| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059 |
- #!/usr/bin/env python
- # coding=utf-8
- """
- (c) 2017 - Copyright Red Hat Inc
- Authors:
- Vivek Anand <vivekanand1101@gmail.com>
- """
- from __future__ import unicode_literals, absolute_import
- from unittest.case import SkipTest
- import json
- import unittest
- import shutil
- import sys
- import os
- try:
- import pyclamd
- except ImportError:
- pyclamd = None
- import tempfile
- import pygit2
- from mock import patch
- sys.path.insert(
- 0, os.path.join(os.path.dirname(os.path.abspath(__file__)), "..")
- )
- import pagure.config
- import pagure.lib.query
- import tests
- class PagureFlaskIssuesACLtests(tests.Modeltests):
- """Tests for flask issues controller of pagure for acls"""
- @patch("pagure.lib.git.update_git")
- @patch("pagure.lib.notify.send_email")
- def test_view_issue_no_access(self, p_send_email, p_ugt):
- """Test the view_issue endpoint. when a user has no access on repo"""
- p_send_email.return_value = True
- p_ugt.return_value = True
- output = self.app.get("/foo/issue/1")
- self.assertEqual(output.status_code, 404)
- tests.create_projects(self.session)
- tests.create_projects_git(os.path.join(self.path, "repos"), bare=True)
- output = self.app.get("/test/issue/1")
- self.assertEqual(output.status_code, 404)
- # Create issues to play with
- repo = pagure.lib.query.get_authorized_project(self.session, "test")
- msg = pagure.lib.query.new_issue(
- session=self.session,
- repo=repo,
- title="Test issue",
- content="We should work on this",
- user="pingou",
- )
- self.session.commit()
- self.assertEqual(msg.title, "Test issue")
- # Add milestone
- repo.milestones = {"77": None}
- self.session.add(repo)
- issue = pagure.lib.query.search_issues(
- self.session, repo=repo, issueid=1
- )
- pagure.lib.query.edit_issue(
- self.session, issue, user="pingou", milestone="77"
- )
- self.session.add(repo)
- self.session.add(issue)
- msg = pagure.lib.query.set_custom_key_fields(
- self.session,
- project=repo,
- fields=["abc", "xyz"],
- types=["boolean", "boolean"],
- data=[None, None],
- )
- self.assertEqual(msg, "List of custom fields updated")
- self.session.add(repo)
- msg = pagure.lib.query.set_custom_key_value(
- self.session,
- issue=issue,
- key=pagure.lib.query.get_custom_key(self.session, repo, "abc"),
- value=1,
- )
- self.session.add(issue)
- self.session.commit()
- output = self.app.get("/test/issue/1")
- self.assertEqual(output.status_code, 200)
- # Not authentified = No edit
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output.get_data(as_text=True),
- )
- self.assertTrue(
- '<a href="/login/?next=http%3A%2F%2Flocalhost%2Ftest%2Fissue%2F1">'
- "Log in</a>\n to comment on this ticket."
