Changeset - 50e370c70f09
Parent rev.
Child rev.
[Not reviewed]
default
0 6 0
Mads Kiilerich - 9 years ago 2016-08-04 14:23:36
madski@unity3d.com
routing: use POST to 'edit_user_perms_update' instead of PUT
6 files changed with 25 insertions and 27 deletions:
kallithea/config/routing.py
4
4
kallithea/templates/admin/user_groups/user_group_edit_default_perms.html
1
1
kallithea/templates/admin/users/user_edit_perms.html
1
1
kallithea/templates/base/default_perms_box.html
1
1
kallithea/tests/functional/test_admin_user_groups.py
8
8
kallithea/tests/functional/test_admin_users.py
10
12
0 comments (0 inline, 0 general)
kallithea/config/routing.py
Show inline comments
 
@@ -104,231 +104,231 @@ def make_map(config):
 
    rmap.connect('repo_switcher_data', '/_repos', controller='home',
 
                 action='repo_switcher_data')
 

			




	
	
	
		
 
    rmap.connect('rst_help',

			




	
	
	
		
 
                 "http://docutils.sourceforge.net/docs/user/rst/quickref.html",

			




	
	
	
		
 
                 _static=True)

			




	
	
	
		
 
    rmap.connect('kallithea_project_url', "https://kallithea-scm.org/", _static=True)

			




	
	
	
		
 
    rmap.connect('issues_url', 'https://bitbucket.org/conservancy/kallithea/issues', _static=True)

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN REPOSITORY ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/repos') as m:

			




	
	
	
		
 
        m.connect("repos", "/repos",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("repos", "/repos",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_repo", "/create_repository",

			




	
	
	
		
 
                  action="create_repository", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("update_repo", "/repos/{repo_name:.*?}",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"],

			




	
	
	
		
 
                  function=check_repo))

			




	
	
	
		
 
        m.connect("delete_repo", "/repos/{repo_name:.*?}/delete",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN REPOSITORY GROUPS ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/repo_groups') as m:

			




	
	
	
		
 
        m.connect("repos_groups", "/repo_groups",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("repos_groups", "/repo_groups",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_repos_group", "/repo_groups/new",

			




	
	
	
		
 
                  action="new", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("update_repos_group", "/repo_groups/{group_name:.*?}",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"],

			




	
	
	
		
 
                                                   function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("repos_group", "/repo_groups/{group_name:.*?}",

			




	
	
	
		
 
                  action="show", conditions=dict(method=["GET"],

			




	
	
	
		
 
                                                 function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        #EXTRAS REPO GROUP ROUTES

			




	
	
	
		
 
        m.connect("edit_repo_group", "/repo_groups/{group_name:.*?}/edit",

			




	
	
	
		
 
                  action="edit",

			




	
	
	
		
 
                  conditions=dict(method=["GET"], function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_repo_group_advanced", "/repo_groups/{group_name:.*?}/edit/advanced",

			




	
	
	
		
 
                  action="edit_repo_group_advanced",

			




	
	
	
		
 
                  conditions=dict(method=["GET"], function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_repo_group_perms", "/repo_groups/{group_name:.*?}/edit/permissions",

			




	
	
	
		
 
                  action="edit_repo_group_perms",

			




	
	
	
		
 
                  conditions=dict(method=["GET"], function=check_group))

			




	
	
	
		
 
        m.connect("edit_repo_group_perms_update", "/repo_groups/{group_name:.*?}/edit/permissions",

			




	
	
	
		
 
                  action="update_perms",

			




	
	
	
		
 
                  conditions=dict(method=["POST"], function=check_group))

			




	
	
	
		
 
        m.connect("edit_repo_group_perms_delete", "/repo_groups/{group_name:.*?}/edit/permissions/delete",

			




	
	
	
		
 
                  action="delete_perms",

			




	
	
	
		
 
                  conditions=dict(method=["POST"], function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("delete_repo_group", "/repo_groups/{group_name:.*?}/delete",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["POST"],

			




	
	
	
		
 
                                                   function=check_group_skip_path))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN USER ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/users') as m:

			




	
	
	
		
 
        m.connect("users", "/users",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("users", "/users",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("formatted_users", "/users.{format}",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_user", "/users/new",

			




	
	
	
		
 
                  action="new", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("update_user", "/users/{id}",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("delete_user", "/users/{id}/delete",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user", "/users/{id}/edit",

			




	
	
	
		
 
                  action="edit", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        #EXTRAS USER ROUTES

			




	
	
	
		
 
        m.connect("edit_user_advanced", "/users/{id}/edit/advanced",

			




	
	
	
		
 
                  action="edit_advanced", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_api_keys", "/users/{id}/edit/api_keys",

			




	
	
	
		
 
                  action="edit_api_keys", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_api_keys", "/users/{id}/edit/api_keys",

			




	
	
	
		
 
                  action="add_api_key", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user_api_keys_delete", "/users/{id}/edit/api_keys/delete",

			




	
	
	
		
 
                  action="delete_api_key", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_perms", "/users/{id}/edit/permissions",

			




	
	
	
		
 
                  action="edit_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_perms", "/users/{id}/edit/permissions",

			




	
	
	
		
 
                  action="update_perms", conditions=dict(method=["PUT"]))

			




	
	
	
		
 
        m.connect("edit_user_perms_update", "/users/{id}/edit/permissions",

			




	
	
	
		
 
                  action="update_perms", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_emails", "/users/{id}/edit/emails",

			




	
	
	
		
 
                  action="edit_emails", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_emails_update", "/users/{id}/edit/emails",

			




	
	
	
		
 
                  action="add_email", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user_emails_delete", "/users/{id}/edit/emails/delete",

			




	
	
	
		
 
                  action="delete_email", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_ips", "/users/{id}/edit/ips",

			




	
	
	
		
 
                  action="edit_ips", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_ips_update", "/users/{id}/edit/ips",

			




	
	
	
		
 
                  action="add_ip", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user_ips_delete", "/users/{id}/edit/ips/delete",

			




	
	
	
		
 
                  action="delete_ip", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN USER GROUPS REST ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/user_groups') as m:

			




	
	
