def get_recipients(self, pagename): QUERY_SIDS = """SELECT sid from session_attribute WHERE name=%s AND value LIKE %s""" QUERY_EMAILS = """SELECT value FROM session_attribute WHERE name=%s AND sid=%s""" tos = [] with self.env.db_query as db: cursor = db.cursor() cursor.execute(QUERY_SIDS, ('watched_pages', '%,' + pagename + ',%')) sids = cursor.fetchall() self.env.log.debug("SID'S TO NOTIFY: %s", sids) perm = PermissionSystem(self.env) resource = Resource('wiki', pagename) for sid in sids: if sid[0] != self.change_author and perm.check_permission( action='WIKI_VIEW', username=sid[0], resource=resource): self.env.log.debug('SID: %s', sid[0]) cursor.execute(QUERY_EMAILS, ('email', sid[0])) sid_email = cursor.fetchone() if sid_email is not None: tos.append(sid_email[0]) self.env.log.debug("TO's TO NOTIFY: %s", tos) return (tos, [])
def create_user_and_grant_permissions(self, req, team_member): if self.use_account_manager_integration(team_member.name): password = team_member.name AccountManager(self.env).set_password(team_member.name, password) permission_system = PermissionSystem(self.env) if not permission_system.check_permission(Role.TEAM_MEMBER, team_member.name): permission_system.grant_permission(team_member.name, Role.TEAM_MEMBER)
def get_recipients(self, pagename): QUERY_SIDS = """SELECT sid from session_attribute WHERE name=%s AND value LIKE %s""" QUERY_EMAILS = """SELECT value FROM session_attribute WHERE name=%s AND sid=%s""" tos = [] with self.env.db_query as db: cursor = db.cursor() cursor.execute( QUERY_SIDS, ('watched_pages', '%,' + pagename + ',%')) sids = cursor.fetchall() self.env.log.debug("SID'S TO NOTIFY: %s", sids) perm = PermissionSystem(self.env) resource = Resource('wiki', pagename) for sid in sids: if sid[0] != self.change_author and perm.check_permission(action='WIKI_VIEW', username=sid[0], resource=resource): self.env.log.debug('SID: %s', sid[0]) cursor.execute(QUERY_EMAILS, ('email', sid[0])) sid_email = cursor.fetchone() if sid_email is not None: tos.append(sid_email[0]) self.env.log.debug("TO's TO NOTIFY: %s", tos) return (tos, [])
def check_permission(self, doc, context): product, doctype, id = doc['product'], doc['type'], doc['id'] username = context.req.authname env = self.env if product: env = ProductEnvironment(self.env, product) perm = PermissionSystem(env) action = self._required_permissions[doctype] return perm.check_permission(action, username, id)
def _reporter(self, message): """return the ticket updater""" user = emailaddr2user(self.env, message['from']) # check permissions perm = PermissionSystem(self.env) if not perm.check_permission('MAIL2TICKET_COMMENT', user) : # None -> 'anoymous' raise EmailException("%s does not have MAIL2TRAC_COMMENT permissions" % (user or 'anonymous')) reporter = user or message['from'] return reporter
def get_user_from_message(self, message): """ Return the ticket user from `message` """ user = utils.email_to_user(self.env, message['from']) #Check permissions perm = PermissionSystem(self.env) if not perm.check_permission('TICKET_APPEND', user): # None -> 'anoymous' raise ValueError("%s does not have TICKET_APPEND permissions" % (user or 'anonymous')) reporter = user or message['from'] return reporter