- in output.get_data(as_text=True)
- )
- user = tests.FakeUser()
- with tests.user_set(self.app.application, user):
- output = self.app.get("/test/issue/1")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- # Not author nor admin = No edit
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text,
- )
- self.assertNotIn(
- '<a class="dropdown-item text-danger pointer" id="closeticket"\n'
- ' title="Delete this ticket">\n',
- output.get_data(as_text=True),
- )
- # no edit metadata
- self.assertNotIn(
- '<a class="btn btn-outline-primary border-0 btn-sm issue-metadata-display'
- ' editmetadatatoggle pointer inline-block"">'
- '<i class="fa fa-fw fa-pencil">',
- output_text,
- )
- self.assertNotIn(
- '<a href="/login/">Log in</a> to comment on this ticket.',
- output_text,
- )
- # can view the milestone
- self.assertIn("<strong>Milestone</strong>", output_text)
- self.assertIn(
- '\n <a href="/test/roadmap/77/">'
- "\n 77\n",
- output_text,
- )
- # but can't edit them
- self.assertNotIn(
- '<select class="form-control c-select" id="milestone" '
- ' name="milestone"><option value=""></option><option '
- 'selected value="77">77</option></select>',
- output_text,
- )
- # can view depending
- self.assertIn(
- "<strong>Depending on</strong>", output.get_data(as_text=True)
- )
- # can't edit depending on
- self.assertNotIn(
- '<input class="form-control" id="depending" type="text"\n\
- placeholder="issue depending" name="depending"\n\
- value="" />',
- output_text,
- )
- # no checkbox for private
- self.assertNotIn(
- '<input id="private" name="private" type="checkbox" value="y">',
- output_text,
- )
- user.username = "foo"
- with tests.user_set(self.app.application, user):
- output = self.app.get("/test/issue/1")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text,
- )
- self.assertNotIn(
- '<a class="dropdown-item text-danger pointer" id="closeticket"\n'
- ' title="Delete this ticket">\n',
- output_text,
- )
- csrf_token = self.get_csrf(output=output)
- # no edit metadata
- self.assertNotIn(
- '<a class="btn btn-outline-primary border-0 btn-sm issue-metadata-display'
- ' editmetadatatoggle pointer inline-block">'
- '<i class="fa fa-fw fa-pencil">',
- output_text,
- )
- self.assertNotIn(
- '<a href="/login/">Log in</a> to comment on this ticket.',
- output_text,
- )
- # can't see the custom field as a checkbox
- self.assertNotIn(
- '<input type="checkbox" '
- 'class="form-control" name="abc" id="abc"checked/>',
- output_text,
- )
- # can view the milestone
- self.assertIn(
- "<strong>Milestone</strong>", output.get_data(as_text=True)
- )
- self.assertIn(
- '<a href="/test/roadmap/77/">\n 77',
- output.get_data(as_text=True),
- )
- # but can't edit them
- self.assertNotIn(
- '<select class="form-control c-select" id="milestone" '
- ' name="milestone"><option value=""></option><option '
- 'selected value="77">77</option></select>',
- output_text,
- )
- # can view depending
- self.assertIn("<strong>Depending on</strong>", output_text)
- # can't edit depending on
- self.assertNotIn(
- '<input class="form-control" id="depending" type="text"\n\
- placeholder="issue depending" name="depending"\n\
- value="" />',
- output_text,
- )
- # no checkbox for private
- self.assertNotIn(
- '<input id="private" name="private" type="checkbox" value="y">',
- output_text,
- )
- # Create private issue
- repo = pagure.lib.query.get_authorized_project(self.session, "test")
- msg = pagure.lib.query.new_issue(
- session=self.session,
- repo=repo,
- title="Test issue",
- content="We should work on this",
- user="pingou",
- private=True,
- )
- self.session.commit()
- self.assertEqual(msg.title, "Test issue")
- # Not logged in
- output = self.app.get("/test/issue/2")
- self.assertEqual(output.status_code, 404)
- # Wrong user
- user = tests.FakeUser()
- with tests.user_set(self.app.application, user):
- output = self.app.get("/test/issue/2")
- self.assertEqual(output.status_code, 404)
- # reporter
- user.username = "pingou"
