def test_create_in_group(self): self.log_user() ## create GROUP group_name = 'sometest_%s' % self.REPO_TYPE gr = RepoGroupModel().create(group_name=group_name, group_description='test', owner=base.TEST_USER_ADMIN_LOGIN) Session().commit() repo_name = 'ingroup' repo_name_full = db.URL_SEP.join([group_name, repo_name]) description = 'description for newly created repo' response = self.app.post( base.url('repos'), fixture._get_repo_create_params( repo_private=False, repo_name=repo_name, repo_type=self.REPO_TYPE, repo_description=description, repo_group=gr.group_id, _session_csrf_secret_token=self.session_csrf_secret_token())) ## run the check page that triggers the flash message response = self.app.get( base.url('repo_check_home', repo_name=repo_name_full)) assert response.json == {'result': True} self.checkSessionFlash( response, 'Created repository <a href="/%s">%s</a>' % (repo_name_full, repo_name_full)) # test if the repo was created in the database new_repo = Session().query(Repository) \ .filter(Repository.repo_name == repo_name_full).one() new_repo_id = new_repo.repo_id assert new_repo.repo_name == repo_name_full assert new_repo.description == description # test if the repository is visible in the list ? response = self.app.get( base.url('summary_home', repo_name=repo_name_full)) response.mustcontain(repo_name_full) response.mustcontain(self.REPO_TYPE) inherited_perms = UserRepoToPerm.query() \ .filter(UserRepoToPerm.repository_id == new_repo_id).all() assert len(inherited_perms) == 1 # test if the repository was created on filesystem try: vcs.get_repo( os.path.join( Ui.get_by_key('paths', '/').ui_value, repo_name_full)) except vcs.exceptions.VCSError: RepoGroupModel().delete(group_name) Session().commit() pytest.fail('no repo %s in filesystem' % repo_name) RepoModel().delete(repo_name_full) RepoGroupModel().delete(group_name) Session().commit()
def grant_user_permission(self, repo, user, perm): """ Grant permission for user on given repository, or update existing one if found :param repo: Instance of Repository, repository_id, or repository name :param user: Instance of User, user_id or username :param perm: Instance of Permission, or permission_name """ user = User.guess_instance(user) repo = Repository.guess_instance(repo) permission = Permission.guess_instance(perm) # check if we have that permission already obj = UserRepoToPerm.query() \ .filter(UserRepoToPerm.user == user) \ .filter(UserRepoToPerm.repository == repo) \ .scalar() if obj is None: # create new ! obj = UserRepoToPerm() Session().add(obj) obj.repository = repo obj.user = user obj.permission = permission log.debug('Granted perm %s to %s on %s', perm, user, repo) return obj
def _get_permission_for_user(user, repo): perm = UserRepoToPerm.query()\ .filter(UserRepoToPerm.repository == Repository.get_by_repo_name(repo))\ .filter(UserRepoToPerm.user == User.get_by_username(user))\ .all() return perm
def _get_permission_for_user(user, repo): perm = UserRepoToPerm.query() \ .filter(UserRepoToPerm.repository == Repository.get_by_repo_name(repo)) \ .filter(UserRepoToPerm.user == User.get_by_username(user)) \ .all() return perm
def get_user_permission(self, repository, user): repository = self._get_repo(repository) user = self._get_user(user) return UserRepoToPerm.query() \ .filter(UserRepoToPerm.user == user) \ .filter(UserRepoToPerm.repository == repository) \ .scalar()
def get_user_permission(self, repository, user): repository = Repository.guess_instance(repository) user = User.guess_instance(user) return UserRepoToPerm.query() \ .filter(UserRepoToPerm.user == user) \ .filter(UserRepoToPerm.repository == repository) \ .scalar()