class CryptoAdminPanelTestCase(unittest.TestCase): def setUp(self): self.env = EnvironmentStub(enable=['trac.*', 'crypto.*']) self.env.path = tempfile.mkdtemp() self.perm = PermissionSystem(self.env) self.req = Mock() self.crypto_ap = CryptoAdminPanel(self.env) def tearDown(self): shutil.rmtree(self.env.path) def test_available_actions(self): self.failIf('CRYPTO_ADMIN' not in self.perm.get_actions()) self.failIf('CRYPTO_DELETE' not in self.perm.get_actions()) def test_available_actions_no_perms(self): self.perm.grant_permission('admin', 'authenticated') self.assertFalse(self.perm.check_permission('CRYPTO_ADMIN', 'admin')) self.assertFalse(self.perm.check_permission('CRYPTO_DELETE', 'admin')) def test_available_actions_delete_only(self): self.perm.grant_permission('admin', 'CRYPTO_DELETE') self.assertFalse(self.perm.check_permission('CRYPTO_ADMIN', 'admin')) self.assertTrue(self.perm.check_permission('CRYPTO_DELETE', 'admin')) def test_available_actions_full_perms(self): self.perm.grant_permission('admin', 'TRAC_ADMIN') self.assertTrue(self.perm.check_permission('CRYPTO_ADMIN', 'admin')) self.assertTrue(self.perm.check_permission('CRYPTO_DELETE', 'admin'))
def reporter(self, message): """return the ticket reporter or updater""" user = emailaddr2user(self.env, message['from']) # check permissions perm = PermissionSystem(self.env) if not perm.check_permission('TICKET_CREATE', user): # None -> 'anoymous' raise EmailException("%s does not have TICKET_CREATE permissions" % (user or 'anonymous')) reporter = user or message['from'] return reporter
def check_permission(self, action, username, resource, perm): # FIXME: Better handling of recursive imports from multiproduct.env import ProductEnvironment if isinstance(self.env, ProductEnvironment): permsys = PermissionSystem(self.env.parent) if permsys.check_permission('TRAC_ADMIN', username): return action in PermissionSystem(self.env).get_actions() \ or None # FIXME: maybe False is better elif username == self.env.product.owner: # Product owner granted with PRODUCT_ADMIN permission ootb permsys = PermissionSystem(self.env) # FIXME: would `action != 'TRAC_ADMIN'` be enough ? return True if action in permsys.get_actions() and \ action != 'TRAC_ADMIN' \ else None
class PermissionTestCase(unittest.TestCase): def setUp(self): self.env = EnvironmentStub(enable=['trac.*', 'acct_mgr.api.*']) self.env.path = tempfile.mkdtemp() self.perm = PermissionSystem(self.env) self.req = Mock() self.actions = [ 'ACCTMGR_ADMIN', 'ACCTMGR_CONFIG_ADMIN', 'ACCTMGR_USER_ADMIN', 'EMAIL_VIEW', 'USER_VIEW' ] def tearDown(self): shutil.rmtree(self.env.path) def test_available_actions(self): for action in self.actions: self.failIf(action not in self.perm.get_actions()) def test_available_actions_no_perms(self): for action in self.actions: self.assertFalse(self.perm.check_permission(action, 'anonymous')) def test_available_actions_config_admin(self): user = '******' self.perm.grant_permission(user, 'ACCTMGR_CONFIG_ADMIN') actions = [self.actions[0]] + self.actions[2:] for action in actions: self.assertFalse(self.perm.check_permission(action, user)) def test_available_actions_user_admin(self): user = '******' self.perm.grant_permission(user, 'ACCTMGR_USER_ADMIN') for action in self.actions[2:]: self.assertTrue(self.perm.check_permission(action, user)) for action in self.actions[:2] + ['TRAC_ADMIN']: self.assertFalse(self.perm.check_permission(action, user)) def test_available_actions_full_perms(self): perm_map = dict(acctmgr_admin='ACCTMGR_ADMIN', trac_admin='TRAC_ADMIN') for user in perm_map: self.perm.grant_permission(user, perm_map[user]) for action in self.actions: self.assertTrue(self.perm.check_permission(action, user)) if user != 'trac_admin': self.assertFalse(self.perm.check_permission( 'TRAC_ADMIN', user))