- with tests.user_set(self.app.application, user):
- output = self.app.get("/test/issue/2")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- "<title>Issue #2: Test issue - test - Pagure</title>",
- output_text,
- )
- self.assertIn(
- '<span title="Private ticket" class="text-danger '
- 'fa fa-fw fa-lock"></span>',
- output_text,
- )
- self.assertIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/2/edit" title="Edit this issue">\n',
- output_text,
- )
- @patch("pagure.lib.git.update_git")
- @patch("pagure.lib.notify.send_email")
- def test_view_issue_ticket_access(self, p_send_email, p_ugt):
- """Test the view_issue endpoint. when a user has ticket access on repo"""
- p_send_email.return_value = True
- p_ugt.return_value = True
- output = self.app.get("/foo/issue/1")
- self.assertEqual(output.status_code, 404)
- tests.create_projects(self.session)
- tests.create_projects_git(os.path.join(self.path, "repos"), bare=True)
- output = self.app.get("/test/issue/1")
- self.assertEqual(output.status_code, 404)
- # Create issues to play with
- repo = pagure.lib.query.get_authorized_project(self.session, "test")
- # Add user 'foo' with ticket access on repo
- msg = pagure.lib.query.add_user_to_project(
- self.session, repo, new_user="foo", user="pingou", access="ticket"
- )
- self.assertEqual(msg, "User added")
- self.session.commit()
- repo = pagure.lib.query.get_authorized_project(self.session, "test")
- msg = pagure.lib.query.new_issue(
- session=self.session,
- repo=repo,
- title="Test issue",
- content="We should work on this",
- user="pingou",
- )
- self.session.commit()
- self.assertEqual(msg.title, "Test issue")
- # Add milestone
- repo.milestones = {"77": None}
- self.session.add(repo)
- issue = pagure.lib.query.search_issues(
- self.session, repo=repo, issueid=1
- )
- pagure.lib.query.edit_issue(
- self.session, issue, user="pingou", milestone="77"
- )
- self.session.add(repo)
- self.session.add(issue)
- msg = pagure.lib.query.set_custom_key_fields(
- self.session,
- project=repo,
- fields=["abc", "xyz"],
- types=["boolean", "boolean"],
- data=[None, None],
- )
- self.assertEqual(msg, "List of custom fields updated")
- self.session.add(repo)
- msg = pagure.lib.query.set_custom_key_value(
- self.session,
- issue=issue,
- key=pagure.lib.query.get_custom_key(self.session, repo, "abc"),
- value=1,
- )
- self.session.add(issue)
- self.session.commit()
- output = self.app.get("/test/issue/1")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- # Not authentified = No edit
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text,
- )
- self.assertIn(
- '<a href="/login/?next=http%3A%2F%2Flocalhost%2Ftest%2Fissue%2F1">'
- "Log in</a>\n to comment on this ticket.",
- output_text,
- )
- user = tests.FakeUser()
- with tests.user_set(self.app.application, user):
- output = self.app.get("/test/issue/1")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- # Not author nor admin = No edit
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text,
- )
- self.assertNotIn(
- '<a class="dropdown-item text-danger pointer" id="closeticket"\n'
- ' title="Delete this ticket">\n',
- output_text,
- )
- # no edit metadata
- self.assertNotIn(
- '<a class="btn btn-outline-primary border-0 btn-sm issue-metadata-display'
- ' editmetadatatoggle pointer inline-block">'
- '<i class="fa fa-fw fa-pencil">',
- output_text,
- )
- self.assertNotIn(
- '<a href="/login/">Log in</a> to comment on this ticket.',
- output_text,
- )
- # can view the milestone
- self.assertIn("<strong>Milestone</strong>", output_text)
- self.assertIn(
- '<a href="/test/roadmap/77/">\n 77',
- output_text,
- )
- # but can't edit them
- self.assertNotIn(
- '<select class="form-control c-select" id="milestone" '
- ' name="milestone"><option value=""></option><option '
- 'selected value="77">77</option></select>',
- output_text,
- )
- # can view depending
- self.assertIn("<strong>Depending on</strong>", output_text)
- # can't edit depending on
- self.assertNotIn(
