def test_backup_and_restore_permission_app(mocker):
res = user_permission_list(full=True)["permissions"]
assert "permissions_app.main" in res
assert "permissions_app.admin" in res
assert "permissions_app.dev" in res
assert res["permissions_app.main"]["url"] == "/"
assert res["permissions_app.admin"]["url"] == "/admin"
assert res["permissions_app.dev"]["url"] == "/dev"
assert "visitors" in res["permissions_app.main"]["allowed"]
assert "all_users" in res["permissions_app.main"]["allowed"]
assert res["permissions_app.admin"]["allowed"] == ["alice"]
assert res["permissions_app.dev"]["allowed"] == []
_test_backup_and_restore_app(mocker, "permissions_app")
res = user_permission_list(full=True)["permissions"]
assert "permissions_app.main" in res
assert "permissions_app.admin" in res
assert "permissions_app.dev" in res
assert res["permissions_app.main"]["url"] == "/"
assert res["permissions_app.admin"]["url"] == "/admin"
assert res["permissions_app.dev"]["url"] == "/dev"
assert "visitors" in res["permissions_app.main"]["allowed"]
assert "all_users" in res["permissions_app.main"]["allowed"]
assert res["permissions_app.admin"]["allowed"] == ["alice"]
assert res["permissions_app.dev"]["allowed"] == []
def test_permission_app_propagation_on_ssowat():
app_install(os.path.join(get_test_apps_dir(), "permissions_app_ynh"),
args="domain=%s&domain_2=%s&path=%s&is_public=1&admin=%s" %
(maindomain, other_domains[0], "/urlpermissionapp", "alice"),
force=True)
res = user_permission_list(full=True)['permissions']
assert "visitors" in res['permissions_app.main']['allowed']
assert "all_users" in res['permissions_app.main']['allowed']
app_webroot = "https://%s/urlpermissionapp" % maindomain
assert can_access_webpage(app_webroot, logged_as=None)
assert can_access_webpage(app_webroot, logged_as="alice")
user_permission_update("permissions_app.main",
remove=["visitors", "all_users"],
add="bob")
res = user_permission_list(full=True)['permissions']
assert not can_access_webpage(app_webroot, logged_as=None)
assert not can_access_webpage(app_webroot, logged_as="alice")
assert can_access_webpage(app_webroot, logged_as="bob")
# Test admin access, as configured during install, only alice should be able to access it
# alice gotta be allowed on the main permission to access the admin tho
user_permission_update("permissions_app.main",
remove="bob",
add="all_users")
assert not can_access_webpage(app_webroot + "/admin", logged_as=None)
assert can_access_webpage(app_webroot + "/admin", logged_as="alice")
assert not can_access_webpage(app_webroot + "/admin", logged_as="bob")
def _test_backup_and_restore_app(mocker, app):
# Create a backup of this app
with message(mocker, "backup_created"):
backup_create(system=None, apps=[app])
archives = backup_list()["archives"]
assert len(archives) == 1
archives_info = backup_info(archives[0], with_details=True)
assert archives_info["system"] == {}
assert len(archives_info["apps"].keys()) == 1
assert app in archives_info["apps"].keys()
# Uninstall the app
app_remove(app)
assert not app_is_installed(app)
assert app + ".main" not in user_permission_list()["permissions"]
# Restore the app
with message(mocker, "restore_complete"):
backup_restore(system=None, name=archives[0], apps=[app])
assert app_is_installed(app)
# Check permission
per_list = user_permission_list()["permissions"]
assert app + ".main" in per_list
def test_permission_main_url_regex():
permission_url("blog.main", url="re:/[a-z]+reboy/.*")
res = user_permission_list(full=True)['permissions']
assert res["blog.main"]["url"] == "re:/[a-z]+reboy/.*"
res = user_permission_list(full=True, absolute_urls=True)['permissions']
assert res["blog.main"][
"url"] == "re:%s/blog/[a-z]+reboy/.*" % maindomain.replace('.', r'\.')
