def test_remove_tag_without_permissions(self):
unauthorized_user = UserFactory()
unauthorized_user.set_password("api-testing")
unauthorized_user.save()
unauthorized_user.user_permissions.add(*Permission.objects.all())
remove_perm_from_user(unauthorized_user,
"testcases.delete_testcasetag")
rpc_client = xmlrpc.TCMSXmlrpc(
unauthorized_user.username,
"api-testing",
f"{self.live_server_url}/xml-rpc/",
).server
with self.assertRaisesRegex(ProtocolError, "403 Forbidden"):
rpc_client.TestCase.remove_tag(self.testcase.pk, self.tag0.name)
# tags were not modified
tag_exists = TestCase.objects.filter(pk=self.testcase.pk,
tag__pk=self.tag0.pk).exists()
self.assertTrue(tag_exists)
tag_exists = TestCase.objects.filter(pk=self.testcase.pk,
tag__pk=self.tag1.pk).exists()
self.assertFalse(tag_exists)
def test_remove_case_without_permissions(self):
unauthorized_user = UserFactory()
unauthorized_user.set_password('api-testing')
unauthorized_user.save()
unauthorized_user.user_permissions.add(*Permission.objects.all())
remove_perm_from_user(unauthorized_user, 'testruns.delete_testexecution')
rpc_client = xmlrpc.TCMSXmlrpc(unauthorized_user.username,
'api-testing',
'%s/xml-rpc/' % self.live_server_url).server
with self.assertRaisesRegex(ProtocolError, '403 Forbidden'):
rpc_client.TestRun.remove_case(self.test_run.pk, self.test_case.pk)
exists = TestExecution.objects.filter(run=self.test_run.pk, case=self.test_case.pk).exists()
self.assertTrue(exists)
def test_add_tag_without_permissions(self):
unauthorized_user = UserFactory()
unauthorized_user.set_password('api-testing')
unauthorized_user.save()
unauthorized_user.user_permissions.add(*Permission.objects.all())
remove_perm_from_user(unauthorized_user, 'testcases.add_testcasetag')
rpc_client = xmlrpc.TCMSXmlrpc(unauthorized_user.username,
'api-testing',
'%s/xml-rpc/' % self.live_server_url).server
with self.assertRaisesRegex(ProtocolError, '403 Forbidden'):
rpc_client.TestCase.add_tag(self.testcase.pk, self.tag1.name)
# tags were not modified
tag_exists = TestCase.objects.filter(pk=self.testcase.pk, tag__pk=self.tag1.pk).exists()
self.assertFalse(tag_exists)
def _server(self):
""" Connection to the server """
# Connect to the server unless already connected
if TCMS._connection is None:
log.debug("Contacting server {0}".format(Config().tcms.url))
if hasattr(Config().tcms,
'use_mod_kerb') and Config().tcms.use_mod_kerb:
# use Kerberos
TCMS._connection = xmlrpc.TCMSKerbXmlrpc(
Config().tcms.url).server
else:
# use plain authentication otherwise
TCMS._connection = xmlrpc.TCMSXmlrpc(Config().tcms.username,
Config().tcms.password,
Config().tcms.url).server
# Return existing connection
return TCMS._connection
def test_add_case_without_permissions(self):
unauthorized_user = UserFactory()
unauthorized_user.set_password("api-testing")
unauthorized_user.save()
unauthorized_user.user_permissions.add(*Permission.objects.all())
remove_perm_from_user(unauthorized_user, "testruns.add_testexecution")
rpc_client = xmlrpc.TCMSXmlrpc(
unauthorized_user.username,
"api-testing",
"%s/xml-rpc/" % self.live_server_url,
).server
with self.assertRaisesRegex(ProtocolError, "403 Forbidden"):
rpc_client.TestRun.add_case(self.test_run.pk, self.test_case.pk)
exists = TestExecution.objects.filter(run=self.test_run.pk,
case=self.test_case.pk).exists()
self.assertFalse(exists)
