test_pagure_flask_ui_groups.py 24 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689
  1. # -*- coding: utf-8 -*-
  2. """
  3. (c) 2015-2016 - Copyright Red Hat Inc
  4. Authors:
  5. Pierre-Yves Chibon <pingou@pingoured.fr>
  6. """
  7. from __future__ import unicode_literals, absolute_import
  8. import unittest
  9. import shutil
  10. import sys
  11. import os
  12. import json
  13. from mock import patch
  14. sys.path.insert(
  15. 0, os.path.join(os.path.dirname(os.path.abspath(__file__)), "..")
  16. )
  17. import pagure.config
  18. import tests
  19. class PagureFlaskGroupstests(tests.Modeltests):
  20. """ Tests for flask groups controller of pagure """
  21. def test_group_lists(self):
  22. """ Test the group_lists endpoint. """
  23. output = self.app.get("/groups")
  24. self.assertIn(
  25. '<h3 class="font-weight-bold">\n'
  26. ' Groups <span class="badge badge-secondary">0</span>',
  27. output.get_data(as_text=True),
  28. )
  29. def test_add_group(self):
  30. """ Test the add_group endpoint. """
  31. output = self.app.get("/group/add")
  32. self.assertEqual(output.status_code, 302)
  33. user = tests.FakeUser()
  34. with tests.user_set(self.app.application, user):
  35. output = self.app.get("/group/add")
  36. self.assertEqual(output.status_code, 403)
  37. user.username = "pingou"
  38. with tests.user_set(self.app.application, user):
  39. output = self.app.get("/group/add")
  40. self.assertEqual(output.status_code, 200)
  41. self.assertIn(
  42. "<strong>Create new group</strong>",
  43. output.get_data(as_text=True),
  44. )
  45. self.assertNotIn(
  46. '<option value="admin">admin</option>',
  47. output.get_data(as_text=True),
  48. )
  49. csrf_token = (
  50. output.get_data(as_text=True)
  51. .split('name="csrf_token" type="hidden" value="')[1]
  52. .split('">')[0]
  53. )
  54. data = {}
  55. # Insufficient input
  56. output = self.app.post("/group/add", data=data)
  57. self.assertEqual(output.status_code, 200)
  58. self.assertIn(
  59. "<strong>Create new group</strong>",
  60. output.get_data(as_text=True),
  61. )
  62. self.assertEqual(
  63. output.get_data(as_text=True).count("This field is required."),
  64. 3,
  65. )
  66. data = {
  67. "group_name": "test_group",
  68. "display_name": "Test Group",
  69. "description": "This is a group for the tests",
  70. }
  71. # Missing CSRF
  72. output = self.app.post("/group/add", data=data)
  73. self.assertEqual(output.status_code, 200)
  74. self.assertIn(
  75. "<strong>Create new group</strong>",
  76. output.get_data(as_text=True),
  77. )
  78. self.assertEqual(
  79. output.get_data(as_text=True).count("This field is required."),
  80. 0,
  81. )
  82. data["csrf_token"] = csrf_token
  83. # All good
  84. output = self.app.post(
  85. "/group/add", data=data, follow_redirects=True
  86. )
  87. self.assertEqual(output.status_code, 200)
  88. self.assertIn(
  89. "User `pingou` added to " "the group `test_group`.",
  90. output.get_data(as_text=True),
  91. )
  92. self.assertIn(
  93. "Group `test_group` created.", output.get_data(as_text=True)
  94. )
  95. self.assertIn(
  96. '<h3 class="font-weight-bold">\n'
  97. ' Groups <span class="badge badge-secondary">1</span>',
  98. output.get_data(as_text=True),
  99. )
  100. user = tests.FakeUser(
  101. username="pingou", groups=pagure.config.config["ADMIN_GROUP"]
  102. )
  103. with tests.user_set(self.app.application, user):
  104. output = self.app.get("/group/add")
  105. self.assertEqual(output.status_code, 200)
