def test_allowed_jobs(self): """Test allowed_jobs_for_user.""" result = external_users.allowed_jobs_for_user('*****@*****.**') self.assertEqual(['job'], result) result = external_users.allowed_jobs_for_user('*****@*****.**') self.assertEqual(['job', 'job2', 'job3'], result) result = external_users.allowed_jobs_for_user('*****@*****.**') self.assertEqual(['job2'], result) result = external_users.allowed_jobs_for_user('*****@*****.**') self.assertEqual([], result)
def test_allowed_jobs(self): """Test allowed_jobs_for_user.""" result = external_users.allowed_jobs_for_user("*****@*****.**") self.assertEqual(["job"], result) result = external_users.allowed_jobs_for_user("*****@*****.**") self.assertEqual(["job", "job2", "job3"], result) result = external_users.allowed_jobs_for_user("*****@*****.**") self.assertEqual(["job2"], result) result = external_users.allowed_jobs_for_user("*****@*****.**") self.assertEqual([], result)
def get(self): """Handle a GET request.""" # Create a list of externally contributed fuzzers. user_email = helpers.get_user_email() if access.has_access(): # User is an internal user of ClusterFuzz (eg: ClusterFuzz developer). fuzzers_list = ( data_handler.get_all_fuzzer_names_including_children( include_parents=True)) jobs_list = data_handler.get_all_job_type_names() else: # User is an external user of ClusterFuzz (eg: non-Chrome dev who # submitted a fuzzer or someone with a project in OSS-Fuzz). fuzzers_list = external_users.allowed_fuzzers_for_user( user_email, include_from_jobs=True, include_parents=True) if not fuzzers_list: # User doesn't actually have access to any fuzzers. raise helpers.AccessDeniedException() jobs_list = external_users.allowed_jobs_for_user(user_email) fuzzers_list.sort() jobs_list.sort() result = { 'info': { 'fuzzers': fuzzers_list, 'jobs': jobs_list, } } self.render('fuzzer-stats.html', result)
def get(self): """Handles get request.""" email = helpers.get_user_email() if not email: raise helpers.AccessDeniedException() is_privileged_or_domain_user = access.has_access( need_privileged_access=False) if is_privileged_or_domain_user or _is_uploader_allowed(email): # Privileged, domain and upload users can see all job and fuzzer names. allowed_jobs = data_handler.get_all_job_type_names() allowed_fuzzers = data_handler.get_all_fuzzer_names_including_children( include_parents=True) else: # Check if this is an external user with access to certain fuzzers/jobs. allowed_jobs = external_users.allowed_jobs_for_user(email) allowed_fuzzers = external_users.allowed_fuzzers_for_user( email, include_from_jobs=True) if not allowed_fuzzers and not allowed_jobs: raise helpers.AccessDeniedException() has_issue_tracker = bool(data_handler.get_issue_tracker_name()) result, params = get_result() return self.render( 'upload.html', { 'fieldValues': { 'blackboxFuzzers': filter_blackbox_fuzzers(allowed_fuzzers), 'jobs': allowed_jobs, 'libfuzzerTargets': filter_target_names(allowed_fuzzers, 'libFuzzer'), 'aflTargets': filter_target_names(allowed_fuzzers, 'afl'), 'honggfuzzTargets': filter_target_names(allowed_fuzzers, 'honggfuzz'), 'isChromium': utils.is_chromium(), 'sandboxedJobs': data_types.INTERNAL_SANDBOXED_JOB_TYPES, 'csrfToken': form.generate_csrf_token(), 'isExternalUser': not is_privileged_or_domain_user, 'uploadInfo': gcs.prepare_blob_upload()._asdict(), 'hasIssueTracker': has_issue_tracker, }, 'params': params, 'result': result })
