kallithea: rhodecode/tests/models/test

annotate rhodecode/tests/models/test_permissions.py @ 3733:af049a957506 beta

fixed default permissions population during upgrades - it often happen that introducing new permission caused default permission to reset it's state to installation default. new version makes sure that only missing permissions are created while leaving old defaults

author	Marcin Kuzminski <marcin@python-works.com>
date	Wed, 10 Apr 2013 02:55:21 +0200
parents	7e3d89d9d3a2
children	a8f520540ab0

rev	line source
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	1 import os
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	2 import unittest
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	3 from rhodecode.tests import *
3647 8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	4 from rhodecode.tests.fixture import Fixture
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	5 from rhodecode.model.repos_group import ReposGroupModel
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	6 from rhodecode.model.repo import RepoModel
3733 af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	7 from rhodecode.model.db import RepoGroup, User, UserGroupRepoGroupToPerm,\
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	8 Permission, UserToPerm
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	9 from rhodecode.model.user import UserModel
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	10
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	11 from rhodecode.model.meta import Session
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	12 from rhodecode.model.users_group import UserGroupModel
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	13 from rhodecode.lib.auth import AuthUser
3733 af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	14 from rhodecode.model.permission import PermissionModel
3647 8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	15
8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	16
8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	17 fixture = Fixture()
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	18
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	19
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	20 class TestPermissions(unittest.TestCase):
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	21 def __init__(self, methodName='runTest'):
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	22 super(TestPermissions, self).__init__(methodName=methodName)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	23
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	24 def setUp(self):
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	25 self.u1 = UserModel().create_or_update(
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	26 username=u'u1', password=u'qweqwe',
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	27 email=u'u1@rhodecode.org', firstname=u'u1', lastname=u'u1'
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	28 )
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	29 self.u2 = UserModel().create_or_update(
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	30 username=u'u2', password=u'qweqwe',
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	31 email=u'u2@rhodecode.org', firstname=u'u2', lastname=u'u2'
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	32 )
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	33 self.u3 = UserModel().create_or_update(
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	34 username=u'u3', password=u'qweqwe',
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	35 email=u'u3@rhodecode.org', firstname=u'u3', lastname=u'u3'
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	36 )
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	37 self.anon = User.get_by_username('default')
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	38 self.a1 = UserModel().create_or_update(
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	39 username=u'a1', password=u'qweqwe',
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	40 email=u'a1@rhodecode.org', firstname=u'a1', lastname=u'a1', admin=True
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	41 )
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	42 Session().commit()
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	43
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	44 def tearDown(self):
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	45 if hasattr(self, 'test_repo'):
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	46 RepoModel().delete(repo=self.test_repo)
2864 5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	47
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	48 UserModel().delete(self.u1)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	49 UserModel().delete(self.u2)
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	50 UserModel().delete(self.u3)
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	51 UserModel().delete(self.a1)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	52 if hasattr(self, 'g1'):
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	53 ReposGroupModel().delete(self.g1.group_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	54 if hasattr(self, 'g2'):
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	55 ReposGroupModel().delete(self.g2.group_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	56
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	57 if hasattr(self, 'ug1'):
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	58 UserGroupModel().delete(self.ug1, force=True)
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	59
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	60 Session().commit()
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	61
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	62 def test_default_perms_set(self):
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	63 u1_auth = AuthUser(user_id=self.u1.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	64 perms = {
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	65 'repositories_groups': {},
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	66 'global': set([u'hg.create.repository', u'repository.read',
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	67 u'hg.register.manual_activate']),
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	68 'repositories': {u'vcs_test_hg': u'repository.read'}
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	69 }
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	70 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	71 perms['repositories'][HG_REPO])
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	72 new_perm = 'repository.write'
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	73 RepoModel().grant_user_permission(repo=HG_REPO, user=self.u1,
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	74 perm=new_perm)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	75 Session().commit()
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	76
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	77 u1_auth = AuthUser(user_id=self.u1.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	78 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	79 new_perm)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	80
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	81 def test_default_admin_perms_set(self):
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	82 a1_auth = AuthUser(user_id=self.a1.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	83 perms = {
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	84 'repositories_groups': {},
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	85 'global': set([u'hg.admin']),
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	86 'repositories': {u'vcs_test_hg': u'repository.admin'}
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	87 }
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	88 self.assertEqual(a1_auth.permissions['repositories'][HG_REPO],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	89 perms['repositories'][HG_REPO])
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	90 new_perm = 'repository.write'
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	91 RepoModel().grant_user_permission(repo=HG_REPO, user=self.a1,
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	92 perm=new_perm)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	93 Session().commit()
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	94 # cannot really downgrade admins permissions !? they still get's set as
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	95 # admin !
