def has_perm(self, users_group, perm):
users_group = self.__get_users_group(users_group)
perm = self.__get_perm(perm)
return UsersGroupToPerm.query()\
.filter(UsersGroupToPerm.users_group == users_group)\
.filter(UsersGroupToPerm.permission == perm).scalar() is not None
def grant_perm(self, users_group, perm):
users_group = self.__get_users_group(users_group)
perm = self._get_perm(perm)
# if this permission is already granted skip it
_perm = UsersGroupToPerm.query()\
.filter(UsersGroupToPerm.users_group == users_group)\
.filter(UsersGroupToPerm.permission == perm)\
.scalar()
if _perm:
return
new = UsersGroupToPerm()
new.users_group = users_group
new.permission = perm
self.sa.add(new)
def test_enable_repository_read_on_group(self):
self.log_user()
users_group_name = TEST_USERS_GROUP + 'another2'
response = self.app.post(url('users_groups'),
{'users_group_name': users_group_name,
'active':True})
response.follow()
ug = UsersGroup.get_by_group_name(users_group_name)
self.checkSessionFlash(response,
'created users group %s' % users_group_name)
response = self.app.put(url('users_group_perm', id=ug.users_group_id),
{'create_repo_perm': True})
response.follow()
ug = UsersGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.repository')
# check if user has this perm
perms = UsersGroupToPerm.query()\
.filter(UsersGroupToPerm.users_group == ug).all()
perms = [[x.__dict__['users_group_id'],
x.__dict__['permission_id'],] for x in perms]
self.assertEqual(
perms,
[[ug.users_group_id, p.permission_id]]
)
# DELETE !
ug = UsersGroup.get_by_group_name(users_group_name)
ugid = ug.users_group_id
response = self.app.delete(url('users_group', id=ug.users_group_id))
response = response.follow()
gr = self.Session.query(UsersGroup)\
.filter(UsersGroup.users_group_name ==
users_group_name).scalar()
self.assertEqual(gr, None)
p = Permission.get_by_key('hg.create.repository')
perms = UsersGroupToPerm.query()\
.filter(UsersGroupToPerm.users_group_id == ugid).all()
perms = [[x.__dict__['users_group_id'],
x.__dict__['permission_id'],] for x in perms]
self.assertEqual(
perms,
[]
)
def revoke_perm(self, users_group, perm):
users_group = self.__get_users_group(users_group)
perm = self.__get_perm(perm)
obj = UsersGroupToPerm.query()\
.filter(UsersGroupToPerm.users_group == users_group)\
.filter(UsersGroupToPerm.permission == perm).scalar()
if obj:
self.sa.delete(obj)
def grant_perm(self, users_group, perm):
if not isinstance(perm, Permission):
raise Exception('perm needs to be an instance of Permission class')
users_group = self.__get_users_group(users_group)
# if this permission is already granted skip it
_perm = UsersGroupToPerm.query()\
.filter(UsersGroupToPerm.users_group == users_group)\
.filter(UsersGroupToPerm.permission == perm)\
.scalar()
if _perm:
return
new = UsersGroupToPerm()
new.users_group = users_group
new.permission = perm
self.sa.add(new)
def test_enable_repository_read_on_group(self):
self.log_user()
users_group_name = TEST_USERS_GROUP + 'another2'
response = self.app.post(url('users_groups'),
{'users_group_name': users_group_name,
'active': True})
response.follow()
ug = UsersGroup.get_by_group_name(users_group_name)
self.checkSessionFlash(response,
'created users group %s' % users_group_name)
## ENABLE REPO CREATE ON A GROUP
response = self.app.put(url('users_group_perm', id=ug.users_group_id),
{'create_repo_perm': True})
response.follow()
ug = UsersGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.repository')
p2 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UsersGroupToPerm.query()\
.filter(UsersGroupToPerm.users_group == ug).all()
self.assertEqual(
[[x.users_group_id, x.permission_id, ] for x in perms],
[[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id]]
)
## DISABLE REPO CREATE ON A GROUP
response = self.app.put(url('users_group_perm', id=ug.users_group_id),
{})
response.follow()
ug = UsersGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.none')
p2 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UsersGroupToPerm.query()\
.filter(UsersGroupToPerm.users_group == ug).all()
self.assertEqual(
sorted([[x.users_group_id, x.permission_id, ] for x in perms]),
sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id]])
)
# DELETE !
ug = UsersGroup.get_by_group_name(users_group_name)
ugid = ug.users_group_id
response = self.app.delete(url('users_group', id=ug.users_group_id))
response = response.follow()
gr = self.Session.query(UsersGroup)\
.filter(UsersGroup.users_group_name ==
users_group_name).scalar()
self.assertEqual(gr, None)
p = Permission.get_by_key('hg.create.repository')
perms = UsersGroupToPerm.query()\
.filter(UsersGroupToPerm.users_group_id == ugid).all()
perms = [[x.users_group_id,
x.permission_id, ] for x in perms]
self.assertEqual(
perms,
[]
)
