def get_recipients(self, pagename):
QUERY_SIDS = """SELECT sid from session_attribute
WHERE name=%s AND value LIKE %s"""
QUERY_EMAILS = """SELECT value FROM session_attribute
WHERE name=%s AND sid=%s"""
tos = []
with self.env.db_query as db:
cursor = db.cursor()
cursor.execute(QUERY_SIDS,
('watched_pages', '%,' + pagename + ',%'))
sids = cursor.fetchall()
self.env.log.debug("SID'S TO NOTIFY: %s", sids)
perm = PermissionSystem(self.env)
resource = Resource('wiki', pagename)
for sid in sids:
if sid[0] != self.change_author and perm.check_permission(
action='WIKI_VIEW', username=sid[0],
resource=resource):
self.env.log.debug('SID: %s', sid[0])
cursor.execute(QUERY_EMAILS, ('email', sid[0]))
sid_email = cursor.fetchone()
if sid_email is not None:
tos.append(sid_email[0])
self.env.log.debug("TO's TO NOTIFY: %s", tos)
return (tos, [])
def create_user_and_grant_permissions(self, req, team_member):
if self.use_account_manager_integration(team_member.name):
password = team_member.name
AccountManager(self.env).set_password(team_member.name, password)
permission_system = PermissionSystem(self.env)
if not permission_system.check_permission(Role.TEAM_MEMBER, team_member.name):
permission_system.grant_permission(team_member.name, Role.TEAM_MEMBER)
def get_recipients(self, pagename):
QUERY_SIDS = """SELECT sid from session_attribute
WHERE name=%s AND value LIKE %s"""
QUERY_EMAILS = """SELECT value FROM session_attribute
WHERE name=%s AND sid=%s"""
tos = []
with self.env.db_query as db:
cursor = db.cursor()
cursor.execute(
QUERY_SIDS, ('watched_pages', '%,' + pagename + ',%'))
sids = cursor.fetchall()
self.env.log.debug("SID'S TO NOTIFY: %s", sids)
perm = PermissionSystem(self.env)
resource = Resource('wiki', pagename)
for sid in sids:
if sid[0] != self.change_author and perm.check_permission(action='WIKI_VIEW', username=sid[0], resource=resource):
self.env.log.debug('SID: %s', sid[0])
cursor.execute(QUERY_EMAILS, ('email', sid[0]))
sid_email = cursor.fetchone()
if sid_email is not None:
tos.append(sid_email[0])
self.env.log.debug("TO's TO NOTIFY: %s", tos)
return (tos, [])
def check_permission(self, doc, context):
product, doctype, id = doc['product'], doc['type'], doc['id']
username = context.req.authname
env = self.env
if product:
env = ProductEnvironment(self.env, product)
perm = PermissionSystem(env)
action = self._required_permissions[doctype]
return perm.check_permission(action, username, id)
def check_permission(self, doc, context):
product, doctype, id = doc['product'], doc['type'], doc['id']
username = context.req.authname
env = self.env
if product:
env = ProductEnvironment(self.env, product)
perm = PermissionSystem(env)
action = self._required_permissions[doctype]
return perm.check_permission(action, username, id)
def _reporter(self, message):
"""return the ticket updater"""
user = emailaddr2user(self.env, message['from'])
# check permissions
perm = PermissionSystem(self.env)
if not perm.check_permission('MAIL2TICKET_COMMENT', user) : # None -> 'anoymous'
raise EmailException("%s does not have MAIL2TRAC_COMMENT permissions" % (user or 'anonymous'))
reporter = user or message['from']
return reporter
def get_user_from_message(self, message):
""" Return the ticket user from `message` """
user = utils.email_to_user(self.env, message['from'])
#Check permissions
perm = PermissionSystem(self.env)
if not perm.check_permission('TICKET_APPEND', user): # None -> 'anoymous'
raise ValueError("%s does not have TICKET_APPEND permissions" % (user or 'anonymous'))
reporter = user or message['from']
return reporter
class CryptoAdminPanelTestCase(unittest.TestCase):
def setUp(self):
self.env = EnvironmentStub(enable=['trac.*', 'crypto.*'])
self.env.path = tempfile.mkdtemp()
self.perm = PermissionSystem(self.env)
