diff --git a/rhodecode/tests/test_models.py b/rhodecode/tests/test_models.py --- a/rhodecode/tests/test_models.py +++ b/rhodecode/tests/test_models.py @@ -5,7 +5,7 @@ from rhodecode.tests import * from rhodecode.model.repos_group import ReposGroupModel from rhodecode.model.repo import RepoModel from rhodecode.model.db import RepoGroup, User, Notification, UserNotification, \ - UsersGroup, UsersGroupMember, Permission + UsersGroup, UsersGroupMember, Permission, UsersGroupRepoGroupToPerm from sqlalchemy.exc import IntegrityError from rhodecode.model.user import UserModel @@ -430,6 +430,11 @@ class TestPermissions(unittest.TestCase) username=u'u1', password=u'qweqwe', email=u'u1@rhodecode.org', name=u'u1', lastname=u'u1' ) + self.u2 = UserModel().create_or_update( + username=u'u2', password=u'qweqwe', + email=u'u2@rhodecode.org', name=u'u2', lastname=u'u2' + ) + self.anon = User.get_by_username('default') self.a1 = UserModel().create_or_update( username=u'a1', password=u'qweqwe', email=u'a1@rhodecode.org', name=u'a1', lastname=u'a1', admin=True @@ -437,7 +442,10 @@ class TestPermissions(unittest.TestCase) Session.commit() def tearDown(self): + if hasattr(self, 'test_repo'): + RepoModel().delete(repo=self.test_repo) UserModel().delete(self.u1) + UserModel().delete(self.u2) UserModel().delete(self.a1) if hasattr(self, 'g1'): ReposGroupModel().delete(self.g1.group_id) @@ -578,3 +586,130 @@ class TestPermissions(unittest.TestCase) new_perm_h) self.assertEqual(u1_auth.permissions['repositories_groups'], perms['repositories_groups']) + + def test_repo_in_group_permissions(self): + self.g1 = _make_group('group1', skip_if_exists=True) + self.g2 = _make_group('group2', skip_if_exists=True) + Session.commit() + # both perms should be read ! + u1_auth = AuthUser(user_id=self.u1.user_id) + self.assertEqual(u1_auth.permissions['repositories_groups'], + {u'group1': u'group.read', u'group2': u'group.read'}) + + a1_auth = AuthUser(user_id=self.anon.user_id) + self.assertEqual(a1_auth.permissions['repositories_groups'], + {u'group1': u'group.read', u'group2': u'group.read'}) + + #Change perms to none for both groups + ReposGroupModel().grant_user_permission(repos_group=self.g1, + user=self.anon, + perm='group.none') + ReposGroupModel().grant_user_permission(repos_group=self.g2, + user=self.anon, + perm='group.none') + + + u1_auth = AuthUser(user_id=self.u1.user_id) + self.assertEqual(u1_auth.permissions['repositories_groups'], + {u'group1': u'group.none', u'group2': u'group.none'}) + + a1_auth = AuthUser(user_id=self.anon.user_id) + self.assertEqual(a1_auth.permissions['repositories_groups'], + {u'group1': u'group.none', u'group2': u'group.none'}) + + # add repo to group + form_data = { + 'repo_name':HG_REPO, + 'repo_name_full':os.path.join(self.g1.group_name,HG_REPO), + 'repo_type':'hg', + 'clone_uri':'', + 'repo_group':self.g1.group_id, + 'description':'desc', + 'private':False + } + self.test_repo = RepoModel().create(form_data, cur_user=self.u1) + Session.commit() + + u1_auth = AuthUser(user_id=self.u1.user_id) + self.assertEqual(u1_auth.permissions['repositories_groups'], + {u'group1': u'group.none', u'group2': u'group.none'}) + + a1_auth = AuthUser(user_id=self.anon.user_id) + self.assertEqual(a1_auth.permissions['repositories_groups'], + {u'group1': u'group.none', u'group2': u'group.none'}) + + #grant permission for u2 ! + ReposGroupModel().grant_user_permission(repos_group=self.g1, + user=self.u2, + perm='group.read') + ReposGroupModel().grant_user_permission(repos_group=self.g2, + user=self.u2, + perm='group.read') + Session.commit() + self.assertNotEqual(self.u1, self.u2) + #u1 and anon should have not change perms while u2 should ! + u1_auth = AuthUser(user_id=self.u1.user_id) + self.assertEqual(u1_auth.permissions['repositories_groups'], + {u'group1': u'group.none', u'group2': u'group.none'}) + + u2_auth = AuthUser(user_id=self.u2.user_id) + self.assertEqual(u2_auth.permissions['repositories_groups'], + {u'group1': u'group.read', u'group2': u'group.read'}) + + a1_auth = AuthUser(user_id=self.anon.user_id) + self.assertEqual(a1_auth.permissions['repositories_groups'], + {u'group1': u'group.none', u'group2': u'group.none'}) + + def test_repo_group_user_as_user_group_member(self): + # create Group1 + self.g1 = _make_group('group1', skip_if_exists=True) + Session.commit() + a1_auth = AuthUser(user_id=self.anon.user_id) + + self.assertEqual(a1_auth.permissions['repositories_groups'], + {u'group1': u'group.read'}) + + # set default permission to none + ReposGroupModel().grant_user_permission(repos_group=self.g1, + user=self.anon, + perm='group.none') + # make group + self.ug1 = UsersGroupModel().create('G1') + # add user to group + UsersGroupModel().add_user_to_group(self.ug1, self.u1) + Session.commit() + + # check if user is in the group + membrs = [x.user_id for x in UsersGroupModel().get(self.ug1.users_group_id).members] + self.assertEqual(membrs, [self.u1.user_id]) + # add some user to that group + + # check his permissions + a1_auth = AuthUser(user_id=self.anon.user_id) + self.assertEqual(a1_auth.permissions['repositories_groups'], + {u'group1': u'group.none'}) + + u1_auth = AuthUser(user_id=self.u1.user_id) + self.assertEqual(u1_auth.permissions['repositories_groups'], + {u'group1': u'group.none'}) + + # grant ug1 read permissions for + ReposGroupModel().grant_users_group_permission(repos_group=self.g1, + group_name=self.ug1, + perm='group.read') + Session.commit() + # check if the + obj = Session.query(UsersGroupRepoGroupToPerm)\ + .filter(UsersGroupRepoGroupToPerm.group == self.g1)\ + .filter(UsersGroupRepoGroupToPerm.users_group == self.ug1)\ + .scalar() + self.assertEqual(obj.permission.permission_name, 'group.read') + + a1_auth = AuthUser(user_id=self.anon.user_id) + + self.assertEqual(a1_auth.permissions['repositories_groups'], + {u'group1': u'group.none'}) + + u1_auth = AuthUser(user_id=self.u1.user_id) + self.assertEqual(u1_auth.permissions['repositories_groups'], + {u'group1': u'group.read'})