Mercurial > p > roundup > code

annotate test/test_xmlrpc.py @ 5471:28613ada27db

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
check excpetion.args instead of exception.message
author Christof Meerwald <cmeerw@cmeerw.org>
date Sun, 29 Jul 2018 00:49:54 +0100
parents e46ce04d5bbc
children 7f3dfdd6a620
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
1 #
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
2 # Copyright (C) 2007 Stefan Seefeld
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
3 # All rights reserved.
3839
Stefan Seefeld <stefan@seefeld.name>
parents: 3829
diff changeset
4 # For license terms see the file COPYING.txt.
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
5 #
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
6
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
7 from __future__ import print_function
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
8 import unittest, os, shutil, errno, sys, difflib, cgi, re
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
9
5408
e46ce04d5bbc Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5388
diff changeset
10 from roundup.anypy import xmlrpc_
e46ce04d5bbc Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5388
diff changeset
11 MultiCall = xmlrpc_.client.MultiCall
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
12 from roundup.cgi.exceptions import *
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
13 from roundup import init, instance, password, hyperdb, date
4793
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
14 from roundup.xmlrpc import RoundupInstance, RoundupDispatcher
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
15 from roundup.backends import list_backends
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
16 from roundup.hyperdb import String
4793
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
17 from roundup.cgi import TranslationService
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
18
5388
d26921b851c3 Python 3 preparation: make relative imports explicit.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5385
diff changeset
19 from . import db_test_base
5036
380d8d8b30a3 Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents: 5033
diff changeset
20 from .test_mysql import skip_mysql
380d8d8b30a3 Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents: 5033
diff changeset
21 from .test_postgresql import skip_postgresql
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
22
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
23
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
24 class XmlrpcTest(object):
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
25
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
26 backend = None
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
27
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
28 def setUp(self):
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
29 self.dirname = '_test_xmlrpc'
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
30 # set up and open a tracker
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
31 self.instance = db_test_base.setupTracker(self.dirname, self.backend)
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
32
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
33 # open the database
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
34 self.db = self.instance.open('admin')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
35
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
36 print("props_only default", self.db.security.get_props_only_default())
5199
1f72b73d7770 Still trying to figure out why travis ci fails without a call to
John Rouillard <rouilj@ieee.org>
parents: 5198
diff changeset
37
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
38 # Get user id (user4 maybe). Used later to get data from db.
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
39 self.joeid = 'user' + self.db.user.create(username='joe',
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
40 password=password.Password('random'), address='random@home.org',
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
41 realname='Joe Random', roles='User')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
42
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
43 self.db.commit()
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
44 self.db.close()
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
45 self.db = self.instance.open('joe')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
46
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
47 self.db.tx_Source = 'web'
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
48
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
49 self.db.issue.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
50 self.db.msg.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
51
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
52 self.db.post_init()
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
53
4795
dad18ee491a9 Fix minor problems in tests
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4793
diff changeset
54 thisdir = os.path.dirname(__file__)
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
55 vars = {}
5385
e9fb7c539a52 Python 3 preparation: use exec(compile(open().read())) instead of execfile().
Joseph Myers <jsm@polyomino.org.uk>
parents: 5376
diff changeset
56 exec(compile(open(os.path.join(thisdir,
e9fb7c539a52 Python 3 preparation: use exec(compile(open().read())) instead of execfile().
Joseph Myers <jsm@polyomino.org.uk>
parents: 5376
diff changeset
57 "tx_Source_detector.py")).read(),
e9fb7c539a52 Python 3 preparation: use exec(compile(open().read())) instead of execfile().
Joseph Myers <jsm@polyomino.org.uk>
parents: 5376
diff changeset
58 os.path.join(thisdir, "tx_Source_detector.py"), 'exec'),
e9fb7c539a52 Python 3 preparation: use exec(compile(open().read())) instead of execfile().
Joseph Myers <jsm@polyomino.org.uk>
parents: 5376
diff changeset
59 vars)
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
60 vars['init'](self.db)
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
61
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
62 self.server = RoundupInstance(self.db, self.instance.actions, None)
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
63
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
64 def tearDown(self):
4104
d8c2d214d688 do all the pre-release stuff...
