Example #1
0
def test_no_root_view_permissions(po_directory, nobody, default, admin, view,
                                  no_permission_sets, no_projects,
                                  project_foo, project_bar):
    """Tests user-accessible projects when there are no permissions set at
    the root.
    """
    ALL_PROJECTS = [project_foo.code, project_bar.code]

    foo_user = UserFactory.create(username='******')
    bar_user = UserFactory.create(username='******')

    # By setting explicit `view` permissions for `foo_user` in `project_foo`,
    # only `foo_user` will be able to access that project
    _require_permission_set(foo_user, project_foo.directory, [view])

    assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS)
    assert items_equal(
        Project.accessible_by_user(foo_user),
        [project_foo.code])
    assert items_equal(Project.accessible_by_user(bar_user), [])
    assert items_equal(Project.accessible_by_user(default), [])
    assert items_equal(Project.accessible_by_user(nobody), [])

    # Now let's allow showing `project_bar` to all registered users, but keep
    # `project_foo` visible only to `foo_user`.
    _require_permission_set(default, project_bar.directory, [view])

    assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(foo_user), ALL_PROJECTS)
    assert items_equal(
        Project.accessible_by_user(bar_user),
        [project_bar.code])
    assert items_equal(Project.accessible_by_user(default), [project_bar.code])
    assert items_equal(Project.accessible_by_user(nobody), [])
Example #2
0
def test_no_root_view_permissions(po_directory, nobody, default, admin, view,
                                  no_permission_sets, no_projects,
                                  project_foo, project_bar):
    """Tests user-accessible projects when there are no permissions set at
    the root.
    """
    ALL_PROJECTS = [project_foo.code, project_bar.code]

    foo_user = UserFactory.create(username='******')
    bar_user = UserFactory.create(username='******')

    # By setting explicit `view` permissions for `foo_user` in `project_foo`,
    # only `foo_user` will be able to access that project
    _require_permission_set(foo_user, project_foo.directory, [view])

    assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS)
    assert items_equal(
        Project.accessible_by_user(foo_user),
        [project_foo.code])
    assert items_equal(Project.accessible_by_user(bar_user), [])
    assert items_equal(Project.accessible_by_user(default), [])
    assert items_equal(Project.accessible_by_user(nobody), [])

    # Now let's allow showing `project_bar` to all registered users, but keep
    # `project_foo` visible only to `foo_user`.
    _require_permission_set(default, project_bar.directory, [view])

    assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(foo_user), ALL_PROJECTS)
    assert items_equal(
        Project.accessible_by_user(bar_user),
        [project_bar.code])
    assert items_equal(Project.accessible_by_user(default), [project_bar.code])
    assert items_equal(Project.accessible_by_user(nobody), [])
Example #3
0
def test_get_tasks_permissions(client, test_name, snapshot_stack,
                               refresh_stats, request, request_users,
                               patch_timezone_now, project0, hide):
    """Tests pending tasks retrieval with restricted permissions."""
    language = 'language0'
    url = '/xhr/tasks/%s/' % language
    user = request_users['user']

    # Disallow `project0` access to `member`
    if user.username == 'member':
        _require_permission_set(user,
                                project0.directory,
                                negative_permissions=[hide])

    # FIXME: stats refreshing boilerplate
    global users_with_stats
    if user not in users_with_stats:
        request.getfixturevalue('refresh_stats')
        users_with_stats.add(user)

    now = aware_datetime(2017, 02, 28, 9, 00)
    patch_timezone_now(now)

    DueDateFactory.create(
        pootle_path='/projects/project0/',
        due_on=now + timedelta(days=8),
    )
    DueDateFactory.create(
        pootle_path='/%s/project0/store0.po' % language,
        due_on=now + timedelta(days=2),
    )
    DueDateFactory.create(
        pootle_path='/%s/project1/store0.po' % language,
        due_on=now + timedelta(days=4),
    )

    with snapshot_stack.push([as_dir(test_name), as_dir(user.username)]):
        if not user.is_anonymous:
            client.force_login(user)
        response = client.get(url)

        with snapshot_stack.push('status_code') as snapshot:
            snapshot.assert_matches(response.status_code)

        with snapshot_stack.push('context') as snapshot:
            snapshot.assert_matches(response.json())
Example #4
0
def test_get_users_with_permission(default, member, translate):
    language = Language.objects.get(code='language0')
    project = Project.objects.get(code='project0')
    User = get_user_model()

    directory = TranslationProject.objects.get(project=project,
                                               language=language).directory

    member.email = "*****@*****.**"
    member.save()
    accounts.utils.verify_user(member)
    _require_permission_set(member, directory, [translate])

