def test_copy_permissions_to_subject(self):
"""Copy permissions to subject.
Undefined actions are skipped.
"""
ps = PermissionSystem(self.env)
ps.grant_permission('user1', 'WIKI_VIEW')
ps.grant_permission('user1', 'TICKET_VIEW')
self.env.db_transaction("""
INSERT INTO permission VALUES ('user1', 'TEST_PERM')
""")
req = MockRequest(self.env, method='POST', args={
'copy': True, 'subject': 'user1', 'target': 'user2'})
with self.assertRaises(RequestDone):
self.panel.render_admin_panel(req, 'general', 'perm', None)
self.assertEqual(['TICKET_VIEW', 'WIKI_VIEW'],
ps.get_users_dict().get('user2'))
self.assertEqual(2, len(req.chrome['notices']))
self.assertIn("The subject user2 has been granted the permission "
"TICKET_VIEW.", req.chrome['notices'])
self.assertIn("The subject user2 has been granted the permission "
"WIKI_VIEW.", req.chrome['notices'])
self.assertIn(("WARNING", "Skipped granting TEST_PERM to user2: "
"permission unavailable."),
self.env.log_messages)
self.assertIn(("INFO", "Granted permission for TICKET_VIEW to user2"),
self.env.log_messages)
self.assertIn(("INFO", "Granted permission for TICKET_VIEW to user2"),
self.env.log_messages)
def render_admin_panel(self, req, cat, page, path_info):
perm = PermissionSystem(self.env)
all_actions = perm.get_actions()
if req.method == 'POST':
subject = req.args.get('subject', '').strip()
target = req.args.get('target', '').strip()
action = req.args.get('action')
group = req.args.get('group', '').strip()
if subject and subject.isupper() or \
group and group.isupper() or \
target and target.isupper():
raise TracError(
_("All upper-cased tokens are reserved for "
"permission names."))
# Grant permission to subject
if 'add' in req.args and subject and action:
req.perm('admin', 'general/perm').require('PERMISSION_GRANT')
if action not in all_actions:
raise TracError(_("Unknown action"))
req.perm.require(action)
try:
perm.grant_permission(subject, action)
except TracError as e:
add_warning(req, e)
else:
add_notice(
req,
_(
"The subject %(subject)s has been "
"granted the permission %(action)s.",
subject=subject,
action=action))
# Add subject to group
elif 'add' in req.args and subject and group:
req.perm('admin', 'general/perm').require('PERMISSION_GRANT')
for action in perm.get_user_permissions(group):
req.perm.require(
action,
message=_(
"The subject %(subject)s was not added to "
"the group %(group)s because the group has "
"%(perm)s permission and users cannot grant "
"permissions they don't possess.",
subject=subject,
group=group,
perm=action))
try:
perm.grant_permission(subject, group)
except TracError as e:
add_warning(req, e)
else:
add_notice(
req,
_(
"The subject %(subject)s has been "
"added to the group %(group)s.",
subject=subject,
group=group))
# Copy permissions to subject
elif 'copy' in req.args and subject and target:
req.perm('admin', 'general/perm').require('PERMISSION_GRANT')
subject_permissions = perm.get_users_dict().get(subject, [])
if not subject_permissions:
add_warning(
req,
_(
"The subject %(subject)s does not "
"have any permissions.",
subject=subject))
for action in subject_permissions:
if action not in all_actions: # plugin disabled?
self.log.warning(
"Skipped granting %s to %s: "
"permission unavailable.", action, target)
else:
if action not in req.perm:
add_warning(
req,
_(
"The permission %(action)s was "
"not granted to %(subject)s "
"because users cannot grant "
"permissions they don't possess.",
action=action,
subject=subject))
continue
try:
perm.grant_permission(target, action)
except PermissionExistsError:
pass
else:
add_notice(
req,
_(
"The subject %(subject)s has "
"been granted the permission "
"%(action)s.",
subject=target,
action=action))
req.redirect(req.href.admin(cat, page))
# Remove permissions action
elif 'remove' in req.args and 'sel' in req.args:
req.perm('admin', 'general/perm').require('PERMISSION_REVOKE')
for key in req.args.getlist('sel'):
subject, action = key.split(':', 1)
subject = unicode_from_base64(subject)
action = unicode_from_base64(action)
if (subject, action) in perm.get_all_permissions():
perm.revoke_permission(subject, action)
add_notice(req,
_("The selected permissions have been "
"revoked."))