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	96 u1_auth = AuthUser(user_id=self.a1.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	97 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	98 perms['repositories'][HG_REPO])
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	99
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	100 def test_default_group_perms(self):
3647 8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	101 self.g1 = fixture.create_group('test1', skip_if_exists=True)
8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	102 self.g2 = fixture.create_group('test2', skip_if_exists=True)
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	103 u1_auth = AuthUser(user_id=self.u1.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	104 perms = {
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	105 'repositories_groups': {u'test1': 'group.read', u'test2': 'group.read'},
3733 af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	106 'global': set(Permission.DEFAULT_USER_PERMISSIONS),
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	107 'repositories': {u'vcs_test_hg': u'repository.read'}
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	108 }
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	109 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	110 perms['repositories'][HG_REPO])
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	111 self.assertEqual(u1_auth.permissions['repositories_groups'],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	112 perms['repositories_groups'])
3733 af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	113 self.assertEqual(u1_auth.permissions['global'],
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	114 perms['global'])
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	115
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	116 def test_default_admin_group_perms(self):
3647 8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	117 self.g1 = fixture.create_group('test1', skip_if_exists=True)
8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	118 self.g2 = fixture.create_group('test2', skip_if_exists=True)
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	119 a1_auth = AuthUser(user_id=self.a1.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	120 perms = {
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	121 'repositories_groups': {u'test1': 'group.admin', u'test2': 'group.admin'},
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	122 'global': set(['hg.admin']),
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	123 'repositories': {u'vcs_test_hg': 'repository.admin'}
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	124 }
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	125
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	126 self.assertEqual(a1_auth.permissions['repositories'][HG_REPO],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	127 perms['repositories'][HG_REPO])
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	128 self.assertEqual(a1_auth.permissions['repositories_groups'],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	129 perms['repositories_groups'])
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	130
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	131 def test_propagated_permission_from_users_group_by_explicit_perms_exist(self):
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	132 # make group
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3647 diff changeset	133 self.ug1 = fixture.create_user_group('G1')
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	134 UserGroupModel().add_user_to_group(self.ug1, self.u1)
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	135
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	136 # set permission to lower
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	137 new_perm = 'repository.none'
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	138 RepoModel().grant_user_permission(repo=HG_REPO, user=self.u1, perm=new_perm)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	139 Session().commit()
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	140 u1_auth = AuthUser(user_id=self.u1.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	141 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	142 new_perm)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	143
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	144 # grant perm for group this should not override permission from user
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	145 # since it has explicitly set
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	146 new_perm_gr = 'repository.write'
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	147 RepoModel().grant_users_group_permission(repo=HG_REPO,
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	148 group_name=self.ug1,
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	149 perm=new_perm_gr)
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	150 # check perms
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	151 u1_auth = AuthUser(user_id=self.u1.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	152 perms = {
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	153 'repositories_groups': {},
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	154 'global': set([u'hg.create.repository', u'repository.read',
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	155 u'hg.register.manual_activate']),
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	156 'repositories': {u'vcs_test_hg': u'repository.read'}
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	157 }
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	158 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	159 new_perm)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	160 self.assertEqual(u1_auth.permissions['repositories_groups'],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	161 perms['repositories_groups'])
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	162
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	163 def test_propagated_permission_from_users_group(self):
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	164 # make group
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3647 diff changeset	165 self.ug1 = fixture.create_user_group('G1')
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	166 UserGroupModel().add_user_to_group(self.ug1, self.u3)
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	167
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	168 # grant perm for group this should override default permission from user
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	169 new_perm_gr = 'repository.write'
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	170 RepoModel().grant_users_group_permission(repo=HG_REPO,
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	171 group_name=self.ug1,
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	172 perm=new_perm_gr)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	173 # check perms
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	174 u3_auth = AuthUser(user_id=self.u3.user_id)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	175 perms = {
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	176 'repositories_groups': {},
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	177 'global': set([u'hg.create.repository', u'repository.read',
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	178 u'hg.register.manual_activate']),
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	179 'repositories': {u'vcs_test_hg': u'repository.read'}
