def test_global_perms_on_group(self, repo_create, repo_create_write,
user_group_create, repo_group_create,
fork_create, expect_error,
expect_form_error,
inherit_default_permissions):
self.log_user()
users_group_name = TEST_USER_GROUP + 'another2'
response = self.app.post(
url('users_groups'), {
'users_group_name': users_group_name,
'user_group_description': 'DESC',
'active': True,
'csrf_token': self.csrf_token
})
ug = UserGroup.get_by_group_name(users_group_name)
user_group_link = link_to(
users_group_name,
url('edit_users_group', user_group_id=ug.users_group_id))
assert_session_flash(response,
'Created user group %s' % user_group_link)
response.follow()
# ENABLE REPO CREATE ON A GROUP
perm_params = {
'inherit_default_permissions': False,
'default_repo_create': repo_create,
'default_repo_create_on_write': repo_create_write,
'default_user_group_create': user_group_create,
'default_repo_group_create': repo_group_create,
'default_fork_create': fork_create,
'default_inherit_default_permissions': inherit_default_permissions,
'_method': 'put',
'csrf_token': self.csrf_token,
}
response = self.app.post(url('edit_user_group_global_perms',
user_group_id=ug.users_group_id),
params=perm_params)
if expect_form_error:
assert response.status_int == 200
response.mustcontain('Value must be one of')
else:
if expect_error:
msg = 'An error occurred during permissions saving'
else:
msg = 'User Group global permissions updated successfully'
ug = UserGroup.get_by_group_name(users_group_name)
del perm_params['_method']
del perm_params['csrf_token']
del perm_params['inherit_default_permissions']
assert perm_params == ug.get_default_perms()
assert_session_flash(response, msg)
fixture.destroy_user_group(users_group_name)
def create_user_group(self, name, **kwargs):
if "skip_if_exists" in kwargs:
del kwargs["skip_if_exists"]
gr = UserGroup.get_by_group_name(group_name=name)
if gr:
return gr
form_data = self._get_user_group_create_params(name, **kwargs)
owner = kwargs.get("cur_user", TEST_USER_ADMIN_LOGIN)
user_group = UserGroupModel().create(
name=form_data["users_group_name"], owner=owner, active=form_data["users_group_active"]
)
Session().commit()
user_group = UserGroup.get_by_group_name(user_group.users_group_name)
return user_group
def create_user_group(self, name, **kwargs):
if 'skip_if_exists' in kwargs:
del kwargs['skip_if_exists']
gr = UserGroup.get_by_group_name(group_name=name)
if gr:
return gr
form_data = self._get_user_group_create_params(name, **kwargs)
owner = kwargs.get('cur_user', TEST_USER_ADMIN_LOGIN)
user_group = UserGroupModel().create(
name=form_data['users_group_name'],
owner=owner,
active=form_data['users_group_active'])
Session().commit()
user_group = UserGroup.get_by_group_name(user_group.users_group_name)
return user_group
def validate_python(self, value, state):
if value in ['default']:
msg = M(self, 'invalid_group', state)
raise formencode.Invalid(msg, value, state,
error_dict=dict(users_group_name=msg)
)
#check if group is unique
old_ugname = None
if edit:
old_id = old_data.get('users_group_id')
old_ugname = UserGroup.get(old_id).users_group_name
if old_ugname != value or not edit:
is_existing_group = UserGroup.get_by_group_name(value,
case_insensitive=True)
if is_existing_group:
msg = M(self, 'group_exist', state, usergroup=value)
raise formencode.Invalid(msg, value, state,
error_dict=dict(users_group_name=msg)
)
if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:
msg = M(self, 'invalid_usergroup_name', state)
raise formencode.Invalid(msg, value, state,
error_dict=dict(users_group_name=msg)
)
def test_delete(self):
self.log_user()
users_group_name = TEST_USER_GROUP + 'another'
response = self.app.post(
url('users_groups'), {
'users_group_name': users_group_name,
'user_group_description': 'DESC',
'active': True,
'csrf_token': self.csrf_token
})
user_group_link = link_to(
users_group_name,
url('edit_users_group',
user_group_id=UserGroup.get_by_group_name(
users_group_name).users_group_id))
assert_session_flash(response,
'Created user group %s' % user_group_link)
group = Session().query(UserGroup).filter(
UserGroup.users_group_name == users_group_name).one()
response = self.app.post(url('delete_users_group',
user_group_id=group.users_group_id),
params={
'_method': 'delete',
'csrf_token': self.csrf_token
})
group = Session().query(UserGroup).filter(
UserGroup.users_group_name == users_group_name).scalar()
assert group is None
def enforce_groups(self, user, groups, extern_type=None):
user = self._get_user(user)
log.debug('Enforcing groups %s on user %s', groups, user)
current_groups = user.group_member
# find the external created groups
externals = [
x.users_group for x in current_groups
if 'extern_type' in x.users_group.group_data
]
# calculate from what groups user should be removed
# externals that are not in groups
for gr in externals:
if gr.users_group_name not in groups:
log.debug('Removing user %s from user group %s', user, gr)
self.remove_user_from_group(gr, user)
# now we calculate in which groups user should be == groups params
owner = User.get_first_super_admin().username
for gr in set(groups):
existing_group = UserGroup.get_by_group_name(gr)
if not existing_group:
desc = 'Automatically created from plugin:%s' % extern_type
