##// END OF EJS Templates
tests: fixing permissions tests for new password reset options
lisaq -
r1035:47e0bbeb default
parent child Browse files
Show More
@@ -1,84 +1,83 b''
1 1 ## -*- coding: utf-8 -*-
2 2 <%inherit file="base/root.html"/>
3 3
4 4 <%def name="title()">
5 5 ${_('Sign In')}
6 6 %if c.rhodecode_name:
7 7 &middot; ${h.branding(c.rhodecode_name)}
8 8 %endif
9 9 </%def>
10 10
11 11 <style>body{background-color:#eeeeee;}</style>
12 12 <div class="loginbox">
13 13 <div class="header">
14 14 <div id="header-inner" class="title">
15 15 <div id="logo">
16 16 <div class="logo-wrapper">
17 17 <a href="${h.url('home')}"><img src="${h.asset('images/rhodecode-logo-white-216x60.png')}" alt="RhodeCode"/></a>
18 18 </div>
19 19 %if c.rhodecode_name:
20 20 <div class="branding"> ${h.branding(c.rhodecode_name)}</div>
21 21 %endif
22 22 </div>
23 23 </div>
24 24 </div>
25 25
26 26 <div class="loginwrapper">
27 27 <div class="left-column">
28 28 <img class="sign-in-image" src="${h.asset('images/sign-in.png')}" alt="RhodeCode"/>
29 29 </div>
30 30 <%block name="above_login_button" />
31 31 <div id="login" class="right-column">
32 32 <!-- login -->
33 33 <div class="sign-in-title">
34 34 <h1>${_('Sign In')}</h1>
35 35 %if h.HasPermissionAny('hg.admin', 'hg.register.auto_activate', 'hg.register.manual_activate')():
36 36 <h4>${h.link_to(_("Go to the registration page to create a new account."), request.route_path('register'))}</h4>
37 37 %endif
38 38 </div>
39 39 <div class="inner form">
40 40 ${h.form(request.route_path('login', _query={'came_from': came_from}), needs_csrf_token=False)}
41 41
42 42 <label for="username">${_('Username')}:</label>
43 43 ${h.text('username', class_='focus', value=defaults.get('username'))}
44 44 %if 'username' in errors:
45 45 <span class="error-message">${errors.get('username')}</span>
46 46 <br />
47 47 %endif
48 48
49 49 <label for="password">${_('Password')}:</label>
50 50 ${h.password('password', class_='focus')}
51 51 %if 'password' in errors:
52 52 <span class="error-message">${errors.get('password')}</span>
53 53 <br />
54 54 %endif
55 55
56 56 ${h.checkbox('remember', value=True, checked=defaults.get('remember'))}
57 57 <label class="checkbox" for="remember">${_('Remember me')}</label>
58 58
59
60 %if h.HasPermissionAny('hg.password_reset.enable')():
59 %if h.HasPermissionAny('hg.password_reset.enabled')():
61 60 <p class="links">
62 ${h.link_to(_('Forgot your password?'), h.route_path('reset_password'))}
61 ${h.link_to(_('Forgot your password?'), h.route_path('reset_password'), class_='pwd_reset')}
63 62 </p>
64 63 %elif h.HasPermissionAny('hg.password_reset.hidden')():
65 64 <p class="help-block">
66 65 ${_('Contact an administrator if you have forgotten your password.')}
67 66 </p>
68 67 %endif
69 68
70 69
71 70 ${h.submit('sign_in', _('Sign In'), class_="btn sign-in")}
72 71
73 72 ${h.end_form()}
74 73 <script type="text/javascript">
75 74 $(document).ready(function(){
76 75 $('#username').focus();
77 76 })
78 77 </script>
79 78 </div>
80 79 <!-- end login -->
81 80 <%block name="below_login_button" />
82 81 </div>
83 82 </div>
84 83 </div>
@@ -1,209 +1,210 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2016 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 import pytest
22 22 from rhodecode.model.db import User, UserIpMap
23 23 from rhodecode.model.permission import PermissionModel
24 24 from rhodecode.tests import (
25 25 TestController, url, clear_all_caches, assert_session_flash)
26 26
27 27
28 28 class TestAdminPermissionsController(TestController):
29 29
30 30 @pytest.fixture(scope='class', autouse=True)
31 31 def prepare(self, request):
32 32 # cleanup and reset to default permissions after
33 33 @request.addfinalizer
34 34 def cleanup():
35 35 PermissionModel().create_default_user_permissions(
36 36 User.get_default_user(), force=True)
37 37
38 38 def test_index_application(self):
39 39 self.log_user()
40 40 self.app.get(url('admin_permissions_application'))
41 41
42 42 @pytest.mark.parametrize(
43 'anonymous, default_register, default_register_message,'
43 'anonymous, default_register, default_register_message, default_password_reset,'
44 44 'default_extern_activate, expect_error, expect_form_error', [
45 (True, 'hg.register.none', '', 'hg.extern_activate.manual',
45 (True, 'hg.register.none', '', 'hg.password_reset.enabled', 'hg.extern_activate.manual',
46 46 False, False),
47 (True, 'hg.register.manual_activate', '', 'hg.extern_activate.auto',
47 (True, 'hg.register.manual_activate', '', 'hg.password_reset.enabled', 'hg.extern_activate.auto',
48 48 False, False),
49 (True, 'hg.register.auto_activate', '', 'hg.extern_activate.manual',
49 (True, 'hg.register.auto_activate', '', 'hg.password_reset.enabled', 'hg.extern_activate.manual',
50 50 False, False),
51 (True, 'hg.register.auto_activate', '', 'hg.extern_activate.manual',
51 (True, 'hg.register.auto_activate', '', 'hg.password_reset.enabled', 'hg.extern_activate.manual',
52 52 False, False),
53 (True, 'hg.register.XXX', '', 'hg.extern_activate.manual',
