def test_getUsers(change_to_test_directory):
    Permissions.PERMISSION_PATH = 'test_permissions_01.json'
    perms = Permissions(".")
    users = perms.get_users()
    for user, roles in users:
        if user == "user1":
            assert len(roles) == 2
            assert "manager" in roles
        if user == "user4":
            assert len(roles) == 3
            assert "manager" in roles
            assert "engineer" in roles
def test_grant_role(change_to_test_directory):
    Permissions.PERMISSION_PATH = 'test_permissions_01.json'
    perms = Permissions(".")
    perms.create_role("managerUser", "testRole")
    assert perms.grant_role("managerUser", "user2", "testRole")
    assert "testRole" in perms.get_roles("user2")
    assert not perms.grant_role("managerUser", "user2", "nonExistantRole")
    assert not perms.grant_role("engineerUser", "user3", "testRole")
    assert not perms.grant_role("engineerUser", "engineerUser", "manager")
def test_remove_role_permission(change_to_test_directory):
    Permissions.PERMISSION_PATH = 'test_permissions_01.json'
    perms = Permissions(".")
    perms.add_role_permission("managerUser", "engineer", "roles_write")
    assert not perms.remove_role_permission("engineerUser", "engineer",
                                            "roles_write")
    assert perms.remove_role_permission("managerUser", "engineer",
                                        "roles_write")
    assert not perms.can_write("engineerUser", "anything.py")
    assert not perms.remove_role_permission("managerUser", "fakeRole",
                                            "roles_write")
    with pytest.raises(KeyError):
        perms.remove_role_permission("managerUser", "manager",
                                     "fakePermission")
def test_create_role(change_to_test_directory):
    Permissions.PERMISSION_PATH = 'test_permissions_01.json'
    perms = Permissions(".")
    assert perms.create_role("managerUser", "newRole")
    perms.grant_role("managerUser", "user2", "newRole")
    assert "newRole" in perms.get_roles("user2")
    assert not perms.create_role("engineerUser", "badRole")
    assert not perms.create_role("managerUser", "default")
def test_remove_user_permission(change_to_test_directory):
    Permissions.PERMISSION_PATH = 'test_permissions_01.json'
    perms = Permissions(".")
    perms.add_user_permission("managerUser", "engineerUser", "users_write")
    assert not perms.remove_user_permission("engineerUser", "engineerUser",
                                            "users_write")
    assert perms.remove_user_permission("managerUser", "engineerUser",
                                        "users_write")
    assert not perms.can_write("engineerUser", "potato.obj")
    with pytest.raises(KeyError):
        perms.remove_user_permission("managerUser", "managerUser",
                                     "fakePermission")
def test_set_readonly(change_to_test_directory):
    Permissions.PERMISSION_PATH = 'test_permissions_01.json'
    perms = Permissions(".")
    assert perms.can_write("managerUser", "potato.obj")
    assert perms.set_file_readonly("managerUser", "potato.obj", True)
    assert not perms.can_write("managerUser", "potato.obj")
    assert perms.set_file_readonly("managerUser", "potato.obj", False)
    assert perms.can_write("managerUser", "potato.obj")
    assert not perms.set_file_readonly("engineerUser", "potato.obj", False)
def test_remove_user_permission_file(change_to_test_directory):
    Permissions.PERMISSION_PATH = 'test_permissions_01.json'
    perms = Permissions(".")
    perms.add_user_permission("managerUser", "engineerUser", "users_write",
                              "potato.obj")
    assert not perms.remove_user_permission("engineerUser", "engineerUser",
                                            "users_write", "potato.obj")
    assert perms.remove_user_permission("managerUser", "engineerUser",
                                        "users_write", "potato.obj")
    assert not perms.can_write("engineerUser", "potato.obj")
Ejemplo n.º 8
0
 def __init__(self,
              path,
              url=None,
              checkout_branch=None,
              bare=False,
              init=False,
              *args,
              **kwargs):
     """Git repository constructor"""
     # Check for special construction
     if init:
         # Initialize a new repository
         self.__dict__ = init_repository(path,
                                         bare=bare,
                                         workdir_path=path,
                                         origin_url=url).__dict__
     elif url is not None:
         # Clone a repository
         self.__dict__ = clone_repository(
             url, path, bare=bare, checkout_branch=checkout_branch).__dict__
     # Initialize the git repository super class
     super().__init__(path, *args, **kwargs)
     self.__permissions = Permissions(path)
     self.__locking = Locking(self.__permissions, path)
def test_delete_role(change_to_test_directory):
    Permissions.PERMISSION_PATH = 'test_permissions_01.json'
    perms = Permissions(".")
    assert perms.delete_role("managerUser", "engineer")
    assert "engineer" not in perms.get_roles("engineerUser")
    assert not perms.delete_role("managerUser", "fakeRole")
    assert not perms.delete_role("engineerUser", "manager")
    assert not perms.delete_role("managerUser", "default")
    perms.create_role("managerUser", "newRole")
    perms.add_role_permission("managerUser", "newRole", "roles_write")
    assert perms.delete_role("managerUser", "newRole")
    assert "newRole" not in perms["general"]["roles_write"]
def test_remove_role(change_to_test_directory):
    Permissions.PERMISSION_PATH = 'test_permissions_01.json'
    perms = Permissions(".")
    assert perms.remove_role("managerUser", "user2", "engineer")
    assert "engineer" not in perms.get_roles("user2")
    assert not perms.grant_role("engineerUser", "managerUser", "manager")
def test_permissions_02(change_to_test_directory):
    Permissions.PERMISSION_PATH = 'test_permissions_01.json'
    perms = Permissions(".")