	
		
 
        m.connect("users_groups", "/user_groups",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("users_groups", "/user_groups",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_users_group", "/user_groups/new",

			




	
	
	
		
 
                  action="new", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("update_users_group", "/user_groups/{id}",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("delete_users_group", "/user_groups/{id}/delete",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_users_group", "/user_groups/{id}/edit",

			




	
	
	
		
 
                  action="edit", conditions=dict(method=["GET"]),

			




	
	
	
		
 
                  function=check_user_group)

			




	
	
	
		
 

			




	
	
	
		
 
        #EXTRAS USER GROUP ROUTES

			




	
	
	
		
 
        m.connect("edit_user_group_default_perms", "/user_groups/{id}/edit/default_perms",

			




	
	
	
		
 
                  action="edit_default_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_group_default_perms", "/user_groups/{id}/edit/default_perms",

			




	
	
	
		
 
                  action="update_default_perms", conditions=dict(method=["PUT"]))

			




	
	
	
		
 
        m.connect("edit_user_group_default_perms_update", "/user_groups/{id}/edit/default_perms",

			




	
	
	
		
 
                  action="update_default_perms", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_group_perms", "/user_groups/{id}/edit/perms",

			




	
	
	
		
 
                  action="edit_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_group_perms_update", "/user_groups/{id}/edit/perms",

			




	
	
	
		
 
                  action="update_perms", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user_group_perms_delete", "/user_groups/{id}/edit/perms/delete",

			




	
	
	
		
 
                  action="delete_perms", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_group_advanced", "/user_groups/{id}/edit/advanced",

			




	
	
	
		
 
                  action="edit_advanced", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_group_members", "/user_groups/{id}/edit/members",

			




	
	
	
		
 
                  action="edit_members", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN PERMISSIONS ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/permissions') as m:

			




	
	
	
		
 
        m.connect("admin_permissions", "/permissions",

			




	
	
	
		
 
                  action="permission_globals", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_permissions", "/permissions",

			




	
	
	
		
 
                  action="permission_globals", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_permissions_ips", "/permissions/ips",

			




	
	
	
		
 
                  action="permission_ips", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_permissions_perms", "/permissions/perms",

			




	
	
	
		
 
                  action="permission_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN DEFAULTS ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/defaults') as m:

			




	
	
	
		
 
        m.connect('defaults', 'defaults',

			




	
	
	
		
 
                  action="index")

			




	
	
	
		
 
        m.connect('defaults_update', 'defaults/{id}/update',

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN AUTH SETTINGS

			




	
	
	
		
 
    rmap.connect('auth_settings', '%s/auth' % ADMIN_PREFIX,

			




	
	
	
		
 
                 controller='admin/auth_settings', action='auth_settings',

			




	
	
	
		
 
                 conditions=dict(method=["POST"]))

			




	
	
	
		
 
    rmap.connect('auth_home', '%s/auth' % ADMIN_PREFIX,

			




	
	
	
		
 
                 controller='admin/auth_settings')

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN SETTINGS ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/settings') as m:

			




	
	
	
		
 
        m.connect("admin_settings", "/settings",

			




	
	
	
		
 
                  action="settings_vcs", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings", "/settings",

			




	
	
	
		
 
                  action="settings_vcs", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_mapping", "/settings/mapping",

			




	
	
	
		
 
                  action="settings_mapping", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_mapping", "/settings/mapping",

			




	
	
	
		
 
                  action="settings_mapping", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_global", "/settings/global",

			




	
	
	
		
 
                  action="settings_global", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_global", "/settings/global",

			




	
	
	
		
 
                  action="settings_global", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_visual", "/settings/visual",

			




	
	
	
		
 
                  action="settings_visual", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_visual", "/settings/visual",

			




	
	
	
		
 
                  action="settings_visual", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_email", "/settings/email",

			




	
	
	
		
 
                  action="settings_email", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_email", "/settings/email",

			




	
	
	
		
 
                  action="settings_email", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_hooks", "/settings/hooks",

			




	
	
	
		
 
                  action="settings_hooks", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_hooks_delete", "/settings/hooks/delete",

			




	
	
	
		
 
                  action="settings_hooks", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_hooks", "/settings/hooks",

			




	
	
	
		
 
                  action="settings_hooks", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_search", "/settings/search",

			




	
	
	
		
 
                  action="settings_search", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_search", "/settings/search",

			




	
	
	
		
 
                  action="settings_search", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_system", "/settings/system",

			




	
	
	
		
 
                  action="settings_system", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_system", "/settings/system",

			




	
	
	
		
 
                  action="settings_system", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("admin_settings_system_update", "/settings/system/updates",

			




	
	
	
		
 
                  action="settings_system_update", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN MY ACCOUNT

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




        

    


    
    

    

        

                

                    kallithea/templates/admin/user_groups/user_group_edit_default_perms.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
<%namespace name="dpb" file="/base/default_perms_box.html"/>

			




	
	
	
		
 
${dpb.default_perms_box(url('edit_user_group_default_perms', id=c.user_group.users_group_id))}

			




	
	
	
		
 
${dpb.default_perms_box(url('edit_user_group_default_perms_update', id=c.user_group.users_group_id))}

			




	
	
	
		
 

			




	
	
	
		
 
## permissions overview

			




	
	
	
		
 
<%namespace name="p" file="/base/perms_summary.html"/>

			




	
	
	
		
 
${p.perms_summary(c.permissions)}

			




        

    


    
    

    

        

                

                    kallithea/templates/admin/users/user_edit_perms.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
<%namespace name="dpb" file="/base/default_perms_box.html"/>

			




	
	
	
		
 
${dpb.default_perms_box(url('edit_user_perms', id=c.user.user_id))}

			




	
	
	
		
 
${dpb.default_perms_box(url('edit_user_perms_update', id=c.user.user_id))}

			




	
	
	
		
 

			




	
	
	
		
 
## permissions overview

			




	
	
	
		
 
<%namespace name="p" file="/base/perms_summary.html"/>

			




	
	
	
		
 
${p.perms_summary(c.perm_user.permissions, show_all=True)}

			




        

    


    
    

    

        

                

                    kallithea/templates/base/default_perms_box.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
## snippet for displaying default permission box

