def test_refuse_if_missing_permission(self):
remove_perm_from_user(self.tester, self.permission)
response = self.client.get(self.group_properties_url,
{'action': 'edit', 'id': self.property.pk})
self.assertJSONEqual(
str(response.content, encoding=settings.DEFAULT_CHARSET),
{'rc': 1, 'response': 'Permission denied'})
def test_missing_permission_when_deleting_and_no_permission(self):
remove_perm_from_user(self.tester, self.permission)
response = self.client.get(self.group_delete_url,
{'action': 'del', 'id': self.group_nitrate.pk})
self.assertJSONEqual(
str(response.content, encoding=settings.DEFAULT_CHARSET),
{'rc': 1, 'response': 'Permission denied.'})
def test_missing_permission(self):
remove_perm_from_user(self.tester, self.permission)
response = self.client.get(self.group_add_url,
{'action': 'add', 'name': self.new_group_name})
self.assertEqual({'rc': 1, 'response': 'Permission denied.'},
json_loads(response.content))
def test_update_selected_case_runs_without_permissions(self):
self.execution_1.case.text = "Scenario Version 3"
self.execution_1.case.save()
remove_perm_from_user(self.tester, 'testruns.change_testexecution')
self.client.login( # nosec:B106:hardcoded_password_funcarg
username=self.tester.username,
password='******')
self.assertNotEqual(self.execution_1.case.history.latest().history_id,
self.execution_1.case_text_version)
response = self.client.post(self.update_url,
{'pk': [self.execution_1.pk]},
follow=True)
self.assertRedirects(
response,
reverse('tcms-login') + '?next=' + self.update_url)
self.execution_1.refresh_from_db()
self.assertNotEqual(
self.execution_1.case.get_text_with_version(
self.execution_1.case_text_version), "Scenario Version 3")
self.assertNotEqual(self.execution_1.case.history.latest().history_id,
self.execution_1.case_text_version)
def test_remove_tag_without_permissions(self):
unauthorized_user = UserFactory()
unauthorized_user.set_password("api-testing")
unauthorized_user.save()
unauthorized_user.user_permissions.add(*Permission.objects.all())
remove_perm_from_user(unauthorized_user,
"testcases.delete_testcasetag")
rpc_client = xmlrpc.TCMSXmlrpc(
unauthorized_user.username,
"api-testing",
f"{self.live_server_url}/xml-rpc/",
).server
with self.assertRaisesRegex(ProtocolError, "403 Forbidden"):
rpc_client.TestCase.remove_tag(self.testcase.pk, self.tag0.name)
# tags were not modified
tag_exists = TestCase.objects.filter(pk=self.testcase.pk,
tag__pk=self.tag0.pk).exists()
self.assertTrue(tag_exists)
tag_exists = TestCase.objects.filter(pk=self.testcase.pk,
tag__pk=self.tag1.pk).exists()
self.assertFalse(tag_exists)
def test_should_not_be_able_use_cc_when_user_has_no_pemissions(self):
remove_perm_from_user(self.tester, 'testruns.change_testrun')
self.assertRedirects(
self.client.get(self.cc_url),
reverse('tcms-login') + '?next=%s' % self.cc_url
)
def test_get_status_options_without_permission(self):
remove_perm_from_user(self.tester, 'testruns.change_testexecution')
response = self.client.get(self.url)
self.assertEqual(HTTPStatus.OK, response.status_code)
for _tcrs in TestExecutionStatus.objects.all():
self.assertNotContains(response, self.status_menu_html, html=True)
def test_post_with_no_perm_redirects_to_login(self):
remove_perm_from_user(self.user, self.add_testplan_permission)
response = self.client.post(self.location, self.request, follow=True)
self.assertRedirects(response,
reverse('tcms-login') + '?next=' + self.location)
def test_clone_a_run_without_permissions(self):
remove_perm_from_user(self.tester, 'testruns.add_testrun')
self.client.login( # nosec:B106:hardcoded_password_funcarg
username=self.tester.username,
password='******')
new_summary = 'Clone {} - {}'.format(self.test_run.pk,
self.test_run.summary)
clone_data = {
'summary': new_summary,
'from_plan': self.plan.pk,
'product_id': self.test_run.plan.product_id,
'do': 'clone_run',
'POSTING_TO_CREATE': 'YES',
'product': self.test_run.plan.product_id,
'product_version': self.test_run.product_version.pk,
'build': self.test_run.build.pk,
'errata_id': '',
'manager': self.test_run.manager.email,
