Mercurial > p > roundup > code
annotate test/test_xmlrpc.py @ 5253:2d61e39b89c8
Issue2550716 Email address displayed after password reset request (fix)
Change the message displayed upon password reset using an account name
to no longer expose the email address. Password reset triggered using
an email address will still display the user supplied email address.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sat, 26 Aug 2017 20:27:08 -0400 |
| parents | 1f72b73d7770 |
| children | 198b6e810c67 |
| rev | line source |
|---|---|
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
1 # |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
2 # Copyright (C) 2007 Stefan Seefeld |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
3 # All rights reserved. |
| 3839 | 4 # For license terms see the file COPYING.txt. |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
5 # |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
6 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
7 import unittest, os, shutil, errno, sys, difflib, cgi, re |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
8 |
|
4793
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
9 from xmlrpclib import MultiCall |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
10 from roundup.cgi.exceptions import * |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
11 from roundup import init, instance, password, hyperdb, date |
|
4793
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
12 from roundup.xmlrpc import RoundupInstance, RoundupDispatcher |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
13 from roundup.backends import list_backends |
| 4781 | 14 from roundup.hyperdb import String |
|
4793
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
15 from roundup.cgi import TranslationService |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
16 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
17 import db_test_base |
|
5036
380d8d8b30a3
Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents:
5033
diff
changeset
|
18 from .test_mysql import skip_mysql |
|
380d8d8b30a3
Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents:
5033
diff
changeset
|
19 from .test_postgresql import skip_postgresql |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
20 |
|
5033
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
21 |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
22 class XmlrpcTest(object): |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
23 |
|
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
24 backend = None |
|
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
25 |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
26 def setUp(self): |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
27 self.dirname = '_test_xmlrpc' |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
28 # set up and open a tracker |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
29 self.instance = db_test_base.setupTracker(self.dirname, self.backend) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
30 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
31 # open the database |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
32 self.db = self.instance.open('admin') |
| 4781 | 33 |
|
5199
1f72b73d7770
Still trying to figure out why travis ci fails without a call to
John Rouillard <rouilj@ieee.org>
parents:
5198
diff
changeset
|
34 print "props_only default", self.db.security.get_props_only_default() |
|
1f72b73d7770
Still trying to figure out why travis ci fails without a call to
John Rouillard <rouilj@ieee.org>
parents:
5198
diff
changeset
|
35 |
| 4781 | 36 # Get user id (user4 maybe). Used later to get data from db. |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
37 self.joeid = 'user' + self.db.user.create(username='joe', |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
38 password=password.Password('random'), address='random@home.org', |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
39 realname='Joe Random', roles='User') |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
40 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
41 self.db.commit() |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
42 self.db.close() |
| 4083 | 43 self.db = self.instance.open('joe') |
| 4781 | 44 |
| 45 self.db.tx_Source = 'web' | |
| 46 | |
| 47 self.db.issue.addprop(tx_Source=hyperdb.String()) | |
| 48 self.db.msg.addprop(tx_Source=hyperdb.String()) | |
| 49 | |
| 50 self.db.post_init() | |
| 51 | |
|
4795
dad18ee491a9
Fix minor problems in tests
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4793
diff
changeset
|
52 thisdir = os.path.dirname(__file__) |
| 4781 | 53 vars = {} |
|
4795
dad18ee491a9
Fix minor problems in tests
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4793
diff
changeset
|
54 execfile(os.path.join(thisdir, "tx_Source_detector.py"), vars) |
| 4781 | 55 vars['init'](self.db) |
| 56 | |
| 4083 | 57 self.server = RoundupInstance(self.db, self.instance.actions, None) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
58 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
59 def tearDown(self): |
|
4104
d8c2d214d688
do all the pre-release stuff...
