def test_refuse_if_missing_permission(self): remove_perm_from_user(self.tester, self.permission) response = self.client.get(self.group_properties_url, {'action': 'edit', 'id': self.property.pk}) self.assertJSONEqual( str(response.content, encoding=settings.DEFAULT_CHARSET), {'rc': 1, 'response': 'Permission denied'})
def test_missing_permission_when_deleting_and_no_permission(self): remove_perm_from_user(self.tester, self.permission) response = self.client.get(self.group_delete_url, {'action': 'del', 'id': self.group_nitrate.pk}) self.assertJSONEqual( str(response.content, encoding=settings.DEFAULT_CHARSET), {'rc': 1, 'response': 'Permission denied.'})
def test_missing_permission(self): remove_perm_from_user(self.tester, self.permission) response = self.client.get(self.group_add_url, {'action': 'add', 'name': self.new_group_name}) self.assertEqual({'rc': 1, 'response': 'Permission denied.'}, json_loads(response.content))
def test_update_selected_case_runs_without_permissions(self): self.execution_1.case.text = "Scenario Version 3" self.execution_1.case.save() remove_perm_from_user(self.tester, 'testruns.change_testexecution') self.client.login( # nosec:B106:hardcoded_password_funcarg username=self.tester.username, password='******') self.assertNotEqual(self.execution_1.case.history.latest().history_id, self.execution_1.case_text_version) response = self.client.post(self.update_url, {'pk': [self.execution_1.pk]}, follow=True) self.assertRedirects( response, reverse('tcms-login') + '?next=' + self.update_url) self.execution_1.refresh_from_db() self.assertNotEqual( self.execution_1.case.get_text_with_version( self.execution_1.case_text_version), "Scenario Version 3") self.assertNotEqual(self.execution_1.case.history.latest().history_id, self.execution_1.case_text_version)
def test_remove_tag_without_permissions(self): unauthorized_user = UserFactory() unauthorized_user.set_password("api-testing") unauthorized_user.save() unauthorized_user.user_permissions.add(*Permission.objects.all()) remove_perm_from_user(unauthorized_user, "testcases.delete_testcasetag") rpc_client = xmlrpc.TCMSXmlrpc( unauthorized_user.username, "api-testing", f"{self.live_server_url}/xml-rpc/", ).server with self.assertRaisesRegex(ProtocolError, "403 Forbidden"): rpc_client.TestCase.remove_tag(self.testcase.pk, self.tag0.name) # tags were not modified tag_exists = TestCase.objects.filter(pk=self.testcase.pk, tag__pk=self.tag0.pk).exists() self.assertTrue(tag_exists) tag_exists = TestCase.objects.filter(pk=self.testcase.pk, tag__pk=self.tag1.pk).exists() self.assertFalse(tag_exists)
def test_should_not_be_able_use_cc_when_user_has_no_pemissions(self): remove_perm_from_user(self.tester, 'testruns.change_testrun') self.assertRedirects( self.client.get(self.cc_url), reverse('tcms-login') + '?next=%s' % self.cc_url )
def test_get_status_options_without_permission(self): remove_perm_from_user(self.tester, 'testruns.change_testexecution') response = self.client.get(self.url) self.assertEqual(HTTPStatus.OK, response.status_code) for _tcrs in TestExecutionStatus.objects.all(): self.assertNotContains(response, self.status_menu_html, html=True)
def test_post_with_no_perm_redirects_to_login(self): remove_perm_from_user(self.user, self.add_testplan_permission) response = self.client.post(self.location, self.request, follow=True) self.assertRedirects(response, reverse('tcms-login') + '?next=' + self.location)
def test_clone_a_run_without_permissions(self): remove_perm_from_user(self.tester, 'testruns.add_testrun') self.client.login( # nosec:B106:hardcoded_password_funcarg username=self.tester.username, password='******') new_summary = 'Clone {} - {}'.format(self.test_run.pk, self.test_run.summary) clone_data = { 'summary': new_summary, 'from_plan': self.plan.pk, 'product_id': self.test_run.plan.product_id, 'do': 'clone_run', 'POSTING_TO_CREATE': 'YES', 'product': self.test_run.plan.product_id, 'product_version': self.test_run.product_version.pk, 'build': self.test_run.build.pk, 'errata_id': '', 'manager': self.test_run.manager.email, 'default_tester': self.test_run.default_tester.email, 'notes': '', 'case': [self.execution_1.case.pk, self.execution_2.case.pk], 'execution_id': [self.execution_1.pk, self.execution_2.pk], } url = reverse('testruns-new') response = self.client.post(url, clone_data) self.assertRedirects(response, reverse('tcms-login') + '?next=' + url)