self.req = Mock()
self.crypto_ap = CryptoAdminPanel(self.env)
def tearDown(self):
shutil.rmtree(self.env.path)
def test_available_actions(self):
self.failIf('CRYPTO_ADMIN' not in self.perm.get_actions())
self.failIf('CRYPTO_DELETE' not in self.perm.get_actions())
def test_available_actions_no_perms(self):
self.perm.grant_permission('admin', 'authenticated')
self.assertFalse(self.perm.check_permission('CRYPTO_ADMIN', 'admin'))
self.assertFalse(self.perm.check_permission('CRYPTO_DELETE', 'admin'))
def test_available_actions_delete_only(self):
self.perm.grant_permission('admin', 'CRYPTO_DELETE')
self.assertFalse(self.perm.check_permission('CRYPTO_ADMIN', 'admin'))
self.assertTrue(self.perm.check_permission('CRYPTO_DELETE', 'admin'))
def test_available_actions_full_perms(self):
self.perm.grant_permission('admin', 'TRAC_ADMIN')
self.assertTrue(self.perm.check_permission('CRYPTO_ADMIN', 'admin'))
self.assertTrue(self.perm.check_permission('CRYPTO_DELETE', 'admin'))
class CryptoAdminPanelTestCase(unittest.TestCase):
def setUp(self):
self.env = EnvironmentStub(enable=['trac.*', 'crypto.*'])
self.env.path = tempfile.mkdtemp()
self.perm = PermissionSystem(self.env)
self.req = Mock()
self.crypto_ap = CryptoAdminPanel(self.env)
def tearDown(self):
shutil.rmtree(self.env.path)
def test_available_actions(self):
self.failIf('CRYPTO_ADMIN' not in self.perm.get_actions())
self.failIf('CRYPTO_DELETE' not in self.perm.get_actions())
def test_available_actions_no_perms(self):
self.perm.grant_permission('admin', 'authenticated')
self.assertFalse(self.perm.check_permission('CRYPTO_ADMIN', 'admin'))
self.assertFalse(self.perm.check_permission('CRYPTO_DELETE', 'admin'))
def test_available_actions_delete_only(self):
self.perm.grant_permission('admin', 'CRYPTO_DELETE')
self.assertFalse(self.perm.check_permission('CRYPTO_ADMIN', 'admin'))
self.assertTrue(self.perm.check_permission('CRYPTO_DELETE', 'admin'))
def test_available_actions_full_perms(self):
self.perm.grant_permission('admin', 'TRAC_ADMIN')
self.assertTrue(self.perm.check_permission('CRYPTO_ADMIN', 'admin'))
self.assertTrue(self.perm.check_permission('CRYPTO_DELETE', 'admin'))
def reporter(self, message):
"""return the ticket reporter or updater"""
user = emailaddr2user(self.env, message['from'])
# check permissions
perm = PermissionSystem(self.env)
if not perm.check_permission('TICKET_CREATE',
user): # None -> 'anoymous'
raise EmailException("%s does not have TICKET_CREATE permissions" %
(user or 'anonymous'))
reporter = user or message['from']
return reporter
def check_permission(self, action, username, resource, perm):
# FIXME: Better handling of recursive imports
from multiproduct.env import ProductEnvironment
if isinstance(self.env, ProductEnvironment):
permsys = PermissionSystem(self.env.parent)
if permsys.check_permission('TRAC_ADMIN', username):
return action in PermissionSystem(self.env).get_actions() \
or None # FIXME: maybe False is better
elif username == self.env.product.owner:
# Product owner granted with PRODUCT_ADMIN permission ootb
permsys = PermissionSystem(self.env)
# FIXME: would `action != 'TRAC_ADMIN'` be enough ?
return True if action in permsys.get_actions() and \
action != 'TRAC_ADMIN' \
else None
def check_permission(self, action, username, resource, perm):
# FIXME: Better handling of recursive imports
from multiproduct.env import ProductEnvironment
if isinstance(self.env, ProductEnvironment):
permsys = PermissionSystem(self.env.parent)
if permsys.check_permission('TRAC_ADMIN', username):
return action in PermissionSystem(self.env).get_actions() \
or None # FIXME: maybe False is better
elif username == self.env.product.owner:
# Product owner granted with PRODUCT_ADMIN permission ootb
permsys = PermissionSystem(self.env)