			




	
	
	
		
 
## usage:

			




	
	
	
		
 
##    <%namespace name="dpb" file="/base/default_perms_box.html"/>

			




	
	
	
		
 
##    ${dpb.default_perms_box(<url_to_form>)}

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
<%def name="default_perms_box(form_url)">

			




	
	
	
		
 
${h.form(form_url, method='put')}

			




	
	
	
		
 
${h.form(form_url)}

			




	
	
	
		
 
    <div class="form">

			




	
	
	
		
 
        <!-- fields -->

			




	
	
	
		
 
        <div class="fields">

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label label-checkbox">

			




	
	
	
		
 
                    <label for="inherit_default_permissions">${_('Inherit defaults')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="checkboxes">

			




	
	
	
		
 
                    ${h.checkbox('inherit_default_permissions',value=True)}

			




	
	
	
		
 
                    <span class="help-block">

			




	
	
	
		
 
                    ${h.literal(_('Select to inherit global settings, IP whitelist and permissions from the %s.')

			




	
	
	
		
 
                                % h.link_to('default permissions', url('admin_permissions')))}

			




	
	
	
		
 
                    </span>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div id="inherit_overlay">

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label label-checkbox">

			




	
	
	
		
 
                    <label for="create_repo_perm">${_('Create repositories')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="checkboxes">

			




	
	
	
		
 
                    ${h.checkbox('create_repo_perm',value=True)}

			




	
	
	
		
 
                    <span class="help-block">

			




	
	
	
		
 
                    ${h.literal(_('Select this option to allow repository creation for this user'))}

			




	
	
	
		
 
                    </span>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label label-checkbox">

			




	
	
	
		
 
                    <label for="create_user_group_perm">${_('Create user groups')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="checkboxes">

			




	
	
	
		
 
                    ${h.checkbox('create_user_group_perm',value=True)}

			




	
	
	
		
 
                    <span class="help-block">

			




	
	
	
		
 
                        ${h.literal(_('Select this option to allow user group creation for this user'))}

			




	
	
	
		
 
                    </span>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label label-checkbox">

			




	
	
	
		
 
                    <label for="fork_repo_perm">${_('Fork repositories')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="checkboxes">

			




	
	
	
		
 
                    ${h.checkbox('fork_repo_perm',value=True)}

			




	
	
	
		
 
                    <span class="help-block">

			




	
	
	
		
 
                        ${h.literal(_('Select this option to allow repository forking for this user'))}

			




	
	
	
		
 
                    </span>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
            </div>

			




	
	
	
		
 
            <div class="buttons">

			




	
	
	
		
 
              ${h.submit('save',_('Save'),class_="btn")}

			




	
	
	
		
 
              ${h.reset('reset',_('Reset'),class_="btn")}

			




	
	
	
		
 
            </div>

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
    </div>

			




	
	
	
		
 
${h.end_form()}

			




	
	
	
		
 

			




	
	
	
		
 
## JS

			




	
	
	
		
 
<script>

			




	
	
	
		
 
$(document).ready(function(e){

			




	
	
	
		
 
    var show_custom_perms = function(inherit_default){

			




	
	
	
		
 
        if(inherit_default){

			




	
	
	
		
 
            $('#inherit_overlay').hide();

			




	
	
	
		
 
        }else{

			




	
	
	
		
 
            $('#inherit_overlay').show();

			




	
	
	
		
 
        }

			




	
	
	
		
 
    };

			




	
	
	
		
 

			




	
	
	
		
 
    show_custom_perms($('#inherit_default_permissions').prop('checked'));

			




	
	
	
		
 
    $('#inherit_default_permissions').change(function(){

			




	
	
	
		
 
        show_custom_perms($('#inherit_default_permissions').prop('checked'));

			




	
	
	
		
 
    });

			




	
	
	
		
 
});

			




	
	
	
		
 
</script>

			




	
	
	
		
 

			




	
	
	
		
 
</%def>

			




        

    


    
    

    

        

                

                    kallithea/tests/functional/test_admin_user_groups.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
# -*- coding: utf-8 -*-

			




	
	
	
		
 
from kallithea.tests import *

			




	
	
	
		
 
from kallithea.model.db import UserGroup, UserGroupToPerm, Permission

			




	
	
	
		
 
from kallithea.model.meta import Session

			




	
	
	
		
 

			




	
	
	
		
 
TEST_USER_GROUP = u'admins_test'

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class TestAdminUsersGroupsController(TestController):

			




	
	
	
		
 

			




	
	
	
		
 
    def test_index(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        response = self.app.get(url('users_groups'))

			




	
	
	
		
 
        # Test response...

			




	
	
	
		
 

			




	
	
	
		
 
    def test_create(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        users_group_name = TEST_USER_GROUP

			




	
	
	
		
 
        response = self.app.post(url('users_groups'),

			




	
	
	
		
 
                                 {'users_group_name': users_group_name,

			




	
	
	
		
 
                                  'user_group_description': u'DESC',

			




	
	
	
		
 
                                  'active': True,

			




	
	
	
		
 
                                  '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        response.follow()

			




	
	
	
		
 

			




	
	
	
		
 
        self.checkSessionFlash(response,

			




	
	
	
		
 
                               'Created user group <a href="/_admin/user_groups/')

			




	
	
	
		
 
        self.checkSessionFlash(response,

			




	
	
	
		
 
                               '/edit">%s</a>' % TEST_USER_GROUP)

			




	
	
	
		
 

			




	
	
	
		
 
    def test_new(self):

			




	
	
	
		
 
        response = self.app.get(url('new_users_group'))

			




	
	
	
		
 

			




	
	
	
		
 
    def test_update(self):

			




	
	
	
		
 
        response = self.app.post(url('update_users_group', id=1), status=403)

			




	
	
	
		
 

			




	
	
	
		
 
    def test_update_browser_fakeout(self):

			




	
	
	
		
 
        response = self.app.post(url('update_users_group', id=1),

			




	
	
	
		
 
                                 params=dict(_authentication_token=self.authentication_token()))

			




	
	
	
		
 

			




	
	
	
		
 
    def test_delete(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        users_group_name = TEST_USER_GROUP + 'another'

