Mercurial > kallithea
comparison rhodecode/tests/models/test_user_permissions_on_repo_groups.py @ 4116:ffd45b185016 rhodecode-2.2.5-gpl
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
This imports changes between changesets 21af6c4eab3d and 6177597791c2 in
RhodeCode's original repository, including only changes to Python files and HTML.
RhodeCode clearly licensed its changes to these files under GPLv3
in their /LICENSE file, which states the following:
The Python code and integrated HTML are licensed under the GPLv3 license.
(See:
https://code.rhodecode.com/rhodecode/files/v2.2.5/LICENSE
or
http://web.archive.org/web/20140512193334/https://code.rhodecode.com/rhodecode/files/f3b123159901f15426d18e3dc395e8369f70ebe0/LICENSE
for an online copy of that LICENSE file)
Conservancy reviewed these changes and confirmed that they can be licensed as
a whole to the Kallithea project under GPLv3-only.
While some of the contents committed herein are clearly licensed
GPLv3-or-later, on the whole we must assume the are GPLv3-only, since the
statement above from RhodeCode indicates that they intend GPLv3-only as their
license, per GPLv3ยง14 and other relevant sections of GPLv3.
| author | Bradley M. Kuhn <bkuhn@sfconservancy.org> |
|---|---|
| date | Wed, 02 Jul 2014 19:03:13 -0400 |
| parents | |
| children | 7e5f8c12a3fc |
comparison
equal
deleted
inserted
replaced
| 4115:8b7294a804a0 | 4116:ffd45b185016 |
|---|---|
| 1 import functools | |
| 2 from rhodecode.tests import * | |
| 3 | |
| 4 from rhodecode.model.repo_group import RepoGroupModel | |
| 5 from rhodecode.model.db import RepoGroup, Repository, User | |
| 6 | |
| 7 from rhodecode.model.meta import Session | |
| 8 from nose.tools import with_setup | |
| 9 from rhodecode.tests.models.common import _create_project_tree, check_tree_perms, \ | |
| 10 _get_perms, _check_expected_count, expected_count, _destroy_project_tree | |
| 11 | |
| 12 | |
| 13 test_u1_id = None | |
| 14 _get_repo_perms = None | |
| 15 _get_group_perms = None | |
| 16 | |
| 17 | |
| 18 def permissions_setup_func(group_name='g0', perm='group.read', recursive='all', | |
| 19 user_id=None): | |
| 20 """ | |
| 21 Resets all permissions to perm attribute | |
| 22 """ | |
| 23 if not user_id: | |
| 24 user_id = test_u1_id | |
| 25 # called by the @with_setup decorator also reset the default user stuff | |
| 26 permissions_setup_func(group_name, perm, recursive, | |
| 27 user_id=User.get_default_user().user_id) | |
| 28 | |
| 29 repo_group = RepoGroup.get_by_group_name(group_name=group_name) | |
| 30 if not repo_group: | |
| 31 raise Exception('Cannot get group %s' % group_name) | |
| 32 | |
| 33 perms_updates = [[user_id, perm, 'user']] | |
| 34 RepoGroupModel()._update_permissions(repo_group, | |
| 35 perms_updates=perms_updates, | |
| 36 recursive=recursive, check_perms=False) | |
| 37 Session().commit() | |
| 38 | |
| 39 def setup_module(): | |
| 40 global test_u1_id, _get_repo_perms, _get_group_perms | |
| 41 test_u1 = _create_project_tree() | |
| 42 Session().commit() | |
| 43 test_u1_id = test_u1.user_id | |
| 44 _get_repo_perms = functools.partial(_get_perms, key='repositories', | |
| 45 test_u1_id=test_u1_id) | |
| 46 _get_group_perms = functools.partial(_get_perms, key='repositories_groups', | |
| 47 test_u1_id=test_u1_id) | |
| 48 | |
| 49 | |
| 50 def teardown_module(): | |
| 51 _destroy_project_tree(test_u1_id) | |
| 52 | |
| 53 | |
| 54 @with_setup(permissions_setup_func) | |
| 55 def test_user_permissions_on_group_without_recursive_mode(): | |
| 56 # set permission to g0 non-recursive mode | |
| 57 recursive = 'none' | |
| 58 group = 'g0' | |