def test_create_in_group(self): self.log_user() ## create GROUP group_name = 'sometest_%s' % self.REPO_TYPE gr = RepoGroupModel().create(group_name=group_name, group_description='test', owner=TEST_USER_ADMIN_LOGIN) Session().commit() repo_name = 'ingroup' repo_name_full = RepoGroup.url_sep().join([group_name, repo_name]) description = 'description for newly created repo' response = self.app.post( url('repos'), fixture._get_repo_create_params( repo_private=False, repo_name=repo_name, repo_type=self.REPO_TYPE, repo_description=description, repo_group=gr.group_id, )) ## run the check page that triggers the flash message response = self.app.get( url('repo_check_home', repo_name=repo_name_full)) self.assertEqual(response.json, {u'result': True}) self.checkSessionFlash( response, 'Created repository <a href="/%s">%s</a>' % (repo_name_full, repo_name_full)) # test if the repo was created in the database new_repo = Session().query(Repository)\ .filter(Repository.repo_name == repo_name_full).one() new_repo_id = new_repo.repo_id self.assertEqual(new_repo.repo_name, repo_name_full) self.assertEqual(new_repo.description, description) # test if the repository is visible in the list ? response = self.app.get(url('summary_home', repo_name=repo_name_full)) response.mustcontain(repo_name_full) response.mustcontain(self.REPO_TYPE) inherited_perms = UserRepoToPerm.query()\ .filter(UserRepoToPerm.repository_id == new_repo_id).all() self.assertEqual(len(inherited_perms), 1) # test if the repository was created on filesystem try: vcs.get_repo(os.path.join(TESTS_TMP_PATH, repo_name_full)) except vcs.exceptions.VCSError: RepoGroupModel().delete(group_name) Session().commit() self.fail('no repo %s in filesystem' % repo_name) RepoModel().delete(repo_name_full) RepoGroupModel().delete(group_name) Session().commit()
def test_create_in_group(self): self.log_user() ## create GROUP group_name = 'sometest_%s' % self.REPO_TYPE gr = RepoGroupModel().create(group_name=group_name, group_description='test', owner=TEST_USER_ADMIN_LOGIN) Session().commit() repo_name = 'ingroup' repo_name_full = RepoGroup.url_sep().join([group_name, repo_name]) description = 'description for newly created repo' response = self.app.post(url('repos'), fixture._get_repo_create_params(repo_private=False, repo_name=repo_name, repo_type=self.REPO_TYPE, repo_description=description, repo_group=gr.group_id, _authentication_token=self.authentication_token())) ## run the check page that triggers the flash message response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) self.assertEqual(response.json, {u'result': True}) self.checkSessionFlash(response, 'Created repository <a href="/%s">%s</a>' % (repo_name_full, repo_name_full)) # test if the repo was created in the database new_repo = Session().query(Repository)\ .filter(Repository.repo_name == repo_name_full).one() new_repo_id = new_repo.repo_id self.assertEqual(new_repo.repo_name, repo_name_full) self.assertEqual(new_repo.description, description) # test if the repository is visible in the list ? response = self.app.get(url('summary_home', repo_name=repo_name_full)) response.mustcontain(repo_name_full) response.mustcontain(self.REPO_TYPE) inherited_perms = UserRepoToPerm.query()\ .filter(UserRepoToPerm.repository_id == new_repo_id).all() self.assertEqual(len(inherited_perms), 1) # test if the repository was created on filesystem try: vcs.get_repo(os.path.join(TESTS_TMP_PATH, repo_name_full)) except vcs.exceptions.VCSError: RepoGroupModel().delete(group_name) Session().commit() self.fail('no repo %s in filesystem' % repo_name) RepoModel().delete(repo_name_full) RepoGroupModel().delete(group_name) Session().commit()
def revoke_user_permission(self, repo, user): """ Revoke permission for user on given repository :param repo: Instance of Repository, repository_id, or repository name :param user: Instance of User, user_id or username """ user = User.guess_instance(user) repo = Repository.guess_instance(repo) obj = UserRepoToPerm.query() \ .filter(UserRepoToPerm.repository == repo) \ .filter(UserRepoToPerm.user == user) \ .scalar() if obj is not None: Session().delete(obj) log.debug('Revoked perm on %s on %s', repo, user)
