def test_validate_acls_pagure(self, mock_gpcfp):
""" Test validate_acls when the acl system is Pagure.
"""
mock_request = self.get_mock_request()
validators.validate_acls(mock_request)
assert len(mock_request.errors) == 0, mock_request.errors
mock_gpcfp.assert_called_once()
def test_validate_acls_sidetag_update_can_view_edit_page(self, mock_gpcfp):
"""Test that a user can display the edit form."""
mock_request = self.get_mock_request()
mock_request.validated['update'].from_tag = 'f33-build-side-0000'
validators.validate_acls(mock_request)
assert not len(mock_request.errors)
mock_gpcfp.assert_not_called()
def test_pkgdb_allowed(self, get_pkg_pushers):
"""Test the integration with pkgdb."""
request = self.get_mock_request()
validators.validate_acls(request)
self.assertEqual(len(request.errors), 0)
get_pkg_pushers.assert_called_once_with('f17', config.config)
def test_validate_acls_pagure_committers_exception(self, warning, mock_gpcfp, mock_access):
""" Test validate_acls when an Exception is raised on getting package committers."""
mock_request = self.get_mock_request()
mock_gpcfp.side_effect = ValueError('some error')
validators.validate_acls(mock_request)
assert len(mock_request.errors) == 0
mock_access.assert_called_once()
mock_gpcfp.assert_called_once()
warning.called_once_with('Unable to retrieve committers list from Pagure for bodhi.')
def test_validate_acls_dummy_committer(self):
""" Test validate_acls when the acl system is dummy and a user
adds himself to the committers list by the development.ini file.
"""
user = self.db.query(models.User).filter_by(id=1).one()
user.name = 'mattia'
self.db.flush()
mock_request = self.get_mock_request()
validators.validate_acls(mock_request)
assert not len(mock_request.errors)
def test_validate_acls_sidetag_wrong_owner(self, mock_gpcfp):
"""Test that a user can submit updates only for sidetags they owns."""
mock_request = self.get_mock_request(sidetag=True)
mock_request.validated['sidetag_owner'] = 'mattia'
validators.validate_acls(mock_request)
error = [{
'location': 'body',
'name': 'builds',
'description': 'guest does not own f33-build-side-0000 side-tag'
}]
assert mock_request.errors == error
mock_gpcfp.assert_not_called()
def test_validate_acls_archived_release(self):
""" Test validate_acls when trying to edit an Update for an archived Release.
"""
mock_request = self.get_mock_request()
mock_request.validated['update'].release.state = models.ReleaseState.archived
validators.validate_acls(mock_request)
error = [{
'location': 'body',
'name': 'update',
'description': 'cannot edit Update for an archived Release'
}]
assert mock_request.errors == error
def test_validate_acls_invalid_acl_system(self):
""" Test validate_acls when the acl system is invalid.
This will ensure that the user does not have rights.
"""
mock_request = self.get_mock_request()
validators.validate_acls(mock_request)
error = [{
'location': 'body',
'name': 'builds',
'description': 'guest does not have commit access to bodhi'
}]
assert mock_request.errors == error, mock_request.errors
def test_allowed_via_group(self, gpcfp):
"""Ensure that packagers can be allowed via group membership."""
user = self.db.query(models.User).filter_by(id=1).one()
group = models.Group(name='infra-sig')
self.db.add(group)
user.groups.append(group)
request = self.get_mock_request()
validators.validate_acls(request)
assert not len(request.errors)
gpcfp.assert_called_once_with()
def test_validate_acls_pagure_no_commit_access(self, mock_gpcfp):
""" Test validate_acls when the acl system is Pagure when the user is
a packager but doesn't have access through Pagure.
"""
mock_request = self.get_mock_request()
validators.validate_acls(mock_request)
error = [{
'location': 'body',
'name': 'builds',
'description': 'guest does not have commit access to bodhi'
}]
assert mock_request.errors == error, mock_request.errors
mock_gpcfp.assert_called_once()
def test_pkgdb_disallowed(self, get_pkg_pushers):
"""Test the integration with pkgdb."""
request = self.get_mock_request()
validators.validate_acls(request)
error = [{
'location': 'body',
'name': 'builds',
'description': 'guest does not have commit access to bodhi'
}]
self.assertEqual(request.errors, error)
get_pkg_pushers.assert_called_once_with('f17', config.config)
def test_validate_acls_sidetag_owner_not_set(self, mock_gpcfp):
"""If side-tag update, sidetag_owner must be present in request."""
mock_request = self.get_mock_request(sidetag=True)
mock_request.validated['sidetag_owner'] = None
validators.validate_acls(mock_request)
error = [{
'location': 'body',
'name': 'builds',
'description': ('Update appear to be from side-tag, but we cannot determine '
'the side-tag owner')
}]
assert mock_request.errors == error
mock_gpcfp.assert_not_called()
def test_validate_acls_pagure_proven_packager(self, mock_gpcfp):
""" Test validate_acls when the acl system is Pagure when the user is
a proven packager but doesn't have access through Pagure.