def test_permission_switch_protected():
user_permission_update("wiki.main", protected=True)
res = user_permission_list(full=True)["permissions"]
assert res["wiki.main"]["protected"] is True
user_permission_update("wiki.main", protected=False)
res = user_permission_list(full=True)["permissions"]
assert res["wiki.main"]["protected"] is False
def test_permission_switch_auth_header():
permission_url("wiki.main", auth_header=True)
res = user_permission_list(full=True)["permissions"]
assert res["wiki.main"]["auth_header"] is True
permission_url("wiki.main", auth_header=False)
res = user_permission_list(full=True)["permissions"]
assert res["wiki.main"]["auth_header"] is False
def test_permission_add_additional_regex():
permission_url("blog.main", add_url=["re:/[a-z]+reboy/.*"])
res = user_permission_list(full=True)['permissions']
assert res["blog.main"]["additional_urls"] == ["re:/[a-z]+reboy/.*"]
res = user_permission_list(full=True, absolute_urls=True)['permissions']
assert res["blog.main"]["additional_urls"] == [
"re:%s/blog/[a-z]+reboy/.*" % maindomain.replace('.', r'\.')
]
def test_permission_switch_protected():
user_permission_update("wiki.main", protected=True)
res = user_permission_list(full=True)['permissions']
assert res['wiki.main']['protected'] is True
user_permission_update("wiki.main", protected=False)
res = user_permission_list(full=True)['permissions']
assert res['wiki.main']['protected'] is False
def test_permission_switch_auth_header():
permission_url("wiki.main", auth_header=True)
res = user_permission_list(full=True)['permissions']
assert res['wiki.main']['auth_header'] is True
permission_url("wiki.main", auth_header=False)
res = user_permission_list(full=True)['permissions']
assert res['wiki.main']['auth_header'] is False
def test_permission_delete(mocker):
with message(mocker, "permission_deleted", permission="wiki.main"):
permission_delete("wiki.main", force=True)
res = user_permission_list()['permissions']
assert "wiki.main" not in res
with message(mocker, "permission_deleted", permission="blog.api"):
permission_delete("blog.api", force=False)
res = user_permission_list()['permissions']
assert "blog.api" not in res
def test_permission_switch_show_tile(mocker):
# Note that from the actionmap the value is passed as string, not as bool
# Try with lowercase
with message(mocker, "permission_updated", permission="wiki.main"):
user_permission_update("wiki.main", show_tile="false")
res = user_permission_list(full=True)['permissions']
assert res['wiki.main']['show_tile'] is False
# Try with uppercase
with message(mocker, "permission_updated", permission="wiki.main"):
user_permission_update("wiki.main", show_tile="TRUE")
res = user_permission_list(full=True)['permissions']
assert res['wiki.main']['show_tile'] is True
def test_show_tile_cant_be_enabled():
_permission_create_with_dummy_app(permission="site.main",
auth_header=False,
label="Site",
show_tile=True,
allowed=["all_users"],
protected=False,
sync_perm=False,
domain=maindomain,
path="/site")
_permission_create_with_dummy_app(permission="web.main",
url="re:/[a-z]{3}/bla",
auth_header=False,
label="Web",
show_tile=True,
allowed=["all_users"],
protected=False,
sync_perm=True,
domain=maindomain,
path="/web")
permissions = user_permission_list(full=True)['permissions']
assert permissions['site.main']['show_tile'] is False
assert permissions['web.main']['show_tile'] is False
def test_permission_legacy_app_propagation_on_ssowat():
app_install(os.path.join(get_test_apps_dir(), "legacy_app_ynh"),
args="domain=%s&domain_2=%s&path=%s" %
(maindomain, other_domains[0], "/legacy"),
force=True)
# App is configured as public by default using the legacy unprotected_uri mechanics
# It should automatically be migrated during the install
res = user_permission_list(full=True)['permissions']
assert "visitors" in res['legacy_app.main']['allowed']
assert "all_users" in res['legacy_app.main']['allowed']
app_webroot = "https://%s/legacy" % maindomain
assert can_access_webpage(app_webroot, logged_as=None)
assert can_access_webpage(app_webroot, logged_as="alice")
# Try to update the permission and check that permissions are still consistent
user_permission_update("legacy_app.main",
remove=["visitors", "all_users"],
add="bob")
assert not can_access_webpage(app_webroot, logged_as=None)
assert not can_access_webpage(app_webroot, logged_as="alice")
assert can_access_webpage(app_webroot, logged_as="bob")
def test_permission_add_group_that_doesnt_exist(mocker):
with raiseYunohostError(mocker, "group_unknown"):
user_permission_update("blog.main", add="doesnt_exist")
res = user_permission_list(full=True)['permissions']
assert res['blog.main']['allowed'] == ["alice"]
assert res['blog.main']['corresponding_users'] == ["alice"]