'default_tester': self.test_run.default_tester.email,
'notes': '',
'case': [self.execution_1.case.pk, self.execution_2.case.pk],
'execution_id': [self.execution_1.pk, self.execution_2.pk],
}
url = reverse('testruns-new')
response = self.client.post(url, clone_data)
self.assertRedirects(response, reverse('tcms-login') + '?next=' + url)
def test_refuse_if_missing_permission(self):
remove_perm_from_user(self.tester, self.permission)
self.client.login(username=self.tester.username, password='******')
response = self.client.get(self.group_properties_url,
{'action': 'modify', 'id': self.property_os.pk})
self.assertContains(response, 'Permission denied')
def test_refuse_if_missing_permission(self):
remove_perm_from_user(self.tester, self.permission)
self.client.login(username=self.tester.username, password='******')
response = self.client.get(self.group_properties_url,
{'action': 'modify', 'id': self.property_os.pk})
self.assertContains(response, 'Permission denied')
def test_refuse_if_missing_permission(self):
remove_perm_from_user(self.tester, self.permission)
self.client.login(username=self.tester.username, password='******')
response = self.client.get(self.group_properties_url,
{'action': 'edit', 'id': self.property.pk})
self.assertEqual({'rc': 1, 'response': 'Permission denied'},
json_loads(response.content))
def test_missing_permission(self):
remove_perm_from_user(self.tester, self.permission)
response = self.client.get(self.group_add_url,
{'action': 'add', 'name': self.new_group_name})
self.assertJSONEqual(
str(response.content, encoding=settings.DEFAULT_CHARSET),
{'rc': 1, 'response': 'Permission denied.'})
def test_refuse_if_missing_permission(self):
remove_perm_from_user(self.tester, self.permission)
self.client.login(username=self.tester.username, password='******')
response = self.client.get(self.group_properties_url, {'action': 'add'})
self.assertJSONEqual(
str(response.content, encoding=settings.DEFAULT_CHARSET),
{'rc': 1, 'response': 'Permission denied'})
def test_user_without_permission_should_not_be_able_to_clone_a_case(self):
remove_perm_from_user(self.tester, 'testcases.add_testcase')
base_url = reverse('tcms-login') + '?next='
expected = base_url + reverse('testcases-clone') + "?case=%d" % self.case_1.pk
response = self.client.get(self.clone_url, {'case': [self.case_1.pk, ]})
self.assertRedirects(
response,
expected
)
def test_create_test_case_without_permissions(self):
remove_perm_from_user(self.tester, 'testcases.add_testcase')
response = self.client.post(self.new_case_url, self.data)
redirect_url = "{0}?next={1}".format(reverse('tcms-login'),
reverse('testcases-new'))
self.assertRedirects(response, redirect_url)
# assert test case has not been created
self.assertEqual(
TestCase.objects.filter(summary=self.summary).count(), 0)
def test_get_status_options_without_permission(self):
remove_perm_from_user(self.tester, "testruns.change_testexecution")
response = self.client.get(self.url)
self.assertEqual(HTTPStatus.OK, response.status_code)
for execution_status in TestExecutionStatus.objects.all():
self.assertNotContains(
response,
f'<span class="{execution_status.icon}"></span>{execution_status.name}',
html=True,
)
def test_user_without_permission_should_not_be_able_to_clone_a_case(self):
remove_perm_from_user(self.tester, "testcases.add_testcase")
base_url = reverse("tcms-login") + "?next="
expected = base_url + reverse(
"testcases-clone") + f"?c={self.case_1.pk}"
response = self.client.get(
self.clone_url,
{"c": [
self.case_1.pk,
]},
)
self.assertRedirects(response, expected)
def test_refuse_if_missing_permission(self):
remove_perm_from_user(self.tester, self.permission)
self.client.login(username=self.tester.username, password='******')
response = self.client.post(self.update_url, {
'content_type': 'testruns.testcaserun',
'object_pk': self.case_run_1.pk,
'field': 'case_run_status',
'value': str(TestCaseRunStatus.objects.get(name='PAUSED').pk),
'value_type': 'int',
})
self.assertEqual({'rc': 1, 'response': 'Permission Dinied.'},
json.loads(response.content))
