Changeset - 86bf2cd71a65
Parent rev.
Child rev.
[Not reviewed]
stable
0 1 0
Mads Kiilerich - 6 years ago 2020-04-30 13:57:40
mads@kiilerich.com
tests: fix TestPermissions.test_inactive_user_group_does_not_affect_repo_group_permissions_inverse

Handle L1_new leak from test_rename_top_level_group_in_nested_setup .
1 file changed with 29 insertions and 20 deletions:
kallithea/tests/models/test_permissions.py
29
20
0 comments (0 inline, 0 general)
kallithea/tests/models/test_permissions.py
Show inline comments
 
@@ -91,21 +91,23 @@ class TestPermissions(base.TestControlle
 

			




	
	
	
		
 
    def test_default_group_perms(self):

			




	
	
	
		
 
        self.g1 = fixture.create_repo_group('test1', skip_if_exists=True)

			




	
	
	
		
 
        self.g2 = fixture.create_repo_group('test2', skip_if_exists=True)

			




	
	
	
		
 
        u1_auth = AuthUser(user_id=self.u1.user_id)

			




	
	
	
		
 
        assert u1_auth.permissions['repositories'][base.HG_REPO] == 'repository.read'

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'] == {'test1': 'group.read', 'test2': 'group.read'}

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'].get('test1') == 'group.read'

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'].get('test2') == 'group.read'

			




	
	
	
		
 
        assert u1_auth.permissions['global'] == set(Permission.DEFAULT_USER_PERMISSIONS)

			




	
	
	
		
 

			




	
	
	
		
 
    def test_default_admin_group_perms(self):

			




	
	
	
		
 
        self.g1 = fixture.create_repo_group('test1', skip_if_exists=True)

			




	
	
	
		
 
        self.g2 = fixture.create_repo_group('test2', skip_if_exists=True)

			




	
	
	
		
 
        a1_auth = AuthUser(user_id=self.a1.user_id)

			




	
	
	
		
 
        assert a1_auth.permissions['repositories'][base.HG_REPO] == 'repository.admin'

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'] == {'test1': 'group.admin', 'test2': 'group.admin'}

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'].get('test1') == 'group.admin'

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'].get('test2') == 'group.admin'

			




	
	
	
		
 

			




	
	
	
		
 
    def test_propagated_permission_from_users_group_by_explicit_perms_exist(self):

			




	
	
	
		
 
        # make group

			




	
	
	
		
 
        self.ug1 = fixture.create_user_group('G1')

			




	
	
	
		
 
        UserGroupModel().add_user_to_group(self.ug1, self.u1)

			




	
	
	
		
 

			




	
	
		
 
@@ -134,13 +136,12 @@ class TestPermissions(base.TestControlle

			




	
	
	
		
 
        RepoModel().grant_user_group_permission(repo=base.HG_REPO,

			




	
	
	
		
 
                                                 group_name=self.ug1,

			




	
	
	
		
 
                                                 perm=new_perm_gr)

			




	
	
	
		
 
        # check perms

			




	
	
	
		
 
        u3_auth = AuthUser(user_id=self.u3.user_id)

			




	
	
	
		
 
        assert u3_auth.permissions['repositories'][base.HG_REPO] == new_perm_gr

			




	
	
	
		
 
        assert u3_auth.permissions['repositories_groups'] == {}  # note: it is unclear which repo group we are happy to not see here ...

			




	
	
	
		
 

			




	
	
	
		
 
    def test_propagated_permission_from_users_group_lower_weight(self):

			




	
	
	
		
 
        # make group

			




	
	
	
		
 
        self.ug1 = fixture.create_user_group('G1')

			




	
	
	
		
 
        # add user to group

			




	
	
	
		
 
        UserGroupModel().add_user_to_group(self.ug1, self.u1)

			




	
	
		
 
@@ -159,74 +160,82 @@ class TestPermissions(base.TestControlle

			




	
	
	
		
 
        RepoModel().grant_user_group_permission(repo=base.HG_REPO,

			




	
	
	
		
 
                                                 group_name=self.ug1,

			




	
	
	
		
 
                                                 perm=new_perm_l)

			




	
	
	
		
 
        # check perms

			




	
	
	
		
 
        u1_auth = AuthUser(user_id=self.u1.user_id)

			




	
	
	
		
 
        assert u1_auth.permissions['repositories'][base.HG_REPO] == new_perm_h

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'] == {}  # note: it is unclear which repo group we are happy to not see here ...