- '<input class="form-control" id="depending" type="text"\n\
- placeholder="issue depending" name="depending"\n\
- value="" />',
- output_text,
- )
- # no checkbox for private
- self.assertNotIn(
- '<input id="private" name="private" type="checkbox" value="y">',
- output_text,
- )
- user.username = "foo"
- with tests.user_set(self.app.application, user):
- output = self.app.get("/test/issue/1")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- # the user can't edit the issue
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text,
- )
- # the user still can't delete the ticket
- self.assertNotIn(
- '<a class="dropdown-item text-danger pointer" id="closeticket"\n'
- ' title="Delete this ticket">\n',
- output_text,
- )
- csrf_token = self.get_csrf(output=output)
- # the user can do the following things
- # edit metadata
- self.assertIn(
- '<a class="btn btn-outline-primary border-0 btn-sm '
- "issue-metadata-display editmetadatatoggle pointer inline-block"
- '"><i class="fa fa-fw fa-pencil"></i></a>',
- output_text,
- )
- # can view the milestone
- self.assertIn("<strong>Milestone</strong>", output_text)
- self.assertIn(
- '<a href="/test/roadmap/77/">\n 77',
- output_text,
- )
- # can edit them
- self.assertIn(
- '<select class="form-control c-select" id="milestone" '
- 'name="milestone"><option value=""></option><option selected '
- 'value="77">77</option></select>\n <div>\n',
- output_text,
- )
- # can view depending
- self.assertIn("<strong>Depending on</strong>", output_text)
- # can edit depending on
- self.assertIn(
- '<input class="form-control" id="depending" type="text"'
- '\n placeholder="issue depending" name="depending"\n',
- output_text,
- )
- # the user should be able to do public -> private
- # the other way round won't be possible since GET and POST
- # to this endpoint for this user will be blocked
- # checkbox for private
- self.assertIn(
- '<input id="private" name="private" type="checkbox" value="y">',
- output_text,
- )
- # Create private issue
- repo = pagure.lib.query.get_authorized_project(self.session, "test")
- msg = pagure.lib.query.new_issue(
- session=self.session,
- repo=repo,
- title="Test issue",
- content="We should work on this",
- user="pingou",
- private=True,
- )
- self.session.commit()
- self.assertEqual(msg.title, "Test issue")
- # Not logged in
- output = self.app.get("/test/issue/2")
- self.assertEqual(output.status_code, 404)
- # Wrong user
- user = tests.FakeUser()
- with tests.user_set(self.app.application, user):
- output = self.app.get("/test/issue/2")
- self.assertEqual(output.status_code, 404)
- # reporter
- user.username = "pingou"
- with tests.user_set(self.app.application, user):
- output = self.app.get("/test/issue/2")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- "<title>Issue #2: Test issue - test - Pagure</title>",
- output_text,
- )
- self.assertIn(
- '<span title="Private ticket" class="text-danger '
- 'fa fa-fw fa-lock"></span>',
- output_text,
- )
- self.assertIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/2/edit" title="Edit this issue">\n',
- output_text,
- )
- @patch("pagure.lib.git.update_git")
- @patch("pagure.lib.notify.send_email")
- def test_view_issue_commit_access(self, p_send_email, p_ugt):
- """Test the view_issue endpoint. when a user has commit access on repo"""
- p_send_email.return_value = True
- p_ugt.return_value = True
- output = self.app.get("/foo/issue/1")
- self.assertEqual(output.status_code, 404)
- tests.create_projects(self.session)
- tests.create_projects_git(os.path.join(self.path, "repos"), bare=True)
- output = self.app.get("/test/issue/1")
- self.assertEqual(output.status_code, 404)
- # Create issues to play with
- repo = pagure.lib.query.get_authorized_project(self.session, "test")
- # Add user 'foo' with ticket access on repo
- msg = pagure.lib.query.add_user_to_project(
- self.session, repo, new_user="foo", user="pingou", access="commit"
- )
- self.assertEqual(msg, "User added")
- self.session.commit()