def _create_repo(self, repo_name, repo_type, description, owner, private=False, clone_uri=None, repo_group=None, landing_rev='rev:tip', fork_of=None, copy_fork_permissions=False, enable_statistics=False, enable_locking=False, enable_downloads=False, copy_group_permissions=False, state=Repository.STATE_PENDING): """ Create repository inside database with PENDING state. This should only be executed by create() repo, with exception of importing existing repos. """ from kallithea.model.scm import ScmModel owner = self._get_user(owner) fork_of = self._get_repo(fork_of) repo_group = self._get_repo_group(repo_group) try: repo_name = safe_unicode(repo_name) description = safe_unicode(description) # repo name is just a name of repository # while repo_name_full is a full qualified name that is combined # with name and path of group repo_name_full = repo_name repo_name = repo_name.split(self.URL_SEPARATOR)[-1] new_repo = Repository() new_repo.repo_state = state new_repo.enable_statistics = False new_repo.repo_name = repo_name_full new_repo.repo_type = repo_type new_repo.user = owner new_repo.group = repo_group new_repo.description = description or repo_name new_repo.private = private new_repo.clone_uri = clone_uri new_repo.landing_rev = landing_rev new_repo.enable_statistics = enable_statistics new_repo.enable_locking = enable_locking new_repo.enable_downloads = enable_downloads if repo_group: new_repo.enable_locking = repo_group.enable_locking if fork_of: parent_repo = fork_of new_repo.fork = parent_repo self.sa.add(new_repo) if fork_of and copy_fork_permissions: repo = fork_of user_perms = UserRepoToPerm.query() \ .filter(UserRepoToPerm.repository == repo).all() group_perms = UserGroupRepoToPerm.query() \ .filter(UserGroupRepoToPerm.repository == repo).all() for perm in user_perms: UserRepoToPerm.create(perm.user, new_repo, perm.permission) for perm in group_perms: UserGroupRepoToPerm.create(perm.users_group, new_repo, perm.permission) elif repo_group and copy_group_permissions: user_perms = UserRepoGroupToPerm.query() \ .filter(UserRepoGroupToPerm.group == repo_group).all() group_perms = UserGroupRepoGroupToPerm.query() \ .filter(UserGroupRepoGroupToPerm.group == repo_group).all() for perm in user_perms: perm_name = perm.permission.permission_name.replace('group.', 'repository.') perm_obj = Permission.get_by_key(perm_name) UserRepoToPerm.create(perm.user, new_repo, perm_obj) for perm in group_perms: perm_name = perm.permission.permission_name.replace('group.', 'repository.') perm_obj = Permission.get_by_key(perm_name) UserGroupRepoToPerm.create(perm.users_group, new_repo, perm_obj) else: perm_obj = self._create_default_perms(new_repo, private) self.sa.add(perm_obj) # now automatically start following this repository as owner ScmModel(self.sa).toggle_following_repo(new_repo.repo_id, owner.user_id) # we need to flush here, in order to check if database won't # throw any exceptions, create filesystem dirs at the very end self.sa.flush() return new_repo except Exception: log.error(traceback.format_exc()) raise
def test_create_in_group_inherit_permissions(self): self.log_user() ## create GROUP group_name = u'sometest_%s' % self.REPO_TYPE gr = RepoGroupModel().create(group_name=group_name, group_description=u'test', owner=TEST_USER_ADMIN_LOGIN) perm = Permission.get_by_key('repository.write') RepoGroupModel().grant_user_permission(gr, TEST_USER_REGULAR_LOGIN, perm) ## add repo permissions Session().commit() repo_name = u'ingroup_inherited_%s' % self.REPO_TYPE repo_name_full = RepoGroup.url_sep().join([group_name, repo_name]) description = u'description for newly created repo' response = self.app.post(url('repos'), fixture._get_repo_create_params(repo_private=False, repo_name=repo_name, repo_type=self.REPO_TYPE, repo_description=description, repo_group=gr.group_id, repo_copy_permissions=True, _authentication_token=self.authentication_token())) ## run the check page that triggers the flash message response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) self.checkSessionFlash(response, 'Created repository <a href="/%s">%s</a>' % (repo_name_full, repo_name_full)) # test if the repo was created in the database new_repo = Session().query(Repository) \ .filter(Repository.repo_name == repo_name_full).one() new_repo_id = new_repo.repo_id assert new_repo.repo_name == repo_name_full assert new_repo.description == description # test if the repository is visible in the list ? response = self.app.get(url('summary_home', repo_name=repo_name_full)) response.mustcontain(repo_name_full) response.mustcontain(self.REPO_TYPE) # test