# FIXME: would `action != 'TRAC_ADMIN'` be enough ?
return True if action in permsys.get_actions() and \
action != 'TRAC_ADMIN' \
else None
class PermissionTestCase(unittest.TestCase):
def setUp(self):
self.env = EnvironmentStub(enable=['trac.*', 'acct_mgr.api.*'])
self.env.path = tempfile.mkdtemp()
self.perm = PermissionSystem(self.env)
self.req = Mock()
self.actions = [
'ACCTMGR_ADMIN', 'ACCTMGR_CONFIG_ADMIN', 'ACCTMGR_USER_ADMIN',
'EMAIL_VIEW', 'USER_VIEW'
]
def tearDown(self):
shutil.rmtree(self.env.path)
def test_available_actions(self):
for action in self.actions:
self.failIf(action not in self.perm.get_actions())
def test_available_actions_no_perms(self):
for action in self.actions:
self.assertFalse(self.perm.check_permission(action, 'anonymous'))
def test_available_actions_config_admin(self):
user = '******'
self.perm.grant_permission(user, 'ACCTMGR_CONFIG_ADMIN')
actions = [self.actions[0]] + self.actions[2:]
for action in actions:
self.assertFalse(self.perm.check_permission(action, user))
def test_available_actions_user_admin(self):
user = '******'
self.perm.grant_permission(user, 'ACCTMGR_USER_ADMIN')
for action in self.actions[2:]:
self.assertTrue(self.perm.check_permission(action, user))
for action in self.actions[:2] + ['TRAC_ADMIN']:
self.assertFalse(self.perm.check_permission(action, user))
def test_available_actions_full_perms(self):
perm_map = dict(acctmgr_admin='ACCTMGR_ADMIN', trac_admin='TRAC_ADMIN')
for user in perm_map:
self.perm.grant_permission(user, perm_map[user])
for action in self.actions:
self.assertTrue(self.perm.check_permission(action, user))
if user != 'trac_admin':
self.assertFalse(self.perm.check_permission(
'TRAC_ADMIN', user))
class PermissionTestCase(unittest.TestCase):
def setUp(self):
self.env = EnvironmentStub(
enable=['trac.*', 'acct_mgr.api.*'])
self.env.path = tempfile.mkdtemp()
self.perm = PermissionSystem(self.env)
self.req = Mock()
self.actions = ['ACCTMGR_ADMIN', 'ACCTMGR_CONFIG_ADMIN',
'ACCTMGR_USER_ADMIN', 'EMAIL_VIEW', 'USER_VIEW']
def tearDown(self):
shutil.rmtree(self.env.path)
def test_available_actions(self):
for action in self.actions:
self.failIf(action not in self.perm.get_actions())
def test_available_actions_no_perms(self):
for action in self.actions:
self.assertFalse(self.perm.check_permission(action, 'anonymous'))
def test_available_actions_config_admin(self):
user = '******'
self.perm.grant_permission(user, 'ACCTMGR_CONFIG_ADMIN')
actions = [self.actions[0]] + self.actions[2:]
for action in actions:
self.assertFalse(self.perm.check_permission(action, user))
def test_available_actions_user_admin(self):
user = '******'
self.perm.grant_permission(user, 'ACCTMGR_USER_ADMIN')
for action in self.actions[2:]:
self.assertTrue(self.perm.check_permission(action, user))
for action in self.actions[:2] + ['TRAC_ADMIN']:
self.assertFalse(self.perm.check_permission(action, user))
def test_available_actions_full_perms(self):
perm_map = dict(acctmgr_admin='ACCTMGR_ADMIN', trac_admin='TRAC_ADMIN')
for user in perm_map:
self.perm.grant_permission(user, perm_map[user])
for action in self.actions:
self.assertTrue(self.perm.check_permission(action, user))
if user != 'trac_admin':
self.assertFalse(self.perm.check_permission('TRAC_ADMIN',
user))
def invoke(self, message, warnings):
"""reply to a ticket"""
ticket = self.ticket
reporter = self._reporter(message)
# get the mailBody and attachments
mailBody, attachments = get_body_and_attachments(message)
if not mailBody:
warnings.append("Seems to be a reply to %s but I couldn't find a comment")
return message
#go throught work
ts = TicketSystem(self.env)
tm = TicketModule(self.env)
perm = PermissionSystem(self.env)
# TODO: Deprecate update without time_changed timestamp
mockReq = self._MockReq(perm.get_user_permissions(reporter), reporter)
avail_actions = ts.get_available_actions(mockReq, ticket)
mailBody, inBodyFields, actions = self._get_in_body_fields(mailBody, avail_actions, reporter)
if inBodyFields or actions :
# check permissions
perm = PermissionSystem(self.env)
#we have properties movement, cheking user permission to do so
if not perm.check_permission('MAIL2TICKET_PROPERTIES', reporter) : # None -> 'anoymous'
raise ("%s does not have MAIL2TICKET_PROPERTIES permissions" % (user or 'anonymous'))
action = None
if actions :
action = actions.keys()[0]
controllers = list(tm._get_action_controllers(mockReq, ticket, action))
all_fields = [field['name'] for field in ts.get_ticket_fields()]
#impact changes find in inBodyFields
for field in inBodyFields :
ticket._old[field] = ticket[field]
ticket.values[field] = inBodyFields[field]
mockReq.args[field] = inBodyFields[field]
if action :
mockReq.args['action_%s_reassign_owner' % action] = ticket['owner']
mockReq.args['comment'] = mailBody
mockReq.args['ts'] = datetime.now()#to_datetime(None, utc)
mockReq.args['ts'] = str(ticket.time_changed)
changes, problems = tm.get_ticket_changes(mockReq, ticket, action)
valid = problems and False or tm._validate_ticket(mockReq, ticket)
tm._apply_ticket_changes(ticket, changes)
# add attachments to the ticket
add_attachments(self.env, ticket, attachments)
ticket.save_changes(reporter, mailBody)
for controller in controllers:
controller.apply_action_side_effects(mockReq, ticket, action)
# Call ticket change listeners
for listener in ts.change_listeners:
listener.ticket_changed(ticket, mailBody, reporter, ticket._old)
tn = TicketNotifyEmail(self.env)
tn.notify(ticket, newticket=0, modtime=ticket.time_changed)