    assert perms.can_write('user1', 'a')
    assert not perms.can_write('user1', 'b')
def test_permissions_00(change_to_test_directory):
    Permissions.PERMISSION_PATH = 'test_permissions_00.json'
    Permissions(".")
Ejemplo n.º 13
0
class GitRepository(Repository):
    """Git repository"""

    # Git repository constructor
    def __init__(self,
                 path,
                 url=None,
                 checkout_branch=None,
                 bare=False,
                 init=False,
                 *args,
                 **kwargs):
        """Git repository constructor"""
        # Check for special construction
        if init:
            # Initialize a new repository
            self.__dict__ = init_repository(path,
                                            bare=bare,
                                            workdir_path=path,
                                            origin_url=url).__dict__
        elif url is not None:
            # Clone a repository
            self.__dict__ = clone_repository(
                url, path, bare=bare, checkout_branch=checkout_branch).__dict__
        # Initialize the git repository super class
        super().__init__(path, *args, **kwargs)
        self.__permissions = Permissions(path)
        self.__locking = Locking(self.__permissions, path)

    @property
    def locking(self):
        return self.__locking

    @property
    def permissions(self):
        return self.__permissions

    @property
    def path(self):
        if not self.is_empty:
            path = self.workdir
        else:
            path = super().path
        return os.path.abspath(path)

    # Git repository destructor
    def __del__(self):
        # Free the repository references
        self.free()

    # Fetch remote
    def fetch(self, remote_name='origin'):
        for remote in self.remotes:
            if remote.name == remote_name:
                remote.fetch()

    # Fetch all remotes
    def fetch_all(self):
        for remote in self.remotes:
            remote.fetch()

    def stageChanges(self, username):
        """Adds changes to the index
        Only adds changes allowd by locking and permission module

        Args:
            username(string): username of the git user
        Returns:
            (list(IndexEntry)): list of changed files to specificly not stage, (used to revert changes before merge)
        """
        self.index.add_all()
        entriesToAdd = []
        entriesToNotAdd = []
        for changedFile in self.index:
            lockEntry = self.__locking.findLock(changedFile.path)
            if (((lockEntry is None or lockEntry["user"] == username)
                 and self.__permissions.can_write(username, changedFile.path))
                    or changedFile.path == Locking.LOCKFILE_PATH
                    or changedFile.path == Permissions.PERMISSION_PATH):
                entriesToAdd.append(changedFile)
            else:
                entriesToNotAdd.append(changedFile)
        self.index.read(force=True)
        for entry in entriesToAdd:
            self.index.add(entry)
        self.index.write()
        return entriesToNotAdd

    def pullPaths(self, paths):
        """Checkout only the files in the list of paths

