##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
tests: fix admin users groups tests
dan -
r151:7aa00b52 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,186 +1,192 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2016 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 import pytest
22 22
23 23 from rhodecode.tests import (
24 24 TestController, url, assert_session_flash, link_to)
25 25 from rhodecode.model.db import User, UserGroup
26 26 from rhodecode.model.meta import Session
27 27 from rhodecode.tests.fixture import Fixture
28 28
29 29 TEST_USER_GROUP = 'admins_test'
30 30
31 31 fixture = Fixture()
32 32
33 33
34 34 class TestAdminUsersGroupsController(TestController):
35 35
36 36 def test_index(self):
37 37 self.log_user()
38 38 response = self.app.get(url('users_groups'))
39 39 response.status_int == 200
40 40
41 41 def test_create(self):
42 42 self.log_user()
43 43 users_group_name = TEST_USER_GROUP
44 44 response = self.app.post(url('users_groups'), {
45 45 'users_group_name': users_group_name,
46 46 'user_group_description': 'DESC',
47 47 'active': True,
48 48 'csrf_token': self.csrf_token})
49 49
50 50 user_group_link = link_to(
51 51 users_group_name,
52 52 url('edit_users_group',
53 53 user_group_id=UserGroup.get_by_group_name(
54 54 users_group_name).users_group_id))
55 55 assert_session_flash(
56 56 response,
57 57 'Created user group %s' % user_group_link)
58 58
59 59 def test_delete(self):
60 60 self.log_user()
61 61 users_group_name = TEST_USER_GROUP + 'another'
62 62 response = self.app.post(url('users_groups'), {
63 63 'users_group_name': users_group_name,
64 64 'user_group_description': 'DESC',
65 65 'active': True,
66 66 'csrf_token': self.csrf_token})
67 67
68 68 user_group_link = link_to(
69 69 users_group_name,
70 70 url('edit_users_group',
71 71 user_group_id=UserGroup.get_by_group_name(
72 72 users_group_name).users_group_id))
73 73 assert_session_flash(
74 74 response,
75 75 'Created user group %s' % user_group_link)
76 76
77 77 group = Session().query(UserGroup).filter(
78 78 UserGroup.users_group_name == users_group_name).one()
79 79
80 80 response = self.app.post(
81 81 url('delete_users_group', user_group_id=group.users_group_id),
82 82 params={'_method': 'delete', 'csrf_token': self.csrf_token})
83 83
84 84 group = Session().query(UserGroup).filter(
85 85 UserGroup.users_group_name == users_group_name).scalar()
86 86
87 87 assert group is None
88 88
89 89 @pytest.mark.parametrize('repo_create, repo_create_write, user_group_create, repo_group_create, fork_create, inherit_default_permissions, expect_error, expect_form_error', [
90 90 ('hg.create.none', 'hg.create.write_on_repogroup.false', 'hg.usergroup.create.false', 'hg.repogroup.create.false', 'hg.fork.none', 'hg.inherit_default_perms.false', False, False),
91 91 ('hg.create.repository', 'hg.create.write_on_repogroup.true', 'hg.usergroup.create.true', 'hg.repogroup.create.true', 'hg.fork.repository', 'hg.inherit_default_perms.false', False, False),
92 92 ('hg.create.XXX', 'hg.create.write_on_repogroup.true', 'hg.usergroup.create.true', 'hg.repogroup.create.true', 'hg.fork.repository', 'hg.inherit_default_perms.false', False, True),
93 93 ('', '', '', '', '', '', True, False),
94 94 ])
95 95 def test_global_perms_on_group(
96 96 self, repo_create, repo_create_write, user_group_create,
97 97 repo_group_create, fork_create, expect_error, expect_form_error,
98 98 inherit_default_permissions):
99 99 self.log_user()
100 100 users_group_name = TEST_USER_GROUP + 'another2'
101 101 response = self.app.post(url('users_groups'),
102 102 {'users_group_name': users_group_name,
