Mercurial > kallithea

comparison rhodecode/tests/models/test_permissions.py @ 2864:5c1ad3b410e5 beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fixed #570 explicit users group permissions can overwrite owner permissions - added test for that case
author Marcin Kuzminski <marcin@python-works.com>
date Sun, 23 Sep 2012 13:04:53 +0200
parents c0cc8f8a71b0
children d7e10699513b
comparison
equal deleted inserted replaced
2863:6f3452fa4ffe 2864:5c1ad3b410e5
8 from rhodecode.model.user import UserModel 8 from rhodecode.model.user import UserModel
9 9
10 from rhodecode.model.meta import Session 10 from rhodecode.model.meta import Session
11 from rhodecode.model.users_group import UsersGroupModel 11 from rhodecode.model.users_group import UsersGroupModel
12 from rhodecode.lib.auth import AuthUser 12 from rhodecode.lib.auth import AuthUser
13 13 from rhodecode.tests.api.api_base import create_repo
14 14
15 15
16 class TestPermissions(unittest.TestCase): 16 class TestPermissions(unittest.TestCase):
17 def __init__(self, methodName='runTest'): 17 def __init__(self, methodName='runTest'):
18 super(TestPermissions, self).__init__(methodName=methodName) 18 super(TestPermissions, self).__init__(methodName=methodName)
38 Session().commit() 38 Session().commit()
39 39
40 def tearDown(self): 40 def tearDown(self):
41 if hasattr(self, 'test_repo'): 41 if hasattr(self, 'test_repo'):
42 RepoModel().delete(repo=self.test_repo) 42 RepoModel().delete(repo=self.test_repo)
43
43 UserModel().delete(self.u1) 44 UserModel().delete(self.u1)
44 UserModel().delete(self.u2) 45 UserModel().delete(self.u2)
45 UserModel().delete(self.u3) 46 UserModel().delete(self.u3)
46 UserModel().delete(self.a1) 47 UserModel().delete(self.a1)
47 if hasattr(self, 'g1'): 48 if hasattr(self, 'g1'):
423 # explicitly set permissions 424 # explicitly set permissions
424 self.assertEqual(u1_auth.permissions['global'], 425 self.assertEqual(u1_auth.permissions['global'],
425 set(['hg.create.repository', 'hg.fork.repository', 426 set(['hg.create.repository', 'hg.fork.repository',
426 'hg.register.manual_activate', 427 'hg.register.manual_activate',
427 'repository.read'])) 428 'repository.read']))
429
430 def test_owner_permissions_doesnot_get_overwritten_by_group(self):
431 #create repo as USER,
432 self.test_repo = repo = RepoModel().create_repo(repo_name='myownrepo',
433 repo_type='hg',
434 description='desc',
435 owner=self.u1)
436
437 Session().commit()
438 #he has permissions of admin as owner
439 u1_auth = AuthUser(user_id=self.u1.user_id)
440 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
441 'repository.admin')
442 #set his permission as users group, he should still be admin
443 self.ug1 = UsersGroupModel().create('G1')
444 # add user to group
445 UsersGroupModel().add_user_to_group(self.ug1, self.u1)
446 RepoModel().grant_users_group_permission(repo, group_name=self.ug1,
447 perm='repository.none')
448
449 Session().commit()
450 u1_auth = AuthUser(user_id=self.u1.user_id)
451 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
452 'repository.admin')
453
454 def test_owner_permissions_doesnot_get_overwritten_by_others(self):
455 #create repo as USER,
456 self.test_repo = repo = RepoModel().create_repo(repo_name='myownrepo',
457 repo_type='hg',
458 description='desc',
459 owner=self.u1)
460
461 Session().commit()
462 #he has permissions of admin as owner
463 u1_auth = AuthUser(user_id=self.u1.user_id)
464 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
465 'repository.admin')
466 #set his permission as user, he should still be admin
467 RepoModel().grant_user_permission(repo, user=self.u1,
468 perm='repository.none')
469 Session().commit()
470 u1_auth = AuthUser(user_id=self.u1.user_id)
471 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
472 'repository.admin')