if the repository was created on filesystem try: vcs.get_repo(safe_str(os.path.join(Ui.get_by_key('paths', '/').ui_value, repo_name_full))) except vcs.exceptions.VCSError: RepoGroupModel().delete(group_name) Session().commit() pytest.fail('no repo %s in filesystem' % repo_name) #check if inherited permissiona are applied inherited_perms = UserRepoToPerm.query() \ .filter(UserRepoToPerm.repository_id == new_repo_id).all() assert len(inherited_perms) == 2 assert TEST_USER_REGULAR_LOGIN in [x.user.username for x in inherited_perms] assert 'repository.write' in [x.permission.permission_name for x in inherited_perms] RepoModel().delete(repo_name_full) RepoGroupModel().delete(group_name) Session().commit()
def test_create_in_group_without_needed_permissions(self): usr = self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS) # avoid spurious RepoGroup DetachedInstanceError ... authentication_token = self.authentication_token() # revoke user_model = UserModel() # disable fork and create on default user user_model.revoke_perm(User.DEFAULT_USER, 'hg.create.repository') user_model.grant_perm(User.DEFAULT_USER, 'hg.create.none') user_model.revoke_perm(User.DEFAULT_USER, 'hg.fork.repository') user_model.grant_perm(User.DEFAULT_USER, 'hg.fork.none') # disable on regular user user_model.revoke_perm(TEST_USER_REGULAR_LOGIN, 'hg.create.repository') user_model.grant_perm(TEST_USER_REGULAR_LOGIN, 'hg.create.none') user_model.revoke_perm(TEST_USER_REGULAR_LOGIN, 'hg.fork.repository') user_model.grant_perm(TEST_USER_REGULAR_LOGIN, 'hg.fork.none') Session().commit() ## create GROUP group_name = 'reg_sometest_%s' % self.REPO_TYPE gr = RepoGroupModel().create(group_name=group_name, group_description='test', owner=TEST_USER_ADMIN_LOGIN) Session().commit() group_name_allowed = 'reg_sometest_allowed_%s' % self.REPO_TYPE gr_allowed = RepoGroupModel().create(group_name=group_name_allowed, group_description='test', owner=TEST_USER_REGULAR_LOGIN) Session().commit() repo_name = 'ingroup' repo_name_full = RepoGroup.url_sep().join([group_name, repo_name]) description = 'description for newly created repo' response = self.app.post(url('repos'), fixture._get_repo_create_params(repo_private=False, repo_name=repo_name, repo_type=self.REPO_TYPE, repo_description=description, repo_group=gr.group_id, _authentication_token=authentication_token)) response.mustcontain('Invalid value') # user is allowed to create in this group repo_name = 'ingroup' repo_name_full = RepoGroup.url_sep().join([group_name_allowed, repo_name]) description = 'description for newly created repo' response = self.app.post(url('repos'), fixture._get_repo_create_params(repo_private=False, repo_name=repo_name, repo_type=self.REPO_TYPE, repo_description=description, repo_group=gr_allowed.group_id, _authentication_token=authentication_token)) ## run the check page that triggers the flash message response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) self.assertEqual(response.json, {u'result': True}) self.checkSessionFlash(response, 'Created repository <a href="/%s">%s</a>' % (repo_name_full, repo_name_full)) # test if the repo was created in the database new_repo = Session().query(Repository)\ .filter(Repository.repo_name == repo_name_full).one() new_repo_id = new_repo.repo_id self.assertEqual(new_repo.repo_name, repo_name_full) self.assertEqual(new_repo.description, description) # test if the repository is visible in the list ? response = self.app.get(url('summary_home', repo_name=repo_name_full)) response.mustcontain(repo_name_full) response.mustcontain(self.REPO_TYPE) inherited_perms = UserRepoToPerm.query()\ .filter(UserRepoToPerm.repository_id == new_repo_id).all() self.assertEqual(len(inherited_perms), 1) # test if the repository was created on filesystem try: vcs.get_repo(os.path.join(TESTS_TMP_PATH, repo_name_full)) except vcs.exceptions.VCSError: RepoGroupModel().delete(group_name) Session().commit() self.fail('no repo %s in filesystem' % repo_name) RepoModel().delete(repo_name_full) RepoGroupModel().delete(group_name) RepoGroupModel().delete(group_name_allowed) Session().commit()
