test_admin_user_groups.py
192 lines
| 7.8 KiB
| text/x-python
|
PythonLexer
| r1 | # -*- coding: utf-8 -*- | |||
| # Copyright (C) 2010-2016 RhodeCode GmbH | ||||
| # | ||||
| # This program is free software: you can redistribute it and/or modify | ||||
| # it under the terms of the GNU Affero General Public License, version 3 | ||||
| # (only), as published by the Free Software Foundation. | ||||
| # | ||||
| # This program is distributed in the hope that it will be useful, | ||||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
| # GNU General Public License for more details. | ||||
| # | ||||
| # You should have received a copy of the GNU Affero General Public License | ||||
| # along with this program. If not, see <http://www.gnu.org/licenses/>. | ||||
| # | ||||
| # This program is dual-licensed. If you wish to learn more about the | ||||
| # RhodeCode Enterprise Edition, including its added features, Support services, | ||||
| # and proprietary license terms, please see https://rhodecode.com/licenses/ | ||||
| import pytest | ||||
| from rhodecode.tests import ( | ||||
| TestController, url, assert_session_flash, link_to) | ||||
| from rhodecode.model.db import User, UserGroup | ||||
| from rhodecode.model.meta import Session | ||||
| from rhodecode.tests.fixture import Fixture | ||||
| TEST_USER_GROUP = 'admins_test' | ||||
| fixture = Fixture() | ||||
| class TestAdminUsersGroupsController(TestController): | ||||
| def test_index(self): | ||||
| self.log_user() | ||||
| r93 | response = self.app.get(url('users_groups')) | |||
| r100 | response.status_int == 200 | |||
| r1 | ||||
| def test_create(self): | ||||
| self.log_user() | ||||
| users_group_name = TEST_USER_GROUP | ||||
| response = self.app.post(url('users_groups'), { | ||||
| 'users_group_name': users_group_name, | ||||
| 'user_group_description': 'DESC', | ||||
| 'active': True, | ||||
| 'csrf_token': self.csrf_token}) | ||||
| user_group_link = link_to( | ||||
| users_group_name, | ||||
| url('edit_users_group', | ||||
| user_group_id=UserGroup.get_by_group_name( | ||||
| users_group_name).users_group_id)) | ||||
| assert_session_flash( | ||||
| response, | ||||
| 'Created user group %s' % user_group_link) | ||||
| def test_delete(self): | ||||
| self.log_user() | ||||
| users_group_name = TEST_USER_GROUP + 'another' | ||||
| response = self.app.post(url('users_groups'), { | ||||
| 'users_group_name': users_group_name, | ||||
| 'user_group_description': 'DESC', | ||||
| 'active': True, | ||||
| 'csrf_token': self.csrf_token}) | ||||
| user_group_link = link_to( | ||||
| users_group_name, | ||||
| url('edit_users_group', | ||||
| user_group_id=UserGroup.get_by_group_name( | ||||
| users_group_name).users_group_id)) | ||||
| assert_session_flash( | ||||
| response, | ||||
| 'Created user group %s' % user_group_link) | ||||
| group = Session().query(UserGroup).filter( | ||||
| UserGroup.users_group_name == users_group_name).one() | ||||
| response = self.app.post( | ||||
| url('delete_users_group', user_group_id=group.users_group_id), | ||||
| params={'_method': 'delete', 'csrf_token': self.csrf_token}) | ||||
| group = Session().query(UserGroup).filter( | ||||
| UserGroup.users_group_name == users_group_name).scalar() | ||||
| assert group is None | ||||
| @pytest.mark.parametrize('repo_create, repo_create_write, user_group_create, repo_group_create, fork_create, inherit_default_permissions, expect_error, expect_form_error', [ | ||||
| ('hg.create.none', 'hg.create.write_on_repogroup.false', 'hg.usergroup.create.false', 'hg.repogroup.create.false', 'hg.fork.none', 'hg.inherit_default_perms.false', False, False), | ||||
| ('hg.create.repository', 'hg.create.write_on_repogroup.true', 'hg.usergroup.create.true', 'hg.repogroup.create.true', 'hg.fork.repository', 'hg.inherit_default_perms.false', False, False), | ||||
| ('hg.create.XXX', 'hg.create.write_on_repogroup.true', 'hg.usergroup.create.true', 'hg.repogroup.create.true', 'hg.fork.repository', 'hg.inherit_default_perms.false', False, True), | ||||
