def test_global_perms_on_group(self, repo_create, repo_create_write, user_group_create, repo_group_create, fork_create, expect_error, expect_form_error, inherit_default_permissions): self.log_user() users_group_name = TEST_USER_GROUP + 'another2' response = self.app.post( url('users_groups'), { 'users_group_name': users_group_name, 'user_group_description': 'DESC', 'active': True, 'csrf_token': self.csrf_token }) ug = UserGroup.get_by_group_name(users_group_name) user_group_link = link_to( users_group_name, url('edit_users_group', user_group_id=ug.users_group_id)) assert_session_flash(response, 'Created user group %s' % user_group_link) response.follow() # ENABLE REPO CREATE ON A GROUP perm_params = { 'inherit_default_permissions': False, 'default_repo_create': repo_create, 'default_repo_create_on_write': repo_create_write, 'default_user_group_create': user_group_create, 'default_repo_group_create': repo_group_create, 'default_fork_create': fork_create, 'default_inherit_default_permissions': inherit_default_permissions, '_method': 'put', 'csrf_token': self.csrf_token, } response = self.app.post(url('edit_user_group_global_perms', user_group_id=ug.users_group_id), params=perm_params) if expect_form_error: assert response.status_int == 200 response.mustcontain('Value must be one of') else: if expect_error: msg = 'An error occurred during permissions saving' else: msg = 'User Group global permissions updated successfully' ug = UserGroup.get_by_group_name(users_group_name) del perm_params['_method'] del perm_params['csrf_token'] del perm_params['inherit_default_permissions'] assert perm_params == ug.get_default_perms() assert_session_flash(response, msg) fixture.destroy_user_group(users_group_name)
def create_user_group(self, name, **kwargs): if "skip_if_exists" in kwargs: del kwargs["skip_if_exists"] gr = UserGroup.get_by_group_name(group_name=name) if gr: return gr form_data = self._get_user_group_create_params(name, **kwargs) owner = kwargs.get("cur_user", TEST_USER_ADMIN_LOGIN) user_group = UserGroupModel().create( name=form_data["users_group_name"], owner=owner, active=form_data["users_group_active"] ) Session().commit() user_group = UserGroup.get_by_group_name(user_group.users_group_name) return user_group
def create_user_group(self, name, **kwargs): if 'skip_if_exists' in kwargs: del kwargs['skip_if_exists'] gr = UserGroup.get_by_group_name(group_name=name) if gr: return gr form_data = self._get_user_group_create_params(name, **kwargs) owner = kwargs.get('cur_user', TEST_USER_ADMIN_LOGIN) user_group = UserGroupModel().create( name=form_data['users_group_name'], owner=owner, active=form_data['users_group_active']) Session().commit() user_group = UserGroup.get_by_group_name(user_group.users_group_name) return user_group
def validate_python(self, value, state): if value in ['default']: msg = M(self, 'invalid_group', state) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg) ) #check if group is unique old_ugname = None if edit: old_id = old_data.get('users_group_id') old_ugname = UserGroup.get(old_id).users_group_name if old_ugname != value or not edit: is_existing_group = UserGroup.get_by_group_name(value, case_insensitive=True) if is_existing_group: msg = M(self, 'group_exist', state, usergroup=value) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg) ) if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None: msg = M(self, 'invalid_usergroup_name', state) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg) )
def test_delete(self): self.log_user() users_group_name = TEST_USER_GROUP + 'another' response = self.app.post( url('users_groups'), { 'users_group_name': users_group_name, 'user_group_description': 'DESC', 'active': True, 'csrf_token': self.csrf_token }) user_group_link = link_to( users_group_name, url('edit_users_group', user_group_id=UserGroup.get_by_group_name( users_group_name).users_group_id)) assert_session_flash(response, 'Created user group %s' % user_group_link) group = Session().query(UserGroup).filter( UserGroup.users_group_name == users_group_name).one() response = self.app.post(url('delete_users_group', user_group_id=group.users_group_id), params={ '_method': 'delete', 'csrf_token': self.csrf_token }) group = Session().query(UserGroup).filter( UserGroup.users_group_name == users_group_name).scalar() assert group is None
def enforce_groups(self, user, groups, extern_type=None): user = self._get_user(user) log.debug('Enforcing groups %s on user %s', groups, user) current_groups = user.group_member # find the external created groups externals = [ x.users_group for x in current_groups if 'extern_type' in x.users_group.group_data ] # calculate from what groups user should be removed # externals that are not in groups for gr in externals: if gr.users_group_name not in groups: log.debug('Removing user %s from user group %s', user, gr) self.remove_user_from_group(gr, user) # now we calculate in which groups user should be == groups params owner = User.get_first_super_admin().username for gr in set(groups): existing_group = UserGroup.get_by_group_name(gr) if not existing_group: desc = 'Automatically created from plugin:%s' % extern_type # we use first admin account to set the owner of the group existing_group = UserGroupModel().create( gr, desc, owner, group_data={'extern_type': extern_type}) # we can only add users to special groups created via plugins managed = 'extern_type' in existing_group.group_data if managed: log.debug('Adding user %s to user group %s', user, gr) UserGroupModel().add_user_to_group(existing_group, user) else: log.debug('Skipping addition to group %s since it is ' 'not managed by auth plugins' % gr)