req.redirect(req.href.admin(cat, page))
return 'admin_perms.html', {
'actions': all_actions,
'allowed_actions': [a for a in all_actions if a in req.perm],
'perms': perm.get_users_dict(),
'groups': perm.get_groups_dict(),
'unicode_to_base64': unicode_to_base64
}
def render_admin_panel(self, req, cat, page, path_info):
perm = PermissionSystem(self.env)
all_permissions = perm.get_all_permissions()
all_actions = perm.get_actions()
if req.method == 'POST':
subject = req.args.get('subject', '').strip()
target = req.args.get('target', '').strip()
action = req.args.get('action')
group = req.args.get('group', '').strip()
if subject and subject.isupper() or \
group and group.isupper() or \
target and target.isupper():
raise TracError(_("All upper-cased tokens are reserved for "
"permission names."))
# Grant permission to subject
if req.args.get('add') and subject and action:
req.perm('admin', 'general/perm').require('PERMISSION_GRANT')
if action not in all_actions:
raise TracError(_("Unknown action"))
req.perm.require(action)
if (subject, action) not in all_permissions:
perm.grant_permission(subject, action)
add_notice(req, _("The subject %(subject)s has been "
"granted the permission %(action)s.",
subject=subject, action=action))
req.redirect(req.href.admin(cat, page))
else:
add_warning(req, _("The permission %(action)s was already "
"granted to %(subject)s.",
action=action, subject=subject))
# Add subject to group
elif req.args.get('add') and subject and group:
req.perm('admin', 'general/perm').require('PERMISSION_GRANT')
for action in perm.get_user_permissions(group):
if not action in all_actions: # plugin disabled?
self.env.log.warn("Adding %s to group %s: "
"Permission %s unavailable, skipping perm check.",
subject, group, action)
else:
req.perm.require(action,
message=_("The subject %(subject)s was not added "
"to the group %(group)s because the "
"group has %(perm)s permission and "
"users cannot grant permissions they "
"don't possess.", subject=subject,
group=group, perm=action))
if (subject, group) not in all_permissions:
perm.grant_permission(subject, group)
add_notice(req, _("The subject %(subject)s has been added "
"to the group %(group)s.",
subject=subject, group=group))
req.redirect(req.href.admin(cat, page))
else:
add_warning(req, _("The subject %(subject)s was already "
"added to the group %(group)s.",
subject=subject, group=group))
# Copy permissions to subject
elif req.args.get('copy') and subject and target:
req.perm.require('PERMISSION_GRANT')
subject_permissions = [i[1] for i in all_permissions
if i[0] == subject and
i[1].isupper()]
if not subject_permissions:
add_warning(req,_("The subject %(subject)s does not "
"have any permissions.",
subject=subject))
for action in subject_permissions:
if (target, action) in all_permissions:
continue
if not action in all_actions: # plugin disabled?
self.env.log.warn("Skipped granting %s to %s: "
"permission unavailable.",
action, target)
else:
if action not in req.perm:
add_warning(req,
_("The permission %(action)s was "
"not granted to %(subject)s "
"because users cannot grant "
"permissions they don't possess.",
action=action, subject=subject))
continue
perm.grant_permission(target, action)
add_notice(req, _("The subject %(subject)s has "
"been granted the permission "
"%(action)s.",
subject=target, action=action))
req.redirect(req.href.admin(cat, page))
# Remove permissions action
elif req.args.get('remove') and req.args.get('sel'):
req.perm('admin', 'general/perm').require('PERMISSION_REVOKE')
sel = req.args.get('sel')
sel = sel if isinstance(sel, list) else [sel]
for key in sel:
subject, action = key.split(':', 1)
subject = unicode_from_base64(subject)
action = unicode_from_base64(action)
if (subject, action) in perm.get_all_permissions():
perm.revoke_permission(subject, action)
add_notice(req, _("The selected permissions have been "
"revoked."))
req.redirect(req.href.admin(cat, page))
return 'admin_perms.html', {
'actions': all_actions,
'perms': perm.get_users_dict(),
'groups': perm.get_groups_dict(),
'unicode_to_base64': unicode_to_base64
}
