Mercurial > kallithea
comparison rhodecode/tests/models/test_permissions.py @ 2864:5c1ad3b410e5 beta
fixed #570 explicit users group permissions can overwrite owner permissions
- added test for that case
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Sun, 23 Sep 2012 13:04:53 +0200 |
parents | c0cc8f8a71b0 |
children | d7e10699513b |
comparison
equal
deleted
inserted
replaced
2863:6f3452fa4ffe | 2864:5c1ad3b410e5 |
---|---|
8 from rhodecode.model.user import UserModel | 8 from rhodecode.model.user import UserModel |
9 | 9 |
10 from rhodecode.model.meta import Session | 10 from rhodecode.model.meta import Session |
11 from rhodecode.model.users_group import UsersGroupModel | 11 from rhodecode.model.users_group import UsersGroupModel |
12 from rhodecode.lib.auth import AuthUser | 12 from rhodecode.lib.auth import AuthUser |
13 | 13 from rhodecode.tests.api.api_base import create_repo |
14 | 14 |
15 | 15 |
16 class TestPermissions(unittest.TestCase): | 16 class TestPermissions(unittest.TestCase): |
17 def __init__(self, methodName='runTest'): | 17 def __init__(self, methodName='runTest'): |
18 super(TestPermissions, self).__init__(methodName=methodName) | 18 super(TestPermissions, self).__init__(methodName=methodName) |
38 Session().commit() | 38 Session().commit() |
39 | 39 |
40 def tearDown(self): | 40 def tearDown(self): |
41 if hasattr(self, 'test_repo'): | 41 if hasattr(self, 'test_repo'): |
42 RepoModel().delete(repo=self.test_repo) | 42 RepoModel().delete(repo=self.test_repo) |
43 | |
43 UserModel().delete(self.u1) | 44 UserModel().delete(self.u1) |
44 UserModel().delete(self.u2) | 45 UserModel().delete(self.u2) |
45 UserModel().delete(self.u3) | 46 UserModel().delete(self.u3) |
46 UserModel().delete(self.a1) | 47 UserModel().delete(self.a1) |
47 if hasattr(self, 'g1'): | 48 if hasattr(self, 'g1'): |
423 # explicitly set permissions | 424 # explicitly set permissions |
424 self.assertEqual(u1_auth.permissions['global'], | 425 self.assertEqual(u1_auth.permissions['global'], |
425 set(['hg.create.repository', 'hg.fork.repository', | 426 set(['hg.create.repository', 'hg.fork.repository', |
426 'hg.register.manual_activate', | 427 'hg.register.manual_activate', |
427 'repository.read'])) | 428 'repository.read'])) |
429 | |
430 def test_owner_permissions_doesnot_get_overwritten_by_group(self): | |
431 #create repo as USER, | |
432 self.test_repo = repo = RepoModel().create_repo(repo_name='myownrepo', | |
433 repo_type='hg', | |
434 description='desc', | |
435 owner=self.u1) | |
436 | |
437 Session().commit() | |
438 #he has permissions of admin as owner | |
439 u1_auth = AuthUser(user_id=self.u1.user_id) | |
440 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'], | |
441 'repository.admin') | |
442 #set his permission as users group, he should still be admin | |
443 self.ug1 = UsersGroupModel().create('G1') | |
444 # add user to group | |
445 UsersGroupModel().add_user_to_group(self.ug1, self.u1) | |
446 RepoModel().grant_users_group_permission(repo, group_name=self.ug1, | |
447 perm='repository.none') | |
448 | |
449 Session().commit() | |
450 u1_auth = AuthUser(user_id=self.u1.user_id) | |
451 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'], | |
452 'repository.admin') | |
453 | |
454 def test_owner_permissions_doesnot_get_overwritten_by_others(self): | |
455 #create repo as USER, | |
456 self.test_repo = repo = RepoModel().create_repo(repo_name='myownrepo', | |
457 repo_type='hg', | |
458 description='desc', | |
459 owner=self.u1) | |
460 | |
461 Session().commit() | |
462 #he has permissions of admin as owner | |
463 u1_auth = AuthUser(user_id=self.u1.user_id) | |
464 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'], | |
465 'repository.admin') | |
466 #set his permission as user, he should still be admin | |
467 RepoModel().grant_user_permission(repo, user=self.u1, | |
468 perm='repository.none') | |
469 Session().commit() | |
470 u1_auth = AuthUser(user_id=self.u1.user_id) | |
471 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'], | |
472 'repository.admin') |