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	180 }
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	181 self.assertEqual(u3_auth.permissions['repositories'][HG_REPO],
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	182 new_perm_gr)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	183 self.assertEqual(u3_auth.permissions['repositories_groups'],
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	184 perms['repositories_groups'])
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	185
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	186 def test_propagated_permission_from_users_group_lower_weight(self):
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	187 # make group
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3647 diff changeset	188 self.ug1 = fixture.create_user_group('G1')
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	189 # add user to group
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	190 UserGroupModel().add_user_to_group(self.ug1, self.u1)
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	191
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	192 # set permission to lower
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	193 new_perm_h = 'repository.write'
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	194 RepoModel().grant_user_permission(repo=HG_REPO, user=self.u1,
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	195 perm=new_perm_h)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	196 Session().commit()
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	197 u1_auth = AuthUser(user_id=self.u1.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	198 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	199 new_perm_h)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	200
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	201 # grant perm for group this should NOT override permission from user
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	202 # since it's lower than granted
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	203 new_perm_l = 'repository.read'
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	204 RepoModel().grant_users_group_permission(repo=HG_REPO,
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	205 group_name=self.ug1,
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	206 perm=new_perm_l)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	207 # check perms
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	208 u1_auth = AuthUser(user_id=self.u1.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	209 perms = {
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	210 'repositories_groups': {},
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	211 'global': set([u'hg.create.repository', u'repository.read',
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	212 u'hg.register.manual_activate']),
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	213 'repositories': {u'vcs_test_hg': u'repository.write'}
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	214 }
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	215 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	216 new_perm_h)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	217 self.assertEqual(u1_auth.permissions['repositories_groups'],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	218 perms['repositories_groups'])
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	219
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	220 def test_repo_in_group_permissions(self):
3647 8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	221 self.g1 = fixture.create_group('group1', skip_if_exists=True)
8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	222 self.g2 = fixture.create_group('group2', skip_if_exists=True)
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	223 # both perms should be read !
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	224 u1_auth = AuthUser(user_id=self.u1.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	225 self.assertEqual(u1_auth.permissions['repositories_groups'],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	226 {u'group1': u'group.read', u'group2': u'group.read'})
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	227
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	228 a1_auth = AuthUser(user_id=self.anon.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	229 self.assertEqual(a1_auth.permissions['repositories_groups'],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	230 {u'group1': u'group.read', u'group2': u'group.read'})
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	231
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	232 #Change perms to none for both groups
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	233 ReposGroupModel().grant_user_permission(repos_group=self.g1,
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	234 user=self.anon,
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	235 perm='group.none')
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	236 ReposGroupModel().grant_user_permission(repos_group=self.g2,
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	237 user=self.anon,
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	238 perm='group.none')
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	239
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	240 u1_auth = AuthUser(user_id=self.u1.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	241 self.assertEqual(u1_auth.permissions['repositories_groups'],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	242 {u'group1': u'group.none', u'group2': u'group.none'})
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	243
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	244 a1_auth = AuthUser(user_id=self.anon.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	245 self.assertEqual(a1_auth.permissions['repositories_groups'],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	246 {u'group1': u'group.none', u'group2': u'group.none'})
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	247
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	248 # add repo to group
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	249 name = RepoGroup.url_sep().join([self.g1.group_name, 'test_perm'])
3647 8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	250 self.test_repo = fixture.create_repo(name=name,
8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	251 repo_type='hg',
8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	252 repos_group=self.g1,
8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	253 cur_user=self.u1,)
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	254
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	255 u1_auth = AuthUser(user_id=self.u1.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	256 self.assertEqual(u1_auth.permissions['repositories_groups'],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	257 {u'group1': u'group.none', u'group2': u'group.none'})
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	258
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	259 a1_auth = AuthUser(user_id=self.anon.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	260 self.assertEqual(a1_auth.permissions['repositories_groups'],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	261 {u'group1': u'group.none', u'group2': u'group.none'})
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	262
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	263 #grant permission for u2 !