- repo = pagure.lib.query.get_authorized_project(self.session, "test")
- msg = pagure.lib.query.new_issue(
- session=self.session,
- repo=repo,
- title="Test issue",
- content="We should work on this",
- user="pingou",
- )
- self.session.commit()
- self.assertEqual(msg.title, "Test issue")
- # Add milestone
- repo.milestones = {"77": None}
- self.session.add(repo)
- issue = pagure.lib.query.search_issues(
- self.session, repo=repo, issueid=1
- )
- pagure.lib.query.edit_issue(
- self.session, issue, user="pingou", milestone="77"
- )
- self.session.add(repo)
- self.session.add(issue)
- msg = pagure.lib.query.set_custom_key_fields(
- self.session,
- project=repo,
- fields=["abc", "xyz"],
- types=["boolean", "boolean"],
- data=[None, None],
- )
- self.assertEqual(msg, "List of custom fields updated")
- self.session.add(repo)
- msg = pagure.lib.query.set_custom_key_value(
- self.session,
- issue=issue,
- key=pagure.lib.query.get_custom_key(self.session, repo, "abc"),
- value=1,
- )
- self.session.add(issue)
- self.session.commit()
- output = self.app.get("/test/issue/1")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- # Not authentified = No edit
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text,
- )
- self.assertTrue(
- '<a href="/login/?next=http%3A%2F%2Flocalhost%2Ftest%2Fissue%2F1">'
- "Log in</a>\n to comment on this ticket.",
- output_text,
- )
- user = tests.FakeUser()
- with tests.user_set(self.app.application, user):
- output = self.app.get("/test/issue/1")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- # Not author nor admin = No edit
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text,
- )
- self.assertNotIn(
- '<a class="dropdown-item text-danger pointer" id="closeticket"\n'
- ' title="Delete this ticket">\n',
- output_text,
- )
- # no edit metadata
- self.assertNotIn(
- '<a class="btn btn-outline-primary border-0 btn-sm issue-metadata-display'
- ' editmetadatatoggle pointer inline-block">'
- '<i class="fa fa-fw fa-pencil">',
- output_text,
- )
- self.assertNotIn(
- '<a href="/login/">Log in</a> to comment on this ticket.',
- output_text,
- )
- # can view the milestone
- self.assertIn("<strong>Milestone</strong>", output_text)
- self.assertIn(
- '<a href="/test/roadmap/77/">\n 77',
- output_text,
- )
- # but can't edit them
- self.assertNotIn(
- '<select class="form-control c-select" id="milestone" '
- ' name="milestone"><option value=""></option><option '
- 'selected value="77">77</option></select>',
- output_text,
- )
- # can view depending
- self.assertIn("<strong>Depending on</strong>", output_text)
- # can't edit depending on
- self.assertNotIn(
- '<input class="form-control" id="depending" type="text"\n\
- placeholder="issue depending" name="depending"\n\
- value="" />',
- output_text,
- )
- # no checkbox for private
- self.assertNotIn(
- '<input id="private" name="private" type="checkbox" value="y">',
- output_text,
- )
- user.username = "foo"
- with tests.user_set(self.app.application, user):
- output = self.app.get("/test/issue/1")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- # the user can edit the issue
- self.assertIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text,
- )
- # the user can delete the ticket
- self.assertIn(
- '<a class="dropdown-item text-danger pointer" id="closeticket"\n'
- ' title="Delete this ticket">\n',
- output_text,
- )
- csrf_token = self.get_csrf(output=output)
- # the user can do the following things
- # edit metadata
- self.assertIn(
- '<a class="btn btn-outline-primary border-0 btn-sm '
- "issue-metadata-display editmetadatatoggle pointer inline-block"
- '"><i class="fa fa-fw fa-pencil"></i></a>',
- output_text,
- )
- # can view the milestone
- self.assertIn("<strong>Milestone</strong>", output_text)
- self.assertIn(
- '<a href="/test/roadmap/77/">\n 77',
- output_text,
- )
- # can edit them
- self.assertIn(
- '<select class="form-control c-select" id="milestone" '
- 'name="milestone"><option value=""></option><option selected '