"""
user = self.db.query(models.User).filter_by(id=1).one()
group = self.db.query(
models.Group).filter_by(name=u'provenpackager').one()
user.groups.pop(0)
user.groups.append(group)
self.db.flush()
mock_request = self.get_mock_request()
validators.validate_acls(mock_request)
assert len(mock_request.errors) == 0, mock_request.errors
mock_gpcfp.assert_not_called()
def test_unable_to_infer_content_type_not_implemented(self):
"""Test error handler when Bodhi can't determine the content type due to NotImplemented."""
request = self.get_mock_request()
request.koji = buildsys.get_session()
request.validated = {'builds': [b.nvr for b in models.Build.query.all()]}
with mock.patch('bodhi.server.validators.ContentType.infer_content_class',
side_effect=NotImplementedError('oh no')):
validators.validate_acls(request)
assert request.errors == [
{'location': 'body', 'name': 'builds',
'description': "Unable to infer content_type. 'oh no'"}
]
assert request.errors.status == 501
def test_validate_acls_pagure_runtime_error(self, mock_gpcfp):
""" Test validate_acls when the acl system is Pagure and a RuntimeError
is raised.
"""
mock_request = self.get_mock_request()
mock_gpcfp.side_effect = RuntimeError('some error')
validators.validate_acls(mock_request)
assert len(mock_request.errors) == 1, mock_request.errors
expected_error = [{
'location': 'body',
'name': 'builds',
'description': 'some error'
}]
assert mock_request.errors == expected_error, mock_request.errors
mock_gpcfp.assert_called_once()
def test_validate_acls_sidetag_update_cannot_view_edit_page(self, mock_gpcfp):
"""Test that a user can display the edit form."""
user = self.db.query(models.User).filter_by(id=2).one()
self.db.flush()
mock_request = self.get_mock_request()
mock_request.validated['update'].from_tag = 'f33-build-side-0000'
mock_request.validated['update'].user = user
validators.validate_acls(mock_request)
error = [{
'location': 'body',
'name': 'builds',
'description': 'guest does not own f33-build-side-0000 side-tag'
}]
assert mock_request.errors == error
mock_gpcfp.assert_not_called()
def test_validate_acls_pagure_exception(self, mock_access):
""" Test validate_acls when the acl system is Pagure and an exception
that isn't a RuntimeError is raised.
"""
mock_request = self.get_mock_request()
mock_access.side_effect = ValueError('some error')
validators.validate_acls(mock_request)
assert len(mock_request.errors) == 1
expected_error = [{
'location': 'body',
'name': 'builds',
'description': ('Unable to access Pagure to check ACLs. Please '
'try again later.')
}]
assert mock_request.errors == expected_error
mock_access.assert_called_once()
def get_update(request):
"""
Return a single update from an id or alias.
Args:
request (pyramid.request): The current request.
Returns:
dict: A dictionary with the following key mappings:
update: The update that was requested.
can_edit: A boolean indicating whether the update can be edited.
"""
proxy_request = bodhi.server.security.ProtectedRequest(request)
validate_acls(proxy_request)
# If validate_acls produced 0 errors, then we can edit this update.
can_edit = len(proxy_request.errors) == 0
return dict(update=request.validated['update'], can_edit=can_edit)
def test_validate_acls_pagure(self, mock_gpcfp, access):
""" Test validate_acls when the acl system is Pagure.
"""
mock_request = self.get_mock_request()
with mock.patch('bodhi.server.models.Package.hascommitaccess', return_value=access):
validators.validate_acls(mock_request)
if access:
assert not len(mock_request.errors)
mock_gpcfp.assert_called_once()
else:
error = [{
'location': 'body',
'name': 'builds',
'description': 'guest does not have commit access to bodhi'
}]
assert mock_request.errors == error
mock_gpcfp.assert_not_called()
def test_validate_acls_pagure_not_a_packager(self, mock_gpcfp, mock_access):
""" Test validate_acls when the acl system is Pagure when the user is
not a packager but has access through Pagure. This should not be
allowed.
"""
user = self.db.query(models.User).filter_by(id=1).one()
user.groups.pop(0)
self.db.flush()
mock_request = self.get_mock_request()
validators.validate_acls(mock_request)
error = [{
'location': 'body',
'name': 'builds',
'description': ('guest is not a member of "packager", which is a '
'mandatory packager group')
}]
assert mock_request.errors == error
mock_access.assert_not_called()
mock_gpcfp.assert_not_called()
def test_unable_to_infer_content_type(self):
"""Test the error handler for when Bodhi cannot determine the content type of a build."""
request = self.get_mock_request()
request.koji = buildsys.get_session()
request.validated = {
'builds': [b.nvr for b in models.Build.query.all()]
}
with mock.patch(
'bodhi.server.validators.ContentType.infer_content_class',
side_effect=IOError('oh no')):
validators.validate_acls(request)
self.assertEqual(
request.errors,
[{
'location': 'body',
'name': 'builds',
'description': "Unable to infer content_type. 'oh no'"
}])
self.assertEqual(request.errors.status, 400)
def test_validate_acls_dummy(self):
""" Test validate_acls when the acl system is dummy.
"""
mock_request = self.get_mock_request()
validators.validate_acls(mock_request)
assert len(mock_request.errors) == 0, mock_request.errors
def test_validate_acls_sidetag(self, mock_gpcfp):
"""Validate acls against sidetag ownership."""
mock_request = self.get_mock_request(sidetag=True)
validators.validate_acls(mock_request)
assert not len(mock_request.errors)
mock_gpcfp.assert_not_called()
