##// END OF EJS Templates
tests: added tests for permission update views to catch obvious form errors.
marcink -
r2827:e2835069 default
parent child Browse files
Show More
@@ -0,0 +1,77 b''
1 # -*- coding: utf-8 -*-
2
3 # Copyright (C) 2010-2018 RhodeCode GmbH
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
21 import pytest
22
23 from rhodecode.tests.utils import permission_update_data_generator
24
25
26 def route_path(name, params=None, **kwargs):
27 import urllib
28
29 base_url = {
30 'edit_repo_perms': '/{repo_name}/settings/permissions'
31 # update is the same url
32 }[name].format(**kwargs)
33
34 if params:
35 base_url = '{}?{}'.format(base_url, urllib.urlencode(params))
36 return base_url
37
38
39 @pytest.mark.usefixtures("app")
40 class TestRepoPermissionsView(object):
41
42 def test_edit_perms_view(self, user_util, autologin_user):
43 repo = user_util.create_repo()
44 self.app.get(
45 route_path('edit_repo_perms',
46 repo_name=repo.repo_name), status=200)
47
48 def test_update_permissions(self, csrf_token, user_util):
49 repo = user_util.create_repo()
50 repo_name = repo.repo_name
51 user = user_util.create_user()
52 user_id = user.user_id
53 username = user.username
54
55 # grant new
56 form_data = permission_update_data_generator(
57 csrf_token,
58 default='repository.write',
59 grant=[(user_id, 'repository.write', username, 'user')])
60
61 response = self.app.post(
62 route_path('edit_repo_perms',
63 repo_name=repo_name), form_data).follow()
64
65 assert 'Repository permissions updated' in response
66
67 # revoke given
68 form_data = permission_update_data_generator(
69 csrf_token,
70 default='repository.read',
71 revoke=[(user_id, 'user')])
72
73 response = self.app.post(
74 route_path('edit_repo_perms',
75 repo_name=repo_name), form_data).follow()
76
77 assert 'Repository permissions updated' in response
@@ -0,0 +1,80 b''
1 # -*- coding: utf-8 -*-
2
3 # Copyright (C) 2010-2018 RhodeCode GmbH
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
21 import pytest
22
23 from rhodecode.tests.utils import permission_update_data_generator
24
25
26 def route_path(name, params=None, **kwargs):
27 import urllib
28 from rhodecode.apps._base import ADMIN_PREFIX
29
30 base_url = {
31 'edit_user_group_perms':
32 ADMIN_PREFIX + '/user_groups/{user_group_id}/edit/permissions',
33 'edit_user_group_perms_update':
34 ADMIN_PREFIX + '/user_groups/{user_group_id}/edit/permissions/update',
35 }[name].format(**kwargs)
36
37 if params:
38 base_url = '{}?{}'.format(base_url, urllib.urlencode(params))
39 return base_url
40
41
42 @pytest.mark.usefixtures("app")
43 class TestUserGroupPermissionsView(object):
44
45 def test_edit_perms_view(self, user_util, autologin_user):
46 user_group = user_util.create_user_group()
47 self.app.get(
48 route_path('edit_user_group_perms',
49 user_group_id=user_group.users_group_id), status=200)
50
51 def test_update_permissions(self, csrf_token, user_util):
52 user_group = user_util.create_user_group()
53 user_group_id = user_group.users_group_id
54 user = user_util.create_user()
55 user_id = user.user_id
56 username = user.username
57
58 # grant new
59 form_data = permission_update_data_generator(
60 csrf_token,
61 default='usergroup.write',
62 grant=[(user_id, 'usergroup.write', username, 'user')])
63
64 response = self.app.post(
65 route_path('edit_user_group_perms_update',
66 user_group_id=user_group_id), form_data).follow()
67
68 assert 'User Group permissions updated' in response
69
70 # revoke given
71 form_data = permission_update_data_generator(
72 csrf_token,
73 default='usergroup.read',
74 revoke=[(user_id, 'user')])
75
76 response = self.app.post(
77 route_path('edit_user_group_perms_update',
78 user_group_id=user_group_id), form_data).follow()
79
80 assert 'User Group permissions updated' in response
@@ -20,6 +20,8 b''
20
20
21 import pytest
21 import pytest
22
22
23 from rhodecode.tests.utils import permission_update_data_generator
24
23
25
24 def route_path(name, params=None, **kwargs):
