test_admin_user_groups.py
169 lines
| 6.0 KiB
| text/x-python
|
PythonLexer
r1980 | ||||
r4306 | # Copyright (C) 2010-2020 RhodeCode GmbH | |||
r1980 | # | |||
# This program is free software: you can redistribute it and/or modify | ||||
# it under the terms of the GNU Affero General Public License, version 3 | ||||
# (only), as published by the Free Software Foundation. | ||||
# | ||||
# This program is distributed in the hope that it will be useful, | ||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
# GNU General Public License for more details. | ||||
# | ||||
# You should have received a copy of the GNU Affero General Public License | ||||
# along with this program. If not, see <http://www.gnu.org/licenses/>. | ||||
# | ||||
# This program is dual-licensed. If you wish to learn more about the | ||||
# RhodeCode Enterprise Edition, including its added features, Support services, | ||||
# and proprietary license terms, please see https://rhodecode.com/licenses/ | ||||
import pytest | ||||
from rhodecode.model.db import UserGroup, User | ||||
from rhodecode.model.meta import Session | ||||
from rhodecode.tests import ( | ||||
TestController, TEST_USER_REGULAR_LOGIN, assert_session_flash) | ||||
from rhodecode.tests.fixture import Fixture | ||||
fixture = Fixture() | ||||
def route_path(name, params=None, **kwargs): | ||||
r4914 | import urllib.request, urllib.parse, urllib.error | |||
r1980 | from rhodecode.apps._base import ADMIN_PREFIX | |||
base_url = { | ||||
'user_groups': ADMIN_PREFIX + '/user_groups', | ||||
'user_groups_data': ADMIN_PREFIX + '/user_groups_data', | ||||
'user_group_members_data': ADMIN_PREFIX + '/user_groups/{user_group_id}/members', | ||||
r2068 | 'user_groups_new': ADMIN_PREFIX + '/user_groups/new', | |||
'user_groups_create': ADMIN_PREFIX + '/user_groups/create', | ||||
'edit_user_group': ADMIN_PREFIX + '/user_groups/{user_group_id}/edit', | ||||
r1980 | }[name].format(**kwargs) | |||
if params: | ||||
r4914 | base_url = '{}?{}'.format(base_url, urllib.parse.urlencode(params)) | |||
r1980 | return base_url | |||
class TestAdminUserGroupsView(TestController): | ||||
def test_show_users(self): | ||||
self.log_user() | ||||
self.app.get(route_path('user_groups')) | ||||
def test_show_user_groups_data(self, xhr_header): | ||||
self.log_user() | ||||
response = self.app.get(route_path( | ||||
'user_groups_data'), extra_environ=xhr_header) | ||||
all_user_groups = UserGroup.query().count() | ||||
assert response.json['recordsTotal'] == all_user_groups | ||||
def test_show_user_groups_data_filtered(self, xhr_header): | ||||
self.log_user() | ||||
response = self.app.get(route_path( | ||||
'user_groups_data', params={'search[value]': 'empty_search'}), | ||||
extra_environ=xhr_header) | ||||
all_user_groups = UserGroup.query().count() | ||||
assert response.json['recordsTotal'] == all_user_groups | ||||
assert response.json['recordsFiltered'] == 0 | ||||
def test_usergroup_escape(self, user_util, xhr_header): | ||||
self.log_user() | ||||
xss_img = '<img src="/image1" onload="alert(\'Hello, World!\');">' | ||||
user = user_util.create_user() | ||||
user.name = xss_img | ||||
user.lastname = xss_img | ||||
Session().add(user) | ||||
Session().commit() | ||||
user_group = user_util.create_user_group() | ||||
user_group.users_group_name = xss_img | ||||
user_group.user_group_description = '<strong onload="alert();">DESC</strong>' | ||||
response = self.app.get( | ||||
route_path('user_groups_data'), extra_environ=xhr_header) | ||||
response.mustcontain( | ||||
'<strong onload="alert();">DESC</strong>') | ||||
response.mustcontain( | ||||
'<img src="/image1" onload="' | ||||
'alert('Hello, World!');">') | ||||
def test_edit_user_group_autocomplete_empty_members(self, xhr_header, user_util): | ||||
self.log_user() | ||||
ug = user_util.create_user_group() | ||||
response = self.app.get( | ||||
route_path('user_group_members_data', user_group_id=ug.users_group_id), | ||||
extra_environ=xhr_header) | ||||
assert response.json == {'members': []} | ||||
def test_edit_user_group_autocomplete_members(self, xhr_header, user_util): | ||||
self.log_user() | ||||
members = [u.user_id for u in User.get_all()] | ||||
ug = user_util.create_user_group(members=members) | ||||
response = self.app.get( | ||||
r2068 | route_path('user_group_members_data', | |||
user_group_id=ug.users_group_id), | ||||
r1980 | extra_environ=xhr_header) | |||
assert len(response.json['members']) == len(members) | ||||
r2068 | ||||
def test_creation_page(self): | ||||
self.log_user() | ||||
self.app.get(route_path('user_groups_new'), status=200) | ||||
def test_create(self): | ||||
from rhodecode.lib import helpers as h | ||||
self.log_user() | ||||
users_group_name = 'test_user_group' | ||||
response = self.app.post(route_path('user_groups_create'), { | ||||
'users_group_name': users_group_name, | ||||
'user_group_description': 'DESC', | ||||
'active': True, | ||||
'csrf_token': self.csrf_token}) | ||||
user_group_id = UserGroup.get_by_group_name( | ||||
users_group_name).users_group_id | ||||
user_group_link = h.link_to( | ||||
users_group_name, | ||||
route_path('edit_user_group', user_group_id=user_group_id)) | ||||
assert_session_flash( | ||||
response, | ||||
'Created user group %s' % user_group_link) | ||||
fixture.destroy_user_group(users_group_name) | ||||
def test_create_with_empty_name(self): | ||||
self.log_user() | ||||
response = self.app.post(route_path('user_groups_create'), { | ||||
'users_group_name': '', | ||||
'user_group_description': 'DESC', | ||||
'active': True, | ||||
'csrf_token': self.csrf_token}, status=200) | ||||
response.mustcontain('Please enter a value') | ||||
def test_create_duplicate(self, user_util): | ||||
self.log_user() | ||||
user_group = user_util.create_user_group() | ||||
duplicate_name = user_group.users_group_name | ||||
response = self.app.post(route_path('user_groups_create'), { | ||||
'users_group_name': duplicate_name, | ||||
'user_group_description': 'DESC', | ||||
'active': True, | ||||
'csrf_token': self.csrf_token}, status=200) | ||||
response.mustcontain( | ||||
r2786 | 'User group `{}` already exists'.format(duplicate_name)) | |||