1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045 |
- #!/usr/bin/env python
- # coding=utf-8
- """
- (c) 2017 - Copyright Red Hat Inc
- Authors:
- Vivek Anand <vivekanand1101@gmail.com>
- """
- from __future__ import unicode_literals
- __requires__ = ['SQLAlchemy >= 0.8']
- import pkg_resources
- from unittest.case import SkipTest
- import json
- import unittest
- import shutil
- import sys
- import os
- try:
- import pyclamd
- except ImportError:
- pyclamd = None
- import tempfile
- import pygit2
- from mock import patch
- sys.path.insert(0, os.path.join(os.path.dirname(
- os.path.abspath(__file__)), '..'))
- import pagure.config
- import pagure.lib
- import tests
- class PagureFlaskIssuesACLtests(tests.Modeltests):
- """ Tests for flask issues controller of pagure for acls """
- @patch('pagure.lib.git.update_git')
- @patch('pagure.lib.notify.send_email')
- def test_view_issue_no_access(self, p_send_email, p_ugt):
- """ Test the view_issue endpoint. when a user has no access on repo """
- p_send_email.return_value = True
- p_ugt.return_value = True
- output = self.app.get('/foo/issue/1')
- self.assertEqual(output.status_code, 404)
- tests.create_projects(self.session)
- tests.create_projects_git(
- os.path.join(self.path, 'repos'), bare=True)
- output = self.app.get('/test/issue/1')
- self.assertEqual(output.status_code, 404)
- # Create issues to play with
- repo = pagure.lib.get_authorized_project(self.session, 'test')
- msg = pagure.lib.new_issue(
- session=self.session,
- repo=repo,
- title='Test issue',
- content='We should work on this',
- user='pingou',
- )
- self.session.commit()
- self.assertEqual(msg.title, 'Test issue')
- # Add milestone
- repo.milestones = {'77': None}
- self.session.add(repo)
- issue = pagure.lib.search_issues(
- self.session,
- repo=repo,
- issueid=1
- )
- pagure.lib.edit_issue(
- self.session,
- issue,
- user='pingou',
- milestone='77'
- )
- self.session.add(repo)
- self.session.add(issue)
- msg = pagure.lib.set_custom_key_fields(
- self.session,
- project=repo,
- fields=['abc', 'xyz'],
- types=['boolean', 'boolean'],
- data=[None, None],
- )
- self.assertEqual(msg, 'List of custom fields updated')
- self.session.add(repo)
- msg = pagure.lib.set_custom_key_value(
- self.session,
- issue=issue,
- key=pagure.lib.get_custom_key(self.session, repo, 'abc'),
- value=1
- )
- self.session.add(issue)
- self.session.commit()
- output = self.app.get('/test/issue/1')
- self.assertEqual(output.status_code, 200)
- # Not authentified = No edit
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output.get_data(as_text=True))
- self.assertTrue(
- '<a href="/login/?next=http%3A%2F%2Flocalhost%2Ftest%2Fissue%2F1">'
- 'Login</a>\n to comment on this ticket.'