Richard Jones <richard@users.sourceforge.net>
parents: 4083
diff changeset
65 self.db.close()
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
66 try:
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
67 shutil.rmtree(self.dirname)
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 5199
diff changeset
68 except OSError as error:
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
69 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
70
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
71 def testAccess(self):
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
72 # Retrieve all three users.
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
73 results = self.server.list('user', 'id')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
74 self.assertEqual(len(results), 3)
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
75
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
76 # Obtain data for 'joe'.
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
77 results = self.server.display(self.joeid)
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
78 self.assertEqual(results['username'], 'joe')
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
79 self.assertEqual(results['realname'], 'Joe Random')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
80
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
81 def testChange(self):
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
82 # Reset joe's 'realname'.
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
83 results = self.server.set(self.joeid, 'realname=Joe Doe')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
84 results = self.server.display(self.joeid, 'realname')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
85 self.assertEqual(results['realname'], 'Joe Doe')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
86
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
87 # check we can't change admin's details
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
88 self.assertRaises(Unauthorised, self.server.set, 'user1', 'realname=Joe Doe')
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
89
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
90 def testCreate(self):
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
91 results = self.server.create('issue', 'title=foo')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
92 issueid = 'issue' + results
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
93 results = self.server.display(issueid, 'title')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
94 self.assertEqual(results['title'], 'foo')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
95 self.assertEqual(self.db.issue.get('1', "tx_Source"), 'web')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
96
3992
fe2af84a5ca5 allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents: 3973
diff changeset
97 def testFileCreate(self):
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
98 results = self.server.create('file', 'content=hello\r\nthere')
3992
fe2af84a5ca5 allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents: 3973
diff changeset
99 fileid = 'file' + results
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
100 results = self.server.display(fileid, 'content')
3992
fe2af84a5ca5 allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents: 3973
diff changeset
101 self.assertEqual(results['content'], 'hello\r\nthere')
fe2af84a5ca5 allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents: 3973
diff changeset
102
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
103 def testSchema(self):
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
104 schema={'status': [('order', '<roundup.hyperdb.Number>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
105 ('name', '<roundup.hyperdb.String>')],
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
106 'keyword': [('name', '<roundup.hyperdb.String>')],
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
107 'priority': [('order', '<roundup.hyperdb.Number>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
108 ('name', '<roundup.hyperdb.String>')],
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
109 'user': [('username', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
110 ('alternate_addresses', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
111 ('realname', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
112 ('roles', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
113 ('organisation', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
114 ('queries', '<roundup.hyperdb.Multilink to "query">'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
115 ('phone', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
116 ('address', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
117 ('timezone', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
118 ('password', '<roundup.hyperdb.Password>')],
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
119 'file': [('content', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
120 ('type', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
121 ('name', '<roundup.hyperdb.String>')],
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
122 'msg': [('files', '<roundup.hyperdb.Multilink to "file">'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
123 ('inreplyto', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
124 ('tx_Source', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
125 ('recipients', '<roundup.hyperdb.Multilink to "user">'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
126 ('author', '<roundup.hyperdb.Link to "user">'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
127 ('summary', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
128 ('content', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
129 ('messageid', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
130 ('date', '<roundup.hyperdb.Date>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
131 ('type', '<roundup.hyperdb.String>')],
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
132 'query': [('url', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
133 ('private_for', '<roundup.hyperdb.Link to "user">'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
134 ('name', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
135 ('klass', '<roundup.hyperdb.String>')],
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
136 'issue': [('status', '<roundup.hyperdb.Link to "status">'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
137 ('files', '<roundup.hyperdb.Multilink to "file">'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
138 ('tx_Source', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
139 ('keyword', '<roundup.hyperdb.Multilink to "keyword">'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
140 ('title', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
141 ('nosy', '<roundup.hyperdb.Multilink to "user">'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
142 ('messages', '<roundup.hyperdb.Multilink to "msg">'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
143 ('priority', '<roundup.hyperdb.Link to "priority">'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
144 ('assignedto', '<roundup.hyperdb.Link to "user">'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
145 ('superseder', '<roundup.hyperdb.Multilink to "issue">')]}
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
146
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
147 results = self.server.schema()
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
148 self.assertEqual(results, schema)
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
149
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
150 def testLookup(self):
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
151 self.assertRaises(KeyError, self.server.lookup, 'user', '1')
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
152 results = self.server.lookup('user', 'admin')
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
153 self.assertEqual(results, '1')
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
154
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
155 def testAction(self):
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
156 # As this action requires special previledges, we temporarily switch
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
157 # to 'admin'
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
158 self.db.setCurrentUser('admin')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
159 users_before = self.server.list('user')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
160 try:
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
161 tmp = 'user' + self.db.user.create(username='tmp')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
162 self.server.action('retire', tmp)
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
163 finally:
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
164 self.db.setCurrentUser('joe')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
165 users_after = self.server.list('user')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
166 self.assertEqual(users_before, users_after)
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
167
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
168 # test a bogus action
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
169 with self.assertRaises(Exception) as cm:
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
170 self.server.action('bogus')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
171 print(cm.exception)
5471
28613ada27db check excpetion.args instead of exception.message
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5408
diff changeset
172 self.assertEqual(cm.exception.args[0],
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
173 'action "bogus" is not supported ')
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
174
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
175 def testAuthDeniedEdit(self):
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
176 # Wrong permissions (caught by roundup security module).
