diff --git a/rhodecode/apps/repo_group/tests/test_repo_groups_permissions.py b/rhodecode/apps/repo_group/tests/test_repo_groups_permissions.py
--- a/rhodecode/apps/repo_group/tests/test_repo_groups_permissions.py
+++ b/rhodecode/apps/repo_group/tests/test_repo_groups_permissions.py
@@ -20,6 +20,8 @@
import pytest
+from rhodecode.tests.utils import permission_update_data_generator
+
def route_path(name, params=None, **kwargs):
import urllib
@@ -37,13 +39,48 @@ def route_path(name, params=None, **kwar
@pytest.mark.usefixtures("app")
-class TestRepoGroupsPermissionsView(object):
+class TestRepoGroupPermissionsView(object):
- def test_edit_repo_group_perms(self, user_util, autologin_user):
+ def test_edit_perms_view(self, user_util, autologin_user):
repo_group = user_util.create_repo_group()
+
self.app.get(
route_path('edit_repo_group_perms',
repo_group_name=repo_group.group_name), status=200)
- def test_update_permissions(self):
- pass
+ def test_update_permissions(self, csrf_token, user_util):
+ repo_group = user_util.create_repo_group()
+ repo_group_name = repo_group.group_name
+ user = user_util.create_user()
+ user_id = user.user_id
+ username = user.username
+
+ # grant new
+ form_data = permission_update_data_generator(
+ csrf_token,
+ default='group.write',
+ grant=[(user_id, 'group.write', username, 'user')])
+
+ # recursive flag required for repo groups
+ form_data.extend([('recursive', u'none')])
+
+ response = self.app.post(
+ route_path('edit_repo_group_perms_update',
+ repo_group_name=repo_group_name), form_data).follow()
+
+ assert 'Repository Group permissions updated' in response
+
+ # revoke given
+ form_data = permission_update_data_generator(
+ csrf_token,
+ default='group.read',
+ revoke=[(user_id, 'user')])
+
+ # recursive flag required for repo groups
+ form_data.extend([('recursive', u'none')])
+
+ response = self.app.post(
+ route_path('edit_repo_group_perms_update',
+ repo_group_name=repo_group_name), form_data).follow()
+
+ assert 'Repository Group permissions updated' in response
diff --git a/rhodecode/apps/repository/tests/test_repo_permissions.py b/rhodecode/apps/repository/tests/test_repo_permissions.py
new file mode 100644
--- /dev/null
+++ b/rhodecode/apps/repository/tests/test_repo_permissions.py
@@ -0,0 +1,77 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2010-2018 RhodeCode GmbH
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License, version 3
+# (only), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
+# This program is dual-licensed. If you wish to learn more about the
+# RhodeCode Enterprise Edition, including its added features, Support services,
+# and proprietary license terms, please see https://rhodecode.com/licenses/
+
+import pytest
+
+from rhodecode.tests.utils import permission_update_data_generator
+
+
+def route_path(name, params=None, **kwargs):
+ import urllib
+
+ base_url = {
+ 'edit_repo_perms': '/{repo_name}/settings/permissions'
+ # update is the same url
+ }[name].format(**kwargs)
+
+ if params:
+ base_url = '{}?{}'.format(base_url, urllib.urlencode(params))
+ return base_url
+
+
+@pytest.mark.usefixtures("app")
+class TestRepoPermissionsView(object):
+
+ def test_edit_perms_view(self, user_util, autologin_user):
+ repo = user_util.create_repo()
+ self.app.get(
+ route_path('edit_repo_perms',
+ repo_name=repo.repo_name), status=200)
+
+ def test_update_permissions(self, csrf_token, user_util):
+ repo = user_util.create_repo()
+ repo_name = repo.repo_name
+ user = user_util.create_user()
+ user_id = user.user_id
+ username = user.username
+
+ # grant new
+ form_data = permission_update_data_generator(
+ csrf_token,
+ default='repository.write',
+ grant=[(user_id, 'repository.write', username, 'user')])
+
+ response = self.app.post(
+ route_path('edit_repo_perms',
+ repo_name=repo_name), form_data).follow()
+
+ assert 'Repository permissions updated' in response
+
+ # revoke given
