diff --git a/kallithea/lib/auth.py b/kallithea/lib/auth.py --- a/kallithea/lib/auth.py +++ b/kallithea/lib/auth.py @@ -559,7 +559,7 @@ class AuthUser(object): def api_keys(self): return self._get_api_keys() - def __get_perms(self, user, explicit=True, cache=False): + def __get_perms(self, user, explicit=False, cache=False): """ Fills user permission attribute with permissions taken from database works for permissions given for repositories, and for permissions that diff --git a/kallithea/tests/api/api_base.py b/kallithea/tests/api/api_base.py --- a/kallithea/tests/api/api_base.py +++ b/kallithea/tests/api/api_base.py @@ -107,6 +107,7 @@ class _BaseTestApi(object): Session().commit() cls.TEST_USER_LOGIN = cls.test_user.username cls.apikey_regular = cls.test_user.api_key + cls.default_user_username = User.get_default_user().username @classmethod def teardown_class(cls): @@ -706,15 +707,23 @@ class _BaseTestApi(object): def test_api_get_repo_by_non_admin_no_permission_to_repo(self): RepoModel().grant_user_permission(repo=self.REPO, - user=self.TEST_USER_LOGIN, + user=self.default_user_username, perm='repository.none') + try: + RepoModel().grant_user_permission(repo=self.REPO, + user=self.TEST_USER_LOGIN, + perm='repository.none') - id_, params = _build_data(self.apikey_regular, 'get_repo', - repoid=self.REPO) - response = api_call(self, params) + id_, params = _build_data(self.apikey_regular, 'get_repo', + repoid=self.REPO) + response = api_call(self, params) - expected = 'repository `%s` does not exist' % (self.REPO) - self._compare_error(id_, expected, given=response.body) + expected = 'repository `%s` does not exist' % (self.REPO) + self._compare_error(id_, expected, given=response.body) + finally: + RepoModel().grant_user_permission(repo=self.REPO, + user=self.default_user_username, + perm='repository.read') def test_api_get_repo_that_doesn_not_exist(self): id_, params = _build_data(self.apikey, 'get_repo', @@ -1355,17 +1364,22 @@ class _BaseTestApi(object): def test_api_fork_repo_non_admin_no_permission_to_fork(self): RepoModel().grant_user_permission(repo=self.REPO, - user=self.TEST_USER_LOGIN, + user=self.default_user_username, perm='repository.none') - fork_name = u'api-repo-fork' - id_, params = _build_data(self.apikey_regular, 'fork_repo', - repoid=self.REPO, - fork_name=fork_name, - ) - response = api_call(self, params) - expected = 'repository `%s` does not exist' % (self.REPO) - self._compare_error(id_, expected, given=response.body) - fixture.destroy_repo(fork_name) + try: + fork_name = u'api-repo-fork' + id_, params = _build_data(self.apikey_regular, 'fork_repo', + repoid=self.REPO, + fork_name=fork_name, + ) + response = api_call(self, params) + expected = 'repository `%s` does not exist' % (self.REPO) + self._compare_error(id_, expected, given=response.body) + finally: + RepoModel().grant_user_permission(repo=self.REPO, + user=self.default_user_username, + perm='repository.read') + fixture.destroy_repo(fork_name) @parametrize('name,perm', [ ('read', 'repository.read'), diff --git a/kallithea/tests/functional/test_forks.py b/kallithea/tests/functional/test_forks.py --- a/kallithea/tests/functional/test_forks.py +++ b/kallithea/tests/functional/test_forks.py @@ -249,9 +249,12 @@ class _BaseTestCase(TestController): response.mustcontain('
fork of vcs test
') # remove permissions + default_user = User.get_default_user() try: RepoModel().grant_user_permission(repo=forks[0], user=usr, perm='repository.none') + RepoModel().grant_user_permission(repo=forks[0], + user=default_user, perm='repository.none') Session().commit() # fork shouldn't be visible @@ -262,6 +265,8 @@ class _BaseTestCase(TestController): finally: RepoModel().grant_user_permission(repo=forks[0], user=usr, perm='repository.read') + RepoModel().grant_user_permission(repo=forks[0], + user=default_user, perm='repository.read') RepoModel().delete(repo=forks[0]) diff --git a/kallithea/tests/models/test_permissions.py b/kallithea/tests/models/test_permissions.py --- a/kallithea/tests/models/test_permissions.py +++ b/kallithea/tests/models/test_permissions.py @@ -132,29 +132,20 @@ class TestPermissions(TestController): self.ug1 = fixture.create_user_group(u'G1') UserGroupModel().add_user_to_group(self.ug1, self.u1) - # set permission to lower - new_perm = 'repository.none' - RepoModel().grant_user_permission(repo=HG_REPO, user=self.u1, perm=new_perm) + # set user permission none + RepoModel().grant_user_permission(repo=HG_REPO, user=self.u1, perm='repository.none') Session().commit() u1_auth = AuthUser(user_id=self.u1.user_id) - assert u1_auth.permissions['repositories'][HG_REPO] == new_perm + assert u1_auth.permissions['repositories'][HG_REPO] == 'repository.read' # inherit from default user - # grant perm for group this should not override permission from user - # since it has explicitly set - new_perm_gr = 'repository.write' + # grant perm for group this should override permission from user RepoModel().grant_user_group_permission(repo=HG_REPO, group_name=self.ug1, - perm=new_perm_gr) - # check perms + perm='repository.write') + + # verify that user group permissions win u1_auth = AuthUser(user_id=self.u1.user_id) - perms = { - 'repositories_groups': {}, - 'global': set(['hg.create.repository', 'repository.read', - 'hg.register.manual_activate']), - 'repositories': {HG_REPO: 'repository.read'} - } - assert u1_auth.permissions['repositories'][HG_REPO] == new_perm - assert u1_auth.permissions['repositories_groups'] == perms['repositories_groups'] + assert u1_auth.permissions['repositories'][HG_REPO] == 'repository.write' def test_propagated_permission_from_users_group(self): # make group