test_delegated_admin.py
132 lines
| 5.4 KiB
| text/x-python
|
PythonLexer
| r5087 | ||||
| r1443 | ||||
| r5088 | # Copyright (C) 2016-2023 RhodeCode GmbH | |||
| r1443 | # | |||
| # This program is free software: you can redistribute it and/or modify | ||||
| # it under the terms of the GNU Affero General Public License, version 3 | ||||
| # (only), as published by the Free Software Foundation. | ||||
| # | ||||
| # This program is distributed in the hope that it will be useful, | ||||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
| # GNU General Public License for more details. | ||||
| # | ||||
| # You should have received a copy of the GNU Affero General Public License | ||||
| # along with this program. If not, see <http://www.gnu.org/licenses/>. | ||||
| # | ||||
| # This program is dual-licensed. If you wish to learn more about the | ||||
| # RhodeCode Enterprise Edition, including its added features, Support services, | ||||
| # and proprietary license terms, please see https://rhodecode.com/licenses/ | ||||
| import pytest | ||||
| r2175 | from rhodecode.tests import TestController | |||
| r1443 | from rhodecode.tests.fixture import Fixture | |||
| r5173 | from rhodecode.tests.routes import route_path | |||
| r1980 | ||||
| r1443 | fixture = Fixture() | |||
| r1980 | class TestAdminDelegatedUser(TestController): | |||
| r1774 | ||||
| r3609 | def test_regular_user_cannot_see_admin_interfaces(self, user_util, xhr_header): | |||
| r1443 | user = user_util.create_user(password='qweqwe') | |||
| r3609 | user_util.inherit_default_user_permissions(user.username, False) | |||
| r1443 | self.log_user(user.username, 'qweqwe') | |||
| r3609 | # user doesn't have any access to resources so main admin page should 404 | |||
| self.app.get(route_path('admin_home'), status=404) | ||||
| r1443 | ||||
| r4151 | response = self.app.get(route_path('repos_data'), | |||
| status=200, extra_environ=xhr_header) | ||||
| assert response.json['data'] == [] | ||||
| r1443 | ||||
| r3623 | response = self.app.get(route_path('repo_groups_data'), | |||
| status=200, extra_environ=xhr_header) | ||||
| assert response.json['data'] == [] | ||||
| r1443 | ||||
| r1980 | response = self.app.get(route_path('user_groups_data'), | |||
| status=200, extra_environ=xhr_header) | ||||
| assert response.json['data'] == [] | ||||
| r1443 | ||||
| r3609 | def test_regular_user_can_see_admin_interfaces_if_owner(self, user_util, xhr_header): | |||
| r1443 | user = user_util.create_user(password='qweqwe') | |||
| username = user.username | ||||
| repo = user_util.create_repo(owner=username) | ||||
| repo_name = repo.repo_name | ||||
| repo_group = user_util.create_repo_group(owner=username) | ||||
| repo_group_name = repo_group.group_name | ||||
| user_group = user_util.create_user_group(owner=username) | ||||
| user_group_name = user_group.users_group_name | ||||
| self.log_user(username, 'qweqwe') | ||||
| r3609 | ||||
| response = self.app.get(route_path('admin_home')) | ||||
| r1443 | ||||
| assert_response = response.assert_response() | ||||
| r3609 | assert_response.element_contains('td.delegated-admin-repos', '1') | |||
| assert_response.element_contains('td.delegated-admin-repo-groups', '1') | ||||
| assert_response.element_contains('td.delegated-admin-user-groups', '1') | ||||
| r1443 | ||||
| # admin interfaces have visible elements | ||||
| r4151 | response = self.app.get(route_path('repos_data'), | |||
| extra_environ=xhr_header, status=200) | ||||
| response.mustcontain('<a href=\\"/{}\\">'.format(repo_name)) | ||||
| r1443 | ||||
| r3623 | response = self.app.get(route_path('repo_groups_data'), | |||
| extra_environ=xhr_header, status=200) | ||||
| r4151 | response.mustcontain('<a href=\\"/{}\\">'.format(repo_group_name)) | |||
| r1443 | ||||
| r1980 | response = self.app.get(route_path('user_groups_data'), | |||
| extra_environ=xhr_header, status=200) | ||||
| r4151 | response.mustcontain('<a href=\\"/_profile_user_group/{}\\">'.format(user_group_name)) | |||
| r1443 | ||||
| r1980 | def test_regular_user_can_see_admin_interfaces_if_admin_perm( | |||
| self, user_util, xhr_header): | ||||
| r1443 | user = user_util.create_user(password='qweqwe') | |||
| username = user.username | ||||
| repo = user_util.create_repo() | ||||
| repo_name = repo.repo_name | ||||
| repo_group = user_util.create_repo_group() | ||||
| repo_group_name = repo_group.group_name | ||||
| user_group = user_util.create_user_group() | ||||
| user_group_name = user_group.users_group_name | ||||
| user_util.grant_user_permission_to_repo( | ||||
| repo, user, 'repository.admin') | ||||
| user_util.grant_user_permission_to_repo_group( | ||||
| repo_group, user, 'group.admin') | ||||
| user_util.grant_user_permission_to_user_group( | ||||
| user_group, user, 'usergroup.admin') | ||||
| self.log_user(username, 'qweqwe') | ||||
| # check if in home view, such user doesn't see the "admin" menus | ||||
| r3609 | response = self.app.get(route_path('admin_home')) | |||
| r1443 | ||||
| assert_response = response.assert_response() | ||||
| r3609 | assert_response.element_contains('td.delegated-admin-repos', '1') | |||
| assert_response.element_contains('td.delegated-admin-repo-groups', '1') | ||||
| assert_response.element_contains('td.delegated-admin-user-groups', '1') | ||||
| r1443 | ||||
| # admin interfaces have visible elements | ||||
| r4151 | response = self.app.get(route_path('repos_data'), | |||
| extra_environ=xhr_header, status=200) | ||||
| response.mustcontain('<a href=\\"/{}\\">'.format(repo_name)) | ||||
| r1443 | ||||
| r3623 | response = self.app.get(route_path('repo_groups_data'), | |||
| extra_environ=xhr_header, status=200) | ||||
| r4151 | response.mustcontain('<a href=\\"/{}\\">'.format(repo_group_name)) | |||
| r1443 | ||||
| r1980 | response = self.app.get(route_path('user_groups_data'), | |||
| extra_environ=xhr_header, status=200) | ||||
| r4151 | response.mustcontain('<a href=\\"/_profile_user_group/{}\\">'.format(user_group_name)) | |||