3829
d0ac8188d274 Re-add failing test to make sure permissions are respected.
Stefan Seefeld <stefan@seefeld.name>
parents: 3828
diff changeset
177 self.assertRaises(Unauthorised, self.server.set,
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
178 'user1', 'realname=someone')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
179
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
180 def testAuthDeniedCreate(self):
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
181 self.assertRaises(Unauthorised, self.server.create,
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
182 'user', {'username': 'blah'})
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
183
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
184 def testAuthAllowedEdit(self):
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
185 self.db.setCurrentUser('admin')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
186 try:
4241
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
187 try:
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
188 self.server.set('user2', 'realname=someone')
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 5199
diff changeset
189 except Unauthorised as err:
4241
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
190 self.fail('raised %s'%err)
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
191 finally:
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
192 self.db.setCurrentUser('joe')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
193
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
194 def testAuthAllowedCreate(self):
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
195 self.db.setCurrentUser('admin')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
196 try:
4241
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
197 try:
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
198 self.server.create('user', 'username=blah')
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 5199
diff changeset
199 except Unauthorised as err:
4241
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
200 self.fail('raised %s'%err)
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
201 finally:
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
202 self.db.setCurrentUser('joe')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
203
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
204 def testAuthFilter(self):
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
205 # this checks if we properly check for search permissions
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
206 self.db.security.permissions = {}
5199
1f72b73d7770 Still trying to figure out why travis ci fails without a call to
John Rouillard <rouilj@ieee.org>
parents: 5198
diff changeset
207 # self.db.security.set_props_only_default(props_only=False)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
208 self.db.security.addRole(name='User')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
209 self.db.security.addRole(name='Project')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
210 self.db.security.addPermissionToRole('User', 'Web Access')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
211 self.db.security.addPermissionToRole('Project', 'Web Access')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
212 # Allow viewing keyword
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
213 p = self.db.security.addPermission(name='View', klass='keyword')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
214 print("View keyword class: %r"%p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
215 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
216 # Allow viewing interesting things (but not keyword) on issue
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
217 # But users might only view issues where they are on nosy
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
218 # (so in the real world the check method would be better)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
219 p = self.db.security.addPermission(name='View', klass='issue',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
220 properties=("title", "status"), check=lambda x,y,z: True)
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
221 print("View keyword class w/ props: %r"%p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
222 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
223 # Allow role "Project" access to whole issue
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
224 p = self.db.security.addPermission(name='View', klass='issue')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
225 self.db.security.addPermissionToRole('Project', p)
4446
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
226 # Allow all access to status:
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
227 p = self.db.security.addPermission(name='View', klass='status')
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
228 self.db.security.addPermissionToRole('User', p)
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
229 self.db.security.addPermissionToRole('Project', p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
230
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
231 keyword = self.db.keyword
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
232 status = self.db.status
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
233 issue = self.db.issue
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
234
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
235 d1 = keyword.create(name='d1')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
236 d2 = keyword.create(name='d2')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
237 open = status.create(name='open')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
238 closed = status.create(name='closed')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
239 issue.create(title='i1', status=open, keyword=[d2])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
240 issue.create(title='i2', status=open, keyword=[d1])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
241 issue.create(title='i2', status=closed, keyword=[d1])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
242
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
243 chef = self.db.user.create(username = 'chef', roles='User, Project')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
244 joe = self.db.user.lookup('joe')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
245
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
246 # Conditionally allow view of whole issue (check is False here,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
247 # this might check for keyword owner in the real world)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
248 p = self.db.security.addPermission(name='View', klass='issue',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
249 check=lambda x,y,z: False)
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
250 print("View issue class: %r"%p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
251 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
252 # Allow user to search for issue.status
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
253 p = self.db.security.addPermission(name='Search', klass='issue',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
254 properties=("status",))
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