def test_refuse_if_missing_permission(self):
remove_perm_from_user(self.tester, self.permission)
self.client.login(username=self.tester.username, password='******')
response = self.client.post(self.update_url, {
'content_type': 'testruns.testcaserun',
'object_pk': self.case_run_1.pk,
'field': 'case_run_status',
'value': str(TestCaseRunStatus.objects.get(name='PAUSED').pk),
'value_type': 'int',
})
self.assertEqual({'rc': 1, 'response': 'Permission Dinied.'},
json_loads(response.content))
def setUpTestData(cls):
super().setUpTestData()
initiate_user_with_default_setups(cls.tester)
for _i in range(3):
cls.test_run.add_tag(TagFactory())
cls.unauthorized = UserFactory()
cls.unauthorized.set_password('password')
cls.unauthorized.save()
cls.unauthorized.user_permissions.add(*Permission.objects.all())
remove_perm_from_user(cls.unauthorized, 'testruns.add_testruntag')
remove_perm_from_user(cls.unauthorized, 'testruns.delete_testruntag')
def test_add_case_without_permissions(self):
unauthorized_user = UserFactory()
unauthorized_user.set_password('api-testing')
unauthorized_user.save()
unauthorized_user.user_permissions.add(*Permission.objects.all())
remove_perm_from_user(unauthorized_user, 'testruns.add_testcaserun')
rpc_client = TCMSXmlrpc(unauthorized_user.username,
'api-testing',
'%s/xml-rpc/' % self.live_server_url).server
with self.assertRaisesRegex(ProtocolError, '403 Forbidden'):
rpc_client.TestRun.add_case(self.test_run.pk, self.test_case.pk)
exists = TestCaseRun.objects.filter(run=self.test_run.pk, case=self.test_case.pk).exists()
self.assertFalse(exists)
def test_refuse_if_missing_permission(self):
remove_perm_from_user(self.tester, self.permission)
self.client.login(username=self.tester.username, password='******')
response = self.client.post(
self.case_update_url,
{
'target_field': 'priority',
'from_plan': self.plan.pk,
'case': [self.case_1.pk, self.case_3.pk],
'new_value': Priority.objects.get(value='P3').pk,
})
self.assertEqual(
{'rc': 1, 'response': "You don't have enough permission to "
"update TestCases."},
json.loads(response.content))
def test_refuse_if_missing_permission(self):
self.client.login(username=self.tester.username, password='******')
remove_perm_from_user(self.tester, self.permission)
post_data = {
'content_type': 'testplans.testplan',
'object_pk': self.plan.pk,
'field': 'is_active',
'value': 'False',
'value_type': 'bool'
}
response = self.client.post(self.update_url, post_data)
self.assertEqual({'rc': 1, 'response': 'Permission Dinied.'},
json.loads(response.content))
def test_refuse_if_missing_permission(self):
remove_perm_from_user(self.tester, self.permission)
self.client.login( # nosec:B106:hardcoded_password_funcarg
username=self.tester.username,
password='******')
response = self.client.post(
self.url,
{
'case[]': [self.case_1.pk, self.case_3.pk],
'new_value': Priority.objects.get(value='P3').pk,
})
self.assertJSONEqual(
str(response.content, encoding=settings.DEFAULT_CHARSET),
{'rc': 1, 'response': "You don't have enough permission to "
"update TestCases."})
def test_refuse_if_missing_permission(self):
remove_perm_from_user(self.tester, self.permission)
self.client.login( # nosec:B106:hardcoded_password_funcarg
username=self.tester.username,
password='******')
response = self.client.post(self.update_url, {
'content_type': 'testruns.testcaserun',
'object_pk': self.case_run_1.pk,
'field': 'case_run_status',
'value': str(TestCaseRunStatus.objects.get(name='PAUSED').pk),
'value_type': 'int',
})
self.assertJSONEqual(
str(response.content, encoding=settings.DEFAULT_CHARSET),
{'rc': 1, 'response': 'Permission Dinied.'})
def test_refuse_if_missing_permission(self):
remove_perm_from_user(self.tester, self.permission)
self.client.login(username=self.tester.username, password='******')
response = self.client.post(
self.case_update_url,
{
'target_field': 'priority',
'from_plan': self.plan.pk,
'case': [self.case_1.pk, self.case_3.pk],
'new_value': Priority.objects.get(value='P3').pk,
})
self.assertEqual(
{'rc': 1, 'response': "You don't have enough permission to "
"update TestCases."},
