def test_permission_create_extra(mocker): with message(mocker, "permission_created", permission="site.test"): permission_create("site.test") res = user_permission_list(full=True)['permissions'] assert "site.test" in res # all_users is only enabled by default on .main perms assert "all_users" not in res['site.test']['allowed'] assert res['site.test']['corresponding_users'] == [] assert res['site.test']['protected'] is False
def test_permission_create_main(mocker): with message(mocker, "permission_created", permission="site.main"): permission_create("site.main", allowed=["all_users"], protected=False) res = user_permission_list(full=True)['permissions'] assert "site.main" in res assert res['site.main']['allowed'] == ["all_users"] assert set(res['site.main']['corresponding_users']) == set( ["alice", "bob"]) assert res['site.main']['protected'] is False
def _permission_create_with_dummy_app( permission, allowed=None, url=None, additional_urls=None, auth_header=True, label=None, show_tile=False, protected=True, sync_perm=True, domain=None, path=None, ): app = permission.split(".")[0] if app not in _installed_apps(): app_setting_path = os.path.join(APPS_SETTING_PATH, app) if not os.path.exists(app_setting_path): os.makedirs(app_setting_path) settings = {"id": app, "dummy_permission_app": True} if domain: settings["domain"] = domain if path: settings["path"] = path _set_app_settings(app, settings) with open(os.path.join(APPS_SETTING_PATH, app, "manifest.json"), "w") as f: json.dump( { "name": app, "id": app, "description": { "en": "Dummy app to test permissions" }, }, f, ) permission_create( permission=permission, allowed=allowed, url=url, additional_urls=additional_urls, auth_header=auth_header, label=label, show_tile=show_tile, protected=protected, sync_perm=sync_perm, )
def migrate_app_permission(app=None): logger.info(m18n.n("migration_0011_migrate_permission")) apps = _installed_apps() if app: if app not in apps: logger.error( "Can't migrate permission for app %s because it ain't installed..." % app ) apps = [] else: apps = [app] for app in apps: permission = app_setting(app, "allowed_users") path = app_setting(app, "path") domain = app_setting(app, "domain") url = "/" if domain and path else None if permission: known_users = list(user_list()["users"].keys()) allowed = [ user for user in permission.split(",") if user in known_users ] else: allowed = ["all_users"] permission_create( app + ".main", url=url, allowed=allowed, show_tile=True, protected=False, sync_perm=False, ) app_setting(app, "allowed_users", delete=True) # Migrate classic public app still using the legacy unprotected_uris if ( app_setting(app, "unprotected_uris") == "/" or app_setting(app, "skipped_uris") == "/" ): user_permission_update(app + ".main", add="visitors", sync_perm=False) permission_sync_to_user()
def test_permission_create_already_existing(mocker): with raiseYunohostError(mocker, "permission_already_exist"): permission_create("wiki.main")
def test_permission_create_with_specific_user(): permission_create("site.test", allowed=["alice"]) res = user_permission_list(full=True)['permissions'] assert "site.test" in res assert res['site.test']['allowed'] == ["alice"]
def migrate_legacy_permission_settings(app=None): logger.info(m18n.n("migrating_legacy_permission_settings")) apps = _installed_apps() if app: if app not in apps: logger.error( "Can't migrate permission for app %s because it ain't installed..." % app) apps = [] else: apps = [app] for app in apps: settings = _get_app_settings(app) or {} if settings.get("label"): user_permission_update(app + ".main", label=settings["label"], sync_perm=False) del settings["label"] def _setting(name): s = settings.get(name) return s.split(',') if s else [] skipped_urls = [uri for uri in _setting('skipped_uris') if uri != '/'] skipped_urls += ['re:' + regex for regex in _setting('skipped_regex')] unprotected_urls = [ uri for uri in _setting('unprotected_uris') if uri != '/' ] unprotected_urls += [ 're:' + regex for regex in _setting('unprotected_regex') ] protected_urls = [ uri for uri in _setting('protected_uris') if uri != '/' ] protected_urls += [ 're:' + regex for regex in _setting('protected_regex') ] if skipped_urls != []: permission_create(app + ".legacy_skipped_uris", additional_urls=skipped_urls, auth_header=False, label=legacy_permission_label(app, "skipped"), show_tile=False, allowed='visitors', protected=True, sync_perm=False) if unprotected_urls != []: permission_create(app + ".legacy_unprotected_uris", additional_urls=unprotected_urls, auth_header=True, label=legacy_permission_label( app, "unprotected"), show_tile=False, allowed='visitors', protected=True, sync_perm=False) if protected_urls != []: permission_create(app + ".legacy_protected_uris", additional_urls=protected_urls, auth_header=True, label=legacy_permission_label(app, "protected"), show_tile=False, allowed=user_permission_list()['permissions'][ app + ".main"]['allowed'], protected=True, sync_perm=False) legacy_permission_settings = [ "skipped_uris", "unprotected_uris", "protected_uris", "skipped_regex", "unprotected_regex", "protected_regex" ] for key in legacy_permission_settings: if key in settings: del settings[key] _set_app_settings(app, settings) permission_sync_to_user()
def test_permission_create_with_specific_user(): permission_create("site.test", allowed=["alice"]) res = user_permission_list(full=True)["permissions"] assert "site.test" in res assert res["site.test"]["allowed"] == ["alice"]