| ('', '', '', '', '', '', True, False), | ||||
| ]) | ||||
| def test_global_perms_on_group( | ||||
| self, repo_create, repo_create_write, user_group_create, | ||||
| repo_group_create, fork_create, expect_error, expect_form_error, | ||||
| inherit_default_permissions): | ||||
| self.log_user() | ||||
| users_group_name = TEST_USER_GROUP + 'another2' | ||||
| response = self.app.post(url('users_groups'), | ||||
| {'users_group_name': users_group_name, | ||||
| 'user_group_description': 'DESC', | ||||
| 'active': True, | ||||
| 'csrf_token': self.csrf_token}) | ||||
| ug = UserGroup.get_by_group_name(users_group_name) | ||||
| user_group_link = link_to( | ||||
| users_group_name, | ||||
| url('edit_users_group', user_group_id=ug.users_group_id)) | ||||
| assert_session_flash( | ||||
| response, | ||||
| 'Created user group %s' % user_group_link) | ||||
| response.follow() | ||||
| # ENABLE REPO CREATE ON A GROUP | ||||
| perm_params = { | ||||
| 'inherit_default_permissions': False, | ||||
| 'default_repo_create': repo_create, | ||||
| 'default_repo_create_on_write': repo_create_write, | ||||
| 'default_user_group_create': user_group_create, | ||||
| 'default_repo_group_create': repo_group_create, | ||||
| 'default_fork_create': fork_create, | ||||
| 'default_inherit_default_permissions': inherit_default_permissions, | ||||
| '_method': 'put', | ||||
| 'csrf_token': self.csrf_token, | ||||
| } | ||||
| response = self.app.post( | ||||
| url('edit_user_group_global_perms', | ||||
| user_group_id=ug.users_group_id), | ||||
| params=perm_params) | ||||
| if expect_form_error: | ||||
| assert response.status_int == 200 | ||||
| response.mustcontain('Value must be one of') | ||||
| else: | ||||
| if expect_error: | ||||
| msg = 'An error occurred during permissions saving' | ||||
| else: | ||||
| msg = 'User Group global permissions updated successfully' | ||||
| ug = UserGroup.get_by_group_name(users_group_name) | ||||
| del perm_params['_method'] | ||||
| del perm_params['csrf_token'] | ||||
| del perm_params['inherit_default_permissions'] | ||||
| assert perm_params == ug.get_default_perms() | ||||
| assert_session_flash(response, msg) | ||||
| fixture.destroy_user_group(users_group_name) | ||||
| def test_edit(self): | ||||
| r93 | self.log_user() | |||
| r151 | ug = fixture.create_user_group(TEST_USER_GROUP, skip_if_exists=True) | |||
| response = self.app.get( | ||||
| url('edit_users_group', user_group_id=ug.users_group_id)) | ||||
| fixture.destroy_user_group(TEST_USER_GROUP) | ||||
| r93 | ||||
| def test_edit_user_group_members(self): | ||||
| self.log_user() | ||||
| r151 | ug = fixture.create_user_group(TEST_USER_GROUP, skip_if_exists=True) | |||
| response = self.app.get( | ||||
| url('edit_user_group_members', user_group_id=ug.users_group_id)) | ||||
| r93 | response.mustcontain('No members yet') | |||
| r151 | fixture.destroy_user_group(TEST_USER_GROUP) | |||
| r1 | ||||
| def test_usergroup_escape(self): | ||||
| user = User.get_by_username('test_admin') | ||||
| user.name = '<img src="/image1" onload="alert(\'Hello, World!\');">' | ||||
| user.lastname = ( | ||||
| '<img src="/image2" onload="alert(\'Hello, World!\');">') | ||||
| Session().add(user) | ||||
| Session().commit() | ||||
| self.log_user() | ||||
| users_group_name = 'samplegroup' | ||||
| data = { | ||||
| 'users_group_name': users_group_name, | ||||
| 'user_group_description': ( | ||||
| '<strong onload="alert();">DESC</strong>'), | ||||
| 'active': True, | ||||
| 'csrf_token': self.csrf_token | ||||
| } | ||||
| response = self.app.post(url('users_groups'), data) | ||||
| response = self.app.get(url('users_groups')) | ||||
| response.mustcontain( | ||||
| '<strong onload="alert();">' | ||||
| 'DESC</strong>') | ||||
| response.mustcontain( | ||||
| '<img src="/image2" onload="' | ||||
| 'alert('Hello, World!');">') | ||||
