def setUp(self):
self.services = service_manager.Services(
user=fake.UserService(), usergroup=fake.UserGroupService())
self.user1 = self.services.user.TestAddUser('user1', 111)
self.user1.obscure_email = True
self.user1_view = framework_views.UserView(self.user1)
self.user2 = self.services.user.TestAddUser('user2', 222)
self.user2.obscure_email = False
self.user2_view = framework_views.UserView(self.user2)
self.user3 = self.services.user.TestAddUser('user3', 333)
self.user3_view = framework_views.UserView(self.user3)
self.user4 = self.services.user.TestAddUser('user4', 444, banned=True)
self.user4_view = framework_views.UserView(self.user4)
self.user_auth = authdata.AuthData.FromEmail(None, 'user3',
self.services)
self.user_auth.effective_ids = {3}
self.user_auth.user_id = 3
self.users_by_id = {
1: self.user1_view,
2: self.user2_view,
3: self.user3_view,
4: self.user4_view
}
self.perms = permissions.EMPTY_PERMISSIONSET
def testGetAvailablity_Groups(self):
user_view = framework_views.UserView(self.user, is_group=True)
self.assertEquals(None, user_view.avail_message)
self.assertEquals(None, user_view.avail_state)
self.user.email = '*****@*****.**'
user_view = framework_views.UserView(self.user)
self.assertEquals(None, user_view.avail_message)
self.assertEquals(None, user_view.avail_state)
def testGetAvailablity_Vacation(self):
self.user.vacation_message = 'gone fishing'
user_view = framework_views.UserView(self.user)
self.assertEquals('gone fishing', user_view.avail_message)
self.assertEquals('none', user_view.avail_state)
self.user.vacation_message = (
'Gone fishing as really long time with lots of friends and reading '
'a long novel by a famous author. I wont have internet access but '
'If you urgently need anything you can call Alice or Bob for most '
'things otherwise call Charlie. Wish me luck! ')
user_view = framework_views.UserView(self.user)
self.assertTrue(len(user_view.avail_message) >= 50)
self.assertTrue(len(user_view.avail_message_short) < 50)
self.assertEquals('none', user_view.avail_state)
def testGetAvailablity_Bouncing(self):
self.user.email_bounce_timestamp = 1234567890
user_view = framework_views.UserView(self.user)
self.assertEquals('Email to this user bounced',
user_view.avail_message)
self.assertEquals(user_view.avail_message_short,
user_view.avail_message)
self.assertEquals('none', user_view.avail_state)
def testDeletedUserOld(self):
deleted_user = user_pb2.User(user_id=0)
user_view = framework_views.UserView(deleted_user)
self.assertEqual(
user_view.display_name, framework_constants.DELETED_USER_NAME)
self.assertEqual(user_view.email, '')
self.assertEqual(user_view.obscure_email, '')
self.assertEqual(user_view.profile_url, '')
def _FinishInitialization(cls, cnxn, auth, services):
"""Fill in the test of the fields based on the user_id."""
# TODO(jrobbins): re-implement same_org
if auth.user_id:
auth.effective_ids = services.usergroup.LookupMemberships(
cnxn, auth.user_id)
auth.effective_ids.add(auth.user_id)
auth.user_pb = services.user.GetUser(cnxn, auth.user_id)
if auth.user_pb:
auth.user_view = framework_views.UserView(auth.user_pb)
def setUp(self):
self.hotlist = fake.Hotlist('hotlistName',
123,
hotlist_item_fields=[
(2, 0, None, None, ''),
(1, 0, None, None, ''),
(5, 0, None, None, '')
],
is_private=False,
owner_ids=[111])
self.user1 = user_pb2.User(user_id=111)
self.user1_view = framework_views.UserView(self.user1)
def MakeReqInfo(user_pb, user_id, viewed_user_pb, viewed_user_id,
viewed_user_name):
mr = fake.MonorailRequest(None, perms=permissions.USER_PERMISSIONSET)
mr.auth.user_pb = user_pb
mr.auth.user_id = user_id
mr.auth.effective_ids = {user_id}
mr.viewed_user_auth.email = viewed_user_name
mr.viewed_user_auth.user_pb = viewed_user_pb
mr.viewed_user_auth.user_id = viewed_user_id
mr.viewed_user_auth.effective_ids = {viewed_user_id}
mr.viewed_user_auth.user_view = framework_views.UserView(viewed_user_pb)
mr.viewed_user_name = viewed_user_name
mr.request = webapp2.Request.blank("/")
return mr
def setUp(self):
self.services = service_manager.Services(
user=fake.UserService(), usergroup=fake.UserGroupService())
self.user1 = self.services.user.TestAddUser('user1', 111L)
self.user1.obscure_email = True
self.user1_view = framework_views.UserView(self.user1)
self.user2 = self.services.user.TestAddUser('user2', 222L)
self.user2.obscure_email = False
self.user2_view = framework_views.UserView(self.user2)
self.user3 = self.services.user.TestAddUser('user3', 333L)
self.user3_view = framework_views.UserView(self.user3)
self.user4 = self.services.user.TestAddUser('user4', 444L, banned=True)
self.user4_view = framework_views.UserView(self.user4)
self.user_auth = monorailrequest.AuthData.FromEmail(
None, 'user3', self.services)
self.user_auth.effective_ids = {3}
self.user_auth.user_id = 3
self.users_by_id = {
1: self.user1_view,
2: self.user2_view,
3: self.user3_view,
4: self.user4_view
}
def _GetUserViewAndFormattedTime(self, mr, user_id, timestamp):
formatted_time = (timestr.FormatAbsoluteDate(timestamp)
if timestamp else None)
user = self.services.user.GetUser(mr.cnxn, user_id) if user_id else None
user_view = None
if user:
user_view = framework_views.UserView(user)