  106. self.assertIn(
  107. "<strong>Create new group</strong>",
  108. output.get_data(as_text=True),
  109. )
  110. self.assertIn(
  111. '<option value="admin">admin</option>',
  112. output.get_data(as_text=True),
  113. )
  114. data = {
  115. "group_name": "test_admin_group",
  116. "group_type": "admin",
  117. "display_name": "Test Admin Group",
  118. "description": "This is another group for the tests",
  119. "csrf_token": csrf_token,
  120. }
  121. # All good
  122. output = self.app.post(
  123. "/group/add", data=data, follow_redirects=True
  124. )
  125. self.assertEqual(output.status_code, 200)
  126. self.assertIn(
  127. "User `pingou` added to " "the group `test_admin_group`.",
  128. output.get_data(as_text=True),
  129. )
  130. self.assertIn(
  131. "Group `test_admin_group` " "created.",
  132. output.get_data(as_text=True),
  133. )
  134. self.assertIn(
  135. '<h3 class="font-weight-bold">\n'
  136. ' Groups <span class="badge badge-secondary">2</span>',
  137. output.get_data(as_text=True),
  138. )
  139. def test_edit_group(self):
  140. """ Test the edit_group endpoint. """
  141. output = self.app.get("/group/test_group/edit")
  142. self.assertEqual(output.status_code, 302)
  143. user = tests.FakeUser()
  144. with tests.user_set(self.app.application, user):
  145. output = self.app.get("/group/test_group/edit")
  146. self.assertEqual(output.status_code, 404)
  147. self.assertIn(
  148. "<p>Group not found</p>", output.get_data(as_text=True)
  149. )
  150. self.test_add_group()
  151. user.username = "foo"
  152. with tests.user_set(self.app.application, user):
  153. output = self.app.get("/group/foo/edit")
  154. self.assertEqual(output.status_code, 404)
  155. self.assertIn(
  156. "<p>Group not found</p>", output.get_data(as_text=True)
  157. )
  158. output = self.app.get("/group/test_group/edit")
  159. self.assertEqual(output.status_code, 200)
  160. self.assertIn(
  161. "<title>Edit group: test_group - Pagure</title>",
  162. output.get_data(as_text=True),
  163. )
  164. self.assertIn(
  165. '<form action="/group/test_group/edit" method="post">',
  166. output.get_data(as_text=True),
  167. )
  168. self.assertIn(
  169. '<strong><label for="description">Description'
  170. "</label> </strong>",
  171. output.get_data(as_text=True),
  172. )
  173. csrf_token = (
  174. output.get_data(as_text=True)
  175. .split('name="csrf_token" type="hidden" value="')[1]
  176. .split('">')[0]
  177. )
  178. # Missing CSRF
  179. data = {
  180. "group_name": "test_group",
  181. "display_name": "Test Group edited",
  182. "description": "This is a group for the tests edited",
  183. }
  184. output = self.app.post(
  185. "/group/test_group/edit", data=data, follow_redirects=True
  186. )
  187. self.assertEqual(output.status_code, 200)
  188. self.assertIn(
  189. "<title>Edit group: test_group - Pagure</title>",
  190. output.get_data(as_text=True),
  191. )
  192. self.assertIn(
  193. '<form action="/group/test_group/edit" method="post">',
  194. output.get_data(as_text=True),
  195. )
  196. self.assertIn(
  197. '<strong><label for="description">Description'
  198. "</label> </strong>",
  199. output.get_data(as_text=True),
  200. )
  201. # User not allowed
  202. data["csrf_token"] = csrf_token
  203. output = self.app.post(
  204. "/group/test_group/edit", data=data, follow_redirects=True
  205. )
  206. self.assertEqual(output.status_code, 200)
  207. self.assertIn(
  208. "<title>Group test_group - Pagure</title>",
