def test_copy_permissions_to_subject(self): """Copy permissions to subject. Undefined actions are skipped. """ ps = PermissionSystem(self.env) ps.grant_permission('user1', 'WIKI_VIEW') ps.grant_permission('user1', 'TICKET_VIEW') self.env.db_transaction(""" INSERT INTO permission VALUES ('user1', 'TEST_PERM') """) req = MockRequest(self.env, method='POST', args={ 'copy': True, 'subject': 'user1', 'target': 'user2'}) with self.assertRaises(RequestDone): self.panel.render_admin_panel(req, 'general', 'perm', None) self.assertEqual(['TICKET_VIEW', 'WIKI_VIEW'], ps.get_users_dict().get('user2')) self.assertEqual(2, len(req.chrome['notices'])) self.assertIn("The subject user2 has been granted the permission " "TICKET_VIEW.", req.chrome['notices']) self.assertIn("The subject user2 has been granted the permission " "WIKI_VIEW.", req.chrome['notices']) self.assertIn(("WARNING", "Skipped granting TEST_PERM to user2: " "permission unavailable."), self.env.log_messages) self.assertIn(("INFO", "Granted permission for TICKET_VIEW to user2"), self.env.log_messages) self.assertIn(("INFO", "Granted permission for TICKET_VIEW to user2"), self.env.log_messages)
def render_admin_panel(self, req, cat, page, path_info): perm = PermissionSystem(self.env) all_actions = perm.get_actions() if req.method == 'POST': subject = req.args.get('subject', '').strip() target = req.args.get('target', '').strip() action = req.args.get('action') group = req.args.get('group', '').strip() if subject and subject.isupper() or \ group and group.isupper() or \ target and target.isupper(): raise TracError( _("All upper-cased tokens are reserved for " "permission names.")) # Grant permission to subject if 'add' in req.args and subject and action: req.perm('admin', 'general/perm').require('PERMISSION_GRANT') if action not in all_actions: raise TracError(_("Unknown action")) req.perm.require(action) try: perm.grant_permission(subject, action) except TracError as e: add_warning(req, e) else: add_notice( req, _( "The subject %(subject)s has been " "granted the permission %(action)s.", subject=subject, action=action)) # Add subject to group elif 'add' in req.args and subject and group: req.perm('admin', 'general/perm').require('PERMISSION_GRANT') for action in perm.get_user_permissions(group): req.perm.require( action, message=_( "The subject %(subject)s was not added to " "the group %(group)s because the group has " "%(perm)s permission and users cannot grant " "permissions they don't possess.", subject=subject, group=group, perm=action)) try: perm.grant_permission(subject, group) except TracError as e: add_warning(req, e) else: add_notice( req, _( "The subject %(subject)s has been " "added to the group %(group)s.", subject=subject, group=group)) # Copy permissions to subject elif 'copy' in req.args and subject and target: req.perm('admin', 'general/perm').require('PERMISSION_GRANT') subject_permissions = perm.get_users_dict().get(subject, []) if not subject_permissions: add_warning( req, _( "The subject %(subject)s does not " "have any permissions.", subject=subject)) for action in subject_permissions: if action not in all_actions: # plugin disabled? self.log.warning( "Skipped granting %s to %s: " "permission unavailable.", action, target) else: if action not in req.perm: add_warning( req, _( "The permission %(action)s was " "not granted to %(subject)s " "because users cannot grant " "permissions they don't possess.", action=action, subject=subject)) continue try: perm.grant_permission(target, action) except PermissionExistsError: pass else: add_notice( req, _( "The subject %(subject)s has " "been granted the permission " "%(action)s.", subject=target, action=action)) req.redirect(req.href.admin(cat, page)) # Remove permissions action elif 'remove' in req.args and 'sel' in req.args: req.perm('admin', 'general/perm').require('PERMISSION_REVOKE') for key in req.args.getlist('sel'): subject, action = key.split(':', 1) subject = unicode_from_base64(subject) action = unicode_from_base64(action) if (subject, action) in perm.get_all_permissions(): perm.revoke_permission(subject, action) add_notice(req, _("The selected permissions have been " "revoked.")) req.redirect(req.href.admin(cat, page)) return 'admin_perms.html', { 'actions': all_actions, 'allowed_actions': [a for a in all_actions if a in req.perm], 'perms': perm.get_users_dict(), 'groups': perm.get_groups_dict(), 'unicode_to_base64': unicode_to_base64 }
