Mercurial > kallithea

comparison rhodecode/tests/api/api_base.py @ 3163:28571535dd61 beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
API methods create_repo, fork_repo, delete_repo, get_repo, get_repos can be executed by non-admin users ref #539
author Marcin Kuzminski <marcin@python-works.com>
date Mon, 14 Jan 2013 00:38:24 +0100
parents 3563c47e52fd
children e1baadec6217
comparison
equal deleted inserted replaced
3162:a0a8f38e8fb8 3163:28571535dd61
57 def destroy_users_group(name=TEST_USERS_GROUP): 57 def destroy_users_group(name=TEST_USERS_GROUP):
58 UsersGroupModel().delete(users_group=name, force=True) 58 UsersGroupModel().delete(users_group=name, force=True)
59 Session().commit() 59 Session().commit()
60 60
61 61
62 def create_repo(repo_name, repo_type): 62 def create_repo(repo_name, repo_type, owner=None):
63 # create new repo 63 # create new repo
64 form_data = _get_repo_create_params( 64 form_data = _get_repo_create_params(
65 repo_name_full=repo_name, 65 repo_name_full=repo_name,
66 repo_description='description %s' % repo_name, 66 repo_description='description %s' % repo_name,
67 ) 67 )
68 cur_user = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN) 68 cur_user = UserModel().get_by_username(owner or TEST_USER_ADMIN_LOGIN)
69 r = RepoModel().create(form_data, cur_user) 69 r = RepoModel().create(form_data, cur_user)
70 Session().commit() 70 Session().commit()
71 return r 71 return r
72 72
73 73
91 91
92 @classmethod 92 @classmethod
93 def setUpClass(self): 93 def setUpClass(self):
94 self.usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN) 94 self.usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN)
95 self.apikey = self.usr.api_key 95 self.apikey = self.usr.api_key
96 self.TEST_USER = UserModel().create_or_update( 96 self.test_user = UserModel().create_or_update(
97 username='test-api', 97 username='test-api',
98 password='test', 98 password='test',
99 email='test@api.rhodecode.org', 99 email='test@api.rhodecode.org',
100 firstname='first', 100 firstname='first',
101 lastname='last' 101 lastname='last'
102 ) 102 )
103 Session().commit() 103 Session().commit()
104 self.TEST_USER_LOGIN = self.TEST_USER.username 104 self.TEST_USER_LOGIN = self.test_user.username
105 self.apikey_regular = self.test_user.api_key
105 106
106 @classmethod 107 @classmethod
107 def teardownClass(self): 108 def teardownClass(self):
108 pass 109 pass
109 110
146 147
147 expected = 'Invalid API KEY' 148 expected = 'Invalid API KEY'
148 self._compare_error(id_, expected, given=response.body) 149 self._compare_error(id_, expected, given=response.body)
149 150
150 def test_api_missing_non_optional_param(self): 151 def test_api_missing_non_optional_param(self):
151 id_, params = _build_data(self.apikey, 'get_user') 152 id_, params = _build_data(self.apikey, 'get_repo')
152 response = api_call(self, params) 153 response = api_call(self, params)
153 154
154 expected = 'Missing non optional `userid` arg in JSON DATA' 155 expected = 'Missing non optional `repoid` arg in JSON DATA'
155 self._compare_error(id_, expected, given=response.body) 156 self._compare_error(id_, expected, given=response.body)
156 157
157 def test_api_get_users(self): 158 def test_api_get_users(self):
158 id_, params = _build_data(self.apikey, 'get_users',) 159 id_, params = _build_data(self.apikey, 'get_users',)
159 response = api_call(self, params) 160 response = api_call(self, params)
180 id_, params = _build_data(self.apikey, 'get_user', 181 id_, params = _build_data(self.apikey, 'get_user',
181 userid='trololo') 182 userid='trololo')
182 response = api_call(self, params) 183 response = api_call(self, params)
183 184
184 expected = "user `%s` does not exist" % 'trololo' 185 expected = "user `%s` does not exist" % 'trololo'
186 self._compare_error(id_, expected, given=response.body)
187
188 def test_api_get_user_without_giving_userid(self):
189 id_, params = _build_data(self.apikey, 'get_user')
190 response = api_call(self, params)
191
192 usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN)
193 ret = usr.get_api_data()
194 ret['permissions'] = AuthUser(usr.user_id).permissions
195
196 expected = ret
197 self._compare_ok(id_, expected, given=response.body)
198
199 def test_api_get_user_without_giving_userid_non_admin(self):
200 id_, params = _build_data(self.apikey_regular, 'get_user')
201 response = api_call(self, params)
202
203 usr = UserModel().get_by_username(self.TEST_USER_LOGIN)
204 ret = usr.get_api_data()
205 ret['permissions'] = AuthUser(usr.user_id).permissions
206
207 expected = ret
208 self._compare_ok(id_, expected, given=response.body)
209
210 def test_api_get_user_with_giving_userid_non_admin(self):
211 id_, params = _build_data(self.apikey_regular, 'get_user',
212 userid=self.TEST_USER_LOGIN)
213 response = api_call(self, params)
214
215 expected = 'userid is not the same as your user'
185 self._compare_error(id_, expected, given=response.body) 216 self._compare_error(id_, expected, given=response.body)
186 217
187 def test_api_pull(self): 218 def test_api_pull(self):
188 #TODO: issues with rhodecode_extras here.. not sure why ! 219 #TODO: issues with rhodecode_extras here.. not sure why !