53 (True, 'hg.register.XXX', '', 'hg.password_reset.enabled', 'hg.extern_activate.manual',
54 54 False, True),
55 (True, '', '', '', True, False),
55 (True, '', '', 'hg.password_reset.enabled', '', True, False),
56 56 ])
57 57 def test_update_application_permissions(
58 self, anonymous, default_register, default_register_message,
58 self, anonymous, default_register, default_register_message, default_password_reset,
59 59 default_extern_activate, expect_error, expect_form_error):
60 60
61 61 self.log_user()
62 62
63 63 # TODO: anonymous access set here to False, breaks some other tests
64 64 params = {
65 65 'csrf_token': self.csrf_token,
66 66 'anonymous': anonymous,
67 67 'default_register': default_register,
68 68 'default_register_message': default_register_message,
69 'default_password_reset': default_password_reset,
69 70 'default_extern_activate': default_extern_activate,
70 71 }
71 72 response = self.app.post(url('admin_permissions_application'),
72 73 params=params)
73 74 if expect_form_error:
74 75 assert response.status_int == 200
75 76 response.mustcontain('Value must be one of')
76 77 else:
77 78 if expect_error:
78 79 msg = 'Error occurred during update of permissions'
79 80 else:
80 81 msg = 'Application permissions updated successfully'
81 82 assert_session_flash(response, msg)
82 83
83 84 def test_index_object(self):
84 85 self.log_user()
85 86 self.app.get(url('admin_permissions_object'))
86 87
87 88 @pytest.mark.parametrize(
88 89 'repo, repo_group, user_group, expect_error, expect_form_error', [
89 90 ('repository.none', 'group.none', 'usergroup.none', False, False),
90 91 ('repository.read', 'group.read', 'usergroup.read', False, False),
91 92 ('repository.write', 'group.write', 'usergroup.write',
92 93 False, False),
93 94 ('repository.admin', 'group.admin', 'usergroup.admin',
94 95 False, False),
95 96 ('repository.XXX', 'group.admin', 'usergroup.admin', False, True),
96 97 ('', '', '', True, False),
97 98 ])
98 99 def test_update_object_permissions(self, repo, repo_group, user_group,
99 100 expect_error, expect_form_error):
100 101 self.log_user()
101 102
102 103 params = {
103 104 'csrf_token': self.csrf_token,
104 105 'default_repo_perm': repo,
105 106 'overwrite_default_repo': False,
106 107 'default_group_perm': repo_group,
107 108 'overwrite_default_group': False,
108 109 'default_user_group_perm': user_group,
109 110 'overwrite_default_user_group': False,
110 111 }
111 112 response = self.app.post(url('admin_permissions_object'),
112 113 params=params)
113 114 if expect_form_error:
114 115 assert response.status_int == 200
115 116 response.mustcontain('Value must be one of')
116 117 else:
117 118 if expect_error:
118 119 msg = 'Error occurred during update of permissions'
119 120 else:
120 121 msg = 'Object permissions updated successfully'
121 122 assert_session_flash(response, msg)
122 123
123 124 def test_index_global(self):
124 125 self.log_user()
125 126 self.app.get(url('admin_permissions_global'))
126 127
127 128 @pytest.mark.parametrize(
128 129 'repo_create, repo_create_write, user_group_create, repo_group_create,'
129 130 'fork_create, inherit_default_permissions, expect_error,'
130 131 'expect_form_error', [
131 132 ('hg.create.none', 'hg.create.write_on_repogroup.false',
132 133 'hg.usergroup.create.false', 'hg.repogroup.create.false',
133 134 'hg.fork.none', 'hg.inherit_default_perms.false', False, False),
134 135 ('hg.create.repository', 'hg.create.write_on_repogroup.true',
135 136 'hg.usergroup.create.true', 'hg.repogroup.create.true',
136 137 'hg.fork.repository', 'hg.inherit_default_perms.false',
137 138 False, False),
138 139 ('hg.create.XXX', 'hg.create.write_on_repogroup.true',
139 140 'hg.usergroup.create.true', 'hg.repogroup.create.true',
140 141 'hg.fork.repository', 'hg.inherit_default_perms.false',
141 142 False, True),
142 143 ('', '', '', '', '', '', True, False),
143 144 ])
144 145 def test_update_global_permissions(
145 146 self, repo_create, repo_create_write, user_group_create,
146 147 repo_group_create, fork_create, inherit_default_permissions,
147 148 expect_error, expect_form_error):
148 149 self.log_user()
149 150
150 151 params = {
151 152 'csrf_token': self.csrf_token,
152 153 'default_repo_create': repo_create,
153 154 'default_repo_create_on_write': repo_create_write,
154 155 'default_user_group_create': user_group_create,
155 156 'default_repo_group_create': repo_group_create,
156 157 'default_fork_create': fork_create,
157 158 'default_inherit_default_permissions': inherit_default_permissions
158 159 }
159 160 response = self.app.post(url('admin_permissions_global'),
160 161 params=params)
161 162 if expect_form_error:
162 163 assert response.status_int == 200
163 164 response.mustcontain('Value must be one of')
164 165 else:
165 166 if expect_error:
166 167 msg = 'Error occurred during update of permissions'
167 168 else:
168 169 msg = 'Global permissions updated successfully'
169 170 assert_session_flash(response, msg)
170 171
171 172 def test_index_ips(self):
172 173 self.log_user()
173 174 response = self.app.get(url('admin_permissions_ips'))
174 175 # TODO: Test response...
