        self.logout()
328        # regular_user2 should now be able to see ldda2
329        self.login( email=regular_user2.email )
330        self.browse_library( cntrller='library',
331                             library_id=self.security.encode_id( library1.id ),
332                             strings_displayed=[ folder1.name, ldda2.name, ldda2.message ] )
333        self.logout()
334        self.login( email=admin_user.email )
335        # Now make folder1 publicly acessible
336        self.make_library_item_public( self.security.encode_id( library1.id ),
337                                       self.security.encode_id( folder1.id ),
338                                       item_type='folder',
339                                       folder_name=folder1.name )
340        self.logout()
341        # regular_user3 should now be able to see ldda1
342        self.login( email=regular_user3.email )
343        self.browse_library( cntrller='library',
344                             library_id=self.security.encode_id( library1.id ),
345                             strings_displayed=[ folder1.name, ldda1.name, ldda1.message ] )
346        self.logout()
347        self.login( email=admin_user.email )
348    def test_050_upload_directory_of_files_from_admin_view( self ):
349        """Testing uploading a directory of files to library1 from the Admin view"""
350        # logged in as admin_user
351        ldda_message = 'This is a test for uploading a directory of files'
352        self.upload_library_dataset( cntrller='library_admin',
353                                     library_id=self.security.encode_id( library1.id ),
354                                     folder_id=self.security.encode_id( library1.root_folder.id ),
355                                     upload_option='upload_directory',
356                                     server_dir='library',
357                                     ldda_message=ldda_message,
358                                     strings_displayed=[ "Upload a directory of files" ] )
359        self.browse_library( cntrller='library_admin',
360                             library_id=self.security.encode_id( library1.id ),
361                             strings_displayed=[ 'bed', ldda_message ] )
362    def test_055_change_permissions_on_datasets_uploaded_from_library_dir( self ):
363        """Testing changing the permissions on datasets uploaded from a directory from the Admin view"""
364        # logged in as admin_user
365        # It would be nice if twill functioned such that the above test resulted in a
366        # form with the uploaded datasets selected, but it does not ( they're not checked ),
367        # so we'll have to simulate this behavior ( not ideal ) for the 'edit' action.  We
368        # first need to get the ldda.id for the 3 new datasets
369        latest_3_lddas = get_latest_lddas( 3 )
370        ldda_ids = ''
371        for ldda in latest_3_lddas:
372            ldda_ids += '%s,' % self.security.encode_id( ldda.id )
373        ldda_ids = ldda_ids.rstrip( ',' )
374        # Set permissions
375        self.ldda_permissions( 'library_admin',
376                               self.security.encode_id( library1.id ),
377                               self.security.encode_id( folder1.id ),
378                               ldda_ids,
379                               str( role1.id ),
380                               permissions_in=[ 'DATASET_ACCESS', 'LIBRARY_MANAGE' ],
381                               strings_displayed=[ 'Permissions updated for 3 datasets.' ] )
382        # Make sure the permissions have been correctly updated for the 3 datasets.  Permissions should 
383        # be all of the above on any of the 3 datasets that are imported into a history.
384        def check_edit_page( lddas, strings_displayed=[], strings_not_displayed=[] ):
385            for ldda in lddas:
386                # Import each library dataset into our history
387                self.import_datasets_to_histories( cntrller='library',
388                                                   library_id=self.security.encode_id( library1.id ),
389                                                   ldda_ids=self.security.encode_id( ldda.id ),
390                                                   new_history_name='hello' )
391                # Determine the new HistoryDatasetAssociation id created when the library dataset was imported into our history
392                last_hda_created = get_latest_hda()            
393                self.edit_hda_attribute_info( str( last_hda_created.id ),
394                                              strings_displayed=strings_displayed )
395        # admin_user is associated with role1, so should have all permissions on imported datasets
396        check_edit_page( latest_3_lddas,
397                         strings_displayed=[ 'Manage dataset permissions on',
398                                             'can manage the roles associated with permissions on this dataset',
399                                             'can import this dataset into their history for analysis' ] )
400        self.logout()
401        # regular_user1 is associated with role1, so should have all permissions on imported datasets
402        self.login( email=regular_user1.email )
403        check_edit_page( latest_3_lddas )
404        self.logout()
405        # Since regular_user2 is not associated with role1, she should not have
406        # access to any of the 3 datasets, so she will not see folder1 on the libraries page
407        self.login( email=regular_user2.email )        
408        self.browse_library( cntrller='library',
409                             library_id=self.security.encode_id( library1.id ),
410                             strings_not_displayed=[ folder1.name ] )
411        self.logout()
412        # regular_user3 is associated with role1, so should have all permissions on imported datasets
413        self.login( email=regular_user3.email )
414        check_edit_page( latest_3_lddas )
415        self.logout()
416        self.login( email=admin_user.email )
417        # Change the permissions and test again
418        self.ldda_permissions( 'library_admin',
419                               self.security.encode_id( library1.id ),
420                               self.security.encode_id( folder1.id ),
421                               ldda_ids,
422                               str( role1.id ),
423                               permissions_in=[ 'DATASET_ACCESS' ],
424                               strings_displayed=[ 'Permissions updated for 3 datasets.' ] )
425        # Even though we've eliminated the roles associated with the LIBRARY_MANAGE_PERMISSIONS permission,
426        # none of the roles associated with the DATASET_MANAGE permission sould have been changed.