189 pass 220 pass
234 locked=True) 265 locked=True)
235 response = api_call(self, params) 266 response = api_call(self, params)
236 expected = ('User `%s` set lock state for repo `%s` to `%s`' 267 expected = ('User `%s` set lock state for repo `%s` to `%s`'
237 % (TEST_USER_ADMIN_LOGIN, self.REPO, True)) 268 % (TEST_USER_ADMIN_LOGIN, self.REPO, True))
238 self._compare_ok(id_, expected, given=response.body) 269 self._compare_ok(id_, expected, given=response.body)
270
271 def test_api_lock_repo_lock_aquire_by_non_admin(self):
272 repo_name = 'api_delete_me'
273 create_repo(repo_name, self.REPO_TYPE, owner=self.TEST_USER_LOGIN)
274 try:
275 id_, params = _build_data(self.apikey_regular, 'lock',
276 repoid=repo_name,
277 locked=True)
278 response = api_call(self, params)
279 expected = ('User `%s` set lock state for repo `%s` to `%s`'
280 % (self.TEST_USER_LOGIN, repo_name, True))
281 self._compare_ok(id_, expected, given=response.body)
282 finally:
283 destroy_repo(repo_name)
284
285 def test_api_lock_repo_lock_aquire_non_admin_with_userid(self):
286 repo_name = 'api_delete_me'
287 create_repo(repo_name, self.REPO_TYPE, owner=self.TEST_USER_LOGIN)
288 try:
289 id_, params = _build_data(self.apikey_regular, 'lock',
290 userid=TEST_USER_ADMIN_LOGIN,
291 repoid=repo_name,
292 locked=True)
293 response = api_call(self, params)
294 expected = 'userid is not the same as your user'
295 self._compare_error(id_, expected, given=response.body)
296 finally:
297 destroy_repo(repo_name)
298
299 def test_api_lock_repo_lock_aquire_non_admin_not_his_repo(self):
300 id_, params = _build_data(self.apikey_regular, 'lock',
301 repoid=self.REPO,
302 locked=True)
303 response = api_call(self, params)
304 expected = 'repository `%s` does not exist' % (self.REPO)
305 self._compare_error(id_, expected, given=response.body)
239 306
240 def test_api_lock_repo_lock_release(self): 307 def test_api_lock_repo_lock_release(self):
241 id_, params = _build_data(self.apikey, 'lock', 308 id_, params = _build_data(self.apikey, 'lock',
242 userid=TEST_USER_ADMIN_LOGIN, 309 userid=TEST_USER_ADMIN_LOGIN,
243 repoid=self.REPO, 310 repoid=self.REPO,
464 531
465 expected = ret 532 expected = ret
466 self._compare_ok(id_, expected, given=response.body) 533 self._compare_ok(id_, expected, given=response.body)
467 destroy_users_group(new_group) 534 destroy_users_group(new_group)
468 535
536 def test_api_get_repo_by_non_admin(self):
537 id_, params = _build_data(self.apikey, 'get_repo',
538 repoid=self.REPO)
539 response = api_call(self, params)
540
541 repo = RepoModel().get_by_repo_name(self.REPO)
542 ret = repo.get_api_data()
543
544 members = []
545 for user in repo.repo_to_perm:
546 perm = user.permission.permission_name
547 user = user.user
548 user_data = user.get_api_data()
549 user_data['type'] = "user"
550 user_data['permission'] = perm
551 members.append(user_data)
552
553 for users_group in repo.users_group_to_perm:
554 perm = users_group.permission.permission_name
555 users_group = users_group.users_group
556 users_group_data = users_group.get_api_data()
557 users_group_data['type'] = "users_group"
558 users_group_data['permission'] = perm
559 members.append(users_group_data)
560
561 ret['members'] = members
562
563 expected = ret
564 self._compare_ok(id_, expected, given=response.body)
565
566 def test_api_get_repo_by_non_admin_no_permission_to_repo(self):
567 RepoModel().grant_user_permission(repo=self.REPO,
568 user=self.TEST_USER_LOGIN,
569 perm='repository.none')
570
571 id_, params = _build_data(self.apikey_regular, 'get_repo',
572 repoid=self.REPO)
573 response = api_call(self, params)