  209. output.get_data(as_text=True),
  210. )
  211. self.assertIn(
  212. "You are not " "allowed to edit this group",
  213. output.get_data(as_text=True),
  214. )
  215. self.assertIn(
  216. '<h3 class="mb-0 font-weight-bold">Test Group</h3>',
  217. output.get_data(as_text=True),
  218. )
  219. user.username = "pingou"
  220. with tests.user_set(self.app.application, user):
  221. # Invalid repo
  222. output = self.app.post(
  223. "/group/bar/edit", data=data, follow_redirects=True
  224. )
  225. self.assertEqual(output.status_code, 404)
  226. self.assertIn(
  227. "<p>Group not found</p>", output.get_data(as_text=True)
  228. )
  229. output = self.app.post(
  230. "/group/test_group/edit", data=data, follow_redirects=True
  231. )
  232. self.assertEqual(output.status_code, 200)
  233. self.assertIn(
  234. "<title>Group test_group - Pagure</title>",
  235. output.get_data(as_text=True),
  236. )
  237. self.assertIn(
  238. '<h3 class="mb-0 font-weight-bold">Test Group edited</h3>',
  239. output.get_data(as_text=True),
  240. )
  241. self.assertIn(
  242. "Group &#34;Test Group edited&#34; (test_group) edited",
  243. output.get_data(as_text=True),
  244. )
  245. def test_give_group(self):
  246. """ Test the give_group endpoint. """
  247. output = self.app.post("/group/test_group/give")
  248. self.assertEqual(output.status_code, 302)
  249. user = tests.FakeUser()
  250. with tests.user_set(self.app.application, user):
  251. output = self.app.post("/group/test_group/give")
  252. self.assertEqual(output.status_code, 404)
  253. self.assertIn(
  254. "<p>Group not found</p>", output.get_data(as_text=True)
  255. )
  256. self.test_add_group()
  257. user.username = "foo"
  258. with tests.user_set(self.app.application, user):
  259. output = self.app.post("/group/foo/give")
  260. self.assertEqual(output.status_code, 404)
  261. self.assertIn(
  262. "<p>Group not found</p>", output.get_data(as_text=True)
  263. )
  264. output = self.app.post("/group/test_group/give")
  265. self.assertEqual(output.status_code, 403)
  266. csrf_token = self.get_csrf()
  267. user.username = "pingou"
  268. with tests.user_set(self.app.application, user):
  269. # Missing CSRF
  270. data = {"username": "invalid"}
  271. output = self.app.post(
  272. "/group/test_group/give", data=data, follow_redirects=True
  273. )
  274. self.assertEqual(output.status_code, 200)
  275. output_text = output.get_data(as_text=True)
  276. self.assertIn(
  277. "<title>Group test_group - Pagure</title>", output_text
  278. )
  279. self.assertIn(
  280. 'administered by <a href="/user/pingou">pingou</a>',
  281. output_text,
  282. )
  283. # User not found
  284. data["csrf_token"] = csrf_token
  285. output = self.app.post(
  286. "/group/test_group/give", data=data, follow_redirects=True
  287. )
  288. self.assertEqual(output.status_code, 200)
  289. output_text = output.get_data(as_text=True)
  290. self.assertIn(
  291. "<title>Group test_group - Pagure</title>", output_text
  292. )
  293. self.assertIn(
  294. "</i> No user invalid found to give this group to</div>",
  295. output_text,
  296. )
  297. self.assertIn(
  298. 'administered by <a href="/user/pingou">pingou</a>',
  299. output_text,
  300. )
  301. # Working
  302. data["username"] = "foo"
  303. output = self.app.post(
  304. "/group/test_group/give", data=data, follow_redirects=True
  305. )
  306. self.assertEqual(output.status_code, 200)
  307. output_text = output.get_data(as_text=True)
  308. self.assertIn(