# we use first admin account to set the owner of the group
existing_group = UserGroupModel().create(
gr, desc, owner, group_data={'extern_type': extern_type})
# we can only add users to special groups created via plugins
managed = 'extern_type' in existing_group.group_data
if managed:
log.debug('Adding user %s to user group %s', user, gr)
UserGroupModel().add_user_to_group(existing_group, user)
else:
log.debug('Skipping addition to group %s since it is '
'not managed by auth plugins' % gr)
def test_create(self):
self.log_user()
users_group_name = TEST_USER_GROUP
response = self.app.post(
url('users_groups'), {
'users_group_name': users_group_name,
'user_group_description': 'DESC',
'active': True,
'csrf_token': self.csrf_token
})
user_group_link = link_to(
users_group_name,
url('edit_users_group',
user_group_id=UserGroup.get_by_group_name(
users_group_name).users_group_id))
assert_session_flash(response,
'Created user group %s' % user_group_link)
def update_user_group_permissions(self, form_result):
if 'perm_user_group_id' in form_result:
perm_user_group = UserGroup.get(
safe_int(form_result['perm_user_group_id']))
else:
# used mostly to do lookup for default user
perm_user_group = UserGroup.get_by_group_name(
form_result['perm_user_group_name'])
try:
# stage 2 reset defaults and set them from form data
self._set_new_user_group_perms(perm_user_group,
form_result,
preserve=[
'default_repo_perm',
'default_group_perm',
'default_user_group_perm',
'default_register',
'default_extern_activate'
])
self.sa.commit()
except (DatabaseError, ):
log.error(traceback.format_exc())
self.sa.rollback()
raise
def test_enable_repository_read_on_group(self):
self.log_user()
users_group_name = TEST_USER_GROUP + 'another2'
response = self.app.post(url('users_groups'), {
'users_group_name': users_group_name,
'active': True
})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
self.checkSessionFlash(response,
'Created user group %s' % users_group_name)
## ENABLE REPO CREATE ON A GROUP
response = self.app.put(url('users_group_perm', id=ug.users_group_id),
{'create_repo_perm': True})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.repository')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == ug).all()
self.assertEqual(
sorted([[
x.users_group_id,
x.permission_id,
] for x in perms]),
sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]]))
## DISABLE REPO CREATE ON A GROUP
response = self.app.put(url('users_group_perm', id=ug.users_group_id),
{})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.none')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == ug).all()
self.assertEqual(
sorted([[
x.users_group_id,
x.permission_id,
] for x in perms]),
sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]]))
# DELETE !
ug = UserGroup.get_by_group_name(users_group_name)
ugid = ug.users_group_id
response = self.app.delete(url('users_group', id=ug.users_group_id))
response = response.follow()
gr = Session().query(UserGroup)\
.filter(UserGroup.users_group_name ==
users_group_name).scalar()
self.assertEqual(gr, None)
p = Permission.get_by_key('hg.create.repository')
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group_id == ugid).all()
perms = [[
x.users_group_id,
x.permission_id,
] for x in perms]
self.assertEqual(perms, [])
def get_by_name(self, name, cache=False, case_insensitive=False):
return UserGroup.get_by_group_name(name, cache, case_insensitive)
def get_by_name(self, name, cache=False, case_insensitive=False):
return UserGroup.get_by_group_name(name, cache, case_insensitive)
def test_enable_repository_read_on_group(self):
self.log_user()
users_group_name = TEST_USER_GROUP + 'another2'
response = self.app.post(url('users_groups'),
{'users_group_name': users_group_name,
'active': True})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
self.checkSessionFlash(response,
'Created user group %s' % users_group_name)
## ENABLE REPO CREATE ON A GROUP
response = self.app.put(url('users_group_perm', id=ug.users_group_id),
{'create_repo_perm': True})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.repository')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == ug).all()
self.assertEqual(
sorted([[x.users_group_id, x.permission_id, ] for x in perms]),
sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]])
)
## DISABLE REPO CREATE ON A GROUP
response = self.app.put(url('users_group_perm', id=ug.users_group_id),
{})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.none')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == ug).all()
self.assertEqual(
sorted([[x.users_group_id, x.permission_id, ] for x in perms]),
sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]])
)
# DELETE !
ug = UserGroup.get_by_group_name(users_group_name)
ugid = ug.users_group_id
response = self.app.delete(url('users_group', id=ug.users_group_id))
response = response.follow()
gr = Session().query(UserGroup)\
.filter(UserGroup.users_group_name ==
users_group_name).scalar()
self.assertEqual(gr, None)
p = Permission.get_by_key('hg.create.repository')
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group_id == ugid).all()
perms = [[x.users_group_id,
x.permission_id, ] for x in perms]
self.assertEqual(
perms,
[]
)
