Mercurial > kallithea

diff rhodecode/tests/models/test_permissions.py @ 2864:5c1ad3b410e5 beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fixed #570 explicit users group permissions can overwrite owner permissions - added test for that case
author Marcin Kuzminski <marcin@python-works.com>
date Sun, 23 Sep 2012 13:04:53 +0200
parents c0cc8f8a71b0
children d7e10699513b
line wrap: on
line diff
--- a/rhodecode/tests/models/test_permissions.py	Sun Sep 23 13:04:02 2012 +0200
+++ b/rhodecode/tests/models/test_permissions.py	Sun Sep 23 13:04:53 2012 +0200
@@ -10,7 +10,7 @@
 from rhodecode.model.meta import Session
 from rhodecode.model.users_group import UsersGroupModel
 from rhodecode.lib.auth import AuthUser
-
+from rhodecode.tests.api.api_base import create_repo
 
 
 class TestPermissions(unittest.TestCase):
@@ -40,6 +40,7 @@
     def tearDown(self):
         if hasattr(self, 'test_repo'):
             RepoModel().delete(repo=self.test_repo)
+
         UserModel().delete(self.u1)
         UserModel().delete(self.u2)
         UserModel().delete(self.u3)
@@ -425,3 +426,47 @@
                          set(['hg.create.repository', 'hg.fork.repository',
                               'hg.register.manual_activate',
                               'repository.read']))
+
+    def test_owner_permissions_doesnot_get_overwritten_by_group(self):
+        #create repo as USER,
+        self.test_repo = repo = RepoModel().create_repo(repo_name='myownrepo',
+                                repo_type='hg',
+                                description='desc',
+                                owner=self.u1)
+
+        Session().commit()
+        #he has permissions of admin as owner
+        u1_auth = AuthUser(user_id=self.u1.user_id)
+        self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
+                         'repository.admin')
+        #set his permission as users group, he should still be admin
+        self.ug1 = UsersGroupModel().create('G1')
+        # add user to group
+        UsersGroupModel().add_user_to_group(self.ug1, self.u1)
+        RepoModel().grant_users_group_permission(repo, group_name=self.ug1,
+                                                 perm='repository.none')
+
+        Session().commit()
+        u1_auth = AuthUser(user_id=self.u1.user_id)
+        self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
+                         'repository.admin')
+
+    def test_owner_permissions_doesnot_get_overwritten_by_others(self):
+        #create repo as USER,
+        self.test_repo = repo = RepoModel().create_repo(repo_name='myownrepo',
+                                repo_type='hg',
+                                description='desc',
+                                owner=self.u1)
+
+        Session().commit()
+        #he has permissions of admin as owner
+        u1_auth = AuthUser(user_id=self.u1.user_id)
+        self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
+                         'repository.admin')
+        #set his permission as user, he should still be admin
+        RepoModel().grant_user_permission(repo, user=self.u1,
+                                          perm='repository.none')
+        Session().commit()
+        u1_auth = AuthUser(user_id=self.u1.user_id)
+        self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
+                         'repository.admin')