##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
tests: fix admin users groups tests
dan -
r151:7aa00b52 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,186 +1,192 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2016 RhodeCode GmbH
3 # Copyright (C) 2010-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 import pytest
21 import pytest
22
22
23 from rhodecode.tests import (
23 from rhodecode.tests import (
24 TestController, url, assert_session_flash, link_to)
24 TestController, url, assert_session_flash, link_to)
25 from rhodecode.model.db import User, UserGroup
25 from rhodecode.model.db import User, UserGroup
26 from rhodecode.model.meta import Session
26 from rhodecode.model.meta import Session
27 from rhodecode.tests.fixture import Fixture
27 from rhodecode.tests.fixture import Fixture
28
28
29 TEST_USER_GROUP = 'admins_test'
29 TEST_USER_GROUP = 'admins_test'
30
30
31 fixture = Fixture()
31 fixture = Fixture()
32
32
33
33
34 class TestAdminUsersGroupsController(TestController):
34 class TestAdminUsersGroupsController(TestController):
35
35
36 def test_index(self):
36 def test_index(self):
37 self.log_user()
37 self.log_user()
38 response = self.app.get(url('users_groups'))
38 response = self.app.get(url('users_groups'))
39 response.status_int == 200
39 response.status_int == 200
40
40
41 def test_create(self):
41 def test_create(self):
42 self.log_user()
42 self.log_user()
43 users_group_name = TEST_USER_GROUP
43 users_group_name = TEST_USER_GROUP
44 response = self.app.post(url('users_groups'), {
44 response = self.app.post(url('users_groups'), {
45 'users_group_name': users_group_name,
45 'users_group_name': users_group_name,
46 'user_group_description': 'DESC',
46 'user_group_description': 'DESC',
47 'active': True,
47 'active': True,
48 'csrf_token': self.csrf_token})
48 'csrf_token': self.csrf_token})
49
49
50 user_group_link = link_to(
50 user_group_link = link_to(
51 users_group_name,
51 users_group_name,
52 url('edit_users_group',
52 url('edit_users_group',
53 user_group_id=UserGroup.get_by_group_name(
53 user_group_id=UserGroup.get_by_group_name(
54 users_group_name).users_group_id))
54 users_group_name).users_group_id))
55 assert_session_flash(
55 assert_session_flash(
56 response,
56 response,
57 'Created user group %s' % user_group_link)
57 'Created user group %s' % user_group_link)
58
58
59 def test_delete(self):
59 def test_delete(self):
60 self.log_user()
60 self.log_user()
61 users_group_name = TEST_USER_GROUP + 'another'
61 users_group_name = TEST_USER_GROUP + 'another'
62 response = self.app.post(url('users_groups'), {
62 response = self.app.post(url('users_groups'), {
63 'users_group_name': users_group_name,
63 'users_group_name': users_group_name,
64 'user_group_description': 'DESC',
64 'user_group_description': 'DESC',
65 'active': True,
65 'active': True,
66 'csrf_token': self.csrf_token})
66 'csrf_token': self.csrf_token})
67
67
68 user_group_link = link_to(
68 user_group_link = link_to(
69 users_group_name,
69 users_group_name,
70 url('edit_users_group',
70 url('edit_users_group',
71 user_group_id=UserGroup.get_by_group_name(
71 user_group_id=UserGroup.get_by_group_name(
72 users_group_name).users_group_id))
72 users_group_name).users_group_id))
73 assert_session_flash(
73 assert_session_flash(
74 response,
74 response,
75 'Created user group %s' % user_group_link)
75 'Created user group %s' % user_group_link)
76
76
77 group = Session().query(UserGroup).filter(
77 group = Session().query(UserGroup).filter(
78 UserGroup.users_group_name == users_group_name).one()
78 UserGroup.users_group_name == users_group_name).one()
79
79
80 response = self.app.post(
80 response = self.app.post(
81 url('delete_users_group', user_group_id=group.users_group_id),
81 url('delete_users_group', user_group_id=group.users_group_id),
82 params={'_method': 'delete', 'csrf_token': self.csrf_token})
82 params={'_method': 'delete', 'csrf_token': self.csrf_token})
83
83
84 group = Session().query(UserGroup).filter(
84 group = Session().query(UserGroup).filter(
85 UserGroup.users_group_name == users_group_name).scalar()