| 59 permissions_setup_func(group, 'group.write', recursive=recursive) | |
| 60 | |
| 61 items = [x for x in _get_repo_perms(group, recursive)] | |
| 62 expected = 0 | |
| 63 assert len(items) == expected, ' %s != %s' % (len(items), expected) | |
| 64 for name, perm in items: | |
| 65 yield check_tree_perms, name, perm, group, 'repository.read' | |
| 66 | |
| 67 items = [x for x in _get_group_perms(group, recursive)] | |
| 68 expected = 1 | |
| 69 assert len(items) == expected, ' %s != %s' % (len(items), expected) | |
| 70 for name, perm in items: | |
| 71 yield check_tree_perms, name, perm, group, 'group.write' | |
| 72 | |
| 73 | |
| 74 @with_setup(permissions_setup_func) | |
| 75 def test_user_permissions_on_group_without_recursive_mode_subgroup(): | |
| 76 # set permission to g0 non-recursive mode | |
| 77 recursive = 'none' | |
| 78 group = 'g0/g0_1' | |
| 79 permissions_setup_func(group, 'group.write', recursive=recursive) | |
| 80 | |
| 81 items = [x for x in _get_repo_perms(group, recursive)] | |
| 82 expected = 0 | |
| 83 assert len(items) == expected, ' %s != %s' % (len(items), expected) | |
| 84 for name, perm in items: | |
| 85 yield check_tree_perms, name, perm, group, 'repository.read' | |
| 86 | |
| 87 items = [x for x in _get_group_perms(group, recursive)] | |
| 88 expected = 1 | |
| 89 assert len(items) == expected, ' %s != %s' % (len(items), expected) | |
| 90 for name, perm in items: | |
| 91 yield check_tree_perms, name, perm, group, 'group.write' | |
| 92 | |
| 93 | |
| 94 @with_setup(permissions_setup_func) | |
| 95 def test_user_permissions_on_group_with_recursive_mode(): | |
| 96 | |
| 97 # set permission to g0 recursive mode, all children including | |
| 98 # other repos and groups should have this permission now set ! | |
| 99 recursive = 'all' | |
| 100 group = 'g0' | |
| 101 permissions_setup_func(group, 'group.write', recursive=recursive) | |
| 102 | |
| 103 repo_items = [x for x in _get_repo_perms(group, recursive)] | |
| 104 items = [x for x in _get_group_perms(group, recursive)] | |
| 105 _check_expected_count(items, repo_items, expected_count(group, True)) | |
| 106 | |
| 107 for name, perm in repo_items: | |
| 108 yield check_tree_perms, name, perm, group, 'repository.write' | |
| 109 | |
| 110 for name, perm in items: | |
| 111 yield check_tree_perms, name, perm, group, 'group.write' | |
| 112 | |
| 113 | |
| 114 @with_setup(permissions_setup_func) | |
| 115 def test_user_permissions_on_group_with_recursive_mode_for_default_user(): | |
| 116 | |
| 117 # set permission to g0 recursive mode, all children including | |
| 118 # other repos and groups should have this permission now set ! | |
| 119 recursive = 'all' | |
| 120 group = 'g0' | |
| 121 default_user_id = User.get_default_user().user_id | |
| 122 permissions_setup_func(group, 'group.write', recursive=recursive, | |
| 123 user_id=default_user_id) | |
| 124 | |
| 125 # change default to get perms for default user | |
| 126 _get_repo_perms = functools.partial(_get_perms, key='repositories', | |
| 127 test_u1_id=default_user_id) | |
| 128 _get_group_perms = functools.partial(_get_perms, key='repositories_groups', | |
| 129 test_u1_id=default_user_id) | |
| 130 | |
| 131 repo_items = [x for x in _get_repo_perms(group, recursive)] | |
| 132 items = [x for x in _get_group_perms(group, recursive)] | |
| 133 _check_expected_count(items, repo_items, expected_count(group, True)) | |
| 134 | |
| 135 for name, perm in repo_items: | |
| 136 yield check_tree_perms, name, perm, group, 'repository.write' | |
| 137 | |
| 138 for name, perm in items: | |
| 139 yield check_tree_perms, name, perm, group, 'group.write' | |
| 140 | |
| 141 | |