			




	
	
	
		
 
        response = self.app.post(url('users_groups'),

			




	
	
	
		
 
                                 {'users_group_name':users_group_name,

			




	
	
	
		
 
                                  'user_group_description': u'DESC',

			




	
	
	
		
 
                                  'active': True,

			




	
	
	
		
 
                                  '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        response.follow()

			




	
	
	
		
 

			




	
	
	
		
 
        self.checkSessionFlash(response,

			




	
	
	
		
 
                               'Created user group ')

			




	
	
	
		
 

			




	
	
	
		
 
        gr = Session().query(UserGroup) \

			




	
	
	
		
 
            .filter(UserGroup.users_group_name == users_group_name).one()

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('delete_users_group', id=gr.users_group_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 

			




	
	
	
		
 
        gr = Session().query(UserGroup) \

			




	
	
	
		
 
            .filter(UserGroup.users_group_name == users_group_name).scalar()

			




	
	
	
		
 

			




	
	
	
		
 
        assert gr == None

			




	
	
	
		
 

			




	
	
	
		
 
    def test_default_perms_enable_repository_read_on_group(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        users_group_name = TEST_USER_GROUP + 'another2'

			




	
	
	
		
 
        response = self.app.post(url('users_groups'),

			




	
	
	
		
 
                                 {'users_group_name': users_group_name,

			




	
	
	
		
 
                                  'user_group_description': u'DESC',

			




	
	
	
		
 
                                  'active': True,

			




	
	
	
		
 
                                  '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        response.follow()

			




	
	
	
		
 

			




	
	
	
		
 
        ug = UserGroup.get_by_group_name(users_group_name)

			




	
	
	
		
 
        self.checkSessionFlash(response,

			




	
	
	
		
 
                               'Created user group ')

			




	
	
	
		
 
        ## ENABLE REPO CREATE ON A GROUP

			




	
	
	
		
 
        response = self.app.put(url('edit_user_group_default_perms',

			




	
	
	
		
 
                                    id=ug.users_group_id),

			




	
	
	
		
 
        response = self.app.post(url('edit_user_group_default_perms_update',

			




	
	
	
		
 
                                     id=ug.users_group_id),

			




	
	
	
		
 
                                 {'create_repo_perm': True,

			




	
	
	
		
 
                                  '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        response.follow()

			




	
	
	
		
 
        ug = UserGroup.get_by_group_name(users_group_name)

			




	
	
	
		
 
        p = Permission.get_by_key('hg.create.repository')

			




	
	
	
		
 
        p2 = Permission.get_by_key('hg.usergroup.create.false')

			




	
	
	
		
 
        p3 = Permission.get_by_key('hg.fork.none')

			




	
	
	
		
 
        # check if user has this perms, they should be here since

			




	
	
	
		
 
        # defaults are on

			




	
	
	
		
 
        perms = UserGroupToPerm.query() \

			




	
	
	
		
 
            .filter(UserGroupToPerm.users_group == ug).all()

			




	
	
	
		
 

			




	
	
	
		
 
        assert sorted([[x.users_group_id, x.permission_id, ] for x in perms]) == sorted([[ug.users_group_id, p.permission_id],

			




	
	
	
		
 
                    [ug.users_group_id, p2.permission_id],

			




	
	
	
		
 
                    [ug.users_group_id, p3.permission_id]])

			




	
	
	
		
 

			




	
	
	
		
 
        ## DISABLE REPO CREATE ON A GROUP

			




	
	
	
		
 
        response = self.app.put(

			




	
	
	
		
 
            url('edit_user_group_default_perms', id=ug.users_group_id),

			




	
	
	
		
 
        response = self.app.post(

			




	
	
	
		
 
            url('edit_user_group_default_perms_update', id=ug.users_group_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 

			




	
	
	
		
 
        response.follow()

			




	
	
	
		
 
        ug = UserGroup.get_by_group_name(users_group_name)

			




	
	
	
		
 
        p = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
        p2 = Permission.get_by_key('hg.usergroup.create.false')

			




	
	
	
		
 
        p3 = Permission.get_by_key('hg.fork.none')

			




	
	
	
		
 

			




	
	
	
		
 
        # check if user has this perms, they should be here since

			




	
	
	
		
 
        # defaults are on

			




	
	
	
		
 
        perms = UserGroupToPerm.query() \

			




	
	
	
		
 
            .filter(UserGroupToPerm.users_group == ug).all()

			




	
	
	
		
 

			




	
	
	
		
 
        assert sorted([[x.users_group_id, x.permission_id, ] for x in perms]) == sorted([[ug.users_group_id, p.permission_id],

			




	
	
	
		
 
                    [ug.users_group_id, p2.permission_id],

			




	
	
	
		
 
                    [ug.users_group_id, p3.permission_id]])

			




	
	
	
		
 

			




	
	
	
		
 
        # DELETE !

			




	
	
	
		
 
        ug = UserGroup.get_by_group_name(users_group_name)

			




	
	
	
		
 
        ugid = ug.users_group_id

			




	
	
	
		
 
        response = self.app.post(url('delete_users_group', id=ug.users_group_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        response = response.follow()

			




	
	
	
		
 
        gr = Session().query(UserGroup) \

			




	
	
	
		
 
            .filter(UserGroup.users_group_name == users_group_name).scalar()

			




	
	
	
		
 

			




	
	
	
		
 
        assert gr == None

			




	
	
	
		
 
        p = Permission.get_by_key('hg.create.repository')

			




	
	
	
		
 
        perms = UserGroupToPerm.query() \

			




	
	
	
		
 
            .filter(UserGroupToPerm.users_group_id == ugid).all()

			




	
	
	
		
 
        perms = [[x.users_group_id,

			




	
	
	
		
 
                  x.permission_id, ] for x in perms]

			




	
	
	
		
 
        assert perms == []

			




	
	
	
		
 

			




	
	
	
		
 
    def test_default_perms_enable_repository_fork_on_group(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        users_group_name = TEST_USER_GROUP + 'another2'

			




	
	
	
		
 
        response = self.app.post(url('users_groups'),

			




	
	
	
		
 
                                 {'users_group_name': users_group_name,

			




	
	
	
		
