def test_validate_acls_pagure(self, mock_gpcfp): """ Test validate_acls when the acl system is Pagure. """ mock_request = self.get_mock_request() validators.validate_acls(mock_request) assert len(mock_request.errors) == 0, mock_request.errors mock_gpcfp.assert_called_once()
def test_validate_acls_sidetag_update_can_view_edit_page(self, mock_gpcfp): """Test that a user can display the edit form.""" mock_request = self.get_mock_request() mock_request.validated['update'].from_tag = 'f33-build-side-0000' validators.validate_acls(mock_request) assert not len(mock_request.errors) mock_gpcfp.assert_not_called()
def test_pkgdb_allowed(self, get_pkg_pushers): """Test the integration with pkgdb.""" request = self.get_mock_request() validators.validate_acls(request) self.assertEqual(len(request.errors), 0) get_pkg_pushers.assert_called_once_with('f17', config.config)
def test_validate_acls_pagure_committers_exception(self, warning, mock_gpcfp, mock_access): """ Test validate_acls when an Exception is raised on getting package committers.""" mock_request = self.get_mock_request() mock_gpcfp.side_effect = ValueError('some error') validators.validate_acls(mock_request) assert len(mock_request.errors) == 0 mock_access.assert_called_once() mock_gpcfp.assert_called_once() warning.called_once_with('Unable to retrieve committers list from Pagure for bodhi.')
def test_validate_acls_dummy_committer(self): """ Test validate_acls when the acl system is dummy and a user adds himself to the committers list by the development.ini file. """ user = self.db.query(models.User).filter_by(id=1).one() user.name = 'mattia' self.db.flush() mock_request = self.get_mock_request() validators.validate_acls(mock_request) assert not len(mock_request.errors)
def test_validate_acls_sidetag_wrong_owner(self, mock_gpcfp): """Test that a user can submit updates only for sidetags they owns.""" mock_request = self.get_mock_request(sidetag=True) mock_request.validated['sidetag_owner'] = 'mattia' validators.validate_acls(mock_request) error = [{ 'location': 'body', 'name': 'builds', 'description': 'guest does not own f33-build-side-0000 side-tag' }] assert mock_request.errors == error mock_gpcfp.assert_not_called()
def test_validate_acls_archived_release(self): """ Test validate_acls when trying to edit an Update for an archived Release. """ mock_request = self.get_mock_request() mock_request.validated['update'].release.state = models.ReleaseState.archived validators.validate_acls(mock_request) error = [{ 'location': 'body', 'name': 'update', 'description': 'cannot edit Update for an archived Release' }] assert mock_request.errors == error
def test_validate_acls_invalid_acl_system(self): """ Test validate_acls when the acl system is invalid. This will ensure that the user does not have rights. """ mock_request = self.get_mock_request() validators.validate_acls(mock_request) error = [{ 'location': 'body', 'name': 'builds', 'description': 'guest does not have commit access to bodhi' }] assert mock_request.errors == error, mock_request.errors
def test_allowed_via_group(self, gpcfp): """Ensure that packagers can be allowed via group membership.""" user = self.db.query(models.User).filter_by(id=1).one() group = models.Group(name='infra-sig') self.db.add(group) user.groups.append(group) request = self.get_mock_request() validators.validate_acls(request) assert not len(request.errors) gpcfp.assert_called_once_with()
def test_validate_acls_pagure_no_commit_access(self, mock_gpcfp): """ Test validate_acls when the acl system is Pagure when the user is a packager but doesn't have access through Pagure. """ mock_request = self.get_mock_request() validators.validate_acls(mock_request) error = [{ 'location': 'body', 'name': 'builds', 'description': 'guest does not have commit access to bodhi' }] assert mock_request.errors == error, mock_request.errors mock_gpcfp.assert_called_once()
def test_pkgdb_disallowed(self, get_pkg_pushers): """Test the integration with pkgdb.""" request = self.get_mock_request() validators.validate_acls(request) error = [{ 'location': 'body', 'name': 'builds', 'description': 'guest does not have commit access to bodhi' }] self.assertEqual(request.errors, error) get_pkg_pushers.assert_called_once_with('f17', config.config)
def test_validate_acls_sidetag_owner_not_set(self, mock_gpcfp): """If side-tag update, sidetag_owner must be present in request.""" mock_request = self.get_mock_request(sidetag=True) mock_request.validated['sidetag_owner'] = None validators.validate_acls(mock_request) error = [{ 'location': 'body', 'name': 'builds', 'description': ('Update appear to be from side-tag, but we cannot determine ' 'the side-tag owner') }] assert mock_request.errors == error mock_gpcfp.assert_not_called()
def test_validate_acls_pagure_proven_packager(self, mock_gpcfp): """ Test validate_acls when the acl system is Pagure when the user is a proven packager but doesn't have access through Pagure. """ user = self.db.query(models.User).filter_by(id=1).one() group = self.db.query( models.Group).filter_by(name=u'provenpackager').one() user.groups.pop(0) user.groups.append(group) self.db.flush() mock_request = self.get_mock_request() validators.validate_acls(mock_request) assert len(mock_request.errors) == 0, mock_request.errors mock_gpcfp.assert_not_called()
