def test_permission_create_extra(mocker):
with message(mocker, "permission_created", permission="site.test"):
permission_create("site.test")
res = user_permission_list(full=True)['permissions']
assert "site.test" in res
# all_users is only enabled by default on .main perms
assert "all_users" not in res['site.test']['allowed']
assert res['site.test']['corresponding_users'] == []
assert res['site.test']['protected'] is False
def test_permission_create_main(mocker):
with message(mocker, "permission_created", permission="site.main"):
permission_create("site.main", allowed=["all_users"], protected=False)
res = user_permission_list(full=True)['permissions']
assert "site.main" in res
assert res['site.main']['allowed'] == ["all_users"]
assert set(res['site.main']['corresponding_users']) == set(
["alice", "bob"])
assert res['site.main']['protected'] is False
def _permission_create_with_dummy_app(
permission,
allowed=None,
url=None,
additional_urls=None,
auth_header=True,
label=None,
show_tile=False,
protected=True,
sync_perm=True,
domain=None,
path=None,
):
app = permission.split(".")[0]
if app not in _installed_apps():
app_setting_path = os.path.join(APPS_SETTING_PATH, app)
if not os.path.exists(app_setting_path):
os.makedirs(app_setting_path)
settings = {"id": app, "dummy_permission_app": True}
if domain:
settings["domain"] = domain
if path:
settings["path"] = path
_set_app_settings(app, settings)
with open(os.path.join(APPS_SETTING_PATH, app, "manifest.json"),
"w") as f:
json.dump(
{
"name": app,
"id": app,
"description": {
"en": "Dummy app to test permissions"
},
},
f,
)
permission_create(
permission=permission,
allowed=allowed,
url=url,
additional_urls=additional_urls,
auth_header=auth_header,
label=label,
show_tile=show_tile,
protected=protected,
sync_perm=sync_perm,
)
def migrate_app_permission(app=None):
logger.info(m18n.n("migration_0011_migrate_permission"))
apps = _installed_apps()
if app:
if app not in apps:
logger.error(
"Can't migrate permission for app %s because it ain't installed..."
% app
)
apps = []
else:
apps = [app]
for app in apps:
permission = app_setting(app, "allowed_users")
path = app_setting(app, "path")
domain = app_setting(app, "domain")
url = "/" if domain and path else None
if permission:
known_users = list(user_list()["users"].keys())
allowed = [
user for user in permission.split(",") if user in known_users
]
else:
allowed = ["all_users"]
permission_create(
app + ".main",
url=url,
allowed=allowed,
show_tile=True,
protected=False,
sync_perm=False,
)
app_setting(app, "allowed_users", delete=True)
# Migrate classic public app still using the legacy unprotected_uris
if (
app_setting(app, "unprotected_uris") == "/"
or app_setting(app, "skipped_uris") == "/"
):
user_permission_update(app + ".main", add="visitors", sync_perm=False)
permission_sync_to_user()
def test_permission_create_already_existing(mocker):
with raiseYunohostError(mocker, "permission_already_exist"):
permission_create("wiki.main")
def test_permission_create_with_specific_user():
permission_create("site.test", allowed=["alice"])
res = user_permission_list(full=True)['permissions']
assert "site.test" in res
assert res['site.test']['allowed'] == ["alice"]
def migrate_legacy_permission_settings(app=None):
logger.info(m18n.n("migrating_legacy_permission_settings"))
apps = _installed_apps()
if app:
if app not in apps:
logger.error(
"Can't migrate permission for app %s because it ain't installed..."
% app)
apps = []
else:
apps = [app]
for app in apps:
settings = _get_app_settings(app) or {}
if settings.get("label"):
user_permission_update(app + ".main",
label=settings["label"],
sync_perm=False)
del settings["label"]
def _setting(name):
s = settings.get(name)
return s.split(',') if s else []
skipped_urls = [uri for uri in _setting('skipped_uris') if uri != '/']
skipped_urls += ['re:' + regex for regex in _setting('skipped_regex')]
unprotected_urls = [
uri for uri in _setting('unprotected_uris') if uri != '/'
]
unprotected_urls += [
're:' + regex for regex in _setting('unprotected_regex')
]
protected_urls = [
uri for uri in _setting('protected_uris') if uri != '/'
]
protected_urls += [
're:' + regex for regex in _setting('protected_regex')
]
if skipped_urls != []:
permission_create(app + ".legacy_skipped_uris",
additional_urls=skipped_urls,
auth_header=False,
label=legacy_permission_label(app, "skipped"),
show_tile=False,
allowed='visitors',
protected=True,
sync_perm=False)
if unprotected_urls != []:
permission_create(app + ".legacy_unprotected_uris",
additional_urls=unprotected_urls,
auth_header=True,
label=legacy_permission_label(
app, "unprotected"),
show_tile=False,
allowed='visitors',
protected=True,
sync_perm=False)
if protected_urls != []:
permission_create(app + ".legacy_protected_uris",
additional_urls=protected_urls,
auth_header=True,
label=legacy_permission_label(app, "protected"),
show_tile=False,
allowed=user_permission_list()['permissions'][
app + ".main"]['allowed'],
protected=True,
sync_perm=False)
legacy_permission_settings = [
"skipped_uris", "unprotected_uris", "protected_uris",
"skipped_regex", "unprotected_regex", "protected_regex"
]
for key in legacy_permission_settings:
if key in settings:
del settings[key]
_set_app_settings(app, settings)
permission_sync_to_user()
def test_permission_create_with_specific_user():
permission_create("site.test", allowed=["alice"])
res = user_permission_list(full=True)["permissions"]
assert "site.test" in res
assert res["site.test"]["allowed"] == ["alice"]
