def can_user_access_testcase(testcase):
"""Checks if the current user can access the testcase."""
if has_access(
fuzzer_name=testcase.fuzzer_name,
job_type=testcase.job_type,
need_privileged_access=testcase.security_flag):
return True
user_email = helpers.get_user_email()
if testcase.uploader_email and testcase.uploader_email == user_email:
return True
# Allow owners of bugs to see associated test cases and test case groups.
issue_id = testcase.bug_information or testcase.group_bug_information
if not issue_id:
return False
itm = issue_tracker_utils.get_issue_tracker_manager(testcase)
issue = itm.get_issue(int(issue_id))
if not issue:
return False
config = db_config.get()
if config.relax_testcase_restrictions or _is_domain_allowed(user_email):
return (any(utils.emails_equal(user_email, cc) for cc in issue.cc) or
utils.emails_equal(user_email, issue.owner) or
utils.emails_equal(user_email, issue.reporter))
return utils.emails_equal(user_email, issue.owner)
def can_user_access_testcase(testcase):
"""Checks if the current user can access the testcase."""
config = db_config.get()
need_privileged_access = (
testcase.security_flag and not config.relax_security_bug_restrictions)
if has_access(
fuzzer_name=testcase.fuzzer_name,
job_type=testcase.job_type,
need_privileged_access=need_privileged_access):
return True
user_email = helpers.get_user_email()
if testcase.uploader_email and testcase.uploader_email == user_email:
return True
# Allow owners of bugs to see associated test cases and test case groups.
issue_id = testcase.bug_information or testcase.group_bug_information
if not issue_id:
return False
itm = issue_tracker_utils.get_issue_tracker_manager(testcase)
issue_id = int(issue_id)
associated_issue = itm.get_issue(issue_id)
if not associated_issue:
return False
# Look at both associated issue and original issue (if the associated one
# is a duplicate of the original issue).
issues_to_check = [associated_issue]
if associated_issue.merged_into:
original_issue = itm.get_original_issue(issue_id)
if original_issue:
issues_to_check.append(original_issue)
relaxed_restrictions = (
config.relax_testcase_restrictions or _is_domain_allowed(user_email))
for issue in issues_to_check:
if relaxed_restrictions:
if (any(utils.emails_equal(user_email, cc) for cc in issue.cc) or
utils.emails_equal(user_email, issue.owner) or
utils.emails_equal(user_email, issue.reporter)):
return True
elif utils.emails_equal(user_email, issue.owner):
return True
return False
def _is_blacklisted_user(email):
"""Check if an email is in the privileged users list."""
blacklisted_user_emails = (db_config.get_value('blacklisted_users')
or '').splitlines()
return any(
utils.emails_equal(email, blacklisted_user_email)
for blacklisted_user_email in blacklisted_user_emails)
def _is_privileged_user(email):
"""Check if an email is in the privileged users list."""
privileged_user_emails = (db_config.get_value('privileged_users') or
'').splitlines()
for privileged_user_email in privileged_user_emails:
if utils.emails_equal(email, privileged_user_email):
return True
return False
def _is_privileged_user(email):
"""Check if an email is in the privileged users list."""
if local_config.AuthConfig().get('all_users_privileged'):
return True
privileged_user_emails = (db_config.get_value('privileged_users')
or '').splitlines()
return any(
utils.emails_equal(email, privileged_user_email)
for privileged_user_email in privileged_user_emails)
def get_user_job_type():
"""Return the job_type that is assigned to the current user. None means one
can access any job type. You might want to invoke get_access(..) with
the job type afterward."""
email = helpers.get_user_email()
privileged_user_emails = (db_config.get_value('privileged_users') or
'').splitlines()
for privileged_user_email in privileged_user_emails:
if ';' in privileged_user_email:
tokens = privileged_user_email.split(';')
privileged_user_real_email = tokens[0]
privileged_user_job_type = tokens[1]
if utils.emails_equal(email, privileged_user_real_email):
return privileged_user_job_type
return None
def test_email_equals(self):
"""Test email comparison."""
self.assertTrue(utils.emails_equal('*****@*****.**', '*****@*****.**'))
self.assertTrue(utils.emails_equal('*****@*****.**', '*****@*****.**'))
