diff options
Diffstat (limited to '')
31 files changed, 887 insertions, 170 deletions
@@ -20,7 +20,18 @@ What is ctrack? Recognising this need, **ctrack** is a proof-of-concept web application developed in-house by the Cyber Compliance Team at the UK Department for Transport that aims to demonstrate the improvements in workflow possible by storing data associated with OES and its associated CAF data in a relational database. It focuses on the absolute basics of managing any business data: *Create*, *Read*, *Update*, *Delete* (CRUD) functionality and demonstrates how collection and analysis of ongoing assessment data - using the CAF as the foundation (the framework, not the spreadsheet) - can be exponentially improved using the simplest of form-based web application. -Sensitivity of data --------------------- +Technical Notes +--------------- + +Stakeholders +############ + +A User can also be associated with a "stakeholder" object, which represents +a Person in the system who is also a User. This means there is an option for +designated third-parties can also have rights to log into the system + +Workflow is currently to add Person, User and Stakeholder objects in the Admin. +We would also want to restricted Stakeholder users from being able to do +anything in the system other than X. + -This application is only a proof-of-concept and does not address the issue of deployment to a secure platform which will be required in future when handling real data. diff --git a/ctrack/conftest.py b/ctrack/conftest.py index 60a177f..37a4a6c 100644 --- a/ctrack/conftest.py +++ b/ctrack/conftest.py @@ -1,11 +1,16 @@ +import os + import pytest from django.test import RequestFactory +from selenium import webdriver +from selenium.webdriver.firefox.options import Options from ctrack.organisations.models import ( Address, AddressType, Mode, Organisation, + Stakeholder, Submode, ) from ctrack.organisations.tests.factories import ( @@ -35,8 +40,9 @@ def person(user): submode = Submode.objects.create(descriptor="Light Rail", mode=mode) org = OrganisationFactory.create(submode=submode) person = PersonFactory.create( + first_name="Toss", + last_name="McBride", role=role, - updated_by=user, predecessor=None, organisation__submode=submode, organisation=org, @@ -56,5 +62,22 @@ def addr() -> Address: @pytest.fixture +def stakeholder(person): + s = Stakeholder.objects.create(person=person) + return s + + +@pytest.fixture def request_factory() -> RequestFactory: return RequestFactory() + + +@pytest.fixture(scope="module") +def browser(request): + "Provide selenium webdriver instance." + os.environ["PATH"] += os.pathsep + os.getcwd() + options = Options() + options.headless = True + browser_ = webdriver.Firefox(firefox_options=options) + yield browser_ + browser_.quit() diff --git a/ctrack/core/tests/test_functional.py b/ctrack/core/tests/test_functional.py new file mode 100644 index 0000000..6661072 --- /dev/null +++ b/ctrack/core/tests/test_functional.py @@ -0,0 +1,3 @@ +def test_can_get_homepage(browser): + browser.get("http://localhost:8000") + assert "ctrack" in browser.title diff --git a/ctrack/core/utils.py b/ctrack/core/utils.py index 00f8cbd..bebf176 100644 --- a/ctrack/core/utils.py +++ b/ctrack/core/utils.py @@ -1,25 +1,36 @@ import random -from random import randint, choice +from random import choice, randint from faker import Faker -from ctrack.assessments.models import CAFAssessment, CAFObjective, CAFPrinciple, CAFContributingOutcome, \ - CAFAssessmentOutcomeScore, AchievementLevel, IGP +from ctrack.assessments.models import ( + IGP, + AchievementLevel, + CAFAssessment, + CAFAssessmentOutcomeScore, + CAFContributingOutcome, + CAFObjective, + CAFPrinciple, +) from ctrack.caf.models import CAF from ctrack.caf.tests.factories import ( + ApplicableSystemFactory, + CAFFactory, + FileStoreFactory, GradingFactory, - FileStoreFactory, CAFFactory, ApplicableSystemFactory, ) -from ctrack.organisations.models import AddressType, Person -from ctrack.organisations.models import Mode -from ctrack.organisations.models import Submode -from ctrack.organisations.tests.factories import AddressFactory -from ctrack.organisations.tests.factories import OrganisationFactory -from ctrack.organisations.tests.factories import PersonFactory -from ctrack.organisations.tests.factories import RoleFactory -from ctrack.organisations.tests.factories import UserFactory -from ctrack.register.tests.factories import EngagementEventFactory -from ctrack.register.tests.factories import EngagementTypeFactory +from ctrack.organisations.models import AddressType, Mode, Person, Submode +from ctrack.organisations.tests.factories import ( + AddressFactory, + OrganisationFactory, + PersonFactory, + RoleFactory, +) +from ctrack.register.tests.factories import ( + EngagementEventFactory, + EngagementTypeFactory, +) +from ctrack.users.tests.factories import UserFactory fnames = [ "Clock Pylon Systems", @@ -72,10 +83,7 @@ def populate_db(**kwargs): submodes = [sb1, sb2, sb3, sb4, sb5, sb6, sb7] - # we need a User object to completed the updated_by fields in Organisation and Person - user = ( - UserFactory.create() - ) # we need to have at least one user for the updated_by field + user = UserFactory.create() # Create 40 Organisation objects if _org_number: @@ -100,7 +108,6 @@ def populate_db(**kwargs): for org in orgs: PersonFactory.create( role=choice(roles), - updated_by=user, predecessor=None, organisation__submode=choice(submodes), organisation=org, @@ -113,21 +120,18 @@ def populate_db(**kwargs): # noinspection PyUnboundLocalVariable p1 = PersonFactory.create( role=choice(roles), - updated_by=user, predecessor=None, organisation__submode=choice(submodes), organisation=org, ) p2 = PersonFactory.create( role=choice(roles), - updated_by=user, predecessor=None, organisation__submode=choice(submodes), organisation=org, ) p3 = PersonFactory.create( role=choice(roles), - updated_by=user, predecessor=None, organisation__submode=choice(submodes), organisation=org, @@ -144,7 +148,6 @@ def populate_db(**kwargs): inspectors = [ PersonFactory.create( role=inspector_role, - updated_by=user, job_title="Compliance Inspector", predecessor=None, organisation__submode=None, @@ -188,14 +191,26 @@ def populate_db(**kwargs): ) # We want to simulate 4 CAF Objectives - c_obj_a = CAFObjective.objects.create(name="Objective A: Managing security risk", - description="An important objective to fix the world.", order_id=1) - c_obj_b = CAFObjective.objects.create(name="Objective B: Protecting Against Cyber Attack", - description="An important objective to fix the world.", order_id=2) - c_obj_c = CAFObjective.objects.create(name="Objective C: Detecting Cyber Security Events", - description="An important objective to fix the world.", order_id=3) - c_obj_d = CAFObjective.objects.create(name="Objective D: Minimising the Impact of Cyber Security Incidents", - description="An important objective to fix the world.", order_id=4) + c_obj_a = CAFObjective.objects.create( + name="Objective A: Managing security risk", + description="An important objective to fix the world.", + order_id=1, + ) + c_obj_b = CAFObjective.objects.create( + name="Objective B: Protecting Against Cyber Attack", + description="An important objective to fix the world.", + order_id=2, + ) + c_obj_c = CAFObjective.objects.create( + name="Objective C: Detecting Cyber Security Events", + description="An important objective to fix the world.", + order_id=3, + ) + c_obj_d = CAFObjective.objects.create( + name="Objective D: Minimising the Impact of Cyber Security Incidents", + description="An important objective to fix the world.", + order_id=4, + ) # For each Objective, let's create four Principles p_a1 = CAFPrinciple.objects.create( @@ -203,28 +218,28 @@ def populate_db(**kwargs): designation="A1", title="Governance", description="When you don't have Governance, you have nothing.", - order_id=1 + order_id=1, ) p_a2 = CAFPrinciple.objects.create( caf_objective_id=c_obj_a.id, designation="A2", title="Risk Management", description="Don't take a risk, and don't get nowhere.", - order_id=2 + order_id=2, ) p_a3 = CAFPrinciple.objects.create( caf_objective_id=c_obj_a.id, designation="A3", title="Asset Management", description="Without assets, you have no raw materials to work with.", - order_id=3 + order_id=3, ) p_a4 = CAFPrinciple.objects.create( caf_objective_id=c_obj_a.id, designation="A4", title="Supply Chain", description="You need to get your stuff from somewhere.", - order_id=4 + order_id=4, ) p_b1 = CAFPrinciple.objects.create( @@ -232,28 +247,28 @@ def populate_db(**kwargs): designation="B1", title="Service Protection & Policies", description="Put in place the right protections for a future of security.", - order_id=1 + order_id=1, ) p_b2 = CAFPrinciple.objects.create( caf_objective_id=c_obj_b.id, designation="B2", title="Identity and Access Control", description="Stop the wrong people getting at your critical assets, okay.", - order_id=2 + order_id=2, ) p_b3 = CAFPrinciple.objects.create( caf_objective_id=c_obj_b.id, designation="B3", title="Data Security", description="Data is the new oil...", - order_id=3 + order_id=3, ) p_b4 = CAFPrinciple.objects.create( caf_objective_id=c_obj_b.id, designation="B4", title="System Security", description="If you have complicated systems, they need some sort of security.", - order_id=4 + order_id=4, ) p_b5 = CAFPrinciple.objects.create( @@ -261,7 +276,7 @@ def populate_db(**kwargs): designation="B5", title="Resilience Networks and Systems", description="When all else fails, there is always food to be cooked.", - order_id=5 + order_id=5, ) p_b6 = CAFPrinciple.objects.create( @@ -269,7 +284,7 @@ def populate_db(**kwargs): designation="B6", title="Staff Awareness and Training", description="You must ensure your people are trained and equipped for making a difference.", - order_id=6 + order_id=6, ) # Only two of these @@ -278,14 +293,14 @@ def populate_db(**kwargs): designation="C1", title="Security Monitoring", description="Monitoring the bits and pieces is the most important aspect of your life.", - order_id=1 + order_id=1, ) p_c2 = CAFPrinciple.objects.create( caf_objective_id=c_obj_c.id, designation="C2", title="Proactive Security and Event Discovery", description="If we're not proactive, we will get found out eventually.", - order_id=2 + order_id=2, ) # Only two of these too @@ -294,14 +309,14 @@ def populate_db(**kwargs): designation="D1", title="Response and Recovery Planning", description="Responding to the security problems since 1999...", - order_id=1 + order_id=1, ) p_d2 = CAFPrinciple.objects.create( caf_objective_id=c_obj_d.id, designation="D2", title="Improvements", description="Improving all the things.", - order_id=2 + order_id=2, ) # Based on these principles, it's time to gen some CAFContributingOutcomes @@ -311,294 +326,290 @@ def populate_db(**kwargs): name="Board Direction", description="You have forced your Board to listen to your whinging about cyber.", principle_id=p_a1.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="A1.b", name="Roles and Responsibilities", description="Your elders and betters are impressed and they continue to make money after your project " - "implementation.", + "implementation.", principle_id=p_a1.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="A1.c", name="Decision-making", description="If you are forced to participate in the Crystal Maze, you'll choose the coorect path across " - "the Gordian runway.", + "the Gordian runway.", principle_id=p_a1.id, - order_id=3 + order_id=3, ), CAFContributingOutcome.objects.create( designation="A2.a", name="Risk Management Process", description="You take mighty risks, but they are mitigated by more sensible people around you - good.", principle_id=p_a2.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="A2.b", name="Assurance", description="We all make mistakes, but in doing this well you at least have told people what you're doing.", principle_id=p_a2.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="A3.a", name="Asset Management", description="Taking care of these aspects of corporate life is commensurate with the money-making way.", principle_id=p_a3.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="A4.a", name="Supply Chain", description="Task your customers to take on all the risk, the debt, the hassle - you're good to go.", principle_id=p_a4.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="B1.a", name="Policy and Process Development", description="You are getting your process and policy development spot on.", principle_id=p_b1.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="B1.b", name="Policy and Process Information", description="Differs from the above in a few ways that will be discussed at a later date.", principle_id=p_b1.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="B2.a", name="ID Verification, Authentication and Authorisation", description="It is very important for people to be able to confirm they they truly are. Underneath.", principle_id=p_b2.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="B2.b", name="Device Management", description="Your devices, and their safe and sustainable use, is crucuial to the longevity of your " - "company.", + "company.", principle_id=p_b2.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="B2.c", name="Privileged User Mangement", description="You ensure that even the most privileged members of your senior management are under the " - "impression that they exude inequality, in all instances.", + "impression that they exude inequality, in all instances.", principle_id=p_b2.id, - order_id=3 + order_id=3, ), CAFContributingOutcome.objects.create( designation="B3.a", name="Understanding Data", description="You, more than anyone else in the organisation, know what your data means to you.", principle_id=p_b3.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="B3.b", name="Data in Transit", description="You are protecting your data as it moves along the Information Superhighway.", principle_id=p_b3.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="B3.c", name="Stored Data", description="You have stored your data in accordance with local environment laws.", principle_id=p_b3.id, - order_id=3 + order_id=3, ), CAFContributingOutcome.objects.create( designation="B3.d", name="Mobile Data", description="Mobile data is when data moves because it is stored in a moving thing.", principle_id=p_b3.id, - order_id=4 + order_id=4, ), CAFContributingOutcome.objects.create( designation="B3.e", name="Media/Equipment Sanitisation", description="You routinely wash and clean the legs and bottom brackets of your server racks.", principle_id=p_b3.id, - order_id=5 + order_id=5, ), CAFContributingOutcome.objects.create( designation="B4.a", name="Secure by Design", description="You have designed your systems to be secure and you're sure no one is going to hack " - "into them.", + "into them.", principle_id=p_b4.