  309. "<title>Group test_group - Pagure</title>", output_text
  310. )
  311. self.assertIn("</i> Group given</div>", output_text)
  312. self.assertIn(
  313. 'administered by <a href="/user/foo">foo</a>', output_text
  314. )
  315. def test_group_delete(self):
  316. """ Test the group_delete endpoint. """
  317. output = self.app.post("/group/foo/delete")
  318. self.assertEqual(output.status_code, 302)
  319. user = tests.FakeUser()
  320. with tests.user_set(self.app.application, user):
  321. output = self.app.post("/group/foo/delete", follow_redirects=True)
  322. self.assertEqual(output.status_code, 200)
  323. self.assertIn(
  324. "<p>No groups have been created on this pagure instance "
  325. "yet</p>",
  326. output.get_data(as_text=True),
  327. )
  328. self.assertIn(
  329. '<h3 class="font-weight-bold">\n'
  330. ' Groups <span class="badge badge-secondary">0</span>',
  331. output.get_data(as_text=True),
  332. )
  333. self.test_add_group()
  334. with tests.user_set(self.app.application, user):
  335. output = self.app.post("/group/foo/delete", follow_redirects=True)
  336. self.assertEqual(output.status_code, 200)
  337. self.assertIn(
  338. '<h3 class="font-weight-bold">\n'
  339. ' Groups <span class="badge badge-secondary">1</span>',
  340. output.get_data(as_text=True),
  341. )
  342. output = self.app.get("/new/")
  343. csrf_token = (
  344. output.get_data(as_text=True)
  345. .split('name="csrf_token" type="hidden" value="')[1]
  346. .split('">')[0]
  347. )
  348. user.username = "foo"
  349. with tests.user_set(self.app.application, user):
  350. data = {"csrf_token": csrf_token}
  351. output = self.app.post(
  352. "/group/bar/delete", data=data, follow_redirects=True
  353. )
  354. self.assertEqual(output.status_code, 200)
  355. self.assertIn(
  356. "No group `bar` found", output.get_data(as_text=True)
  357. )
  358. self.assertIn(
  359. '<h3 class="font-weight-bold">\n'
  360. ' Groups <span class="badge badge-secondary">1</span>',
  361. output.get_data(as_text=True),
  362. )
  363. output = self.app.post(
  364. "/group/test_group/delete", data=data, follow_redirects=True
  365. )
  366. self.assertEqual(output.status_code, 200)
  367. self.assertIn(
  368. "You are not allowed to " "delete the group test_group",
  369. output.get_data(as_text=True),
  370. )
  371. self.assertIn(
  372. '<h3 class="font-weight-bold">\n'
  373. ' Groups <span class="badge badge-secondary">1</span>',
  374. output.get_data(as_text=True),
  375. )
  376. user.username = "bar"
  377. with tests.user_set(self.app.application, user):
  378. output = self.app.post(
  379. "/group/test_group/delete", data=data, follow_redirects=True
  380. )
  381. self.assertEqual(output.status_code, 404)
  382. user.username = "pingou"
  383. with tests.user_set(self.app.application, user):
  384. output = self.app.post(
  385. "/group/test_group/delete", data=data, follow_redirects=True
  386. )
  387. self.assertEqual(output.status_code, 200)
  388. self.assertIn(
  389. "Group `test_group` has " "been deleted",
  390. output.get_data(as_text=True),
  391. )
  392. self.assertIn(
  393. '<h3 class="font-weight-bold">\n'
  394. ' Groups <span class="badge badge-secondary">0</span>',
  395. output.get_data(as_text=True),
  396. )
  397. def test_view_group(self):
  398. """ Test the view_group endpoint. """
  399. output = self.app.get("/group/foo")
  400. self.assertEqual(output.status_code, 404)
  401. self.test_add_group()
  402. user = tests.FakeUser()