- in output.get_data(as_text=True))
- user = tests.FakeUser()
- with tests.user_set(self.app.application, user):
- output = self.app.get('/test/issue/1')
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- # Not author nor admin = No edit
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text)
- self.assertNotIn(
- '<a class="dropdown-item text-danger" href="javascript:void(0)" id="closeticket"\n'
- ' title="Delete this ticket">\n',
- output.get_data(as_text=True))
- # no edit metadata
- self.assertNotIn(
- '<a class="btn btn-outline-primary border-0 btn-sm issue-metadata-display'
- ' editmetadatatoggle" href="javascript:void(0)" style="display: inline-block;">'
- '<i class="fa fa-fw fa-pencil">',
- output_text)
- self.assertNotIn(
- '<a href="/login/">Login</a> to comment on this ticket.',
- output_text)
- # can view the milestone
- self.assertIn(
- '<strong>Milestone</strong>',
- output_text)
- self.assertIn(
- '\n <a href="/test/roadmap/77/">'
- '\n 77\n', output_text)
- # but can't edit them
- self.assertNotIn(
- '<select class="form-control c-select" id="milestone" '
- ' name="milestone"><option value=""></option><option '
- 'selected value="77">77</option></select>',
- output_text)
- # can view depending
- self.assertIn(
- '<strong>Depending on</strong>',
- output.get_data(as_text=True))
- # can't edit depending on
- self.assertNotIn(
- '<input class="form-control" id="depending" type="text"\n\
- placeholder="issue depending" name="depending"\n\
- value="" />',
- output_text)
- # no checkbox for private
- self.assertNotIn(
- '<input id="private" name="private" type="checkbox" value="y">',
- output_text)
- user.username = 'foo'
- with tests.user_set(self.app.application, user):
- output = self.app.get('/test/issue/1')
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text)
- self.assertNotIn(
- '<a class="dropdown-item text-danger" href="javascript:void(0)" id="closeticket"\n'
- ' title="Delete this ticket">\n',
- output_text)
- csrf_token = self.get_csrf(output=output)
- # no edit metadata
- self.assertNotIn(
- '<a class="btn btn-outline-primary border-0 btn-sm issue-metadata-display'
- ' editmetadatatoggle" href="javascript:void(0)" style="display: inline-block;">'
- '<i class="fa fa-fw fa-pencil">',
- output_text)
- self.assertNotIn(
- '<a href="/login/">Login</a> to comment on this ticket.',
- output_text)
- # can't see the custom field as a checkbox
- self.assertNotIn(
- '<input type="checkbox" '
- 'class="form-control" name="abc" id="abc"checked/>',
- output_text)
- # can view the milestone
- self.assertIn(
- '<strong>Milestone</strong>',
- output.get_data(as_text=True))
- self.assertIn(
- '<a href="/test/roadmap/77/">\n 77',
- output.get_data(as_text=True))
- # but can't edit them
- self.assertNotIn(
- '<select class="form-control c-select" id="milestone" '
- ' name="milestone"><option value=""></option><option '
- 'selected value="77">77</option></select>',
- output_text)
- # can view depending
- self.assertIn(
- '<strong>Depending on</strong>',
- output_text)
- # can't edit depending on
- self.assertNotIn(
- '<input class="form-control" id="depending" type="text"\n\
- placeholder="issue depending" name="depending"\n\
- value="" />',
- output_text)
- # no checkbox for private
- self.assertNotIn(
- '<input id="private" name="private" type="checkbox" value="y">',
- output_text)
- # Create private issue
- repo = pagure.lib.get_authorized_project(self.session, 'test')
- msg = pagure.lib.new_issue(
- session=self.session,
- repo=repo,
- title='Test issue',
- content='We should work on this',
- user='pingou',
- private=True,
- )
- self.session.commit()
- self.assertEqual(msg.title, 'Test issue')
- # Not logged in
- output = self.app.get('/test/issue/2')
- self.assertEqual(output.status_code, 404)
- # Wrong user
- user = tests.FakeUser()
- with tests.user_set(self.app.application, user):
- output = self.app.get('/test/issue/2')
- self.assertEqual(output.status_code, 404)
- # reporter