Richard Jones <richard@users.sourceforge.net>
parents:
4083
diff
changeset
|
60 self.db.close() |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
61 try: |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
62 shutil.rmtree(self.dirname) |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
63 except OSError, error: |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
64 if error.errno not in (errno.ENOENT, errno.ESRCH): raise |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
65 |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
66 def testAccess(self): |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
67 # Retrieve all three users. |
| 4083 | 68 results = self.server.list('user', 'id') |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
69 self.assertEqual(len(results), 3) |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
70 |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
71 # Obtain data for 'joe'. |
| 4083 | 72 results = self.server.display(self.joeid) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
73 self.assertEqual(results['username'], 'joe') |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
74 self.assertEqual(results['realname'], 'Joe Random') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
75 |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
76 def testChange(self): |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
77 # Reset joe's 'realname'. |
| 4083 | 78 results = self.server.set(self.joeid, 'realname=Joe Doe') |
| 79 results = self.server.display(self.joeid, 'realname') | |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
80 self.assertEqual(results['realname'], 'Joe Doe') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
81 |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
82 # check we can't change admin's details |
| 4083 | 83 self.assertRaises(Unauthorised, self.server.set, 'user1', 'realname=Joe Doe') |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
84 |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
85 def testCreate(self): |
| 4083 | 86 results = self.server.create('issue', 'title=foo') |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
87 issueid = 'issue' + results |
| 4083 | 88 results = self.server.display(issueid, 'title') |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
89 self.assertEqual(results['title'], 'foo') |
| 4781 | 90 self.assertEqual(self.db.issue.get('1', "tx_Source"), 'web') |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
91 |
|
3992
fe2af84a5ca5
allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents:
3973
diff
changeset
|
92 def testFileCreate(self): |
| 4083 | 93 results = self.server.create('file', 'content=hello\r\nthere') |
|
3992
fe2af84a5ca5
allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents:
3973
diff
changeset
|
94 fileid = 'file' + results |
| 4083 | 95 results = self.server.display(fileid, 'content') |
|
3992
fe2af84a5ca5
allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents:
3973
diff
changeset
|
96 self.assertEqual(results['content'], 'hello\r\nthere') |
|
fe2af84a5ca5
allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents:
3973
diff
changeset
|
97 |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
98 def testSchema(self): |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
99 schema={'status': [('order', '<roundup.hyperdb.Number>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
100 ('name', '<roundup.hyperdb.String>')], |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
101 'keyword': [('name', '<roundup.hyperdb.String>')], |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
102 'priority': [('order', '<roundup.hyperdb.Number>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
103 ('name', '<roundup.hyperdb.String>')], |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
104 'user': [('username', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
105 ('alternate_addresses', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
106 ('realname', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
107 ('roles', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
108 ('organisation', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
109 ('queries', '<roundup.hyperdb.Multilink to "query">'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
110 ('phone', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
111 ('address', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
112 ('timezone', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
113 ('password', '<roundup.hyperdb.Password>')], |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
114 'file': [('content', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
115 ('type', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
116 ('name', '<roundup.hyperdb.String>')], |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
117 'msg': [('files', '<roundup.hyperdb.Multilink to "file">'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
118 ('inreplyto', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
119 ('tx_Source', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
120 ('recipients', '<roundup.hyperdb.Multilink to "user">'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
121 ('author', '<roundup.hyperdb.Link to "user">'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
122 ('summary', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
123 ('content', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
124 ('messageid', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
125 ('date', '<roundup.hyperdb.Date>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
126 ('type', '<roundup.hyperdb.String>')], |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
127 'query': [('url', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
128 ('private_for', '<roundup.hyperdb.Link to "user">'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
129 ('name', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
130 ('klass', '<roundup.hyperdb.String>')], |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
131 'issue': [('status', '<roundup.hyperdb.Link to "status">'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
132 ('files', '<roundup.hyperdb.Multilink to "file">'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
133 ('tx_Source', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
134 ('keyword', '<roundup.hyperdb.Multilink to "keyword">'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
135 ('title', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
136 ('nosy', '<roundup.hyperdb.Multilink to "user">'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
137 ('messages', '<roundup.hyperdb.Multilink to "msg">'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
138 ('priority', '<roundup.hyperdb.Link to "priority">'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
139 ('assignedto', '<roundup.hyperdb.Link to "user">'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
140 ('superseder', '<roundup.hyperdb.Multilink to "issue">')]} |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
141 |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
142 results = self.server.schema() |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
143 self.assertEqual(results, schema) |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
144 |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
145 def testLookup(self): |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
146 self.assertRaises(KeyError, self.server.lookup, 'user', '1') |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
147 results = self.server.lookup('user', 'admin') |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
148 self.assertEqual(results, '1') |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
149 |
| 4083 | 150 def testAction(self): |
| 151 # As this action requires special previledges, we temporarily switch | |
| 152 # to 'admin' | |
| 153 self.db.setCurrentUser('admin') | |
| 154 users_before = self.server.list('user') | |
| 155 try: | |
| 156 tmp = 'user' + self.db.user.create(username='tmp') | |
| 157 self.server.action('retire', tmp) | |
| 158 finally: | |
| 159 self.db.setCurrentUser('joe') | |
| 160 users_after = self.server.list('user') | |
| 161 self.assertEqual(users_before, users_after) | |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
162 |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
163 # test a bogus action |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
164 with self.assertRaises(Exception) as cm: |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
165 self.server.action('bogus') |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
166 print cm.exception |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
167 self.assertEqual(cm.exception.message, |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
168 'action "bogus" is not supported ') |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
169 |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
170 def testAuthDeniedEdit(self): |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
171 # Wrong permissions (caught by roundup security module). |
|
3829
d0ac8188d274
Re-add failing test to make sure permissions are respected.