- 'value="77">77</option></select>\n <div>\n',
- output_text,
- )
- # can view depending
- self.assertIn("<strong>Depending on</strong>", output_text)
- # can edit depending on
- self.assertIn(
- '<input class="form-control" id="depending" type="text"'
- '\n placeholder="issue depending" name="depending"\n',
- output_text,
- )
- # the user should be able to do public -> private
- # the other way round won't be possible since GET and POST
- # to this endpoint for this user will be blocked
- # checkbox for private
- self.assertIn(
- '<input id="private" name="private" type="checkbox" value="y">',
- output_text,
- )
- # Create private issue
- repo = pagure.lib.query.get_authorized_project(self.session, "test")
- msg = pagure.lib.query.new_issue(
- session=self.session,
- repo=repo,
- title="Test issue",
- content="We should work on this",
- user="pingou",
- private=True,
- )
- self.session.commit()
- self.assertEqual(msg.title, "Test issue")
- # Not logged in
- output = self.app.get("/test/issue/2")
- self.assertEqual(output.status_code, 404)
- # Wrong user
- user = tests.FakeUser()
- with tests.user_set(self.app.application, user):
- output = self.app.get("/test/issue/2")
- self.assertEqual(output.status_code, 404)
- # reporter
- user.username = "pingou"
- with tests.user_set(self.app.application, user):
- output = self.app.get("/test/issue/2")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- "<title>Issue #2: Test issue - test - Pagure</title>",
- output_text,
- )
- self.assertIn(
- '<span title="Private ticket" class="text-danger '
- 'fa fa-fw fa-lock"></span>',
- output_text,
- )
- self.assertIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/2/edit" title="Edit this issue">\n',
- output_text,
- )
- @patch("pagure.lib.git.update_git")
- @patch("pagure.lib.notify.send_email")
- def test_view_issue_admin_access(self, p_send_email, p_ugt):
- """Test the view_issue endpoint. when a user has admin access on repo"""
- p_send_email.return_value = True
- p_ugt.return_value = True
- output = self.app.get("/foo/issue/1")
- self.assertEqual(output.status_code, 404)
- tests.create_projects(self.session)
- tests.create_projects_git(os.path.join(self.path, "repos"), bare=True)
- output = self.app.get("/test/issue/1")
- self.assertEqual(output.status_code, 404)
- # Create issues to play with
- repo = pagure.lib.query.get_authorized_project(self.session, "test")
- # Add user 'foo' with ticket access on repo
- msg = pagure.lib.query.add_user_to_project(
- self.session, repo, new_user="foo", user="pingou", access="admin"
- )
- self.assertEqual(msg, "User added")
- self.session.commit()
- repo = pagure.lib.query.get_authorized_project(self.session, "test")
- msg = pagure.lib.query.new_issue(
- session=self.session,
- repo=repo,
- title="Test issue",
- content="We should work on this",
- user="pingou",
- )
- self.session.commit()
- self.assertEqual(msg.title, "Test issue")
- # Add milestone
- repo.milestones = {"77": None}
- self.session.add(repo)
- issue = pagure.lib.query.search_issues(
- self.session, repo=repo, issueid=1
- )
- pagure.lib.query.edit_issue(
- self.session, issue, user="pingou", milestone="77"
- )
- self.session.add(repo)
- self.session.add(issue)
- msg = pagure.lib.query.set_custom_key_fields(
- self.session,
- project=repo,
- fields=["abc", "xyz"],
- types=["boolean", "boolean"],
- data=[None, None],
- )
- self.assertEqual(msg, "List of custom fields updated")
- self.session.add(repo)
- msg = pagure.lib.query.set_custom_key_value(
- self.session,
- issue=issue,
- key=pagure.lib.query.get_custom_key(self.session, repo, "abc"),
- value=1,
- )
- self.session.add(issue)
- self.session.commit()
- output = self.app.get("/test/issue/1")
- self.assertEqual(output.status_code, 200)
- # Not authentified = No edit
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output.get_data(as_text=True),
- )
- self.assertTrue(
- '<a href="/login/?next=http%3A%2F%2Flocalhost%2Ftest%2Fissue%2F1">'
- "Log in</a>\n to comment on this ticket."