def test_create(self): self.log_user() users_group_name = TEST_USER_GROUP response = self.app.post( url('users_groups'), { 'users_group_name': users_group_name, 'user_group_description': 'DESC', 'active': True, 'csrf_token': self.csrf_token }) user_group_link = link_to( users_group_name, url('edit_users_group', user_group_id=UserGroup.get_by_group_name( users_group_name).users_group_id)) assert_session_flash(response, 'Created user group %s' % user_group_link)
def update_user_group_permissions(self, form_result): if 'perm_user_group_id' in form_result: perm_user_group = UserGroup.get( safe_int(form_result['perm_user_group_id'])) else: # used mostly to do lookup for default user perm_user_group = UserGroup.get_by_group_name( form_result['perm_user_group_name']) try: # stage 2 reset defaults and set them from form data self._set_new_user_group_perms(perm_user_group, form_result, preserve=[ 'default_repo_perm', 'default_group_perm', 'default_user_group_perm', 'default_register', 'default_extern_activate' ]) self.sa.commit() except (DatabaseError, ): log.error(traceback.format_exc()) self.sa.rollback() raise
def test_enable_repository_read_on_group(self): self.log_user() users_group_name = TEST_USER_GROUP + 'another2' response = self.app.post(url('users_groups'), { 'users_group_name': users_group_name, 'active': True }) response.follow() ug = UserGroup.get_by_group_name(users_group_name) self.checkSessionFlash(response, 'Created user group %s' % users_group_name) ## ENABLE REPO CREATE ON A GROUP response = self.app.put(url('users_group_perm', id=ug.users_group_id), {'create_repo_perm': True}) response.follow() ug = UserGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.repository') p2 = Permission.get_by_key('hg.usergroup.create.false') p3 = Permission.get_by_key('hg.fork.none') # check if user has this perms, they should be here since # defaults are on perms = UserGroupToPerm.query()\ .filter(UserGroupToPerm.users_group == ug).all() self.assertEqual( sorted([[ x.users_group_id, x.permission_id, ] for x in perms]), sorted([[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id], [ug.users_group_id, p3.permission_id]])) ## DISABLE REPO CREATE ON A GROUP response = self.app.put(url('users_group_perm', id=ug.users_group_id), {}) response.follow() ug = UserGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.none') p2 = Permission.get_by_key('hg.usergroup.create.false') p3 = Permission.get_by_key('hg.fork.none') # check if user has this perms, they should be here since # defaults are on perms = UserGroupToPerm.query()\ .filter(UserGroupToPerm.users_group == ug).all() self.assertEqual( sorted([[ x.users_group_id, x.permission_id, ] for x in perms]), sorted([[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id], [ug.users_group_id, p3.permission_id]])) # DELETE ! ug = UserGroup.get_by_group_name(users_group_name) ugid = ug.users_group_id response = self.app.delete(url('users_group', id=ug.users_group_id)) response = response.follow() gr = Session().query(UserGroup)\ .filter(UserGroup.users_group_name == users_group_name).scalar() self.assertEqual(gr, None) p = Permission.get_by_key('hg.create.repository') perms = UserGroupToPerm.query()\ .filter(UserGroupToPerm.users_group_id == ugid).all() perms = [[ x.users_group_id, x.permission_id, ] for x in perms] self.assertEqual(perms, [])
def get_by_name(self, name, cache=False, case_insensitive=False): return UserGroup.get_by_group_name(name, cache, case_insensitive)
def test_enable_repository_read_on_group(self): self.log_user() users_group_name = TEST_USER_GROUP + 'another2' response = self.app.post(url('users_groups'), {'users_group_name': users_group_name, 'active': True}) response.follow() ug = UserGroup.get_by_group_name(users_group_name) self.checkSessionFlash(response, 'Created user group %s' % users_group_name) ## ENABLE REPO CREATE ON A GROUP response = self.app.put(url('users_group_perm', id=ug.users_group_id), {'create_repo_perm': True}) response.follow() ug = UserGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.repository') p2 = Permission.get_by_key('hg.usergroup.create.false') p3 = Permission.get_by_key('hg.fork.none') # check if user has this perms, they should be here since # defaults are on perms = UserGroupToPerm.query()\ .filter(UserGroupToPerm.users_group == ug).all() self.assertEqual( sorted([[x.users_group_id, x.permission_id, ] for x in perms]), sorted([[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id], [ug.users_group_id, p3.permission_id]]) ) ## DISABLE REPO CREATE ON A GROUP response = self.app.put(url('users_group_perm', id=ug.users_group_id), {}) response.follow() ug = UserGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.none') p2 = Permission.get_by_key('hg.usergroup.create.false') p3 = Permission.get_by_key('hg.fork.none') # check if user has this perms, they should be here since # defaults are on perms = UserGroupToPerm.query()\ .filter(UserGroupToPerm.users_group == ug).all() self.assertEqual( sorted([[x.users_group_id, x.permission_id, ] for x in perms]), sorted([[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id], [ug.users_group_id, p3.permission_id]]) ) # DELETE ! ug = UserGroup.get_by_group_name(users_group_name) ugid = ug.users_group_id response = self.app.delete(url('users_group', id=ug.users_group_id)) response = response.follow() gr = Session().query(UserGroup)\ .filter(UserGroup.users_group_name == users_group_name).scalar() self.assertEqual(gr, None) p = Permission.get_by_key('hg.create.repository') perms = UserGroupToPerm.query()\ .filter(UserGroupToPerm.users_group_id == ugid).all() perms = [[x.users_group_id, x.permission_id, ] for x in perms] self.assertEqual( perms, [] )