- user.username = 'pingou'
- with tests.user_set(self.app.application, user):
- output = self.app.get('/test/issue/2')
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- '<title>Issue #2: Test issue - test - Pagure</title>',
- output_text)
- self.assertIn(
- '<span title="Private ticket" class="text-danger '
- 'fa fa-fw fa-lock"></span>', output_text)
- self.assertIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/2/edit" title="Edit this issue">\n',
- output_text)
- @patch('pagure.lib.git.update_git')
- @patch('pagure.lib.notify.send_email')
- def test_view_issue_ticket_access(self, p_send_email, p_ugt):
- """ Test the view_issue endpoint. when a user has ticket access on repo """
- p_send_email.return_value = True
- p_ugt.return_value = True
- output = self.app.get('/foo/issue/1')
- self.assertEqual(output.status_code, 404)
- tests.create_projects(self.session)
- tests.create_projects_git(
- os.path.join(self.path, 'repos'), bare=True)
- output = self.app.get('/test/issue/1')
- self.assertEqual(output.status_code, 404)
- # Create issues to play with
- repo = pagure.lib.get_authorized_project(self.session, 'test')
- # Add user 'foo' with ticket access on repo
- msg = pagure.lib.add_user_to_project(
- self.session,
- repo,
- new_user='foo',
- user='pingou',
- access='ticket',
- )
- self.assertEqual(msg, 'User added')
- self.session.commit()
- repo = pagure.lib.get_authorized_project(self.session, 'test')
- msg = pagure.lib.new_issue(
- session=self.session,
- repo=repo,
- title='Test issue',
- content='We should work on this',
- user='pingou',
- )
- self.session.commit()
- self.assertEqual(msg.title, 'Test issue')
- # Add milestone
- repo.milestones = {'77': None}
- self.session.add(repo)
- issue = pagure.lib.search_issues(
- self.session,
- repo=repo,
- issueid=1
- )
- pagure.lib.edit_issue(
- self.session,
- issue,
- user='pingou',
- milestone='77'
- )
- self.session.add(repo)
- self.session.add(issue)
- msg = pagure.lib.set_custom_key_fields(
- self.session,
- project=repo,
- fields=['abc', 'xyz'],
- types=['boolean', 'boolean'],
- data=[None, None],
- )
- self.assertEqual(msg, 'List of custom fields updated')
- self.session.add(repo)
- msg = pagure.lib.set_custom_key_value(
- self.session,
- issue=issue,
- key=pagure.lib.get_custom_key(self.session, repo, 'abc'),
- value=1
- )
- self.session.add(issue)
- self.session.commit()
- output = self.app.get('/test/issue/1')
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- # Not authentified = No edit
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text)
- self.assertIn(
- '<a href="/login/?next=http%3A%2F%2Flocalhost%2Ftest%2Fissue%2F1">'
- 'Login</a>\n to comment on this ticket.',
- output_text)
- user = tests.FakeUser()
- with tests.user_set(self.app.application, user):
- output = self.app.get('/test/issue/1')
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- # Not author nor admin = No edit
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text)
- self.assertNotIn(
- '<a class="dropdown-item text-danger" href="javascript:void(0)" id="closeticket"\n'
- ' title="Delete this ticket">\n',
- output_text)
- # no edit metadata
- self.assertNotIn(
- '<a class="btn btn-outline-primary border-0 btn-sm issue-metadata-display'
- ' editmetadatatoggle" href="javascript:void(0)" style="display: inline-block;">'
- '<i class="fa fa-fw fa-pencil">',
- output_text)
- self.assertNotIn(
- '<a href="/login/">Login</a> to comment on this ticket.',
- output_text)
- # can view the milestone
- self.assertIn(
- '<strong>Milestone</strong>',
- output_text)
- self.assertIn(
- '<a href="/test/roadmap/77/">\n 77',
- output_text)
- # but can't edit them
- self.assertNotIn(
- '<select class="form-control c-select" id="milestone" '
- ' name="milestone"><option value=""></option><option '
- 'selected value="77">77</option></select>',
- output_text)
- # can view depending
- self.assertIn(
- '<strong>Depending on</strong>',
- output_text)
- # can't edit depending on
- self.assertNotIn(