- in output.get_data(as_text=True)
- )
- user = tests.FakeUser()
- with tests.user_set(self.app.application, user):
- output = self.app.get("/test/issue/1")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- # Not author nor admin = No edit
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text,
- )
- self.assertNotIn(
- '<a class="dropdown-item text-danger pointer" id="closeticket"\n'
- ' title="Delete this ticket">\n',
- output_text,
- )
- # no edit metadata
- self.assertNotIn(
- '<a class="btn btn-outline-primary border-0 btn-sm issue-metadata-display'
- ' editmetadatatoggle pointer inline-block">'
- '<i class="fa fa-fw fa-pencil">',
- output_text,
- )
- self.assertNotIn(
- '<a href="/login/">Log in</a> to comment on this ticket.',
- output_text,
- )
- # can view the milestone
- self.assertIn("<strong>Milestone</strong>", output_text)
- self.assertIn(
- '<a href="/test/roadmap/77/">\n 77',
- output_text,
- )
- # but can't edit them
- self.assertNotIn(
- '<select class="form-control c-select" id="milestone" '
- ' name="milestone"><option value=""></option><option '
- 'selected value="77">77</option></select>',
- output_text,
- )
- # can view depending
- self.assertIn("<strong>Depending on</strong>", output_text)
- # can't edit depending on
- self.assertNotIn(
- '<input class="form-control" id="depending" type="text"\n\
- placeholder="issue depending" name="depending"\n\
- value="" />',
- output_text,
- )
- # no checkbox for private
- self.assertNotIn(
- '<input id="private" name="private" type="checkbox" value="y">',
- output_text,
- )
- user.username = "foo"
- with tests.user_set(self.app.application, user):
- output = self.app.get("/test/issue/1")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- # the user can edit the issue
- self.assertIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text,
- )
- self.assertIn(
- '<a class="dropdown-item text-danger pointer" id="closeticket"\n'
- ' title="Delete this ticket">\n',
- output_text,
- )
- csrf_token = self.get_csrf(output=output)
- # the user can do the following things
- # edit metadata
- self.assertIn(
- '<a class="btn btn-outline-primary border-0 btn-sm '
- "issue-metadata-display editmetadatatoggle pointer inline-block"
- '"><i class="fa fa-fw fa-pencil"></i></a>',
- output_text,
- )
- # can view the milestone
- self.assertIn("<strong>Milestone</strong>", output_text)
- self.assertIn(
- '<a href="/test/roadmap/77/">\n 77',
- output_text,
- )
- # can edit them
- self.assertIn(
- '<select class="form-control c-select" id="milestone" '
- 'name="milestone"><option value=""></option><option selected '
- 'value="77">77</option></select>\n <div>\n',
- output_text,
- )
- # can view depending
- self.assertIn("<strong>Depending on</strong>", output_text)
- # can edit depending on
- self.assertIn(
- '<input class="form-control" id="depending" type="text"'
- '\n placeholder="issue depending" name="depending"\n',
- output_text,
- )
- # the user should be able to do public -> private
- # the other way round won't be possible since GET and POST
- # to this endpoint for this user will be blocked
- # checkbox for private
- self.assertIn(
- '<input id="private" name="private" type="checkbox" value="y">',
- output_text,
- )
- # Create private issue
- repo = pagure.lib.query.get_authorized_project(self.session, "test")
- msg = pagure.lib.query.new_issue(
- session=self.session,
- repo=repo,
- title="Test issue",
- content="We should work on this",
- user="pingou",
- private=True,
- )
- self.session.commit()
- self.assertEqual(msg.title, "Test issue")
- # Not logged in
- output = self.app.get("/test/issue/2")
- self.assertEqual(output.status_code, 404)
- # Wrong user
- user = tests.FakeUser()
- with tests.user_set(self.app.application, user):
- output = self.app.get("/test/issue/2")
- self.assertEqual(output.status_code, 404)
- # reporter
- user.username = "pingou"
- with tests.user_set(self.app.application, user):
- output = self.app.get("/test/issue/2")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- "<title>Issue #2: Test issue - test - Pagure</title>",
- output_text,
- )
- self.assertIn(
- '<span title="Private ticket" class="text-danger '
- 'fa fa-fw fa-lock"></span>',
- output_text,
- )
- self.assertIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/2/edit" title="Edit this issue">\n',
- output_text,
- )
- if __name__ == "__main__":
- unittest.main(verbosity=2)
|