def test_permission_switch_show_tile_with_same_value(mocker):
# Note that from the actionmap the value is passed as string, not as bool
with message(mocker, "permission_updated", permission="wiki.main"):
user_permission_update("wiki.main", show_tile="True")
res = user_permission_list(full=True)['permissions']
assert res['wiki.main']['show_tile'] is True
def test_permission_add_and_remove_group(mocker):
with message(mocker, "permission_updated", permission="wiki.main"):
user_permission_update("wiki.main", add="alice", remove="all_users")
res = user_permission_list(full=True)['permissions']
assert res['wiki.main']['allowed'] == ["alice"]
assert res['wiki.main']['corresponding_users'] == ["alice"]
def test_permission_remove_group(mocker):
with message(mocker, "permission_updated", permission="blog.main"):
user_permission_update("blog.main", remove="alice")
res = user_permission_list(full=True)['permissions']
assert res['blog.main']['allowed'] == []
assert res['blog.main']['corresponding_users'] == []
def test_permission_app_install():
app_install(os.path.join(get_test_apps_dir(), "permissions_app_ynh"),
args="domain=%s&domain_2=%s&path=%s&is_public=0&admin=%s" %
(maindomain, other_domains[0], "/urlpermissionapp", "alice"),
force=True)
res = user_permission_list(full=True)['permissions']
assert "permissions_app.main" in res
assert "permissions_app.admin" in res
assert "permissions_app.dev" in res
assert res['permissions_app.main']['url'] == "/"
assert res['permissions_app.admin']['url'] == "/admin"
assert res['permissions_app.dev']['url'] == "/dev"
assert res['permissions_app.main']['allowed'] == ["all_users"]
assert set(res['permissions_app.main']['corresponding_users']) == set(
["alice", "bob"])
assert res['permissions_app.admin']['allowed'] == ["alice"]
assert res['permissions_app.admin']['corresponding_users'] == ["alice"]
assert res['permissions_app.dev']['allowed'] == []
assert set(res['permissions_app.dev']['corresponding_users']) == set()
# Check that we get the right stuff in app_map, which is used to generate the ssowatconf
assert maindomain + "/urlpermissionapp" in app_map(user="******").keys()
user_permission_update("permissions_app.main",
remove="all_users",
add="bob")
assert maindomain + "/urlpermissionapp" not in app_map(user="******").keys()
assert maindomain + "/urlpermissionapp" in app_map(user="******").keys()
def test_permission_remove_additional_url():
permission_url("wiki.main", remove_url=["/whatever"])
res = user_permission_list(full=True, absolute_urls=True)["permissions"]
assert res["wiki.main"]["url"] == maindomain + "/wiki"
assert res["wiki.main"]["additional_urls"] == [
maindomain + "/wiki/idontnow"
]
def test_permission_reset(mocker):
with message(mocker, "permission_updated", permission="blog.main"):
user_permission_reset("blog.main")
res = user_permission_list(full=True)['permissions']
assert res['blog.main']['allowed'] == ["all_users"]
assert set(res['blog.main']['corresponding_users']) == set(
["alice", "bob"])
def test_permission_remove_additional_url():
permission_url("wiki.main", remove_url=['/whatever'])
res = user_permission_list(full=True, absolute_urls=True)['permissions']
assert res['wiki.main']['url'] == maindomain + "/wiki"
assert res['wiki.main']['additional_urls'] == [
maindomain + '/wiki/idontnow'
]
def test_permission_add_group(mocker):
with message(mocker, "permission_updated", permission="wiki.main"):
user_permission_update("wiki.main", add="alice")
res = user_permission_list(full=True)['permissions']
assert set(res['wiki.main']['allowed']) == set(["all_users", "alice"])
assert set(res['wiki.main']['corresponding_users']) == set(
["alice", "bob"])
def add_new_ldap_attributes(self):
from yunohost.utils.ldap import _get_ldap_interface
from yunohost.regenconf import regen_conf, BACKUP_CONF_DIR
# Check if the migration can be processed
ldap_regen_conf_status = regen_conf(names=["slapd"], dry_run=True)
# By this we check if the have been customized
if ldap_regen_conf_status and ldap_regen_conf_status["slapd"][
"pending"]:
logger.warning(
m18n.n(
"migration_0019_slapd_config_will_be_overwritten",
conf_backup_folder=BACKUP_CONF_DIR,
))
# Update LDAP schema restart slapd
logger.info(m18n.n("migration_0011_update_LDAP_schema"))
regen_conf(names=["slapd"], force=True)
logger.info(m18n.n("migration_0019_add_new_attributes_in_ldap"))
ldap = _get_ldap_interface()
permission_list = user_permission_list(full=True)["permissions"]
for permission in permission_list:
system_perms = {
"mail": "E-mail",
"xmpp": "XMPP",
"ssh": "SSH",
"sftp": "STFP",
}
if permission.split(".")[0] in system_perms:
update = {
"authHeader": ["FALSE"],
"label": [system_perms[permission.split(".")[0]]],
"showTile": ["FALSE"],
"isProtected": ["TRUE"],
}
else:
app, subperm_name = permission.split(".")
