diff options
author | Marcin Kuzminski <marcin@python-works.com> | 2012-09-07 02:20:02 +0200 |
---|---|---|
committer | Marcin Kuzminski <marcin@python-works.com> | 2012-09-07 02:20:02 +0200 |
commit | 859235dc7e1181b3fa78227d9e0ea1d223b35199 (patch) | |
tree | 12ab4eec1cfe7969eb35dc9985231a6939d93d34 /rhodecode/tests/models | |
parent | e03ad77031ab6c1105c592fb3be9dbf87efd6f3c (diff) |
Permissions on group can be set in recursive mode setting defined permission to all children
- more explicit permissions
- fixes for empty values in permission form
--HG--
branch : beta
Diffstat (limited to 'rhodecode/tests/models')
-rw-r--r-- | rhodecode/tests/models/common.py | 116 | ||||
-rw-r--r-- | rhodecode/tests/models/test_permissions.py | 12 | ||||
-rw-r--r-- | rhodecode/tests/models/test_repos_groups.py | 11 | ||||
-rw-r--r-- | rhodecode/tests/models/test_user_permissions_on_groups.py | 161 | ||||
-rw-r--r-- | rhodecode/tests/models/test_users_group_permissions_on_groups.py | 170 |
5 files changed, 455 insertions, 15 deletions
diff --git a/rhodecode/tests/models/common.py b/rhodecode/tests/models/common.py new file mode 100644 index 00000000..377a05ee --- /dev/null +++ b/rhodecode/tests/models/common.py @@ -0,0 +1,116 @@ +import os +import unittest +import functools +from rhodecode.tests import * + + +from rhodecode.model.repos_group import ReposGroupModel +from rhodecode.model.repo import RepoModel +from rhodecode.model.db import RepoGroup, Repository, User +from rhodecode.model.user import UserModel + +from rhodecode.lib.auth import AuthUser +from rhodecode.model.meta import Session + + +def _make_group(path, desc='desc', parent_id=None, + skip_if_exists=False): + + gr = RepoGroup.get_by_group_name(path) + if gr and skip_if_exists: + return gr + if isinstance(parent_id, RepoGroup): + parent_id = parent_id.group_id + gr = ReposGroupModel().create(path, desc, parent_id) + return gr + + +def _make_repo(name, repos_group=None, repo_type='hg'): + return RepoModel().create_repo(name, repo_type, 'desc', + TEST_USER_ADMIN_LOGIN, + repos_group=repos_group) + + +def _destroy_project_tree(test_u1_id): + Session.remove() + repos_group = RepoGroup.get_by_group_name(group_name='g0') + for el in reversed(repos_group.recursive_groups_and_repos()): + if isinstance(el, Repository): + RepoModel().delete(el) + elif isinstance(el, RepoGroup): + ReposGroupModel().delete(el, force_delete=True) + + u = User.get(test_u1_id) + Session().delete(u) + Session().commit() + + +def _create_project_tree(): + """ + Creates a tree of groups and repositories to test permissions + + structure + [g0] - group `g0` with 3 subgroups + | + |__[g0_1] group g0_1 with 2 groups 0 repos + | | + | |__[g0_1_1] group g0_1_1 with 1 group 2 repos + | | |__<g0/g0_1/g0_1_1/g0_1_1_r1> + | | |__<g0/g0_1/g0_1_1/g0_1_1_r2> + | |__<g0/g0_1/g0_1_r1> + | + |__[g0_2] 2 repos + | | + | |__<g0/g0_2/g0_2_r1> + | |__<g0/g0_2/g0_2_r2> + | + |__[g0_3] 1 repo + | + |_<g0/g0_3/g0_3_r1> + + """ + test_u1 = UserModel().create_or_update( + username=u'test_u1', password=u'qweqwe', + email=u'test_u1@rhodecode.org', firstname=u'test_u1', lastname=u'test_u1' + ) + g0 = _make_group('g0') + g0_1 = _make_group('g0_1', parent_id=g0) + g0_1_1 = _make_group('g0_1_1', parent_id=g0_1) + g0_1_1_r1 = _make_repo('g0/g0_1/g0_1_1/g0_1_1_r1', repos_group=g0_1_1) + g0_1_1_r2 = _make_repo('g0/g0_1/g0_1_1/g0_1_1_r2', repos_group=g0_1_1) + g0_1_r1 = _make_repo('g0/g0_1/g0_1_r1', repos_group=g0_1) + g0_2 = _make_group('g0_2', parent_id=g0) + g0_2_r1 = _make_repo('g0/g0_2/g0_2_r1', repos_group=g0_2) + g0_2_r2 = _make_repo('g0/g0_2/g0_2_r2', repos_group=g0_2) + g0_3 = _make_group('g0_3', parent_id=g0) + g0_3_r1 = _make_repo('g0/g0_3/g0_3_r1', repos_group=g0_3) + return test_u1 + + +def