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="B4.b", name="Secure Configuration", description="When you are able to configure your systems and software well, you can say you have Secure " - "Configuration. Only then, mind.", + "Configuration. Only then, mind.", principle_id=p_b4.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="B4.c", name="Secure Management", description="Somehow this one is different from all the others but I'm not sure how.", principle_id=p_b4.id, - order_id=3 + order_id=3, ), CAFContributingOutcome.objects.create( designation="B4.d", name="Vulnerability Management", description="Doing this well means that you are at the top of your vulnerability scale.", principle_id=p_b4.id, - order_id=4 + order_id=4, ), CAFContributingOutcome.objects.create( designation="B5.a", name="Resilience Preparation", description="Totally ready for the coming of the cyber apocalyse. You practice this stuff regular.", principle_id=p_b5.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="B5.b", name="Design for Resilience", description="This stuff is built into your very working model.", principle_id=p_b5.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="B5.c", name="Backups", description="There is nowhere for you to go as a professional if you don't make backups of your data.", principle_id=p_b5.id, - order_id=3 + order_id=3, ), CAFContributingOutcome.objects.create( designation="B6.a", name="Cyber Security Culture", description="You're making them understand that this isn't going to go away in a hurry.", principle_id=p_b6.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="B6.b", name="Cyber Security Training", description="By the way, when youre staff are able to write C code, your company understands buffer " - "overflows.", + "overflows.", principle_id=p_b6.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="C1.a", name="Monitoring Coverage", description="At all times, you are vigilent to the threats out there, and ready to tackle them.", principle_id=p_c1.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="C1.b", name="Securing Logs", description="You might think the are a waste of time, but the Board thinks logging is important.", principle_id=p_c1.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="C1.c", name="Generating Alerts", description="Boo! There, you coped with it because you're good at this.", principle_id=p_c1.id, - order_id=3 + order_id=3, ), CAFContributingOutcome.objects.create( designation="C1.d", name="Identifying Security Incidents", description="You are wary of all the possible things that could go wrong and you have a plan to deal. Well " - "done.", + "done.", principle_id=p_c1.id, - order_id=4 + order_id=4, ), CAFContributingOutcome.objects.create( designation="C1.e", name="Monitoring Tools and Skills", description="All these things matter in today's switched on cyber-aware environment.", principle_id=p_c1.id, - order_id=5 + order_id=5, ), CAFContributingOutcome.objects.create( designation="C2.a", name="System Abnormalities for Attack Detection", description="Make sure you know how to look for things that mighty wrong on your network.", principle_id=p_c2.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="C2.b", name="Proactive Attack Discovery", description="When you go out looking for the bad stuff, you usefully find it - " - "and you know this in spades.", + "and you know this in spades.", principle_id=p_c2.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="D1.a", name="Response Plan", description="Yeah, we know it's boring but you've got to have one.", principle_id=p_d1.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="D1.b", name="Response and Recovery Capability", description="If you can't get back on your feet after you've been beat, where are you, really?", principle_id=p_d1.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="D1.c", name="Testing and Exercising", description="One of the most important things you should not be forgetting is this.", principle_id=p_d1.id, - order_id=3 + order_id=3, ), CAFContributingOutcome.objects.create( designation="D2.a", name="Incident Root Cause and Analysis", description="I guess there are always lessons learned, no matter how we good we are.", principle_id=p_d2.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="D2.b", name="Using Incidents to Drive Improvements", description="This is the kind of thing that bores us to tears but it simply has to be done.", principle_id=p_d2.id, - order_id=2 - ) + order_id=2, + ), ] achievement_levels = [ AchievementLevel.objects.create( - descriptor="Not Achieved", - colour_description="Red", - colour_hex="#000001" + descriptor="Not Achieved", colour_description="Red", colour_hex="#000001" ), AchievementLevel.objects.create( descriptor="Partially Achieved", colour_description="Amber", - colour_hex="#000002" + colour_hex="#000002", ), AchievementLevel.objects.create( - descriptor="Achieved", - colour_description="Green", - colour_hex="#000003" - ) + descriptor="Achieved", colour_description="Green", colour_hex="#000003" + ), ] for al in achievement_levels: @@ -610,7 +621,7 @@ def populate_db(**kwargs): IGP.objects.create( achievement_level=al, contributing_outcome=co, - descriptive_text=fake_txt + descriptive_text=fake_txt, ) else: for co in cos: @@ -620,7 +631,7 @@ def populate_db(**kwargs): IGP.objects.create( achievement_level=al, contributing_outcome=co, - descriptive_text=fake_txt + descriptive_text=fake_txt, ) # We want to create a CAF with a bunch of scoring now... @@ -637,6 +648,10 @@ def populate_db(**kwargs): CAFAssessmentOutcomeScore.objects.create( caf_assessment_id=caf_assessment.id, caf_contributing_outcome_id=c.id, - assessment_score=random.choice(["Achieved", "Partially Achieved", "Not Achieved"]), - baseline_assessment_score=random.choice(["Achieved", "Partially Achieved", "Not Achieved"]) + assessment_score=random.choice( + ["Achieved", "Partially Achieved", "Not Achieved"] + ), + baseline_assessment_score=random.choice( + ["Achieved", "Partially Achieved", "Not Achieved"] + ), ) diff --git a/ctrack/core/views.py b/ctrack/core/views.py index bee2d72..b80d212 100644 --- a/ctrack/core/views.py +++ b/ctrack/core/views.py @@ -1,5 +1,20 @@ +from django.contrib.auth.decorators import login_required from django.shortcuts import render +from ctrack.organisations.models import Organisation + +@login_required def home_page(request): - return render(request, "pages/home.html") + if request.user.is_stakeholder: + org = Organisation.objects.get( + name=request.user.stakeholder.person.get_organisation_name() + ) + systems = org.applicablesystem_set.all() + return render( + request, + "pages/stakeholder_home.html", + context={"org": org, "systems": systems}, + ) + else: + return render(request, "pages/home.html") diff --git a/ctrack/organisations/admin.py b/ctrack/organisations/admin.py index dbd7239..f85ddad 100644 --- a/ctrack/organisations/admin.py +++ b/ctrack/organisations/admin.py @@ -1,6 +1,15 @@ from django.contrib import admin -from .models import Organisation, Address, AddressType, Person, Role, Mode, Submode +from .models import ( + Address, + AddressType, + Mode, + Organisation, + Person, + Role, + Stakeholder, + Submode, +) # So we can get the organisation name - a reverse lookup @@ -16,6 +25,10 @@ class AddressTypeAdmin(admin.ModelAdmin): pass +class StakeholderAdmin(admin.ModelAdmin): + model = Stakeholder + + class AddressInLine(admin.StackedInline): model = Address max_num = 3 @@ -24,7 +37,7 @@ class AddressInLine(admin.StackedInline): class