##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
security: fixed issues with exposing repository names using global PR redirection link...
security: fixed issues with exposing repository names using global PR redirection link logic. - Since redirect was created to repository which linked to the PR, users who didn't have permissions to those repos could still see the name in the url generated.
marcink - - Load All Authors

File last commit:

r3985:95009b08 default
r4044:573a1043 default
Show More
test_repo_permissions.py
77 lines | 2.6 KiB | text/x-python | PythonLexer
/ rhodecode / apps / repository / tests / test_repo_permissions.py
History | Source | Raw |Copy content |Copy permalink
marcink
tests: added tests for permission update views to catch obvious form errors.
 r2827 # -*- coding: utf-8 -*-
marcink
docs: updated copyrights to 2019
 r3363 # Copyright (C) 2010-2019 RhodeCode GmbH
marcink
tests: added tests for permission update views to catch obvious form errors.
 r2827 #
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# (only), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This program is dual-licensed. If you wish to learn more about the
# RhodeCode Enterprise Edition, including its added features, Support services,
# and proprietary license terms, please see https://rhodecode.com/licenses/
import pytest
from rhodecode.tests.utils import permission_update_data_generator
def route_path(name, params=None, **kwargs):
import urllib
base_url = {
'edit_repo_perms': '/{repo_name}/settings/permissions'
# update is the same url
}[name].format(**kwargs)
if params:
base_url = '{}?{}'.format(base_url, urllib.urlencode(params))
return base_url
@pytest.mark.usefixtures("app")
class TestRepoPermissionsView(object):
def test_edit_perms_view(self, user_util, autologin_user):
repo = user_util.create_repo()
self.app.get(
route_path('edit_repo_perms',
repo_name=repo.repo_name), status=200)
def test_update_permissions(self, csrf_token, user_util):
repo = user_util.create_repo()
repo_name = repo.repo_name
user = user_util.create_user()
user_id = user.user_id
username = user.username
# grant new
form_data = permission_update_data_generator(
csrf_token,
default='repository.write',
grant=[(user_id, 'repository.write', username, 'user')])
response = self.app.post(
route_path('edit_repo_perms',
repo_name=repo_name), form_data).follow()
marcink
permissions: rename repository permissions to mention those are access permissions....
 r3985 assert 'Repository access permissions updated' in response
marcink
tests: added tests for permission update views to catch obvious form errors.
 r2827
# revoke given
form_data = permission_update_data_generator(
csrf_token,
default='repository.read',
revoke=[(user_id, 'user')])
response = self.app.post(
route_path('edit_repo_perms',
repo_name=repo_name), form_data).follow()
marcink
permissions: rename repository permissions to mention those are access permissions....
 r3985 assert 'Repository access permissions updated' in response