Changeset - 797767469152
Parent rev.
Child rev.
[Not reviewed]
stable
0 1 0
Mads Kiilerich - 6 years ago 2020-04-30 14:42:12
mads@kiilerich.com
tests: simplify test_permissions.py - don't create temporary 'perms' dict
1 file changed with 10 insertions and 44 deletions:
kallithea/tests/models/test_permissions.py
10
44
0 comments (0 inline, 0 general)
kallithea/tests/models/test_permissions.py
Show inline comments
 
@@ -59,81 +59,59 @@ class TestPermissions(base.TestControlle
 
        if hasattr(self, 'g2'):
 
            RepoGroupModel().delete(self.g2.group_id)
 

			




	
	
	
		
 
        if hasattr(self, 'ug2'):

			




	
	
	
		
 
            UserGroupModel().delete(self.ug2, force=True)

			




	
	
	
		
 
        if hasattr(self, 'ug1'):

			




	
	
	
		
 
            UserGroupModel().delete(self.ug1, force=True)

			




	
	
	
		
 

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_default_perms_set(self):

			




	
	
	
		
 
        u1_auth = AuthUser(user_id=self.u1.user_id)

			




	
	
	
		
 
        perms = {

			




	
	
	
		
 
            'repositories_groups': {},

			




	
	
	
		
 
            'global': set(['hg.create.repository', 'repository.read',

			




	
	
	
		
 
                           'hg.register.manual_activate']),

			




	
	
	
		
 
            'repositories': {base.HG_REPO: 'repository.read'}

			




	
	
	
		
 
        }

			




	
	
	
		
 
        assert u1_auth.permissions['repositories'][base.HG_REPO] == perms['repositories'][base.HG_REPO]

			




	
	
	
		
 
        assert u1_auth.permissions['repositories'][base.HG_REPO] == 'repository.read'

			




	
	
	
		
 
        new_perm = 'repository.write'

			




	
	
	
		
 
        RepoModel().grant_user_permission(repo=base.HG_REPO, user=self.u1,

			




	
	
	
		
 
                                          perm=new_perm)

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
        u1_auth = AuthUser(user_id=self.u1.user_id)

			




	
	
	
		
 
        assert u1_auth.permissions['repositories'][base.HG_REPO] == new_perm

			




	
	
	
		
 

			




	
	
	
		
 
    def test_default_admin_perms_set(self):

			




	
	
	
		
 
        a1_auth = AuthUser(user_id=self.a1.user_id)

			




	
	
	
		
 
        perms = {

			




	
	
	
		
 
            'repositories_groups': {},

			




	
	
	
		
 
            'global': set(['hg.admin', 'hg.create.write_on_repogroup.true']),

			




	
	
	
		
 
            'repositories': {base.HG_REPO: 'repository.admin'}

			




	
	
	
		
 
        }

			




	
	
	
		
 
        assert a1_auth.permissions['repositories'][base.HG_REPO] == perms['repositories'][base.HG_REPO]

			




	
	
	
		
 
        assert a1_auth.permissions['repositories'][base.HG_REPO] == 'repository.admin'

			




	
	
	
		
 
        new_perm = 'repository.write'

			




	
	
	
		
 
        RepoModel().grant_user_permission(repo=base.HG_REPO, user=self.a1,

			




	
	
	
		
 
                                          perm=new_perm)

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        # cannot really downgrade admins permissions !? they still gets set as

			




	
	
	
		
 
        # admin !

			




	
	
	
		
 
        u1_auth = AuthUser(user_id=self.a1.user_id)

			




	
	
	
		
 
        assert u1_auth.permissions['repositories'][base.HG_REPO] == perms['repositories'][base.HG_REPO]

			




	
	
	
		
 
        assert u1_auth.permissions['repositories'][base.HG_REPO] == 'repository.admin'

			




	
	
	
		
 

			




	
	
	
		
 
    def test_default_group_perms(self):

			




	
	
	
		
 
        self.g1 = fixture.create_repo_group('test1', skip_if_exists=True)

			




	
	