    # remove "Can submit translation" permission for default user
    ps = PermissionSet.objects.filter(user=default,
                                      directory=Directory.objects.root)[0]
    ps.positive_permissions.set(
        ps.positive_permissions.exclude(id=translate.id))
    ps.save()
    users = User.objects.get_users_with_permission('translate', project,
                                                   language)
    for user in users:
        assert check_user_permission(user, 'translate', directory)
Example #5
0
def test_get_users_with_permission(default, member, translate):
    language = Language.objects.get(code='language0')
    project = Project.objects.get(code='project0')
    User = get_user_model()

    directory = TranslationProject.objects.get(
        project=project,
        language=language
    ).directory

    member.email = "*****@*****.**"
    member.save()
    accounts.utils.verify_user(member)
    _require_permission_set(member, directory, [translate])

    # remove "Can submit translation" permission for default user
    ps = PermissionSet.objects.filter(user=default,
                                      directory=Directory.objects.root)[0]
    ps.positive_permissions.set(ps.positive_permissions.exclude(id=translate.id))
    ps.save()
    users = User.objects.get_users_with_permission('translate', project, language)
    for user in users:
        assert check_user_permission(user, 'translate', directory)
Example #6
0
def test_root_hide_permissions(po_directory, nobody, default, admin, hide,
                               view, no_permission_sets, no_projects,
                               project_foo, project_bar, root):
    """Tests user-accessible projects when there are `hide` permissions
    set at the root.
    """

    ALL_PROJECTS = [project_foo.code, project_bar.code]

    foo_user = UserFactory.create(username='******')
    bar_user = UserFactory.create(username='******')

    # By default all projects are not accessible
    _require_permission_set(default, root, negative_permissions=[hide])
    _require_permission_set(nobody, root, negative_permissions=[hide])

    assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(default), [])
    assert items_equal(Project.accessible_by_user(nobody), [])
    assert items_equal(Project.accessible_by_user(foo_user), [])
    assert items_equal(Project.accessible_by_user(bar_user), [])

    # Now let's make `project_foo` accessible to `foo_user`.
    _require_permission_set(foo_user, project_foo.directory, [view])

    assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(default), [])
    assert items_equal(Project.accessible_by_user(nobody), [])
    assert items_equal(
        Project.accessible_by_user(foo_user),
        [project_foo.code])
    assert items_equal(Project.accessible_by_user(bar_user), [])

    # Making projects accessible for anonymous users should open the door for
    # everyone
    _require_permission_set(nobody, root, [view])

    assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(default), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(nobody), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(foo_user), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(bar_user), ALL_PROJECTS)
Example #7
0
def test_root_hide_permissions(po_directory, nobody, default, admin, hide,
                               view, no_permission_sets, no_projects,
                               project_foo, project_bar, root):
    """Tests user-accessible projects when there are `hide` permissions
    set at the root.
    """

    ALL_PROJECTS = [project_foo.code, project_bar.code]

    foo_user = UserFactory.create(username='******')
    bar_user = UserFactory.create(username='******')

    # By default all projects are not accessible
    _require_permission_set(default, root, negative_permissions=[hide])
    _require_permission_set(nobody, root, negative_permissions=[hide])

    assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(default), [])
    assert items_equal(Project.accessible_by_user(nobody), [])
    assert items_equal(Project.accessible_by_user(foo_user), [])
    assert items_equal(Project.accessible_by_user(bar_user), [])

    # Now let's make `project_foo` accessible to `foo_user`.
    _require_permission_set(foo_user, project_foo.directory, [view])

    assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(default), [])
    assert items_equal(Project.accessible_by_user(nobody), [])
    assert items_equal(
        Project.accessible_by_user(foo_user),
        [project_foo.code])
    assert items_equal(Project.accessible_by_user(bar_user), [])

    # Making projects accessible for anonymous users should open the door for
    # everyone
    _require_permission_set(nobody, root, [view])

    assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(default), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(nobody), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(foo_user), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(bar_user), ALL_PROJECTS)
Example #8
0
def test_root_view_permissions(po_directory, nobody, default, admin, view,
                               no_projects, no_permission_sets,
                               project_foo, project_bar, root):
    """Tests user-accessible projects with view permissions at the root."""
    ALL_PROJECTS = [project_foo.code, project_bar.code]

    foo_user = UserFactory.create(username='******')
    bar_user = UserFactory.create(username='******')

    # We'll only give `bar_user` access to all projects server-wide
    _require_permission_set(bar_user, root, [view])

    assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(bar_user), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(foo_user), [])
    assert items_equal(Project.accessible_by_user(default), [])
    assert items_equal(Project.accessible_by_user(nobody), [])

    # Now we'll also allow `foo_user` access `project_foo`
    _require_permission_set(foo_user, project_foo.directory, [view])

    assert items_equal(
        Project.accessible_by_user(foo_user),
        [project_foo.code])

    # Let's change server-wide defaults: all registered users have access to
    # all projects. `foo_user`, albeit having explicit access for
    # `project_foo`, will be able to access any project because they fall back
    # and extend with the defaults.
    _require_permission_set(default, root, [view])

    assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(foo_user), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(bar_user), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(default), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(nobody), [])