+ form_data = permission_update_data_generator(
+ csrf_token,
+ default='repository.read',
+ revoke=[(user_id, 'user')])
+
+ response = self.app.post(
+ route_path('edit_repo_perms',
+ repo_name=repo_name), form_data).follow()
+
+ assert 'Repository permissions updated' in response
diff --git a/rhodecode/apps/user_group/tests/test_user_groups_permissions.py b/rhodecode/apps/user_group/tests/test_user_groups_permissions.py
new file mode 100644
--- /dev/null
+++ b/rhodecode/apps/user_group/tests/test_user_groups_permissions.py
@@ -0,0 +1,80 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2010-2018 RhodeCode GmbH
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License, version 3
+# (only), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
+# This program is dual-licensed. If you wish to learn more about the
+# RhodeCode Enterprise Edition, including its added features, Support services,
+# and proprietary license terms, please see https://rhodecode.com/licenses/
+
+import pytest
+
+from rhodecode.tests.utils import permission_update_data_generator
+
+
+def route_path(name, params=None, **kwargs):
+ import urllib
+ from rhodecode.apps._base import ADMIN_PREFIX
+
+ base_url = {
+ 'edit_user_group_perms':
+ ADMIN_PREFIX + '/user_groups/{user_group_id}/edit/permissions',
+ 'edit_user_group_perms_update':
+ ADMIN_PREFIX + '/user_groups/{user_group_id}/edit/permissions/update',
+ }[name].format(**kwargs)
+
+ if params:
+ base_url = '{}?{}'.format(base_url, urllib.urlencode(params))
+ return base_url
+
+
+@pytest.mark.usefixtures("app")
+class TestUserGroupPermissionsView(object):
+
+ def test_edit_perms_view(self, user_util, autologin_user):
+ user_group = user_util.create_user_group()
+ self.app.get(
+ route_path('edit_user_group_perms',
+ user_group_id=user_group.users_group_id), status=200)
+
+ def test_update_permissions(self, csrf_token, user_util):
+ user_group = user_util.create_user_group()
+ user_group_id = user_group.users_group_id
+ user = user_util.create_user()
+ user_id = user.user_id
+ username = user.username
+
+ # grant new
+ form_data = permission_update_data_generator(
+ csrf_token,
+ default='usergroup.write',
+ grant=[(user_id, 'usergroup.write', username, 'user')])
+
+ response = self.app.post(
+ route_path('edit_user_group_perms_update',
+ user_group_id=user_group_id), form_data).follow()
+
+ assert 'User Group permissions updated' in response
+
+ # revoke given
+ form_data = permission_update_data_generator(
+ csrf_token,
+ default='usergroup.read',
+ revoke=[(user_id, 'user')])
+
+ response = self.app.post(
+ route_path('edit_user_group_perms_update',
+ user_group_id=user_group_id), form_data).follow()
+
+ assert 'User Group permissions updated' in response
diff --git a/rhodecode/model/repo.py b/rhodecode/model/repo.py
--- a/rhodecode/model/repo.py
+++ b/rhodecode/model/repo.py
@@ -547,14 +547,16 @@ class RepoModel(BaseModel):
# this updates also current one if found
self.grant_user_permission(
repo=repo, user=member_id, perm=perm)
- else: # set for user group
+ elif member_type == 'user_group':
# check if we have permissions to alter this usergroup
member_name = UserGroup.get(member_id).users_group_name
if not check_perms or HasUserGroupPermissionAny(
*req_perms)(member_name, user=cur_user):
self.grant_user_group_permission(
repo=repo, group_name=member_id, perm=perm)
-
+ else:
+ raise ValueError("member_type must be 'user' or 'user_group' "
+ "got {} instead".format(member_type))
changes['updated'].append({'type': member_type, 'id': member_id,
'name': member_name, 'new_perm': perm})
@@ -565,13 +567,17 @@ class RepoModel(BaseModel):
member_name = User.get(member_id).username
self.grant_user_permission(
repo=repo, user=member_id, perm=perm)
- else: # set for user group
+ elif member_type == 'user_group':
# check if we have permissions to alter this usergroup
member_name = UserGroup.get(member_id).users_group_name