427        check_edit_page( latest_3_lddas,
428                         strings_displayed=[ 'manage permissions' ] )
429    def test_060_restrict_access_to_library2( self ):
430        """Testing restricting access to library2"""
431        # Logged in as admin_user
432        # Make sure library2 is public
433        assert 'access library' not in [ a.action for a in library2.actions ], 'Library %s is not public when first created' % library2.name
434        # Set permissions on the library2
435        permissions_in = [ k for k, v in galaxy.model.Library.permitted_actions.items() ]
436        permissions_out = []
437        # Only admin_user will be permitted for
438        # LIBRARY_ACCESS, LIBRARY_ADD, LIBRARY_MODIFY, LIBRARY_MANAGE on library2 and its contents.
439        self.library_permissions( self.security.encode_id( library1.id ),
440                                  library1.name,
441                                  str( admin_user_private_role.id ),
442                                  permissions_in,
443                                  permissions_out )
444        # Make sure library2 is not accessible by regular_user2.
445        self.logout()
446        self.login( email=regular_user2.email )
447        self.visit_url( '%s/library/browse_libraries' % self.url )
448        try:
449            self.check_page_for_string( library2.name )
450            raise AssertionError, 'Library %s is accessible by %s when it should be restricted' % ( library2.name, regular_user2.email )
451        except:
452            pass
453        self.logout()
454        self.login( email=admin_user.email )
455    def test_065_create_ldda6( self ):
456        """Testing create ldda6, restricting access on upload form to admin_user's private role"""
457        filename = '6.bed'
458        ldda_message = 'ldda6'
459        self.upload_library_dataset( cntrller='library_admin',
460                                     library_id=self.security.encode_id( library2.id ),
461                                     folder_id=self.security.encode_id( library2.root_folder.id ),
462                                     filename=filename,
463                                     file_type='bed',
464                                     dbkey='hg18',
465                                     roles=[ str( admin_user_private_role.id ) ],
466                                     ldda_message=ldda_message,
467                                     strings_displayed=[ 'Upload files' ] )
468        global ldda6
469        ldda6 = get_latest_ldda_by_name( filename )
470        assert ldda6 is not None, 'Problem retrieving LibraryDatasetDatasetAssociation ldda6 from the database'
471    def test_070_add_folder2_to_library2( self ):
472        """Testing adding folder2 to a library2"""
473        # logged in as admin_user
474        root_folder = library2.root_folder
475        name = "Folder2"
476        description = "Folder2 description"
477        self.add_folder( 'library_admin',
478                         self.security.encode_id( library2.id ),
479                         self.security.encode_id( root_folder.id ),
480                         name=name,
481                         description=description )
482        global folder2
483        folder2 = get_folder( root_folder.id, name, description )
484        assert folder2 is not None, 'Problem retrieving folder2 from the database'
485    def test_075_create_ldda7( self ):
486        """Testing create ldda7, restricting access on upload form to admin_user's private role"""
487        filename = '7.bed'
488        ldda_message = 'ldda7'
489        self.upload_library_dataset( cntrller='library_admin',
490                                     library_id=self.security.encode_id( library2.id ),
491                                     folder_id=self.security.encode_id( folder2.id ),
492                                     filename=filename,
493                                     file_type='bed',
494                                     dbkey='hg18',
495                                     roles=[ str( admin_user_private_role.id ) ],
496                                     ldda_message=ldda_message,
497                                     strings_displayed=[ 'Upload files' ] )
498        global ldda7
499        ldda7 = get_latest_ldda_by_name( filename )
500        assert ldda7 is not None, 'Problem retrieving LibraryDatasetDatasetAssociation ldda7 from the database'
501    def test_080_add_subfolder2_to_folder2( self ):
502        """Testing adding subfolder2 to a folder2"""
503        # logged in as admin_user
504        name = "Subfolder2"
505        description = "Subfolder2 description"
506        self.add_folder( 'library_admin',
