Mercurial > kallithea
comparison rhodecode/tests/models/test_permissions.py @ 3733:af049a957506 beta
fixed default permissions population during upgrades
- it often happen that introducing new permission
caused default permission to reset it's state to installation
default.
new version makes sure that only missing permissions are
created while leaving old defaults
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Wed, 10 Apr 2013 02:55:21 +0200 |
parents | 7e3d89d9d3a2 |
children | a8f520540ab0 |
comparison
equal
deleted
inserted
replaced
3732:8f3f4b2e3df8 | 3733:af049a957506 |
---|---|
2 import unittest | 2 import unittest |
3 from rhodecode.tests import * | 3 from rhodecode.tests import * |
4 from rhodecode.tests.fixture import Fixture | 4 from rhodecode.tests.fixture import Fixture |
5 from rhodecode.model.repos_group import ReposGroupModel | 5 from rhodecode.model.repos_group import ReposGroupModel |
6 from rhodecode.model.repo import RepoModel | 6 from rhodecode.model.repo import RepoModel |
7 from rhodecode.model.db import RepoGroup, User, UserGroupRepoGroupToPerm | 7 from rhodecode.model.db import RepoGroup, User, UserGroupRepoGroupToPerm,\ |
8 Permission, UserToPerm | |
8 from rhodecode.model.user import UserModel | 9 from rhodecode.model.user import UserModel |
9 | 10 |
10 from rhodecode.model.meta import Session | 11 from rhodecode.model.meta import Session |
11 from rhodecode.model.users_group import UserGroupModel | 12 from rhodecode.model.users_group import UserGroupModel |
12 from rhodecode.lib.auth import AuthUser | 13 from rhodecode.lib.auth import AuthUser |
14 from rhodecode.model.permission import PermissionModel | |
13 | 15 |
14 | 16 |
15 fixture = Fixture() | 17 fixture = Fixture() |
16 | 18 |
17 | 19 |
99 self.g1 = fixture.create_group('test1', skip_if_exists=True) | 101 self.g1 = fixture.create_group('test1', skip_if_exists=True) |
100 self.g2 = fixture.create_group('test2', skip_if_exists=True) | 102 self.g2 = fixture.create_group('test2', skip_if_exists=True) |
101 u1_auth = AuthUser(user_id=self.u1.user_id) | 103 u1_auth = AuthUser(user_id=self.u1.user_id) |
102 perms = { | 104 perms = { |
103 'repositories_groups': {u'test1': 'group.read', u'test2': 'group.read'}, | 105 'repositories_groups': {u'test1': 'group.read', u'test2': 'group.read'}, |
104 'global': set([u'hg.create.repository', u'repository.read', u'hg.register.manual_activate']), | 106 'global': set(Permission.DEFAULT_USER_PERMISSIONS), |
105 'repositories': {u'vcs_test_hg': u'repository.read'} | 107 'repositories': {u'vcs_test_hg': u'repository.read'} |
106 } | 108 } |
107 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO], | 109 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO], |
108 perms['repositories'][HG_REPO]) | 110 perms['repositories'][HG_REPO]) |
109 self.assertEqual(u1_auth.permissions['repositories_groups'], | 111 self.assertEqual(u1_auth.permissions['repositories_groups'], |
110 perms['repositories_groups']) | 112 perms['repositories_groups']) |
113 self.assertEqual(u1_auth.permissions['global'], | |
114 perms['global']) | |
111 | 115 |
112 def test_default_admin_group_perms(self): | 116 def test_default_admin_group_perms(self): |
113 self.g1 = fixture.create_group('test1', skip_if_exists=True) | 117 self.g1 = fixture.create_group('test1', skip_if_exists=True) |
114 self.g2 = fixture.create_group('test2', skip_if_exists=True) | 118 self.g2 = fixture.create_group('test2', skip_if_exists=True) |
115 a1_auth = AuthUser(user_id=self.a1.user_id) | 119 a1_auth = AuthUser(user_id=self.a1.user_id) |
345 u1_auth = AuthUser(user_id=self.u1.user_id) | 349 u1_auth = AuthUser(user_id=self.u1.user_id) |
346 # this user will have inherited permissions from default user | 350 # this user will have inherited permissions from default user |
347 self.assertEqual(u1_auth.permissions['global'], | 351 self.assertEqual(u1_auth.permissions['global'], |
348 set(['hg.create.repository', 'hg.fork.repository', | 352 set(['hg.create.repository', 'hg.fork.repository', |
349 'hg.register.manual_activate', | 353 'hg.register.manual_activate', |
350 'repository.read', 'group.read'])) | 354 'repository.read', 'group.read', |
355 'usergroup.read'])) | |
351 | 356 |
352 def test_inherited_permissions_from_default_on_user_disabled(self): | 357 def test_inherited_permissions_from_default_on_user_disabled(self): |
353 user_model = UserModel() | 358 user_model = UserModel() |
354 # disable fork and create on default user | 359 # disable fork and create on default user |
355 usr = 'default' | 360 usr = 'default' |
363 u1_auth = AuthUser(user_id=self.u1.user_id) | 368 u1_auth = AuthUser(user_id=self.u1.user_id) |
364 # this user will have inherited permissions from default user | 369 # this user will have inherited permissions from default user |
365 self.assertEqual(u1_auth.permissions['global'], | 370 self.assertEqual(u1_auth.permissions['global'], |
366 set(['hg.create.none', 'hg.fork.none', | 371 set(['hg.create.none', 'hg.fork.none', |
