def test_inactive_user_group_does_not_affect_global_permissions_inverse(
self):
# Issue #138: Inactive User Groups affecting permissions
# Add user to inactive user group, set specific permissions on user
# group and disable inherit-from-default. User permissions should still
# inherit from default.
self.ug1 = fixture.create_user_group(u'G1')
self.ug1.inherit_default_permissions = False
user_group_model = UserGroupModel()
user_group_model.add_user_to_group(self.ug1, self.u1)
user_group_model.update(self.ug1, {'users_group_active': False})
# disable fork and create on user group
user_group_model.revoke_perm(self.ug1, perm='hg.create.repository')
user_group_model.grant_perm(self.ug1, perm='hg.create.none')
user_group_model.revoke_perm(self.ug1, perm='hg.fork.repository')
user_group_model.grant_perm(self.ug1, perm='hg.fork.none')
user_model = UserModel()
# enable fork and create on default user
usr = '******'
user_model.revoke_perm(usr, 'hg.create.none')
user_model.grant_perm(usr, 'hg.create.repository')
user_model.revoke_perm(usr, 'hg.fork.none')
user_model.grant_perm(usr, 'hg.fork.repository')
Session().commit()
u1_auth = AuthUser(user_id=self.u1.user_id)
assert u1_auth.permissions['global'] == set([
'hg.create.repository', 'hg.fork.repository',
'hg.register.manual_activate', 'hg.extern_activate.auto',
'repository.read', 'group.read', 'usergroup.read',
'hg.create.write_on_repogroup.true'
])
def test_inactive_user_group_does_not_affect_repo_permissions_inverse(
self):
self.ug1 = fixture.create_user_group(u'G1')
self.ug1.inherit_default_permissions = False
user_group_model = UserGroupModel()
user_group_model.add_user_to_group(self.ug1, self.u1)
user_group_model.update(self.ug1, {'users_group_active': False})
# note: make u2 repo owner rather than u1, because the owner always has
# admin permissions
self.test_repo = fixture.create_repo(name=u'myownrepo',
repo_type='hg',
cur_user=self.u2)
# enable only write access for user group on repo
RepoModel().grant_user_group_permission(self.test_repo,
group_name=self.ug1,
perm='repository.write')
# enable admin access for default user on repo
RepoModel().grant_user_permission(self.test_repo,
user='******',
perm='repository.admin')
Session().commit()
u1_auth = AuthUser(user_id=self.u1.user_id)
assert u1_auth.permissions['repositories'][
'myownrepo'] == 'repository.admin'
def test_inactive_user_group_does_not_affect_repo_permissions_inverse(self):
self.ug1 = fixture.create_user_group(u'G1')
self.ug1.inherit_default_permissions = False
user_group_model = UserGroupModel()
user_group_model.add_user_to_group(self.ug1, self.u1)
user_group_model.update(self.ug1, {'users_group_active': False})
# note: make u2 repo owner rather than u1, because the owner always has
# admin permissions
self.test_repo = fixture.create_repo(name=u'myownrepo',
repo_type='hg',
cur_user=self.u2)
# enable only write access for user group on repo
RepoModel().grant_user_group_permission(self.test_repo,
group_name=self.ug1,
perm='repository.write')
# enable admin access for default user on repo
RepoModel().grant_user_permission(self.test_repo,
user='******',
perm='repository.admin')
Session().commit()
u1_auth = AuthUser(user_id=self.u1.user_id)
self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
'repository.admin')
def test_inactive_user_group_does_not_affect_global_permissions_inverse(self):
# Issue #138: Inactive User Groups affecting permissions
# Add user to inactive user group, set specific permissions on user
# group and disable inherit-from-default. User permissions should still
# inherit from default.
self.ug1 = fixture.create_user_group(u'G1')
self.ug1.inherit_default_permissions = False
user_group_model = UserGroupModel()
user_group_model.add_user_to_group(self.ug1, self.u1)
user_group_model.update(self.ug1, {'users_group_active': False})
# disable fork and create on user group
user_group_model.revoke_perm(self.ug1, perm='hg.create.repository')
user_group_model.grant_perm(self.ug1, perm='hg.create.none')
user_group_model.revoke_perm(self.ug1, perm='hg.fork.repository')
user_group_model.grant_perm(self.ug1, perm='hg.fork.none')
user_model = UserModel()
# enable fork and create on default user
usr = '******'
user_model.revoke_perm(usr, 'hg.create.none')
user_model.grant_perm(usr, 'hg.create.repository')
user_model.revoke_perm(usr, 'hg.fork.none')
user_model.grant_perm(usr, 'hg.fork.repository')
Session().commit()
u1_auth = AuthUser(user_id=self.u1.user_id)
self.assertEqual(u1_auth.permissions['global'],
set(['hg.create.repository', 'hg.fork.repository',
'hg.register.manual_activate',
'hg.extern_activate.auto',
'repository.read', 'group.read',
'usergroup.read',
'hg.create.write_on_repogroup.true']))
def test_inactive_user_group_does_not_affect_global_permissions(self):