- '<input class="form-control" id="depending" type="text"\n\
- placeholder="issue depending" name="depending"\n\
- value="" />',
- output_text)
- # no checkbox for private
- self.assertNotIn(
- '<input id="private" name="private" type="checkbox" value="y">',
- output_text)
- user.username = 'foo'
- with tests.user_set(self.app.application, user):
- output = self.app.get('/test/issue/1')
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- # the user can't edit the issue
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text)
- # the user still can't delete the ticket
- self.assertNotIn(
- '<a class="dropdown-item text-danger" href="javascript:void(0)" id="closeticket"\n'
- ' title="Delete this ticket">\n',
- output_text)
- csrf_token = self.get_csrf(output=output)
- # the user can do the following things
- # edit metadata
- self.assertIn(
- '<a class="btn btn-outline-primary border-0 btn-sm issue-metadata-display'
- ' editmetadatatoggle" href="javascript:void(0)" style="display: inline-block;">'
- '<i class="fa fa-fw fa-pencil">',
- output_text)
- # can view the milestone
- self.assertIn(
- '<strong>Milestone</strong>',
- output_text)
- self.assertIn(
- '<a href="/test/roadmap/77/">\n 77',
- output_text)
- # can edit them
- self.assertIn(
- '<select class="form-control c-select" id="milestone" '
- 'name="milestone"><option value=""></option><option selected '
- 'value="77">77</option></select>\n <div>\n',
- output_text)
- # can view depending
- self.assertIn(
- '<strong>Depending on</strong>',
- output_text)
- # can edit depending on
- self.assertIn(
- '<input class="form-control" id="depending" type="text"'
- '\n placeholder="issue depending" name="depending"\n',
- output_text)
- # the user should be able to do public -> private
- # the other way round won't be possible since GET and POST
- # to this endpoint for this user will be blocked
- # checkbox for private
- self.assertIn(
- '<input id="private" name="private" type="checkbox" value="y">',
- output_text)
- # Create private issue
- repo = pagure.lib.get_authorized_project(self.session, 'test')
- msg = pagure.lib.new_issue(
- session=self.session,
- repo=repo,
- title='Test issue',
- content='We should work on this',
- user='pingou',
- private=True,
- )
- self.session.commit()
- self.assertEqual(msg.title, 'Test issue')
- # Not logged in
- output = self.app.get('/test/issue/2')
- self.assertEqual(output.status_code, 404)
- # Wrong user
- user = tests.FakeUser()
- with tests.user_set(self.app.application, user):
- output = self.app.get('/test/issue/2')
- self.assertEqual(output.status_code, 404)
- # reporter
- user.username = 'pingou'
- with tests.user_set(self.app.application, user):
- output = self.app.get('/test/issue/2')
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- '<title>Issue #2: Test issue - test - Pagure</title>',
- output_text)
- self.assertIn(
- '<span title="Private ticket" class="text-danger '
- 'fa fa-fw fa-lock"></span>', output_text)
- self.assertIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/2/edit" title="Edit this issue">\n',
- output_text)
- @patch('pagure.lib.git.update_git')
- @patch('pagure.lib.notify.send_email')
- def test_view_issue_commit_access(self, p_send_email, p_ugt):
- """ Test the view_issue endpoint. when a user has commit access on repo """
- p_send_email.return_value = True
- p_ugt.return_value = True
- output = self.app.get('/foo/issue/1')
- self.assertEqual(output.status_code, 404)
- tests.create_projects(self.session)
- tests.create_projects_git(
- os.path.join(self.path, 'repos'), bare=True)
- output = self.app.get('/test/issue/1')
- self.assertEqual(output.status_code, 404)
- # Create issues to play with
- repo = pagure.lib.get_authorized_project(self.session, 'test')
- # Add user 'foo' with ticket access on repo
- msg = pagure.lib.add_user_to_project(
- self.session,
- repo,
- new_user='foo',
- user='pingou',
- access='commit',
- )
- self.assertEqual(msg, 'User added')
- self.session.commit()
