def getprops(self):
return {
'string': hyperdb.String(),
'number': hyperdb.Number(),
'boolean': hyperdb.Boolean(),
'password': hyperdb.Password(),
'date': hyperdb.Date(),
'interval': hyperdb.Interval(),
'link': hyperdb.Link('test'),
'link2': hyperdb.Link('test2'),
'multilink': hyperdb.Multilink('test'),
'multilink2': hyperdb.Multilink('test2'),
}
def setUp(self):
ActionTestCase.setUp(self)
self.result = []
self.new_id = 16
class AppendResult:
def __init__(inner_self, name):
inner_self.name = name
def __call__(inner_self, *args, **kw):
self.result.append((inner_self.name, args, kw))
if inner_self.name == 'set':
return kw
self.new_id += 1
return str(self.new_id)
self.client.db.security.hasPermission = true
self.client.classname = 'issue'
self.client.base = 'http://tracker/'
self.client.nodeid = '4711'
self.client.template = 'item'
self.client.db.classes.create = AppendResult('create')
self.client.db.classes.set = AppendResult('set')
self.client.db.classes.getprops = lambda: \
({'messages':hyperdb.Multilink('msg')
,'content':hyperdb.String()
,'files':hyperdb.Multilink('file')
,'msg':hyperdb.Link('msg')
})
self.action = EditItemAction(self.client)
def setUp(self):
self.dirname = '_test_cgi_form'
# set up and open a tracker
self.instance = db_test_base.setupTracker(self.dirname)
# open the database
self.db = self.instance.open('admin')
self.db.tx_Source = "web"
self.db.user.create(username='******',
address='*****@*****.**',
realname='Bork, Chef',
roles='User')
self.db.user.create(username='******',
address='*****@*****.**',
roles='User',
realname='Contrary, Mary')
self.db.issue.addprop(tx_Source=hyperdb.String())
self.db.msg.addprop(tx_Source=hyperdb.String())
self.db.post_init()
vars = {}
thisdir = os.path.dirname(__file__)
execfile(os.path.join(thisdir, "tx_Source_detector.py"), vars)
vars['init'](self.db)
test = self.instance.backend.Class(self.db,
"test",
string=hyperdb.String(),
number=hyperdb.Number(),
boolean=hyperdb.Boolean(),
link=hyperdb.Link('test'),
multilink=hyperdb.Multilink('test'),
date=hyperdb.Date(),
messages=hyperdb.Multilink('msg'),
interval=hyperdb.Interval())
# compile the labels re
classes = '|'.join(self.db.classes.keys())
self.FV_SPECIAL = re.compile(FormParser.FV_LABELS % classes,
re.VERBOSE)
def setUp(self):
self.dirname = '_test_cgi_form'
# set up and open a tracker
self.instance = db_test_base.setupTracker(self.dirname)
# open the database
self.db = self.instance.open('admin')
self.db.user.create(username='******', address='*****@*****.**',
realname='Bork, Chef', roles='User')
self.db.user.create(username='******', address='*****@*****.**',
roles='User', realname='Contrary, Mary')
test = self.instance.backend.Class(self.db, "test",
string=hyperdb.String(), number=hyperdb.Number(),
boolean=hyperdb.Boolean(), link=hyperdb.Link('test'),
multilink=hyperdb.Multilink('test'), date=hyperdb.Date(),
interval=hyperdb.Interval())
# compile the labels re
classes = '|'.join(self.db.classes.keys())
self.FV_SPECIAL = re.compile(FormParser.FV_LABELS%classes,
re.VERBOSE)
def testSearchPermission(self):
# this checks if we properly check for search permissions
self.db.security.permissions = {}
self.db.security.addRole(name='User')
self.db.security.addRole(name='Project')
self.db.security.addPermissionToRole('User', 'Web Access')
self.db.security.addPermissionToRole('Project', 'Web Access')
# Allow viewing department
p = self.db.security.addPermission(name='View', klass='department')
self.db.security.addPermissionToRole('User', p)
# Allow viewing interesting things (but not department) on iss
# But users might only view issues where they are on nosy
# (so in the real world the check method would be better)
p = self.db.security.addPermission(name='View',
klass='iss',
properties=("title", "status"),
check=lambda x, y, z: True)
self.db.security.addPermissionToRole('User', p)
# Allow all relevant roles access to stat
p = self.db.security.addPermission(name='View', klass='stat')
self.db.security.addPermissionToRole('User', p)
