def setUp(self):
self.user = self.create_user()
self.proxy = self.create_user()
self.application = ApiApplication.objects.create(owner=self.proxy)
self.sentry_app = SentryApp(
application=self.application,
name='NullDB',
proxy_user=self.proxy,
owner=self.user,
scope_list=('project:read', ),
webhook_url='http://example.com',
)
def setUp(self):
self.user = self.create_user()
self.org = self.create_organization(owner=self.user)
self.proxy = self.create_user()
self.application = ApiApplication.objects.create(owner=self.proxy)
self.sentry_app = SentryApp(
application=self.application,
name="NullDB",
proxy_user=self.proxy,
owner=self.org,
scope_list=("project:read", ),
webhook_url="http://example.com",
)
def has_object_permission(self, request, view, project):
result = super(ProjectPermission,
self).has_object_permission(request, view,
project.organization)
if not result:
return result
if project.teams.exists():
return any(
has_team_permission(request, team, self.scope_map)
for team in project.teams.all())
elif is_system_auth(request.auth):
return True
elif request.user and request.user.is_authenticated():
# this is only for team-less projects
if is_active_superuser(request):
return True
elif request.user.is_sentry_app:
return SentryApp.check_project_permission_for_sentry_app_user(
request.user, project)
try:
role = (OrganizationMember.objects.filter(
organization=project.organization,
user=request.user).values_list("role", flat=True).get())
except OrganizationMember.DoesNotExist:
# this should probably never happen?
return False
return roles.get(role).is_global
elif hasattr(request.auth,
"project_id") and project.id == request.auth.project_id:
return True
return False
def get(self, request):
return self.paginate(
request=request,
queryset=SentryApp.visible_for_user(request.user),
order_by='-date_added',
paginator_cls=OffsetPaginator,
on_results=lambda x: serialize(x, request.user),
)
def get(self, request):
return self.paginate(
request=request,
queryset=SentryApp.visible_for_user(request.user),
order_by='-date_added',
paginator_cls=OffsetPaginator,
on_results=lambda x: serialize(x, request.user),
)
def assert_response_has_serialized_sentry_app(
self,
response: Response,
sentry_app: SentryApp,
organization: Organization,
has_features: bool = False,
mask_secret: bool = False,
) -> None:
data = {
"allowedOrigins": [],
"author": sentry_app.author,
"avatars": [],
"clientId": sentry_app.application.client_id,
"clientSecret": sentry_app.application.client_secret,
"events": [],
"featureData": [],
"isAlertable": sentry_app.is_alertable,
"name": sentry_app.name,
"overview": sentry_app.overview,
"owner": {
"id": organization.id,
"slug": organization.slug
},
"popularity": self.default_popularity,
"redirectUrl": sentry_app.redirect_url,
"schema": {},
"scopes": [],
"slug": sentry_app.slug,
"status": sentry_app.get_status_display(),
"uuid": sentry_app.uuid,
"verifyInstall": sentry_app.verify_install,
"webhookUrl": sentry_app.webhook_url,
}
if mask_secret:
data["scopes"] = ["project:write"]
data["clientSecret"] = MASKED_VALUE
if has_features:
data["featureData"] = [{
"featureId":
0,
"featureGate":
"integrations-api",
"description":
(f"{sentry_app.name} can **utilize the Sentry API** to pull data or"
+
" update resources in Sentry (with permissions granted, of course)."
),
}]
assert data in json.loads(response.content)
def test_raises_when_sentry_app_cannot_be_found(self, sentry_app):
sentry_app.side_effect = SentryApp.DoesNotExist()
with self.assertRaises(APIUnauthorized):
self.validator.call()
class SentryAppTest(TestCase):
def setUp(self):
self.user = self.create_user()
self.org = self.create_organization(owner=self.user)
self.proxy = self.create_user()
self.application = ApiApplication.objects.create(owner=self.proxy)
self.sentry_app = SentryApp(
application=self.application,
name='NullDB',
proxy_user=self.proxy,
owner=self.org,
scope_list=('project:read', ),
webhook_url='http://example.com',
)
def test_slug(self):
self.sentry_app.save()
assert self.sentry_app.slug == 'nulldb'
def test_paranoid(self):
self.sentry_app.save()
self.sentry_app.delete()
assert self.sentry_app.date_deleted is not None
assert self.sentry_app not in SentryApp.objects.all()
def test_date_updated(self):
self.sentry_app.save()
date_updated = self.sentry_app.date_updated
self.sentry_app.save()
assert not self.sentry_app.date_updated == date_updated
def test_related_names(self):
self.sentry_app.save()
assert self.sentry_app.application.sentry_app == self.sentry_app
assert self.sentry_app.proxy_user.sentry_app == self.sentry_app