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	264 ReposGroupModel().grant_user_permission(repos_group=self.g1,
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	265 user=self.u2,
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	266 perm='group.read')
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	267 ReposGroupModel().grant_user_permission(repos_group=self.g2,
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	268 user=self.u2,
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	269 perm='group.read')
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	270 Session().commit()
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	271 self.assertNotEqual(self.u1, self.u2)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	272 #u1 and anon should have not change perms while u2 should !
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	273 u1_auth = AuthUser(user_id=self.u1.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	274 self.assertEqual(u1_auth.permissions['repositories_groups'],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	275 {u'group1': u'group.none', u'group2': u'group.none'})
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	276
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	277 u2_auth = AuthUser(user_id=self.u2.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	278 self.assertEqual(u2_auth.permissions['repositories_groups'],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	279 {u'group1': u'group.read', u'group2': u'group.read'})
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	280
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	281 a1_auth = AuthUser(user_id=self.anon.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	282 self.assertEqual(a1_auth.permissions['repositories_groups'],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	283 {u'group1': u'group.none', u'group2': u'group.none'})
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	284
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	285 def test_repo_group_user_as_user_group_member(self):
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	286 # create Group1
3647 8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	287 self.g1 = fixture.create_group('group1', skip_if_exists=True)
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	288 a1_auth = AuthUser(user_id=self.anon.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	289
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	290 self.assertEqual(a1_auth.permissions['repositories_groups'],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	291 {u'group1': u'group.read'})
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	292
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	293 # set default permission to none
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	294 ReposGroupModel().grant_user_permission(repos_group=self.g1,
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	295 user=self.anon,
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	296 perm='group.none')
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	297 # make group
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3647 diff changeset	298 self.ug1 = fixture.create_user_group('G1')
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	299 # add user to group
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	300 UserGroupModel().add_user_to_group(self.ug1, self.u1)
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	301 Session().commit()
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	302
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	303 # check if user is in the group
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	304 membrs = [x.user_id for x in UserGroupModel().get(self.ug1.users_group_id).members]
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	305 self.assertEqual(membrs, [self.u1.user_id])
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	306 # add some user to that group
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	307
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	308 # check his permissions
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	309 a1_auth = AuthUser(user_id=self.anon.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	310 self.assertEqual(a1_auth.permissions['repositories_groups'],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	311 {u'group1': u'group.none'})
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	312
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	313 u1_auth = AuthUser(user_id=self.u1.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	314 self.assertEqual(u1_auth.permissions['repositories_groups'],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	315 {u'group1': u'group.none'})
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	316
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	317 # grant ug1 read permissions for
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	318 ReposGroupModel().grant_users_group_permission(repos_group=self.g1,
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	319 group_name=self.ug1,
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	320 perm='group.read')
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	321 Session().commit()
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	322 # check if the
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	323 obj = Session().query(UserGroupRepoGroupToPerm)\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	324 .filter(UserGroupRepoGroupToPerm.group == self.g1)\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	325 .filter(UserGroupRepoGroupToPerm.users_group == self.ug1)\
2527 95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	326 .scalar()
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	327 self.assertEqual(obj.permission.permission_name, 'group.read')
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	328
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	329 a1_auth = AuthUser(user_id=self.anon.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	330
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	331 self.assertEqual(a1_auth.permissions['repositories_groups'],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	332 {u'group1': u'group.none'})
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	333
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	334 u1_auth = AuthUser(user_id=self.u1.user_id)
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	335 self.assertEqual(u1_auth.permissions['repositories_groups'],
95624ce4465f orginized test module Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	336 {u'group1': u'group.read'})
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	337
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	338 def test_inherited_permissions_from_default_on_user_enabled(self):
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	339 user_model = UserModel()
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	340 # enable fork and create on default user
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	341 usr = 'default'
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	342 user_model.revoke_perm(usr, 'hg.create.none')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	343 user_model.grant_perm(usr, 'hg.create.repository')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	344 user_model.revoke_perm(usr, 'hg.fork.none')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	345 user_model.grant_perm(usr, 'hg.fork.repository')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	346 # make sure inherit flag is turned on
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	347 self.u1.inherit_default_permissions = True
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	348 Session().commit()
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	349 u1_auth = AuthUser(user_id=self.u1.user_id)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	350 # this user will have inherited permissions from default user
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	351 self.assertEqual(u1_auth.permissions['global'],
