Mercurial > kallithea

diff rhodecode/tests/models/test_users_group_permissions_on_groups.py @ 2820:c0cc8f8a71b0 beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Permissions on group can be set in recursive mode setting defined permission to all children - more explicit permissions - fixes for empty values in permission form
author Marcin Kuzminski <marcin@python-works.com>
date Fri, 07 Sep 2012 02:20:02 +0200
parents
children 42d7ca49d073
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/rhodecode/tests/models/test_users_group_permissions_on_groups.py	Fri Sep 07 02:20:02 2012 +0200
@@ -0,0 +1,170 @@
+import os
+import unittest
+import functools
+from rhodecode.tests import *
+
+from rhodecode.model.repos_group import ReposGroupModel
+from rhodecode.model.db import RepoGroup, Repository, User
+
+from rhodecode.model.meta import Session
+from nose.tools import with_setup
+from rhodecode.tests.models.common import _create_project_tree, check_tree_perms, \
+    _get_perms, _check_expected_count, expected_count, _destroy_project_tree
+from rhodecode.model.users_group import UsersGroupModel
+from rhodecode.model.repo import RepoModel
+
+
+test_u2_id = None
+test_u2_gr_id = None
+_get_repo_perms = None
+_get_group_perms = None
+
+
+def permissions_setup_func(group_name='g0', perm='group.read', recursive=True):
+    """
+    Resets all permissions to perm attribute
+    """
+    repos_group = RepoGroup.get_by_group_name(group_name=group_name)
+    if not repos_group:
+        raise Exception('Cannot get group %s' % group_name)
+    perms_updates = [[test_u2_gr_id, perm, 'users_group']]
+    ReposGroupModel()._update_permissions(repos_group,
+                                          perms_updates=perms_updates,
+                                          recursive=recursive)
+    Session().commit()
+
+
+def setup_module():
+    global test_u2_id, test_u2_gr_id, _get_repo_perms, _get_group_perms
+    test_u2 = _create_project_tree()
+    Session().commit()
+    test_u2_id = test_u2.user_id
+
+    gr1 = UsersGroupModel().create(name='perms_group_1')
+    Session().commit()
+    test_u2_gr_id = gr1.users_group_id
+    UsersGroupModel().add_user_to_group(gr1, user=test_u2_id)
+    Session().commit()
+
+    _get_repo_perms = functools.partial(_get_perms, key='repositories',
+                                        test_u1_id=test_u2_id)
+    _get_group_perms = functools.partial(_get_perms, key='repositories_groups',
+                                         test_u1_id=test_u2_id)
+
+
+def teardown_module():
+    _destroy_project_tree(test_u2_id)
+
+
+@with_setup(permissions_setup_func)
+def test_user_permissions_on_group_without_recursive_mode():
+    # set permission to g0 non-recursive mode
+    recursive = False
+    group = 'g0'
+    permissions_setup_func(group, 'group.write', recursive=recursive)
+
+    items = [x for x in _get_repo_perms(group, recursive)]
+    expected = 0
+    assert len(items) == expected, ' %s != %s' % (len(items), expected)
+    for name, perm in items:
+        yield check_tree_perms, name, perm, group, 'repository.read'
+
+    items = [x for x in _get_group_perms(group, recursive)]
+    expected = 1
+    assert len(items) == expected, ' %s != %s' % (len(items), expected)
+    for name, perm in items:
+        yield check_tree_perms, name, perm, group, 'group.write'
+
+
+@with_setup(permissions_setup_func)
+def test_user_permissions_on_group_without_recursive_mode_subgroup():
+    # set permission to g0 non-recursive mode
+    recursive = False
+    group = 'g0/g0_1'
+    permissions_setup_func(group, 'group.write', recursive=recursive)
+
+    items = [x for x in _get_repo_perms(group, recursive)]
+    expected = 0
+    assert len(items) == expected, ' %s != %s' % (len(items), expected)
+    for name, perm in items:
+        yield check_tree_perms, name, perm, group, 'repository.read'
+
+    items = [x for x in _get_group_perms(group, recursive)]
+    expected = 1
+    assert len(items) == expected, ' %s != %s' % (len(items), expected)
+    for name, perm in items:
+        yield check_tree_perms, name, perm, group, 'group.write'
+
+
+@with_setup(permissions_setup_func)
+def test_user_permissions_on_group_with_recursive_mode():
+
+    # set permission to g0 recursive mode, all children including
+    # other repos and groups should have this permission now set !
+    recursive = True
+    group = 'g0'
+    permissions_setup_func(group, 'group.write', recursive=recursive)
+
+    repo_items = [x for x in _get_repo_perms(group, recursive)]
+    items = [x for x in _get_group_perms(group, recursive)]
+    _check_expected_count(items, repo_items, expected_count(group, True))
+
+    for name, perm in repo_items:
+        yield check_tree_perms, name, perm, group, 'repository.write'
+
+    for name, perm in items:
+        yield check_tree_perms, name, perm, group, 'group.write'
+
+
+@with_setup(permissions_setup_func)
+def test_user_permissions_on_group_with_recursive_mode_inner_group():
+    ## set permission to g0_3 group to none
+    recursive = True
+    group = 'g0/g0_3'
+    permissions_setup_func(group, 'group.none', recursive=recursive)
+
+    repo_items = [x for x in _get_repo_perms(group, recursive)]
+    items = [x for x in _get_group_perms(group, recursive)]
+    _check_expected_count(items, repo_items, expected_count(group, True))
+
+    for name, perm in repo_items:
+        yield check_tree_perms, name, perm, group, 'repository.none'
+
+    for name, perm in items:
+        yield check_tree_perms, name, perm, group, 'group.none'
+
+
+@with_setup(permissions_setup_func)
+def test_user_permissions_on_group_with_recursive_mode_deepest():
+    ## set permission to g0_3 group to none
+    recursive = True
+    group = 'g0/g0_1/g0_1_1'
+    permissions_setup_func(group, 'group.write', recursive=recursive)
+
+    repo_items = [x for x in _get_repo_perms(group, recursive)]
+    items = [x for x in _get_group_perms(group, recursive)]
+    _check_expected_count(items, repo_items, expected_count(group, True))
+
+    for name, perm in repo_items:
+        yield check_tree_perms, name, perm, group, 'repository.write'
+
+    for name, perm in items:
+        yield check_tree_perms, name, perm, group, 'group.write'
+
+
+@with_setup(permissions_setup_func)
+def test_user_permissions_on_group_with_recursive_mode_only_with_repos():
+    ## set permission to g0_3 group to none
+    recursive = True
+    group = 'g0/g0_2'
+    permissions_setup_func(group, 'group.admin', recursive=recursive)
+
+    repo_items = [x for x in _get_repo_perms(group, recursive)]
+    items = [x for x in _get_group_perms(group, recursive)]
+    _check_expected_count(items, repo_items, expected_count(group, True))
+
+    for name, perm in repo_items:
+        yield check_tree_perms, name, perm, group, 'repository.admin'
+
+    for name, perm in items:
+        yield check_tree_perms, name, perm, group, 'group.admin'