175 176 response.mustcontain('All IP addresses are allowed')
176 177
177 178 def test_add_delete_ips(self):
178 179 self.log_user()
179 180 clear_all_caches()
180 181
181 182 # ADD
182 183 default_user_id = User.get_default_user().user_id
183 184 response = self.app.post(
184 185 url('edit_user_ips', user_id=default_user_id),
185 186 params={'new_ip': '127.0.0.0/24', '_method': 'put',
186 187 'csrf_token': self.csrf_token})
187 188
188 189 response = self.app.get(url('admin_permissions_ips'))
189 190 response.mustcontain('127.0.0.0/24')
190 191 response.mustcontain('127.0.0.0 - 127.0.0.255')
191 192
192 193 # DELETE
193 194 default_user_id = User.get_default_user().user_id
194 195 del_ip_id = UserIpMap.query().filter(UserIpMap.user_id ==
195 196 default_user_id).first().ip_id
196 197
197 198 response = self.app.post(
198 199 url('edit_user_ips', user_id=default_user_id),
199 200 params={'_method': 'delete', 'del_ip_id': del_ip_id,
200 201 'csrf_token': self.csrf_token})
201 202 clear_all_caches()
202 203 response = self.app.get(url('admin_permissions_ips'))
203 204 response.mustcontain('All IP addresses are allowed')
204 205 response.mustcontain(no=['127.0.0.0/24'])
205 206 response.mustcontain(no=['127.0.0.0 - 127.0.0.255'])
206 207
207 208 def test_index_overview(self):
208 209 self.log_user()
209 210 self.app.get(url('admin_permissions_overview'))
@@ -1,692 +1,695 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2016 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 import pytest
22 22
23 23 from rhodecode.lib.auth import AuthUser
24 24 from rhodecode.model.db import (
25 25 RepoGroup, User, UserGroupRepoGroupToPerm, Permission, UserToPerm,
26 26 UserGroupToPerm)
27 27 from rhodecode.model.meta import Session
28 28 from rhodecode.model.permission import PermissionModel
29 29 from rhodecode.model.repo import RepoModel
30 30 from rhodecode.model.repo_group import RepoGroupModel
31 31 from rhodecode.model.user import UserModel
32 32 from rhodecode.model.user_group import UserGroupModel
33 33 from rhodecode.tests.fixture import Fixture
34 34
35 35
36 36 fixture = Fixture()
37 37
38 38
39 39 @pytest.fixture
40 40 def repo_name(backend_hg):
41 41 return backend_hg.repo_name
42 42
43 43
44 44 class TestPermissions(object):
45 45
46 46 @pytest.fixture(scope='class', autouse=True)
47 47 def default_permissions(self, request, pylonsapp):
48 48 # recreate default user to get a clean start
49 49 PermissionModel().create_default_user_permissions(
50 50 user=User.DEFAULT_USER, force=True)
51 51 Session().commit()
52 52
53 53 @pytest.fixture(autouse=True)
54 54 def prepare_users(self, request):
55 55 # TODO: User creation is a duplicate of test_nofitications, check
56 56 # if that can be unified
57 57 self.u1 = UserModel().create_or_update(
58 58 username=u'u1', password=u'qweqwe',
59 59 email=u'u1@rhodecode.org', firstname=u'u1', lastname=u'u1'
60 60 )
61 61 self.u2 = UserModel().create_or_update(
62 62 username=u'u2', password=u'qweqwe',
63 63 email=u'u2@rhodecode.org', firstname=u'u2', lastname=u'u2'
64 64 )
65 65 self.u3 = UserModel().create_or_update(
66 66 username=u'u3', password=u'qweqwe',
67 67 email=u'u3@rhodecode.org', firstname=u'u3', lastname=u'u3'
68 68 )
69 69 self.anon = User.get_default_user()
70 70 self.a1 = UserModel().create_or_update(
71 71 username=u'a1', password=u'qweqwe',
72 72 email=u'a1@rhodecode.org', firstname=u'a1', lastname=u'a1',
73 73 admin=True
74 74 )
75 75 Session().commit()
76 76
77 77 request.addfinalizer(self.cleanup)
78 78
79 79 def cleanup(self):
80 80 if hasattr(self, 'test_repo'):
81 81 RepoModel().delete(repo=self.test_repo)
82 82
83 83 if hasattr(self, 'g1'):
84 84 RepoGroupModel().delete(self.g1.group_id)
85 85 if hasattr(self, 'g2'):
86 86 RepoGroupModel().delete(self.g2.group_id)
87 87
88 88 UserModel().delete(self.u1)
89 89 UserModel().delete(self.u2)
90 90 UserModel().delete(self.u3)
91 91 UserModel().delete(self.a1)
92 92
93 93 if hasattr(self, 'ug1'):
94 94 UserGroupModel().delete(self.ug1, force=True)
95 95
96 96 Session().commit()
97 97
98 98 def test_default_perms_set(self, repo_name):
99 99 assert repo_perms(self.u1)[repo_name] == 'repository.read'
100 100 new_perm = 'repository.write'
101 101 RepoModel().grant_user_permission(repo=repo_name, user=self.u1,
102 102 perm=new_perm)
103 103 Session().commit()
104 104 assert repo_perms(self.u1)[repo_name] == new_perm
105 105
106 106 def test_default_admin_perms_set(self, repo_name):
107 107 assert repo_perms(self.a1)[repo_name] == 'repository.admin'
108 108 RepoModel().grant_user_permission(repo=repo_name, user=self.a1,
109 109 perm='repository.write')
110 110 Session().commit()
111 111 # cannot really downgrade admins permissions !? they still gets set as
112 112 # admin !
