def _test_team_assigned_to_bug(self, private=True):
# Users can see teams assigned to bugs.
bug_owner = self.factory.makePerson()
product = self.factory.makeProduct(owner=bug_owner)
if private:
information_type = InformationType.USERDATA
else:
information_type = InformationType.PUBLIC
bug = self.factory.makeBug(owner=bug_owner,
target=product,
information_type=information_type)
# Initially no visibility.
some_person = self.factory.makePerson()
self._check_permission(some_person, False)
clear_cache()
# Assign the private team to a bugtask.
login_person(bug_owner)
bug.default_bugtask.transitionToAssignee(self.priv_team)
# All users can see public bugs, so in that case, the team is
# now visible, else team is still not visible.
some_person = self.factory.makePerson()
self._check_permission(some_person, not private)
# Subscribe the user to the bug.
login_person(bug_owner)
bug.subscribe(some_person, bug_owner)
# The team is now visible.
self._check_permission(some_person, True)
def _test_team_assigned_to_bug(self, private=True):
# Users can see teams assigned to bugs.
bug_owner = self.factory.makePerson()
product = self.factory.makeProduct(owner=bug_owner)
if private:
information_type = InformationType.USERDATA
else:
information_type = InformationType.PUBLIC
bug = self.factory.makeBug(
owner=bug_owner, target=product,
information_type=information_type)
# Initially no visibility.
some_person = self.factory.makePerson()
self._check_permission(some_person, False)
clear_cache()
# Assign the private team to a bugtask.
login_person(bug_owner)
bug.default_bugtask.transitionToAssignee(self.priv_team)
# All users can see public bugs, so in that case, the team is
# now visible, else team is still not visible.
some_person = self.factory.makePerson()
self._check_permission(some_person, not private)
# Subscribe the user to the bug.
login_person(bug_owner)
bug.subscribe(some_person, bug_owner)
# The team is now visible.
self._check_permission(some_person, True)
def test_query_count(self):
# The function issues a constant number of queries regardless of
# team count.
login_person(self.user)
context = self.factory.makeProduct(owner=self.user)
self._setup_teams(self.user)
IStore(Person).invalidate()
clear_cache()
with StormStatementRecorder() as recorder:
expose_user_administered_teams_to_js(
self.request, self.user, context,
absoluteURL=fake_absoluteURL)
self.assertThat(recorder, HasQueryCount(Equals(4)))
# Create some new public teams owned by the user, and a private
# team administered by the user.
for i in range(3):
self.factory.makeTeam(owner=self.user)
pt = self.factory.makeTeam(
visibility=PersonVisibility.PRIVATE, members=[self.user])
with person_logged_in(pt.teamowner):
pt.addMember(
self.user, pt.teamowner, status=TeamMembershipStatus.ADMIN)
IStore(Person).invalidate()
clear_cache()
del IJSONRequestCache(self.request).objects['administratedTeams']
with StormStatementRecorder() as recorder:
expose_user_administered_teams_to_js(
self.request, self.user, context,
absoluteURL=fake_absoluteURL)
self.assertThat(recorder, HasQueryCount(Equals(4)))
def testRejectPermission(self):
"""Test the reject() access control.
Only an answer contacts and administrator can reject a question.
"""
login(ANONYMOUS)
self.assertRaises(Unauthorized, getattr, self.question, 'reject')
login_person(self.owner)
self.assertRaises(Unauthorized, getattr, self.question, 'reject')
login_person(self.answerer)
self.assertRaises(Unauthorized, getattr, self.question, 'reject')
# Answer contacts must speak a language
self.answerer.addLanguage(getUtility(ILanguageSet)['en'])
self.question.target.addAnswerContact(self.answerer, self.answerer)
# clear authorization cache for check_permission
clear_cache()
self.assertTrue(
getattr(self.question, 'reject'),
"Answer contact cannot reject question.")
login_person(self.admin)
self.assertTrue(
getattr(self.question, 'reject'),
"Admin cannot reject question.")
def _make_formatter(self, cache_permission=False):
# Helper to create the formatter and optionally cache the permission.
formatter = getAdapter(self.team, IPathAdapter, 'fmt')
clear_cache()
request = LaunchpadTestRequest()
any_person = self.factory.makePerson()
if cache_permission:
login_person(any_person, request)
precache_permission_for_objects(
request, 'launchpad.LimitedView', [self.team])
return formatter, request, any_person
def test_visible_to_owner(self):
# The owners of a branch always have visibility of their own branches.
owner = self.factory.makePerson()
branch = self.factory.makeBranch(
owner=owner, information_type=InformationType.USERDATA)
naked_branch = removeSecurityProxy(branch)
clear_cache() # Clear authorization cache for check_permission.
access = AccessBranch(naked_branch)
self.assertFalse(access.checkUnauthenticated())
self.assertTrue(access.checkAuthenticated(IPersonRoles(owner)))
self.assertFalse(check_permission('launchpad.View', branch))
def test_visible_to_owner(self):
# The owners of a branch always have visibility of their own branches.
owner = self.factory.makePerson()
branch = self.factory.makeBranch(
owner=owner, information_type=InformationType.USERDATA)
naked_branch = removeSecurityProxy(branch)
clear_cache() # Clear authorization cache for check_permission.
access = AccessBranch(naked_branch)
self.assertFalse(access.checkUnauthenticated())
self.assertTrue(
access.checkAuthenticated(IPersonRoles(owner)))
self.assertFalse(check_permission('launchpad.View', branch))
def _check_permission(self, user, visible):
login_person(user)
self.assertEqual(
visible,
check_permission('launchpad.LimitedView', self.priv_team))
clear_cache()
def _check_permission(self, user, visible):
login_person(user)
self.assertEqual(
visible, check_permission('launchpad.LimitedView', self.priv_team))
clear_cache()