 
                                  'user_group_description': u'DESC',

			




	
	
	
		
 
                                  'active': True,

			




	
	
	
		
 
                                  '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        response.follow()

			




	
	
	
		
 

			




	
	
	
		
 
        ug = UserGroup.get_by_group_name(users_group_name)

			




	
	
	
		
 
        self.checkSessionFlash(response,

			




	
	
	
		
 
                               'Created user group ')

			




	
	
	
		
 
        ## ENABLE REPO CREATE ON A GROUP

			




	
	
	
		
 
        response = self.app.put(url('edit_user_group_default_perms',

			




	
	
	
		
 
                                    id=ug.users_group_id),

			




	
	
	
		
 
                                {'fork_repo_perm': True, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        response = self.app.post(url('edit_user_group_default_perms_update',

			




	
	
	
		
 
                                     id=ug.users_group_id),

			




	
	
	
		
 
                                 {'fork_repo_perm': True, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 

			




	
	
	
		
 
        response.follow()

			




	
	
	
		
 
        ug = UserGroup.get_by_group_name(users_group_name)

			




	
	
	
		
 
        p = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
        p2 = Permission.get_by_key('hg.usergroup.create.false')

			




	
	
	
		
 
        p3 = Permission.get_by_key('hg.fork.repository')

			




	
	
	
		
 
        # check if user has this perms, they should be here since

			




	
	
	
		
 
        # defaults are on

			




	
	
	
		
 
        perms = UserGroupToPerm.query() \

			




	
	
	
		
 
            .filter(UserGroupToPerm.users_group == ug).all()

			




	
	
	
		
 

			




	
	
	
		
 
        assert sorted([[x.users_group_id, x.permission_id, ] for x in perms]) == sorted([[ug.users_group_id, p.permission_id],

			




	
	
	
		
 
                    [ug.users_group_id, p2.permission_id],

			




	
	
	
		
 
                    [ug.users_group_id, p3.permission_id]])

			




	
	
	
		
 

			




	
	
	
		
 
        ## DISABLE REPO CREATE ON A GROUP

			




	
	
	
		
 
        response = self.app.put(url('edit_user_group_default_perms', id=ug.users_group_id),

			




	
	
	
		
 
        response = self.app.post(url('edit_user_group_default_perms_update', id=ug.users_group_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 

			




	
	
	
		
 
        response.follow()

			




	
	
	
		
 
        ug = UserGroup.get_by_group_name(users_group_name)

			




	
	
	
		
 
        p = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
        p2 = Permission.get_by_key('hg.usergroup.create.false')

			




	
	
	
		
 
        p3 = Permission.get_by_key('hg.fork.none')

			




	
	
	
		
 
        # check if user has this perms, they should be here since

			




	
	
	
		
 
        # defaults are on

			




	
	
	
		
 
        perms = UserGroupToPerm.query() \

			




	
	
	
		
 
            .filter(UserGroupToPerm.users_group == ug).all()

			




	
	
	
		
 

			




	
	
	
		
 
        assert sorted([[x.users_group_id, x.permission_id, ] for x in perms]) == sorted([[ug.users_group_id, p.permission_id],

			




	
	
	
		
 
                    [ug.users_group_id, p2.permission_id],

			




	
	
	
		
 
                    [ug.users_group_id, p3.permission_id]])

			




	
	
	
		
 

			




	
	
	
		
 
        # DELETE !

			




	
	
	
		
 
        ug = UserGroup.get_by_group_name(users_group_name)

			




	
	
	
		
 
        ugid = ug.users_group_id

			




	
	
	
		
 
        response = self.app.post(url('delete_users_group', id=ug.users_group_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        response = response.follow()

			




	
	
	
		
 
        gr = Session().query(UserGroup) \

			




	
	
	
		
 
                           .filter(UserGroup.users_group_name ==

			




	
	
	
		
 
                                   users_group_name).scalar()

			




	
	
	
		
 

			




	
	
	
		
 
        assert gr == None

			




	
	
	
		
 
        p = Permission.get_by_key('hg.fork.repository')

			




	
	
	
		
 
        perms = UserGroupToPerm.query() \

			




	
	
	
		
 
            .filter(UserGroupToPerm.users_group_id == ugid).all()

			




	
	
	
		
 
        perms = [[x.users_group_id,

			




	
	
	
		
 
                  x.permission_id, ] for x in perms]

			




	
	
	
		
 
        assert perms == []

			




	
	
	
		
 

			




	
	
	
		
 
    def test_delete_browser_fakeout(self):

			




	
	
	
		
 
        response = self.app.post(url('delete_users_group', id=1),

			




	
	
	
		
 
                                 params=dict(_authentication_token=self.authentication_token()))

			




        

    


    
    

    

        

                

                    kallithea/tests/functional/test_admin_users.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -185,285 +185,283 @@ class TestAdminUsersController(TestContr

			




	
	
	
		
 
        fixture.create_repo(name=reponame, cur_user=username)

			




	
	
	
		
 

			




	
	
	
		
 
        new_user = Session().query(User) \

			




	
	
	
		
 
            .filter(User.username == username).one()

			




	
	
	
		
 
        response = self.app.post(url('delete_user', id=new_user.user_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'User "%s" still '

			




	
	
	
		
 
                               'owns 1 repositories and cannot be removed. '

			




	
	
	
		
 
                               'Switch owners or remove those repositories: '

			




	
	
	
		
 
                               '%s' % (username, reponame))

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('delete_repo', repo_name=reponame),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'Deleted repository %s' % reponame)

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('delete_user', id=new_user.user_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'Successfully deleted user')

			




	
	
	
		
 

			




	
	
	
		
 
    def test_delete_repo_group_err(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        username = 'repogrouperr'

			




	
	
	
		
 
        groupname = u'repogroup_fail'

			




	
	
	
		
 

			




	
	
	
		
 
        fixture.create_user(name=username)

			




	
	
	
		
 
        fixture.create_repo_group(name=groupname, cur_user=username)

			




	
	
	
		
 

			




	
	
	
		
 
        new_user = Session().query(User) \

			




	
	
	
		
 
            .filter(User.username == username).one()

			




	
	