viewing_self = mr.auth.user_id == user_id
# Do not obscure email if current user is a site admin. Do not obscure
# email if current user is the same as the creator. For all other
# cases do whatever obscure_email setting for the user is.
email_obscured = (not(mr.auth.user_pb.is_site_admin or viewing_self)
and user_view.obscure_email)
if not email_obscured:
user_view.RevealEmail()
return user_view, formatted_time
def _FinishInitialization(cls, cnxn, auth, services, user_pb=None):
"""Fill in the test of the fields based on the user_id."""
direct_memberships = services.usergroup.LookupMemberships(
cnxn, auth.user_id)
auth.effective_ids = direct_memberships.copy()
auth.effective_ids.add(auth.user_id)
auth.user_pb = user_pb or services.user.GetUser(cnxn, auth.user_id)
if auth.user_pb:
auth.user_view = framework_views.UserView(auth.user_pb)
computed_memberships = services.usergroup.LookupComputedMemberships(
cnxn, auth.user_view.domain)
auth.effective_ids.update(computed_memberships)
if auth.user_pb.linked_parent_id:
cls._AddEffectiveIDsOfLinkedAccounts(
cnxn, services, auth.effective_ids, auth.user_pb.linked_parent_id)
for child_id in auth.user_pb.linked_child_ids:
cls._AddEffectiveIDsOfLinkedAccounts(
cnxn, services, auth.effective_ids, child_id)
def setUp(self):
self.services = service_manager.Services(
issue=fake.IssueService(),
user=fake.UserService(),
usergroup=fake.UserGroupService(),
project=fake.ProjectService(),
features=fake.FeaturesService())
self.cnxn = fake.MonorailConnection()
# Set up for testing getBinnedHotlistViews.
# Project p1; issue i1 in p1; user u1 owns i1; ui1 is an *involved* user.
self.services.user.TestAddUser('u1', 111L)
project = self.services.project.TestAddProject('p1')
issue_local_id = self.services.issue.CreateIssue(
self.cnxn,
self.services,
project_id=project.project_id,
summary='summary',
status='Open',
owner_id=111L,
cc_ids=[],
labels=[],
field_values=[],
component_ids=[],
reporter_id=111L,
marked_description='marked description')
self.issue_id = self.services.issue.LookupIssueID(
self.cnxn, project_id=project.project_id, local_id=issue_local_id)
# ul1 is a *logged in* user.
self.services.user.TestAddUser('ul1', 222L)
# uo1 is an *other* user.
self.services.user.TestAddUser('uo1', 333L)
users_by_id = self.services.user.GetUsersByIDs(self.cnxn,
[111L, 222L, 333L])
self.userviews_by_id = {
k: framework_views.UserView(v)
for k, v in users_by_id.items()
}
self.user_auth = monorailrequest.AuthData.FromEmail(
self.cnxn, 'ul1', self.services)
self.hotlist_item_fields = [(self.issue_id, None, None, None, None)]
def MakeReqInfo(user_pb,
user_id,
viewed_user_pb,
viewed_user_id,
viewed_user_name,
path=None,
_reveal_email=False,
_params=None):
if path is None:
path = "/u/%d" % viewed_user_id
mr = fake.MonorailRequest()
mr.auth.user_pb = user_pb
mr.auth.user_id = user_id
mr.auth.effective_ids = {user_id}
mr.viewed_user_auth.email = viewed_user_name
mr.viewed_user_auth.user_pb = viewed_user_pb
mr.viewed_user_auth.user_id = viewed_user_id
mr.viewed_user_auth.effective_ids = {viewed_user_id}
mr.viewed_user_auth.user_view = framework_views.UserView(viewed_user_pb)
mr.viewed_user_name = viewed_user_name
mr.request = webapp2.Request.blank("/")
return mr
def testGetAvailablity_Anon(self): self.user.user_id = 0 user_view = framework_views.UserView(self.user) self.assertEquals(None, user_view.avail_message) self.assertEquals(None, user_view.avail_state)
def testGetAvailablity_ReallyLongTime(self):
now = int(time.time())
self.user.last_visit_timestamp = now - 99 * framework_constants.SECS_PER_DAY
user_view = framework_views.UserView(self.user)
self.assertEquals('Last visit > 30 days ago', user_view.avail_message)
self.assertEquals('none', user_view.avail_state)
def testGetAvailablity_NotRecent(self):
now = int(time.time())
self.user.last_visit_timestamp = now - 20 * framework_constants.SECS_PER_DAY
user_view = framework_views.UserView(self.user)
self.assertEquals('Last visit 20 days ago', user_view.avail_message)
self.assertEquals('unsure', user_view.avail_state)
def testGetAvailablity_NeverVisitied(self):
self.user.last_visit_timestamp = 0
user_view = framework_views.UserView(self.user)
self.assertEquals('User never visited', user_view.avail_message)
self.assertEquals('never', user_view.avail_state)
def api_base_checks(request, requester, services, cnxn,
auth_client_ids, auth_emails):
"""Base checks for API users.