- repo = pagure.lib.get_authorized_project(self.session, 'test')
- msg = pagure.lib.new_issue(
- session=self.session,
- repo=repo,
- title='Test issue',
- content='We should work on this',
- user='pingou',
- )
- self.session.commit()
- self.assertEqual(msg.title, 'Test issue')
- # Add milestone
- repo.milestones = {'77': None}
- self.session.add(repo)
- issue = pagure.lib.search_issues(
- self.session,
- repo=repo,
- issueid=1
- )
- pagure.lib.edit_issue(
- self.session,
- issue,
- user='pingou',
- milestone='77'
- )
- self.session.add(repo)
- self.session.add(issue)
- msg = pagure.lib.set_custom_key_fields(
- self.session,
- project=repo,
- fields=['abc', 'xyz'],
- types=['boolean', 'boolean'],
- data=[None, None],
- )
- self.assertEqual(msg, 'List of custom fields updated')
- self.session.add(repo)
- msg = pagure.lib.set_custom_key_value(
- self.session,
- issue=issue,
- key=pagure.lib.get_custom_key(self.session, repo, 'abc'),
- value=1
- )
- self.session.add(issue)
- self.session.commit()
- output = self.app.get('/test/issue/1')
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- # Not authentified = No edit
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text)
- self.assertTrue(
- '<a href="/login/?next=http%3A%2F%2Flocalhost%2Ftest%2Fissue%2F1">'
- 'Login</a>\n to comment on this ticket.',
- output_text)
- user = tests.FakeUser()
- with tests.user_set(self.app.application, user):
- output = self.app.get('/test/issue/1')
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- # Not author nor admin = No edit
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text)
- self.assertNotIn(
- '<a class="dropdown-item text-danger" href="javascript:void(0)" id="closeticket"\n'
- ' title="Delete this ticket">\n',
- output_text)
- # no edit metadata
- self.assertNotIn(
- '<a class="btn btn-outline-primary border-0 btn-sm issue-metadata-display'
- ' editmetadatatoggle" href="javascript:void(0)" style="display: inline-block;">'
- '<i class="fa fa-fw fa-pencil">',
- output_text)
- self.assertNotIn(
- '<a href="/login/">Login</a> to comment on this ticket.',
- output_text)
- # can view the milestone
- self.assertIn(
- '<strong>Milestone</strong>',
- output_text)
- self.assertIn(
- '<a href="/test/roadmap/77/">\n 77',
- output_text)
- # but can't edit them
- self.assertNotIn(
- '<select class="form-control c-select" id="milestone" '
- ' name="milestone"><option value=""></option><option '
- 'selected value="77">77</option></select>',
- output_text)
- # can view depending
- self.assertIn(
- '<strong>Depending on</strong>',
- output_text)
- # can't edit depending on
- self.assertNotIn(
- '<input class="form-control" id="depending" type="text"\n\
- placeholder="issue depending" name="depending"\n\
- value="" />',
- output_text)
- # no checkbox for private
- self.assertNotIn(
- '<input id="private" name="private" type="checkbox" value="y">',
- output_text)
- user.username = 'foo'
- with tests.user_set(self.app.application, user):
- output = self.app.get('/test/issue/1')
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- # the user can edit the issue
- self.assertIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text)
- # the user can delete the ticket
- self.assertIn(
- '<a class="dropdown-item text-danger" href="javascript:void(0)" id="closeticket"\n'
- ' title="Delete this ticket">\n',
- output_text)
- csrf_token = self.get_csrf(output=output)
- # the user can do the following things
- # edit metadata
- self.assertIn(
- '<a class="btn btn-outline-primary border-0 btn-sm issue-metadata-display'
- ' editmetadatatoggle" href="javascript:void(0)" style="display: inline-block;">'
- '<i class="fa fa-fw fa-pencil">',
- output_text)
- # can view the milestone
- self.assertIn(
- '<strong>Milestone</strong>',
- output_text)
- self.assertIn(
- '<a href="/test/roadmap/77/">\n 77',
- output_text)
- # can edit them
- self.assertIn(
- '<select class="form-control c-select" id="milestone" '