	
		
 
        response = self.app.post(url('delete_user', id=new_user.user_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'User "%s" still '

			




	
	
	
		
 
                               'owns 1 repository groups and cannot be removed. '

			




	
	
	
		
 
                               'Switch owners or remove those repository groups: '

			




	
	
	
		
 
                               '%s' % (username, groupname))

			




	
	
	
		
 

			




	
	
	
		
 
        # Relevant _if_ the user deletion succeeded to make sure we can render groups without owner

			




	
	
	
		
 
        # rg = RepoGroup.get_by_group_name(group_name=groupname)

			




	
	
	
		
 
        # response = self.app.get(url('repos_groups', id=rg.group_id))

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('delete_repo_group', group_name=groupname),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'Removed repository group %s' % groupname)

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('delete_user', id=new_user.user_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'Successfully deleted user')

			




	
	
	
		
 

			




	
	
	
		
 
    def test_delete_user_group_err(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        username = 'usergrouperr'

			




	
	
	
		
 
        groupname = u'usergroup_fail'

			




	
	
	
		
 

			




	
	
	
		
 
        fixture.create_user(name=username)

			




	
	
	
		
 
        ug = fixture.create_user_group(name=groupname, cur_user=username)

			




	
	
	
		
 

			




	
	
	
		
 
        new_user = Session().query(User) \

			




	
	
	
		
 
            .filter(User.username == username).one()

			




	
	
	
		
 
        response = self.app.post(url('delete_user', id=new_user.user_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'User "%s" still '

			




	
	
	
		
 
                               'owns 1 user groups and cannot be removed. '

			




	
	
	
		
 
                               'Switch owners or remove those user groups: '

			




	
	
	
		
 
                               '%s' % (username, groupname))

			




	
	
	
		
 

			




	
	
	
		
 
        # TODO: why do this fail?

			




	
	
	
		
 
        #response = self.app.delete(url('delete_users_group', id=groupname))

			




	
	
	
		
 
        #self.checkSessionFlash(response, 'Removed user group %s' % groupname)

			




	
	
	
		
 

			




	
	
	
		
 
        fixture.destroy_user_group(ug.users_group_id)

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('delete_user', id=new_user.user_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'Successfully deleted user')

			




	
	
	
		
 

			




	
	
	
		
 
    def test_edit(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_ADMIN_LOGIN)

			




	
	
	
		
 
        response = self.app.get(url('edit_user', id=user.user_id))

			




	
	
	
		
 

			




	
	
	
		
 
    def test_add_perm_create_repo(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        perm_none = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
        perm_create = Permission.get_by_key('hg.create.repository')

			




	
	
	
		
 

			




	
	
	
		
 
        user = UserModel().create_or_update(username='dummy', password='qwe',

			




	
	
	
		
 
                                            email='dummy', firstname=u'a',

			




	
	
	
		
 
                                            lastname=u'b')

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        uid = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            assert UserModel().has_perm(user, perm_none) == False

			




	
	
	
		
 
            assert UserModel().has_perm(user, perm_create) == False

			




	
	
	
		
 

			




	
	
	
		
 
            response = self.app.post(url('edit_user_perms', id=uid),

			




	
	
	
		
 
                                     params=dict(_method='put',

			




	
	
	
		
 
                                                 create_repo_perm=True,

			




	
	
	
		
 
            response = self.app.post(url('edit_user_perms_update', id=uid),

			




	
	
	
		
 
                                     params=dict(create_repo_perm=True,

			




	
	
	
		
 
                                                 _authentication_token=self.authentication_token()))

			




	
	
	
		
 

			




	
	
	
		
 
            perm_none = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
            perm_create = Permission.get_by_key('hg.create.repository')

			




	
	
	
		
 

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            assert UserModel().has_perm(uid, perm_none) == False

			




	
	
	
		
 
            assert UserModel().has_perm(uid, perm_create) == True

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            UserModel().delete(uid)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_revoke_perm_create_repo(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        perm_none = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
        perm_create = Permission.get_by_key('hg.create.repository')

			




	
	
	
		
 

			




	
	
	
		
 
        user = UserModel().create_or_update(username='dummy', password='qwe',

			




	
	
	
		
 
                                            email='dummy', firstname=u'a',

			




	
	
	
		
 
                                            lastname=u'b')

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        uid = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            assert UserModel().has_perm(user, perm_none) == False

			




	
	
	
		
 
            assert UserModel().has_perm(user, perm_create) == False

			




	
	
	
		
 

			




	
	
	
		
 
            response = self.app.post(url('edit_user_perms', id=uid),

			




	
	
	
		
 
                                     params=dict(_method='put', _authentication_token=self.authentication_token()))

			




	
	
	
		
 
            response = self.app.post(url('edit_user_perms_update', id=uid),

			




	
	
	
		
 
                                     params=dict(_authentication_token=self.authentication_token()))

			




	
	
	
		
 

			




	
	
	
		
 
            perm_none = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
            perm_create = Permission.get_by_key('hg.create.repository')

			




	
	
	
		
 

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            assert UserModel().has_perm(uid, perm_none) == True

			




	
	
	
		
 
            assert UserModel().has_perm(uid, perm_create) == False

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            UserModel().delete(uid)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_add_perm_fork_repo(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        perm_none = Permission.get_by_key('hg.fork.none')

			




	
	
	
		
 
        perm_fork = Permission.get_by_key('hg.fork.repository')

			




	
	
	
		
 

			




	
	
	
		
 
        user = UserModel().create_or_update(username='dummy', password='qwe',

			




	
	
	
		
 
                                            email='dummy', firstname=u'a',

			




	
	
	
		
 
                                            lastname=u'b')

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        uid = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            assert UserModel().has_perm(user, perm_none) == False

			




	
	
	
		
 
            assert UserModel().has_perm(user, perm_fork) == False

			




	
	
	
		
 

			




	
	
	
		
 
            response = self.app.post(url('edit_user_perms', id=uid),

			




	
	
	
		
 
                                     params=dict(_method='put',

			




	
	
	
		
 
                                                 create_repo_perm=True,

			




	
	
	
		
 
            response = self.app.post(url('edit_user_perms_update', id=uid),

			




	
	
	
		