if not check_perms or HasUserGroupPermissionAny(
*req_perms)(member_name, user=cur_user):
self.grant_user_group_permission(
repo=repo, group_name=member_id, perm=perm)
+ else:
+ raise ValueError("member_type must be 'user' or 'user_group' "
+ "got {} instead".format(member_type))
+
changes['added'].append({'type': member_type, 'id': member_id,
'name': member_name, 'new_perm': perm})
# delete permissions
@@ -580,13 +586,16 @@ class RepoModel(BaseModel):
if member_type == 'user':
member_name = User.get(member_id).username
self.revoke_user_permission(repo=repo, user=member_id)
- else: # set for user group
+ elif member_type == 'user_group':
# check if we have permissions to alter this usergroup
member_name = UserGroup.get(member_id).users_group_name
if not check_perms or HasUserGroupPermissionAny(
*req_perms)(member_name, user=cur_user):
self.revoke_user_group_permission(
repo=repo, group_name=member_id)
+ else:
+ raise ValueError("member_type must be 'user' or 'user_group' "
+ "got {} instead".format(member_type))
changes['deleted'].append({'type': member_type, 'id': member_id,
'name': member_name, 'new_perm': perm})
diff --git a/rhodecode/model/repo_group.py b/rhodecode/model/repo_group.py
--- a/rhodecode/model/repo_group.py
+++ b/rhodecode/model/repo_group.py
@@ -425,11 +425,14 @@ class RepoGroupModel(BaseModel):
member_name = User.get(member_id).username
# this updates also current one if found
_set_perm_user(obj, user=member_id, perm=perm)
- else: # set for user group
+ elif member_type == 'user_group':
member_name = UserGroup.get(member_id).users_group_name
if not check_perms or has_group_perm(member_name,
user=cur_user):
_set_perm_group(obj, users_group=member_id, perm=perm)
+ else:
+ raise ValueError("member_type must be 'user' or 'user_group' "
+ "got {} instead".format(member_type))
changes['updated'].append(
{'change_obj': change_obj, 'type': member_type,
@@ -441,12 +444,15 @@ class RepoGroupModel(BaseModel):
if member_type == 'user':
member_name = User.get(member_id).username
_set_perm_user(obj, user=member_id, perm=perm)
- else: # set for user group
+ elif member_type == 'user_group':
# check if we have permissions to alter this usergroup
member_name = UserGroup.get(member_id).users_group_name
if not check_perms or has_group_perm(member_name,
user=cur_user):
_set_perm_group(obj, users_group=member_id, perm=perm)
+ else:
+ raise ValueError("member_type must be 'user' or 'user_group' "
+ "got {} instead".format(member_type))
changes['added'].append(
{'change_obj': change_obj, 'type': member_type,
@@ -458,12 +464,15 @@ class RepoGroupModel(BaseModel):
if member_type == 'user':
member_name = User.get(member_id).username
_revoke_perm_user(obj, user=member_id)
- else: # set for user group
+ elif member_type == 'user_group':
# check if we have permissions to alter this usergroup
member_name = UserGroup.get(member_id).users_group_name
if not check_perms or has_group_perm(member_name,
user=cur_user):
_revoke_perm_group(obj, user_group=member_id)
+ else:
+ raise ValueError("member_type must be 'user' or 'user_group' "
+ "got {} instead".format(member_type))
changes['deleted'].append(
{'change_obj': change_obj, 'type': member_type,
diff --git a/rhodecode/model/user_group.py b/rhodecode/model/user_group.py
--- a/rhodecode/model/user_group.py
+++ b/rhodecode/model/user_group.py
@@ -90,13 +90,16 @@ class UserGroupModel(BaseModel):
self.grant_user_permission(
user_group=user_group, user=member_id, perm=perm
)
- else:
+ elif member_type == 'user_group':
# check if we have permissions to alter this usergroup
member_name = UserGroup.get(member_id).users_group_name
if not check_perms or HasUserGroupPermissionAny(
*req_perms)(member_name, user=cur_user):
self.grant_user_group_permission(
target_user_group=user_group, user_group=member_id, perm=perm)
+ else:
+ raise ValueError("member_type must be 'user' or 'user_group' "
+ "got {} instead".format(member_type))
