def can_edit_ticket(self, req, ticket_or_type):
"""Return True if the current user can edit the given ticket or ticket type"""
decision = False
if ticket_or_type and req:
resource = t_type = None
if isinstance(ticket_or_type, AgiloTicket):
resource = ticket_or_type.resource
else:
t_type = ticket_or_type
policy = AgiloPolicy(self.env)
decision = policy.check_ticket_edit(req.authname, resource,
req.perm, t_type=t_type)
return decision
def can_edit_ticket(self, req, ticket_or_type):
"""Return True if the current user can edit the given ticket or ticket type"""
decision = False
if ticket_or_type and req:
resource = t_type = None
if isinstance(ticket_or_type, AgiloTicket):
resource = ticket_or_type.resource
else:
t_type = ticket_or_type
policy = AgiloPolicy(self.env)
decision = policy.check_ticket_edit(req.authname,
resource,
req.perm,
t_type=t_type)
return decision
class BacklogEditPermissionTest(AgiloTestCase):
def setUp(self):
self.super()
self.policy = AgiloPolicy(self.env)
def policy_decision(self, resource=None, username='******'):
perm = PermissionCache(self.env, username)
return self.policy.check_permission(Action.BACKLOG_EDIT, username, resource, perm)
def test_backlog_edit_without_resource_falls_back_to_trac_permissions(self):
self.assert_none(self.policy_decision(resource=None))
self.teh.grant_permission('foo', Action.BACKLOG_EDIT)
self.assert_none(self.policy_decision(resource=None))
def test_product_owner_has_backlog_edit_without_resource_because_they_can_potentially_edit_the_product_backlog(self):
self.teh.grant_permission('foo', Role.PRODUCT_OWNER)
self.assert_true(self.policy_decision(resource=None))
def test_scrum_master_has_backlog_edit_without_resource_because_they_can_potentially_edit_the_sprint_backlog(self):
self.teh.grant_permission('foo', Role.SCRUM_MASTER)
self.assert_true(self.policy_decision(resource=None))
def product_backlog_resource(self):
return Resource(Realm.BACKLOG, Key.PRODUCT_BACKLOG)
def sprint_backlog_resource(self):
return Resource(Realm.BACKLOG, Key.SPRINT_BACKLOG)
def other_backlog_resource(self):
return Resource(Realm.BACKLOG, 'My Own Backlog')
def test_product_owner_can_edit_the_product_backlog(self):
self.teh.grant_permission('foo', Role.PRODUCT_OWNER)
self.assert_none(self.policy_decision(resource=self.sprint_backlog_resource()))
self.assert_true(self.policy_decision(resource=self.product_backlog_resource()))
def test_scrum_master_can_edit_the_sprint_backlog(self):
self.teh.grant_permission('foo', Role.SCRUM_MASTER)
self.assert_none(self.policy_decision(resource=self.product_backlog_resource()))
self.assert_true(self.policy_decision(resource=self.sprint_backlog_resource()))
def test_all_authenticated_users_can_unknown_backlogs(self):
self.teh.grant_permission('foo', Role.SCRUM_MASTER)
other_backlog = self.other_backlog_resource()
self.assert_true(self.policy_decision(resource=other_backlog))
other_backlog = self.policy_decision(resource=self.other_backlog_resource(), username='******')
self.assert_none(other_backlog)
def test_no_endless_loop_if_permission_is_checked_with_string_instead_of_resource(self):
perm = PermissionCache(self.env, 'foo')
perm.has_permission('AGILO_BACKLOG_EDIT', '%s:Sprint Backlog' % Realm.BACKLOG)
class ConfirmCommitmentTest(AgiloTestCase):
def setUp(self):
self.super()
self.policy = AgiloPolicy(self.env)
def username(self):
return 'foo'
def policy_decision(self, resource=None, username=None):
perm = PermissionCache(self.env, username)
return self.policy.check_permission(Action.CONFIRM_COMMITMENT, username
or self.username(), resource, perm)
def test_does_not_care_if_no_resource_given(self):
self.assert_none(self.policy_decision())
def test_does_not_care_for_invalid_sprint_names(self):
self.assert_none(
self.policy_decision(Resource(Realm.SPRINT, 'invalid')))
def test_sprint_must_have_a_team_assigned(self):
sprint = self.teh.create_sprint('ConfirmCommitmentSprint')
self.assert_none(sprint.team)
self.assert_false(self.policy_decision(sprint.resource()))
def test_can_confirm_if_sprint_started_at_most_yesterday(self):
team = self.teh.create_team('A-Team')
almost_a_day_ago = now() - timedelta(hours=23)
sprint = self.teh.create_sprint('Sprint',
start=almost_a_day_ago,
team=team)
self.assert_none(self.policy_decision(sprint.resource()))
def test_can_not_confirm_if_sprint_started_more_than_one_day_ago(self):
self.teh.disable_sprint_date_normalization()
team = self.teh.create_team('A-Team')
two_days_ago = now() - timedelta(days=2)
sprint = self.teh.create_sprint('Sprint',
start=two_days_ago,
team=team)
self.assert_false(self.policy_decision(sprint.resource()))
class ConfirmCommitmentTest(AgiloTestCase):
def setUp(self):
self.super()
self.policy = AgiloPolicy(self.env)
def username(self):
return 'foo'
def policy_decision(self, resource=None, username=None):
perm = PermissionCache(self.env, username)
return self.policy.check_permission(Action.CONFIRM_COMMITMENT, username or self.username(), resource, perm)
def test_does_not_care_if_no_resource_given(self):
self.assert_none(self.policy_decision())