574
575 expected = 'repository `%s` does not exist' % (self.REPO)
576 self._compare_error(id_, expected, given=response.body)
577
469 def test_api_get_repo_that_doesn_not_exist(self): 578 def test_api_get_repo_that_doesn_not_exist(self):
470 id_, params = _build_data(self.apikey, 'get_repo', 579 id_, params = _build_data(self.apikey, 'get_repo',
471 repoid='no-such-repo') 580 repoid='no-such-repo')
472 response = api_call(self, params) 581 response = api_call(self, params)
473 582
479 id_, params = _build_data(self.apikey, 'get_repos') 588 id_, params = _build_data(self.apikey, 'get_repos')
480 response = api_call(self, params) 589 response = api_call(self, params)
481 590
482 result = [] 591 result = []
483 for repo in RepoModel().get_all(): 592 for repo in RepoModel().get_all():
593 result.append(repo.get_api_data())
594 ret = jsonify(result)
595
596 expected = ret
597 self._compare_ok(id_, expected, given=response.body)
598
599 def test_api_get_repos_non_admin(self):
600 id_, params = _build_data(self.apikey_regular, 'get_repos')
601 response = api_call(self, params)
602
603 result = []
604 for repo in RepoModel().get_all_user_repos(self.TEST_USER_LOGIN):
484 result.append(repo.get_api_data()) 605 result.append(repo.get_api_data())
485 ret = jsonify(result) 606 ret = jsonify(result)
486 607
487 expected = ret 608 expected = ret
488 self._compare_ok(id_, expected, given=response.body) 609 self._compare_ok(id_, expected, given=response.body)
567 ) 688 )
568 response = api_call(self, params) 689 response = api_call(self, params)
569 expected = 'user `%s` does not exist' % owner 690 expected = 'user `%s` does not exist' % owner
570 self._compare_error(id_, expected, given=response.body) 691 self._compare_error(id_, expected, given=response.body)
571 692
693 def test_api_create_repo_dont_specify_owner(self):
694 repo_name = 'api-repo'
695 owner = 'i-dont-exist'
696 id_, params = _build_data(self.apikey, 'create_repo',
697 repo_name=repo_name,
698 repo_type='hg',
699 )
700 response = api_call(self, params)
701
702 repo = RepoModel().get_by_repo_name(repo_name)
703 ret = {
704 'msg': 'Created new repository `%s`' % repo_name,
705 'repo': jsonify(repo.get_api_data())
706 }
707 expected = ret
708 self._compare_ok(id_, expected, given=response.body)
709 destroy_repo(repo_name)
710
711 def test_api_create_repo_by_non_admin(self):
712 repo_name = 'api-repo'
713 owner = 'i-dont-exist'
714 id_, params = _build_data(self.apikey_regular, 'create_repo',
715 repo_name=repo_name,
716 repo_type='hg',
717 )
718 response = api_call(self, params)
719
720 repo = RepoModel().get_by_repo_name(repo_name)
721 ret = {
722 'msg': 'Created new repository `%s`' % repo_name,
723 'repo': jsonify(repo.get_api_data())
724 }
725 expected = ret
726 self._compare_ok(id_, expected, given=response.body)
727 destroy_repo(repo_name)
728
729 def test_api_create_repo_by_non_admin_specify_owner(self):
730 repo_name = 'api-repo'
731 owner = 'i-dont-exist'
732 id_, params = _build_data(self.apikey_regular, 'create_repo',
733 repo_name=repo_name,
734 repo_type='hg',
735 owner=owner
736 )
737 response = api_call(self, params)
738
739 expected = 'Only RhodeCode admin can specify `owner` param'
740 self._compare_error(id_, expected, given=response.body)
741 destroy_repo(repo_name)
742
572 def test_api_create_repo_exists(self): 743 def test_api_create_repo_exists(self):
573 repo_name = self.REPO 744 repo_name = self.REPO
574 id_, params = _build_data(self.apikey, 'create_repo', 745 id_, params = _build_data(self.apikey, 'create_repo',
575 repo_name=repo_name, 746 repo_name=repo_name,