26 def route_path(name, params=None, **kwargs):
25 import urllib
27 import urllib
@@ -37,13 +39,48 b' def route_path(name, params=None, **kwar'
37
39
38
40
39 @pytest.mark.usefixtures("app")
41 @pytest.mark.usefixtures("app")
40 class TestRepoGroupsPermissionsView(object):
42 class TestRepoGroupPermissionsView(object):
41
43
42 def test_edit_repo_group_perms(self, user_util, autologin_user):
44 def test_edit_perms_view(self, user_util, autologin_user):
43 repo_group = user_util.create_repo_group()
45 repo_group = user_util.create_repo_group()
46
44 self.app.get(
47 self.app.get(
45 route_path('edit_repo_group_perms',
48 route_path('edit_repo_group_perms',
46 repo_group_name=repo_group.group_name), status=200)
49 repo_group_name=repo_group.group_name), status=200)
47
50
48 def test_update_permissions(self):
51 def test_update_permissions(self, csrf_token, user_util):
49 pass
52 repo_group = user_util.create_repo_group()
53 repo_group_name = repo_group.group_name
54 user = user_util.create_user()
55 user_id = user.user_id
56 username = user.username
57
58 # grant new
59 form_data = permission_update_data_generator(
60 csrf_token,
61 default='group.write',
62 grant=[(user_id, 'group.write', username, 'user')])
63
64 # recursive flag required for repo groups
65 form_data.extend([('recursive', u'none')])
66
67 response = self.app.post(
68 route_path('edit_repo_group_perms_update',
69 repo_group_name=repo_group_name), form_data).follow()
70
71 assert 'Repository Group permissions updated' in response
72
73 # revoke given
74 form_data = permission_update_data_generator(
75 csrf_token,
76 default='group.read',
77 revoke=[(user_id, 'user')])
78
79 # recursive flag required for repo groups
80 form_data.extend([('recursive', u'none')])
81
82 response = self.app.post(
83 route_path('edit_repo_group_perms_update',
84 repo_group_name=repo_group_name), form_data).follow()
85
86 assert 'Repository Group permissions updated' in response
@@ -547,14 +547,16 b' class RepoModel(BaseModel):'
547 # this updates also current one if found
547 # this updates also current one if found
548 self.grant_user_permission(
548 self.grant_user_permission(
549 repo=repo, user=member_id, perm=perm)
549 repo=repo, user=member_id, perm=perm)
550 else: # set for user group
550 elif member_type == 'user_group':
551 # check if we have permissions to alter this usergroup
551 # check if we have permissions to alter this usergroup
552 member_name = UserGroup.get(member_id).users_group_name
552 member_name = UserGroup.get(member_id).users_group_name
553 if not check_perms or HasUserGroupPermissionAny(
553 if not check_perms or HasUserGroupPermissionAny(
554 *req_perms)(member_name, user=cur_user):
554 *req_perms)(member_name, user=cur_user):
555 self.grant_user_group_permission(
555 self.grant_user_group_permission(
556 repo=repo, group_name=member_id, perm=perm)
556 repo=repo, group_name=member_id, perm=perm)
557
557 else:
558 raise ValueError("member_type must be 'user' or 'user_group' "
559 "got {} instead".format(member_type))
558 changes['updated'].append({'type': member_type, 'id': member_id,
560 changes['updated'].append({'type': member_type, 'id': member_id,
559 'name': member_name, 'new_perm': perm})
561 'name': member_name, 'new_perm': perm})
560
562
@@ -565,13 +567,17 b' class RepoModel(BaseModel):'
565 member_name = User.get(member_id).username
567 member_name = User.get(member_id).username
566 self.grant_user_permission(
568 self.grant_user_permission(
567 repo=repo, user=member_id, perm=perm)
569 repo=repo, user=member_id, perm=perm)
568 else: # set for user group
570 elif member_type == 'user_group':
569 # check if we have permissions to alter this usergroup
571 # check if we have permissions to alter this usergroup
570 member_name = UserGroup.get(member_id).users_group_name
572 member_name = UserGroup.get(member_id).users_group_name
571 if not check_perms or HasUserGroupPermissionAny(
573 if not check_perms or HasUserGroupPermissionAny(