113 113 assert repo_perms(self.a1)[repo_name] == 'repository.admin'
114 114
115 115 def test_default_group_perms(self, repo_name):
116 116 self.g1 = fixture.create_repo_group('test1', skip_if_exists=True)
117 117 self.g2 = fixture.create_repo_group('test2', skip_if_exists=True)
118 118
119 119 assert repo_perms(self.u1)[repo_name] == 'repository.read'
120 120 assert group_perms(self.u1) == {
121 121 'test1': 'group.read', 'test2': 'group.read'}
122 122 assert global_perms(self.u1) == set(
123 123 Permission.DEFAULT_USER_PERMISSIONS)
124 124
125 125 def test_default_admin_group_perms(self, repo_name):
126 126 self.g1 = fixture.create_repo_group('test1', skip_if_exists=True)
127 127 self.g2 = fixture.create_repo_group('test2', skip_if_exists=True)
128 128
129 129 assert repo_perms(self.a1)[repo_name] == 'repository.admin'
130 130 assert group_perms(self.a1) == {
131 131 'test1': 'group.admin', 'test2': 'group.admin'}
132 132
133 133 def test_default_owner_group_perms(self):
134 134 # "u1" shall be owner without any special permission assigned
135 135 self.g1 = fixture.create_repo_group('test1')
136 136 assert group_perms(self.u1) == {'test1': 'group.read'}
137 137
138 138 # Make him owner, but do not add any special permissions
139 139 self.g1.user = self.u1
140 140 assert group_perms(self.u1) == {'test1': 'group.admin'}
141 141
142 142 def test_propagated_permission_from_users_group_by_explicit_perms_exist(
143 143 self, repo_name):
144 144 # make group
145 145 self.ug1 = fixture.create_user_group('G1')
146 146 UserGroupModel().add_user_to_group(self.ug1, self.u1)
147 147
148 148 # set permission to lower
149 149 new_perm = 'repository.none'
150 150 RepoModel().grant_user_permission(
151 151 repo=repo_name, user=self.u1, perm=new_perm)
152 152 Session().commit()
153 153 assert repo_perms(self.u1)[repo_name] == new_perm
154 154
155 155 # grant perm for group this should not override permission from user
156 156 # since it has explicitly set
157 157 new_perm_gr = 'repository.write'
158 158 RepoModel().grant_user_group_permission(
159 159 repo=repo_name, group_name=self.ug1, perm=new_perm_gr)
160 160
161 161 assert repo_perms(self.u1)[repo_name] == new_perm
162 162 assert group_perms(self.u1) == {}
163 163
164 164 def test_propagated_permission_from_users_group(self, repo_name):
165 165 # make group
166 166 self.ug1 = fixture.create_user_group('G1')
167 167 UserGroupModel().add_user_to_group(self.ug1, self.u3)
168 168
169 169 # grant perm for group
170 170 # this should override default permission from user
171 171 new_perm_gr = 'repository.write'
172 172 RepoModel().grant_user_group_permission(
173 173 repo=repo_name, group_name=self.ug1, perm=new_perm_gr)
174 174
175 175 assert repo_perms(self.u3)[repo_name] == new_perm_gr
176 176 assert group_perms(self.u3) == {}
177 177
178 178 def test_propagated_permission_from_users_group_lower_weight(
179 179 self, repo_name):
180 180 # make group with user
181 181 self.ug1 = fixture.create_user_group('G1')
182 182 UserGroupModel().add_user_to_group(self.ug1, self.u1)
183 183
184 184 # set permission to lower
185 185 new_perm_h = 'repository.write'
186 186 RepoModel().grant_user_permission(
187 187 repo=repo_name, user=self.u1, perm=new_perm_h)
188 188 Session().commit()
189 189
190 190 assert repo_perms(self.u1)[repo_name] == new_perm_h
191 191
192 192 # grant perm for group this should NOT override permission from user
193 193 # since it's lower than granted
194 194 new_perm_l = 'repository.read'
195 195 RepoModel().grant_user_group_permission(
196 196 repo=repo_name, group_name=self.ug1, perm=new_perm_l)
197 197
198 198 assert repo_perms(self.u1)[repo_name] == new_perm_h
199 199 assert group_perms(self.u1) == {}
200 200
201 201 def test_repo_in_group_permissions(self):
202 202 self.g1 = fixture.create_repo_group('group1', skip_if_exists=True)
203 203 self.g2 = fixture.create_repo_group('group2', skip_if_exists=True)
204 204 # both perms should be read !
