#!/usr/bin/env python # coding=utf-8 """ (c) 2017 - Copyright Red Hat Inc Authors: Vivek Anand """ from __future__ import unicode_literals __requires__ = ['SQLAlchemy >= 0.8'] import pkg_resources from unittest.case import SkipTest import json import unittest import shutil import sys import os try: import pyclamd except ImportError: pyclamd = None import tempfile import pygit2 from mock import patch sys.path.insert(0, os.path.join(os.path.dirname( os.path.abspath(__file__)), '..')) import pagure.config import pagure.lib import tests class PagureFlaskIssuesACLtests(tests.Modeltests): """ Tests for flask issues controller of pagure for acls """ @patch('pagure.lib.git.update_git') @patch('pagure.lib.notify.send_email') def test_view_issue_no_access(self, p_send_email, p_ugt): """ Test the view_issue endpoint. when a user has no access on repo """ p_send_email.return_value = True p_ugt.return_value = True output = self.app.get('/foo/issue/1') self.assertEqual(output.status_code, 404) tests.create_projects(self.session) tests.create_projects_git( os.path.join(self.path, 'repos'), bare=True) output = self.app.get('/test/issue/1') self.assertEqual(output.status_code, 404) # Create issues to play with repo = pagure.lib.get_authorized_project(self.session, 'test') msg = pagure.lib.new_issue( session=self.session, repo=repo, title='Test issue', content='We should work on this', user='pingou', ) self.session.commit() self.assertEqual(msg.title, 'Test issue') # Add milestone repo.milestones = {'77': None} self.session.add(repo) issue = pagure.lib.search_issues( self.session, repo=repo, issueid=1 ) pagure.lib.edit_issue( self.session, issue, user='pingou', milestone='77' ) self.session.add(repo) self.session.add(issue) msg = pagure.lib.set_custom_key_fields( self.session, project=repo, fields=['abc', 'xyz'], types=['boolean', 'boolean'], data=[None, None], ) self.assertEqual(msg, 'List of custom fields updated') self.session.add(repo) msg = pagure.lib.set_custom_key_value( self.session, issue=issue, key=pagure.lib.get_custom_key(self.session, repo, 'abc'), value=1 ) self.session.add(issue) self.session.commit() output = self.app.get('/test/issue/1') self.assertEqual(output.status_code, 200) # Not authentified = No edit self.assertNotIn( '\n', output.get_data(as_text=True)) self.assertTrue( '' 'Login\n to comment on this ticket.' in output.get_data(as_text=True)) user = tests.FakeUser() with tests.user_set(self.app.application, user): output = self.app.get('/test/issue/1') self.assertEqual(output.status_code, 200) output_text = output.get_data(as_text=True) # Not author nor admin = No edit self.assertNotIn( '\n', output_text) self.assertNotIn( '\n', output.get_data(as_text=True)) # no edit metadata self.assertNotIn( '' '', output_text) self.assertNotIn( 'Login to comment on this ticket.', output_text) # can view the milestone self.assertIn( 'Milestone', output_text) self.assertIn( '\n ' '\n 77\n', output_text) # but can't edit them self.assertNotIn( '', output_text) # can view depending self.assertIn( 'Depending on', output.get_data(as_text=True)) # can't edit depending on self.assertNotIn( '', output_text) # no checkbox for private self.assertNotIn( '', output_text) user.username = 'foo' with tests.user_set(self.app.application, user): output = self.app.get('/test/issue/1') self.assertEqual(output.status_code, 200) output_text = output.get_data(as_text=True) self.assertNotIn( '\n', output_text) self.assertNotIn( '\n', output_text) csrf_token = self.get_csrf(output=output) # no edit metadata self.assertNotIn( 'Login to comment on this ticket.', output_text) # can't see the custom field as a checkbox self.assertNotIn( '', output_text) # can view the milestone self.assertIn( 'Milestone', output.get_data(as_text=True)) self.assertIn( '\n 77', output.get_data(as_text=True)) # but can't edit them self.assertNotIn( '', output_text) # can view depending self.assertIn( 'Depending on', output_text) # can't edit depending on self.assertNotIn( '', output_text) # no checkbox for private self.assertNotIn( '', output_text) # Create private issue repo = pagure.lib.get_authorized_project(self.session, 'test') msg = pagure.lib.new_issue( session=self.session, repo=repo, title='Test issue', content='We should work on this', user='pingou', private=True, ) self.session.commit() self.assertEqual(msg.title, 'Test issue') # Not logged in output = self.app.get('/test/issue/2') self.assertEqual(output.status_code, 404) # Wrong user user = tests.FakeUser() with tests.user_set(self.app.application, user): output = self.app.get('/test/issue/2') self.assertEqual(output.status_code, 