class PermissionAdminPanelTestCase(unittest.TestCase):
def setUp(self):
self.env = EnvironmentStub(default_data=True)
self.panel = PermissionAdminPanel(self.env)
def tearDown(self):
self.env.reset_db()
def test_grant_permission_action_already_granted(self):
"""Warning is added when granting an action that has already
been granted.
"""
req = MockRequest(self.env,
method='POST',
args={
'add': True,
'subject': 'anonymous',
'action': 'WIKI_VIEW'
})
self.panel.render_admin_panel(req, 'general', 'perm', None)
self.assertIn("The user anonymous already has permission WIKI_VIEW.",
req.chrome['warnings'])
def test_grant_permission_group_already_granted(self):
"""Warning is added when adding a subject to a group and the
subject is already a member of the group.
"""
PermissionSystem(self.env).grant_permission('user1', 'group1')
req = MockRequest(self.env,
method='POST',
args={
'add': True,
'subject': 'user1',
'group': 'group1'
})
self.panel.render_admin_panel(req, 'general', 'perm', None)
self.assertIn("The user user1 is already in the group group1.",
req.chrome['warnings'])
def setUp(self):
self.env = EnvironmentStub(default_data=True)
self.panel = PermissionAdminPanel(self.env)
class PermissionAdminPanelTestCase(unittest.TestCase):
def setUp(self):
self.env = EnvironmentStub(default_data=True)
self.panel = PermissionAdminPanel(self.env)
def tearDown(self):
self.env.reset_db()
def _test_invalid_user(self, subject='', action='', target='', group=''):
req = MockRequest(self.env,
method='POST',
args={
'add': True,
'subject': subject,
'target': target,
'group': group,
'action': action
})
with self.assertRaises(TracError) as cm:
self.panel.render_admin_panel(req, 'general', 'perm', None)
self.assertEqual(
"All upper-cased tokens are reserved for permission "
"names.", unicode(cm.exception))
def test_grant_permission_invalid_username(self):
self._test_invalid_user(subject='USER', action='WIKI_VIEW')
def test_add_subject_to_group_invalid_subject_or_group(self):
self._test_invalid_user(subject='user', group='GROUP')
self._test_invalid_user(subject='USER', group='group')
def test_copy_permissions_invalid_subject_or_target(self):
self._test_invalid_user(subject='user1', target='USER2')
self._test_invalid_user(subject='USER1', target='user2')
def test_grant_permission_action_already_granted(self):
"""Warning is added when granting an action that has already
been granted.
"""
req = MockRequest(self.env,
method='POST',
args={
'add': True,
'subject': 'anonymous',
'action': 'WIKI_VIEW'
})
with self.assertRaises(RequestDone):
self.panel.render_admin_panel(req, 'general', 'perm', None)
self.assertIn("The user anonymous already has permission WIKI_VIEW.",
req.chrome['warnings'])
def test_grant_permission_group_already_granted(self):
"""Warning is added when adding a subject to a group and the
subject is already a member of the group.
"""
PermissionSystem(self.env).grant_permission('user1', 'group1')
req = MockRequest(self.env,
method='POST',
args={
'add': True,
'subject': 'user1',
'group': 'group1'
})
with self.assertRaises(RequestDone):
self.panel.render_admin_panel(req, 'general', 'perm', None)
self.assertIn("The user user1 is already in the group group1.",
req.chrome['warnings'])
def test_grant_permission_with_permission_grant(self):
"""User can only grant permissions they possess."""
ps = PermissionSystem(self.env)
ps.grant_permission('user1', 'PERMISSION_GRANT')
ps.grant_permission('group1', 'WIKI_ADMIN')
req = MockRequest(self.env,
method='POST',
authname='user1',
args={
'add': True,
'subject': 'user2',
'group': 'group1'
})
with self.assertRaises(PermissionError) as cm:
self.panel.render_admin_panel(req, 'general', 'perm', None)
self.assertEqual(
"The subject user2 was not added to the group group1 "
"because the group has WIKI_ADMIN permission and "
"users cannot grant permissions they don't possess.",
unicode(cm.exception))
def test_grant_undefined_permission_with_permission_grant(self):
"""Undefined permission is granted without checking granter."""
ps = PermissionSystem(self.env)
ps.grant_permission('user1', 'PERMISSION_GRANT')
self.env.db_transaction("""
INSERT INTO permission VALUES ('group1', 'TEST_PERM')
""")
req = MockRequest(self.env,
method='POST',
authname='user1',
args={
'add': True,
'subject': 'user2',
'group': 'group1'
})
with self.assertRaises(RequestDone):
self.panel.render_admin_panel(req, 'general', 'perm', None)
self.assertIn('TEST_PERM',
ps.get_user_permissions('group1', undefined=True))
self.assertIn('user2', ps.get_groups_dict()['group1'])
def test_copy_permissions_to_subject(self):
"""Copy permissions to subject.
Undefined actions are skipped.
"""
ps = PermissionSystem(self.env)
ps.grant_permission('user1', 'WIKI_VIEW')
ps.grant_permission('user1', 'TICKET_VIEW')
self.env.db_transaction("""
INSERT INTO permission VALUES ('user1', 'TEST_PERM')
""")
req = MockRequest(self.env,
method='POST',
args={
'copy': True,
'subject': 'user1',
'target': 'user2'
})
with self.assertRaises(RequestDone):
self.panel.render_admin_panel(req, 'general', 'perm', None)
self.assertEqual(['TICKET_VIEW', 'WIKI_VIEW'],
ps.get_users_dict().get('user2'))
self.assertEqual(2, len(req.chrome['notices']))
self.assertIn(
"The subject user2 has been granted the permission "
"TICKET_VIEW.", req.chrome['notices'])
self.assertIn(
"The subject user2 has been granted the permission "
"WIKI_VIEW.", req.chrome['notices'])
self.assertIn(("WARNING", "Skipped granting TEST_PERM to user2: "
"permission unavailable."), self.env.log_messages)
self.assertIn(("INFO", "Granted permission for TICKET_VIEW to user2"),
self.env.log_messages)
self.assertIn(("INFO", "Granted permission for TICKET_VIEW to user2"),
self.env.log_messages)