576 owner=TEST_USER_ADMIN_LOGIN, 747 owner=TEST_USER_ADMIN_LOGIN,
604 'msg': 'Deleted repository `%s`' % repo_name, 775 'msg': 'Deleted repository `%s`' % repo_name,
605 'success': True 776 'success': True
606 } 777 }
607 expected = ret 778 expected = ret
608 self._compare_ok(id_, expected, given=response.body) 779 self._compare_ok(id_, expected, given=response.body)
780
781 def test_api_delete_repo_by_non_admin(self):
782 repo_name = 'api_delete_me'
783 create_repo(repo_name, self.REPO_TYPE, owner=self.TEST_USER_LOGIN)
784 try:
785 id_, params = _build_data(self.apikey_regular, 'delete_repo',
786 repoid=repo_name,)
787 response = api_call(self, params)
788
789 ret = {
790 'msg': 'Deleted repository `%s`' % repo_name,
791 'success': True
792 }
793 expected = ret
794 self._compare_ok(id_, expected, given=response.body)
795 finally:
796 destroy_repo(repo_name)
797
798 def test_api_delete_repo_by_non_admin_no_permission(self):
799 repo_name = 'api_delete_me'
800 create_repo(repo_name, self.REPO_TYPE)
801 try:
802 id_, params = _build_data(self.apikey_regular, 'delete_repo',
803 repoid=repo_name,)
804 response = api_call(self, params)
805 expected = 'repository `%s` does not exist' % (repo_name)
806 self._compare_error(id_, expected, given=response.body)
807 finally:
808 destroy_repo(repo_name)
609 809
610 def test_api_delete_repo_exception_occurred(self): 810 def test_api_delete_repo_exception_occurred(self):
611 repo_name = 'api_delete_me' 811 repo_name = 'api_delete_me'
612 create_repo(repo_name, self.REPO_TYPE) 812 create_repo(repo_name, self.REPO_TYPE)
613 try: 813 try:
637 } 837 }
638 expected = ret 838 expected = ret
639 self._compare_ok(id_, expected, given=response.body) 839 self._compare_ok(id_, expected, given=response.body)
640 destroy_repo(fork_name) 840 destroy_repo(fork_name)
641 841
842 def test_api_fork_repo_non_admin(self):
843 fork_name = 'api-repo-fork'
844 id_, params = _build_data(self.apikey_regular, 'fork_repo',
845 repoid=self.REPO,
846 fork_name=fork_name,
847 )
848 response = api_call(self, params)
849
850 ret = {
851 'msg': 'Created fork of `%s` as `%s`' % (self.REPO,
852 fork_name),
853 'success': True
854 }
855 expected = ret
856 self._compare_ok(id_, expected, given=response.body)
857 destroy_repo(fork_name)
858
859 def test_api_fork_repo_non_admin_specify_owner(self):
860 fork_name = 'api-repo-fork'
861 id_, params = _build_data(self.apikey_regular, 'fork_repo',
862 repoid=self.REPO,
863 fork_name=fork_name,
864 owner=TEST_USER_ADMIN_LOGIN,
865 )
866 response = api_call(self, params)
867 expected = 'Only RhodeCode admin can specify `owner` param'
868 self._compare_error(id_, expected, given=response.body)
869 destroy_repo(fork_name)
870
871 def test_api_fork_repo_non_admin_no_permission_to_fork(self):
872 RepoModel().grant_user_permission(repo=self.REPO,
873 user=self.TEST_USER_LOGIN,
874 perm='repository.none')
875 fork_name = 'api-repo-fork'
876 id_, params = _build_data(self.apikey_regular, 'fork_repo',
877 repoid=self.REPO,
878 fork_name=fork_name,
879 )
880 response = api_call(self, params)
881 expected = 'repository `%s` does not exist' % (self.REPO)
882 self._compare_error(id_, expected, given=response.body)
883 destroy_repo(fork_name)
884
642 def test_api_fork_repo_unknown_owner(self): 885 def test_api_fork_repo_unknown_owner(self):
643 fork_name = 'api-repo-fork' 886 fork_name = 'api-repo-fork'
644 owner = 'i-dont-exist' 887 owner = 'i-dont-exist'
645 id_, params = _build_data(self.apikey, 'fork_repo', 888 id_, params = _build_data(self.apikey, 'fork_repo',
646 repoid=self.REPO, 889 repoid=self.REPO,