Mercurial > kallithea
annotate rhodecode/tests/models/test_permissions.py @ 2864:5c1ad3b410e5 beta
fixed #570 explicit users group permissions can overwrite owner permissions
- added test for that case
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Sun, 23 Sep 2012 13:04:53 +0200 |
| parents | c0cc8f8a71b0 |
| children | d7e10699513b |
| rev | line source |
|---|---|
|
2527
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
1 import os |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
2 import unittest |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
3 from rhodecode.tests import * |
|
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2815
diff
changeset
|
4 from rhodecode.tests.models.common import _make_group |
|
2527
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
5 from rhodecode.model.repos_group import ReposGroupModel |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
6 from rhodecode.model.repo import RepoModel |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
7 from rhodecode.model.db import RepoGroup, User, UsersGroupRepoGroupToPerm |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
8 from rhodecode.model.user import UserModel |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
9 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
10 from rhodecode.model.meta import Session |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
11 from rhodecode.model.users_group import UsersGroupModel |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
12 from rhodecode.lib.auth import AuthUser |
|
2864
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
13 from rhodecode.tests.api.api_base import create_repo |
|
2527
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
14 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
15 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
16 class TestPermissions(unittest.TestCase): |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
17 def __init__(self, methodName='runTest'): |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
18 super(TestPermissions, self).__init__(methodName=methodName) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
19 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
20 def setUp(self): |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
21 self.u1 = UserModel().create_or_update( |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
22 username=u'u1', password=u'qweqwe', |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
23 email=u'u1@rhodecode.org', firstname=u'u1', lastname=u'u1' |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
24 ) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
25 self.u2 = UserModel().create_or_update( |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
26 username=u'u2', password=u'qweqwe', |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
27 email=u'u2@rhodecode.org', firstname=u'u2', lastname=u'u2' |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
28 ) |
|
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
29 self.u3 = UserModel().create_or_update( |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
30 username=u'u3', password=u'qweqwe', |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
31 email=u'u3@rhodecode.org', firstname=u'u3', lastname=u'u3' |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
32 ) |
|
2527
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
33 self.anon = User.get_by_username('default') |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
34 self.a1 = UserModel().create_or_update( |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
35 username=u'a1', password=u'qweqwe', |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
36 email=u'a1@rhodecode.org', firstname=u'a1', lastname=u'a1', admin=True |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
37 ) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
38 Session().commit() |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
39 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
40 def tearDown(self): |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
41 if hasattr(self, 'test_repo'): |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
42 RepoModel().delete(repo=self.test_repo) |
|
2864
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
43 |
|
2527
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
44 UserModel().delete(self.u1) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
45 UserModel().delete(self.u2) |
|
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
46 UserModel().delete(self.u3) |
|
2527
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
47 UserModel().delete(self.a1) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
48 if hasattr(self, 'g1'): |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
49 ReposGroupModel().delete(self.g1.group_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
50 if hasattr(self, 'g2'): |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
51 ReposGroupModel().delete(self.g2.group_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
52 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
53 if hasattr(self, 'ug1'): |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
54 UsersGroupModel().delete(self.ug1, force=True) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
55 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
56 Session().commit() |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
57 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
58 def test_default_perms_set(self): |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
59 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
60 perms = { |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
61 'repositories_groups': {}, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
62 'global': set([u'hg.create.repository', u'repository.read', |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
63 u'hg.register.manual_activate']), |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
64 'repositories': {u'vcs_test_hg': u'repository.read'} |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
65 } |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
66 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
67 perms['repositories'][HG_REPO]) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
68 new_perm = 'repository.write' |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
69 RepoModel().grant_user_permission(repo=HG_REPO, user=self.u1, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
70 perm=new_perm) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
71 Session().commit() |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
72 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
73 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
74 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
75 new_perm) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
76 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
77 def test_default_admin_perms_set(self): |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
78 a1_auth = AuthUser(user_id=self.a1.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
79 perms = { |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
80 'repositories_groups': {}, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
81 'global': set([u'hg.admin']), |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
82 'repositories': {u'vcs_test_hg': u'repository.admin'} |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
83 } |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
84 self.assertEqual(a1_auth.permissions['repositories'][HG_REPO], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
85 perms['repositories'][HG_REPO]) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
86 new_perm = 'repository.write' |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
87 RepoModel().grant_user_permission(repo=HG_REPO, user=self.a1, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
88 perm=new_perm) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
89 Session().commit() |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
90 # cannot really downgrade admins permissions !? they still get's set as |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
91 # admin ! |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
92 u1_auth = AuthUser(user_id=self.a1.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
93 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