 
                                     params=dict(create_repo_perm=True,

			




	
	
	
		
 
                                                 _authentication_token=self.authentication_token()))

			




	
	
	
		
 

			




	
	
	
		
 
            perm_none = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
            perm_create = Permission.get_by_key('hg.create.repository')

			




	
	
	
		
 

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            assert UserModel().has_perm(uid, perm_none) == False

			




	
	
	
		
 
            assert UserModel().has_perm(uid, perm_create) == True

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            UserModel().delete(uid)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_revoke_perm_fork_repo(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        perm_none = Permission.get_by_key('hg.fork.none')

			




	
	
	
		
 
        perm_fork = Permission.get_by_key('hg.fork.repository')

			




	
	
	
		
 

			




	
	
	
		
 
        user = UserModel().create_or_update(username='dummy', password='qwe',

			




	
	
	
		
 
                                            email='dummy', firstname=u'a',

			




	
	
	
		
 
                                            lastname=u'b')

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        uid = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            assert UserModel().has_perm(user, perm_none) == False

			




	
	
	
		
 
            assert UserModel().has_perm(user, perm_fork) == False

			




	
	
	
		
 

			




	
	
	
		
 
            response = self.app.post(url('edit_user_perms', id=uid),

			




	
	
	
		
 
                                     params=dict(_method='put', _authentication_token=self.authentication_token()))

			




	
	
	
		
 
            response = self.app.post(url('edit_user_perms_update', id=uid),

			




	
	
	
		
 
                                     params=dict(_authentication_token=self.authentication_token()))

			




	
	
	
		
 

			




	
	
	
		
 
            perm_none = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
            perm_create = Permission.get_by_key('hg.create.repository')

			




	
	
	
		
 

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            assert UserModel().has_perm(uid, perm_none) == True

			




	
	
	
		
 
            assert UserModel().has_perm(uid, perm_create) == False

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            UserModel().delete(uid)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_ips(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        response = self.app.get(url('edit_user_ips', id=user.user_id))

			




	
	
	
		
 
        response.mustcontain('All IP addresses are allowed')

			




	
	
	
		
 

			




	
	
	
		
 
    @parametrize('test_name,ip,ip_range,failure', [

			




	
	
	
		
 
        ('127/24', '127.0.0.1/24', '127.0.0.0 - 127.0.0.255', False),

			




	
	
	
		
 
        ('10/32', '10.0.0.10/32', '10.0.0.10 - 10.0.0.10', False),

			




	
	
	
		
 
        ('0/16', '0.0.0.0/16', '0.0.0.0 - 0.0.255.255', False),

			




	
	
	
		
 
        ('0/8', '0.0.0.0/8', '0.0.0.0 - 0.255.255.255', False),

			




	
	
	
		
 
        ('127_bad_mask', '127.0.0.1/99', '127.0.0.1 - 127.0.0.1', True),

			




	
	
	
		
 
        ('127_bad_ip', 'foobar', 'foobar', True),

			




	
	
	
		
 
    ])

			




	
	
	
		
 
    def test_add_ip(self, test_name, ip, ip_range, failure):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        user_id = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('edit_user_ips_update', id=user_id),

			




	
	
	
		
 
                                 params=dict(new_ip=ip, _authentication_token=self.authentication_token()))

			




	
	
	
		
 

			




	
	
	
		
 
        if failure:

			




	
	
	
		
 
            self.checkSessionFlash(response, 'Please enter a valid IPv4 or IPv6 address')

			




	
	
	
		
 
            response = self.app.get(url('edit_user_ips', id=user_id))

			




	
	
	
		
 
            response.mustcontain(no=[ip])

			




	
	
	
		
 
            response.mustcontain(no=[ip_range])

			




	
	
	
		
 

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            response = self.app.get(url('edit_user_ips', id=user_id))

			




	
	
	
		
 
            response.mustcontain(ip)

			




	
	
	
		
 
            response.mustcontain(ip_range)

			




	
	
	
		
 

			




	
	
	
		
 
        ## cleanup

			




	
	
	
		
 
        for del_ip in UserIpMap.query().filter(UserIpMap.user_id == user_id).all():

			




	
	
	
		
 
            Session().delete(del_ip)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_delete_ip(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        user_id = user.user_id

			




	
	
	
		
 
        ip = '127.0.0.1/32'

			




	
	
	
		
 
        ip_range = '127.0.0.1 - 127.0.0.1'

			




	
	
	
		
 
        new_ip = UserModel().add_extra_ip(user_id, ip)

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        new_ip_id = new_ip.ip_id

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.get(url('edit_user_ips', id=user_id))

			




	
	
	
		
 
        response.mustcontain(ip)

			




	
	
	
		
 
        response.mustcontain(ip_range)

			




	
	
	
		
 

			




	
	
	
		
 
        self.app.post(url('edit_user_ips_delete', id=user_id),

			




	
	
	
		
 
                      params=dict(del_ip_id=new_ip_id, _authentication_token=self.authentication_token()))

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.get(url('edit_user_ips', id=user_id))

			




	
	
	
		
 
        response.mustcontain('All IP addresses are allowed')

			




	
	
	
		
 
        response.mustcontain(no=[ip])

			




	
	
	
		
 
        response.mustcontain(no=[ip_range])

			




	
	
	
		
 

			




	
	
	
		
 
    def test_api_keys(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        response = self.app.get(url('edit_user_api_keys', id=user.user_id))

			




	
	
	
		
 
        response.mustcontain(user.api_key)

			




	
	
	
		
 
        response.mustcontain('Expires: Never')

			




	
	
	
		
 

			




	
	
	
		
 
    @parametrize('desc,lifetime', [

			




	
	
	
		
 
        ('forever', -1),

			




	
	
	
		
 
        ('5mins', 60*5),

			




	
	
	
		
 
        ('30days', 60*60*24*30),

			




	
	
	
		
 
    ])

			




	
	
	
		
 
    def test_add_api_keys(self, desc, lifetime):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        user_id = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('edit_user_api_keys', id=user_id),

			




	
	
	
		
 
                 {'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'API key successfully created')

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            response = response.follow()

			




	
	
	
		
 
            user = User.get(user_id)

