test_delegated_admin.py
152 lines
| 5.8 KiB
| text/x-python
|
PythonLexer
r1443 | # -*- coding: utf-8 -*- | |||
r3363 | # Copyright (C) 2016-2019 RhodeCode GmbH | |||
r1443 | # | |||
# This program is free software: you can redistribute it and/or modify | ||||
# it under the terms of the GNU Affero General Public License, version 3 | ||||
# (only), as published by the Free Software Foundation. | ||||
# | ||||
# This program is distributed in the hope that it will be useful, | ||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
# GNU General Public License for more details. | ||||
# | ||||
# You should have received a copy of the GNU Affero General Public License | ||||
# along with this program. If not, see <http://www.gnu.org/licenses/>. | ||||
# | ||||
# This program is dual-licensed. If you wish to learn more about the | ||||
# RhodeCode Enterprise Edition, including its added features, Support services, | ||||
# and proprietary license terms, please see https://rhodecode.com/licenses/ | ||||
import pytest | ||||
r2175 | from rhodecode.tests import TestController | |||
r1443 | from rhodecode.tests.fixture import Fixture | |||
r1980 | def route_path(name, params=None, **kwargs): | |||
import urllib | ||||
from rhodecode.apps._base import ADMIN_PREFIX | ||||
base_url = { | ||||
'home': '/', | ||||
r3609 | 'admin_home': ADMIN_PREFIX, | |||
r2014 | 'repos': | |||
ADMIN_PREFIX + '/repos', | ||||
r2175 | 'repo_groups': | |||
ADMIN_PREFIX + '/repo_groups', | ||||
r3623 | 'repo_groups_data': | |||
ADMIN_PREFIX + '/repo_groups_data', | ||||
r1980 | 'user_groups': | |||
ADMIN_PREFIX + '/user_groups', | ||||
'user_groups_data': | ||||
ADMIN_PREFIX + '/user_groups_data', | ||||
}[name].format(**kwargs) | ||||
if params: | ||||
base_url = '{}?{}'.format(base_url, urllib.urlencode(params)) | ||||
return base_url | ||||
r1443 | fixture = Fixture() | |||
r1980 | class TestAdminDelegatedUser(TestController): | |||
r1774 | ||||
r3609 | def test_regular_user_cannot_see_admin_interfaces(self, user_util, xhr_header): | |||
r1443 | user = user_util.create_user(password='qweqwe') | |||
r3609 | user_util.inherit_default_user_permissions(user.username, False) | |||
r1443 | self.log_user(user.username, 'qweqwe') | |||
r3609 | # user doesn't have any access to resources so main admin page should 404 | |||
self.app.get(route_path('admin_home'), status=404) | ||||
r1443 | ||||
r2014 | response = self.app.get(route_path('repos'), status=200) | |||
r1443 | response.mustcontain('data: []') | |||
r3623 | response = self.app.get(route_path('repo_groups_data'), | |||
status=200, extra_environ=xhr_header) | ||||
assert response.json['data'] == [] | ||||
r1443 | ||||
r1980 | response = self.app.get(route_path('user_groups_data'), | |||
status=200, extra_environ=xhr_header) | ||||
assert response.json['data'] == [] | ||||
r1443 | ||||
r3609 | def test_regular_user_can_see_admin_interfaces_if_owner(self, user_util, xhr_header): | |||
r1443 | user = user_util.create_user(password='qweqwe') | |||
username = user.username | ||||
repo = user_util.create_repo(owner=username) | ||||
repo_name = repo.repo_name | ||||
repo_group = user_util.create_repo_group(owner=username) | ||||
repo_group_name = repo_group.group_name | ||||
user_group = user_util.create_user_group(owner=username) | ||||
user_group_name = user_group.users_group_name | ||||
self.log_user(username, 'qweqwe') | ||||
r3609 | ||||
response = self.app.get(route_path('admin_home')) | ||||
r1443 | ||||
assert_response = response.assert_response() | ||||
r3609 | assert_response.element_contains('td.delegated-admin-repos', '1') | |||
assert_response.element_contains('td.delegated-admin-repo-groups', '1') | ||||
assert_response.element_contains('td.delegated-admin-user-groups', '1') | ||||
r1443 | ||||
# admin interfaces have visible elements | ||||
r2014 | response = self.app.get(route_path('repos'), status=200) | |||
r1443 | response.mustcontain('"name_raw": "{}"'.format(repo_name)) | |||
r3623 | response = self.app.get(route_path('repo_groups_data'), | |||
extra_environ=xhr_header, status=200) | ||||
r1443 | response.mustcontain('"name_raw": "{}"'.format(repo_group_name)) | |||
r1980 | response = self.app.get(route_path('user_groups_data'), | |||
extra_environ=xhr_header, status=200) | ||||
response.mustcontain('"name_raw": "{}"'.format(user_group_name)) | ||||
r1443 | ||||
r1980 | def test_regular_user_can_see_admin_interfaces_if_admin_perm( | |||
self, user_util, xhr_header): | ||||
r1443 | user = user_util.create_user(password='qweqwe') | |||
username = user.username | ||||
repo = user_util.create_repo() | ||||
repo_name = repo.repo_name | ||||
repo_group = user_util.create_repo_group() | ||||
repo_group_name = repo_group.group_name | ||||
user_group = user_util.create_user_group() | ||||
user_group_name = user_group.users_group_name | ||||
user_util.grant_user_permission_to_repo( | ||||
repo, user, 'repository.admin') | ||||
user_util.grant_user_permission_to_repo_group( | ||||
repo_group, user, 'group.admin') | ||||
user_util.grant_user_permission_to_user_group( | ||||
user_group, user, 'usergroup.admin') | ||||
self.log_user(username, 'qweqwe') | ||||
# check if in home view, such user doesn't see the "admin" menus | ||||
r3609 | response = self.app.get(route_path('admin_home')) | |||
r1443 | ||||
assert_response = response.assert_response() | ||||
r3609 | assert_response.element_contains('td.delegated-admin-repos', '1') | |||
assert_response.element_contains('td.delegated-admin-repo-groups', '1') | ||||
assert_response.element_contains('td.delegated-admin-user-groups', '1') | ||||
r1443 | ||||
# admin interfaces have visible elements | ||||
r2014 | response = self.app.get(route_path('repos'), status=200) | |||
r1443 | response.mustcontain('"name_raw": "{}"'.format(repo_name)) | |||
r3623 | response = self.app.get(route_path('repo_groups_data'), | |||
extra_environ=xhr_header, status=200) | ||||
r1443 | response.mustcontain('"name_raw": "{}"'.format(repo_group_name)) | |||
r1980 | response = self.app.get(route_path('user_groups_data'), | |||
extra_environ=xhr_header, status=200) | ||||
response.mustcontain('"name_raw": "{}"'.format(user_group_name)) | ||||