def can_edit_ticket(self, req, ticket_or_type): """Return True if the current user can edit the given ticket or ticket type""" decision = False if ticket_or_type and req: resource = t_type = None if isinstance(ticket_or_type, AgiloTicket): resource = ticket_or_type.resource else: t_type = ticket_or_type policy = AgiloPolicy(self.env) decision = policy.check_ticket_edit(req.authname, resource, req.perm, t_type=t_type) return decision
class BacklogEditPermissionTest(AgiloTestCase): def setUp(self): self.super() self.policy = AgiloPolicy(self.env) def policy_decision(self, resource=None, username='******'): perm = PermissionCache(self.env, username) return self.policy.check_permission(Action.BACKLOG_EDIT, username, resource, perm) def test_backlog_edit_without_resource_falls_back_to_trac_permissions(self): self.assert_none(self.policy_decision(resource=None)) self.teh.grant_permission('foo', Action.BACKLOG_EDIT) self.assert_none(self.policy_decision(resource=None)) def test_product_owner_has_backlog_edit_without_resource_because_they_can_potentially_edit_the_product_backlog(self): self.teh.grant_permission('foo', Role.PRODUCT_OWNER) self.assert_true(self.policy_decision(resource=None)) def test_scrum_master_has_backlog_edit_without_resource_because_they_can_potentially_edit_the_sprint_backlog(self): self.teh.grant_permission('foo', Role.SCRUM_MASTER) self.assert_true(self.policy_decision(resource=None)) def product_backlog_resource(self): return Resource(Realm.BACKLOG, Key.PRODUCT_BACKLOG) def sprint_backlog_resource(self): return Resource(Realm.BACKLOG, Key.SPRINT_BACKLOG) def other_backlog_resource(self): return Resource(Realm.BACKLOG, 'My Own Backlog') def test_product_owner_can_edit_the_product_backlog(self): self.teh.grant_permission('foo', Role.PRODUCT_OWNER) self.assert_none(self.policy_decision(resource=self.sprint_backlog_resource())) self.assert_true(self.policy_decision(resource=self.product_backlog_resource())) def test_scrum_master_can_edit_the_sprint_backlog(self): self.teh.grant_permission('foo', Role.SCRUM_MASTER) self.assert_none(self.policy_decision(resource=self.product_backlog_resource())) self.assert_true(self.policy_decision(resource=self.sprint_backlog_resource())) def test_all_authenticated_users_can_unknown_backlogs(self): self.teh.grant_permission('foo', Role.SCRUM_MASTER) other_backlog = self.other_backlog_resource() self.assert_true(self.policy_decision(resource=other_backlog)) other_backlog = self.policy_decision(resource=self.other_backlog_resource(), username='******') self.assert_none(other_backlog) def test_no_endless_loop_if_permission_is_checked_with_string_instead_of_resource(self): perm = PermissionCache(self.env, 'foo') perm.has_permission('AGILO_BACKLOG_EDIT', '%s:Sprint Backlog' % Realm.BACKLOG)
class ConfirmCommitmentTest(AgiloTestCase): def setUp(self): self.super() self.policy = AgiloPolicy(self.env) def username(self): return 'foo' def policy_decision(self, resource=None, username=None): perm = PermissionCache(self.env, username) return self.policy.check_permission(Action.CONFIRM_COMMITMENT, username or self.username(), resource, perm) def test_does_not_care_if_no_resource_given(self): self.assert_none(self.policy_decision()) def test_does_not_care_for_invalid_sprint_names(self): self.assert_none( self.policy_decision(Resource(Realm.SPRINT, 'invalid'))) def test_sprint_must_have_a_team_assigned(self): sprint = self.teh.create_sprint('ConfirmCommitmentSprint') self.assert_none(sprint.team) self.assert_false(self.policy_decision(sprint.resource())) def test_can_confirm_if_sprint_started_at_most_yesterday(self): team = self.teh.create_team('A-Team') almost_a_day_ago = now() - timedelta(hours=23) sprint = self.teh.create_sprint('Sprint', start=almost_a_day_ago, team=team) self.assert_none(self.policy_decision(sprint.resource())) def test_can_not_confirm_if_sprint_started_more_than_one_day_ago(self): self.teh.disable_sprint_date_normalization() team = self.teh.create_team('A-Team') two_days_ago = now() - timedelta(days=2) sprint = self.teh.create_sprint('Sprint', start=two_days_ago, team=team) self.assert_false(self.policy_decision(sprint.resource()))