if permission.endswith(".main"):
update = {
"authHeader": ["TRUE"],
"label": [
app
], # Note that this is later re-changed during the call to migrate_legacy_permission_settings() if a 'label' setting exists
"showTile": ["TRUE"],
"isProtected": ["FALSE"],
}
else:
update = {
"authHeader": ["TRUE"],
"label": [subperm_name.title()],
"showTile": ["FALSE"],
"isProtected": ["TRUE"],
}
ldap.update("cn=%s,ou=permission" % permission, update)
def test_permission_list():
res = user_permission_list(full=True)["permissions"]
assert "mail.main" in res
assert "xmpp.main" in res
assert "wiki.main" in res
assert "blog.main" in res
assert "blog.api" in res
assert res["wiki.main"]["allowed"] == ["all_users"]
assert res["blog.main"]["allowed"] == ["alice"]
assert res["blog.api"]["allowed"] == ["visitors"]
assert set(res["wiki.main"]["corresponding_users"]) == set(
["alice", "bob"])
assert res["blog.main"]["corresponding_users"] == ["alice"]
assert res["blog.api"]["corresponding_users"] == []
assert res["wiki.main"]["url"] == "/"
assert res["blog.main"]["url"] == "/"
assert res["blog.api"]["url"] is None
assert set(
res["wiki.main"]["additional_urls"]) == {"/whatever", "/idontnow"}
assert res["wiki.main"]["protected"] is False
assert res["blog.main"]["protected"] is False
assert res["blog.api"]["protected"] is True
assert res["wiki.main"]["label"] == "Wiki"
assert res["blog.main"]["label"] == "Blog"
assert res["blog.api"]["label"] == "Blog (api)"
assert res["wiki.main"]["show_tile"] is True
assert res["blog.main"]["show_tile"] is False
assert res["blog.api"]["show_tile"] is False
assert res["wiki.main"]["auth_header"] is False
assert res["blog.main"]["auth_header"] is True
assert res["blog.api"]["auth_header"] is True
res = user_permission_list(full=True, absolute_urls=True)["permissions"]
assert res["wiki.main"]["url"] == maindomain + "/wiki"
assert res["blog.main"]["url"] == maindomain + "/blog"
assert res["blog.api"]["url"] is None
assert set(res["wiki.main"]["additional_urls"]) == {
maindomain + "/wiki/whatever",
maindomain + "/wiki/idontnow",
}
assert res["blog.main"]["additional_urls"] == []
assert res["blog.api"]["additional_urls"] == []
def test_permission_reset_idempotency():
# Reset permission
user_permission_reset("blog.main")
user_permission_reset("blog.main")
res = user_permission_list(full=True)['permissions']
assert res['blog.main']['allowed'] == ["all_users"]
assert set(res['blog.main']['corresponding_users']) == set(
["alice", "bob"])
def test_permission_app_change_url():
app_install(os.path.join(get_test_apps_dir(), "permissions_app_ynh"),
args="domain=%s&domain_2=%s&path=%s&admin=%s" %
(maindomain, other_domains[0], "/urlpermissionapp", "alice"),
force=True)