| 142 @with_setup(permissions_setup_func) | |
| 143 def test_user_permissions_on_group_with_recursive_mode_inner_group(): | |
| 144 ## set permission to g0_3 group to none | |
| 145 recursive = 'all' | |
| 146 group = 'g0/g0_3' | |
| 147 permissions_setup_func(group, 'group.none', recursive=recursive) | |
| 148 | |
| 149 repo_items = [x for x in _get_repo_perms(group, recursive)] | |
| 150 items = [x for x in _get_group_perms(group, recursive)] | |
| 151 _check_expected_count(items, repo_items, expected_count(group, True)) | |
| 152 | |
| 153 for name, perm in repo_items: | |
| 154 yield check_tree_perms, name, perm, group, 'repository.none' | |
| 155 | |
| 156 for name, perm in items: | |
| 157 yield check_tree_perms, name, perm, group, 'group.none' | |
| 158 | |
| 159 | |
| 160 @with_setup(permissions_setup_func) | |
| 161 def test_user_permissions_on_group_with_recursive_mode_deepest(): | |
| 162 ## set permission to g0_3 group to none | |
| 163 recursive = 'all' | |
| 164 group = 'g0/g0_1/g0_1_1' | |
| 165 permissions_setup_func(group, 'group.write', recursive=recursive) | |
| 166 | |
| 167 repo_items = [x for x in _get_repo_perms(group, recursive)] | |
| 168 items = [x for x in _get_group_perms(group, recursive)] | |
| 169 _check_expected_count(items, repo_items, expected_count(group, True)) | |
| 170 | |
| 171 for name, perm in repo_items: | |
| 172 yield check_tree_perms, name, perm, group, 'repository.write' | |
| 173 | |
| 174 for name, perm in items: | |
| 175 yield check_tree_perms, name, perm, group, 'group.write' | |
| 176 | |
| 177 | |
| 178 @with_setup(permissions_setup_func) | |
| 179 def test_user_permissions_on_group_with_recursive_mode_only_with_repos(): | |
| 180 ## set permission to g0_3 group to none | |
| 181 recursive = 'all' | |
| 182 group = 'g0/g0_2' | |
| 183 permissions_setup_func(group, 'group.admin', recursive=recursive) | |
| 184 | |
| 185 repo_items = [x for x in _get_repo_perms(group, recursive)] | |
| 186 items = [x for x in _get_group_perms(group, recursive)] | |
| 187 _check_expected_count(items, repo_items, expected_count(group, True)) | |
| 188 | |
| 189 for name, perm in repo_items: | |
| 190 yield check_tree_perms, name, perm, group, 'repository.admin' | |
| 191 | |
| 192 for name, perm in items: | |
| 193 yield check_tree_perms, name, perm, group, 'group.admin' | |
| 194 | |
| 195 | |
| 196 @with_setup(permissions_setup_func) | |
| 197 def test_user_permissions_on_group_with_recursive_repo_mode_for_default_user(): | |
| 198 # set permission to g0/g0_1 recursive repos only mode, all children including | |
| 199 # other repos should have this permission now set, inner groups are excluded! | |
| 200 recursive = 'repos' | |
| 201 group = 'g0/g0_1' | |
| 202 perm = 'group.none' | |
| 203 default_user_id = User.get_default_user().user_id | |
| 204 | |
| 205 permissions_setup_func(group, perm, recursive=recursive, | |
| 206 user_id=default_user_id) | |
| 207 | |
| 208 # change default to get perms for default user | |
| 209 _get_repo_perms = functools.partial(_get_perms, key='repositories', | |
| 210 test_u1_id=default_user_id) | |
| 211 _get_group_perms = functools.partial(_get_perms, key='repositories_groups', | |
| 212 test_u1_id=default_user_id) | |
| 213 | |
| 214 repo_items = [x for x in _get_repo_perms(group, recursive)] | |
| 215 items = [x for x in _get_group_perms(group, recursive)] | |
| 216 _check_expected_count(items, repo_items, expected_count(group, True)) | |
| 217 | |
| 218 for name, perm in repo_items: | |
| 219 yield check_tree_perms, name, perm, group, 'repository.none' | |
| 220 | |
| 221 for name, perm in items: | |