def render_admin_panel(self, req, cat, page, path_info): perm = PermissionSystem(self.env) all_permissions = perm.get_all_permissions() all_actions = perm.get_actions() if req.method == 'POST': subject = req.args.get('subject', '').strip() target = req.args.get('target', '').strip() action = req.args.get('action') group = req.args.get('group', '').strip() if subject and subject.isupper() or \ group and group.isupper() or \ target and target.isupper(): raise TracError(_("All upper-cased tokens are reserved for " "permission names.")) # Grant permission to subject if req.args.get('add') and subject and action: req.perm('admin', 'general/perm').require('PERMISSION_GRANT') if action not in all_actions: raise TracError(_("Unknown action")) req.perm.require(action) if (subject, action) not in all_permissions: perm.grant_permission(subject, action) add_notice(req, _("The subject %(subject)s has been " "granted the permission %(action)s.", subject=subject, action=action)) req.redirect(req.href.admin(cat, page)) else: add_warning(req, _("The permission %(action)s was already " "granted to %(subject)s.", action=action, subject=subject)) # Add subject to group elif req.args.get('add') and subject and group: req.perm('admin', 'general/perm').require('PERMISSION_GRANT') for action in perm.get_user_permissions(group): if not action in all_actions: # plugin disabled? self.env.log.warn("Adding %s to group %s: " "Permission %s unavailable, skipping perm check.", subject, group, action) else: req.perm.require(action, message=_("The subject %(subject)s was not added " "to the group %(group)s because the " "group has %(perm)s permission and " "users cannot grant permissions they " "don't possess.", subject=subject, group=group, perm=action)) if (subject, group) not in all_permissions: perm.grant_permission(subject, group) add_notice(req, _("The subject %(subject)s has been added " "to the group %(group)s.", subject=subject, group=group)) req.redirect(req.href.admin(cat, page)) else: add_warning(req, _("The subject %(subject)s was already " "added to the group %(group)s.", subject=subject, group=group)) # Copy permissions to subject elif req.args.get('copy') and subject and target: req.perm.require('PERMISSION_GRANT') subject_permissions = [i[1] for i in all_permissions if i[0] == subject and i[1].isupper()] if not subject_permissions: add_warning(req,_("The subject %(subject)s does not " "have any permissions.", subject=subject)) for action in subject_permissions: if (target, action) in all_permissions: continue if not action in all_actions: # plugin disabled? self.env.log.warn("Skipped granting %s to %s: " "permission unavailable.", action, target) else: if action not in req.perm: add_warning(req, _("The permission %(action)s was " "not granted to %(subject)s " "because users cannot grant " "permissions they don't possess.", action=action, subject=subject)) continue perm.grant_permission(target, action) add_notice(req, _("The subject %(subject)s has " "been granted the permission " "%(action)s.", subject=target, action=action)) req.redirect(req.href.admin(cat, page)) # Remove permissions action elif req.args.get('remove') and req.args.get('sel'): req.perm('admin', 'general/perm').require('PERMISSION_REVOKE') sel = req.args.get('sel') sel = sel if isinstance(sel, list) else [sel] for key in sel: subject, action = key.split(':', 1) subject = unicode_from_base64(subject) action = unicode_from_base64(action) if (subject, action) in perm.get_all_permissions(): perm.revoke_permission(subject, action) add_notice(req, _("The selected permissions have been " "revoked.")) req.redirect(req.href.admin(cat, page)) return 'admin_perms.html', { 'actions': all_actions, 'perms': perm.get_users_dict(), 'groups': perm.get_groups_dict(), 'unicode_to_base64': unicode_to_base64 }