def test_refuse_if_missing_permission(self): remove_perm_from_user(self.tester, self.permission) self.client.login(username=self.tester.username, password='******') response = self.client.get(self.group_properties_url, {'action': 'modify', 'id': self.property_os.pk}) self.assertContains(response, 'Permission denied')
def test_refuse_if_missing_permission(self): remove_perm_from_user(self.tester, self.permission) self.client.login(username=self.tester.username, password='******') response = self.client.get(self.group_properties_url, {'action': 'edit', 'id': self.property.pk}) self.assertEqual({'rc': 1, 'response': 'Permission denied'}, json_loads(response.content))
def test_missing_permission(self): remove_perm_from_user(self.tester, self.permission) response = self.client.get(self.group_add_url, {'action': 'add', 'name': self.new_group_name}) self.assertJSONEqual( str(response.content, encoding=settings.DEFAULT_CHARSET), {'rc': 1, 'response': 'Permission denied.'})
def test_refuse_if_missing_permission(self): remove_perm_from_user(self.tester, self.permission) self.client.login(username=self.tester.username, password='******') response = self.client.get(self.group_properties_url, {'action': 'add'}) self.assertJSONEqual( str(response.content, encoding=settings.DEFAULT_CHARSET), {'rc': 1, 'response': 'Permission denied'})
def test_user_without_permission_should_not_be_able_to_clone_a_case(self): remove_perm_from_user(self.tester, 'testcases.add_testcase') base_url = reverse('tcms-login') + '?next=' expected = base_url + reverse('testcases-clone') + "?case=%d" % self.case_1.pk response = self.client.get(self.clone_url, {'case': [self.case_1.pk, ]}) self.assertRedirects( response, expected )
def test_create_test_case_without_permissions(self): remove_perm_from_user(self.tester, 'testcases.add_testcase') response = self.client.post(self.new_case_url, self.data) redirect_url = "{0}?next={1}".format(reverse('tcms-login'), reverse('testcases-new')) self.assertRedirects(response, redirect_url) # assert test case has not been created self.assertEqual( TestCase.objects.filter(summary=self.summary).count(), 0)
def test_get_status_options_without_permission(self): remove_perm_from_user(self.tester, "testruns.change_testexecution") response = self.client.get(self.url) self.assertEqual(HTTPStatus.OK, response.status_code) for execution_status in TestExecutionStatus.objects.all(): self.assertNotContains( response, f'<span class="{execution_status.icon}"></span>{execution_status.name}', html=True, )
def test_user_without_permission_should_not_be_able_to_clone_a_case(self): remove_perm_from_user(self.tester, "testcases.add_testcase") base_url = reverse("tcms-login") + "?next=" expected = base_url + reverse( "testcases-clone") + f"?c={self.case_1.pk}" response = self.client.get( self.clone_url, {"c": [ self.case_1.pk, ]}, ) self.assertRedirects(response, expected)
def test_refuse_if_missing_permission(self): remove_perm_from_user(self.tester, self.permission) self.client.login(username=self.tester.username, password='******') response = self.client.post(self.update_url, { 'content_type': 'testruns.testcaserun', 'object_pk': self.case_run_1.pk, 'field': 'case_run_status', 'value': str(TestCaseRunStatus.objects.get(name='PAUSED').pk), 'value_type': 'int', }) self.assertEqual({'rc': 1, 'response': 'Permission Dinied.'}, json.loads(response.content))