def get(self): """Handles get request.""" email = helpers.get_user_email() if not email: raise helpers.AccessDeniedException() is_privileged_or_domain_user = access.has_access( need_privileged_access=False) if is_privileged_or_domain_user or _is_uploader_allowed(email): # Privileged, domain and upload users can see all job and fuzzer names. allowed_jobs = data_handler.get_all_job_type_names() allowed_fuzzers = data_handler.get_all_fuzzer_names_including_children( include_parents=True) else: # Check if this is an external user with access to certain fuzzers/jobs. allowed_jobs = external_users.allowed_jobs_for_user(email) allowed_fuzzers = external_users.allowed_fuzzers_for_user( email, include_from_jobs=True) if not allowed_fuzzers and not allowed_jobs: raise helpers.AccessDeniedException() has_issue_tracker = bool(data_handler.get_issue_tracker_name()) result, params = get_result(self) self.render( "upload.html", { "fieldValues": { "jobs": allowed_jobs, "libfuzzerTargets": filter_target_names(allowed_fuzzers, "libFuzzer"), "aflTargets": filter_target_names(allowed_fuzzers, "afl"), "isChromium": utils.is_chromium(), "sandboxedJobs": data_types.INTERNAL_SANDBOXED_JOB_TYPES, "csrfToken": form.generate_csrf_token(), "isExternalUser": not is_privileged_or_domain_user, "uploadInfo": gcs.prepare_blob_upload()._asdict(), "hasIssueTracker": has_issue_tracker, }, "params": params, "result": result, }, )
def _check_user_access_and_get_job_filter(self, fuzzer, job): """Check whether the current user has access to stats for the fuzzer or job. Returns a job filter that should be applied to the query.""" access_by_fuzzer_or_job = access.has_access(fuzzer_name=fuzzer, job_type=job) if access_by_fuzzer_or_job: # User has full access to the fuzzer, or the specified job. # None means no filters => all jobs. return _get_filter_from_job(job) if not job: # Job not specified and user doesn't have full access to the fuzzer. Check # if the user has any allowed jobs and use that as a filter. allowed_jobs = external_users.allowed_jobs_for_user( helpers.get_user_email()) if allowed_jobs: return allowed_jobs raise helpers.AccessDeniedException()
def get(self): """Handle a GET request.""" project = request.get('project') if access.has_access(): # User is an internal user of ClusterFuzz (eg: ClusterFuzz developer). # Show all projects in the list, since this allows user to pick another # project as needed. projects_list = data_handler.get_all_project_names() # Filter fuzzers and job list if a project is provided. fuzzers_list = ( data_handler.get_all_fuzzer_names_including_children( include_parents=True, project=project)) jobs_list = data_handler.get_all_job_type_names(project=project) else: # User is an external user of ClusterFuzz (eg: non-Chrome dev who # submitted a fuzzer or someone with a project in OSS-Fuzz). user_email = helpers.get_user_email() # TODO(aarya): Filter fuzzer and job if |project| is provided. fuzzers_list = sorted( external_users.allowed_fuzzers_for_user(user_email, include_from_jobs=True, include_parents=True)) if not fuzzers_list: # User doesn't actually have access to any fuzzers. raise helpers.AccessDeniedException( "You don't have access to any fuzzers.") jobs_list = sorted( external_users.allowed_jobs_for_user(user_email)) projects_list = sorted( {data_handler.get_project_name(job) for job in jobs_list}) result = { 'projects': projects_list, 'fuzzers': fuzzers_list, 'jobs': jobs_list, } return self.render_json(result)
def get_results(): """Return results.""" is_user = access.has_access() user_email = helpers.get_user_email() external_jobs = external_users.allowed_jobs_for_user(user_email) is_external_user = not is_user and external_jobs if not is_user and not is_external_user: raise helpers.AccessDeniedException() if is_user: projects = _get_all_project_results() else: projects = _get_project_results_for_external_user(external_jobs) results = { 'info': { 'projects': projects, 'is_internal_user': is_user, }, } return results