367 'hg.register.manual_activate', | 372 'hg.register.manual_activate', |
368 'repository.read', 'group.read'])) | 373 'repository.read', 'group.read', |
374 'usergroup.read'])) | |
369 | 375 |
370 def test_non_inherited_permissions_from_default_on_user_enabled(self): | 376 def test_non_inherited_permissions_from_default_on_user_enabled(self): |
371 user_model = UserModel() | 377 user_model = UserModel() |
372 # enable fork and create on default user | 378 # enable fork and create on default user |
373 usr = 'default' | 379 usr = 'default' |
389 # this user will have non inherited permissions from he's | 395 # this user will have non inherited permissions from he's |
390 # explicitly set permissions | 396 # explicitly set permissions |
391 self.assertEqual(u1_auth.permissions['global'], | 397 self.assertEqual(u1_auth.permissions['global'], |
392 set(['hg.create.none', 'hg.fork.none', | 398 set(['hg.create.none', 'hg.fork.none', |
393 'hg.register.manual_activate', | 399 'hg.register.manual_activate', |
394 'repository.read', 'group.read'])) | 400 'repository.read', 'group.read', |
401 'usergroup.read'])) | |
395 | 402 |
396 def test_non_inherited_permissions_from_default_on_user_disabled(self): | 403 def test_non_inherited_permissions_from_default_on_user_disabled(self): |
397 user_model = UserModel() | 404 user_model = UserModel() |
398 # disable fork and create on default user | 405 # disable fork and create on default user |
399 usr = 'default' | 406 usr = 'default' |
415 # this user will have non inherited permissions from he's | 422 # this user will have non inherited permissions from he's |
416 # explicitly set permissions | 423 # explicitly set permissions |
417 self.assertEqual(u1_auth.permissions['global'], | 424 self.assertEqual(u1_auth.permissions['global'], |
418 set(['hg.create.repository', 'hg.fork.repository', | 425 set(['hg.create.repository', 'hg.fork.repository', |
419 'hg.register.manual_activate', | 426 'hg.register.manual_activate', |
420 'repository.read', 'group.read'])) | 427 'repository.read', 'group.read', |
428 'usergroup.read'])) | |
421 | 429 |
422 def test_owner_permissions_doesnot_get_overwritten_by_group(self): | 430 def test_owner_permissions_doesnot_get_overwritten_by_group(self): |
423 #create repo as USER, | 431 #create repo as USER, |
424 self.test_repo = fixture.create_repo(name='myownrepo', | 432 self.test_repo = fixture.create_repo(name='myownrepo', |
425 repo_type='hg', | 433 repo_type='hg', |
456 perm='repository.none') | 464 perm='repository.none') |
457 Session().commit() | 465 Session().commit() |
458 u1_auth = AuthUser(user_id=self.u1.user_id) | 466 u1_auth = AuthUser(user_id=self.u1.user_id) |
459 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'], | 467 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'], |
460 'repository.admin') | 468 'repository.admin') |
469 | |
470 def _test_def_perm_equal(self, user, change_factor=0): | |
471 perms = UserToPerm.query()\ | |
472 .filter(UserToPerm.user == user)\ | |
473 .all() | |
474 self.assertEqual(len(perms), | |
475 len(Permission.DEFAULT_USER_PERMISSIONS,)+change_factor, | |
476 msg=perms) | |
477 | |
478 def test_set_default_permissions(self): | |
479 PermissionModel().create_default_permissions(user=self.u1) | |
480 self._test_def_perm_equal(user=self.u1) | |
481 | |
482 def test_set_default_permissions_after_one_is_missing(self): | |
483 PermissionModel().create_default_permissions(user=self.u1) | |
484 self._test_def_perm_equal(user=self.u1) | |
485 #now we delete one, it should be re-created after another call | |
486 perms = UserToPerm.query()\ | |
487 .filter(UserToPerm.user == self.u1)\ | |
488 .all() | |
489 Session().delete(perms[0]) | |
490 Session().commit() | |
491 | |
492 self._test_def_perm_equal(user=self.u1, change_factor=-1) | |
493 | |
494 #create missing one ! | |
495 PermissionModel().create_default_permissions(user=self.u1) | |
496 self._test_def_perm_equal(user=self.u1) | |
497 | |
498 @parameterized.expand([ | |
499 ('repository.read', 'repository.none'), | |
500 ('group.read', 'group.none'), | |
501 ('usergroup.read', 'usergroup.none'), | |
502 ('hg.create.repository', 'hg.create.none'), | |
503 ('hg.fork.repository', 'hg.fork.none'), | |
504 ('hg.register.manual_activate', 'hg.register.auto_activate',) | |
505 ]) | |
506 def test_set_default_permissions_after_modification(self, perm, modify_to): | |
507 PermissionModel().create_default_permissions(user=self.u1) | |
508 self._test_def_perm_equal(user=self.u1) | |
509 | |
510 old = Permission.get_by_key(perm) | |
511 new = Permission.get_by_key(modify_to) | |
512 self.assertNotEqual(old, None) | |
513 self.assertNotEqual(new, None) | |
514 | |
515 #now modify permissions | |
516 p = UserToPerm.query()\ | |
517 .filter(UserToPerm.user == self.u1)\ | |
518 .filter(UserToPerm.permission == old)\ | |
519 .one() | |
520 p.permission = new | |
521 Session().add(p) | |
522 Session().commit() | |
523 | |
524 PermissionModel().create_default_permissions(user=self.u1) | |
525 self._test_def_perm_equal(user=self.u1) |