def test_refuse_if_missing_permission(self): remove_perm_from_user(self.tester, self.permission) self.client.login(username=self.tester.username, password='******') response = self.client.post(self.update_url, { 'content_type': 'testruns.testcaserun', 'object_pk': self.case_run_1.pk, 'field': 'case_run_status', 'value': str(TestCaseRunStatus.objects.get(name='PAUSED').pk), 'value_type': 'int', }) self.assertEqual({'rc': 1, 'response': 'Permission Dinied.'}, json_loads(response.content))
def setUpTestData(cls): super().setUpTestData() initiate_user_with_default_setups(cls.tester) for _i in range(3): cls.test_run.add_tag(TagFactory()) cls.unauthorized = UserFactory() cls.unauthorized.set_password('password') cls.unauthorized.save() cls.unauthorized.user_permissions.add(*Permission.objects.all()) remove_perm_from_user(cls.unauthorized, 'testruns.add_testruntag') remove_perm_from_user(cls.unauthorized, 'testruns.delete_testruntag')
def test_add_case_without_permissions(self): unauthorized_user = UserFactory() unauthorized_user.set_password('api-testing') unauthorized_user.save() unauthorized_user.user_permissions.add(*Permission.objects.all()) remove_perm_from_user(unauthorized_user, 'testruns.add_testcaserun') rpc_client = TCMSXmlrpc(unauthorized_user.username, 'api-testing', '%s/xml-rpc/' % self.live_server_url).server with self.assertRaisesRegex(ProtocolError, '403 Forbidden'): rpc_client.TestRun.add_case(self.test_run.pk, self.test_case.pk) exists = TestCaseRun.objects.filter(run=self.test_run.pk, case=self.test_case.pk).exists() self.assertFalse(exists)
def test_refuse_if_missing_permission(self): remove_perm_from_user(self.tester, self.permission) self.client.login(username=self.tester.username, password='******') response = self.client.post( self.case_update_url, { 'target_field': 'priority', 'from_plan': self.plan.pk, 'case': [self.case_1.pk, self.case_3.pk], 'new_value': Priority.objects.get(value='P3').pk, }) self.assertEqual( {'rc': 1, 'response': "You don't have enough permission to " "update TestCases."}, json.loads(response.content))
def test_refuse_if_missing_permission(self): self.client.login(username=self.tester.username, password='******') remove_perm_from_user(self.tester, self.permission) post_data = { 'content_type': 'testplans.testplan', 'object_pk': self.plan.pk, 'field': 'is_active', 'value': 'False', 'value_type': 'bool' } response = self.client.post(self.update_url, post_data) self.assertEqual({'rc': 1, 'response': 'Permission Dinied.'}, json.loads(response.content))
def test_refuse_if_missing_permission(self): remove_perm_from_user(self.tester, self.permission) self.client.login( # nosec:B106:hardcoded_password_funcarg username=self.tester.username, password='******') response = self.client.post( self.url, { 'case[]': [self.case_1.pk, self.case_3.pk], 'new_value': Priority.objects.get(value='P3').pk, }) self.assertJSONEqual( str(response.content, encoding=settings.DEFAULT_CHARSET), {'rc': 1, 'response': "You don't have enough permission to " "update TestCases."})
def test_refuse_if_missing_permission(self): remove_perm_from_user(self.tester, self.permission) self.client.login( # nosec:B106:hardcoded_password_funcarg username=self.tester.username, password='******') response = self.client.post(self.update_url, { 'content_type': 'testruns.testcaserun', 'object_pk': self.case_run_1.pk, 'field': 'case_run_status', 'value': str(TestCaseRunStatus.objects.get(name='PAUSED').pk), 'value_type': 'int', }) self.assertJSONEqual( str(response.content, encoding=settings.DEFAULT_CHARSET), {'rc': 1, 'response': 'Permission Dinied.'})
def test_refuse_if_missing_permission(self): remove_perm_from_user(self.tester, self.permission) self.client.login(username=self.tester.username, password='******') response = self.client.post( self.case_update_url, { 'target_field': 'priority', 'from_plan': self.plan.pk, 'case': [self.case_1.pk, self.case_3.pk], 'new_value': Priority.objects.get(value='P3').pk, }) self.assertEqual( {'rc': 1, 'response': "You don't have enough permission to " "update TestCases."}, json_loads(response.content))
