def can_user_access_testcase(testcase): """Checks if the current user can access the testcase.""" if has_access( fuzzer_name=testcase.fuzzer_name, job_type=testcase.job_type, need_privileged_access=testcase.security_flag): return True user_email = helpers.get_user_email() if testcase.uploader_email and testcase.uploader_email == user_email: return True # Allow owners of bugs to see associated test cases and test case groups. issue_id = testcase.bug_information or testcase.group_bug_information if not issue_id: return False itm = issue_tracker_utils.get_issue_tracker_manager(testcase) issue = itm.get_issue(int(issue_id)) if not issue: return False config = db_config.get() if config.relax_testcase_restrictions or _is_domain_allowed(user_email): return (any(utils.emails_equal(user_email, cc) for cc in issue.cc) or utils.emails_equal(user_email, issue.owner) or utils.emails_equal(user_email, issue.reporter)) return utils.emails_equal(user_email, issue.owner)
def can_user_access_testcase(testcase): """Checks if the current user can access the testcase.""" config = db_config.get() need_privileged_access = ( testcase.security_flag and not config.relax_security_bug_restrictions) if has_access( fuzzer_name=testcase.fuzzer_name, job_type=testcase.job_type, need_privileged_access=need_privileged_access): return True user_email = helpers.get_user_email() if testcase.uploader_email and testcase.uploader_email == user_email: return True # Allow owners of bugs to see associated test cases and test case groups. issue_id = testcase.bug_information or testcase.group_bug_information if not issue_id: return False itm = issue_tracker_utils.get_issue_tracker_manager(testcase) issue_id = int(issue_id) associated_issue = itm.get_issue(issue_id) if not associated_issue: return False # Look at both associated issue and original issue (if the associated one # is a duplicate of the original issue). issues_to_check = [associated_issue] if associated_issue.merged_into: original_issue = itm.get_original_issue(issue_id) if original_issue: issues_to_check.append(original_issue) relaxed_restrictions = ( config.relax_testcase_restrictions or _is_domain_allowed(user_email)) for issue in issues_to_check: if relaxed_restrictions: if (any(utils.emails_equal(user_email, cc) for cc in issue.cc) or utils.emails_equal(user_email, issue.owner) or utils.emails_equal(user_email, issue.reporter)): return True elif utils.emails_equal(user_email, issue.owner): return True return False
def _is_blacklisted_user(email): """Check if an email is in the privileged users list.""" blacklisted_user_emails = (db_config.get_value('blacklisted_users') or '').splitlines() return any( utils.emails_equal(email, blacklisted_user_email) for blacklisted_user_email in blacklisted_user_emails)
def _is_privileged_user(email): """Check if an email is in the privileged users list.""" privileged_user_emails = (db_config.get_value('privileged_users') or '').splitlines() for privileged_user_email in privileged_user_emails: if utils.emails_equal(email, privileged_user_email): return True return False
def _is_privileged_user(email): """Check if an email is in the privileged users list.""" if local_config.AuthConfig().get('all_users_privileged'): return True privileged_user_emails = (db_config.get_value('privileged_users') or '').splitlines() return any( utils.emails_equal(email, privileged_user_email) for privileged_user_email in privileged_user_emails)
def get_user_job_type(): """Return the job_type that is assigned to the current user. None means one can access any job type. You might want to invoke get_access(..) with the job type afterward.""" email = helpers.get_user_email() privileged_user_emails = (db_config.get_value('privileged_users') or '').splitlines() for privileged_user_email in privileged_user_emails: if ';' in privileged_user_email: tokens = privileged_user_email.split(';') privileged_user_real_email = tokens[0] privileged_user_job_type = tokens[1] if utils.emails_equal(email, privileged_user_real_email): return privileged_user_job_type return None
def test_email_equals(self): """Test email comparison.""" self.assertTrue(utils.emails_equal('*****@*****.**', '*****@*****.**')) self.assertTrue(utils.emails_equal('*****@*****.**', '*****@*****.**'))