def test_unable_to_infer_content_type_not_implemented(self): """Test error handler when Bodhi can't determine the content type due to NotImplemented.""" request = self.get_mock_request() request.koji = buildsys.get_session() request.validated = {'builds': [b.nvr for b in models.Build.query.all()]} with mock.patch('bodhi.server.validators.ContentType.infer_content_class', side_effect=NotImplementedError('oh no')): validators.validate_acls(request) assert request.errors == [ {'location': 'body', 'name': 'builds', 'description': "Unable to infer content_type. 'oh no'"} ] assert request.errors.status == 501
def test_validate_acls_pagure_runtime_error(self, mock_gpcfp): """ Test validate_acls when the acl system is Pagure and a RuntimeError is raised. """ mock_request = self.get_mock_request() mock_gpcfp.side_effect = RuntimeError('some error') validators.validate_acls(mock_request) assert len(mock_request.errors) == 1, mock_request.errors expected_error = [{ 'location': 'body', 'name': 'builds', 'description': 'some error' }] assert mock_request.errors == expected_error, mock_request.errors mock_gpcfp.assert_called_once()
def test_validate_acls_sidetag_update_cannot_view_edit_page(self, mock_gpcfp): """Test that a user can display the edit form.""" user = self.db.query(models.User).filter_by(id=2).one() self.db.flush() mock_request = self.get_mock_request() mock_request.validated['update'].from_tag = 'f33-build-side-0000' mock_request.validated['update'].user = user validators.validate_acls(mock_request) error = [{ 'location': 'body', 'name': 'builds', 'description': 'guest does not own f33-build-side-0000 side-tag' }] assert mock_request.errors == error mock_gpcfp.assert_not_called()
def test_validate_acls_pagure_exception(self, mock_access): """ Test validate_acls when the acl system is Pagure and an exception that isn't a RuntimeError is raised. """ mock_request = self.get_mock_request() mock_access.side_effect = ValueError('some error') validators.validate_acls(mock_request) assert len(mock_request.errors) == 1 expected_error = [{ 'location': 'body', 'name': 'builds', 'description': ('Unable to access Pagure to check ACLs. Please ' 'try again later.') }] assert mock_request.errors == expected_error mock_access.assert_called_once()
def get_update(request): """ Return a single update from an id or alias. Args: request (pyramid.request): The current request. Returns: dict: A dictionary with the following key mappings: update: The update that was requested. can_edit: A boolean indicating whether the update can be edited. """ proxy_request = bodhi.server.security.ProtectedRequest(request) validate_acls(proxy_request) # If validate_acls produced 0 errors, then we can edit this update. can_edit = len(proxy_request.errors) == 0 return dict(update=request.validated['update'], can_edit=can_edit)
def test_validate_acls_pagure(self, mock_gpcfp, access): """ Test validate_acls when the acl system is Pagure. """ mock_request = self.get_mock_request() with mock.patch('bodhi.server.models.Package.hascommitaccess', return_value=access): validators.validate_acls(mock_request) if access: assert not len(mock_request.errors) mock_gpcfp.assert_called_once() else: error = [{ 'location': 'body', 'name': 'builds', 'description': 'guest does not have commit access to bodhi' }] assert mock_request.errors == error mock_gpcfp.assert_not_called()
def test_validate_acls_pagure_not_a_packager(self, mock_gpcfp, mock_access): """ Test validate_acls when the acl system is Pagure when the user is not a packager but has access through Pagure. This should not be allowed. """ user = self.db.query(models.User).filter_by(id=1).one() user.groups.pop(0) self.db.flush() mock_request = self.get_mock_request() validators.validate_acls(mock_request) error = [{ 'location': 'body', 'name': 'builds', 'description': ('guest is not a member of "packager", which is a ' 'mandatory packager group') }] assert mock_request.errors == error mock_access.assert_not_called() mock_gpcfp.assert_not_called()
def test_unable_to_infer_content_type(self): """Test the error handler for when Bodhi cannot determine the content type of a build.""" request = self.get_mock_request() request.koji = buildsys.get_session() request.validated = { 'builds': [b.nvr for b in models.Build.query.all()] } with mock.patch( 'bodhi.server.validators.ContentType.infer_content_class', side_effect=IOError('oh no')): validators.validate_acls(request) self.assertEqual( request.errors, [{ 'location': 'body', 'name': 'builds', 'description': "Unable to infer content_type. 'oh no'" }]) self.assertEqual(request.errors.status, 400)
def test_validate_acls_dummy(self): """ Test validate_acls when the acl system is dummy. """ mock_request = self.get_mock_request() validators.validate_acls(mock_request) assert len(mock_request.errors) == 0, mock_request.errors
def test_validate_acls_sidetag(self, mock_gpcfp): """Validate acls against sidetag ownership.""" mock_request = self.get_mock_request(sidetag=True) validators.validate_acls(mock_request) assert not len(mock_request.errors) mock_gpcfp.assert_not_called()