        Args:
            paths (list(stirng)): paths to checkout
        Returns:
            (bool): Were the paths sucessfuly checkedout
        """
        self.fetch_all()
        fetch_head = self.lookup_reference('FETCH_HEAD')
        if fetch_head is not None:
            try:
                self.head.set_target(fetch_head.target)
                self.checkout_head(paths=paths)
                return True
            except GitError as e:
                Logger.warning(f'MEG Repositiory: {e}')
        Logger.warning(f'MEG Repositiory: Could not checkout paths')
        return False

    def pull(self,
             remote_name='origin',
             fail_on_conflict=False,
             username=None,
             password=None):
        """Pull and merge
        Merge is done fully automaticly, currently uses 'ours' on conflicts

        Args:
            remote_ref_name (string): name of reference to the remote being pulled from
        """
        if username is None:
            username = Config.get('user/username')
        if password is None:
            password = Config.get('user/password')
        self.__permissions.save()
        self.__locking.save()
        # Find state of both references have
        self.fetch_all()
        remoteId = self.lookup_reference("FETCH_HEAD").resolve().target
        localId = self.lookup_reference("HEAD").resolve().target
        ahead, behind = self.ahead_behind(localId, remoteId)
        # Pull only required if we are behind
        if behind > 0:
            # If changes, commit and prepare for merge
            if self.isChanged(username):
                self.stageChanges(username)
                self.create_commit('HEAD', self.default_signature,
                                   self.default_signature, "MEG PULL OWN",
                                   self.index.write_tree(), [self.head.target])
            # Find the kind of required merge
            mergeState, _ = self.merge_analysis(remoteId)
            # Preform merge
            if mergeState & pygit2.GIT_MERGE_ANALYSIS_FASTFORWARD:
                # Fastforward and checkout remote
                self.checkout_tree(self.get(remoteId))
                self.head.set_target(remoteId)
                self.checkout_head()
            elif mergeState & pygit2.GIT_MERGE_ANALYSIS_NORMAL:
                # Preform painful merge
                if fail_on_conflict:
                    self.state_cleanup()
                    return False
                # Find files not to staged (because lock, permissions,...) and discard changes so merging can occur
                badPaths = [
                    entry.path for entry in self.stageChanges(username)
                ]
                self.checkout_head(strategy=pygit2.GIT_CHECKOUT_FORCE,
                                   paths=badPaths)
                # Merge will stage changes automaticly and find conflicts
                self.merge(remoteId)
                if self.index.conflicts is not None:
                    self.resolveLockingPermissionsMerge()
                    self.resolveGeneralMerge(username)
                else:
                    self.__permissions.load()
                    self.__locking.load()
                # Check there are no merge conflicts before committing
                if self.index.conflicts is None or len(
                        self.index.conflicts) == 0:
                    # Commit the merge
                    self.index.add_all()
                    self.create_commit('HEAD', self.default_signature,
                                       self.default_signature, "MEG MERGE",
                                       self.index.write_tree(),
                                       [self.head.target, remoteId])
                self.push(remote_name, username, password)
            self.state_cleanup()
        return True

    def resolveLockingPermissionsMerge(self):
        """Resolve conflicts on the locking or permissions files
        """
        resolved_conflicts = []
        for conflict in self.index.conflicts:
            path = self.pathFromConflict(conflict)
            # For conflicting Locks or Permissions that have been changed on remote, it is safest to discard local version and accept the remote
            # Then reload the respective modules
            if path == Locking.LOCKFILE_PATH or path == Permissions.PERMISSION_PATH:
                self.writeConflictResolution(conflict[2], path)
        self.__locking.load()
        self.__permissions.load()
        # Remove all resolved conflicts
        for conflict in resolved_conflicts:
            del self.index.conflicts[conflict]