94 perms['repositories'][HG_REPO]) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
95 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
96 def test_default_group_perms(self): |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
97 self.g1 = _make_group('test1', skip_if_exists=True) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
98 self.g2 = _make_group('test2', skip_if_exists=True) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
99 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
100 perms = { |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
101 'repositories_groups': {u'test1': 'group.read', u'test2': 'group.read'}, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
102 'global': set([u'hg.create.repository', u'repository.read', u'hg.register.manual_activate']), |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
103 'repositories': {u'vcs_test_hg': u'repository.read'} |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
104 } |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
105 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
106 perms['repositories'][HG_REPO]) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
107 self.assertEqual(u1_auth.permissions['repositories_groups'], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
108 perms['repositories_groups']) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
109 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
110 def test_default_admin_group_perms(self): |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
111 self.g1 = _make_group('test1', skip_if_exists=True) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
112 self.g2 = _make_group('test2', skip_if_exists=True) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
113 a1_auth = AuthUser(user_id=self.a1.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
114 perms = { |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
115 'repositories_groups': {u'test1': 'group.admin', u'test2': 'group.admin'}, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
116 'global': set(['hg.admin']), |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
117 'repositories': {u'vcs_test_hg': 'repository.admin'} |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
118 } |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
119 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
120 self.assertEqual(a1_auth.permissions['repositories'][HG_REPO], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
121 perms['repositories'][HG_REPO]) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
122 self.assertEqual(a1_auth.permissions['repositories_groups'], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
123 perms['repositories_groups']) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
124 |
|
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
125 def test_propagated_permission_from_users_group_by_explicit_perms_exist(self): |
|
2527
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
126 # make group |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
127 self.ug1 = UsersGroupModel().create('G1') |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
128 # add user to group |
|
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
129 |
|
2527
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
130 UsersGroupModel().add_user_to_group(self.ug1, self.u1) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
131 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
132 # set permission to lower |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
133 new_perm = 'repository.none' |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
134 RepoModel().grant_user_permission(repo=HG_REPO, user=self.u1, perm=new_perm) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
135 Session().commit() |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
136 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
137 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
138 new_perm) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
139 |
|
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
140 # grant perm for group this should not override permission from user |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
141 # since it has explicitly set |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
142 new_perm_gr = 'repository.write' |
|
2527
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
143 RepoModel().grant_users_group_permission(repo=HG_REPO, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
144 group_name=self.ug1, |
|
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
145 perm=new_perm_gr) |
|
2527
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
146 # check perms |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
147 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
148 perms = { |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
149 'repositories_groups': {}, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
150 'global': set([u'hg.create.repository', u'repository.read', |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
151 u'hg.register.manual_activate']), |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
152 'repositories': {u'vcs_test_hg': u'repository.read'} |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
153 } |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
154 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
155 new_perm) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
156 self.assertEqual(u1_auth.permissions['repositories_groups'], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
157 perms['repositories_groups']) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
158 |
|
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
159 def test_propagated_permission_from_users_group(self): |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
160 # make group |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
161 self.ug1 = UsersGroupModel().create('G1') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
162 # add user to group |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
163 |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
164 UsersGroupModel().add_user_to_group(self.ug1, self.u3) |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
165 |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
166 # grant perm for group this should override default permission from user |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
167 new_perm_gr = 'repository.write' |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
168 RepoModel().grant_users_group_permission(repo=HG_REPO, |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
169 group_name=self.ug1, |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
170 perm=new_perm_gr) |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
171 # check perms |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
172 u3_auth = AuthUser(user_id=self.u3.user_id) |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
173 perms = { |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
174 'repositories_groups': {}, |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
175 'global': set([u'hg.create.repository', u'repository.read', |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
176 u'hg.register.manual_activate']), |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
177 'repositories': {u'vcs_test_hg': u'repository.read'} |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
178 } |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
179 self.assertEqual(u3_auth.permissions['repositories'][HG_REPO], |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
180 new_perm_gr) |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
181 self.assertEqual(u3_auth.permissions['repositories_groups'], |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
182 perms['repositories_groups']) |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
183 |
|
2527
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
184 def test_propagated_permission_from_users_group_lower_weight(self): |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
185 # make group |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
186 self.ug1 = UsersGroupModel().create('G1') |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
187 # add user to group |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
188 UsersGroupModel().add_user_to_group(self.ug1, self.u1) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