205 205 assert group_perms(self.u1) == \
206 206 {u'group1': u'group.read', u'group2': u'group.read'}
207 207
208 208 assert group_perms(self.anon) == \
209 209 {u'group1': u'group.read', u'group2': u'group.read'}
210 210
211 211 # Change perms to none for both groups
212 212 RepoGroupModel().grant_user_permission(
213 213 repo_group=self.g1, user=self.anon, perm='group.none')
214 214 RepoGroupModel().grant_user_permission(
215 215 repo_group=self.g2, user=self.anon, perm='group.none')
216 216
217 217 assert group_perms(self.u1) == \
218 218 {u'group1': u'group.none', u'group2': u'group.none'}
219 219 assert group_perms(self.anon) == \
220 220 {u'group1': u'group.none', u'group2': u'group.none'}
221 221
222 222 # add repo to group
223 223 name = RepoGroup.url_sep().join([self.g1.group_name, 'test_perm'])
224 224 self.test_repo = fixture.create_repo(name=name,
225 225 repo_type='hg',
226 226 repo_group=self.g1,
227 227 cur_user=self.u1,)
228 228
229 229 assert group_perms(self.u1) == \
230 230 {u'group1': u'group.none', u'group2': u'group.none'}
231 231 assert group_perms(self.anon) == \
232 232 {u'group1': u'group.none', u'group2': u'group.none'}
233 233
234 234 # grant permission for u2 !
235 235 RepoGroupModel().grant_user_permission(
236 236 repo_group=self.g1, user=self.u2, perm='group.read')
237 237 RepoGroupModel().grant_user_permission(
238 238 repo_group=self.g2, user=self.u2, perm='group.read')
239 239 Session().commit()
240 240 assert self.u1 != self.u2
241 241
242 242 # u1 and anon should have not change perms while u2 should !
243 243 assert group_perms(self.u1) == \
244 244 {u'group1': u'group.none', u'group2': u'group.none'}
245 245 assert group_perms(self.u2) == \
246 246 {u'group1': u'group.read', u'group2': u'group.read'}
247 247 assert group_perms(self.anon) == \
248 248 {u'group1': u'group.none', u'group2': u'group.none'}
249 249
250 250 def test_repo_group_user_as_user_group_member(self):
251 251 # create Group1
252 252 self.g1 = fixture.create_repo_group('group1', skip_if_exists=True)
253 253 assert group_perms(self.anon) == {u'group1': u'group.read'}
254 254
255 255 # set default permission to none
256 256 RepoGroupModel().grant_user_permission(
257 257 repo_group=self.g1, user=self.anon, perm='group.none')
258 258 # make group
259 259 self.ug1 = fixture.create_user_group('G1')
260 260 # add user to group
261 261 UserGroupModel().add_user_to_group(self.ug1, self.u1)
262 262 Session().commit()
263 263
264 264 # check if user is in the group
265 265 ug1 = UserGroupModel().get(self.ug1.users_group_id)
266 266 members = [x.user_id for x in ug1.members]
267 267 assert members == [self.u1.user_id]
268 268 # add some user to that group
269 269
270 270 # check his permissions
271 271 assert group_perms(self.anon) == {u'group1': u'group.none'}
272 272 assert group_perms(self.u1) == {u'group1': u'group.none'}
273 273
274 274 # grant ug1 read permissions for
275 275 RepoGroupModel().grant_user_group_permission(
276 276 repo_group=self.g1, group_name=self.ug1, perm='group.read')
277 277 Session().commit()
278 278
279 279 # check if the
280 280 obj = Session().query(UserGroupRepoGroupToPerm)\
281 281 .filter(UserGroupRepoGroupToPerm.group == self.g1)\
282 282 .filter(UserGroupRepoGroupToPerm.users_group == self.ug1)\
283 283 .scalar()
284 284 assert obj.permission.permission_name == 'group.read'
285 285
286 286 assert group_perms(self.anon) == {u'group1': u'group.none'}
287 287 assert group_perms(self.u1) == {u'group1': u'group.read'}
288 288
289 289 def test_inherited_permissions_from_default_on_user_enabled(self):
290 290 # enable fork and create on default user
291 291 _form_result = {
292 292 'default_repo_create': 'hg.create.repository',
293 293 'default_fork_create': 'hg.fork.repository'
294 294 }
295 295 PermissionModel().set_new_user_perms(
296 296 User.get_default_user(), _form_result)
297 297 Session().commit()
298 298
299 299 # make sure inherit flag is turned on
300 300 self.u1.inherit_default_permissions = True
301 301 Session().commit()
302 302
303 303 # this user will have inherited permissions from default user
304 304 assert global_perms(self.u1) == default_perms()
305 305
306 306 def test_inherited_permissions_from_default_on_user_disabled(self):
307 307 # disable fork and create on default user
308 308 _form_result = {
309 309 'default_repo_create': 'hg.create.none',
310 310 'default_fork_create': 'hg.fork.none'
311 311 }
312 312 PermissionModel().set_new_user_perms(
313 313 User.get_default_user(), _form_result)
314 314 Session().commit()
315 315
316 316 # make sure inherit flag is turned on
317 317 self.u1.inherit_default_permissions = True
318 318 Session().commit()
319 319
320 320 # this user will have inherited permissions from default user
321 321 expected_perms = default_perms(
322 322 added=['hg.create.none', 'hg.fork.none'],
323 323 removed=['hg.create.repository', 'hg.fork.repository'])
324 324 assert global_perms(self.u1) == expected_perms
325 325
326 326 def test_non_inherited_permissions_from_default_on_user_enabled(self):