- 'name="milestone"><option value=""></option><option selected '
- 'value="77">77</option></select>\n <div>\n',
- output_text)
- # can view depending
- self.assertIn(
- '<strong>Depending on</strong>',
- output_text)
- # can edit depending on
- self.assertIn(
- '<input class="form-control" id="depending" type="text"'
- '\n placeholder="issue depending" name="depending"\n',
- output_text)
- # the user should be able to do public -> private
- # the other way round won't be possible since GET and POST
- # to this endpoint for this user will be blocked
- # checkbox for private
- self.assertIn(
- '<input id="private" name="private" type="checkbox" value="y">',
- output_text)
- # Create private issue
- repo = pagure.lib.get_authorized_project(self.session, 'test')
- msg = pagure.lib.new_issue(
- session=self.session,
- repo=repo,
- title='Test issue',
- content='We should work on this',
- user='pingou',
- private=True,
- )
- self.session.commit()
- self.assertEqual(msg.title, 'Test issue')
- # Not logged in
- output = self.app.get('/test/issue/2')
- self.assertEqual(output.status_code, 404)
- # Wrong user
- user = tests.FakeUser()
- with tests.user_set(self.app.application, user):
- output = self.app.get('/test/issue/2')
- self.assertEqual(output.status_code, 404)
- # reporter
- user.username = 'pingou'
- with tests.user_set(self.app.application, user):
- output = self.app.get('/test/issue/2')
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- '<title>Issue #2: Test issue - test - Pagure</title>',
- output_text)
- self.assertIn(
- '<span title="Private ticket" class="text-danger '
- 'fa fa-fw fa-lock"></span>', output_text)
- self.assertIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/2/edit" title="Edit this issue">\n',
- output_text)
- @patch('pagure.lib.git.update_git')
- @patch('pagure.lib.notify.send_email')
- def test_view_issue_admin_access(self, p_send_email, p_ugt):
- """ Test the view_issue endpoint. when a user has admin access on repo """
- p_send_email.return_value = True
- p_ugt.return_value = True
- output = self.app.get('/foo/issue/1')
- self.assertEqual(output.status_code, 404)
- tests.create_projects(self.session)
- tests.create_projects_git(
- os.path.join(self.path, 'repos'), bare=True)
- output = self.app.get('/test/issue/1')
- self.assertEqual(output.status_code, 404)
- # Create issues to play with
- repo = pagure.lib.get_authorized_project(self.session, 'test')
- # Add user 'foo' with ticket access on repo
- msg = pagure.lib.add_user_to_project(
- self.session,
- repo,
- new_user='foo',
- user='pingou',
- access='admin',
- )
- self.assertEqual(msg, 'User added')
- self.session.commit()
- repo = pagure.lib.get_authorized_project(self.session, 'test')
- msg = pagure.lib.new_issue(
- session=self.session,
- repo=repo,
- title='Test issue',
- content='We should work on this',
- user='pingou',
- )
- self.session.commit()
- self.assertEqual(msg.title, 'Test issue')
- # Add milestone
- repo.milestones = {'77': None}
- self.session.add(repo)
- issue = pagure.lib.search_issues(
- self.session,
- repo=repo,
- issueid=1
- )
- pagure.lib.edit_issue(
- self.session,
- issue,
- user='pingou',
- milestone='77'
- )
- self.session.add(repo)
- self.session.add(issue)
- msg = pagure.lib.set_custom_key_fields(
- self.session,
- project=repo,
- fields=['abc', 'xyz'],
- types=['boolean', 'boolean'],
- data=[None, None],
- )
- self.assertEqual(msg, 'List of custom fields updated')
- self.session.add(repo)
- msg = pagure.lib.set_custom_key_value(
- self.session,
- issue=issue,
- key=pagure.lib.get_custom_key(self.session, repo, 'abc'),
- value=1
- )
- self.session.add(issue)
- self.session.commit()
- output = self.app.get('/test/issue/1')
- self.assertEqual(output.status_code, 200)
- # Not authentified = No edit
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output.get_data(as_text=True))
- self.assertTrue(
- '<a href="/login/?next=http%3A%2F%2Flocalhost%2Ftest%2Fissue%2F1">'
- 'Login</a>\n to comment on this ticket.'