	
		
 
        self.g2 = fixture.create_repo_group('test2', skip_if_exists=True)

			




	
	
	
		
 
        u1_auth = AuthUser(user_id=self.u1.user_id)

			




	
	
	
		
 
        perms = {

			




	
	
	
		
 
            'repositories_groups': {'test1': 'group.read', 'test2': 'group.read'},

			




	
	
	
		
 
            'global': set(Permission.DEFAULT_USER_PERMISSIONS),

			




	
	
	
		
 
            'repositories': {base.HG_REPO: 'repository.read'}

			




	
	
	
		
 
        }

			




	
	
	
		
 
        assert u1_auth.permissions['repositories'][base.HG_REPO] == perms['repositories'][base.HG_REPO]

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'] == perms['repositories_groups']

			




	
	
	
		
 
        assert u1_auth.permissions['global'] == perms['global']

			




	
	
	
		
 
        assert u1_auth.permissions['repositories'][base.HG_REPO] == 'repository.read'

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'] == {'test1': 'group.read', 'test2': 'group.read'}

			




	
	
	
		
 
        assert u1_auth.permissions['global'] == set(Permission.DEFAULT_USER_PERMISSIONS)

			




	
	
	
		
 

			




	
	
	
		
 
    def test_default_admin_group_perms(self):

			




	
	
	
		
 
        self.g1 = fixture.create_repo_group('test1', skip_if_exists=True)

			




	
	
	
		
 
        self.g2 = fixture.create_repo_group('test2', skip_if_exists=True)

			




	
	
	
		
 
        a1_auth = AuthUser(user_id=self.a1.user_id)

			




	
	
	
		
 
        perms = {

			




	
	
	
		
 
            'repositories_groups': {'test1': 'group.admin', 'test2': 'group.admin'},

			




	
	
	
		
 
            'global': set(['hg.admin', 'hg.create.write_on_repogroup.true']),

			




	
	
	
		
 
            'repositories': {base.HG_REPO: 'repository.admin'}

			




	
	
	
		
 
        }

			




	
	
	
		
 

			




	
	
	
		
 
        assert a1_auth.permissions['repositories'][base.HG_REPO] == perms['repositories'][base.HG_REPO]

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'] == perms['repositories_groups']

			




	
	
	
		
 
        assert a1_auth.permissions['repositories'][base.HG_REPO] == 'repository.admin'

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'] == {'test1': 'group.admin', 'test2': 'group.admin'}

			




	
	
	
		
 

			




	
	
	
		
 
    def test_propagated_permission_from_users_group_by_explicit_perms_exist(self):

			




	
	
	
		
 
        # make group

			




	
	
	
		
 
        self.ug1 = fixture.create_user_group('G1')

			




	
	
	
		
 
        UserGroupModel().add_user_to_group(self.ug1, self.u1)

			




	
	
	
		
 

			




	
	
	
		
 
        # set user permission none

			




	
	
	
		
 
        RepoModel().grant_user_permission(repo=base.HG_REPO, user=self.u1, perm='repository.none')

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        u1_auth = AuthUser(user_id=self.u1.user_id)

			




	
	
	
		
 
        assert u1_auth.permissions['repositories'][base.HG_REPO] == 'repository.read' # inherit from default user

			




	
	
	
		
 

			




	
	
		
 
@@ -149,63 +127,51 @@ class TestPermissions(base.TestControlle

			




	
	
	
		
 
    def test_propagated_permission_from_users_group(self):

			




	
	
	
		
 
        # make group

			




	
	
	
		
 
        self.ug1 = fixture.create_user_group('G1')

			




	
	
	
		
 
        UserGroupModel().add_user_to_group(self.ug1, self.u3)

			




	
	
	
		
 

			




	
	
	
		
 
        # grant perm for group this should override default permission from user

			




	
	
	
		
 
        new_perm_gr = 'repository.write'

			




	
	
	
		
 
        RepoModel().grant_user_group_permission(repo=base.HG_REPO,

			




	
	
	
		
 
                                                 group_name=self.ug1,

			