327 327 user_model = UserModel()
328 328 # enable fork and create on default user
329 329 usr = User.DEFAULT_USER
330 330 user_model.revoke_perm(usr, 'hg.create.none')
331 331 user_model.grant_perm(usr, 'hg.create.repository')
332 332 user_model.revoke_perm(usr, 'hg.fork.none')
333 333 user_model.grant_perm(usr, 'hg.fork.repository')
334 334
335 335 # disable global perms on specific user
336 336 user_model.revoke_perm(self.u1, 'hg.create.repository')
337 337 user_model.grant_perm(self.u1, 'hg.create.none')
338 338 user_model.revoke_perm(self.u1, 'hg.fork.repository')
339 339 user_model.grant_perm(self.u1, 'hg.fork.none')
340 340
341 341 # make sure inherit flag is turned off
342 342 self.u1.inherit_default_permissions = False
343 343 Session().commit()
344 344
345 345 # this user will have non inherited permissions from he's
346 346 # explicitly set permissions
347 347 assert global_perms(self.u1) == set([
348 348 'hg.create.none',
349 349 'hg.fork.none',
350 350 'hg.register.manual_activate',
351 'hg.password_reset.enabled',
351 352 'hg.extern_activate.auto',
352 353 'repository.read',
353 354 'group.read',
354 355 'usergroup.read',
355 356 ])
356 357
357 358 def test_non_inherited_permissions_from_default_on_user_disabled(self):
358 359 user_model = UserModel()
359 360 # disable fork and create on default user
360 361 usr = User.DEFAULT_USER
361 362 user_model.revoke_perm(usr, 'hg.create.repository')
362 363 user_model.grant_perm(usr, 'hg.create.none')
363 364 user_model.revoke_perm(usr, 'hg.fork.repository')
364 365 user_model.grant_perm(usr, 'hg.fork.none')
365 366
366 367 # enable global perms on specific user
367 368 user_model.revoke_perm(self.u1, 'hg.create.none')
368 369 user_model.grant_perm(self.u1, 'hg.create.repository')
369 370 user_model.revoke_perm(self.u1, 'hg.fork.none')
370 371 user_model.grant_perm(self.u1, 'hg.fork.repository')
371 372
372 373 # make sure inherit flag is turned off
373 374 self.u1.inherit_default_permissions = False
374 375 Session().commit()
375 376
376 377 # this user will have non inherited permissions from he's
377 378 # explicitly set permissions
378 379 assert global_perms(self.u1) == set([
379 380 'hg.create.repository',
380 381 'hg.fork.repository',
381 382 'hg.register.manual_activate',
383 'hg.password_reset.enabled',
382 384 'hg.extern_activate.auto',
383 385 'repository.read',
384 386 'group.read',
385 387 'usergroup.read',
386 388 ])
387 389
388 390 @pytest.mark.parametrize('perm, expected_perm', [
389 391 ('hg.inherit_default_perms.false', 'repository.none', ),
390 392 ('hg.inherit_default_perms.true', 'repository.read', ),
391 393 ])
392 394 def test_inherited_permissions_on_objects(self, perm, expected_perm):
393 395 _form_result = {
394 396 'default_inherit_default_permissions': perm,
395 397 }
396 398 PermissionModel().set_new_user_perms(
397 399 User.get_default_user(), _form_result)
398 400 Session().commit()
399 401
400 402 # make sure inherit flag is turned on
401 403 self.u1.inherit_default_permissions = True
402 404 Session().commit()
403 405
404 406 # this user will have inherited permissions from default user
405 407 assert global_perms(self.u1) == set([
406 408 'hg.create.none',
407 409 'hg.fork.none',
408 410 'hg.register.manual_activate',
411 'hg.password_reset.enabled',
409 412 'hg.extern_activate.auto',
410 413 'repository.read',
411 414 'group.read',
412 415 'usergroup.read',
413 416 'hg.create.write_on_repogroup.true',
414 417 'hg.usergroup.create.false',
415 418 'hg.repogroup.create.false',
416 419 perm,
417 420 ])
418 421
419 422 assert set(repo_perms(self.u1).values()) == set([expected_perm])
420 423
421 424 def test_repo_owner_permissions_not_overwritten_by_group(self):
422 425 # create repo as USER,
423 426 self.test_repo = fixture.create_repo(name='myownrepo',
424 427 repo_type='hg',
425 428 cur_user=self.u1)
426 429
427 430 # he has permissions of admin as owner
428 431 assert repo_perms(self.u1)['myownrepo'] == 'repository.admin'
429 432
430 433 # set his permission as user group, he should still be admin
431 434 self.ug1 = fixture.create_user_group('G1')
432 435 UserGroupModel().add_user_to_group(self.ug1, self.u1)
433 436 RepoModel().grant_user_group_permission(
434 437 self.test_repo,
435 438 group_name=self.ug1,
436 439 perm='repository.none')
437 440 Session().commit()
438 441
439 442 assert repo_perms(self.u1)['myownrepo'] == 'repository.admin'
440 443
441 444 def test_repo_owner_permissions_not_overwritten_by_others(self):
442 445 # create repo as USER,
443 446 self.test_repo = fixture.create_repo(name='myownrepo',
444 447 repo_type='hg',
445 448 cur_user=self.u1)
446 449
447 450 # he has permissions of admin as owner
448 451 assert repo_perms(self.u1)['myownrepo'] == 'repository.admin'
449 452
450 453 # set his permission as user, he should still be admin
451 454 RepoModel().grant_user_permission(
452 455 self.test_repo, user=self.u1, perm='repository.none')
453 456 Session().commit()
454 457
455 458 assert repo_perms(self.u1)['myownrepo'] == 'repository.admin'