OrganisationAdmin(admin.ModelAdmin): inlines = [AddressInLine] - list_display = ("name", "submode", "date_updated", "updated_by") + list_display = ("name", "submode", "date_updated") class PersonAdmin(admin.ModelAdmin): @@ -58,3 +71,4 @@ admin.site.register(Role, RoleAdmin) admin.site.register(Person, PersonAdmin) admin.site.register(Mode, ModeAdmin) admin.site.register(Submode, SubmodeAdmin) +admin.site.register(Stakeholder, StakeholderAdmin) diff --git a/ctrack/organisations/migrations/0005_auto_20200525_1502.py b/ctrack/organisations/migrations/0005_auto_20200525_1502.py new file mode 100644 index 0000000..921fdbb --- /dev/null +++ b/ctrack/organisations/migrations/0005_auto_20200525_1502.py @@ -0,0 +1,29 @@ +# Generated by Django 3.0.5 on 2020-05-25 15:02 + +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + ('organisations', '0004_auto_20200513_1441'), + ] + + operations = [ + migrations.RemoveField( + model_name='organisation', + name='updated_by', + ), + migrations.RemoveField( + model_name='person', + name='updated_by', + ), + migrations.CreateModel( + name='Stakeholder', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('person', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='organisations.Person')), + ], + ), + ] diff --git a/ctrack/organisations/models.py b/ctrack/organisations/models.py index b11e97b..6a1b4ac 100644 --- a/ctrack/organisations/models.py +++ b/ctrack/organisations/models.py @@ -47,7 +47,7 @@ class Person(models.Model): to handle when Users are deleted from the system, preventing the Person objects related to them being deleted also. """ - return get_user_model().objects.get_or_create(username='DELETED USER')[0] + return get_user_model().objects.get_or_create(username="DELETED USER")[0] primary_nis_contact = models.BooleanField( default=False, verbose_name="Primary NIS contact" @@ -65,7 +65,9 @@ class Person(models.Model): mobile = models.CharField(max_length=20, blank=True) landline = models.CharField(max_length=20, blank=True) date_updated = models.DateField(auto_now=True) - updated_by = models.ForeignKey(get_user_model(), on_delete=models.SET(get_sentinel_user)) + # updated_by = models.ForeignKey( + # get_user_model(), on_delete=models.SET(get_sentinel_user) + # ) clearance = models.IntegerField(choices=CLEARANCE_LEVEL, default=1) clearance_sponsor = models.CharField(max_length=100, blank=True) clearance_start_date = models.DateField(blank=True, null=True) @@ -74,7 +76,11 @@ class Person(models.Model): active = models.BooleanField(default=True) date_ended = models.DateField(blank=True, null=True) predecessor = models.ForeignKey( - "self", blank=True, on_delete=models.CASCADE, related_name="previous_person", null=True + "self", + blank=True, + on_delete=models.CASCADE, + related_name="previous_person", + null=True, ) comments = models.TextField(max_length=1000, blank=True) @@ -116,7 +122,7 @@ class Organisation(models.Model): to handle when Users are deleted from the system, preventing the Organisations related to them being deleted also. """ - return get_user_model().objects.get_or_create(username='DELETED USER')[0] + return get_user_model().objects.get_or_create(username="DELETED USER")[0] name = models.CharField(max_length=255) slug = AutoSlugField(populate_from=["name"]) @@ -128,7 +134,9 @@ class Organisation(models.Model): registered_company_name = models.CharField(max_length=255, blank=True) registered_company_number = models.CharField(max_length=100, blank=True) date_updated = models.DateField(auto_now=True) - updated_by = models.ForeignKey(get_user_model(), on_delete=models.SET(get_sentinel_user)) + # updated_by = models.ForeignKey( + # get_user_model(), on_delete=models.SET(get_sentinel_user) + # ) comments = models.TextField(max_length=500, blank=True, null=True) active = models.BooleanField(default=True) @@ -166,3 +174,10 @@ class Address(models.Model): class Meta: verbose_name_plural = "Addresses" + + +class Stakeholder(models.Model): + person = models.ForeignKey(Person, on_delete=models.CASCADE) + + def __str__(self): + return f"{self.person.first_name} {self.person.last_name}" diff --git a/ctrack/organisations/templates/organisations/organisation_detail.html b/ctrack/organisations/templates/organisations/organisation_detail.html index daec5a9..2479f50 100644 --- a/ctrack/organisations/templates/organisations/organisation_detail.html +++ b/ctrack/organisations/templates/organisations/organisation_detail.html @@ -48,7 +48,7 @@ </tr> <tr> <td><strong>Updated By:</strong></td> - <td>{{ object.updated_by }}</td> + <td>REMOVED</td> </tr> <tr> <td><strong>Active:</strong></td> diff --git a/ctrack/organisations/tests/factories.py b/ctrack/organisations/tests/factories.py index 7acd887..ba2655e 100644 --- a/ctrack/organisations/tests/factories.py +++ b/ctrack/organisations/tests/factories.py @@ -33,6 +33,8 @@ def _random_submode(): class UserFactory(DjangoModelFactory): + # Better to create this using example in ctrack.users.tests.factories. + # Handles password generation correctly. class Meta: model = User @@ -51,7 +53,6 @@ class OrganisationFactory(DjangoModelFactory): registered_company_name = Faker("company") registered_company_number = Faker("numerify", text="######") date_updated = Faker("date_this_year", before_today=True) - updated_by = SubFactory(UserFactory) comments = Faker("paragraph", nb_sentences=3) active = True @@ -99,7 +100,6 @@ class PersonFactory(DjangoModelFactory): mobile = Faker("cellphone_number", locale="en_GB") landline = Faker("phone_number", locale="en_GB") date_updated = factory.LazyFunction(datetime.now) - updated_by = SubFactory(UserFactory) clearance = factory.LazyFunction(lambda: random.randint(1, 6)) clearance_sponsor = Faker("name", locale="en_GB") clearance_start_date = factory.LazyFunction(datetime.now) diff --git a/ctrack/organisations/views.py b/ctrack/organisations/views.py index fe88728..b929de4 100644 --- a/ctrack/organisations/views.py +++ b/ctrack/organisations/views.py @@ -1,12 +1,15 @@ -from typing import Any -from typing import Dict +from typing import Any, Dict -from django.contrib.auth.mixins import LoginRequiredMixin +from django.contrib.auth.mixins import ( + LoginRequiredMixin, + PermissionRequiredMixin, + UserPassesTestMixin, +) from django.db import transaction from django.urls import reverse_lazy -from django.views.generic import DetailView, ListView, CreateView +from django.views.generic import CreateView, DetailView, ListView -from .forms import OrganisationCreateForm, AddressInlineFormSet +from .forms import AddressInlineFormSet, OrganisationCreateForm from .models import Organisation @@ -27,19 +30,20 @@ class OrganisationCreate(LoginRequiredMixin, CreateView): context = self.get_context_data() addresses = context["addresses"] with transaction.atomic(): - form.instance.updated_by = self.request.user + # form.instance.updated_by = self.request.user REMOVED updated_by self.object = form.save() if addresses.is_valid(): addresses.instance = self.object addresses.save() return super().form_valid(form) - def get_success_url(self) -> str: + def get_success_url(self): return reverse_lazy("organisations:detail", kwargs={"slug": self.object.slug}) -class OrganisationListView(LoginRequiredMixin, ListView): +class OrganisationListView(LoginRequiredMixin, PermissionRequiredMixin, ListView): model = Organisation + permission_required = "organisations.view_organisation" def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) @@ -52,18 +56,18 @@ class OrganisationDetailView(LoginRequiredMixin, DetailView): def get_context_data(self, **kwargs: Any) -> Dict[str, Any]: context = super().get_context_data() - org = kwargs['object'] + org = kwargs["object"] no_addr = org.addresses.count() if no_addr > 1: - context['no_addr'] = no_addr + context["no_addr"] = no_addr addr = org.addresses.all() - context['addr'] = addr + context["addr"] = addr else: - context['no_addr'] = 1 + context["no_addr"] = 1 addr = org.addresses.first() - context['addr'] = addr + context["addr"] = addr people = org.person_set.all() - context['people'] = people + context["people"] = people applicable_systems = org.applicablesystem_set.all() - context['applicable_systems'] = applicable_systems + context["applicable_systems"] = applicable_systems return context diff --git a/ctrack/templates/403.html b/ctrack/templates/403.html index 77db8ae..e722dd3 100644 --- a/ctrack/templates/403.html +++ b/ctrack/templates/403.html @@ -5,5 +5,7 @@ {% block content %} <h1>Forbidden (403)</h1> +<p>Sorry. You do not have permission to view this page.