189 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
190 # set permission to lower |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
191 new_perm_h = 'repository.write' |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
192 RepoModel().grant_user_permission(repo=HG_REPO, user=self.u1, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
193 perm=new_perm_h) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
194 Session().commit() |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
195 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
196 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
197 new_perm_h) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
198 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
199 # grant perm for group this should NOT override permission from user |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
200 # since it's lower than granted |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
201 new_perm_l = 'repository.read' |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
202 RepoModel().grant_users_group_permission(repo=HG_REPO, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
203 group_name=self.ug1, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
204 perm=new_perm_l) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
205 # check perms |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
206 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
207 perms = { |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
208 'repositories_groups': {}, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
209 'global': set([u'hg.create.repository', u'repository.read', |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
210 u'hg.register.manual_activate']), |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
211 'repositories': {u'vcs_test_hg': u'repository.write'} |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
212 } |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
213 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
214 new_perm_h) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
215 self.assertEqual(u1_auth.permissions['repositories_groups'], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
216 perms['repositories_groups']) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
217 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
218 def test_repo_in_group_permissions(self): |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
219 self.g1 = _make_group('group1', skip_if_exists=True) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
220 self.g2 = _make_group('group2', skip_if_exists=True) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
221 Session().commit() |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
222 # both perms should be read ! |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
223 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
224 self.assertEqual(u1_auth.permissions['repositories_groups'], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
225 {u'group1': u'group.read', u'group2': u'group.read'}) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
226 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
227 a1_auth = AuthUser(user_id=self.anon.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
228 self.assertEqual(a1_auth.permissions['repositories_groups'], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
229 {u'group1': u'group.read', u'group2': u'group.read'}) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
230 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
231 #Change perms to none for both groups |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
232 ReposGroupModel().grant_user_permission(repos_group=self.g1, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
233 user=self.anon, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
234 perm='group.none') |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
235 ReposGroupModel().grant_user_permission(repos_group=self.g2, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
236 user=self.anon, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
237 perm='group.none') |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
238 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
239 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
240 self.assertEqual(u1_auth.permissions['repositories_groups'], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
241 {u'group1': u'group.none', u'group2': u'group.none'}) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
242 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
243 a1_auth = AuthUser(user_id=self.anon.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
244 self.assertEqual(a1_auth.permissions['repositories_groups'], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
245 {u'group1': u'group.none', u'group2': u'group.none'}) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
246 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
247 # add repo to group |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
248 name = RepoGroup.url_sep().join([self.g1.group_name, 'test_perm']) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
249 self.test_repo = RepoModel().create_repo( |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
250 repo_name=name, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
251 repo_type='hg', |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
252 description='', |
|
2529
40b3a54391f9
Added functional test create repo with a group
Marcin Kuzminski <marcin@python-works.com>
parents:
2527
diff
changeset
|
253 repos_group=self.g1, |
|
2527
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
254 owner=self.u1, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
255 ) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
256 Session().commit() |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
257 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
258 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
259 self.assertEqual(u1_auth.permissions['repositories_groups'], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
260 {u'group1': u'group.none', u'group2': u'group.none'}) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
261 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
262 a1_auth = AuthUser(user_id=self.anon.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
263 self.assertEqual(a1_auth.permissions['repositories_groups'], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
264 {u'group1': u'group.none', u'group2': u'group.none'}) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
265 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
266 #grant permission for u2 ! |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
267 ReposGroupModel().grant_user_permission(repos_group=self.g1, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
268 user=self.u2, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
269 perm='group.read') |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
270 ReposGroupModel().grant_user_permission(repos_group=self.g2, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
271 user=self.u2, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
272 perm='group.read') |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
273 Session().commit() |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
274 self.assertNotEqual(self.u1, self.u2) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
275 #u1 and anon should have not change perms while u2 should ! |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
276 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
277 self.assertEqual(u1_auth.permissions['repositories_groups'], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
278 {u'group1': u'group.none', u'group2': u'group.none'}) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
279 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
280 u2_auth = AuthUser(user_id=self.u2.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
281 self.assertEqual(u2_auth.permissions['repositories_groups'], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
282 {u'group1': u'group.read', u'group2': u'group.read'}) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
283 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
284 a1_auth = AuthUser(user_id=self.anon.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
285 self.assertEqual(a1_auth.permissions['repositories_groups'], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