			




	
	
	
		
 

			




	
	
	
		
 
    def test_repo_in_group_permissions(self):

			




	
	
	
		
 
        self.g1 = fixture.create_repo_group('group1', skip_if_exists=True)

			




	
	
	
		
 
        self.g2 = fixture.create_repo_group('group2', skip_if_exists=True)

			




	
	
	
		
 
        # both perms should be read !

			




	
	
	
		
 
        u1_auth = AuthUser(user_id=self.u1.user_id)

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'] == {'group1': 'group.read', 'group2': 'group.read'}

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'].get('group1') == 'group.read'

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'].get('group2') == 'group.read'

			




	
	
	
		
 

			




	
	
	
		
 
        a1_auth = AuthUser(user_id=self.anon.user_id)

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'] == {'group1': 'group.read', 'group2': 'group.read'}

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'].get('group1') == 'group.read'

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'].get('group2') == 'group.read'

			




	
	
	
		
 

			




	
	
	
		
 
        # Change perms to none for both groups

			




	
	
	
		
 
        RepoGroupModel().grant_user_permission(repo_group=self.g1,

			




	
	
	
		
 
                                               user=self.anon,

			




	
	
	
		
 
                                               perm='group.none')

			




	
	
	
		
 
        RepoGroupModel().grant_user_permission(repo_group=self.g2,

			




	
	
	
		
 
                                               user=self.anon,

			




	
	
	
		
 
                                               perm='group.none')

			




	
	
	
		
 

			




	
	
	
		
 
        u1_auth = AuthUser(user_id=self.u1.user_id)

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'] == {'group1': 'group.none', 'group2': 'group.none'}

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'].get('group1') == 'group.none'

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'].get('group2') == 'group.none'

			




	
	
	
		
 

			




	
	
	
		
 
        a1_auth = AuthUser(user_id=self.anon.user_id)

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'] == {'group1': 'group.none', 'group2': 'group.none'}

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'].get('group1') == 'group.none'

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'].get('group2') == 'group.none'

			




	
	
	
		
 

			




	
	
	
		
 
        # add repo to group

			




	
	
	
		
 
        name = db.URL_SEP.join([self.g1.group_name, 'test_perm'])

			




	
	
	
		
 
        self.test_repo = fixture.create_repo(name=name,

			




	
	
	
		
 
                                             repo_type='hg',

			




	
	
	
		
 
                                             repo_group=self.g1,

			




	
	
	
		
 
                                             cur_user=self.u1,)

			




	
	
	
		
 

			




	
	
	
		
 
        u1_auth = AuthUser(user_id=self.u1.user_id)

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'] == {'group1': 'group.none', 'group2': 'group.none'}

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'].get('group1') == 'group.none'

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'].get('group2') == 'group.none'

			




	
	
	
		
 

			




	
	
	
		
 
        a1_auth = AuthUser(user_id=self.anon.user_id)

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'] == {'group1': 'group.none', 'group2': 'group.none'}

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'].get('group1') == 'group.none'

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'].get('group2') == 'group.none'

			




	
	
	
		
 

			




	
	
	
		
 
        # grant permission for u2 !

			




	
	
	
		
 
        RepoGroupModel().grant_user_permission(repo_group=self.g1, user=self.u2,

			




	
	
	
		
 
                                               perm='group.read')

			




	
	
	
		
 
        RepoGroupModel().grant_user_permission(repo_group=self.g2, user=self.u2,

			




	
	
	
		
 
                                               perm='group.read')

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        assert self.u1 != self.u2

			




	
	
	
		
 
        # u1 and anon should have not change perms while u2 should !

			




	
	
	
		
 
        u1_auth = AuthUser(user_id=self.u1.user_id)

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'] == {'group1': 'group.none', 'group2': 'group.none'}

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'].get('group1') == 'group.none'

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'].get('group2') == 'group.none'

			




	
	
	
		
 

			




	
	
	
		
 
        u2_auth = AuthUser(user_id=self.u2.user_id)

			




	
	
	
		
 
        assert u2_auth.permissions['repositories_groups'] == {'group1': 'group.read', 'group2': 'group.read'}

			




	
	
	
		
 
        assert u2_auth.permissions['repositories_groups'].get('group1') == 'group.read'

			




	
	
	
		
 
        assert u2_auth.permissions['repositories_groups'].get('group2') == 'group.read'

			




	
	
	
		
 

			




	
	
	
		
 
        a1_auth = AuthUser(user_id=self.anon.user_id)

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'] == {'group1': 'group.none', 'group2': 'group.none'}

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'].get('group1') == 'group.none'

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'].get('group2') == 'group.none'

			




	
	
	
		
 

			




	
	
	
		
 
    def test_repo_group_user_as_user_group_member(self):

			




	
	
	
		
 
        # create Group1

			




	
	
	
		
 
        self.g1 = fixture.create_repo_group('group1', skip_if_exists=True)

			




	
	
	
		
 
        a1_auth = AuthUser(user_id=self.anon.user_id)

			




	
	
	
		
 

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'] == {'group1': 'group.read'}

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'].get('group1') == 'group.read'

			




	
	
	
		
 

			




	
	
	
		
 
        # set default permission to none

			




	
	