expected_count(group_name, objects=False): + repos_group = RepoGroup.get_by_group_name(group_name=group_name) + objs = repos_group.recursive_groups_and_repos() + if objects: + return objs + return len(objs) + + +def _check_expected_count(items, repo_items, expected): + should_be = len(items + repo_items) + there_are = len(expected) + assert should_be == there_are, ('%s != %s' % ((items + repo_items), expected)) + + +def check_tree_perms(obj_name, repo_perm, prefix, expected_perm): + assert repo_perm == expected_perm, ('obj:`%s` got perm:`%s` should:`%s`' + % (obj_name, repo_perm, expected_perm)) + + +def _get_perms(filter_='', recursive=True, key=None, test_u1_id=None): + test_u1 = AuthUser(user_id=test_u1_id) + for k, v in test_u1.permissions[key].items(): + if recursive and k.startswith(filter_): + yield k, v + elif not recursive: + if k == filter_: + yield k, v diff --git a/rhodecode/tests/models/test_permissions.py b/rhodecode/tests/models/test_permissions.py index 9329fe8a..5ed2e9d0 100644 --- a/rhodecode/tests/models/test_permissions.py +++ b/rhodecode/tests/models/test_permissions.py @@ -1,7 +1,7 @@ import os import unittest from rhodecode.tests import * - +from rhodecode.tests.models.common import _make_group from rhodecode.model.repos_group import ReposGroupModel from rhodecode.model.repo import RepoModel from rhodecode.model.db import RepoGroup, User, UsersGroupRepoGroupToPerm @@ -12,16 +12,6 @@ from rhodecode.model.users_group import UsersGroupModel from rhodecode.lib.auth import AuthUser -def _make_group(path, desc='desc', parent_id=None, - skip_if_exists=False): - - gr = RepoGroup.get_by_group_name(path) - if gr and skip_if_exists: - return gr - - gr = ReposGroupModel().create(path, desc, parent_id) - return gr - class TestPermissions(unittest.TestCase): def __init__(self, methodName='runTest'): diff --git a/rhodecode/tests/models/test_repos_groups.py b/rhodecode/tests/models/test_repos_groups.py index 500cbd1a..e0f82ee2 100644 --- a/rhodecode/tests/models/test_repos_groups.py +++ b/rhodecode/tests/models/test_repos_groups.py @@ -4,7 +4,7 @@ from rhodecode.tests import * from rhodecode.model.repos_group import ReposGroupModel from rhodecode.model.repo import RepoModel -from rhodecode.model.db import RepoGroup, User +from rhodecode.model.db import RepoGroup, User, Repository from rhodecode.model.meta import Session from sqlalchemy.exc import IntegrityError @@ -15,7 +15,8 @@ def _make_group(path, desc='desc', parent_id=None, gr = RepoGroup.get_by_group_name(path) if gr and skip_if_exists: return gr - + if isinstance(parent_id, RepoGroup): + parent_id = parent_id.group_id gr = ReposGroupModel().create(path, desc, parent_id) return gr @@ -54,7 +55,8 @@ class TestReposGroups(unittest.TestCase): group_parent_id=parent_id, perms_updates=[], perms_new=[], - enable_locking=False + enable_locking=False, + recursive=False ) gr = ReposGroupModel().update(id_, form_data) return gr @@ -132,7 +134,8 @@ class TestReposGroups(unittest.TestCase): repo_type='hg', clone_uri=None, landing_rev='tip', - enable_locking=False) + enable_locking=False, + recursive=False) cur_user = User.get_by_username(TEST_USER_ADMIN_LOGIN) r = RepoModel().create(form_data, cur_user) diff --git a/rhodecode/tests/models/test_user_permissions_on_groups.py b/rhodecode/tests/models/test_user_permissions_on_groups.py new file mode 100644 index 00000000..6acf50c5 --- /dev/null +++ b/rhodecode/tests/models/test_user_permissions_on_groups.py @@ -0,0 +1,161 @@ +import os +import unittest +import functools +from rhodecode.tests import * + +from rhodecode.model.repos_group import ReposGroupModel +from rhodecode.model.db import RepoGroup, Repository, User + +from rhodecode.model.meta import Session +from nose.tools import with_setup +from rhodecode.tests.models.common