    def resolveGeneralMerge(self, username):
        """Resolve all remaining conflicts
        TODO: Some other merge logic from plugins and other stuff
        """
        # Resolve remaining conflicts
        resolved_conflicts = []
        for conflict in self.index.conflicts:
            path = self.pathFromConflict(conflict)
            if not self.__permissions.can_write(username, path):
                # Not allowed to write, use theirs
                self.writeConflictResolution(conflict[2], path)
            elif not self.__locking.findLock(path) is None:
                if self.__locking.findLock(path)["user"] != username:
                    # Is locked by not the local user, use theirs
                    self.writeConflictResolution(conflict[2], path)
                else:
                    # Else its our lock
                    self.writeConflictResolution(conflict[1], path)
            else:
                # TODO: Some other merge logic from plugins and other stuff
                # Currently just use ours
                self.writeConflictResolution(conflict[1], path)
            # Add path to resolve conflict
            resolved_conflicts.append(path)
        # Remove all resolved conflicts
        for conflict in resolved_conflicts:
            del self.index.conflicts[conflict]

    def writeConflictResolution(self, indexEntry, path):
        """For simple merge conflict resolution, writes contentes of index entry to file
        Or deletes the file if required.
        """
        if indexEntry is None:
            if os.path.exists(path):
                os.remove(path)
        else:
            open(os.path.join(self.path, path),
                 "w+b").write(self.get(indexEntry.id).data)

    def pathFromConflict(self, indexConflict):
        """Returns path of conflict from index.conflicts entry
        """
        return [conf.path for conf in indexConflict if conf is not None][0]

    def push(self, remote_name='origin', username=None, password=None):
        """Pushes current commits
        4/13/20 21 - seems to be working

        Args:
            remote_name (string, optional): name of the remote to push to
            username (string, optional): username of user account used for pushing
            password (string, optional): password of user account used for pushing
        """
        if username is None:
            username = Config.get('user/username')
        if password is None:
            password = Config.get('user/password')
        creds = pygit2.UserPass(username, password)
        remote = self.remotes[remote_name]
        remote.credentials = creds
        try:
            remote.push([self.head.name],
                        callbacks=pygit2.RemoteCallbacks(credentials=creds))
        except GitError as e:
            Logger.warning(e)
            Logger.warning("MEG Git Repository: Failed to push commit")

    def commit_push(self,
                    tree,
                    message,
                    remote_name='origin',
                    username=None,
                    password=None):
        """Commits and pushes staged changes in the tree
        TODO: Ensure that the config keys are correct
        4/13/20 21 - seems to be working

        Args:
            tree (Oid): Oid id created from repositiory index (ex: repo.index.write_tree()) containing the tracked file changes (proably)
            message (string): commit message
            remote_name (string, optional): name of the remote to push to
            username (string, optional): username of user account used for pushing
            password (string, optional): password of user account used for pushing
        """
        if username is None:
            username = Config.get('user/username')
        if password is None:
            password = Config.get('user/password')
        # Create commit on current branch, parent is current commit, author and commiter is the default signature
        self.create_commit(self.head.name, self.default_signature,
                           self.default_signature, message, tree,
                           [self.head.target])
        self.push(remote_name, username, password)

    def isChanged(self, username):
        """Are there local changes from the last commit
        Only counts changes alowed by locking and permission module commitable files
        """
        mask = pygit2.GIT_STATUS_WT_DELETED | pygit2.GIT_STATUS_WT_RENAMED | pygit2.GIT_STATUS_WT_MODIFIED | pygit2.GIT_STATUS_WT_NEW
        for path, status in self.status().items():
            if status & mask == 0:
                continue
            lockEntry = self.__locking.findLock(path)
            if (((lockEntry is None
                  or lockEntry["user"] == Config.get('user/username'))
                 and self.__permissions.can_write(username, path))
                    or path == Locking.LOCKFILE_PATH
                    or path == Permissions.PERMISSION_PATH):
                return True
        return False

    def sync(self, remote_name='origin', username=None, password=None):
        """Pulls and then pushes, merge conflicts resolved by pull

        Args:
            username (string, optional): username of user account used for pushing
            password (string, optional): password of user account used for pushing
        """
        if username is None:
            username = Config.get('user/username')
        if password is None:
            password = Config.get('user/password')
        self.__permissions.save()
        self.__locking.save()
        self.pull(remote_name, username=username, password=password)
        if self.isChanged(username):
            self.stageChanges(username)
            self.create_commit('HEAD', self.default_signature,
                               self.default_signature, "MEG SYNC",
                               self.index.write_tree(), [self.head.target])
            self.push(remote_name, username=username, password=password)