286 {u'group1': u'group.none', u'group2': u'group.none'}) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
287 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
288 def test_repo_group_user_as_user_group_member(self): |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
289 # create Group1 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
290 self.g1 = _make_group('group1', skip_if_exists=True) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
291 Session().commit() |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
292 a1_auth = AuthUser(user_id=self.anon.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
293 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
294 self.assertEqual(a1_auth.permissions['repositories_groups'], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
295 {u'group1': u'group.read'}) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
296 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
297 # set default permission to none |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
298 ReposGroupModel().grant_user_permission(repos_group=self.g1, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
299 user=self.anon, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
300 perm='group.none') |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
301 # make group |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
302 self.ug1 = UsersGroupModel().create('G1') |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
303 # add user to group |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
304 UsersGroupModel().add_user_to_group(self.ug1, self.u1) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
305 Session().commit() |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
306 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
307 # check if user is in the group |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
308 membrs = [x.user_id for x in UsersGroupModel().get(self.ug1.users_group_id).members] |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
309 self.assertEqual(membrs, [self.u1.user_id]) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
310 # add some user to that group |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
311 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
312 # check his permissions |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
313 a1_auth = AuthUser(user_id=self.anon.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
314 self.assertEqual(a1_auth.permissions['repositories_groups'], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
315 {u'group1': u'group.none'}) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
316 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
317 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
318 self.assertEqual(u1_auth.permissions['repositories_groups'], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
319 {u'group1': u'group.none'}) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
320 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
321 # grant ug1 read permissions for |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
322 ReposGroupModel().grant_users_group_permission(repos_group=self.g1, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
323 group_name=self.ug1, |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
324 perm='group.read') |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
325 Session().commit() |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
326 # check if the |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
327 obj = Session().query(UsersGroupRepoGroupToPerm)\ |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
328 .filter(UsersGroupRepoGroupToPerm.group == self.g1)\ |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
329 .filter(UsersGroupRepoGroupToPerm.users_group == self.ug1)\ |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
330 .scalar() |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
331 self.assertEqual(obj.permission.permission_name, 'group.read') |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
332 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
333 a1_auth = AuthUser(user_id=self.anon.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
334 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
335 self.assertEqual(a1_auth.permissions['repositories_groups'], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
336 {u'group1': u'group.none'}) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
337 |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
338 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
339 self.assertEqual(u1_auth.permissions['repositories_groups'], |
|
95624ce4465f
orginized test module
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
340 {u'group1': u'group.read'}) |
|
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
341 |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
342 def test_inherited_permissions_from_default_on_user_enabled(self): |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
343 user_model = UserModel() |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
344 # enable fork and create on default user |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
345 usr = 'default' |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
346 user_model.revoke_perm(usr, 'hg.create.none') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
347 user_model.grant_perm(usr, 'hg.create.repository') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
348 user_model.revoke_perm(usr, 'hg.fork.none') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
349 user_model.grant_perm(usr, 'hg.fork.repository') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
350 # make sure inherit flag is turned on |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
351 self.u1.inherit_default_permissions = True |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
352 Session().commit() |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
353 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
354 # this user will have inherited permissions from default user |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
355 self.assertEqual(u1_auth.permissions['global'], |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
356 set(['hg.create.repository', 'hg.fork.repository', |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
357 'hg.register.manual_activate', |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
358 'repository.read'])) |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
359 |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
360 def test_inherited_permissions_from_default_on_user_disabled(self): |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
361 user_model = UserModel() |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
362 # disable fork and create on default user |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
363 usr = 'default' |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
364 user_model.revoke_perm(usr, 'hg.create.repository') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
365 user_model.grant_perm(usr, 'hg.create.none') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
366 user_model.revoke_perm(usr, 'hg.fork.repository') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
367 user_model.grant_perm(usr, 'hg.fork.none') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
368 # make sure inherit flag is turned on |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
369 self.u1.inherit_default_permissions = True |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
370 Session().commit() |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
371 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
372 # this user will have inherited permissions from default user |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
373 self.assertEqual(u1_auth.permissions['global'], |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
374 set(['hg.create.none', 'hg.fork.none', |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
375 'hg.register.manual_activate', |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
376 'repository.read'])) |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
377 |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
378 def test_non_inherited_permissions_from_default_on_user_enabled(self): |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
379 user_model = UserModel() |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
