def test_permission_grant_revoke(tmpdir, setup, browser):
# type: (LocalPath, SetupTest, Chrome) -> None
with setup.transaction():
setup.add_user_to_group("*****@*****.**", "some-group")
setup.grant_permission_to_group("some-permission", "foo", "some-group")
setup.create_service_account("*****@*****.**", "some-group")
with frontend_server(tmpdir, "*****@*****.**") as frontend_url:
browser.get(
url(frontend_url,
"/groups/some-group/service/[email protected]"))
page = ServiceAccountViewPage(browser)
assert page.owner == "some-group"
assert page.permission_rows == []
page.click_add_permission_button()
grant_page = ServiceAccountGrantPermissionPage(browser)
grant_page.select_permission("some-permission (foo)")
grant_page.set_argument("foo")
grant_page.submit()
assert page.owner == "some-group"
permission_rows = page.permission_rows
assert len(permission_rows) == 1
permission = permission_rows[0]
assert permission.permission == "some-permission"
assert permission.argument == "foo"
permission.click_revoke_button()
permission_revoke_modal = page.get_revoke_permission_modal()
permission_revoke_modal.confirm()
assert page.owner == "some-group"
assert page.permission_rows == []
def test_permission_grant_revoke(tmpdir, setup, browser):
# type: (LocalPath, SetupTest, Chrome) -> None
with setup.transaction():
setup.add_user_to_group("*****@*****.**", "some-group")
setup.grant_permission_to_group("some-permission", "foo", "some-group")
setup.create_service_account("*****@*****.**", "some-group")
with frontend_server(tmpdir, "*****@*****.**") as frontend_url:
browser.get(url(frontend_url, "/groups/some-group/service/[email protected]"))
page = ServiceAccountViewPage(browser)
assert page.permission_rows == []
page.click_add_permission_button()
grant_page = ServiceAccountGrantPermissionPage(browser)
grant_page.select_permission("some-permission (foo)")
grant_page.set_argument("foo")
grant_page.submit()
page = ServiceAccountViewPage(browser)
permission_rows = page.permission_rows
assert len(permission_rows) == 1
permission = permission_rows[0]
assert permission.permission == "some-permission"
assert permission.argument == "foo"
permission.click_revoke_button()
permission_revoke_modal = page.get_revoke_permission_modal()
permission_revoke_modal.confirm()
assert page.permission_rows == []
def test_permission_revoke_denied(tmpdir: LocalPath, setup: SetupTest,
browser: Chrome) -> None:
with setup.transaction():
setup.create_service_account("*****@*****.**", "some-group")
setup.grant_permission_to_service_account("some-permission", "*",
"*****@*****.**")
setup.create_user("*****@*****.**")
with frontend_server(tmpdir, "*****@*****.**") as frontend_url:
browser.get(
url(frontend_url,
"/groups/some-group/service/[email protected]"))
page = ServiceAccountViewPage(browser)
assert page.owner == "some-group"
permission_rows = page.permission_rows
assert len(permission_rows) == 1
permission = permission_rows[0]
assert permission.permission == "some-permission"
assert permission.argument == "*"
# The button doesn't show for someone who can't manage the service account.
with pytest.raises(NoSuchElementException):
permission.click_revoke_button()
# Add the user to the group so that the revoke button will show up, and then revoke it before
# attempting to click the button. We can't just directly initiate a request to the revoke URL
# without making the button appear because Python Selenium doesn't support a test-initiated
# POST (only GET).
with setup.transaction():
setup.add_user_to_group("*****@*****.**", "some-group")
with frontend_server(tmpdir, "*****@*****.**") as frontend_url:
browser.get(
url(frontend_url,
"/groups/some-group/service/[email protected]"))
page = ServiceAccountViewPage(browser)
assert page.owner == "some-group"
permission_rows = page.permission_rows
assert len(permission_rows) == 1
permission = permission_rows[0]
with setup.transaction():
setup.remove_user_from_group("*****@*****.**", "some-group")
permission.click_revoke_button()
permission_revoke_modal = page.get_revoke_permission_modal()
permission_revoke_modal.confirm()
assert page.has_text(
"The operation you tried to complete is unauthorized")