Mercurial > kallithea

comparison rhodecode/tests/models/test_permissions.py @ 3733:af049a957506 beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fixed default permissions population during upgrades - it often happen that introducing new permission caused default permission to reset it's state to installation default. new version makes sure that only missing permissions are created while leaving old defaults
author Marcin Kuzminski <marcin@python-works.com>
date Wed, 10 Apr 2013 02:55:21 +0200
parents 7e3d89d9d3a2
children a8f520540ab0
comparison
equal deleted inserted replaced
3732:8f3f4b2e3df8 3733:af049a957506
2 import unittest 2 import unittest
3 from rhodecode.tests import * 3 from rhodecode.tests import *
4 from rhodecode.tests.fixture import Fixture 4 from rhodecode.tests.fixture import Fixture
5 from rhodecode.model.repos_group import ReposGroupModel 5 from rhodecode.model.repos_group import ReposGroupModel
6 from rhodecode.model.repo import RepoModel 6 from rhodecode.model.repo import RepoModel
7 from rhodecode.model.db import RepoGroup, User, UserGroupRepoGroupToPerm 7 from rhodecode.model.db import RepoGroup, User, UserGroupRepoGroupToPerm,\
8 Permission, UserToPerm
8 from rhodecode.model.user import UserModel 9 from rhodecode.model.user import UserModel
9 10
10 from rhodecode.model.meta import Session 11 from rhodecode.model.meta import Session
11 from rhodecode.model.users_group import UserGroupModel 12 from rhodecode.model.users_group import UserGroupModel
12 from rhodecode.lib.auth import AuthUser 13 from rhodecode.lib.auth import AuthUser
14 from rhodecode.model.permission import PermissionModel
13 15
14 16
15 fixture = Fixture() 17 fixture = Fixture()
16 18
17 19
99 self.g1 = fixture.create_group('test1', skip_if_exists=True) 101 self.g1 = fixture.create_group('test1', skip_if_exists=True)
100 self.g2 = fixture.create_group('test2', skip_if_exists=True) 102 self.g2 = fixture.create_group('test2', skip_if_exists=True)
101 u1_auth = AuthUser(user_id=self.u1.user_id) 103 u1_auth = AuthUser(user_id=self.u1.user_id)
102 perms = { 104 perms = {
103 'repositories_groups': {u'test1': 'group.read', u'test2': 'group.read'}, 105 'repositories_groups': {u'test1': 'group.read', u'test2': 'group.read'},
104 'global': set([u'hg.create.repository', u'repository.read', u'hg.register.manual_activate']), 106 'global': set(Permission.DEFAULT_USER_PERMISSIONS),
105 'repositories': {u'vcs_test_hg': u'repository.read'} 107 'repositories': {u'vcs_test_hg': u'repository.read'}
106 } 108 }
107 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO], 109 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
108 perms['repositories'][HG_REPO]) 110 perms['repositories'][HG_REPO])
109 self.assertEqual(u1_auth.permissions['repositories_groups'], 111 self.assertEqual(u1_auth.permissions['repositories_groups'],
110 perms['repositories_groups']) 112 perms['repositories_groups'])
113 self.assertEqual(u1_auth.permissions['global'],
114 perms['global'])
111 115
112 def test_default_admin_group_perms(self): 116 def test_default_admin_group_perms(self):
113 self.g1 = fixture.create_group('test1', skip_if_exists=True) 117 self.g1 = fixture.create_group('test1', skip_if_exists=True)
114 self.g2 = fixture.create_group('test2', skip_if_exists=True) 118 self.g2 = fixture.create_group('test2', skip_if_exists=True)
115 a1_auth = AuthUser(user_id=self.a1.user_id) 119 a1_auth = AuthUser(user_id=self.a1.user_id)
345 u1_auth = AuthUser(user_id=self.u1.user_id) 349 u1_auth = AuthUser(user_id=self.u1.user_id)
346 # this user will have inherited permissions from default user 350 # this user will have inherited permissions from default user
347 self.assertEqual(u1_auth.permissions['global'], 351 self.assertEqual(u1_auth.permissions['global'],
348 set(['hg.create.repository', 'hg.fork.repository', 352 set(['hg.create.repository', 'hg.fork.repository',
349 'hg.register.manual_activate', 353 'hg.register.manual_activate',
350 'repository.read', 'group.read'])) 354 'repository.read', 'group.read',
355 'usergroup.read']))
351 356
352 def test_inherited_permissions_from_default_on_user_disabled(self): 357 def test_inherited_permissions_from_default_on_user_disabled(self):
353 user_model = UserModel() 358 user_model = UserModel()
354 # disable fork and create on default user 359 # disable fork and create on default user
355 usr = 'default' 360 usr = 'default'
363 u1_auth = AuthUser(user_id=self.u1.user_id) 368 u1_auth = AuthUser(user_id=self.u1.user_id)
364 # this user will have inherited permissions from default user 369 # this user will have inherited permissions from default user
365 self.assertEqual(u1_auth.permissions['global'], 370 self.assertEqual(u1_auth.permissions['global'],