380 # enable fork and create on default user |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
381 usr = 'default' |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
382 user_model.revoke_perm(usr, 'hg.create.none') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
383 user_model.grant_perm(usr, 'hg.create.repository') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
384 user_model.revoke_perm(usr, 'hg.fork.none') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
385 user_model.grant_perm(usr, 'hg.fork.repository') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
386 |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
387 #disable global perms on specific user |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
388 user_model.revoke_perm(self.u1, 'hg.create.repository') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
389 user_model.grant_perm(self.u1, 'hg.create.none') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
390 user_model.revoke_perm(self.u1, 'hg.fork.repository') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
391 user_model.grant_perm(self.u1, 'hg.fork.none') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
392 |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
393 # make sure inherit flag is turned off |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
394 self.u1.inherit_default_permissions = False |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
395 Session().commit() |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
396 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
397 # this user will have non inherited permissions from he's |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
398 # explicitly set permissions |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
399 self.assertEqual(u1_auth.permissions['global'], |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
400 set(['hg.create.none', 'hg.fork.none', |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
401 'hg.register.manual_activate', |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
402 'repository.read'])) |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
403 |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
404 def test_non_inherited_permissions_from_default_on_user_disabled(self): |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
405 user_model = UserModel() |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
406 # disable fork and create on default user |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
407 usr = 'default' |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
408 user_model.revoke_perm(usr, 'hg.create.repository') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
409 user_model.grant_perm(usr, 'hg.create.none') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
410 user_model.revoke_perm(usr, 'hg.fork.repository') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
411 user_model.grant_perm(usr, 'hg.fork.none') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
412 |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
413 #enable global perms on specific user |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
414 user_model.revoke_perm(self.u1, 'hg.create.none') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
415 user_model.grant_perm(self.u1, 'hg.create.repository') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
416 user_model.revoke_perm(self.u1, 'hg.fork.none') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
417 user_model.grant_perm(self.u1, 'hg.fork.repository') |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
418 |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
419 # make sure inherit flag is turned off |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
420 self.u1.inherit_default_permissions = False |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
421 Session().commit() |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
422 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
423 # this user will have non inherited permissions from he's |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
424 # explicitly set permissions |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
425 self.assertEqual(u1_auth.permissions['global'], |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
426 set(['hg.create.repository', 'hg.fork.repository', |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
427 'hg.register.manual_activate', |
|
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2529
diff
changeset
|
428 'repository.read'])) |
|
2864
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
429 |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
430 def test_owner_permissions_doesnot_get_overwritten_by_group(self): |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
431 #create repo as USER, |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
432 self.test_repo = repo = RepoModel().create_repo(repo_name='myownrepo', |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
433 repo_type='hg', |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
434 description='desc', |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
435 owner=self.u1) |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
436 |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
437 Session().commit() |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
438 #he has permissions of admin as owner |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
439 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
440 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'], |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
441 'repository.admin') |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
442 #set his permission as users group, he should still be admin |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
443 self.ug1 = UsersGroupModel().create('G1') |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
444 # add user to group |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
445 UsersGroupModel().add_user_to_group(self.ug1, self.u1) |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
446 RepoModel().grant_users_group_permission(repo, group_name=self.ug1, |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
447 perm='repository.none') |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
448 |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
449 Session().commit() |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
450 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
451 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'], |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
452 'repository.admin') |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
453 |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
454 def test_owner_permissions_doesnot_get_overwritten_by_others(self): |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
455 #create repo as USER, |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
456 self.test_repo = repo = RepoModel().create_repo(repo_name='myownrepo', |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
457 repo_type='hg', |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
458 description='desc', |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
459 owner=self.u1) |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
460 |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
461 Session().commit() |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
462 #he has permissions of admin as owner |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
463 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
464 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'], |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
465 'repository.admin') |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
466 #set his permission as user, he should still be admin |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
467 RepoModel().grant_user_permission(repo, user=self.u1, |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
468 perm='repository.none') |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
469 Session().commit() |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
470 u1_auth = AuthUser(user_id=self.u1.user_id) |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
471 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'], |
|
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
472 'repository.admin') |