  403. with tests.user_set(self.app.application, user):
  404. output = self.app.get("/group/test_group")
  405. self.assertEqual(output.status_code, 200)
  406. self.assertIn(
  407. '<h3 class="mb-0 font-weight-bold">Test Group</h3>',
  408. output.get_data(as_text=True),
  409. )
  410. output = self.app.get("/group/test_admin_group")
  411. self.assertEqual(output.status_code, 404)
  412. user = tests.FakeUser(
  413. username="pingou", groups=pagure.config.config["ADMIN_GROUP"]
  414. )
  415. with tests.user_set(self.app.application, user):
  416. # Admin can see group of type admins
  417. output = self.app.get("/group/test_admin_group")
  418. self.assertEqual(output.status_code, 200)
  419. self.assertIn(
  420. '<h3 class="mb-0 font-weight-bold">Test Admin Group</h3>',
  421. output.get_data(as_text=True),
  422. )
  423. self.assertEqual(
  424. output.get_data(as_text=True).count('<a href="/user/'), 2
  425. )
  426. csrf_token = (
  427. output.get_data(as_text=True)
  428. .split('name="csrf_token" type="hidden" value="')[1]
  429. .split('">')[0]
  430. )
  431. # No CSRF
  432. data = {"user": "bar"}
  433. output = self.app.post("/group/test_admin_group", data=data)
  434. self.assertEqual(output.status_code, 200)
  435. self.assertIn(
  436. '<h3 class="mb-0 font-weight-bold">Test Admin Group</h3>',
  437. output.get_data(as_text=True),
  438. )
  439. self.assertEqual(
  440. output.get_data(as_text=True).count('<a href="/user/'), 2
  441. )
  442. # Invalid user
  443. data = {"user": "bar", "csrf_token": csrf_token}
  444. output = self.app.post(
  445. "/group/test_admin_group", data=data, follow_redirects=True
  446. )
  447. self.assertEqual(output.status_code, 200)
  448. self.assertIn("No user `bar` found", output.get_data(as_text=True))
  449. self.assertIn(
  450. '<h3 class="mb-0 font-weight-bold">Test Admin Group</h3>',
  451. output.get_data(as_text=True),
  452. )
  453. self.assertEqual(
  454. output.get_data(as_text=True).count('<a href="/user/'), 2
  455. )
  456. # All good
  457. data = {"user": "foo", "csrf_token": csrf_token}
  458. output = self.app.post("/group/test_admin_group", data=data)
  459. self.assertEqual(output.status_code, 200)
  460. self.assertIn(
  461. "User `foo` added to the " "group `test_admin_group`.",
  462. output.get_data(as_text=True),
  463. )
  464. self.assertIn(
  465. '<h3 class="mb-0 font-weight-bold">Test Admin Group</h3>',
  466. output.get_data(as_text=True),
  467. )
  468. self.assertEqual(
  469. output.get_data(as_text=True).count('<a href="/user/'), 3
  470. )
  471. def test_group_user_delete(self):
  472. """ Test the group_user_delete endpoint. """
  473. output = self.app.post("/group/foo/bar/delete")
  474. self.assertEqual(output.status_code, 302)
  475. user = tests.FakeUser()
  476. with tests.user_set(self.app.application, user):
  477. output = self.app.post(
  478. "/group/foo/bar/delete", follow_redirects=True
  479. )
  480. self.assertEqual(output.status_code, 404)
  481. self.test_add_group()
  482. user = tests.FakeUser()
  483. with tests.user_set(self.app.application, user):
  484. output = self.app.post(
  485. "/group/test_group/bar/delete", follow_redirects=True
  486. )
  487. self.assertEqual(output.status_code, 200)
  488. self.assertIn(
  489. '<h3 class="mb-0 font-weight-bold">Test Group</h3>',
  490. output.get_data(as_text=True),
  491. )
  492. self.assertEqual(
  493. output.get_data(as_text=True).count('<a href="/user/'), 2
  494. )
  495. output = self.app.get("/new/")
  496. csrf_token = (