Stefan Seefeld <stefan@seefeld.name>
parents:
3828
diff
changeset
|
172 self.assertRaises(Unauthorised, self.server.set, |
| 4083 | 173 'user1', 'realname=someone') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
174 |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
175 def testAuthDeniedCreate(self): |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
176 self.assertRaises(Unauthorised, self.server.create, |
| 4083 | 177 'user', {'username': 'blah'}) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
178 |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
179 def testAuthAllowedEdit(self): |
| 4083 | 180 self.db.setCurrentUser('admin') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
181 try: |
|
4241
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
182 try: |
|
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
183 self.server.set('user2', 'realname=someone') |
|
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
184 except Unauthorised, err: |
|
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
185 self.fail('raised %s'%err) |
| 4083 | 186 finally: |
| 187 self.db.setCurrentUser('joe') | |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
188 |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
189 def testAuthAllowedCreate(self): |
| 4083 | 190 self.db.setCurrentUser('admin') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
191 try: |
|
4241
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
192 try: |
|
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
193 self.server.create('user', 'username=blah') |
|
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
194 except Unauthorised, err: |
|
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
195 self.fail('raised %s'%err) |
| 4083 | 196 finally: |
| 197 self.db.setCurrentUser('joe') | |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
198 |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
199 def testAuthFilter(self): |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
200 # this checks if we properly check for search permissions |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
201 self.db.security.permissions = {} |
|
5199
1f72b73d7770
Still trying to figure out why travis ci fails without a call to
John Rouillard <rouilj@ieee.org>
parents:
5198
diff
changeset
|
202 # self.db.security.set_props_only_default(props_only=False) |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
203 self.db.security.addRole(name='User') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
204 self.db.security.addRole(name='Project') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
205 self.db.security.addPermissionToRole('User', 'Web Access') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
206 self.db.security.addPermissionToRole('Project', 'Web Access') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
207 # Allow viewing keyword |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
208 p = self.db.security.addPermission(name='View', klass='keyword') |
| 5198 | 209 print "View keyword class: %r"%p |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
210 self.db.security.addPermissionToRole('User', p) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
211 # Allow viewing interesting things (but not keyword) on issue |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
212 # But users might only view issues where they are on nosy |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
213 # (so in the real world the check method would be better) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
214 p = self.db.security.addPermission(name='View', klass='issue', |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
215 properties=("title", "status"), check=lambda x,y,z: True) |
| 5198 | 216 print "View keyword class w/ props: %r"%p |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
217 self.db.security.addPermissionToRole('User', p) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
218 # Allow role "Project" access to whole issue |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
219 p = self.db.security.addPermission(name='View', klass='issue') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
220 self.db.security.addPermissionToRole('Project', p) |
|
4446
17f796a78647
fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
221 # Allow all access to status: |
|
17f796a78647
fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
222 p = self.db.security.addPermission(name='View', klass='status') |
|
17f796a78647
fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
223 self.db.security.addPermissionToRole('User', p) |
|
17f796a78647
fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
224 self.db.security.addPermissionToRole('Project', p) |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
225 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
226 keyword = self.db.keyword |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
227 status = self.db.status |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
228 issue = self.db.issue |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
229 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
230 d1 = keyword.create(name='d1') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
231 d2 = keyword.create(name='d2') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
232 open = status.create(name='open') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
233 closed = status.create(name='closed') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
234 issue.create(title='i1', status=open, keyword=[d2]) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
235 issue.create(title='i2', status=open, keyword=[d1]) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
236 issue.create(title='i2', status=closed, keyword=[d1]) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
237 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
238 chef = self.db.user.create(username = 'chef', roles='User, Project') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
239 joe = self.db.user.lookup('joe') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
240 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
241 # Conditionally allow view of whole issue (check is False here, |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
242 # this might check for keyword owner in the real world) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
243 p = self.db.security.addPermission(name='View', klass='issue', |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
244 check=lambda x,y,z: False) |
| 5198 | 245 print "View issue class: %r"%p |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
246 self.db.security.addPermissionToRole('User', p) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
247 # Allow user to search for issue.status |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
248 p = self.db.security.addPermission(name='Search', klass='issue', |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
249 properties=("status",)) |
| 5198 | 250 print "View Search class w/ props: %r"%p |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