    # Let's give anonymous users access to all projects too
    _require_permission_set(nobody, root, [view])

    assert items_equal(Project.accessible_by_user(nobody), ALL_PROJECTS)
Example #9
0
def test_root_view_permissions(po_directory, nobody, default, admin, view,
                               no_projects, no_permission_sets,
                               project_foo, project_bar, root):
    """Tests user-accessible projects with view permissions at the root."""
    ALL_PROJECTS = [project_foo.code, project_bar.code]

    foo_user = UserFactory.create(username='******')
    bar_user = UserFactory.create(username='******')

    # We'll only give `bar_user` access to all projects server-wide
    _require_permission_set(bar_user, root, [view])

    assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(bar_user), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(foo_user), [])
    assert items_equal(Project.accessible_by_user(default), [])
    assert items_equal(Project.accessible_by_user(nobody), [])

    # Now we'll also allow `foo_user` access `project_foo`
    _require_permission_set(foo_user, project_foo.directory, [view])

    assert items_equal(
        Project.accessible_by_user(foo_user),
        [project_foo.code])

    # Let's change server-wide defaults: all registered users have access to
    # all projects. `foo_user`, albeit having explicit access for
    # `project_foo`, will be able to access any project because they fall back
    # and extend with the defaults.
    _require_permission_set(default, root, [view])

    assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(foo_user), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(bar_user), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(default), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(nobody), [])

    # Let's give anonymous users access to all projects too
    _require_permission_set(nobody, root, [view])

    assert items_equal(Project.accessible_by_user(nobody), ALL_PROJECTS)
Example #10
0
def test_no_root_hide_permissions(po_directory, nobody, default, admin, hide,
                                  view, no_projects, no_permission_sets,
                                  project_foo, project_bar, root):
    """Tests user-accessible projects when there are no `hide` permissions
    set at the root.
    """

    ALL_PROJECTS = [project_foo.code, project_bar.code]

    foo_user = UserFactory.create(username='******')
    bar_user = UserFactory.create(username='******')

    # By default everyone has access to projects
    _require_permission_set(default, root, [view])
    _require_permission_set(nobody, root, [view])

    # At the same time, `project_foo` is inaccessible registered users...
    _require_permission_set(default, project_foo.directory,
                            negative_permissions=[hide])

    assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(default), [project_bar.code])
    assert items_equal(Project.accessible_by_user(nobody), [project_bar.code])
    assert items_equal(
        Project.accessible_by_user(foo_user),
        [project_bar.code])
    assert items_equal(
        Project.accessible_by_user(bar_user),
        [project_bar.code])

    # ...and anonymous users as well
    _require_permission_set(nobody, project_foo.directory,
                            negative_permissions=[hide])

    assert items_equal(Project.accessible_by_user(nobody), [project_bar.code])

    # Let's make `project_foo` accessible for `foo_user`
    _require_permission_set(foo_user, project_foo.directory, [view])

    assert items_equal(Project.accessible_by_user(foo_user), ALL_PROJECTS)

    # `project_bar` is now inaccessible for anonymous users
    _require_permission_set(nobody, project_bar.directory,
                            negative_permissions=[hide])

    assert items_equal(Project.accessible_by_user(nobody), [])
Example #11
0
def test_no_root_hide_permissions(po_directory, nobody, default, admin, hide,
                                  view, no_projects, no_permission_sets,
                                  project_foo, project_bar, root):
    """Tests user-accessible projects when there are no `hide` permissions
    set at the root.
    """

    ALL_PROJECTS = [project_foo.code, project_bar.code]

    foo_user = UserFactory.create(username='******')
    bar_user = UserFactory.create(username='******')

    # By default everyone has access to projects
    _require_permission_set(default, root, [view])
    _require_permission_set(nobody, root, [view])

    # At the same time, `project_foo` is inaccessible registered users...
    _require_permission_set(default, project_foo.directory,
                            negative_permissions=[hide])

    assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS)
    assert items_equal(Project.accessible_by_user(default), [project_bar.code])
    assert items_equal(Project.accessible_by_user(nobody), [project_bar.code])
    assert items_equal(
        Project.accessible_by_user(foo_user),
        [project_bar.code])
    assert items_equal(
        Project.accessible_by_user(bar_user),
        [project_bar.code])

    # ...and anonymous users as well
    _require_permission_set(nobody, project_foo.directory,
                            negative_permissions=[hide])

    assert items_equal(Project.accessible_by_user(nobody), [project_bar.code])

    # Let's make `project_foo` accessible for `foo_user`
    _require_permission_set(foo_user, project_foo.directory, [view])

    assert items_equal(Project.accessible_by_user(foo_user), ALL_PROJECTS)

    # `project_bar` is now inaccessible for anonymous users
    _require_permission_set(nobody, project_bar.directory,
                            negative_permissions=[hide])

    assert items_equal(Project.accessible_by_user(nobody), [])