</p> + <p>CSRF verification failed. Request aborted.</p> {% endblock content %} diff --git a/ctrack/templates/account/login.html b/ctrack/templates/account/login.html index bb261f4..f395478 100644 --- a/ctrack/templates/account/login.html +++ b/ctrack/templates/account/login.html @@ -38,7 +38,7 @@ for a {{ site_name }} account and sign in below:{% endblocktrans %}</p> <input type="hidden" name="{{ redirect_field_name }}" value="{{ redirect_field_value }}" /> {% endif %} <a class="button secondaryAction" href="{% url 'account_reset_password' %}">{% trans "Forgot Password?" %}</a> - <button class="primaryAction btn btn-primary" type="submit">{% trans "Sign In" %}</button> + <button class="primaryAction btn btn-primary" id="sign_in_button" type="submit">{% trans "Sign In" %}</button> </form> {% endblock %} diff --git a/ctrack/templates/base.html b/ctrack/templates/base.html index 4398926..c0ee4cd 100644 --- a/ctrack/templates/base.html +++ b/ctrack/templates/base.html @@ -3,7 +3,7 @@ <head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> - <title>{% block title %}ctrack{% endblock title %}</title> + <title>{% block title %}ctrack - Department for Transport{% endblock title %}</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> diff --git a/ctrack/templates/base_stakeholder.html b/ctrack/templates/base_stakeholder.html new file mode 100644 index 0000000..c2e8cbe --- /dev/null +++ b/ctrack/templates/base_stakeholder.html @@ -0,0 +1,115 @@ +{% load static i18n %}<!DOCTYPE html> +<html lang="en"> + <head> + <meta charset="utf-8"> + <meta http-equiv="x-ua-compatible" content="ie=edge"> + <title>{% block title %}ctrack - Department for Transport{% endblock title %}</title> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + <meta name="description" content=""> + <meta name="author" content=""> + + <!-- HTML5 shim, for IE6-8 support of HTML5 elements --> + <!--[if lt IE 9]> + <script src="https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js"></script> + <![endif]--> + + <link rel="icon" href="{% static 'images/favicons/favicon.ico' %}"> + + {% block css %} + + <!-- Latest compiled and minified Bootstrap CSS --> + <link href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous"> + + + <!-- Your stuff: Third-party CSS libraries go here --> + + <!-- This file stores project-specific CSS --> + + <link href="{% static 'css/project.css' %}" rel="stylesheet"> +{# <link rel="stylesheet" type="text/css" href="css/DataTables/datatables.min.css"/>#} + <link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/v/dt/dt-1.10.20/af-2.3.4/b-1.6.1/b-print-1.6.1/cr-1.5.2/r-2.2.3/datatables.min.css"/> + + {% endblock %} + + </head> + + <body> + + <div class="mb-1"> + <nav class="navbar lemon-bar navbar-expand-md navbar-light bg-light"> + <button class="navbar-toggler navbar-toggler-right" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation"> + <span class="navbar-toggler-icon"></span> + </button> + <a id="_title" class="navbar-brand" href="{% url 'core:home' %}">ctrack</a> + + <div class="collapse navbar-collapse" id="navbarSupportedContent"> + <ul class="navbar-nav mr-auto"> + <li class="nav-item active"> + <a class="nav-link" href="{% url 'core:home' %}">Home <span class="sr-only">(current)</span></a> + </li> + + {% if request.user.is_authenticated %} + <li class="nav-item"> + {# URL provided by django-allauth/account/urls.py #} + <a class="nav-link" href="{% url 'users:detail' request.user.username %}">{% trans "My Profile" %}</a> + </li> + <li class="nav-item"> + {# URL provided by django-allauth/account/urls.py #} + <a class="nav-link" href="{% url 'account_logout' %}">{% trans "Sign Out" %}</a> + </li> + {% else %} + <li class="nav-item"> + {# URL provided by django-allauth/account/urls.py #} + <a id="sign-up-link" class="nav-link" href="{% url 'account_signup' %}">{% trans "Sign Up" %}</a> + </li> + <li class="nav-item"> + {# URL provided by django-allauth/account/urls.py #} + <a id="log-in-link" class="nav-link" href="{% url 'account_login' %}">{% trans "Sign In" %}</a> + </li> + {% endif %} + </ul> + </div> + </nav> + + </div> + + <div class="container"> + + {% if messages %} + {% for message in messages %} + <div class="alert {% if message.tags %}alert-{{ message.tags }}{% endif %}">{{ message }}<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button></div> + {% endfor %} + {% endif %} + + {% block content %} + <p>Use this document as a way to quick start any new project.</p> + {% endblock content %} + + </div> <!-- /container --> + + {% block modal %}{% endblock modal %} + + <!-- Le javascript + ================================================== --> + <!-- Placed at the end of the document so the pages load faster --> + {% block javascript %} + + <!-- Bootstrap JS and its dependencies--> + <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script> + <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js" integrity="sha384-ZMP7rVo3mIykV+2+9J3UJ46jBk0WLaUAdn689aCwoqbBJiSnjAK/l8WvCWPIPm49" crossorigin="anonymous"></script> + <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous"></script> + + <!-- Your stuff: Third-party javascript libraries go here --> + + + <!-- place project specific Javascript in this file --> + + <script src="{% static 'js/project.js' %}"></script> +{# <script src="{% static 'js/DataTables/datatables.min.js' %}"></script>#} + <script type="text/javascript" src="https://cdn.datatables.net/v/dt/dt-1.10.20/af-2.3.4/b-1.6.1/b-print-1.6.1/cr-1.5.2/r-2.2.3/datatables.min.js"></script> + + + {% endblock javascript %} + </body> +</html> + diff --git a/ctrack/templates/pages/home.html b/ctrack/templates/pages/home.html index fbce9ff..324da8e 100644 --- a/ctrack/templates/pages/home.html +++ b/ctrack/templates/pages/home.html @@ -2,8 +2,6 @@ {% block content %} - <h1>User profile page</h1> - - <p>User: {{ object }}</p> + <p>THIS IS A TEMPLATE FOR A REGULAR USER</p> {% endblock content %} diff --git a/ctrack/templates/pages/stakeholder_home.html b/ctrack/templates/pages/stakeholder_home.html new file mode 100644 index 0000000..fd40c7a --- /dev/null +++ b/ctrack/templates/pages/stakeholder_home.html @@ -0,0 +1,162 @@ +{% extends "base_stakeholder.html" %} + +{% load static %} + +{% block content %} + + <div class="container mt-3"> + <div class="row"> + <div class="col-md-12 pl-0 my-2"> + + <h2>{{ org }} <span class="badge badge-light">{{ org.submode }}</span></h2> + + <p><span class="text-muted">{{ org.person_set.first }}</span></p> + + <p>THIS IS A TEMPLATE FOR A STAKEHOLDER USER</p> + + <div class="row"> + <div class="col-12"> + <div class="border border-success p-2 rounded bg-light"> + <h5>KEY INFORMATION:</h5> + <p>Please note that important notices go in here. This is the NIS Directive + portal for DfT. Etc.