572 *req_perms)(member_name, user=cur_user):
574 *req_perms)(member_name, user=cur_user):
573 self.grant_user_group_permission(
575 self.grant_user_group_permission(
574 repo=repo, group_name=member_id, perm=perm)
576 repo=repo, group_name=member_id, perm=perm)
577 else:
578 raise ValueError("member_type must be 'user' or 'user_group' "
579 "got {} instead".format(member_type))
580
575 changes['added'].append({'type': member_type, 'id': member_id,
581 changes['added'].append({'type': member_type, 'id': member_id,
576 'name': member_name, 'new_perm': perm})
582 'name': member_name, 'new_perm': perm})
577 # delete permissions
583 # delete permissions
@@ -580,13 +586,16 b' class RepoModel(BaseModel):'
580 if member_type == 'user':
586 if member_type == 'user':
581 member_name = User.get(member_id).username
587 member_name = User.get(member_id).username
582 self.revoke_user_permission(repo=repo, user=member_id)
588 self.revoke_user_permission(repo=repo, user=member_id)
583 else: # set for user group
589 elif member_type == 'user_group':
584 # check if we have permissions to alter this usergroup
590 # check if we have permissions to alter this usergroup
585 member_name = UserGroup.get(member_id).users_group_name
591 member_name = UserGroup.get(member_id).users_group_name
586 if not check_perms or HasUserGroupPermissionAny(
592 if not check_perms or HasUserGroupPermissionAny(
587 *req_perms)(member_name, user=cur_user):
593 *req_perms)(member_name, user=cur_user):
588 self.revoke_user_group_permission(
594 self.revoke_user_group_permission(
589 repo=repo, group_name=member_id)
595 repo=repo, group_name=member_id)
596 else:
597 raise ValueError("member_type must be 'user' or 'user_group' "
598 "got {} instead".format(member_type))
590
599
591 changes['deleted'].append({'type': member_type, 'id': member_id,
600 changes['deleted'].append({'type': member_type, 'id': member_id,
592 'name': member_name, 'new_perm': perm})
601 'name': member_name, 'new_perm': perm})
@@ -425,11 +425,14 b' class RepoGroupModel(BaseModel):'
425 member_name = User.get(member_id).username
425 member_name = User.get(member_id).username
426 # this updates also current one if found
426 # this updates also current one if found
427 _set_perm_user(obj, user=member_id, perm=perm)
427 _set_perm_user(obj, user=member_id, perm=perm)
428 else: # set for user group
428 elif member_type == 'user_group':
429 member_name = UserGroup.get(member_id).users_group_name
429 member_name = UserGroup.get(member_id).users_group_name
430 if not check_perms or has_group_perm(member_name,
430 if not check_perms or has_group_perm(member_name,
431 user=cur_user):
431 user=cur_user):
432 _set_perm_group(obj, users_group=member_id, perm=perm)
432 _set_perm_group(obj, users_group=member_id, perm=perm)
433 else:
434 raise ValueError("member_type must be 'user' or 'user_group' "
435 "got {} instead".format(member_type))
433
436
434 changes['updated'].append(
437 changes['updated'].append(
435 {'change_obj': change_obj, 'type': member_type,
438 {'change_obj': change_obj, 'type': member_type,
@@ -441,12 +444,15 b' class RepoGroupModel(BaseModel):'
441 if member_type == 'user':
444 if member_type == 'user':
442 member_name = User.get(member_id).username
445 member_name = User.get(member_id).username
443 _set_perm_user(obj, user=member_id, perm=perm)
446 _set_perm_user(obj, user=member_id, perm=perm)
444 else: # set for user group
447 elif member_type == 'user_group':
445 # check if we have permissions to alter this usergroup
448 # check if we have permissions to alter this usergroup
446 member_name = UserGroup.get(member_id).users_group_name
449 member_name = UserGroup.get(member_id).users_group_name
447 if not check_perms or has_group_perm(member_name,
450 if not check_perms or has_group_perm(member_name,
448 user=cur_user):
451 user=cur_user):
449 _set_perm_group(obj, users_group=member_id, perm=perm)
452 _set_perm_group(obj, users_group=member_id, perm=perm)
453 else:
454 raise ValueError("member_type must be 'user' or 'user_group' "
455 "got {} instead".format(member_type))
450
456
451 changes['added'].append(
457 changes['added'].append(
452 {'change_obj': change_obj, 'type': member_type,
458 {'change_obj': change_obj, 'type': member_type,
@@ -458,12 +464,15 b' class RepoGroupModel(BaseModel):'
458 if member_type == 'user':
464 if member_type == 'user':
459 member_name = User.get(member_id).username
465 member_name = User.get(member_id).username
460 _revoke_perm_user(obj, user=member_id)
466 _revoke_perm_user(obj, user=member_id)
461 else: # set for user group
467 elif member_type == 'user_group':
462 # check if we have permissions to alter this usergroup
468 # check if we have permissions to alter this usergroup
463 member_name = UserGroup.get(member_id).users_group_name
469 member_name = UserGroup.get(member_id).users_group_name
464 if not check_perms or has_group_perm(member_name,
470 if not check_perms or has_group_perm(member_name,
465 user=cur_user):
471 user=cur_user):
466 _revoke_perm_group(obj, user_group=member_id)
472 _revoke_perm_group(obj, user_group=member_id)
473 else:
474 raise ValueError("member_type must be 'user' or 'user_group' "
475 "got {} instead".format(member_type))
467
476
468 changes['deleted'].append(
477 changes['deleted'].append(
469 {'change_obj': change_obj, 'type': member_type,
478 {'change_obj': change_obj, 'type': member_type,
@@ -90,13 +90,16 b' class UserGroupModel(BaseModel):'
90 self.grant_user_permission(
90 self.grant_user_permission(
91 user_group=user_group, user=member_id, perm=perm
91 user_group=user_group, user=member_id, perm=perm
92 )
92 )
93 else:
93 elif member_type == 'user_group':
94 # check if we have permissions to alter this usergroup
94 # check if we have permissions to alter this usergroup
95 member_name = UserGroup.get(member_id).users_group_name
95 member_name = UserGroup.get(member_id).users_group_name
96 if not check_perms or HasUserGroupPermissionAny(
96 if not check_perms or HasUserGroupPermissionAny(
97 *req_perms)(member_name, user=cur_user):
97 *req_perms)(member_name, user=cur_user):
98 self.grant_user_group_permission(
98 self.grant_user_group_permission(
99 target_user_group=user_group, user_group=member_id, perm=perm)
99 target_user_group=user_group, user_group=member_id, perm=perm)
100 else:
101 raise ValueError("member_type must be 'user' or 'user_group' "
102 "got {} instead".format(member_type))
100
103
101 changes['updated'].append({
104 changes['updated'].append({
102 'change_obj': change_obj,
105 'change_obj': change_obj,
@@ -110,13 +113,16 b' class UserGroupModel(BaseModel):'
110 member_name = User.get(member_id).username
113 member_name = User.get(member_id).username
111 self.grant_user_permission(
114 self.grant_user_permission(
112 user_group=user_group, user=member_id, perm=perm)
115 user_group=user_group, user=member_id, perm=perm)
113 else:
116 elif member_type == 'user_group':
114 # check if we have permissions to alter this usergroup
117 # check if we have permissions to alter this usergroup
115 member_name = UserGroup.get(member_id).users_group_name
118 member_name = UserGroup.get(member_id).users_group_name
116 if not check_perms or HasUserGroupPermissionAny(
119 if not check_perms or HasUserGroupPermissionAny(
117 *req_perms)(member_name, user=cur_user):
120 *req_perms)(member_name, user=cur_user):
118 self.grant_user_group_permission(
121 self.grant_user_group_permission(
119 target_user_group=user_group, user_group=member_id, perm=perm)
122 target_user_group=user_group, user_group=member_id, perm=perm)
123 else:
124 raise ValueError("member_type must be 'user' or 'user_group' "
125 "got {} instead".format(member_type))
120
126
121 changes['added'].append({
127 changes['added'].append({
122 'change_obj': change_obj,
128 'change_obj': change_obj,
@@ -129,13 +135,16 b' class UserGroupModel(BaseModel):'
129 if member_type == 'user':
135 if member_type == 'user':
130 member_name = User.get(member_id).username