changes['updated'].append({
'change_obj': change_obj,
@@ -110,13 +113,16 @@ class UserGroupModel(BaseModel):
member_name = User.get(member_id).username
self.grant_user_permission(
user_group=user_group, user=member_id, perm=perm)
- else:
+ elif member_type == 'user_group':
# check if we have permissions to alter this usergroup
member_name = UserGroup.get(member_id).users_group_name
if not check_perms or HasUserGroupPermissionAny(
*req_perms)(member_name, user=cur_user):
self.grant_user_group_permission(
target_user_group=user_group, user_group=member_id, perm=perm)
+ else:
+ raise ValueError("member_type must be 'user' or 'user_group' "
+ "got {} instead".format(member_type))
changes['added'].append({
'change_obj': change_obj,
@@ -129,13 +135,16 @@ class UserGroupModel(BaseModel):
if member_type == 'user':
member_name = User.get(member_id).username
self.revoke_user_permission(user_group=user_group, user=member_id)
- else:
+ elif member_type == 'user_group':
# check if we have permissions to alter this usergroup
member_name = UserGroup.get(member_id).users_group_name
if not check_perms or HasUserGroupPermissionAny(
*req_perms)(member_name, user=cur_user):
self.revoke_user_group_permission(
target_user_group=user_group, user_group=member_id)
+ else:
+ raise ValueError("member_type must be 'user' or 'user_group' "
+ "got {} instead".format(member_type))
changes['deleted'].append({
'change_obj': change_obj,
diff --git a/rhodecode/model/validators.py b/rhodecode/model/validators.py
--- a/rhodecode/model/validators.py
+++ b/rhodecode/model/validators.py
@@ -797,7 +797,7 @@ def ValidPerms(localizer, type_='repo'):
obj_type = k[0]
obj_id = k[7:]
update_type = {'u': 'user',
- 'g': 'users_group'}[obj_type]
+ 'g': 'user_group'}[obj_type]
if obj_type == 'u' and safe_int(obj_id) == default_user_id:
if str2bool(value.get('repo_private')):
@@ -827,7 +827,7 @@ def ValidPerms(localizer, type_='repo'):
User.query()\
.filter(User.active == true())\
.filter(User.user_id == member_id).one()
- if member_type == 'users_group':
+ if member_type == 'user_group':
UserGroup.query()\
.filter(UserGroup.users_group_active == true())\
.filter(UserGroup.users_group_id == member_id)\
diff --git a/rhodecode/tests/models/test_user_group_permissions_on_repo_groups.py b/rhodecode/tests/models/test_user_group_permissions_on_repo_groups.py
--- a/rhodecode/tests/models/test_user_group_permissions_on_repo_groups.py
+++ b/rhodecode/tests/models/test_user_group_permissions_on_repo_groups.py
@@ -48,7 +48,7 @@ def permissions_setup_func_orig(
repo_group = RepoGroup.get_by_group_name(group_name=group_name)
if not repo_group:
raise Exception('Cannot get group %s' % group_name)
- perm_updates = [[test_u2_gr_id, perm, 'users_group']]
+ perm_updates = [[test_u2_gr_id, perm, 'user_group']]
RepoGroupModel().update_permissions(repo_group,
perm_updates=perm_updates,
recursive=recursive, check_perms=False)
diff --git a/rhodecode/tests/utils.py b/rhodecode/tests/utils.py
--- a/rhodecode/tests/utils.py
+++ b/rhodecode/tests/utils.py
@@ -427,3 +427,32 @@ def commit_change(
f_path=filename
)
return commit
+
+
+def permission_update_data_generator(csrf_token, default=None, grant=None, revoke=None):
+ if not default:
+ raise ValueError('Permission for default user must be given')
+ form_data = [(
+ 'csrf_token', csrf_token
+ )]
+ # add default
+ form_data.extend([
+ ('u_perm_1', default)
+ ])
+
+ if grant:
+ for cnt, (obj_id, perm, obj_name, obj_type) in enumerate(grant, 1):
+ form_data.extend([
+ ('perm_new_member_perm_new{}'.format(cnt), perm),
+ ('perm_new_member_id_new{}'.format(cnt), obj_id),
+ ('perm_new_member_name_new{}'.format(cnt), obj_name),
+ ('perm_new_member_type_new{}'.format(cnt), obj_type),
+
+ ])
+ if revoke:
+ for obj_id, obj_type in revoke:
+ form_data.extend([
+ ('perm_del_member_id_{}'.format(obj_id), obj_id),
+ ('perm_del_member_type_{}'.format(obj_id), obj_type),
+ ])
+ return form_data