</p> + <p>Your lead inspector is <a href="#">Bob McKinnon</a>.</p> + <p>Other important messages will appear here when we deem it necessary. + Please ensure you remain in touch with what appears in this box because it + <strong>WILL</strong> be updated periodically.</p> + <span class="text-muted"><a href="#">Help</a> | + <a href="#">NIS Regulations</a> | + <a href="#">Improvement Plan Information</a> | + <a href="#">Report a problem</a></span> + </div> + </div> + </div> + + <hr> + + <div class="row"> + <div class="col md-12"> + <h2>Incident Reporting</h2> + <table class="table"> + <thead> + <tr> + <th scope="col">Incident</th> + <th scope="col">Date</th> + <th scope="col">Details</th> + <th scope="col">Status</th> + </tr> + </thead> + <tr> + <td>Power failure at Random Site</td> + <td>12 May 2020</td> + <td>There was a problem with some wires inside the black box at the site. + There was very little we could do until someone switched the circuit breakers off, + then we had to switch off the server that supplies the TLS link to the estate management + system. We failed on this one, big time.</td> + <td><strong><span class="badge badge-warning">UNRESOLVED</span></strong></td> + </tr> + <tr> + <td>Corruption of main database</td> + <td>8 December 2019</td> + <td>Weather got to the night-watchperson, who typed in the command to seal + the compound incorrectly. This led to a deluge of sand into the minky processor + which eventually wiped all data tables.</td> + <td><strong><span class="badge badge-success">RESOLVED</span></strong></td> + </tr> + </table> + <button class="btn btn-primary">Report a NIS incident</button> + </div> + </div> + <hr> + <div class="row"> + <div class="col md-12"> + <h2>Compliance Events</h2> + <table class="table"> + <thead> + <th scope="col">Date</th> + <th scope="col">Type</th> + <th scope="col">Location</th> + <th scope="col">Notes</th> + <th scope="col">CAF scope</th> + <th scope="col">Status</th> + <th scope="col">Report</th> + </thead> + <tr> + <td>23 October 2020</td> + <td>Inspection</td> + <td>Hammersmith</td> + <td>Follow up to <a href="#">July call</a></td> + <td> + <span class="badge badge-warning">A2.c</span> + <span class="badge badge-danger">B2.a</span> + </td> + <td><span class="badge badge-warning">SCHEDULED</span></td> + <td></td> + </tr> + <tr> + <td>5 June 2020</td> + <td>Audit</td> + <td>Hammersmith</td> + <td>NA</td> + <td> + <span class="badge badge-danger">A2.c</span> + <span class="badge badge-secondary">B5.c</span> + <span class="badge badge-secondary">B6</span> + <span class="badge badge-secondary">B7</span> + </td> + <td><span class="badge badge-success">RESOLVED</span></td> + <td><a href="#">DfT-NIS-2302A</a></td> + <tr> + <tr> + <td>19 January 2020</td> + <td>Meeting</td> + <td>Video</td> + <td>NA</td> + <td> + <span class="badge badge-secondary">Obj C</span> + </td> + <td><span class="badge badge-success">RESOLVED</span></td> + <td></td> + <tr> + </table> + </div> + </div> + + <hr> + + <div class="row"> + <div class="col md-12"> + <h2>NIS systems</h2> + <table class="table"> + <thead> + <tr> + <th scope="col">System Name</th> + <th scope="col">Description</th> + <th scope="col">CAF</th> + </tr> + </thead> + {% for system in systems %} + <tr> + <td>{{ system.name }}</td> + <td>{{ system.description }}</td> + <td>{{ system.caf }} | <small><a href="#">Update WebCAF</a></small></td> + </tr> + {% endfor %} + </table> + </div> + </div> + + <hr> + + <div class="row"> + <div class="col md-12"> + <h2>DfT Engagement</h2> + <p>No engagement with DfT currently scheduled</p> + </div> + </div> + + </div> + </div> + </div> + +{% endblock content %} diff --git a/ctrack/users/admin.py b/ctrack/users/admin.py index 120cc64..7e930d8 100644 --- a/ctrack/users/admin.py +++ b/ctrack/users/admin.py @@ -12,6 +12,8 @@ class UserAdmin(auth_admin.UserAdmin): form = UserChangeForm add_form = UserCreationForm - fieldsets = (("User", {"fields": ("name",)}),) + auth_admin.UserAdmin.fieldsets - list_display = ["username", "name", "is_superuser"] + fieldsets = ( + ("User", {"fields": ("name", "stakeholder")}), + ) + auth_admin.UserAdmin.fieldsets + list_display = ["username", "name", "is_superuser", "stakeholder"] search_fields = ["name"] diff --git a/ctrack/users/migrations/0005_delete_userprofile.py b/ctrack/users/migrations/0005_delete_userprofile.py new file mode 100644 index 0000000..42f62bb --- /dev/null +++ b/ctrack/users/migrations/0005_delete_userprofile.py @@ -0,0 +1,16 @@ +# Generated by Django 3.0.5 on 2020-05-25 14:41 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('users', '0004_auto_20200524_1945'), + ] + + operations = [ + migrations.DeleteModel( + name='UserProfile', + ), + ] diff --git a/ctrack/users/migrations/0006_user_stakeholder.py b/ctrack/users/migrations/0006_user_stakeholder.py new file mode 100644 index 0000000..d8a3089 --- /dev/null +++ b/ctrack/users/migrations/0006_user_stakeholder.py @@ -0,0 +1,20 @@ +# Generated by Django 3.0.5 on 2020-05-25 15:02 + +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + ('organisations', '0005_auto_20200525_1502'), + ('users', '0005_delete_userprofile'), + ] + + operations = [ + migrations.AddField( + model_name='user', + name='stakeholder', + field=models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='organisations.Stakeholder'), + ), + ] diff --git a/ctrack/users/models.py b/ctrack/users/models.py index 8f07b15..052efd6 100644 --- a/ctrack/users/models.py +++ b/ctrack/users/models.py @@ -1,14 +1,28 @@ from django.contrib.auth.models import AbstractUser -from django.db.models import CharField +from django.db import models from django.urls import reverse from django.utils.translation import ugettext_lazy as _ +from ctrack.organisations.models import Stakeholder + class User(AbstractUser): - # First Name and Last Name do not cover name patterns - # around the globe. - name = CharField(_("Name of User"), blank=True, max_length=255) + name = models.CharField(_("Name of User"), blank=True, max_length=255) + stakeholder = models.OneToOneField( + Stakeholder, on_delete=models.CASCADE, null=True, blank=True + ) def get_absolute_url(self): return reverse("users:detail", kwargs={"username": self.username}) + + @property + def is_stakeholder(self): + if self.stakeholder is not None: + return True + else: + return False + + def get_organisation_name(self): + if self.is_stakeholder: + return self.stakeholder.person.organisation.name diff --git a/ctrack/users/stakeholder.py b/ctrack/users/stakeholder.py index d15dd39..a8b4329 100644 --- a/ctrack/users/stakeholder.py +++ b/ctrack/users/stakeholder.py @@ -1,7 +1,3 @@ from django.db import models from ctrack.organisations.models import Person - - -class Stakeholder(models.Model): - person = models.ForeignKey(Person, on_delete=models.CASCADE) diff --git a/ctrack/users/tests/test_functional.py b/ctrack/users/tests/test_functional.py new file mode 100644 index 0000000..5622ab3 --- /dev/null +++ b/ctrack/users/tests/test_functional.py @@ -0,0 +1,124 @@ +""" +Functional tests. Are probably SLOW thanks to using Selenium to load a browser instance. + +The use case being tested here is related to a user