  497. output.get_data(as_text=True)
  498. .split('name="csrf_token" type="hidden" value="')[1]
  499. .split('">')[0]
  500. )
  501. data = {"csrf_token": csrf_token}
  502. output = self.app.post(
  503. "/group/test_group/bar/delete",
  504. data=data,
  505. follow_redirects=True,
  506. )
  507. self.assertEqual(output.status_code, 200)
  508. self.assertIn("No user `bar` found", output.get_data(as_text=True))
  509. self.assertIn(
  510. '<h3 class="mb-0 font-weight-bold">Test Group</h3>',
  511. output.get_data(as_text=True),
  512. )
  513. self.assertEqual(
  514. output.get_data(as_text=True).count('<a href="/user/'), 2
  515. )
  516. output = self.app.post(
  517. "/group/test_group/foo/delete",
  518. data=data,
  519. follow_redirects=True,
  520. )
  521. self.assertEqual(output.status_code, 200)
  522. self.assertIn(
  523. "Could not find user " "username",
  524. output.get_data(as_text=True),
  525. )
  526. self.assertIn(
  527. '<h3 class="mb-0 font-weight-bold">Test Group</h3>',
  528. output.get_data(as_text=True),
  529. )
  530. self.assertEqual(
  531. output.get_data(as_text=True).count('<a href="/user/'), 2
  532. )
  533. user.username = "pingou"
  534. with tests.user_set(self.app.application, user):
  535. # User not in the group
  536. output = self.app.post(
  537. "/group/test_group/foo/delete",
  538. data=data,
  539. follow_redirects=True,
  540. )
  541. self.assertEqual(output.status_code, 200)
  542. self.assertIn(
  543. "User `foo` could not be " "found in the group `test_group`",
  544. output.get_data(as_text=True),
  545. )
  546. self.assertIn(
  547. '<h3 class="mb-0 font-weight-bold">Test Group</h3>',
  548. output.get_data(as_text=True),
  549. )
  550. self.assertEqual(
  551. output.get_data(as_text=True).count('<a href="/user/'), 2
  552. )
  553. # Cannot delete creator
  554. output = self.app.post(
  555. "/group/test_group/foo/delete",
  556. data=data,
  557. follow_redirects=True,
  558. )
  559. self.assertEqual(output.status_code, 200)
  560. self.assertIn(
  561. "User `foo` could not be " "found in the group `test_group`",
  562. output.get_data(as_text=True),
  563. )
  564. self.assertIn(
  565. '<h3 class="mb-0 font-weight-bold">Test Group</h3>',
  566. output.get_data(as_text=True),
  567. )
  568. self.assertEqual(
  569. output.get_data(as_text=True).count('<a href="/user/'), 2
  570. )
  571. # Add user foo
  572. data = {"user": "foo", "csrf_token": csrf_token}
  573. output = self.app.post("/group/test_group", data=data)
  574. self.assertEqual(output.status_code, 200)
  575. self.assertIn(
  576. "User `foo` added to the " "group `test_group`.",
  577. output.get_data(as_text=True),
  578. )
  579. self.assertIn(
  580. '<h3 class="mb-0 font-weight-bold">Test Group</h3>',
  581. output.get_data(as_text=True),
  582. )
  583. self.assertEqual(
  584. output.get_data(as_text=True).count('<a href="/user/'), 3
  585. )
  586. output = self.app.post(
  587. "/group/test_group/foo/delete",
  588. data=data,
  589. follow_redirects=True,
  590. )
  591. self.assertEqual(output.status_code, 200)
  592. self.assertIn(
  593. "User `foo` removed from " "the group `test_group`",
  594. output.get_data(as_text=True),
  595. )
  596. self.assertIn(
  597. '<h3 class="mb-0 font-weight-bold">Test Group</h3>',
  598. output.get_data(as_text=True),
  599. )
  600. self.assertEqual(
  601. output.get_data(as_text=True).count('<a href="/user/'), 2
  602. )
  603. if __name__ == "__main__":
  604. unittest.main(verbosity=2)