404) # reporter user.username = 'pingou' with tests.user_set(self.app.application, user): output = self.app.get('/test/issue/2') self.assertEqual(output.status_code, 200) output_text = output.get_data(as_text=True) self.assertIn( 'Issue #2: Test issue - test - Pagure', output_text) self.assertIn( '', output_text) self.assertIn( '\n', output_text) @patch('pagure.lib.git.update_git') @patch('pagure.lib.notify.send_email') def test_view_issue_ticket_access(self, p_send_email, p_ugt): """ Test the view_issue endpoint. when a user has ticket access on repo """ p_send_email.return_value = True p_ugt.return_value = True output = self.app.get('/foo/issue/1') self.assertEqual(output.status_code, 404) tests.create_projects(self.session) tests.create_projects_git( os.path.join(self.path, 'repos'), bare=True) output = self.app.get('/test/issue/1') self.assertEqual(output.status_code, 404) # Create issues to play with repo = pagure.lib.get_authorized_project(self.session, 'test') # Add user 'foo' with ticket access on repo msg = pagure.lib.add_user_to_project( self.session, repo, new_user='foo', user='pingou', access='ticket', ) self.assertEqual(msg, 'User added') self.session.commit() repo = pagure.lib.get_authorized_project(self.session, 'test') msg = pagure.lib.new_issue( session=self.session, repo=repo, title='Test issue', content='We should work on this', user='pingou', ) self.session.commit() self.assertEqual(msg.title, 'Test issue') # Add milestone repo.milestones = {'77': None} self.session.add(repo) issue = pagure.lib.search_issues( self.session, repo=repo, issueid=1 ) pagure.lib.edit_issue( self.session, issue, user='pingou', milestone='77' ) self.session.add(repo) self.session.add(issue) msg = pagure.lib.set_custom_key_fields( self.session, project=repo, fields=['abc', 'xyz'], types=['boolean', 'boolean'], data=[None, None], ) self.assertEqual(msg, 'List of custom fields updated') self.session.add(repo) msg = pagure.lib.set_custom_key_value( self.session, issue=issue, key=pagure.lib.get_custom_key(self.session, repo, 'abc'), value=1 ) self.session.add(issue) self.session.commit() output = self.app.get('/test/issue/1') self.assertEqual(output.status_code, 200) output_text = output.get_data(as_text=True) # Not authentified = No edit self.assertNotIn( '\n', output_text) self.assertIn( '' 'Login\n to comment on this ticket.', output_text) user = tests.FakeUser() with tests.user_set(self.app.application, user): output = self.app.get('/test/issue/1') self.assertEqual(output.status_code, 200) output_text = output.get_data(as_text=True) # Not author nor admin = No edit self.assertNotIn( '\n', output_text) self.assertNotIn( '\n', output_text) # no edit metadata self.assertNotIn( 'Login to comment on this ticket.', output_text) # can view the milestone self.assertIn( 'Milestone', output_text) self.assertIn( '\n 77', output_text) # but can't edit them self.assertNotIn( '', output_text) # can view depending self.assertIn( 'Depending on', output_text) # can't edit depending on self.assertNotIn( '', output_text) # no checkbox for private self.assertNotIn( '', output_text) user.username = 'foo' with tests.user_set(self.app.application, user): output = self.app.get('/test/issue/1') self.assertEqual(output.status_code, 200) output_text = output.get_data(as_text=True) # the user can't edit the issue self.assertNotIn( '\n', output_text) # the user still can't delete the ticket self.assertNotIn( '\n', output_text) csrf_token = self.get_csrf(output=output) # the user can do the following things # edit metadata self.assertIn( '\n 77', output_text) # can edit them self.assertIn( '\n
\n', output_text) # can view depending self.assertIn( 'Depending on', output_text) # can edit depending on self.assertIn( ' private # the other way round won't be possible since GET and POST # to this endpoint for this user will be blocked # checkbox for private self.assertIn( '', output_text) # Create private issue repo = pagure.lib.get_authorized_project(self.session, 'test') msg = pagure.lib.new_issue( session=self.session, repo=repo, title='Test issue', content='We should work on this', user='pingou', private=True, ) self.session.commit() self.assertEqual(msg.title, 'Test issue') # Not logged in output = self.app.get('/test/issue/2') self.assertEqual(output.status_code, 404) # Wrong user user = tests.FakeUser() with tests.user_set(self.app.application, user): output = self.app.get('/test/issue/2') self.assertEqual(output.status_code, 404) # reporter user.username = 'pingou' with tests.user_set(self.app.application, user): output = self.app.get('/test/issue/2') self.assertEqual(output.status_code, 200) output_text = output.get_data(as_text=True) self.assertIn( 'Issue #2: Test issue - test - Pagure', output_text) self.assertIn( '', output_text) self.assertIn( '\n', output_text) @patch('pagure.lib.git.update_git') @patch('pagure.lib.notify.send_email') def test_view_issue_commit_access(self, p_send_email, p_ugt): """ Test the view_issue endpoint. when a user has commit access on repo """ p_send_email.return_value = True p_ugt.return_value = True output = self.app.get('/foo/issue/1') self.assertEqual(output.status_code, 404) tests.create_projects(self.session) tests.create_projects_git( os.path.join(self.path, 'repos'), bare=True) output = self.app.get('/test/issue/1') self.assertEqual(output.status_code, 404) # Create issues to play with repo = pagure.lib.get_authorized_project(self.session, 'test') # Add user 'foo' with ticket access on repo msg = pagure.lib.add_user_to_project( self.session, repo, new_user='foo', user='pingou', access='commit', ) self.assertEqual(msg, 'User added') self.session.commit() repo = pagure.lib.get_authorized_project(self.session, 'test') msg = pagure.lib.new_issue( session=self.session, repo=repo, title='Test issue', content='We should work on this', user='pingou', ) self.session.commit() self.assertEqual(msg.title, 'Test issue') # Add milestone repo.milestones = {'77': None} self.session.add(repo) issue = pagure.lib.search_issues( self.session, repo=repo, issueid=1 ) pagure.lib.edit_issue( self.session, issue, user='pingou', milestone='77' ) self.session.add(repo) self.session.add(issue) msg = pagure.lib.set_custom_key_fields( self.session, project=repo, fields=['abc', 'xyz'], types=['boolean', 'boolean'], data=[None, None], ) self.assertEqual(msg, 'List of custom fields updated') self.session.add(repo) msg = pagure.lib.set_custom_key_value( self.session, issue=issue, key=pagure.lib.get_custom_key(self.session, repo, 'abc'), value=1 ) self.session.add(issue) self.session.commit() output = self.app.get('/test/issue/1') self.assertEqual(output.status_code, 200) output_text = output.get_data(as_text=True) # Not authentified = No edit self.assertNotIn( '\n', output_text) self.assertTrue( '' 'Login\n to comment on this ticket.', output_text) user = tests.FakeUser() with tests.user_set(self.app.application, user): output = self.app.get('/test/issue/1') self.assertEqual(output.status_code, 200) output_text = output.get_data(as_text=True) # Not author nor admin = No edit self.assertNotIn( '\n', output_text) self.assertNotIn( '\n', output_text) # no edit metadata self.assertNotIn( 'Login to comment on this ticket.', output_text) # can view the milestone self.assertIn( 'Milestone', output_text) self.assertIn( '\n 77', output_text) # but can't edit them self.assertNotIn( '', output_text) # can view depending self.assertIn( 'Depending on', output_text) # can't edit depending on self.assertNotIn( '', output_text) # no checkbox for private self.assertNotIn( '', output_text) user.username = 'foo' with tests.user_set(self.app.application, user): output = self.app.get('/test/issue/1') self.assertEqual(output.status_code, 200) output_text = output.get_data(as_text=True) # the user can edit the issue self.assertIn( '\n', output_text) # the user can delete the ticket self.assertIn( '\n', output_text) csrf_token = self.get_csrf(output=output) # the user can do the following things # edit metadata self.assertIn( '\n 77', output_text) # can edit them self.assertIn( '\n
\n', output_text) # can view depending self.assertIn( 'Depending on', output_text) # can edit depending on self.assertIn( ' private # the other way round won't be possible since GET and POST # to this endpoint for this user will be blocked # checkbox for private self.assertIn( '', output_text) # Create private issue repo = pagure.lib.get_authorized_project(self.session, 'test') msg = pagure.lib.new_issue( session=self.session, repo=repo, title='Test issue', content='We should work on this', user='pingou', private=True, ) self.session.commit() self.assertEqual(msg.title, 'Test issue') # Not logged in output = self.app.get('/test/issue/2') self.assertEqual(output.status_code, 404) # Wrong user user = tests.FakeUser() with tests.user_set(self.app.application, user): output = self.app.get('/test/issue/2') self.assertEqual(output.status_code, 404) # reporter user.username = 'pingou' with tests.user_set(self.app.application, user): output = self.app.get('/test/issue/2') self.assertEqual(output.status_code, 200) output_text = output.get_data(as_text=True) self.assertIn( 