# Add user to inactive user group, set specific permissions on user
# group and and verify it really is inactive.
self.ug1 = fixture.create_user_group('G1')
user_group_model = UserGroupModel()
user_group_model.add_user_to_group(self.ug1, self.u1)
user_group_model.update(self.ug1, {'users_group_active': False})
# enable fork and create on user group
user_group_model.revoke_perm(self.ug1, perm='hg.create.none')
user_group_model.grant_perm(self.ug1, perm='hg.create.repository')
user_group_model.revoke_perm(self.ug1, perm='hg.fork.none')
user_group_model.grant_perm(self.ug1, perm='hg.fork.repository')
user_model = UserModel()
# disable fork and create on default user
usr = '******'
user_model.revoke_perm(usr, 'hg.create.repository')
user_model.grant_perm(usr, 'hg.create.none')
user_model.revoke_perm(usr, 'hg.fork.repository')
user_model.grant_perm(usr, 'hg.fork.none')
Session().commit()
u1_auth = AuthUser(user_id=self.u1.user_id)
assert u1_auth.permissions['global'] == set([
'hg.create.none', 'hg.fork.none', 'hg.register.manual_activate',
'hg.extern_activate.auto', 'repository.read', 'group.read',
'usergroup.read', 'hg.create.write_on_repogroup.true'
])
def test_inactive_user_group_does_not_affect_repo_group_permissions_inverse(self):
self.ug1 = fixture.create_user_group(u'G1')
self.ug1.inherit_default_permissions = False
user_group_model = UserGroupModel()
user_group_model.add_user_to_group(self.ug1, self.u1)
user_group_model.update(self.ug1, {'users_group_active': False})
self.g1 = fixture.create_repo_group(u'group1', skip_if_exists=True)
# enable only write access for user group on repo group
RepoGroupModel().grant_user_group_permission(self.g1,
group_name=self.ug1,
perm='group.write')
# enable admin access for default user on repo group
RepoGroupModel().grant_user_permission(self.g1,
user='******',
perm='group.admin')
Session().commit()
u1_auth = AuthUser(user_id=self.u1.user_id)
assert u1_auth.permissions['repositories_groups'] == {u'group1': u'group.admin'}
def test_inactive_user_group_does_not_affect_user_group_permissions(self):
self.ug1 = fixture.create_user_group('G1')
user_group_model = UserGroupModel()
user_group_model.add_user_to_group(self.ug1, self.u1)
user_group_model.update(self.ug1, {'users_group_active': False})
self.ug2 = fixture.create_user_group('G2')
# enable admin access for user group on user group
UserGroupModel().grant_user_group_permission(self.ug2,
user_group=self.ug1,
perm='usergroup.admin')
# enable only write access for default user on user group
UserGroupModel().grant_user_permission(self.ug2,
user='******',
perm='usergroup.write')
Session().commit()
u1_auth = AuthUser(user_id=self.u1.user_id)
assert u1_auth.permissions['user_groups']['G1'] == 'usergroup.read'
assert u1_auth.permissions['user_groups']['G2'] == 'usergroup.write'
def test_inactive_user_group_does_not_affect_repo_group_permissions(self):
self.ug1 = fixture.create_user_group('G1')
user_group_model = UserGroupModel()
user_group_model.add_user_to_group(self.ug1, self.u1)
user_group_model.update(self.ug1, {'users_group_active': False})
self.g1 = fixture.create_repo_group('group1', skip_if_exists=True)
# enable admin access for user group on repo group
RepoGroupModel().grant_user_group_permission(self.g1,
group_name=self.ug1,
perm='group.admin')
# enable only write access for default user on repo group
RepoGroupModel().grant_user_permission(self.g1,
user='******',
perm='group.write')
Session().commit()
u1_auth = AuthUser(user_id=self.u1.user_id)
assert u1_auth.permissions['repositories_groups'].get(
'group1') == 'group.write'
def test_inactive_user_group_does_not_affect_user_group_permissions_inverse(self):
self.ug1 = fixture.create_user_group(u'G1')
self.ug1.inherit_default_permissions = False
user_group_model = UserGroupModel()
user_group_model.add_user_to_group(self.ug1, self.u1)
user_group_model.update(self.ug1, {'users_group_active': False})
self.ug2 = fixture.create_user_group(u'G2')
# enable only write access for user group on user group
UserGroupModel().grant_user_group_permission(self.ug2,
user_group=self.ug1,
perm='usergroup.write')
# enable admin access for default user on user group
UserGroupModel().grant_user_permission(self.ug2,
user='******',
perm='usergroup.admin')
Session().commit()
u1_auth = AuthUser(user_id=self.u1.user_id)
self.assertEqual(u1_auth.permissions['user_groups'][u'G1'], u'usergroup.read')
self.assertEqual(u1_auth.permissions['user_groups'][u'G2'], u'usergroup.admin')