self.db.security.addPermissionToRole('Project', p)
# Allow role "Project" access to whole iss
p = self.db.security.addPermission(name='View', klass='iss')
self.db.security.addPermissionToRole('Project', p)
department = self.instance.backend.Class(self.db,
"department",
name=hyperdb.String())
status = self.instance.backend.Class(self.db,
"stat",
name=hyperdb.String())
issue = self.instance.backend.Class(
self.db,
"iss",
title=hyperdb.String(),
status=hyperdb.Link('stat'),
department=hyperdb.Link('department'))
d1 = department.create(name='d1')
d2 = department.create(name='d2')
open = status.create(name='open')
closed = status.create(name='closed')
issue.create(title='i1', status=open, department=d2)
issue.create(title='i2', status=open, department=d1)
issue.create(title='i2', status=closed, department=d1)
chef = self.db.user.lookup('Chef')
mary = self.db.user.lookup('mary')
self.db.user.set(chef, roles='User, Project')
perm = self.db.security.hasPermission
search = self.db.security.hasSearchPermission
self.assert_(perm('View', chef, 'iss', 'department', '1'))
self.assert_(perm('View', chef, 'iss', 'department', '2'))
self.assert_(perm('View', chef, 'iss', 'department', '3'))
self.assert_(search(chef, 'iss', 'department'))
self.assert_(not perm('View', mary, 'iss', 'department'))
self.assert_(perm('View', mary, 'iss', 'status'))
# Conditionally allow view of whole iss (check is False here,
# this might check for department owner in the real world)
p = self.db.security.addPermission(name='View',
klass='iss',
check=lambda x, y, z: False)
self.db.security.addPermissionToRole('User', p)
self.assert_(perm('View', mary, 'iss', 'department'))
self.assert_(not perm('View', mary, 'iss', 'department', '1'))
self.assert_(not search(mary, 'iss', 'department'))
self.assert_(perm('View', mary, 'iss', 'status'))
self.assert_(not search(mary, 'iss', 'status'))
# Allow user to search for iss.status
p = self.db.security.addPermission(name='Search',
klass='iss',
properties=("status", ))
self.db.security.addPermissionToRole('User', p)
self.assert_(search(mary, 'iss', 'status'))
dep = {
'@action': 'search',
'columns': 'id',
'@filter': 'department',
'department': '1'
}
stat = {
'@action': 'search',
'columns': 'id',
'@filter': 'status',
'status': '1'
}
depsort = {'@action': 'search', 'columns': 'id', '@sort': 'department'}
depgrp = {'@action': 'search', 'columns': 'id', '@group': 'department'}
# Filter on department ignored for role 'User':
cl = self._make_client(dep,
classname='iss',
nodeid=None,
userid=mary,
template='index')
h = HTMLRequest(cl)
self.assertEqual([x.id for x in h.batch()], ['1', '2', '3'])
# Filter on department works for role 'Project':
cl = self._make_client(dep,
classname='iss',
nodeid=None,
userid=chef,
template='index')
h = HTMLRequest(cl)
self.assertEqual([x.id for x in h.batch()], ['2', '3'])
# Filter on status works for all:
cl = self._make_client(stat,
classname='iss',
nodeid=None,
userid=mary,
template='index')
h = HTMLRequest(cl)
self.assertEqual([x.id for x in h.batch()], ['1', '2'])
cl = self._make_client(stat,
classname='iss',
nodeid=None,
userid=chef,
template='index')
h = HTMLRequest(cl)
self.assertEqual([x.id for x in h.batch()], ['1', '2'])
# Sorting and grouping for class Project works:
cl = self._make_client(depsort,
classname='iss',
nodeid=None,
userid=chef,
template='index')
h = HTMLRequest(cl)
self.assertEqual([x.id for x in h.batch()], ['2', '3', '1'])
cl = self._make_client(depgrp,
classname='iss',
nodeid=None,
userid=chef,
template='index')
h = HTMLRequest(cl)
self.assertEqual([x.id for x in h.batch()], ['2', '3', '1'])
# Sorting and grouping for class User fails:
cl = self._make_client(depsort,
classname='iss',
nodeid=None,
userid=mary,
template='index')
h = HTMLRequest(cl)
self.assertEqual([x.id for x in h.batch()], ['1', '2', '3'])
cl = self._make_client(depgrp,
classname='iss',
nodeid=None,
userid=mary,
template='index')
h = HTMLRequest(cl)
self.assertEqual([x.id for x in h.batch()], ['1', '2', '3'])