507                         self.security.encode_id( library2.id ),
508                         self.security.encode_id( folder2.id ),
509                         name=name,
510                         description=description )
511        global subfolder2
512        subfolder2 = get_folder( folder2.id, name, description )
513        assert subfolder2 is not None, 'Problem retrieving subfolder2 from the database'
514    def test_085_create_ldda8( self ):
515        """Testing create ldda8, restricting access on upload form to admin_user's private role"""
516        filename = '8.bed'
517        ldda_message = 'ldda8'
518        self.upload_library_dataset( cntrller='library_admin',
519                                     library_id=self.security.encode_id( library2.id ),
520                                     folder_id=self.security.encode_id( subfolder2.id ),
521                                     filename=filename,
522                                     file_type='bed',
523                                     dbkey='hg18',
524                                     roles=[ str( admin_user_private_role.id ) ],
525                                     ldda_message=ldda_message,
526                                     strings_displayed=[ 'Upload files' ] )
527        global ldda8
528        ldda8 = get_latest_ldda_by_name( filename )
529        assert ldda8 is not None, 'Problem retrieving LibraryDatasetDatasetAssociation ldda8 from the database'
530    def test_090_make_library2_and_contents_public( self ):
531        """Testing making library2 and all of its contents public"""
532        self.make_library_item_public( self.security.encode_id( library2.id ),
533                                       self.security.encode_id( library2.id ),
534                                       item_type='library',
535                                       contents=True,
536                                       library_name=library2.name )
537        # Make sure library2 is now accessible by regular_user2
538        self.logout()
539        self.login( email=regular_user2.email )
540        self.visit_url( '%s/library/browse_libraries' % self.url )
541        self.check_page_for_string( library2.name )
542        self.browse_library( cntrller='library',
543                             library_id=self.security.encode_id( library2.id ),
544                             strings_displayed=[ ldda6.name, ldda6.message, ldda7.name, ldda7.message, ldda8.name, ldda8.message ] )
545    def test_999_reset_data_for_later_test_runs( self ):
546        """Reseting data to enable later test runs to pass"""
547        # Logged in as regular_user2
548        self.logout()
549        self.login( email=admin_user.email )
550        ##################
551        # Purge all libraries
552        ##################
553        for library in [ library1, library2 ]:
554            self.delete_library_item( 'library_admin',
555                                      self.security.encode_id( library.id ),
556                                      self.security.encode_id( library.id ),
557                                      library.name,
558                                      item_type='library' )
559            self.purge_library( self.security.encode_id( library.id ), library.name )
560        ##################
561        # Eliminate all non-private roles
562        ##################
563        for role in [ role1, role2 ]:
564            self.mark_role_deleted( self.security.encode_id( role.id ), role.name )
565            self.purge_role( self.security.encode_id( role.id ), role.name )
566            # Manually delete the role from the database
567            refresh( role )
568            sa_session.delete( role )
569            sa_session.flush()
570        ##################
571        # Eliminate all groups
572        ##################
573        for group in [ group1 ]:
574            self.mark_group_deleted( self.security.encode_id( group.id ), group.name )
575            self.purge_group( self.security.encode_id( group.id ), group.name )
576            # Manually delete the group from the database
577            refresh( group )
578            sa_session.delete( group )
579            sa_session.flush()
580        ##################
581        # Make sure all users are associated only with their private roles
582        ##################
583        for user in [ admin_user, regular_user1, regular_user2, regular_user3 ]:
584            refresh( user )
585            if len( user.roles) != 1:
586                raise AssertionError( '%d UserRoleAssociations are associated with %s ( should be 1 )' % ( len( user.roles ), user.email ) )