def test_does_not_care_for_invalid_sprint_names(self):
self.assert_none(self.policy_decision(Resource(Realm.SPRINT, 'invalid')))
def test_sprint_must_have_a_team_assigned(self):
sprint = self.teh.create_sprint('ConfirmCommitmentSprint')
self.assert_none(sprint.team)
self.assert_false(self.policy_decision(sprint.resource()))
def test_can_confirm_if_sprint_started_at_most_yesterday(self):
team = self.teh.create_team('A-Team')
almost_a_day_ago = now() - timedelta(hours=23)
sprint = self.teh.create_sprint('Sprint', start=almost_a_day_ago, team=team)
self.assert_none(self.policy_decision(sprint.resource()))
def test_can_not_confirm_if_sprint_started_more_than_one_day_ago(self):
self.teh.disable_sprint_date_normalization()
team = self.teh.create_team('A-Team')
two_days_ago = now() - timedelta(days=2)
sprint = self.teh.create_sprint('Sprint', start=two_days_ago, team=team)
self.assert_false(self.policy_decision(sprint.resource()))
class ContingentPermissionsTest(AgiloTestCase):
def setUp(self):
self.super()
self.policy = AgiloPolicy(self.env)
def username(self):
return 'foo'
def ask_policy(self, action, resource=None, username=None):
perm = PermissionCache(self.env, username)
return self.policy.check_permission(action, username or self.username(), resource, perm)
def assert_permission(self, action, resource=None, username=None):
self.assert_true()
def assert_no_permission(self, action, resource=None, username=None):
self.assert_falsish(self.ask_policy(action, resource, username))
def test_contingent_admin_must_be_able_to_add_time(self):
self.assert_no_permission(Action.CONTINGENT_ADD_TIME)
self.teh.grant_permission(self.username(), Action.CONTINGENT_ADMIN)
self.assert_none(self.ask_policy(Action.CONTINGENT_ADD_TIME))
class ContingentPermissionsTest(AgiloTestCase):
def setUp(self):
self.super()
self.policy = AgiloPolicy(self.env)
def username(self):
return 'foo'
def ask_policy(self, action, resource=None, username=None):
perm = PermissionCache(self.env, username)
return self.policy.check_permission(action, username
or self.username(), resource, perm)
def assert_permission(self, action, resource=None, username=None):
self.assert_true()
def assert_no_permission(self, action, resource=None, username=None):
self.assert_falsish(self.ask_policy(action, resource, username))
def test_contingent_admin_must_be_able_to_add_time(self):
self.assert_no_permission(Action.CONTINGENT_ADD_TIME)
self.teh.grant_permission(self.username(), Action.CONTINGENT_ADMIN)
self.assert_none(self.ask_policy(Action.CONTINGENT_ADD_TIME))
def setUp(self):
self.super()
self.policy = AgiloPolicy(self.env)
def setUp(self):
self.super()
self.policy = AgiloPolicy(self.env)
class BacklogEditPermissionTest(AgiloTestCase):
def setUp(self):
self.super()
self.policy = AgiloPolicy(self.env)
def policy_decision(self, resource=None, username='******'):
perm = PermissionCache(self.env, username)
return self.policy.check_permission(Action.BACKLOG_EDIT, username,
resource, perm)
def test_backlog_edit_without_resource_falls_back_to_trac_permissions(
self):
self.assert_none(self.policy_decision(resource=None))
self.teh.grant_permission('foo', Action.BACKLOG_EDIT)
self.assert_none(self.policy_decision(resource=None))
def test_product_owner_has_backlog_edit_without_resource_because_they_can_potentially_edit_the_product_backlog(
self):
self.teh.grant_permission('foo', Role.PRODUCT_OWNER)
self.assert_true(self.policy_decision(resource=None))
def test_scrum_master_has_backlog_edit_without_resource_because_they_can_potentially_edit_the_sprint_backlog(
self):
self.teh.grant_permission('foo', Role.SCRUM_MASTER)
self.assert_true(self.policy_decision(resource=None))
def product_backlog_resource(self):
return Resource(Realm.BACKLOG, Key.PRODUCT_BACKLOG)
def sprint_backlog_resource(self):
return Resource(Realm.BACKLOG, Key.SPRINT_BACKLOG)
def other_backlog_resource(self):
return Resource(Realm.BACKLOG, 'My Own Backlog')
def test_product_owner_can_edit_the_product_backlog(self):
self.teh.grant_permission('foo', Role.PRODUCT_OWNER)
self.assert_none(
self.policy_decision(resource=self.sprint_backlog_resource()))
self.assert_true(
self.policy_decision(resource=self.product_backlog_resource()))
def test_scrum_master_can_edit_the_sprint_backlog(self):
self.teh.grant_permission('foo', Role.SCRUM_MASTER)
self.assert_none(
self.policy_decision(resource=self.product_backlog_resource()))
self.assert_true(
self.policy_decision(resource=self.sprint_backlog_resource()))
def test_all_authenticated_users_can_unknown_backlogs(self):
self.teh.grant_permission('foo', Role.SCRUM_MASTER)
other_backlog = self.other_backlog_resource()
self.assert_true(self.policy_decision(resource=other_backlog))
other_backlog = self.policy_decision(
resource=self.other_backlog_resource(), username='******')
self.assert_none(other_backlog)
def test_no_endless_loop_if_permission_is_checked_with_string_instead_of_resource(
self):
perm = PermissionCache(self.env, 'foo')
perm.has_permission('AGILO_BACKLOG_EDIT',
'%s:Sprint Backlog' % Realm.BACKLOG)