	
	
	
		
 
                                                 perm=new_perm_gr)

			




	
	
	
		
 
        # check perms

			




	
	
	
		
 
        u3_auth = AuthUser(user_id=self.u3.user_id)

			




	
	
	
		
 
        perms = {

			




	
	
	
		
 
            'repositories_groups': {},

			




	
	
	
		
 
            'global': set(['hg.create.repository', 'repository.read',

			




	
	
	
		
 
                           'hg.register.manual_activate']),

			




	
	
	
		
 
            'repositories': {base.HG_REPO: 'repository.read'}

			




	
	
	
		
 
        }

			




	
	
	
		
 
        assert u3_auth.permissions['repositories'][base.HG_REPO] == new_perm_gr

			




	
	
	
		
 
        assert u3_auth.permissions['repositories_groups'] == perms['repositories_groups']

			




	
	
	
		
 
        assert u3_auth.permissions['repositories_groups'] == {}  # note: it is unclear which repo group we are happy to not see here ...

			




	
	
	
		
 

			




	
	
	
		
 
    def test_propagated_permission_from_users_group_lower_weight(self):

			




	
	
	
		
 
        # make group

			




	
	
	
		
 
        self.ug1 = fixture.create_user_group('G1')

			




	
	
	
		
 
        # add user to group

			




	
	
	
		
 
        UserGroupModel().add_user_to_group(self.ug1, self.u1)

			




	
	
	
		
 

			




	
	
	
		
 
        # set permission to lower

			




	
	
	
		
 
        new_perm_h = 'repository.write'

			




	
	
	
		
 
        RepoModel().grant_user_permission(repo=base.HG_REPO, user=self.u1,

			




	
	
	
		
 
                                          perm=new_perm_h)

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        u1_auth = AuthUser(user_id=self.u1.user_id)

			




	
	
	
		
 
        assert u1_auth.permissions['repositories'][base.HG_REPO] == new_perm_h

			




	
	
	
		
 

			




	
	
	
		
 
        # grant perm for group this should NOT override permission from user

			




	
	
	
		
 
        # since it's lower than granted

			




	
	
	
		
 
        new_perm_l = 'repository.read'

			




	
	
	
		
 
        RepoModel().grant_user_group_permission(repo=base.HG_REPO,

			




	
	
	
		
 
                                                 group_name=self.ug1,

			




	
	
	
		
 
                                                 perm=new_perm_l)

			




	
	
	
		
 
        # check perms

			




	
	
	
		
 
        u1_auth = AuthUser(user_id=self.u1.user_id)

			




	
	
	
		
 
        perms = {

			




	
	
	
		
 
            'repositories_groups': {},

			




	
	
	
		
 
            'global': set(['hg.create.repository', 'repository.read',

			




	
	
	
		
 
                           'hg.register.manual_activate']),

			




	
	
	
		
 
            'repositories': {base.HG_REPO: 'repository.write'}

			




	
	
	
		
 
        }

			




	
	
	
		
 
        assert u1_auth.permissions['repositories'][base.HG_REPO] == new_perm_h

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'] == perms['repositories_groups']

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'] == {}  # note: it is unclear which repo group we are happy to not see here ...

			




	
	
	
		
 

			




	
	
	
		
 
    def test_repo_in_group_permissions(self):

			




	
	
	
		
 
        self.g1 = fixture.create_repo_group('group1', skip_if_exists=True)

			




	
	
	
		
 
        self.g2 = fixture.create_repo_group('group2', skip_if_exists=True)

			




	
	
	
		
 
        # both perms should be read !

			




	
	
	
		
 
        u1_auth = AuthUser(user_id=self.u1.user_id)

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'] == {'group1': 'group.read', 'group2': 'group.read'}

			




	
	
	
		
 

			




	
	
	
		
 
        a1_auth = AuthUser(user_id=self.anon.user_id)

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'] == {'group1': 'group.read', 'group2': 'group.read'}

			




	
	
	
		
 

			




	
	
	
		
 
        # Change perms to none for both groups

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.