85 UserGroup.users_group_name == users_group_name).scalar()
86
86
87 assert group is None
87 assert group is None
88
88
89 @pytest.mark.parametrize('repo_create, repo_create_write, user_group_create, repo_group_create, fork_create, inherit_default_permissions, expect_error, expect_form_error', [
89 @pytest.mark.parametrize('repo_create, repo_create_write, user_group_create, repo_group_create, fork_create, inherit_default_permissions, expect_error, expect_form_error', [
90 ('hg.create.none', 'hg.create.write_on_repogroup.false', 'hg.usergroup.create.false', 'hg.repogroup.create.false', 'hg.fork.none', 'hg.inherit_default_perms.false', False, False),
90 ('hg.create.none', 'hg.create.write_on_repogroup.false', 'hg.usergroup.create.false', 'hg.repogroup.create.false', 'hg.fork.none', 'hg.inherit_default_perms.false', False, False),
91 ('hg.create.repository', 'hg.create.write_on_repogroup.true', 'hg.usergroup.create.true', 'hg.repogroup.create.true', 'hg.fork.repository', 'hg.inherit_default_perms.false', False, False),
91 ('hg.create.repository', 'hg.create.write_on_repogroup.true', 'hg.usergroup.create.true', 'hg.repogroup.create.true', 'hg.fork.repository', 'hg.inherit_default_perms.false', False, False),
92 ('hg.create.XXX', 'hg.create.write_on_repogroup.true', 'hg.usergroup.create.true', 'hg.repogroup.create.true', 'hg.fork.repository', 'hg.inherit_default_perms.false', False, True),
92 ('hg.create.XXX', 'hg.create.write_on_repogroup.true', 'hg.usergroup.create.true', 'hg.repogroup.create.true', 'hg.fork.repository', 'hg.inherit_default_perms.false', False, True),
93 ('', '', '', '', '', '', True, False),
93 ('', '', '', '', '', '', True, False),
94 ])
94 ])
95 def test_global_perms_on_group(
95 def test_global_perms_on_group(
96 self, repo_create, repo_create_write, user_group_create,
96 self, repo_create, repo_create_write, user_group_create,
97 repo_group_create, fork_create, expect_error, expect_form_error,
97 repo_group_create, fork_create, expect_error, expect_form_error,
98 inherit_default_permissions):
98 inherit_default_permissions):
99 self.log_user()
99 self.log_user()
100 users_group_name = TEST_USER_GROUP + 'another2'
100 users_group_name = TEST_USER_GROUP + 'another2'
101 response = self.app.post(url('users_groups'),
101 response = self.app.post(url('users_groups'),
102 {'users_group_name': users_group_name,
102 {'users_group_name': users_group_name,
103 'user_group_description': 'DESC',
103 'user_group_description': 'DESC',
104 'active': True,
104 'active': True,
105 'csrf_token': self.csrf_token})
105 'csrf_token': self.csrf_token})
106
106
107 ug = UserGroup.get_by_group_name(users_group_name)
107 ug = UserGroup.get_by_group_name(users_group_name)
108 user_group_link = link_to(
108 user_group_link = link_to(
109 users_group_name,
109 users_group_name,
110 url('edit_users_group', user_group_id=ug.users_group_id))
110 url('edit_users_group', user_group_id=ug.users_group_id))
111 assert_session_flash(
111 assert_session_flash(
112 response,
112 response,
113 'Created user group %s' % user_group_link)
113 'Created user group %s' % user_group_link)
114 response.follow()
114 response.follow()
115
115
116 # ENABLE REPO CREATE ON A GROUP
116 # ENABLE REPO CREATE ON A GROUP
117 perm_params = {
117 perm_params = {
118 'inherit_default_permissions': False,
118 'inherit_default_permissions': False,
119 'default_repo_create': repo_create,
119 'default_repo_create': repo_create,
120 'default_repo_create_on_write': repo_create_write,
120 'default_repo_create_on_write': repo_create_write,
121 'default_user_group_create': user_group_create,
121 'default_user_group_create': user_group_create,
122 'default_repo_group_create': repo_group_create,
122 'default_repo_group_create': repo_group_create,
123 'default_fork_create': fork_create,
123 'default_fork_create': fork_create,
124 'default_inherit_default_permissions': inherit_default_permissions,
124 'default_inherit_default_permissions': inherit_default_permissions,
125
125
126 '_method': 'put',
126 '_method': 'put',
127 'csrf_token': self.csrf_token,
127 'csrf_token': self.csrf_token,
128 }
128 }
129 response = self.app.post(