Args:
request: The HTTP request from Cloud Endpoints.
requester: The user who sends the request.
services: Services object.
cnxn: connection to the SQL database.
auth_client_ids: authorized client ids.
auth_emails: authorized emails when client is anonymous.
Returns:
Client ID and client email.
Raises:
endpoints.UnauthorizedException: If the requester is anonymous.
user_svc.NoSuchUserException: If the requester does not exist in Monorail.
project_svc.NoSuchProjectException: If the project does not exist in
Monorail.
permissions.BannedUserException: If the requester is banned.
permissions.PermissionException: If the requester does not have
permisssion to view.
"""
valid_user = False
auth_err = ''
client_id = None
try:
client_id = oauth.get_client_id(framework_constants.OAUTH_SCOPE)
logging.info('Oauth client ID %s', client_id)
except oauth.Error as ex:
auth_err = 'oauth.Error: %s' % ex
if not requester:
try:
requester = oauth.get_current_user(framework_constants.OAUTH_SCOPE)
logging.info('Oauth requester %s', requester.email())
except oauth.Error as ex:
auth_err = 'oauth.Error: %s' % ex
if client_id and requester:
if client_id != 'anonymous':
if client_id in auth_client_ids:
valid_user = True
else:
auth_err = 'Client ID %s is not whitelisted' % client_id
# Some service accounts may have anonymous client ID
else:
if requester.email() in auth_emails:
valid_user = True
else:
auth_err = 'Client email %s is not whitelisted' % requester.email()
if not valid_user:
raise endpoints.UnauthorizedException('Auth error: %s' % auth_err)
else:
logging.info('API request from user %s:%s', client_id, requester.email())
project_name = None
if hasattr(request, 'projectId'):
project_name = request.projectId
issue_local_id = None
if hasattr(request, 'issueId'):
issue_local_id = request.issueId
# This could raise user_svc.NoSuchUserException
requester_id = services.user.LookupUserID(cnxn, requester.email())
requester_pb = services.user.GetUser(cnxn, requester_id)
requester_view = framework_views.UserView(requester_pb)
if permissions.IsBanned(requester_pb, requester_view):
raise permissions.BannedUserException(
'The user %s has been banned from using Monorail' %
requester.email())
if project_name:
project = services.project.GetProjectByName(
cnxn, project_name)
if not project:
raise project_svc.NoSuchProjectException(
'Project %s does not exist' % project_name)
if project.state != project_pb2.ProjectState.LIVE:
raise permissions.PermissionException(
'API may not access project %s because it is not live'
% project_name)
requester_effective_ids = services.usergroup.LookupMemberships(
cnxn, requester_id)
requester_effective_ids.add(requester_id)
if not permissions.UserCanViewProject(
requester_pb, requester_effective_ids, project):
raise permissions.PermissionException(
'The user %s has no permission for project %s' %
(requester.email(), project_name))
if issue_local_id:
# This may raise a NoSuchIssueException.
issue = services.issue.GetIssueByLocalID(
cnxn, project.project_id, issue_local_id)
perms = permissions.GetPermissions(
requester_pb, requester_effective_ids, project)
config = services.config.GetProjectConfig(cnxn, project.project_id)
granted_perms = tracker_bizobj.GetGrantedPerms(
issue, requester_effective_ids, config)
if not permissions.CanViewIssue(
requester_effective_ids, perms, project, issue,
granted_perms=granted_perms):
raise permissions.PermissionException(
'User is not allowed to view this issue %s:%d' %
(project_name, issue_local_id))
return client_id, requester.email()
def testGetAvailablity_Banned(self):
self.user.banned = 'spamming'
user_view = framework_views.UserView(self.user)
self.assertEquals('Banned', user_view.avail_message)
self.assertEquals('banned', user_view.avail_state)