			




	
	
	
		
 
            for api_key in user.api_keys:

			




	
	
		
 
@@ -476,124 +474,124 @@ class TestAdminUsersController(TestContr

			




	
	
	
		
 
    def test_remove_api_key(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        user_id = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('edit_user_api_keys', id=user_id),

			




	
	
	
		
 
                {'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'API key successfully created')

			




	
	
	
		
 
        response = response.follow()

			




	
	
	
		
 

			




	
	
	
		
 
        #now delete our key

			




	
	
	
		
 
        keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all()

			




	
	
	
		
 
        assert 1 == len(keys)

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('edit_user_api_keys_delete', id=user_id),

			




	
	
	
		
 
                 {'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'API key successfully deleted')

			




	
	
	
		
 
        keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all()

			




	
	
	
		
 
        assert 0 == len(keys)

			




	
	
	
		
 

			




	
	
	
		
 
    def test_reset_main_api_key(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        user_id = user.user_id

			




	
	
	
		
 
        api_key = user.api_key

			




	
	
	
		
 
        response = self.app.get(url('edit_user_api_keys', id=user_id))

			




	
	
	
		
 
        response.mustcontain(api_key)

			




	
	
	
		
 
        response.mustcontain('Expires: Never')

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('edit_user_api_keys_delete', id=user_id),

			




	
	
	
		
 
                 {'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'API key successfully reset')

			




	
	
	
		
 
        response = response.follow()

			




	
	
	
		
 
        response.mustcontain(no=[api_key])

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class TestAdminUsersController_unittest(object):

			




	
	
	
		
 
    """ Unit tests for the users controller """

			




	
	
	
		
 

			




	
	
	
		
 
    def test_get_user_or_raise_if_default(self, monkeypatch):

			




	
	
	
		
 
        # flash complains about an non-existing session

			




	
	
	
		
 
        def flash_mock(*args, **kwargs):

			




	
	
	
		
 
            pass

			




	
	
	
		
 
        monkeypatch.setattr(h, 'flash', flash_mock)

			




	
	
	
		
 

			




	
	
	
		
 
        u = UsersController()

			




	
	
	
		
 
        # a regular user should work correctly

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        assert u._get_user_or_raise_if_default(user.user_id) == user

			




	
	
	
		
 
        # the default user should raise

			




	
	
	
		
 
        with pytest.raises(HTTPNotFound):

			




	
	
	
		
 
            u._get_user_or_raise_if_default(User.get_default_user().user_id)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class TestAdminUsersControllerForDefaultUser(TestController):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Edit actions on the default user are not allowed.

			




	
	
	
		
 
    Validate that they throw a 404 exception.

			




	
	
	
		
 
    """

			




	
	
	
		
 
    def test_edit_default_user(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_default_user()

			




	
	
	
		
 
        response = self.app.get(url('edit_user', id=user.user_id), status=404)

			




	
	
	
		
 

			




	
	
	
		
 
    def test_edit_advanced_default_user(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_default_user()

			




	
	
	
		
 
        response = self.app.get(url('edit_user_advanced', id=user.user_id), status=404)

			




	
	
	
		
 

			




	
	
	
		
 
    # API keys

			




	
	
	
		
 
    def test_edit_api_keys_default_user(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_default_user()

			




	
	
	
		
 
        response = self.app.get(url('edit_user_api_keys', id=user.user_id), status=404)

			




	
	
	
		
 

			




	
	
	
		
 
    def test_add_api_keys_default_user(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_default_user()

			




	
	
	
		
 
        response = self.app.post(url('edit_user_api_keys', id=user.user_id),

			




	
	
	
		
 
                 {'_method': 'put', '_authentication_token': self.authentication_token()}, status=404)

			




	
	
	
		
 

			




	
	
	
		
 
    def test_delete_api_keys_default_user(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_default_user()

			




	
	
	
		
 
        response = self.app.post(url('edit_user_api_keys_delete', id=user.user_id),

			




	
	
	
		
 
                 {'_authentication_token': self.authentication_token()}, status=404)

			




	
	
	
		
 

			




	
	
	
		
 
    # Permissions

			




	
	
	
		
 
    def test_edit_perms_default_user(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_default_user()

			




	
	
	
		
 
        response = self.app.get(url('edit_user_perms', id=user.user_id), status=404)

			




	
	
	
		
 

			




	
	
	
		
 
    def test_update_perms_default_user(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_default_user()

			




	
	
	
		
 
        response = self.app.post(url('edit_user_perms', id=user.user_id),

			




	
	
	
		
 
                 {'_method': 'put', '_authentication_token': self.authentication_token()}, status=404)

			




	
	
	
		
 
        response = self.app.post(url('edit_user_perms_update', id=user.user_id),

			




	
	
	
		
 
                 {'_authentication_token': self.authentication_token()}, status=404)

			




	
	
	
		
 

			




	
	
	
		
 
    # Emails

			




	
	
	
		
 
    def test_edit_emails_default_user(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_default_user()

			




	
	
	
		
 
        response = self.app.get(url('edit_user_emails', id=user.user_id), status=404)

			




	
	
	
		
 

			




	
	
	
		
 
    def test_add_emails_default_user(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_default_user()

			




	
	
	
		
 
        response = self.app.post(url('edit_user_emails_update', id=user.user_id),

			




	
	
	
		
 
                 {'_authentication_token': self.authentication_token()}, status=404)

			




	
	
	
		
 

			




	
	
	
		
 
    def test_delete_emails_default_user(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_default_user()

			




	
	
	
		
 
        response = self.app.post(url('edit_user_emails_delete', id=user.user_id),

			




	
	
	
		
 
                 {'_authentication_token': self.authentication_token()}, status=404)

			




	
	
	
		
 

			




	
	
	
		
 
    # IP addresses

			




	
	
	
		
 
    # Add/delete of IP addresses for the default user is used to maintain

			




	
	
	
		
 
    # the global IP whitelist and thus allowed. Only 'edit' is forbidden.

			




	
	
	
		
 
    def test_edit_ip_default_user(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_default_user()

			




	
	
	
		
 
        response = self.app.get(url('edit_user_ips', id=user.user_id), status=404)

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.