def test_private_ticket(self): from pylons import c from allura.model import ProjectRole, User from allura.model import ACE, ALL_PERMISSIONS, DENY_ALL from allura.lib.security import Credentials, has_access from allura.websetup import bootstrap admin = c.user creator = bootstrap.create_user('Not a Project Admin') developer = bootstrap.create_user('Project Developer') observer = bootstrap.create_user('Random Non-Project User') anon = User(_id=None, username='******', display_name='Anonymous') t = Ticket(summary='my ticket', ticket_num=3, reported_by_id=creator._id) assert creator == t.reported_by role_admin = ProjectRole.by_name('Admin')._id role_developer = ProjectRole.by_name('Developer')._id role_creator = t.reported_by.project_role()._id developer.project_role().roles.append(role_developer) cred = Credentials.get().clear() t.private = True assert t.acl == [ ACE.allow(role_developer, ALL_PERMISSIONS), ACE.allow(role_creator, ALL_PERMISSIONS), DENY_ALL ] assert has_access(t, 'read', user=admin)() assert has_access(t, 'create', user=admin)() assert has_access(t, 'update', user=admin)() assert has_access(t, 'read', user=creator)() assert has_access(t, 'create', user=creator)() assert has_access(t, 'update', user=creator)() assert has_access(t, 'read', user=developer)() assert has_access(t, 'create', user=developer)() assert has_access(t, 'update', user=developer)() assert not has_access(t, 'read', user=observer)() assert not has_access(t, 'create', user=observer)() assert not has_access(t, 'update', user=observer)() assert not has_access(t, 'read', user=anon)() assert not has_access(t, 'create', user=anon)() assert not has_access(t, 'update', user=anon)() t.private = False assert t.acl == [] assert has_access(t, 'read', user=admin)() assert has_access(t, 'create', user=admin)() assert has_access(t, 'update', user=admin)() assert has_access(t, 'read', user=developer)() assert has_access(t, 'create', user=developer)() assert has_access(t, 'update', user=developer)() assert has_access(t, 'read', user=creator)() assert has_access(t, 'unmoderated_post', user=creator)() assert not has_access(t, 'create', user=creator)() assert not has_access(t, 'update', user=creator)() assert has_access(t, 'read', user=observer)() assert has_access(t, 'read', user=anon)()
def test_private_ticket(self): from allura.model import ProjectRole from allura.model import ACE, DENY_ALL from allura.lib.security import Credentials, has_access from allura.websetup import bootstrap admin = c.user creator = bootstrap.create_user('Not a Project Admin') developer = bootstrap.create_user('Project Developer') observer = bootstrap.create_user('Random Non-Project User') anon = User(_id=None, username='******', display_name='Anonymous') t = Ticket(summary='my ticket', ticket_num=3, reported_by_id=creator._id) assert creator == t.reported_by role_admin = ProjectRole.by_name('Admin')._id role_developer = ProjectRole.by_name('Developer')._id role_creator = ProjectRole.by_user(t.reported_by, upsert=True)._id ProjectRole.by_user( developer, upsert=True).roles.append(role_developer) ThreadLocalORMSession.flush_all() cred = Credentials.get().clear() t.private = True assert_equal(t.acl, [ ACE.allow(role_developer, 'save_searches'), ACE.allow(role_developer, 'read'), ACE.allow(role_developer, 'create'), ACE.allow(role_developer, 'update'), ACE.allow(role_developer, 'unmoderated_post'), ACE.allow(role_developer, 'post'), ACE.allow(role_developer, 'moderate'), ACE.allow(role_developer, 'delete'), ACE.allow(role_creator, 'read'), ACE.allow(role_creator, 'post'), ACE.allow(role_creator, 'create'), ACE.allow(role_creator, 'unmoderated_post'), DENY_ALL]) assert has_access(t, 'read', user=admin)() assert has_access(t, 'create', user=admin)() assert has_access(t, 'update', user=admin)() assert has_access(t, 'read', user=creator)() assert has_access(t, 'post', user=creator)() assert has_access(t, 'unmoderated_post', user=creator)() assert has_access(t, 'create', user=creator)() assert not has_access(t, 'update', user=creator)() assert has_access(t, 'read', user=developer)() assert has_access(t, 'create', user=developer)() assert has_access(t, 'update', user=developer)() assert not has_access(t, 'read', user=observer)() assert not has_access(t, 'create', user=observer)() assert not has_access(t, 'update', user=observer)() assert not has_access(t, 'read', user=anon)() assert not has_access(t, 'create', user=anon)() assert not has_access(t, 'update', user=anon)() t.private = False assert t.acl == [] assert has_access(t, 'read', user=admin)() assert has_access(t, 'create', user=admin)() assert has_access(t, 'update', user=admin)() assert has_access(t, 'read', user=developer)() assert has_access(t, 'create', user=developer)() assert has_access(t, 'update', user=developer)() assert has_access(t, 'read', user=creator)() assert has_access(t, 'unmoderated_post', user=creator)() assert has_access(t, 'create', user=creator)() assert not has_access(t, 'update', user=creator)() assert has_access(t, 'read', user=observer)() assert has_access(t, 'read', user=anon)()
def setUp(self): super(WithUserAndBugsApp, self).setUp() c.user = User(username='******') h.set_context('test', 'bugs', neighborhood='Projects')