456 459
457 460 def test_repo_group_owner_permissions_not_overwritten_by_group(self):
458 461 # "u1" shall be owner without any special permission assigned
459 462 self.g1 = fixture.create_repo_group('test1')
460 463
461 464 # Make user group and grant a permission to user group
462 465 self.ug1 = fixture.create_user_group('G1')
463 466 UserGroupModel().add_user_to_group(self.ug1, self.u1)
464 467 RepoGroupModel().grant_user_group_permission(
465 468 repo_group=self.g1, group_name=self.ug1, perm='group.write')
466 469
467 470 # Verify that user does not get any special permission if he is not
468 471 # owner
469 472 assert group_perms(self.u1) == {'test1': 'group.write'}
470 473
471 474 # Make him owner of the repo group
472 475 self.g1.user = self.u1
473 476 assert group_perms(self.u1) == {'test1': 'group.admin'}
474 477
475 478 def test_repo_group_owner_permissions_not_overwritten_by_others(self):
476 479 # "u1" shall be owner without any special permission assigned
477 480 self.g1 = fixture.create_repo_group('test1')
478 481 RepoGroupModel().grant_user_permission(
479 482 repo_group=self.g1, user=self.u1, perm='group.write')
480 483
481 484 # Verify that user does not get any special permission if he is not
482 485 # owner
483 486 assert group_perms(self.u1) == {'test1': 'group.write'}
484 487
485 488 # Make him owner of the repo group
486 489 self.g1.user = self.u1
487 490 assert group_perms(self.u1) == {u'test1': 'group.admin'}
488 491
489 492 def _test_def_user_perm_equal(
490 493 self, user, change_factor=0, compare_keys=None):
491 494 perms = UserToPerm.query().filter(UserToPerm.user == user).all()
492 495 assert len(perms) == \
493 496 len(Permission.DEFAULT_USER_PERMISSIONS) + change_factor
494 497 if compare_keys:
495 498 assert set(
496 499 x.permissions.permission_name for x in perms) == compare_keys
497 500
498 501 def _test_def_user_group_perm_equal(
499 502 self, user_group, change_factor=0, compare_keys=None):
500 503 perms = UserGroupToPerm.query().filter(
501 504 UserGroupToPerm.users_group == user_group).all()
502 505 assert len(perms) == \
503 506 len(Permission.DEFAULT_USER_PERMISSIONS) + change_factor
504 507 if compare_keys:
505 508 assert set(
506 509 x.permissions.permission_name for x in perms) == compare_keys
507 510
508 511 def test_set_default_permissions(self):
509 512 PermissionModel().create_default_user_permissions(user=self.u1)
510 513 self._test_def_user_perm_equal(user=self.u1)
511 514
512 515 def test_set_default_permissions_after_one_is_missing(self):
513 516 PermissionModel().create_default_user_permissions(user=self.u1)
514 517 self._test_def_user_perm_equal(user=self.u1)
515 518 # now we delete one, it should be re-created after another call
516 519 perms = UserToPerm.query().filter(UserToPerm.user == self.u1).all()
517 520 Session().delete(perms[0])
518 521 Session().commit()
519 522
520 523 self._test_def_user_perm_equal(user=self.u1, change_factor=-1)
521 524
522 525 # create missing one !
523 526 PermissionModel().create_default_user_permissions(user=self.u1)
524 527 self._test_def_user_perm_equal(user=self.u1)
525 528
526 529 @pytest.mark.parametrize("perm, modify_to", [
527 530 ('repository.read', 'repository.none'),
528 531 ('group.read', 'group.none'),
529 532 ('usergroup.read', 'usergroup.none'),
530 533 ('hg.create.repository', 'hg.create.none'),
531 534 ('hg.fork.repository', 'hg.fork.none'),
532 535 ('hg.register.manual_activate', 'hg.register.auto_activate',)
533 536 ])
534 537 def test_set_default_permissions_after_modification(self, perm, modify_to):
535 538 PermissionModel().create_default_user_permissions(user=self.u1)
536 539 self._test_def_user_perm_equal(user=self.u1)
537 540
538 541 old = Permission.get_by_key(perm)
539 542 new = Permission.get_by_key(modify_to)
540 543 assert old is not None
541 544 assert new is not None
542 545
543 546 # now modify permissions
544 547 p = UserToPerm.query().filter(
545 548 UserToPerm.user == self.u1).filter(
546 549 UserToPerm.permission == old).one()
547 550 p.permission = new
548 551 Session().add(p)
549 552 Session().commit()
550 553
551 554 PermissionModel().create_default_user_permissions(user=self.u1)
552 555 self._test_def_user_perm_equal(user=self.u1)
553 556
554 557 def test_clear_user_perms(self):
555 558 PermissionModel().create_default_user_permissions(user=self.u1)
556 559 self._test_def_user_perm_equal(user=self.u1)
557 560
558 561 # now clear permissions
559 562 cleared = PermissionModel()._clear_user_perms(self.u1.user_id)
560 563 self._test_def_user_perm_equal(user=self.u1,
561 564 change_factor=len(cleared)*-1)
562 565
563 566 def test_clear_user_group_perms(self):
564 567 self.ug1 = fixture.create_user_group('G1')
565 568 PermissionModel().create_default_user_group_permissions(
566 569 user_group=self.ug1)
567 570 self._test_def_user_group_perm_equal(user_group=self.ug1)
568 571
569 572 # now clear permissions
570 573 cleared = PermissionModel()._clear_user_group_perms(
571 574 self.ug1.users_group_id)