import _create_project_tree, check_tree_perms, \ + _get_perms, _check_expected_count, expected_count, _destroy_project_tree +from rhodecode.model.repo import RepoModel + + +test_u1_id = None +_get_repo_perms = None +_get_group_perms = None + + +def permissions_setup_func(group_name='g0', perm='group.read', recursive=True): + """ + Resets all permissions to perm attribute + """ + repos_group = RepoGroup.get_by_group_name(group_name=group_name) + if not repos_group: + raise Exception('Cannot get group %s' % group_name) + perms_updates = [[test_u1_id, perm, 'user']] + ReposGroupModel()._update_permissions(repos_group, + perms_updates=perms_updates, + recursive=recursive) + Session().commit() + + +def setup_module(): + global test_u1_id, _get_repo_perms, _get_group_perms + test_u1 = _create_project_tree() + Session().commit() + test_u1_id = test_u1.user_id + _get_repo_perms = functools.partial(_get_perms, key='repositories', + test_u1_id=test_u1_id) + _get_group_perms = functools.partial(_get_perms, key='repositories_groups', + test_u1_id=test_u1_id) + + +def teardown_module(): + _destroy_project_tree(test_u1_id) + + +@with_setup(permissions_setup_func) +def test_user_permissions_on_group_without_recursive_mode(): + # set permission to g0 non-recursive mode + recursive = False + group = 'g0' + permissions_setup_func(group, 'group.write', recursive=recursive) + + items = [x for x in _get_repo_perms(group, recursive)] + expected = 0 + assert len(items) == expected, ' %s != %s' % (len(items), expected) + for name, perm in items: + yield check_tree_perms, name, perm, group, 'repository.read' + + items = [x for x in _get_group_perms(group, recursive)] + expected = 1 + assert len(items) == expected, ' %s != %s' % (len(items), expected) + for name, perm in items: + yield check_tree_perms, name, perm, group, 'group.write' + + +@with_setup(permissions_setup_func) +def test_user_permissions_on_group_without_recursive_mode_subgroup(): + # set permission to g0 non-recursive mode + recursive = False + group = 'g0/g0_1' + permissions_setup_func(group, 'group.write', recursive=recursive) + + items = [x for x in _get_repo_perms(group, recursive)] + expected = 0 + assert len(items) == expected, ' %s != %s' % (len(items), expected) + for name, perm in items: + yield check_tree_perms, name, perm, group, 'repository.read' + + items = [x for x in _get_group_perms(group, recursive)] + expected = 1 + assert len(items) == expected, ' %s != %s' % (len(items), expected) + for name, perm in items: + yield check_tree_perms, name, perm, group, 'group.write' + + +@with_setup(permissions_setup_func) +def test_user_permissions_on_group_with_recursive_mode(): + + # set permission to g0 recursive mode, all children including + # other repos and groups should have this permission now set ! + recursive = True + group = 'g0' + permissions_setup_func(group, 'group.write', recursive=recursive) + + repo_items = [x for x in _get_repo_perms(group, recursive)] + items = [x for x in _get_group_perms(group, recursive)] + _check_expected_count(items, repo_items, expected_count(group, True)) + + for name, perm in repo_items: + yield check_tree_perms, name, perm, group, 'repository.write' + + for name, perm in items: + yield check_tree_perms, name, perm, group, 'group.write' + + +@with_setup(permissions_setup_func) +def test_user_permissions_on_group_with_recursive_mode_inner_group(): + ## set permission to g0_3 group to none + recursive = True + group = 'g0/g0_3' + permissions_setup_func(group, 'group.none', recursive=recursive) + + repo_items = [x for x in _get_repo_perms(group, recursive)] + items = [x for x in _get_group_perms(group, recursive)] + _check_expected_count(items, repo_items, expected_count(group, True)) + + for name, perm in repo_items: + yield