def update(self, form_result): perm_user = User.get_by_username(username=form_result['perm_user_name']) try: # stage 1 set anonymous access if perm_user.is_default_user: perm_user.active = str2bool(form_result['anonymous']) # stage 2 reset defaults and set them from form data def _make_new(usr, perm_name): log.debug('Creating new permission:%s', perm_name) new = UserToPerm() new.user = usr new.permission = Permission.get_by_key(perm_name) return new # clear current entries, to make this function idempotent # it will fix even if we define more permissions or permissions # are somehow missing u2p = UserToPerm.query() \ .filter(UserToPerm.user == perm_user) \ .all() for p in u2p: Session().delete(p) #create fresh set of permissions for def_perm_key in ['default_repo_perm', 'default_group_perm', 'default_user_group_perm', 'default_repo_create', 'create_on_write', # special case for create repos on write access to group #'default_repo_group_create', #not implemented yet 'default_user_group_create', 'default_fork', 'default_register', 'default_extern_activate']: p = _make_new(perm_user, form_result[def_perm_key]) Session().add(p) #stage 3 update all default permissions for repos if checked if form_result['overwrite_default_repo']: _def_name = form_result['default_repo_perm'].split('repository.')[-1] _def = Permission.get_by_key('repository.' + _def_name) # repos for r2p in UserRepoToPerm.query() \ .filter(UserRepoToPerm.user == perm_user) \ .all(): #don't reset PRIVATE repositories if not r2p.repository.private: r2p.permission = _def if form_result['overwrite_default_group']: _def_name = form_result['default_group_perm'].split('group.')[-1] # groups _def = Permission.get_by_key('group.' + _def_name) for g2p in UserRepoGroupToPerm.query() \ .filter(UserRepoGroupToPerm.user == perm_user) \ .all(): g2p.permission = _def if form_result['overwrite_default_user_group']: _def_name = form_result['default_user_group_perm'].split('usergroup.')[-1] # groups _def = Permission.get_by_key('usergroup.' + _def_name) for g2p in UserUserGroupToPerm.query() \ .filter(UserUserGroupToPerm.user == perm_user) \ .all(): g2p.permission = _def Session().commit() except (DatabaseError,): log.error(traceback.format_exc()) Session().rollback() raise
def _create_repo(self, repo_name, repo_type, description, owner, private=False, clone_uri=None, repo_group=None, landing_rev='rev:tip', fork_of=None, copy_fork_permissions=False, enable_statistics=False, enable_locking=False, enable_downloads=False, copy_group_permissions=False, state=Repository.STATE_PENDING): """ Create repository inside database with PENDING state. This should only be executed by create() repo, with exception of importing existing repos. """ from kallithea.model.scm import ScmModel owner = User.guess_instance(owner) fork_of = Repository.guess_instance(fork_of) repo_group = RepoGroup.guess_instance(repo_group) try: repo_name = safe_unicode(repo_name) description = safe_unicode(description) # repo name is just a name of repository # while repo_name_full is a full qualified name that is combined # with name and path of group repo_name_full = repo_name repo_name = repo_name.split(self.URL_SEPARATOR)[-1] new_repo = Repository() new_repo.repo_state = state new_repo.enable_statistics = False new_repo.repo_name = repo_name_full new_repo.repo_type = repo_type new_repo.owner = owner new_repo.group = repo_group new_repo.description = description or repo_name new_repo.private = private new_repo.clone_uri = clone_uri new_repo.landing_rev = landing_rev new_repo.enable_statistics = enable_statistics new_repo.enable_locking = enable_locking new_repo.enable_downloads = enable_downloads if repo_group: new_repo.enable_locking = repo_group.enable_locking if fork_of: parent_repo = fork_of new_repo.fork = parent_repo Session().add(new_repo) if fork_of and copy_fork_permissions: repo = fork_of user_perms = UserRepoToPerm.query() \ .filter(UserRepoToPerm.repository == repo).all() group_perms = UserGroupRepoToPerm.query() \ .filter(UserGroupRepoToPerm.repository == repo).all() for perm in user_perms: UserRepoToPerm.create(perm.user, new_repo, perm.permission) for perm in group_perms: UserGroupRepoToPerm.create(perm.users_group, new_repo, perm.permission) elif repo_group and copy_group_permissions: user_perms = UserRepoGroupToPerm.query() \ .filter(UserRepoGroupToPerm.group == repo_group).all() group_perms = UserGroupRepoGroupToPerm.query() \ .filter(UserGroupRepoGroupToPerm.group == repo_group).all() for perm in user_perms: perm_name = perm.permission.permission_name.replace( 'group.', 'repository.') perm_obj = Permission.get_by_key(perm_name) UserRepoToPerm.create(perm.user, new_repo, perm_obj) for perm in group_perms: perm_name = perm.permission.permission_name.replace( 'group.', 'repository.') perm_obj = Permission.get_by_key(perm_name) UserGroupRepoToPerm.create(perm.users_group, new_repo, perm_obj) else: self._create_default_perms(new_repo, private) # now automatically start following this repository as owner ScmModel().toggle_following_repo(new_repo.repo_id, owner.user_id) # we need to flush here, in order to check if database won't # throw any exceptions, create filesystem dirs at the very end Session().flush() return new_repo except Exception: log.error(traceback.format_exc()) raise
def update(self, form_result): perm_user = User.get_by_username( username=form_result['perm_user_name']) try: # stage 1 set anonymous access if perm_user.is_default_user: perm_user.active = str2bool(form_result['anonymous']) # stage 2 reset defaults and set them from form data def _make_new(usr, perm_name): log.debug('Creating new permission:%s', perm_name) new = UserToPerm() new.user = usr new.permission = Permission.get_by_key(perm_name) return new # clear current entries, to make this function idempotent # it will fix even if we define more permissions or permissions # are somehow missing u2p = UserToPerm.query() \ .filter(UserToPerm.user == perm_user) \ .all() for p in u2p: Session().delete(p) # create fresh set of permissions for def_perm_key in [ 'default_repo_perm', 'default_group_perm', 'default_user_group_perm', 'default_repo_create', 'create_on_write', # special case for create repos on write access to group #'default_repo_group_create', # not implemented yet 'default_user_group_create', 'default_fork', 'default_register', 'default_extern_activate' ]: p = _make_new(perm_user, form_result[def_perm_key]) Session().add(p) # stage 3 update all default permissions for repos if checked if form_result['overwrite_default_repo']: _def_name = form_result['default_repo_perm'].split( 'repository.')[-1] _def = Permission.get_by_key('repository.' + _def_name) # repos for r2p in UserRepoToPerm.query() \ .filter(UserRepoToPerm.user == perm_user) \ .all(): # don't reset PRIVATE repositories if not r2p.repository.private: r2p.permission = _def if form_result['overwrite_default_group']: _def_name = form_result['default_group_perm'].split( 'group.')[-1] # groups _def = Permission.get_by_key('group.' + _def_name) for g2p in UserRepoGroupToPerm.query() \ .filter(UserRepoGroupToPerm.user == perm_user) \ .all(): g2p.permission = _def if form_result['overwrite_default_user_group']: _def_name = form_result['default_user_group_perm'].split( 'usergroup.')[-1] # groups _def = Permission.get_by_key('usergroup.' + _def_name) for g2p in UserUserGroupToPerm.query() \ .filter(UserUserGroupToPerm.user == perm_user) \ .all(): g2p.permission = _def Session().commit() except (DatabaseError, ): log.error(traceback.format_exc()) Session().rollback() raise
def test_create_in_group_inherit_permissions(self): self.log_user() ## create GROUP group_name = 'sometest_%s' % self.REPO_TYPE gr = RepoGroupModel().create(group_name=group_name, group_description='test', owner=TEST_USER_ADMIN_LOGIN) perm = Permission.get_by_key('repository.write') RepoGroupModel().grant_user_permission(gr, TEST_USER_REGULAR_LOGIN, perm) ## add repo permissions Session().commit() repo_name = 'ingroup_inherited_%s' % self.REPO_TYPE repo_name_full = RepoGroup.url_sep().join([group_name, repo_name]) description = 'description for newly created repo' response = self.app.post(url('repos'), fixture._get_repo_create_params(repo_private=False, repo_name=repo_name, repo_type=self.REPO_TYPE, repo_description=description, repo_group=gr.group_id, repo_copy_permissions=True)) ## run the check page that triggers the flash message response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) self.checkSessionFlash(response, 'Created repository <a href="/%s">%s</a>' % (repo_name_full, repo_name_full)) # test if the repo was created in the database new_repo = Session().query(Repository)\ .filter(Repository.repo_name == repo_name_full).one() new_repo_id = new_repo.repo_id self.assertEqual(new_repo.repo_name, repo_name_full) self.assertEqual(new_repo.description, description) # test if the repository is visible in the list ? response = self.app.get(url('summary_home', repo_name=repo_name_full)) response.mustcontain(repo_name_full) response.mustcontain(self.REPO_TYPE) # test if the repository was created on filesystem try: vcs.get_repo(os.path.join(TESTS_TMP_PATH, repo_name_full)) except vcs.exceptions.VCSError: RepoGroupModel().delete(group_name) Session().commit() self.fail('no repo %s in filesystem' % repo_name) #check if inherited permissiona are applied inherited_perms = UserRepoToPerm.query()\ .filter(UserRepoToPerm.repository_id == new_repo_id).all() self.assertEqual(len(inherited_perms), 2) self.assertTrue(TEST_USER_REGULAR_LOGIN in [x.user.username for x in inherited_perms]) self.assertTrue('repository.write' in [x.permission.permission_name for x in inherited_perms]) RepoModel().delete(repo_name_full) RepoGroupModel().delete(group_name) Session().commit()
def test_create_in_group_without_needed_permissions(self): usr = self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS) # revoke user_model = UserModel() # disable fork and create on default user user_model.revoke_perm(User.DEFAULT_USER, 'hg.create.repository') user_model.grant_perm(User.DEFAULT_USER, 'hg.create.none') user_model.revoke_perm(User.DEFAULT_USER, 'hg.fork.repository') user_model.grant_perm(User.DEFAULT_USER, 'hg.fork.none') # disable on regular user user_model.revoke_perm(TEST_USER_REGULAR_LOGIN, 'hg.create.repository') user_model.grant_perm(TEST_USER_REGULAR_LOGIN, 'hg.create.none') user_model.revoke_perm(TEST_USER_REGULAR_LOGIN, 'hg.fork.repository') user_model.grant_perm(TEST_USER_REGULAR_LOGIN, 'hg.fork.none') Session().commit() ## create GROUP group_name = 'reg_sometest_%s' % self.REPO_TYPE gr = RepoGroupModel().create(group_name=group_name, group_description='test', owner=TEST_USER_ADMIN_LOGIN) Session().commit() group_name_allowed = 'reg_sometest_allowed_%s' % self.REPO_TYPE gr_allowed = RepoGroupModel().create(group_name=group_name_allowed, group_description='test', owner=TEST_USER_REGULAR_LOGIN) Session().commit() repo_name = 'ingroup' repo_name_full = RepoGroup.url_sep().join([group_name, repo_name]) description = 'description for newly created repo' response = self.app.post( url('repos'), fixture._get_repo_create_params( repo_private=False, repo_name=repo_name, repo_type=self.REPO_TYPE, repo_description=description, repo_group=gr.group_id, )) response.mustcontain('Invalid value') # user is allowed to create in this group repo_name = 'ingroup' repo_name_full = RepoGroup.url_sep().join( [group_name_allowed, repo_name]) description = 'description for newly created repo' response = self.app.post( url('repos'), fixture._get_repo_create_params( repo_private=False, repo_name=repo_name, repo_type=self.REPO_TYPE, repo_description=description, repo_group=gr_allowed.group_id, )) ## run the check page that triggers the flash message response = self.app.get( url('repo_check_home', repo_name=repo_name_full)) self.assertEqual(response.json, {u'result': True}) self.checkSessionFlash( response, 'Created repository <a href="/%s">%s</a>' % (repo_name_full, repo_name_full)) # test if the repo was created in the database new_repo = Session().query(Repository)\ .filter(Repository.repo_name == repo_name_full).one() new_repo_id = new_repo.repo_id self.assertEqual(new_repo.repo_name, repo_name_full) self.assertEqual(new_repo.description, description) # test if the repository is visible in the list ? response = self.app.get(url('summary_home', repo_name=repo_name_full)) response.mustcontain(repo_name_full) response.mustcontain(self.REPO_TYPE) inherited_perms = UserRepoToPerm.query()\ .filter(UserRepoToPerm.repository_id == new_repo_id).all() self.assertEqual(len(inherited_perms), 1) # test if the repository was created on filesystem try: vcs.get_repo(os.path.join(TESTS_TMP_PATH, repo_name_full)) except vcs.exceptions.VCSError: RepoGroupModel().delete(group_name) Session().commit() self.fail('no repo %s in filesystem' % repo_name) RepoModel().delete(repo_name_full) RepoGroupModel().delete(group_name) RepoGroupModel().delete(group_name_allowed) Session().commit()
def test_create_in_group_without_needed_permissions(self): usr = self.log_user(base.TEST_USER_REGULAR_LOGIN, base.TEST_USER_REGULAR_PASS) # avoid spurious RepoGroup DetachedInstanceError ... session_csrf_secret_token = self.session_csrf_secret_token() # revoke user_model = UserModel() # disable fork and create on default user user_model.revoke_perm(User.DEFAULT_USER_NAME, 'hg.create.repository') user_model.grant_perm(User.DEFAULT_USER_NAME, 'hg.create.none') user_model.revoke_perm(User.DEFAULT_USER_NAME, 'hg.fork.repository') user_model.grant_perm(User.DEFAULT_USER_NAME, 'hg.fork.none') # disable on regular user user_model.revoke_perm(base.TEST_USER_REGULAR_LOGIN, 'hg.create.repository') user_model.grant_perm(base.TEST_USER_REGULAR_LOGIN, 'hg.create.none') user_model.revoke_perm(base.TEST_USER_REGULAR_LOGIN, 'hg.fork.repository') user_model.grant_perm(base.TEST_USER_REGULAR_LOGIN, 'hg.fork.none') Session().commit() ## create GROUP group_name = 'reg_sometest_%s' % self.REPO_TYPE gr = RepoGroupModel().create(group_name=group_name, group_description='test', owner=base.TEST_USER_ADMIN_LOGIN) Session().commit() group_name_allowed = 'reg_sometest_allowed_%s' % self.REPO_TYPE gr_allowed = RepoGroupModel().create( group_name=group_name_allowed, group_description='test', owner=base.TEST_USER_REGULAR_LOGIN) Session().commit() repo_name = 'ingroup' repo_name_full = db.URL_SEP.join([group_name, repo_name]) description = 'description for newly created repo' response = self.app.post( base.url('repos'), fixture._get_repo_create_params( repo_private=False, repo_name=repo_name, repo_type=self.REPO_TYPE, repo_description=description, repo_group=gr.group_id, _session_csrf_secret_token=session_csrf_secret_token)) response.mustcontain('Invalid value') # user is allowed to create in this group repo_name = 'ingroup' repo_name_full = db.URL_SEP.join([group_name_allowed, repo_name]) description = 'description for newly created repo' response = self.app.post( base.url('repos'), fixture._get_repo_create_params( repo_private=False, repo_name=repo_name, repo_type=self.REPO_TYPE, repo_description=description, repo_group=gr_allowed.group_id, _session_csrf_secret_token=session_csrf_secret_token)) ## run the check page that triggers the flash message response = self.app.get( base.url('repo_check_home', repo_name=repo_name_full)) assert response.json == {'result': True} self.checkSessionFlash( response, 'Created repository <a href="/%s">%s</a>' % (repo_name_full, repo_name_full)) # test if the repo was created in the database new_repo = Session().query(Repository) \ .filter(Repository.repo_name == repo_name_full).one() new_repo_id = new_repo.repo_id assert new_repo.repo_name == repo_name_full assert new_repo.description == description # test if the repository is visible in the list ? response = self.app.get( base.url('summary_home', repo_name=repo_name_full)) response.mustcontain(repo_name_full) response.mustcontain(self.REPO_TYPE) inherited_perms = UserRepoToPerm.query() \ .filter(UserRepoToPerm.repository_id == new_repo_id).all() assert len(inherited_perms) == 1 # test if the repository was created on filesystem try: vcs.get_repo( os.path.join( Ui.get_by_key('paths', '/').ui_value, repo_name_full)) except vcs.exceptions.VCSError: RepoGroupModel().delete(group_name) Session().commit() pytest.fail('no repo %s in filesystem' % repo_name) RepoModel().delete(repo_name_full) RepoGroupModel().delete(group_name) RepoGroupModel().delete(group_name_allowed) Session().commit()