251 self.db.security.addPermissionToRole('User', p) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
252 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
253 keyw = {'keyword':self.db.keyword.lookup('d1')} |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
254 stat = {'status':self.db.status.lookup('open')} |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
255 keygroup = keysort = [('+', 'keyword')] |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
256 self.db.commit() |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
257 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
258 # Filter on keyword ignored for role 'User': |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
259 r = self.server.filter('issue', None, keyw) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
260 self.assertEqual(r, ['1', '2', '3']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
261 # Filter on status works for all: |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
262 r = self.server.filter('issue', None, stat) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
263 self.assertEqual(r, ['1', '2']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
264 # Sorting and grouping for class User fails: |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
265 r = self.server.filter('issue', None, {}, sort=keysort) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
266 self.assertEqual(r, ['1', '2', '3']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
267 r = self.server.filter('issue', None, {}, group=keygroup) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
268 self.assertEqual(r, ['1', '2', '3']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
269 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
270 self.db.close() |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
271 self.db = self.instance.open('chef') |
| 4781 | 272 self.db.tx_Source = 'web' |
| 273 | |
| 274 self.db.issue.addprop(tx_Source=hyperdb.String()) | |
| 275 self.db.msg.addprop(tx_Source=hyperdb.String()) | |
| 276 self.db.post_init() | |
| 277 | |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
278 self.server = RoundupInstance(self.db, self.instance.actions, None) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
279 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
280 # Filter on keyword works for role 'Project': |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
281 r = self.server.filter('issue', None, keyw) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
282 self.assertEqual(r, ['2', '3']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
283 # Filter on status works for all: |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
284 r = self.server.filter('issue', None, stat) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
285 self.assertEqual(r, ['1', '2']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
286 # Sorting and grouping for class Project works: |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
287 r = self.server.filter('issue', None, {}, sort=keysort) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
288 self.assertEqual(r, ['2', '3', '1']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
289 r = self.server.filter('issue', None, {}, group=keygroup) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
290 self.assertEqual(r, ['2', '3', '1']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
291 |
|
4793
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
292 def testMulticall(self): |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
293 translator = TranslationService.get_translation( |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
294 language=self.instance.config["TRACKER_LANGUAGE"], |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
295 tracker_home=self.instance.config["TRACKER_HOME"]) |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
296 self.server = RoundupDispatcher(self.db, self.instance.actions, |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
297 translator, allow_none = True) |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
298 class S: |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
299 multicall=self.server.funcs['system.multicall'] |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
300 self.server.system = S() |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
301 self.db.issue.create(title='i1') |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
302 self.db.issue.create(title='i2') |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
303 m = MultiCall(self.server) |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
304 m.display('issue1') |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
305 m.display('issue2') |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
306 result = m() |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
307 results = [ |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
308 {'files': [], 'status': '1', 'tx_Source': 'web', |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
309 'keyword': [], 'title': 'i1', 'nosy': [], 'messages': [], |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
310 'priority': None, 'assignedto': None, 'superseder': []}, |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
311 {'files': [], 'status': '1', 'tx_Source': 'web', |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
312 'keyword': [], 'title': 'i2', 'nosy': [], 'messages': [], |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
313 'priority': None, 'assignedto': None, 'superseder': []}] |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
314 for n, r in enumerate(result): |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
315 self.assertEqual(r, results[n]) |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
316 |
|
5033
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
317 |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
318 class anydbmXmlrpcTest(XmlrpcTest, unittest.TestCase): |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
319 backend = 'anydbm' |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
320 |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
321 |
|
5036
380d8d8b30a3
Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents:
5033
diff
changeset
|
322 @skip_mysql |
|
5033
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
323 class mysqlXmlrpcTest(XmlrpcTest, unittest.TestCase): |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
324 backend = 'mysql' |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
325 |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
326 |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
327 class sqliteXmlrpcTest(XmlrpcTest, unittest.TestCase): |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
328 backend = 'sqlite' |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
329 |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
330 |
|
5036
380d8d8b30a3
Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents:
5033
diff
changeset
|
331 @skip_postgresql |
|
5033
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
332 class postgresqlXmlrpcTest(XmlrpcTest, unittest.TestCase): |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
333 backend = 'postgresql' |