check_tree_perms, name, perm, group, 'repository.none' + + for name, perm in items: + yield check_tree_perms, name, perm, group, 'group.none' + + +@with_setup(permissions_setup_func) +def test_user_permissions_on_group_with_recursive_mode_deepest(): + ## set permission to g0_3 group to none + recursive = True + group = 'g0/g0_1/g0_1_1' + permissions_setup_func(group, 'group.write', recursive=recursive) + + repo_items = [x for x in _get_repo_perms(group, recursive)] + items = [x for x in _get_group_perms(group, recursive)] + _check_expected_count(items, repo_items, expected_count(group, True)) + + for name, perm in repo_items: + yield check_tree_perms, name, perm, group, 'repository.write' + + for name, perm in items: + yield check_tree_perms, name, perm, group, 'group.write' + + +@with_setup(permissions_setup_func) +def test_user_permissions_on_group_with_recursive_mode_only_with_repos(): + ## set permission to g0_3 group to none + recursive = True + group = 'g0/g0_2' + permissions_setup_func(group, 'group.admin', recursive=recursive) + + repo_items = [x for x in _get_repo_perms(group, recursive)] + items = [x for x in _get_group_perms(group, recursive)] + _check_expected_count(items, repo_items, expected_count(group, True)) + + for name, perm in repo_items: + yield check_tree_perms, name, perm, group, 'repository.admin' + + for name, perm in items: + yield check_tree_perms, name, perm, group, 'group.admin' diff --git a/rhodecode/tests/models/test_users_group_permissions_on_groups.py b/rhodecode/tests/models/test_users_group_permissions_on_groups.py new file mode 100644 index 00000000..1e94bb27 --- /dev/null +++ b/rhodecode/tests/models/test_users_group_permissions_on_groups.py @@ -0,0 +1,170 @@ +import os +import unittest +import functools +from rhodecode.tests import * + +from rhodecode.model.repos_group import ReposGroupModel +from rhodecode.model.db import RepoGroup, Repository, User + +from rhodecode.model.meta import Session +from nose.tools import with_setup +from rhodecode.tests.models.common import _create_project_tree, check_tree_perms, \ + _get_perms, _check_expected_count, expected_count, _destroy_project_tree +from rhodecode.model.users_group import UsersGroupModel +from rhodecode.model.repo import RepoModel + + +test_u2_id = None +test_u2_gr_id = None +_get_repo_perms = None +_get_group_perms = None + + +def permissions_setup_func(group_name='g0', perm='group.read', recursive=True): + """ + Resets all permissions to perm attribute + """ + repos_group = RepoGroup.get_by_group_name(group_name=group_name) + if not repos_group: + raise Exception('Cannot get group %s' % group_name) + perms_updates = [[test_u2_gr_id, perm, 'users_group']] + ReposGroupModel()._update_permissions(repos_group, + perms_updates=perms_updates, + recursive=recursive) + Session().commit() + + +def setup_module(): + global test_u2_id, test_u2_gr_id, _get_repo_perms, _get_group_perms + test_u2 = _create_project_tree() + Session().commit() + test_u2_id = test_u2.user_id + + gr1 = UsersGroupModel().create(name='perms_group_1') + Session().commit() + test_u2_gr_id = gr1.users_group_id + UsersGroupModel().add_user_to_group(gr1, user=test_u2_id) + Session().commit() + + _get_repo_perms = functools.partial(_get_perms, key='repositories', + test_u1_id=test_u2_id) + _get_group_perms = functools.partial(_get_perms, key='repositories_groups', + test_u1_id=test_u2_id) + + +def teardown_module(): + _destroy_project_tree(test_u2_id) + + +@with_setup(permissions_setup_func) +def test_user_permissions_on_group_without_recursive_mode(): + # set permission to g0 non-recursive mode + recursive = False + group = 'g0' + permissions_setup_func(group, 'group.write', recursive=recursive) + + items = [x for x in _get_repo_perms(group, recursive)] + expected = 0 + assert len(items) == expected, ' %s != %s' % (len(items), expected) + for name, perm in items: + yield check_tree_perms, name, perm, group, 'repository.read' + + items = [x for x in _get_group_perms(group, recursive)] + expected = 1 + assert len(items) == expected, ' %s != %s' % (len(items), expected) + for name, perm in items: + yield check_tree_perms, name, perm, group, 'group.write' + + +@with_setup(permissions_setup_func) +def test_user_permissions_on_group_without_recursive_mode_subgroup(): + # set permission to g0 non-recursive mode + recursive = False + group = 'g0/g0_1' + permissions_setup_func(group, 'group.write', recursive=recursive) + + items = [x for x in _get_repo_perms(group, recursive)] + expected = 0 + assert len(items) == expected, ' %s != %s' % (len(items), expected) + for name, perm in items: + yield check_tree_perms, name, perm, group, 'repository.read' + + items = [x for x in _get_group_perms(group, recursive)] + expected = 1 + assert len(items) == expected, ' %s != %s' % (len(items), expected) + for name, perm in items: + yield check_tree_perms, name, perm, group, 'group.write' + + +@with_setup(permissions_setup_func) +def test_user_permissions_on_group_with_recursive_mode(): + + # set permission to g0 recursive mode, all children including + # other repos and groups should have this permission now set ! + recursive = True + group = 'g0' + permissions_setup_func(group, 'group.write', recursive=recursive) + + repo_items = [x for x in _get_repo_perms(group, recursive)] + items = [x for x in _get_group_perms(group, recursive)] + _check_expected_count(items, repo_items, expected_count(group, True)) + + for name, perm in repo_items: + yield check_tree_perms, name, perm, group, 'repository.write' + + for name, perm in items: + yield check_tree_perms, name, perm, group, 'group.write' + + +@with_setup(permissions_setup_func) +def test_user_permissions_on_group_with_recursive_mode_inner_group(): + ## set permission to g0_3 group to none + recursive = True + group = 'g0/g0_3' + permissions_setup_func(group, 'group.none', recursive=recursive) + + repo_items = [x for x in _get_repo_perms(group, recursive)] + items = [x for x in _get_group_perms(group, recursive)] + _check_expected_count(items, repo_items, expected_count(group, True)) + + for name, perm in repo_items: + yield check_tree_perms, name, perm, group, 'repository.none' + + for name, perm in items: + yield check_tree_perms, name, perm, group, 'group.none' + + +@with_setup(permissions_setup_func) +def test_user_permissions_on_group_with_recursive_mode_deepest(): + ## set permission to g0_3 group to none + recursive = True + group = 'g0/g0_1/g0_1_1' + permissions_setup_func(group, 'group.write', recursive=recursive) + + repo_items = [x for x in _get_repo_perms(group, recursive)] + items = [x for x in _get_group_perms(group, recursive)] + _check_expected_count(items, repo_items, expected_count(group, True)) + + for name, perm in repo_items: + yield check_tree_perms, name, perm, group, 'repository.write' + + for name, perm in items: + yield check_tree_perms, name, perm, group, 'group.write' + + +@with_setup(permissions_setup_func) +def test_user_permissions_on_group_with_recursive_mode_only_with_repos(): + ## set permission to g0_3 group to none + recursive = True + group = 'g0/g0_2' + permissions_setup_func(group, 'group.admin', recursive=recursive) + + repo_items = [x for x in _get_repo_perms(group, recursive)] + items = [x for x in _get_group_perms(group, recursive)] + _check_expected_count(items, repo_items, expected_count(group, True)) + + for name, perm in repo_items: + yield check_tree_perms, name, perm, group, 'repository.admin' + + for name, perm in items: + yield check_tree_perms, name, perm, group, 'group.admin' |