366 set(['hg.create.none', 'hg.fork.none', 371 set(['hg.create.none', 'hg.fork.none',
367 'hg.register.manual_activate', 372 'hg.register.manual_activate',
368 'repository.read', 'group.read'])) 373 'repository.read', 'group.read',
374 'usergroup.read']))
369 375
370 def test_non_inherited_permissions_from_default_on_user_enabled(self): 376 def test_non_inherited_permissions_from_default_on_user_enabled(self):
371 user_model = UserModel() 377 user_model = UserModel()
372 # enable fork and create on default user 378 # enable fork and create on default user
373 usr = 'default' 379 usr = 'default'
389 # this user will have non inherited permissions from he's 395 # this user will have non inherited permissions from he's
390 # explicitly set permissions 396 # explicitly set permissions
391 self.assertEqual(u1_auth.permissions['global'], 397 self.assertEqual(u1_auth.permissions['global'],
392 set(['hg.create.none', 'hg.fork.none', 398 set(['hg.create.none', 'hg.fork.none',
393 'hg.register.manual_activate', 399 'hg.register.manual_activate',
394 'repository.read', 'group.read'])) 400 'repository.read', 'group.read',
401 'usergroup.read']))
395 402
396 def test_non_inherited_permissions_from_default_on_user_disabled(self): 403 def test_non_inherited_permissions_from_default_on_user_disabled(self):
397 user_model = UserModel() 404 user_model = UserModel()
398 # disable fork and create on default user 405 # disable fork and create on default user
399 usr = 'default' 406 usr = 'default'
415 # this user will have non inherited permissions from he's 422 # this user will have non inherited permissions from he's
416 # explicitly set permissions 423 # explicitly set permissions
417 self.assertEqual(u1_auth.permissions['global'], 424 self.assertEqual(u1_auth.permissions['global'],
418 set(['hg.create.repository', 'hg.fork.repository', 425 set(['hg.create.repository', 'hg.fork.repository',
419 'hg.register.manual_activate', 426 'hg.register.manual_activate',
420 'repository.read', 'group.read'])) 427 'repository.read', 'group.read',
428 'usergroup.read']))
421 429
422 def test_owner_permissions_doesnot_get_overwritten_by_group(self): 430 def test_owner_permissions_doesnot_get_overwritten_by_group(self):
423 #create repo as USER, 431 #create repo as USER,
424 self.test_repo = fixture.create_repo(name='myownrepo', 432 self.test_repo = fixture.create_repo(name='myownrepo',
425 repo_type='hg', 433 repo_type='hg',
456 perm='repository.none') 464 perm='repository.none')
457 Session().commit() 465 Session().commit()
458 u1_auth = AuthUser(user_id=self.u1.user_id) 466 u1_auth = AuthUser(user_id=self.u1.user_id)
459 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'], 467 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
460 'repository.admin') 468 'repository.admin')
469
470 def _test_def_perm_equal(self, user, change_factor=0):
471 perms = UserToPerm.query()\
472 .filter(UserToPerm.user == user)\
473 .all()
474 self.assertEqual(len(perms),
475 len(Permission.DEFAULT_USER_PERMISSIONS,)+change_factor,
476 msg=perms)
477
478 def test_set_default_permissions(self):
479 PermissionModel().create_default_permissions(user=self.u1)
480 self._test_def_perm_equal(user=self.u1)
481
482 def test_set_default_permissions_after_one_is_missing(self):
483 PermissionModel().create_default_permissions(user=self.u1)
484 self._test_def_perm_equal(user=self.u1)
485 #now we delete one, it should be re-created after another call
486 perms = UserToPerm.query()\
487 .filter(UserToPerm.user == self.u1)\
488 .all()
489 Session().delete(perms[0])
490 Session().commit()
491
492 self._test_def_perm_equal(user=self.u1, change_factor=-1)
493
494 #create missing one !
495 PermissionModel().create_default_permissions(user=self.u1)
496 self._test_def_perm_equal(user=self.u1)
497
498 @parameterized.expand([
499 ('repository.read', 'repository.none'),
500 ('group.read', 'group.none'),
501 ('usergroup.read', 'usergroup.none'),
502 ('hg.create.repository', 'hg.create.none'),
503 ('hg.fork.repository', 'hg.fork.none'),
504 ('hg.register.manual_activate', 'hg.register.auto_activate',)
505 ])
506 def test_set_default_permissions_after_modification(self, perm, modify_to):
507 PermissionModel().create_default_permissions(user=self.u1)
508 self._test_def_perm_equal(user=self.u1)
509
510 old = Permission.get_by_key(perm)
511 new = Permission.get_by_key(modify_to)
512 self.assertNotEqual(old, None)
513 self.assertNotEqual(new, None)
514
515 #now modify permissions
516 p = UserToPerm.query()\
517 .filter(UserToPerm.user == self.u1)\
518 .filter(UserToPerm.permission == old)\
519 .one()
520 p.permission = new
521 Session().add(p)
522 Session().commit()
523
524 PermissionModel().create_default_permissions(user=self.u1)
525 self._test_def_perm_equal(user=self.u1)