being able to log in and hit +the correct page, containing their details. Those details depend on whether they are +a regular user or a stakeholder user. +""" + +import time + +import pytest +from django.contrib.auth.models import Permission + +from ctrack.users.models import User + +pytestmark = pytest.mark.django_db + + +def test_regular_user_can_log_in(browser, live_server): + + # Toss McBride is an OES user. He logs into the system... + User.objects.create_user(username="toss", password="knob") + browser.get(live_server + "/accounts/login") + browser.find_element_by_id("id_login").send_keys("toss") + browser.find_element_by_id("id_password").send_keys("knob") + browser.find_element_by_id("sign_in_button").submit() + time.sleep(1) + current_url = browser.current_url + assert current_url == live_server + "/" + + type_user_message = browser.find_elements_by_tag_name("p") + assert "THIS IS A TEMPLATE FOR A REGULAR USER" in [ + m.text for m in type_user_message + ] + + +def test_stakeholder_can_log_in_and_see_their_home(browser, live_server, stakeholder): + # Toss McBride is an OES user. He logs into the system... + + user = User.objects.create_user(username="toss", password="knob") + user.stakeholder = stakeholder + org = user.stakeholder.person.get_organisation_name() + user.save() + browser.get(live_server + "/accounts/login") + browser.find_element_by_id("id_login").send_keys("toss") + browser.find_element_by_id("id_password").send_keys("knob") + browser.find_element_by_id("sign_in_button").submit() + time.sleep(1) + current_url = browser.current_url + assert current_url == live_server + "/" + + p_tags = browser.find_elements_by_tag_name("p") + h2_tags = browser.find_elements_by_tag_name("h2") + assert "THIS IS A TEMPLATE FOR A STAKEHOLDER USER" in [m.text for m in p_tags] + assert org in [m.text for m in h2_tags] + assert ( + f"{user.stakeholder.person.first_name} {user.stakeholder.person.last_name}" + in [m.text for m in p_tags] + ) + + +def test_stakeholder_can_log_in_but_receieved_permisson_denied_when_off_piste( + browser, live_server, stakeholder +): + user = User.objects.create_user(username="toss", password="knob") + user.stakeholder = stakeholder + user.save() + browser.get(live_server + "/accounts/login") + browser.find_element_by_id("id_login").send_keys("toss") + browser.find_element_by_id("id_password").send_keys("knob") + browser.find_element_by_id("sign_in_button").submit() + time.sleep(1) + # Try to browser to Organisations list + browser.get(live_server + "/organisations") + assert "Sorry. You do not have permission to view this page." in [ + x.text for x in browser.find_elements_by_tag_name("p") + ] + + +def test_stakeholder_user_with_permissions_can_view_page( + browser, live_server, stakeholder +): + user = User.objects.create_user(username="toss", password="knob") + user.stakeholder = stakeholder + org_list_permission = Permission.objects.get(name="Can view organisation") + + # Add the permission to view an Organisation, which is set on OrganisationListView + assert user.user_permissions.count() == 0 + user.user_permissions.add(org_list_permission) + assert user.user_permissions.count() == 1 + user.save() + + browser.get(live_server + "/accounts/login") + browser.find_element_by_id("id_login").send_keys("toss") + browser.find_element_by_id("id_password").send_keys("knob") + browser.find_element_by_id("sign_in_button").submit() + time.sleep(1) + # Try to browser to Organisations list + browser.get(live_server + "/organisations") + assert "Organisations" in browser.title + + +def test_stakeholder_user_can_see_requisite_subtitles_on_home_page( + browser, live_server, stakeholder +): + user = User.objects.create_user(username="toss", password="knob") + user.stakeholder = stakeholder + user.save() + browser.get(live_server + "/accounts/login") + browser.find_element_by_id("id_login").send_keys("toss") + browser.find_element_by_id("id_password").send_keys("knob") + browser.find_element_by_id("sign_in_button").submit() + time.sleep(1) + current_url = browser.current_url + assert current_url == live_server + "/" + + # On the other side, he sees some basic details about himself. + assert "ctrack - Department for Transport" in browser.title + + h2 = browser.find_elements_by_tag_name("h2") + assert "Incident Reporting" in [x.text for x in h2] + assert "Audits and Inspections" in [x.text for x in h2] + assert "NIS systems" in [x.text for x in h2] + assert "DfT Engagement" in [x.text for x in h2] diff --git a/ctrack/users/tests/test_models.py b/ctrack/users/tests/test_models.py index 2d45cca..368be34 100644 --- a/ctrack/users/tests/test_models.py +++ b/ctrack/users/tests/test_models.py @@ -1,6 +1,6 @@ import pytest -from ctrack.users.stakeholder import Stakeholder +from ctrack.organisations.models import Stakeholder pytestmark = pytest.mark.django_db @@ -16,10 +16,14 @@ def test_user_is_person_object(user): assert user -def test_stakeholder_model(person): +def test_stakeholder_model(person, user): """ A stakeholder is someone who is part of the regime but also has user access to the the system. """ stakeholder = Stakeholder(person=person) - assert stakeholder + org = person.organisation.name + user.stakeholder = stakeholder + assert user.stakeholder.person.first_name == "Toss" + assert user.is_stakeholder is True + assert user.get_organisation_name() == org diff --git a/ctrack/users/tests/test_views.py b/ctrack/users/tests/test_views.py index 3299cd6..8dc4825 100644 --- a/ctrack/users/tests/test_views.py +++ b/ctrack/users/tests/test_views.py @@ -1,7 +1,9 @@ import pytest -from django.contrib.auth import get_user_model +from django.contrib.auth.models import Permission from django.test import RequestFactory +from ctrack.core.views import home_page +from ctrack.organisations.views import OrganisationListView from ctrack.users.models import User from ctrack.users.views import UserDetailView, UserRedirectView, UserUpdateView @@ -44,23 +46,137 @@ class TestUserRedirectView: view.request = request - assert view.get_redirect_url() == f"/users/{user.username}/" + assert view.get_redirect_url() == "/" -def test_profile_view_contains_organisation_information(): - """url: users/username - This is where users are redirected to when they log in and where I want to capture - information about the user - particularly if they are an OES user. +def test_profile_view_contains_organisation_information( + person, user, request_factory, stakeholder +): """ - user = get_user_model().objects.create_user( - username="testy", email="testy@test.com", password="test1020" - ) - factory = RequestFactory() - request = factory.get(f"/users/{user.username}") + This tests the context_data - not the rendered page... We'll do that in the + next test. + """ + org_name = person.organisation.name + user.stakeholder = stakeholder + user.save() + request = request_factory.get(f"/users/{user.username}") + # we have to do the following to simulate logged-in user # Django Advanced Testing Topics request.user = user + + # We pass 'username' rather than 'slug' here because we are setting 'slug_url_kwarg' in our CBV. response = UserDetailView.as_view()(request, username=user.username) + + assert response.status_code == 200 + assert response.context_data["user"].username == user.username + assert response.context_data["user"].is_stakeholder is True + assert response.context_data["user"].stakeholder.person.first_name == "Toss" + + # Two ways of getting the organisaton name + assert ( + response.context_data["user"].stakeholder.person.get_organisation_name() + == org_name + ) + assert response.context_data["user"].get_organisation_name() == org_name + assert response.context_data["user"].stakeholder.person.first_name == "Toss" + + +def test_home_page_h1_tag_with_client(client, django_user_model): + """ + Basic test of HTML from the home page. + """ + django_user_model.objects.create_user(username="toss", password="knob") + client.login(username="toss", password="knob") + response = client.get("/") + assert response.status_code == 200 + assert response.content[:15] == b"<!DOCTYPE html>" + assert b"<title>ctrack - Department for Transport</title>" in response.content + assert b"<h1>Welcome to ctrack - Department for Transport</h1>" in response.content + assert b"</html>" in response.content + + +def test_regular_user_redirected_to_their_template_on_login( + django_user_model, request_factory: RequestFactory +): + """ + When a user logs in without a stakeholder mapping, they get sent to the regular user + template. + """ + user = django_user_model.objects.create_user(username="toss", password="knob") + request = request_factory.get("/") + request.user = user + response = home_page(request) + assert response.status_code == 200 + assert b"<p>THIS IS A TEMPLATE FOR A REGULAR USER</p>" in response.content + + +def test_stakeholder_redirected_to_their_template_on_login( + django_user_model, request_factory: RequestFactory, stakeholder +): + """ + When a user logs in WITH a stakeholder mapping, they get sent to the stakehoder user + template. + """ + user = django_user_model.objects.create_user(username="toss", password="knob") + user.stakeholder = stakeholder + user.save() + request = request_factory.get("/") + request.user = user + response = home_page(request) + assert response.status_code == 200 + assert b"THIS IS A TEMPLATE FOR A STAKEHOLDER USER" in response.content + + +def test_stakeholder_returns_is_stakeholder( + django_user_model, request_factory, stakeholder +): + user = django_user_model.objects.create_user(username="toss", password="knob") + user.stakeholder = stakeholder + user.save() + request = request_factory.get("/") + request.user = user + assert request.user.is_stakeholder is True + + +def test_stakeholder_user_is_not_staff(django_user_model, stakeholder): + user = django_user_model.objects.create_user(username="toss", password="knob") + user.stakeholder = stakeholder + user.save() + assert user.is_staff is False + + +def test_stakeholder_user_gets_301_when_trying_to_access_view_with_perm_set( + django_user_model, client, stakeholder +): + """ + No permissions are set when a regular user is created. This test knows that a suitable + permission is set on the ctrack.organisations.view.OrganisationListView, and therefore we + would expect a redirect/403 persmission denied response when trying to reach it with a + regular user. + """ + user = django_user_model.objects.create_user(username="toss", password="knob") + user.stakeholder = stakeholder + user.save() + client.login(username="toss", password="knob") + response = client.get(path="https://localhost:8000/organisations") + assert ( + response.status_code == 301 + ) # This page redirects to 403.html, hence why its a 301 (I think) + + +@pytest.mark.skip("Explore why this does not pass - it passess in functional style") +def test_staff_user_gets_200_when_trying_to_access_view_with_perm_set( + django_user_model, client, stakeholder +): + user = django_user_model.objects.create_user(username="toss", password="knob") + user.stakeholder = stakeholder + org_list_permission = Permission.objects.get(name="Can view organisation") + assert user.user_permissions.count() == 0 + user.user_permissions.add(org_list_permission) + assert user.has_perm("organisations.view_organisation") + user.save() + logged_in = client.login(username="toss", password="knob") + assert logged_in is True + response = client.get("/organisations") assert response.status_code == 200 - # TODO - work out how we can attach an organisation to the User model - assert False, "This does nothing yet" diff --git a/ctrack/users/views.py b/ctrack/users/views.py index a292191..8e504e4 100644 --- a/ctrack/users/views.py +++ b/ctrack/users/views.py @@ -11,7 +11,13 @@ User = get_user_model() class UserDetailView(LoginRequiredMixin, DetailView): model = User + + # This names the field in the model that contains the slug. Want it to be thise so that is a good + # citizen to be used in a URL slug_field = "username" + + # the name of the URLConf keyword argument that contains the slug. By default, slug_url_kwarg is 'slug'. + # we have to pass 'username' as the argument when testing UserDetailView because of this. slug_url_kwarg = "username" @@ -44,7 +50,11 @@ class UserRedirectView(LoginRequiredMixin, RedirectView): permanent = False def get_redirect_url(self): - return reverse("users:detail", kwargs={"username": self.request.user.username}) + return reverse("core:home") + + +# def get_redirect_url(self): +# return reverse("users:detail", kwargs={"username": self.request.user.username}) user_redirect_view = UserRedirectView.as_view() diff --git a/geckodriver b/geckodriver Binary files differnew file mode 100755 index 0000000..ff08a41 --- /dev/null +++ b/geckodriver @@ -1,3 +1,6 @@ [pytest] -addopts = --ds=config.settings.test --color=no --nomigrations --reuse-db +addopts = + --ds=config.settings.test --color=no --disable-warnings --nomigrations --reuse-db +filterwarnings = + ignore::DeprecationWarning python_files = tests.py test_*.py diff --git a/requirements/base.txt b/requirements/base.txt index e450c2b..b1c994e 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -1,6 +1,6 @@ # Django # ------------------------------------------------------------------------------ -django==3.0.5 # pyup: < 3.0 # https://www.djangoproject.com/ +django==2.2.12 # pyup: < 3.0 # https://www.djangoproject.com/ django-environ # https://github.com/joke2k/django-environ django-allauth>=0.41.0 django-crispy-forms>=1.9.0 diff --git a/requirements/local.txt b/requirements/local.txt index fba9818..eacbdb5 100644 --- a/requirements/local.txt +++ b/requirements/local.txt @@ -5,7 +5,8 @@ psycopg2-binary # https://github.com/psycopg/psycopg2 # Testing # ------------------------------------------------------------------------------ -pytest # https://github.com/pytest-dev/pytest +pytest==5.4.2 # https://github.com/pytest-dev/pytest +selenium==3.141.0 # Code quality # ------------------------------------------------------------------------------ diff --git a/utility/truncate_script.sql b/utility/truncate_script.sql index 864b99f..3c151fa 100644 --- a/utility/truncate_script.sql +++ b/utility/truncate_script.sql @@ -12,6 +12,11 @@ TRUNCATE TABLE caf_grading RESTART IDENTITY CASCADE; TRUNCATE TABLE caf_caf RESTART IDENTITY CASCADE; TRUNCATE TABLE caf_documentfile RESTART IDENTITY CASCADE; TRUNCATE TABLE caf_applicablesystem RESTART IDENTITY CASCADE; +TRUNCATE TABLE caf_filestore RESTART IDENTITY CASCADE; +TRUNCATE TABLE caf_documentfile RESTART IDENTITY CASCADE; +TRUNCATE TABLE register_engagementevent RESTART IDENTITY CASCADE; +TRUNCATE TABLE register_engagementtype RESTART IDENTITY CASCADE; +TRUNCATE TABLE register_engagementevent_participants RESTART IDENTITY CASCADE; TRUNCATE TABLE assessments_cafcontributingoutcome RESTART IDENTITY CASCADE; TRUNCATE TABLE assessments_cafobjective RESTART IDENTITY CASCADE; TRUNCATE TABLE assessments_cafprinciple RESTART IDENTITY CASCADE; |