assert self.sentry_app in self.sentry_app.owner.owned_sentry_apps.all()
class SentryAppTest(TestCase):
def setUp(self):
self.user = self.create_user()
self.proxy = self.create_user()
self.application = ApiApplication.objects.create(owner=self.proxy)
self.sentry_app = SentryApp(
application=self.application,
name='NullDB',
proxy_user=self.proxy,
owner=self.user,
scope_list=('project:read', ),
webhook_url='http://example.com',
)
def test_slug(self):
self.sentry_app.save()
assert self.sentry_app.slug == 'nulldb'
def test_paranoid(self):
self.sentry_app.save()
self.sentry_app.delete()
assert self.sentry_app.date_deleted is not None
assert self.sentry_app not in SentryApp.objects.all()
def test_date_updated(self):
self.sentry_app.save()
date_updated = self.sentry_app.date_updated
self.sentry_app.save()
assert not self.sentry_app.date_updated == date_updated
def test_related_names(self):
self.sentry_app.save()
assert self.sentry_app.application.sentry_app == self.sentry_app
assert self.sentry_app.proxy_user.sentry_app == self.sentry_app
assert self.sentry_app in self.sentry_app.owner.owned_sentry_apps.all()
class SentryAppTest(TestCase):
def setUp(self):
self.user = self.create_user()
self.org = self.create_organization(owner=self.user)
self.proxy = self.create_user()
self.application = ApiApplication.objects.create(owner=self.proxy)
self.sentry_app = SentryApp(
application=self.application,
name="NullDB",
proxy_user=self.proxy,
owner=self.org,
scope_list=("project:read", ),
webhook_url="http://example.com",
)
def test_paranoid(self):
self.sentry_app.save()
self.sentry_app.delete()
assert self.sentry_app.date_deleted is not None
assert self.sentry_app not in SentryApp.objects.all()
def test_date_updated(self):
self.sentry_app.save()
date_updated = self.sentry_app.date_updated
self.sentry_app.save()
assert not self.sentry_app.date_updated == date_updated
def test_related_names(self):
self.sentry_app.save()
assert self.sentry_app.application.sentry_app == self.sentry_app
assert self.sentry_app.proxy_user.sentry_app == self.sentry_app
assert self.sentry_app in self.sentry_app.owner.owned_sentry_apps.all()
def test_is_unpublished(self):
self.sentry_app.status = SentryAppStatus.UNPUBLISHED
self.sentry_app.save()
assert self.sentry_app.is_unpublished
def test_is_published(self):
self.sentry_app.status = SentryAppStatus.PUBLISHED
self.sentry_app.save()
assert self.sentry_app.is_published
def test_is_internal(self):
self.sentry_app.status = SentryAppStatus.INTERNAL
self.sentry_app.save()
assert self.sentry_app.is_internal
class SentryAppTest(TestCase):
def setUp(self):
self.user = self.create_user()
self.org = self.create_organization(owner=self.user)
self.proxy = self.create_user()
self.application = ApiApplication.objects.create(owner=self.proxy)
self.sentry_app = SentryApp(
application=self.application,
name='NullDB',
proxy_user=self.proxy,
owner=self.org,
scope_list=('project:read', ),
webhook_url='http://example.com',
)
def test_slug(self):
self.sentry_app.save()
assert self.sentry_app.slug == 'nulldb'
def test_internal_slug(self):
self.sentry_app.status = SentryAppStatus.INTERNAL
self.sentry_app.save()
assert self.sentry_app.slug == u'nulldb-{}'.format(
hashlib.sha1(self.org.slug).hexdigest()[0:6])
def test_internal_slug_on_update(self):
self.sentry_app.status = SentryAppStatus.INTERNAL
self.sentry_app.save()
self.sentry_app.save()
assert self.sentry_app.slug == u'nulldb-{}'.format(
hashlib.sha1(self.org.slug).hexdigest()[0:6])
def test_paranoid(self):
self.sentry_app.save()
self.sentry_app.delete()
assert self.sentry_app.date_deleted is not None
assert self.sentry_app not in SentryApp.objects.all()
def test_date_updated(self):
self.sentry_app.save()
date_updated = self.sentry_app.date_updated
self.sentry_app.save()
assert not self.sentry_app.date_updated == date_updated
def test_related_names(self):
self.sentry_app.save()
assert self.sentry_app.application.sentry_app == self.sentry_app
assert self.sentry_app.proxy_user.sentry_app == self.sentry_app
assert self.sentry_app in self.sentry_app.owner.owned_sentry_apps.all()
def test_is_unpublished(self):
self.sentry_app.status = SentryAppStatus.UNPUBLISHED
self.sentry_app.save()
assert self.sentry_app.is_unpublished
def test_is_published(self):
self.sentry_app.status = SentryAppStatus.PUBLISHED
self.sentry_app.save()
assert self.sentry_app.is_published
def test_is_internal(self):
self.sentry_app.status = SentryAppStatus.INTERNAL
self.sentry_app.save()
assert self.sentry_app.is_internal