class ConfirmCommitmentTest(AgiloTestCase): def setUp(self): self.super() self.policy = AgiloPolicy(self.env) def username(self): return 'foo' def policy_decision(self, resource=None, username=None): perm = PermissionCache(self.env, username) return self.policy.check_permission(Action.CONFIRM_COMMITMENT, username or self.username(), resource, perm) def test_does_not_care_if_no_resource_given(self): self.assert_none(self.policy_decision()) def test_does_not_care_for_invalid_sprint_names(self): self.assert_none(self.policy_decision(Resource(Realm.SPRINT, 'invalid'))) def test_sprint_must_have_a_team_assigned(self): sprint = self.teh.create_sprint('ConfirmCommitmentSprint') self.assert_none(sprint.team) self.assert_false(self.policy_decision(sprint.resource())) def test_can_confirm_if_sprint_started_at_most_yesterday(self): team = self.teh.create_team('A-Team') almost_a_day_ago = now() - timedelta(hours=23) sprint = self.teh.create_sprint('Sprint', start=almost_a_day_ago, team=team) self.assert_none(self.policy_decision(sprint.resource())) def test_can_not_confirm_if_sprint_started_more_than_one_day_ago(self): self.teh.disable_sprint_date_normalization() team = self.teh.create_team('A-Team') two_days_ago = now() - timedelta(days=2) sprint = self.teh.create_sprint('Sprint', start=two_days_ago, team=team) self.assert_false(self.policy_decision(sprint.resource()))
class ContingentPermissionsTest(AgiloTestCase): def setUp(self): self.super() self.policy = AgiloPolicy(self.env) def username(self): return 'foo' def ask_policy(self, action, resource=None, username=None): perm = PermissionCache(self.env, username) return self.policy.check_permission(action, username or self.username(), resource, perm) def assert_permission(self, action, resource=None, username=None): self.assert_true() def assert_no_permission(self, action, resource=None, username=None): self.assert_falsish(self.ask_policy(action, resource, username)) def test_contingent_admin_must_be_able_to_add_time(self): self.assert_no_permission(Action.CONTINGENT_ADD_TIME) self.teh.grant_permission(self.username(), Action.CONTINGENT_ADMIN) self.assert_none(self.ask_policy(Action.CONTINGENT_ADD_TIME))
def setUp(self): self.super() self.policy = AgiloPolicy(self.env)
class BacklogEditPermissionTest(AgiloTestCase): def setUp(self): self.super() self.policy = AgiloPolicy(self.env) def policy_decision(self, resource=None, username='******'): perm = PermissionCache(self.env, username) return self.policy.check_permission(Action.BACKLOG_EDIT, username, resource, perm) def test_backlog_edit_without_resource_falls_back_to_trac_permissions( self): self.assert_none(self.policy_decision(resource=None)) self.teh.grant_permission('foo', Action.BACKLOG_EDIT) self.assert_none(self.policy_decision(resource=None)) def test_product_owner_has_backlog_edit_without_resource_because_they_can_potentially_edit_the_product_backlog( self): self.teh.grant_permission('foo', Role.PRODUCT_OWNER) self.assert_true(self.policy_decision(resource=None)) def test_scrum_master_has_backlog_edit_without_resource_because_they_can_potentially_edit_the_sprint_backlog( self): self.teh.grant_permission('foo', Role.SCRUM_MASTER) self.assert_true(self.policy_decision(resource=None)) def product_backlog_resource(self): return Resource(Realm.BACKLOG, Key.PRODUCT_BACKLOG) def sprint_backlog_resource(self): return Resource(Realm.BACKLOG, Key.SPRINT_BACKLOG) def other_backlog_resource(self): return Resource(Realm.BACKLOG, 'My Own Backlog') def test_product_owner_can_edit_the_product_backlog(self): self.teh.grant_permission('foo', Role.PRODUCT_OWNER) self.assert_none( self.policy_decision(resource=self.sprint_backlog_resource())) self.assert_true( self.policy_decision(resource=self.product_backlog_resource())) def test_scrum_master_can_edit_the_sprint_backlog(self): self.teh.grant_permission('foo', Role.SCRUM_MASTER) self.assert_none( self.policy_decision(resource=self.product_backlog_resource())) self.assert_true( self.policy_decision(resource=self.sprint_backlog_resource())) def test_all_authenticated_users_can_unknown_backlogs(self): self.teh.grant_permission('foo', Role.SCRUM_MASTER) other_backlog = self.other_backlog_resource() self.assert_true(self.policy_decision(resource=other_backlog)) other_backlog = self.policy_decision( resource=self.other_backlog_resource(), username='******') self.assert_none(other_backlog) def test_no_endless_loop_if_permission_is_checked_with_string_instead_of_resource( self): perm = PermissionCache(self.env, 'foo') perm.has_permission('AGILO_BACKLOG_EDIT', '%s:Sprint Backlog' % Realm.BACKLOG)