136 member_name = User.get(member_id).username
131 self.revoke_user_permission(user_group=user_group, user=member_id)
137 self.revoke_user_permission(user_group=user_group, user=member_id)
132 else:
138 elif member_type == 'user_group':
133 # check if we have permissions to alter this usergroup
139 # check if we have permissions to alter this usergroup
134 member_name = UserGroup.get(member_id).users_group_name
140 member_name = UserGroup.get(member_id).users_group_name
135 if not check_perms or HasUserGroupPermissionAny(
141 if not check_perms or HasUserGroupPermissionAny(
136 *req_perms)(member_name, user=cur_user):
142 *req_perms)(member_name, user=cur_user):
137 self.revoke_user_group_permission(
143 self.revoke_user_group_permission(
138 target_user_group=user_group, user_group=member_id)
144 target_user_group=user_group, user_group=member_id)
145 else:
146 raise ValueError("member_type must be 'user' or 'user_group' "
147 "got {} instead".format(member_type))
139
148
140 changes['deleted'].append({
149 changes['deleted'].append({
141 'change_obj': change_obj,
150 'change_obj': change_obj,
@@ -797,7 +797,7 b" def ValidPerms(localizer, type_='repo'):"
797 obj_type = k[0]
797 obj_type = k[0]
798 obj_id = k[7:]
798 obj_id = k[7:]
799 update_type = {'u': 'user',
799 update_type = {'u': 'user',
800 'g': 'users_group'}[obj_type]
800 'g': 'user_group'}[obj_type]
801
801
802 if obj_type == 'u' and safe_int(obj_id) == default_user_id:
802 if obj_type == 'u' and safe_int(obj_id) == default_user_id:
803 if str2bool(value.get('repo_private')):
803 if str2bool(value.get('repo_private')):
@@ -827,7 +827,7 b" def ValidPerms(localizer, type_='repo'):"
827 User.query()\
827 User.query()\
828 .filter(User.active == true())\
828 .filter(User.active == true())\
829 .filter(User.user_id == member_id).one()
829 .filter(User.user_id == member_id).one()
830 if member_type == 'users_group':
830 if member_type == 'user_group':
831 UserGroup.query()\
831 UserGroup.query()\
832 .filter(UserGroup.users_group_active == true())\
832 .filter(UserGroup.users_group_active == true())\
833 .filter(UserGroup.users_group_id == member_id)\
833 .filter(UserGroup.users_group_id == member_id)\
@@ -48,7 +48,7 b' def permissions_setup_func_orig('
48 repo_group = RepoGroup.get_by_group_name(group_name=group_name)
48 repo_group = RepoGroup.get_by_group_name(group_name=group_name)
49 if not repo_group:
49 if not repo_group:
50 raise Exception('Cannot get group %s' % group_name)
50 raise Exception('Cannot get group %s' % group_name)
51 perm_updates = [[test_u2_gr_id, perm, 'users_group']]
51 perm_updates = [[test_u2_gr_id, perm, 'user_group']]
52 RepoGroupModel().update_permissions(repo_group,
52 RepoGroupModel().update_permissions(repo_group,
53 perm_updates=perm_updates,
53 perm_updates=perm_updates,
54 recursive=recursive, check_perms=False)
54 recursive=recursive, check_perms=False)
@@ -427,3 +427,32 b' def commit_change('
427 f_path=filename
427 f_path=filename
428 )
428 )
429 return commit
429 return commit
430
431
432 def permission_update_data_generator(csrf_token, default=None, grant=None, revoke=None):
433 if not default:
434 raise ValueError('Permission for default user must be given')
435 form_data = [(
436 'csrf_token', csrf_token
437 )]
438 # add default
439 form_data.extend([
440 ('u_perm_1', default)
441 ])
442
443 if grant:
444 for cnt, (obj_id, perm, obj_name, obj_type) in enumerate(grant, 1):
445 form_data.extend([
446 ('perm_new_member_perm_new{}'.format(cnt), perm),
447 ('perm_new_member_id_new{}'.format(cnt), obj_id),
448 ('perm_new_member_name_new{}'.format(cnt), obj_name),
449 ('perm_new_member_type_new{}'.format(cnt), obj_type),
450
451 ])
452 if revoke:
453 for obj_id, obj_type in revoke:
454 form_data.extend([
455 ('perm_del_member_id_{}'.format(obj_id), obj_id),
456 ('perm_del_member_type_{}'.format(obj_id), obj_type),
457 ])
458 return form_data
General Comments 0
You need to be logged in to leave comments. Login now