572 575 self._test_def_user_group_perm_equal(user_group=self.ug1,
573 576 change_factor=len(cleared)*-1)
574 577
575 578 @pytest.mark.parametrize("form_result", [
576 579 {},
577 580 {'default_repo_create': 'hg.create.repository'},
578 581 {'default_repo_create': 'hg.create.repository',
579 582 'default_repo_perm': 'repository.read'},
580 583 {'default_repo_create': 'hg.create.none',
581 584 'default_repo_perm': 'repository.write',
582 585 'default_fork_create': 'hg.fork.none'},
583 586 ])
584 587 def test_set_new_user_permissions(self, form_result):
585 588 _form_result = {}
586 589 _form_result.update(form_result)
587 590 PermissionModel().set_new_user_perms(self.u1, _form_result)
588 591 Session().commit()
589 592 change_factor = -1 * (len(Permission.DEFAULT_USER_PERMISSIONS)
590 593 - len(form_result.keys()))
591 594 self._test_def_user_perm_equal(
592 595 self.u1, change_factor=change_factor)
593 596
594 597 @pytest.mark.parametrize("form_result", [
595 598 {},
596 599 {'default_repo_create': 'hg.create.repository'},
597 600 {'default_repo_create': 'hg.create.repository',
598 601 'default_repo_perm': 'repository.read'},
599 602 {'default_repo_create': 'hg.create.none',
600 603 'default_repo_perm': 'repository.write',
601 604 'default_fork_create': 'hg.fork.none'},
602 605 ])
603 606 def test_set_new_user_group_permissions(self, form_result):
604 607 _form_result = {}
605 608 _form_result.update(form_result)
606 609 self.ug1 = fixture.create_user_group('G1')
607 610 PermissionModel().set_new_user_group_perms(self.ug1, _form_result)
608 611 Session().commit()
609 612 change_factor = -1 * (len(Permission.DEFAULT_USER_PERMISSIONS)
610 613 - len(form_result.keys()))
611 614 self._test_def_user_group_perm_equal(
612 615 self.ug1, change_factor=change_factor)
613 616
614 617 @pytest.mark.parametrize("group_active, expected_perm", [
615 618 (True, 'repository.admin'),
616 619 (False, 'repository.read'),
617 620 ])
618 621 def test_get_default_repo_perms_from_user_group_with_active_group(
619 622 self, backend, user_util, group_active, expected_perm):
620 623 repo = backend.create_repo()
621 624 user = user_util.create_user()
622 625 user_group = user_util.create_user_group(
623 626 members=[user], users_group_active=group_active)
624 627
625 628 user_util.grant_user_group_permission_to_repo(
626 629 repo, user_group, 'repository.admin')
627 630 permissions = repo_perms(user)
628 631 repo_permission = permissions.get(repo.repo_name)
629 632 assert repo_permission == expected_perm
630 633
631 634 @pytest.mark.parametrize("group_active, expected_perm", [
632 635 (True, 'group.admin'),
633 636 (False, 'group.read')
634 637 ])
635 638 def test_get_default_group_perms_from_user_group_with_active_group(
636 639 self, user_util, group_active, expected_perm):
637 640 user = user_util.create_user()
638 641 repo_group = user_util.create_repo_group()
639 642 user_group = user_util.create_user_group(
640 643 members=[user], users_group_active=group_active)
641 644
642 645 user_util.grant_user_group_permission_to_repo_group(
643 646 repo_group, user_group, 'group.admin')
644 647 permissions = group_perms(user)
645 648 group_permission = permissions.get(repo_group.name)
646 649 assert group_permission == expected_perm
647 650
648 651 @pytest.mark.parametrize("group_active, expected_perm", [
649 652 (True, 'usergroup.admin'),
650 653 (False, 'usergroup.read')
651 654 ])
652 655 def test_get_default_user_group_perms_from_user_group_with_active_group(
653 656 self, user_util, group_active, expected_perm):
654 657 user = user_util.create_user()
655 658 user_group = user_util.create_user_group(
656 659 members=[user], users_group_active=group_active)
657 660 target_user_group = user_util.create_user_group()
658 661
659 662 user_util.grant_user_group_permission_to_user_group(
660 663 target_user_group, user_group, 'usergroup.admin')
661 664 permissions = user_group_perms(user)
662 665 group_permission = permissions.get(target_user_group.users_group_name)
663 666 assert group_permission == expected_perm
664 667
665 668
666 669 def repo_perms(user):
667 670 auth_user = AuthUser(user_id=user.user_id)
668 671 return auth_user.permissions['repositories']
669 672
670 673
671 674 def group_perms(user):
672 675 auth_user = AuthUser(user_id=user.user_id)
673 676 return auth_user.permissions['repositories_groups']
674 677
675 678
676 679 def user_group_perms(user):
677 680 auth_user = AuthUser(user_id=user.user_id)
678 681 return auth_user.permissions['user_groups']
679 682
680 683
681 684 def global_perms(user):
682 685 auth_user = AuthUser(user_id=user.user_id)
683 686 return auth_user.permissions['global']
684 687
685 688
686 689 def default_perms(added=None, removed=None):
687 690 expected_perms = set(Permission.DEFAULT_USER_PERMISSIONS)
688 691 if removed:
689 692 expected_perms.difference_update(removed)
690 693 if added:
691 694 expected_perms.update(added)
692 695 return expected_perms
General Comments 0
You need to be logged in to leave comments. Login now