	
		
 
        RepoGroupModel().grant_user_permission(repo_group=self.g1,

			




	
	
	
		
 
                                               user=self.anon,

			




	
	
	
		
 
                                               perm='group.none')

			




	
	
	
		
 
        # make group

			




	
	
		
 
@@ -239,16 +248,16 @@ class TestPermissions(base.TestControlle

			




	
	
	
		
 
        members = [x.user_id for x in UserGroupModel().get(self.ug1.users_group_id).members]

			




	
	
	
		
 
        assert members == [self.u1.user_id]

			




	
	
	
		
 
        # add some user to that group

			




	
	
	
		
 

			




	
	
	
		
 
        # check his permissions

			




	
	
	
		
 
        a1_auth = AuthUser(user_id=self.anon.user_id)

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'] == {'group1': 'group.none'}

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'].get('group1') == 'group.none'

			




	
	
	
		
 

			




	
	
	
		
 
        u1_auth = AuthUser(user_id=self.u1.user_id)

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'] == {'group1': 'group.none'}

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'].get('group1') == 'group.none'

			




	
	
	
		
 

			




	
	
	
		
 
        # grant ug1 read permissions for

			




	
	
	
		
 
        RepoGroupModel().grant_user_group_permission(repo_group=self.g1,

			




	
	
	
		
 
                                                      group_name=self.ug1,

			




	
	
	
		
 
                                                      perm='group.read')

			




	
	
	
		
 
        Session().commit()

			




	
	
		
 
@@ -258,16 +267,16 @@ class TestPermissions(base.TestControlle

			




	
	
	
		
 
            .filter(UserGroupRepoGroupToPerm.users_group == self.ug1) \

			




	
	
	
		
 
            .scalar()

			




	
	
	
		
 
        assert obj.permission.permission_name == 'group.read'

			




	
	
	
		
 

			




	
	
	
		
 
        a1_auth = AuthUser(user_id=self.anon.user_id)

			




	
	
	
		
 

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'] == {'group1': 'group.none'}

			




	
	
	
		
 
        assert a1_auth.permissions['repositories_groups'].get('group1') == 'group.none'

			




	
	
	
		
 

			




	
	
	
		
 
        u1_auth = AuthUser(user_id=self.u1.user_id)

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'] == {'group1': 'group.read'}

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'].get('group1') == 'group.read'

			




	
	
	
		
 

			




	
	
	
		
 
    def test_inherit_nice_permissions_from_default_user(self):

			




	
	
	
		
 
        user_model = UserModel()

			




	
	
	
		
 
        # enable fork and create on default user

			




	
	
	
		
 
        usr = 'default'

			




	
	
	
		
 
        user_model.revoke_perm(usr, 'hg.create.none')

			




	
	
		
 
@@ -479,13 +488,13 @@ class TestPermissions(base.TestControlle

			




	
	
	
		
 
        # enable only write access for default user on repo group

			




	
	
	
		
 
        RepoGroupModel().grant_user_permission(self.g1,

			




	
	
	
		
 
                                               user='default',

			




	
	
	
		
 
                                               perm='group.write')

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        u1_auth = AuthUser(user_id=self.u1.user_id)

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'] == {'group1': 'group.write'}

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'].get('group1') == 'group.write'

			




	
	
	
		
 

			




	
	
	
		
 
    def test_inactive_user_group_does_not_affect_repo_group_permissions_inverse(self):

			




	
	
	
		
 
        self.ug1 = fixture.create_user_group('G1')

			




	
	
	
		
 
        user_group_model = UserGroupModel()

			




	
	
	
		
 
        user_group_model.add_user_to_group(self.ug1, self.u1)

			




	
	
	
		
 
        user_group_model.update(self.ug1, {'users_group_active': False})

			




	
	
		
 
@@ -499,13 +508,13 @@ class TestPermissions(base.TestControlle

			




	
	
	
		
 
        # enable admin access for default user on repo group

			




	
	
	
		
 
        RepoGroupModel().grant_user_permission(self.g1,

			




	
	
	
		
 
                                               user='default',

			




	
	
	
		
 
                                               perm='group.admin')

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        u1_auth = AuthUser(user_id=self.u1.user_id)

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'] == {'group1': 'group.admin'}

			




	
	
	
		
 
        assert u1_auth.permissions['repositories_groups'].get('group1') == 'group.admin'

			




	
	
	
		
 

			




	
	
	
		
 
    def test_inactive_user_group_does_not_affect_user_group_permissions(self):

			




	
	
	
		
 
        self.ug1 = fixture.create_user_group('G1')

			




	
	
	
		
 
        user_group_model = UserGroupModel()

			




	
	
	
		
 
        user_group_model.add_user_to_group(self.ug1, self.u1)

			




	
	
	
		
 
        user_group_model.update(self.ug1, {'users_group_active': False})

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.