# FIXME : should rework this test to look for differences in the generated app map / app tiles ...
res = user_permission_list(full=True)['permissions']
assert res['permissions_app.main']['url'] == "/"
assert res['permissions_app.admin']['url'] == "/admin"
assert res['permissions_app.dev']['url'] == "/dev"
app_change_url("permissions_app", maindomain, "/newchangeurl")
res = user_permission_list(full=True)['permissions']
assert res['permissions_app.main']['url'] == "/"
assert res['permissions_app.admin']['url'] == "/admin"
assert res['permissions_app.dev']['url'] == "/dev"
def test_permission_protection_management_by_helper():
app_install(os.path.join(get_test_apps_dir(), "permissions_app_ynh"),
args="domain=%s&domain_2=%s&path=%s&admin=%s" %
(maindomain, other_domains[0], "/urlpermissionapp", "alice"),
force=True)
res = user_permission_list(full=True)['permissions']
assert res['permissions_app.main']['protected'] is False
assert res['permissions_app.admin']['protected'] is True
assert res['permissions_app.dev']['protected'] is False
app_upgrade(["permissions_app"],
file=os.path.join(get_test_apps_dir(), "permissions_app_ynh"))
res = user_permission_list(full=True)['permissions']
assert res['permissions_app.main']['protected'] is False
assert res['permissions_app.admin']['protected'] is False
assert res['permissions_app.dev']['protected'] is True
def test_permission_delete_doesnt_existing(mocker):
with raiseYunohostError(mocker, "permission_not_found"):
permission_delete("doesnt.exist", force=True)
res = user_permission_list()['permissions']
assert "wiki.main" in res
assert "blog.main" in res
assert "mail.main" in res
assert "xmpp.main" in res
def test_permission_list():
res = user_permission_list(full=True)['permissions']
assert "mail.main" in res
assert "xmpp.main" in res
assert "wiki.main" in res
assert "blog.main" in res
assert "blog.api" in res
assert res['wiki.main']['allowed'] == ["all_users"]
assert res['blog.main']['allowed'] == ["alice"]
assert res['blog.api']['allowed'] == ["visitors"]
assert set(res['wiki.main']['corresponding_users']) == set(
["alice", "bob"])
assert res['blog.main']['corresponding_users'] == ["alice"]
assert res['blog.api']['corresponding_users'] == []
assert res['wiki.main']['url'] == "/"
assert res['blog.main']['url'] == "/"
assert res['blog.api']['url'] is None
assert set(
res['wiki.main']['additional_urls']) == {'/whatever', '/idontnow'}
assert res['wiki.main']['protected'] is False
assert res['blog.main']['protected'] is False
assert res['blog.api']['protected'] is True
assert res['wiki.main']['label'] == "Wiki"
assert res['blog.main']['label'] == "Blog"
assert res['blog.api']['label'] == "Blog (api)"
assert res['wiki.main']['show_tile'] is True
assert res['blog.main']['show_tile'] is False
assert res['blog.api']['show_tile'] is False
assert res['wiki.main']['auth_header'] is False
assert res['blog.main']['auth_header'] is True
assert res['blog.api']['auth_header'] is True
res = user_permission_list(full=True, absolute_urls=True)['permissions']
assert res['wiki.main']['url'] == maindomain + "/wiki"
assert res['blog.main']['url'] == maindomain + "/blog"
assert res['blog.api']['url'] is None
assert set(res['wiki.main']['additional_urls']) == {
maindomain + '/wiki/whatever', maindomain + '/wiki/idontnow'
}
assert res['blog.main']['additional_urls'] == []
assert res['blog.api']['additional_urls'] == []
def test_permssion_add_additional_url_already_exist():
permission_url("wiki.main", add_url=['/whatever', "/myhouse"])
permission_url("wiki.main", add_url=['/whatever'])
res = user_permission_list(full=True, absolute_urls=True)['permissions']
assert res['wiki.main']['url'] == maindomain + "/wiki"
assert set(res['wiki.main']['additional_urls']) == {
maindomain + '/wiki/whatever', maindomain + '/wiki/idontnow',
maindomain + '/wiki/myhouse'
}