json_loads(response.content))
def test_refuse_if_missing_permission(self):
self.client.login(username=self.tester.username, password='******')
remove_perm_from_user(self.tester, self.permission)
post_data = {
'content_type': 'testplans.testplan',
'object_pk': self.plan.pk,
'field': 'is_active',
'value': 'False',
'value_type': 'bool'
}
response = self.client.post(self.update_url, post_data)
self.assertEqual({'rc': 1, 'response': 'Permission Dinied.'},
json_loads(response.content))
def test_add_tag_without_permissions(self):
unauthorized_user = UserFactory()
unauthorized_user.set_password('api-testing')
unauthorized_user.save()
unauthorized_user.user_permissions.add(*Permission.objects.all())
remove_perm_from_user(unauthorized_user, 'testcases.add_testcasetag')
rpc_client = xmlrpc.TCMSXmlrpc(unauthorized_user.username,
'api-testing',
'%s/xml-rpc/' % self.live_server_url).server
with self.assertRaisesRegex(ProtocolError, '403 Forbidden'):
rpc_client.TestCase.add_tag(self.testcase.pk, self.tag1.name)
# tags were not modified
tag_exists = TestCase.objects.filter(pk=self.testcase.pk, tag__pk=self.tag1.pk).exists()
self.assertFalse(tag_exists)
def test_refuse_if_missing_permission(self):
self.client.login( # nosec:B106:hardcoded_password_funcarg
username=self.tester.username,
password='******')
remove_perm_from_user(self.tester, self.permission)
post_data = {
'content_type': 'testplans.testplan',
'object_pk': self.plan.pk,
'field': 'is_active',
'value': 'False',
'value_type': 'bool'
}
response = self.client.post(self.update_url, post_data)
self.assertJSONEqual(
str(response.content, encoding=settings.DEFAULT_CHARSET),
{'rc': 1, 'response': 'Permission Dinied.'})
def test_add_case_without_permissions(self):
unauthorized_user = UserFactory()
unauthorized_user.set_password("api-testing")
unauthorized_user.save()
unauthorized_user.user_permissions.add(*Permission.objects.all())
remove_perm_from_user(unauthorized_user, "testruns.add_testexecution")
rpc_client = xmlrpc.TCMSXmlrpc(
unauthorized_user.username,
"api-testing",
"%s/xml-rpc/" % self.live_server_url,
).server
with self.assertRaisesRegex(ProtocolError, "403 Forbidden"):
rpc_client.TestRun.add_case(self.test_run.pk, self.test_case.pk)
exists = TestExecution.objects.filter(run=self.test_run.pk,
case=self.test_case.pk).exists()
self.assertFalse(exists)
def test_create_a_new_run_without_permissions_should_fail(self):
remove_perm_from_user(self.tester, 'testruns.add_testrun')
self.client.login( # nosec:B106:hardcoded_password_funcarg
username=self.tester.username,
password='******')
clone_data = {
'summary': self.plan.name,
'from_plan': self.plan.pk,
'build': self.build_fast.pk,
'manager': self.tester.email,
'default_tester': self.tester.email,
'notes': 'Clone new run',
'case': [self.case_1.pk, self.case_2.pk],
'POSTING_TO_CREATE': 'YES',
}
url = reverse('testruns-new')
self.assertRedirects(self.client.post(url, clone_data),
reverse('tcms-login') + '?next=' + url)
def tearDown(self):
remove_perm_from_user(self.tester, 'testcases.delete_testcasecomponent')
def tearDown(self):
# Ensure permission is removed whenever it was added during tests
remove_perm_from_user(self.plan_tester, 'testcases.add_testcaseplan')
def test_should_fail_when_try_to_change_status_without_permissions(self):
remove_perm_from_user(self.tester, 'testruns.change_testrun')
self.assertRedirects(
self.client.get(self.url, {'finished': 1}),
reverse('tcms-login') + '?next=%s?finished=1' % self.url)
def tearDown(self):
remove_perm_from_user(self.plan_tester, 'testcases.add_testcaseplan')
remove_perm_from_user(self.plan_tester, 'testcases.change_testcaseplan')
def tearDown(self):
remove_perm_from_user(self.tester, self.permission)
def tearDown(self):
remove_perm_from_user(self.new_tester, 'management.change_tcmsenvgroup')
def tearDown(self):
self.client.logout()
remove_perm_from_user(self.tester, 'testcases.delete_testcasecomponent')
def tearDown(self):
# Ensure permission is removed whenever it was added during tests
remove_perm_from_user(self.plan_tester, 'testcases.add_testcaseplan')