def test_refuse_if_missing_permission(self): self.client.login(username=self.tester.username, password='******') remove_perm_from_user(self.tester, self.permission) post_data = { 'content_type': 'testplans.testplan', 'object_pk': self.plan.pk, 'field': 'is_active', 'value': 'False', 'value_type': 'bool' } response = self.client.post(self.update_url, post_data) self.assertEqual({'rc': 1, 'response': 'Permission Dinied.'}, json_loads(response.content))
def test_add_tag_without_permissions(self): unauthorized_user = UserFactory() unauthorized_user.set_password('api-testing') unauthorized_user.save() unauthorized_user.user_permissions.add(*Permission.objects.all()) remove_perm_from_user(unauthorized_user, 'testcases.add_testcasetag') rpc_client = xmlrpc.TCMSXmlrpc(unauthorized_user.username, 'api-testing', '%s/xml-rpc/' % self.live_server_url).server with self.assertRaisesRegex(ProtocolError, '403 Forbidden'): rpc_client.TestCase.add_tag(self.testcase.pk, self.tag1.name) # tags were not modified tag_exists = TestCase.objects.filter(pk=self.testcase.pk, tag__pk=self.tag1.pk).exists() self.assertFalse(tag_exists)
def test_refuse_if_missing_permission(self): self.client.login( # nosec:B106:hardcoded_password_funcarg username=self.tester.username, password='******') remove_perm_from_user(self.tester, self.permission) post_data = { 'content_type': 'testplans.testplan', 'object_pk': self.plan.pk, 'field': 'is_active', 'value': 'False', 'value_type': 'bool' } response = self.client.post(self.update_url, post_data) self.assertJSONEqual( str(response.content, encoding=settings.DEFAULT_CHARSET), {'rc': 1, 'response': 'Permission Dinied.'})
def test_add_case_without_permissions(self): unauthorized_user = UserFactory() unauthorized_user.set_password("api-testing") unauthorized_user.save() unauthorized_user.user_permissions.add(*Permission.objects.all()) remove_perm_from_user(unauthorized_user, "testruns.add_testexecution") rpc_client = xmlrpc.TCMSXmlrpc( unauthorized_user.username, "api-testing", "%s/xml-rpc/" % self.live_server_url, ).server with self.assertRaisesRegex(ProtocolError, "403 Forbidden"): rpc_client.TestRun.add_case(self.test_run.pk, self.test_case.pk) exists = TestExecution.objects.filter(run=self.test_run.pk, case=self.test_case.pk).exists() self.assertFalse(exists)
def test_create_a_new_run_without_permissions_should_fail(self): remove_perm_from_user(self.tester, 'testruns.add_testrun') self.client.login( # nosec:B106:hardcoded_password_funcarg username=self.tester.username, password='******') clone_data = { 'summary': self.plan.name, 'from_plan': self.plan.pk, 'build': self.build_fast.pk, 'manager': self.tester.email, 'default_tester': self.tester.email, 'notes': 'Clone new run', 'case': [self.case_1.pk, self.case_2.pk], 'POSTING_TO_CREATE': 'YES', } url = reverse('testruns-new') self.assertRedirects(self.client.post(url, clone_data), reverse('tcms-login') + '?next=' + url)
def tearDown(self): remove_perm_from_user(self.tester, 'testcases.delete_testcasecomponent')
def tearDown(self): # Ensure permission is removed whenever it was added during tests remove_perm_from_user(self.plan_tester, 'testcases.add_testcaseplan')
def test_should_fail_when_try_to_change_status_without_permissions(self): remove_perm_from_user(self.tester, 'testruns.change_testrun') self.assertRedirects( self.client.get(self.url, {'finished': 1}), reverse('tcms-login') + '?next=%s?finished=1' % self.url)
def tearDown(self): remove_perm_from_user(self.plan_tester, 'testcases.add_testcaseplan') remove_perm_from_user(self.plan_tester, 'testcases.change_testcaseplan')
def tearDown(self): remove_perm_from_user(self.tester, self.permission)
def tearDown(self): remove_perm_from_user(self.new_tester, 'management.change_tcmsenvgroup')
def tearDown(self): self.client.logout() remove_perm_from_user(self.tester, 'testcases.delete_testcasecomponent')