103 103 'user_group_description': 'DESC',
104 104 'active': True,
105 105 'csrf_token': self.csrf_token})
106 106
107 107 ug = UserGroup.get_by_group_name(users_group_name)
108 108 user_group_link = link_to(
109 109 users_group_name,
110 110 url('edit_users_group', user_group_id=ug.users_group_id))
111 111 assert_session_flash(
112 112 response,
113 113 'Created user group %s' % user_group_link)
114 114 response.follow()
115 115
116 116 # ENABLE REPO CREATE ON A GROUP
117 117 perm_params = {
118 118 'inherit_default_permissions': False,
119 119 'default_repo_create': repo_create,
120 120 'default_repo_create_on_write': repo_create_write,
121 121 'default_user_group_create': user_group_create,
122 122 'default_repo_group_create': repo_group_create,
123 123 'default_fork_create': fork_create,
124 124 'default_inherit_default_permissions': inherit_default_permissions,
125 125
126 126 '_method': 'put',
127 127 'csrf_token': self.csrf_token,
128 128 }
129 129 response = self.app.post(
130 130 url('edit_user_group_global_perms',
131 131 user_group_id=ug.users_group_id),
132 132 params=perm_params)
133 133
134 134 if expect_form_error:
135 135 assert response.status_int == 200
136 136 response.mustcontain('Value must be one of')
137 137 else:
138 138 if expect_error:
139 139 msg = 'An error occurred during permissions saving'
140 140 else:
141 141 msg = 'User Group global permissions updated successfully'
142 142 ug = UserGroup.get_by_group_name(users_group_name)
143 143 del perm_params['_method']
144 144 del perm_params['csrf_token']
145 145 del perm_params['inherit_default_permissions']
146 146 assert perm_params == ug.get_default_perms()
147 147 assert_session_flash(response, msg)
148 148
149 149 fixture.destroy_user_group(users_group_name)
150 150
151 151 def test_edit(self):
152 152 self.log_user()
153 response = self.app.get(url('edit_users_group', user_group_id=1))
153 ug = fixture.create_user_group(TEST_USER_GROUP, skip_if_exists=True)
154 response = self.app.get(
155 url('edit_users_group', user_group_id=ug.users_group_id))
156 fixture.destroy_user_group(TEST_USER_GROUP)
154 157
155 158 def test_edit_user_group_members(self):
156 159 self.log_user()
157 response = self.app.get(url('edit_user_group_members', user_group_id=1))
160 ug = fixture.create_user_group(TEST_USER_GROUP, skip_if_exists=True)
161 response = self.app.get(
162 url('edit_user_group_members', user_group_id=ug.users_group_id))
158 163 response.mustcontain('No members yet')
164 fixture.destroy_user_group(TEST_USER_GROUP)
159 165
160 166 def test_usergroup_escape(self):
161 167 user = User.get_by_username('test_admin')
162 168 user.name = '<img src="/image1" onload="alert(\'Hello, World!\');">'
163 169 user.lastname = (
164 170 '<img src="/image2" onload="alert(\'Hello, World!\');">')
165 171 Session().add(user)
166 172 Session().commit()
167 173
168 174 self.log_user()
169 175 users_group_name = 'samplegroup'
170 176 data = {
171 177 'users_group_name': users_group_name,
172 178 'user_group_description': (
173 179 '<strong onload="alert();">DESC</strong>'),
174 180 'active': True,
175 181 'csrf_token': self.csrf_token
176 182 }
177 183
178 184 response = self.app.post(url('users_groups'), data)
179 185 response = self.app.get(url('users_groups'))
180 186
181 187 response.mustcontain(
182 188 '&lt;strong onload=&#34;alert();&#34;&gt;'
183 189 'DESC&lt;/strong&gt;')
184 190 response.mustcontain(
185 191 '&lt;img src=&#34;/image2&#34; onload=&#34;'
186 192 'alert(&#39;Hello, World!&#39;);&#34;&gt;')
General Comments 0
You need to be logged in to leave comments. Login now