class PermissionTestCase(unittest.TestCase): def setUp(self): self.env = EnvironmentStub( enable=['trac.*', 'acct_mgr.api.*']) self.env.path = tempfile.mkdtemp() self.perm = PermissionSystem(self.env) self.req = Mock() self.actions = ['ACCTMGR_ADMIN', 'ACCTMGR_CONFIG_ADMIN', 'ACCTMGR_USER_ADMIN', 'EMAIL_VIEW', 'USER_VIEW'] def tearDown(self): shutil.rmtree(self.env.path) def test_available_actions(self): for action in self.actions: self.failIf(action not in self.perm.get_actions()) def test_available_actions_no_perms(self): for action in self.actions: self.assertFalse(self.perm.check_permission(action, 'anonymous')) def test_available_actions_config_admin(self): user = '******' self.perm.grant_permission(user, 'ACCTMGR_CONFIG_ADMIN') actions = [self.actions[0]] + self.actions[2:] for action in actions: self.assertFalse(self.perm.check_permission(action, user)) def test_available_actions_user_admin(self): user = '******' self.perm.grant_permission(user, 'ACCTMGR_USER_ADMIN') for action in self.actions[2:]: self.assertTrue(self.perm.check_permission(action, user)) for action in self.actions[:2] + ['TRAC_ADMIN']: self.assertFalse(self.perm.check_permission(action, user)) def test_available_actions_full_perms(self): perm_map = dict(acctmgr_admin='ACCTMGR_ADMIN', trac_admin='TRAC_ADMIN') for user in perm_map: self.perm.grant_permission(user, perm_map[user]) for action in self.actions: self.assertTrue(self.perm.check_permission(action, user)) if user != 'trac_admin': self.assertFalse(self.perm.check_permission('TRAC_ADMIN', user))
def invoke(self, message, warnings): """reply to a ticket""" ticket = self.ticket reporter = self._reporter(message) # get the mailBody and attachments mailBody, attachments = get_body_and_attachments(message) if not mailBody: warnings.append("Seems to be a reply to %s but I couldn't find a comment") return message #go throught work ts = TicketSystem(self.env) tm = TicketModule(self.env) perm = PermissionSystem(self.env) # TODO: Deprecate update without time_changed timestamp mockReq = self._MockReq(perm.get_user_permissions(reporter), reporter) avail_actions = ts.get_available_actions(mockReq, ticket) mailBody, inBodyFields, actions = self._get_in_body_fields(mailBody, avail_actions, reporter) if inBodyFields or actions : # check permissions perm = PermissionSystem(self.env) #we have properties movement, cheking user permission to do so if not perm.check_permission('MAIL2TICKET_PROPERTIES', reporter) : # None -> 'anoymous' raise ("%s does not have MAIL2TICKET_PROPERTIES permissions" % (user or 'anonymous')) action = None if actions : action = actions.keys()[0] controllers = list(tm._get_action_controllers(mockReq, ticket, action)) all_fields = [field['name'] for field in ts.get_ticket_fields()] #impact changes find in inBodyFields for field in inBodyFields : ticket._old[field] = ticket[field] ticket.values[field] = inBodyFields[field] mockReq.args[field] = inBodyFields[field] if action : mockReq.args['action_%s_reassign_owner' % action] = ticket['owner'] mockReq.args['comment'] = mailBody mockReq.args['ts'] = datetime.now()#to_datetime(None, utc) mockReq.args['ts'] = str(ticket.time_changed) changes, problems = tm.get_ticket_changes(mockReq, ticket, action) valid = problems and False or tm._validate_ticket(mockReq, ticket) tm._apply_ticket_changes(ticket, changes) # add attachments to the ticket add_attachments(self.env, ticket, attachments) ticket.save_changes(reporter, mailBody) for controller in controllers: controller.apply_action_side_effects(mockReq, ticket, action) # Call ticket change listeners for listener in ts.change_listeners: listener.ticket_changed(ticket, mailBody, reporter, ticket._old) tn = TicketNotifyEmail(self.env) tn.notify(ticket, newticket=0, modtime=ticket.time_changed)