129 response = self.app.post(
130 url('edit_user_group_global_perms',
130 url('edit_user_group_global_perms',
131 user_group_id=ug.users_group_id),
131 user_group_id=ug.users_group_id),
132 params=perm_params)
132 params=perm_params)
133
133
134 if expect_form_error:
134 if expect_form_error:
135 assert response.status_int == 200
135 assert response.status_int == 200
136 response.mustcontain('Value must be one of')
136 response.mustcontain('Value must be one of')
137 else:
137 else:
138 if expect_error:
138 if expect_error:
139 msg = 'An error occurred during permissions saving'
139 msg = 'An error occurred during permissions saving'
140 else:
140 else:
141 msg = 'User Group global permissions updated successfully'
141 msg = 'User Group global permissions updated successfully'
142 ug = UserGroup.get_by_group_name(users_group_name)
142 ug = UserGroup.get_by_group_name(users_group_name)
143 del perm_params['_method']
143 del perm_params['_method']
144 del perm_params['csrf_token']
144 del perm_params['csrf_token']
145 del perm_params['inherit_default_permissions']
145 del perm_params['inherit_default_permissions']
146 assert perm_params == ug.get_default_perms()
146 assert perm_params == ug.get_default_perms()
147 assert_session_flash(response, msg)
147 assert_session_flash(response, msg)
148
148
149 fixture.destroy_user_group(users_group_name)
149 fixture.destroy_user_group(users_group_name)
150
150
151 def test_edit(self):
151 def test_edit(self):
152 self.log_user()
152 self.log_user()
153 response = self.app.get(url('edit_users_group', user_group_id=1))
153 ug = fixture.create_user_group(TEST_USER_GROUP, skip_if_exists=True)
154 response = self.app.get(
155 url('edit_users_group', user_group_id=ug.users_group_id))
156 fixture.destroy_user_group(TEST_USER_GROUP)
154
157
155 def test_edit_user_group_members(self):
158 def test_edit_user_group_members(self):
156 self.log_user()
159 self.log_user()
157 response = self.app.get(url('edit_user_group_members', user_group_id=1))
160 ug = fixture.create_user_group(TEST_USER_GROUP, skip_if_exists=True)
161 response = self.app.get(
162 url('edit_user_group_members', user_group_id=ug.users_group_id))
158 response.mustcontain('No members yet')
163 response.mustcontain('No members yet')
164 fixture.destroy_user_group(TEST_USER_GROUP)
159
165
160 def test_usergroup_escape(self):
166 def test_usergroup_escape(self):
161 user = User.get_by_username('test_admin')
167 user = User.get_by_username('test_admin')
162 user.name = '<img src="/image1" onload="alert(\'Hello, World!\');">'
168 user.name = '<img src="/image1" onload="alert(\'Hello, World!\');">'
163 user.lastname = (
169 user.lastname = (
164 '<img src="/image2" onload="alert(\'Hello, World!\');">')
170 '<img src="/image2" onload="alert(\'Hello, World!\');">')
165 Session().add(user)
171 Session().add(user)
166 Session().commit()
172 Session().commit()
167
173
168 self.log_user()
174 self.log_user()
169 users_group_name = 'samplegroup'
175 users_group_name = 'samplegroup'
170 data = {
176 data = {
171 'users_group_name': users_group_name,
177 'users_group_name': users_group_name,
172 'user_group_description': (
178 'user_group_description': (
173 '<strong onload="alert();">DESC</strong>'),
179 '<strong onload="alert();">DESC</strong>'),
174 'active': True,
180 'active': True,
175 'csrf_token': self.csrf_token
181 'csrf_token': self.csrf_token
176 }
182 }
177
183
178 response = self.app.post(url('users_groups'), data)
184 response = self.app.post(url('users_groups'), data)
179 response = self.app.get(url('users_groups'))
185 response = self.app.get(url('users_groups'))
180
186
181 response.mustcontain(
187 response.mustcontain(
182 '&lt;strong onload=&#34;alert();&#34;&gt;'
188 '&lt;strong onload=&#34;alert();&#34;&gt;'
183 'DESC&lt;/strong&gt;')
189 'DESC&lt;/strong&gt;')
184 response.mustcontain(
190 response.mustcontain(
185 '&lt;img src=&#34;/image2&#34; onload=&#34;'
191 '&lt;img src=&#34;/image2&#34; onload=&#34;'
186 'alert(&#39;Hello, World!&#39;);&#34;&gt;')
192 'alert(&#39;Hello, World!&#39;);&#34;&gt;')
General Comments 0
You need to be logged in to leave comments. Login now