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	352 set(['hg.create.repository', 'hg.fork.repository',
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	353 'hg.register.manual_activate',
3733 af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	354 'repository.read', 'group.read',
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	355 'usergroup.read']))
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	356
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	357 def test_inherited_permissions_from_default_on_user_disabled(self):
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	358 user_model = UserModel()
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	359 # disable fork and create on default user
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	360 usr = 'default'
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	361 user_model.revoke_perm(usr, 'hg.create.repository')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	362 user_model.grant_perm(usr, 'hg.create.none')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	363 user_model.revoke_perm(usr, 'hg.fork.repository')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	364 user_model.grant_perm(usr, 'hg.fork.none')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	365 # make sure inherit flag is turned on
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	366 self.u1.inherit_default_permissions = True
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	367 Session().commit()
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	368 u1_auth = AuthUser(user_id=self.u1.user_id)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	369 # this user will have inherited permissions from default user
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	370 self.assertEqual(u1_auth.permissions['global'],
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	371 set(['hg.create.none', 'hg.fork.none',
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	372 'hg.register.manual_activate',
3733 af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	373 'repository.read', 'group.read',
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	374 'usergroup.read']))
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	375
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	376 def test_non_inherited_permissions_from_default_on_user_enabled(self):
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	377 user_model = UserModel()
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	378 # enable fork and create on default user
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	379 usr = 'default'
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	380 user_model.revoke_perm(usr, 'hg.create.none')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	381 user_model.grant_perm(usr, 'hg.create.repository')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	382 user_model.revoke_perm(usr, 'hg.fork.none')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	383 user_model.grant_perm(usr, 'hg.fork.repository')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	384
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	385 #disable global perms on specific user
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	386 user_model.revoke_perm(self.u1, 'hg.create.repository')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	387 user_model.grant_perm(self.u1, 'hg.create.none')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	388 user_model.revoke_perm(self.u1, 'hg.fork.repository')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	389 user_model.grant_perm(self.u1, 'hg.fork.none')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	390
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	391 # make sure inherit flag is turned off
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	392 self.u1.inherit_default_permissions = False
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	393 Session().commit()
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	394 u1_auth = AuthUser(user_id=self.u1.user_id)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	395 # this user will have non inherited permissions from he's
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	396 # explicitly set permissions
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	397 self.assertEqual(u1_auth.permissions['global'],
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	398 set(['hg.create.none', 'hg.fork.none',
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	399 'hg.register.manual_activate',
3733 af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	400 'repository.read', 'group.read',
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	401 'usergroup.read']))
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	402
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	403 def test_non_inherited_permissions_from_default_on_user_disabled(self):
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	404 user_model = UserModel()
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	405 # disable fork and create on default user
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	406 usr = 'default'
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	407 user_model.revoke_perm(usr, 'hg.create.repository')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	408 user_model.grant_perm(usr, 'hg.create.none')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	409 user_model.revoke_perm(usr, 'hg.fork.repository')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	410 user_model.grant_perm(usr, 'hg.fork.none')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	411
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	412 #enable global perms on specific user
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	413 user_model.revoke_perm(self.u1, 'hg.create.none')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	414 user_model.grant_perm(self.u1, 'hg.create.repository')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	415 user_model.revoke_perm(self.u1, 'hg.fork.none')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	416 user_model.grant_perm(self.u1, 'hg.fork.repository')
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	417
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	418 # make sure inherit flag is turned off
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	419 self.u1.inherit_default_permissions = False
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	420 Session().commit()
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	421 u1_auth = AuthUser(user_id=self.u1.user_id)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	422 # this user will have non inherited permissions from he's
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	423 # explicitly set permissions
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	424 self.assertEqual(u1_auth.permissions['global'],
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	425 set(['hg.create.repository', 'hg.fork.repository',
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2529 diff changeset	426 'hg.register.manual_activate',
3733 af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	427 'repository.read', 'group.read',
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	428 'usergroup.read']))
2864 5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	429
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	430 def test_owner_permissions_doesnot_get_overwritten_by_group(self):
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	431 #create repo as USER,
3647 8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	432 self.test_repo = fixture.create_repo(name='myownrepo',
8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	433 repo_type='hg',
8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	434 cur_user=self.u1)
2864 5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	435
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	436 #he has permissions of admin as owner
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	437 u1_auth = AuthUser(user_id=self.u1.user_id)