255 print("View Search class w/ props: %r"%p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
256 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
257
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
258 keyw = {'keyword':self.db.keyword.lookup('d1')}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
259 stat = {'status':self.db.status.lookup('open')}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
260 keygroup = keysort = [('+', 'keyword')]
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
261 self.db.commit()
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
262
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
263 # Filter on keyword ignored for role 'User':
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
264 r = self.server.filter('issue', None, keyw)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
265 self.assertEqual(r, ['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
266 # Filter on status works for all:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
267 r = self.server.filter('issue', None, stat)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
268 self.assertEqual(r, ['1', '2'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
269 # Sorting and grouping for class User fails:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
270 r = self.server.filter('issue', None, {}, sort=keysort)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
271 self.assertEqual(r, ['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
272 r = self.server.filter('issue', None, {}, group=keygroup)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
273 self.assertEqual(r, ['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
274
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
275 self.db.close()
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
276 self.db = self.instance.open('chef')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
277 self.db.tx_Source = 'web'
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
278
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
279 self.db.issue.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
280 self.db.msg.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
281 self.db.post_init()
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
282
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
283 self.server = RoundupInstance(self.db, self.instance.actions, None)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
284
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
285 # Filter on keyword works for role 'Project':
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
286 r = self.server.filter('issue', None, keyw)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
287 self.assertEqual(r, ['2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
288 # Filter on status works for all:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
289 r = self.server.filter('issue', None, stat)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
290 self.assertEqual(r, ['1', '2'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
291 # Sorting and grouping for class Project works:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
292 r = self.server.filter('issue', None, {}, sort=keysort)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
293 self.assertEqual(r, ['2', '3', '1'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
294 r = self.server.filter('issue', None, {}, group=keygroup)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
295 self.assertEqual(r, ['2', '3', '1'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
296
4793
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
297 def testMulticall(self):
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
298 translator = TranslationService.get_translation(
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
299 language=self.instance.config["TRACKER_LANGUAGE"],
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
300 tracker_home=self.instance.config["TRACKER_HOME"])
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
301 self.server = RoundupDispatcher(self.db, self.instance.actions,
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
302 translator, allow_none = True)
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
303 class S:
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
304 multicall=self.server.funcs['system.multicall']
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
305 self.server.system = S()
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
306 self.db.issue.create(title='i1')
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
307 self.db.issue.create(title='i2')
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
308 m = MultiCall(self.server)
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
309 m.display('issue1')
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
310 m.display('issue2')
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
311 result = m()
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
312 results = [
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
313 {'files': [], 'status': '1', 'tx_Source': 'web',
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
314 'keyword': [], 'title': 'i1', 'nosy': [], 'messages': [],
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
315 'priority': None, 'assignedto': None, 'superseder': []},
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
316 {'files': [], 'status': '1', 'tx_Source': 'web',
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
317 'keyword': [], 'title': 'i2', 'nosy': [], 'messages': [],
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
318 'priority': None, 'assignedto': None, 'superseder': []}]
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
319 for n, r in enumerate(result):
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
320 self.assertEqual(r, results[n])
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
321
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
322
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
323 class anydbmXmlrpcTest(XmlrpcTest, unittest.TestCase):
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
324 backend = 'anydbm'
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
325
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
326
5036
380d8d8b30a3 Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents: 5033
diff changeset
327 @skip_mysql
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
328 class mysqlXmlrpcTest(XmlrpcTest, unittest.TestCase):
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
329 backend = 'mysql'
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
330
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
331
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
332 class sqliteXmlrpcTest(XmlrpcTest, unittest.TestCase):
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
333 backend = 'sqlite'
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
334
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
335
5036
380d8d8b30a3 Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents: 5033
diff changeset
336 @skip_postgresql
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
337 class postgresqlXmlrpcTest(XmlrpcTest, unittest.TestCase):
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
338 backend = 'postgresql'
Roundup Issue Tracker: http://roundup-tracker.org/