| 222 # permission is set with repos only mode, but we also change the permission | |
| 223 # on the group we trigger the apply to children from, thus we need | |
| 224 # to change its permission check | |
| 225 old_perm = 'group.read' | |
| 226 if name == group: | |
| 227 old_perm = perm | |
| 228 yield check_tree_perms, name, perm, group, old_perm | |
| 229 | |
| 230 | |
| 231 @with_setup(permissions_setup_func) | |
| 232 def test_user_permissions_on_group_with_recursive_repo_mode_inner_group(): | |
| 233 ## set permission to g0_3 group to none, with recursive repos only | |
| 234 recursive = 'repos' | |
| 235 group = 'g0/g0_3' | |
| 236 perm = 'group.none' | |
| 237 permissions_setup_func(group, perm, recursive=recursive) | |
| 238 | |
| 239 repo_items = [x for x in _get_repo_perms(group, recursive)] | |
| 240 items = [x for x in _get_group_perms(group, recursive)] | |
| 241 _check_expected_count(items, repo_items, expected_count(group, True)) | |
| 242 | |
| 243 for name, perm in repo_items: | |
| 244 yield check_tree_perms, name, perm, group, 'repository.none' | |
| 245 | |
| 246 for name, perm in items: | |
| 247 # permission is set with repos only mode, but we also change the permission | |
| 248 # on the group we trigger the apply to children from, thus we need | |
| 249 # to change its permission check | |
| 250 old_perm = 'group.read' | |
| 251 if name == group: | |
| 252 old_perm = perm | |
| 253 yield check_tree_perms, name, perm, group, old_perm | |
| 254 | |
| 255 | |
| 256 @with_setup(permissions_setup_func) | |
| 257 def test_user_permissions_on_group_with_recursive_group_mode_for_default_user(): | |
| 258 # set permission to g0/g0_1 with recursive groups only mode, all children including | |
| 259 # other groups should have this permission now set. repositories should | |
| 260 # remain intact as we use groups only mode ! | |
| 261 recursive = 'groups' | |
| 262 group = 'g0/g0_1' | |
| 263 default_user_id = User.get_default_user().user_id | |
| 264 permissions_setup_func(group, 'group.write', recursive=recursive, | |
| 265 user_id=default_user_id) | |
| 266 | |
| 267 # change default to get perms for default user | |
| 268 _get_repo_perms = functools.partial(_get_perms, key='repositories', | |
| 269 test_u1_id=default_user_id) | |
| 270 _get_group_perms = functools.partial(_get_perms, key='repositories_groups', | |
| 271 test_u1_id=default_user_id) | |
| 272 | |
| 273 repo_items = [x for x in _get_repo_perms(group, recursive)] | |
| 274 items = [x for x in _get_group_perms(group, recursive)] | |
| 275 _check_expected_count(items, repo_items, expected_count(group, True)) | |
| 276 | |
| 277 for name, perm in repo_items: | |
| 278 yield check_tree_perms, name, perm, group, 'repository.read' | |
| 279 | |
| 280 for name, perm in items: | |
| 281 yield check_tree_perms, name, perm, group, 'group.write' | |
| 282 | |
| 283 | |
| 284 @with_setup(permissions_setup_func) | |
| 285 def test_user_permissions_on_group_with_recursive_group_mode_inner_group(): | |
| 286 ## set permission to g0_3 group to none, with recursive mode for groups only | |
| 287 recursive = 'groups' | |
| 288 group = 'g0/g0_3' | |
| 289 permissions_setup_func(group, 'group.none', recursive=recursive) | |
| 290 | |
| 291 repo_items = [x for x in _get_repo_perms(group, recursive)] | |
| 292 items = [x for x in _get_group_perms(group, recursive)] | |
| 293 _check_expected_count(items, repo_items, expected_count(group, True)) | |
| 294 | |
| 295 for name, perm in repo_items: | |
| 296 yield check_tree_perms, name, perm, group, 'repository.read' | |
| 297 | |
| 298 for name, perm in items: | |
| 299 yield check_tree_perms, name, perm, group, 'group.none' |