'Issue #2: Test issue - test - Pagure', output_text) self.assertIn( '', output_text) self.assertIn( '\n', output_text) @patch('pagure.lib.git.update_git') @patch('pagure.lib.notify.send_email') def test_view_issue_admin_access(self, p_send_email, p_ugt): """ Test the view_issue endpoint. when a user has admin access on repo """ p_send_email.return_value = True p_ugt.return_value = True output = self.app.get('/foo/issue/1') self.assertEqual(output.status_code, 404) tests.create_projects(self.session) tests.create_projects_git( os.path.join(self.path, 'repos'), bare=True) output = self.app.get('/test/issue/1') self.assertEqual(output.status_code, 404) # Create issues to play with repo = pagure.lib.get_authorized_project(self.session, 'test') # Add user 'foo' with ticket access on repo msg = pagure.lib.add_user_to_project( self.session, repo, new_user='foo', user='pingou', access='admin', ) self.assertEqual(msg, 'User added') self.session.commit() repo = pagure.lib.get_authorized_project(self.session, 'test') msg = pagure.lib.new_issue( session=self.session, repo=repo, title='Test issue', content='We should work on this', user='pingou', ) self.session.commit() self.assertEqual(msg.title, 'Test issue') # Add milestone repo.milestones = {'77': None} self.session.add(repo) issue = pagure.lib.search_issues( self.session, repo=repo, issueid=1 ) pagure.lib.edit_issue( self.session, issue, user='pingou', milestone='77' ) self.session.add(repo) self.session.add(issue) msg = pagure.lib.set_custom_key_fields( self.session, project=repo, fields=['abc', 'xyz'], types=['boolean', 'boolean'], data=[None, None], ) self.assertEqual(msg, 'List of custom fields updated') self.session.add(repo) msg = pagure.lib.set_custom_key_value( self.session, issue=issue, key=pagure.lib.get_custom_key(self.session, repo, 'abc'), value=1 ) self.session.add(issue) self.session.commit() output = self.app.get('/test/issue/1') self.assertEqual(output.status_code, 200) # Not authentified = No edit self.assertNotIn( '\n', output.get_data(as_text=True)) self.assertTrue( '' 'Login\n to comment on this ticket.' in output.get_data(as_text=True)) user = tests.FakeUser() with tests.user_set(self.app.application, user): output = self.app.get('/test/issue/1') self.assertEqual(output.status_code, 200) output_text = output.get_data(as_text=True) # Not author nor admin = No edit self.assertNotIn( '\n', output_text) self.assertNotIn( '\n', output_text) # no edit metadata self.assertNotIn( 'Login to comment on this ticket.', output_text) # can view the milestone self.assertIn( 'Milestone', output_text) self.assertIn( '\n 77', output_text) # but can't edit them self.assertNotIn( '', output_text) # can view depending self.assertIn( 'Depending on', output_text) # can't edit depending on self.assertNotIn( '', output_text) # no checkbox for private self.assertNotIn( '', output_text) user.username = 'foo' with tests.user_set(self.app.application, user): output = self.app.get('/test/issue/1') self.assertEqual(output.status_code, 200) output_text = output.get_data(as_text=True) # the user can edit the issue self.assertIn( '\n', output_text) self.assertIn( '\n', output_text) csrf_token = self.get_csrf(output=output) # the user can do the following things # edit metadata self.assertIn( '\n 77', output_text) # can edit them self.assertIn( '\n
\n', output_text) # can view depending self.assertIn( 'Depending on', output_text) # can edit depending on self.assertIn( ' private # the other way round won't be possible since GET and POST # to this endpoint for this user will be blocked # checkbox for private self.assertIn( '', output_text) # Create private issue repo = pagure.lib.get_authorized_project(self.session, 'test') msg = pagure.lib.new_issue( session=self.session, repo=repo, title='Test issue', content='We should work on this', user='pingou', private=True, ) self.session.commit() self.assertEqual(msg.title, 'Test issue') # Not logged in output = self.app.get('/test/issue/2') self.assertEqual(output.status_code, 404) # Wrong user user = tests.FakeUser() with tests.user_set(self.app.application, user): output = self.app.get('/test/issue/2') self.assertEqual(output.status_code, 404) # reporter user.username = 'pingou' with tests.user_set(self.app.application, user): output = self.app.get('/test/issue/2') self.assertEqual(output.status_code, 200) output_text = output.get_data(as_text=True) self.assertIn( 'Issue #2: Test issue - test - Pagure', output_text) self.assertIn( '', output_text) self.assertIn( '\n', output_text) if __name__ == '__main__': unittest.main(verbosity=2)