- in output.get_data(as_text=True))
- user = tests.FakeUser()
- with tests.user_set(self.app.application, user):
- output = self.app.get('/test/issue/1')
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- # Not author nor admin = No edit
- self.assertNotIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text)
- self.assertNotIn(
- '<a class="dropdown-item text-danger" href="javascript:void(0)" id="closeticket"\n'
- ' title="Delete this ticket">\n',
- output_text)
- # no edit metadata
- self.assertNotIn(
- '<a class="btn btn-outline-primary border-0 btn-sm issue-metadata-display'
- ' editmetadatatoggle" href="javascript:void(0)" style="display: inline-block;">'
- '<i class="fa fa-fw fa-pencil">',
- output_text)
- self.assertNotIn(
- '<a href="/login/">Login</a> to comment on this ticket.',
- output_text)
- # can view the milestone
- self.assertIn(
- '<strong>Milestone</strong>',
- output_text)
- self.assertIn(
- '<a href="/test/roadmap/77/">\n 77',
- output_text)
- # but can't edit them
- self.assertNotIn(
- '<select class="form-control c-select" id="milestone" '
- ' name="milestone"><option value=""></option><option '
- 'selected value="77">77</option></select>',
- output_text)
- # can view depending
- self.assertIn(
- '<strong>Depending on</strong>',
- output_text)
- # can't edit depending on
- self.assertNotIn(
- '<input class="form-control" id="depending" type="text"\n\
- placeholder="issue depending" name="depending"\n\
- value="" />',
- output_text)
- # no checkbox for private
- self.assertNotIn(
- '<input id="private" name="private" type="checkbox" value="y">',
- output_text)
- user.username = 'foo'
- with tests.user_set(self.app.application, user):
- output = self.app.get('/test/issue/1')
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- # the user can edit the issue
- self.assertIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/1/edit" title="Edit this issue">\n',
- output_text)
- self.assertIn(
- '<a class="dropdown-item text-danger" href="javascript:void(0)" id="closeticket"\n'
- ' title="Delete this ticket">\n',
- output_text)
- csrf_token = self.get_csrf(output=output)
- # the user can do the following things
- # edit metadata
- self.assertIn(
- '<a class="btn btn-outline-primary border-0 btn-sm issue-metadata-display'
- ' editmetadatatoggle" href="javascript:void(0)" style="display: inline-block;">'
- '<i class="fa fa-fw fa-pencil">',
- output_text)
- # can view the milestone
- self.assertIn(
- '<strong>Milestone</strong>',
- output_text)
- self.assertIn(
- '<a href="/test/roadmap/77/">\n 77',
- output_text)
- # can edit them
- self.assertIn(
- '<select class="form-control c-select" id="milestone" '
- 'name="milestone"><option value=""></option><option selected '
- 'value="77">77</option></select>\n <div>\n',
- output_text)
- # can view depending
- self.assertIn(
- '<strong>Depending on</strong>',
- output_text)
- # can edit depending on
- self.assertIn(
- '<input class="form-control" id="depending" type="text"'
- '\n placeholder="issue depending" name="depending"\n',
- output_text)
- # the user should be able to do public -> private
- # the other way round won't be possible since GET and POST
- # to this endpoint for this user will be blocked
- # checkbox for private
- self.assertIn(
- '<input id="private" name="private" type="checkbox" value="y">',
- output_text)
- # Create private issue
- repo = pagure.lib.get_authorized_project(self.session, 'test')
- msg = pagure.lib.new_issue(
- session=self.session,
- repo=repo,
- title='Test issue',
- content='We should work on this',
- user='pingou',
- private=True,
- )
- self.session.commit()
- self.assertEqual(msg.title, 'Test issue')
- # Not logged in
- output = self.app.get('/test/issue/2')
- self.assertEqual(output.status_code, 404)
- # Wrong user
- user = tests.FakeUser()
- with tests.user_set(self.app.application, user):
- output = self.app.get('/test/issue/2')
- self.assertEqual(output.status_code, 404)
- # reporter
- user.username = 'pingou'
- with tests.user_set(self.app.application, user):
- output = self.app.get('/test/issue/2')
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- '<title>Issue #2: Test issue - test - Pagure</title>',
- output_text)
- self.assertIn(
- '<span title="Private ticket" class="text-danger '
- 'fa fa-fw fa-lock"></span>', output_text)
- self.assertIn(
- '<a class="btn btn-outline-secondary btn-sm border-0" '
- 'href="/test/issue/2/edit" title="Edit this issue">\n',
- output_text)
- if __name__ == '__main__':
- unittest.main(verbosity=2)
|