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	438 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	439 'repository.admin')
3415 b8f929bff7e3 fixed tests and missing replacements from 5f1850e4712a Marcin Kuzminski <marcin@python-works.com> parents: 3053 diff changeset	440 #set his permission as user group, he should still be admin
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3647 diff changeset	441 self.ug1 = fixture.create_user_group('G1')
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	442 UserGroupModel().add_user_to_group(self.ug1, self.u1)
3647 8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	443 RepoModel().grant_users_group_permission(self.test_repo,
8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	444 group_name=self.ug1,
2864 5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	445 perm='repository.none')
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	446
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	447 Session().commit()
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	448 u1_auth = AuthUser(user_id=self.u1.user_id)
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	449 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	450 'repository.admin')
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	451
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	452 def test_owner_permissions_doesnot_get_overwritten_by_others(self):
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	453 #create repo as USER,
3647 8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	454 self.test_repo = fixture.create_repo(name='myownrepo',
8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	455 repo_type='hg',
8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	456 cur_user=self.u1)
2864 5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	457
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	458 #he has permissions of admin as owner
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	459 u1_auth = AuthUser(user_id=self.u1.user_id)
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	460 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	461 'repository.admin')
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	462 #set his permission as user, he should still be admin
3647 8a86836fad64 more usage of fixture tools Marcin Kuzminski <marcin@python-works.com> parents: 3417 diff changeset	463 RepoModel().grant_user_permission(self.test_repo, user=self.u1,
2864 5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	464 perm='repository.none')
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	465 Session().commit()
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	466 u1_auth = AuthUser(user_id=self.u1.user_id)
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	467 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	468 'repository.admin')
3733 af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	469
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	470 def _test_def_perm_equal(self, user, change_factor=0):
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	471 perms = UserToPerm.query()\
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	472 .filter(UserToPerm.user == user)\
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	473 .all()
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	474 self.assertEqual(len(perms),
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	475 len(Permission.DEFAULT_USER_PERMISSIONS,)+change_factor,
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	476 msg=perms)
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	477
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	478 def test_set_default_permissions(self):
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	479 PermissionModel().create_default_permissions(user=self.u1)
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	480 self._test_def_perm_equal(user=self.u1)
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	481
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	482 def test_set_default_permissions_after_one_is_missing(self):
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	483 PermissionModel().create_default_permissions(user=self.u1)
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	484 self._test_def_perm_equal(user=self.u1)
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	485 #now we delete one, it should be re-created after another call
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	486 perms = UserToPerm.query()\
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	487 .filter(UserToPerm.user == self.u1)\
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	488 .all()
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	489 Session().delete(perms[0])
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	490 Session().commit()
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	491
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	492 self._test_def_perm_equal(user=self.u1, change_factor=-1)
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	493
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	494 #create missing one !
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	495 PermissionModel().create_default_permissions(user=self.u1)
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	496 self._test_def_perm_equal(user=self.u1)
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	497
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	498 @parameterized.expand([
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	499 ('repository.read', 'repository.none'),
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	500 ('group.read', 'group.none'),
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	501 ('usergroup.read', 'usergroup.none'),
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	502 ('hg.create.repository', 'hg.create.none'),
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	503 ('hg.fork.repository', 'hg.fork.none'),
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	504 ('hg.register.manual_activate', 'hg.register.auto_activate',)
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	505 ])
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	506 def test_set_default_permissions_after_modification(self, perm, modify_to):
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	507 PermissionModel().create_default_permissions(user=self.u1)
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	508 self._test_def_perm_equal(user=self.u1)
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	509
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	510 old = Permission.get_by_key(perm)
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	511 new = Permission.get_by_key(modify_to)
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	512 self.assertNotEqual(old, None)
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	513 self.assertNotEqual(new, None)
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	514
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	515 #now modify permissions
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	516 p = UserToPerm.query()\
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	517 .filter(UserToPerm.user == self.u1)\
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	518 .filter(UserToPerm.permission == old)\
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	519 .one()
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	520 p.permission = new
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	521 Session().add(p)
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	522 Session().commit()
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	523
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	524 PermissionModel().create_default_permissions(user=self.u1)
af049a957506 fixed default permissions population during upgrades Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	525 self._test_def_perm_equal(user=self.u1)

Mercurial > kallithea

annotate rhodecode/tests/models/test_permissions.py @ 3733:af049a957506 beta