Mercurial > p > roundup > code

annotate test/test_security.py @ 7167:f6b24a8524cd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Modify code to reduce runtime when testing The prior change to set default number of PBKDF2 rounds to 2000000 (2M) raised runtime in CI from 12 minutes to an hour. This commit checks to see if we are invoked from a pytest test using: if ("pytest" in sys.modules and "PYTEST_CURRENT_TEST" in os.environ): when no config object is present. I assume that the number of times we have a full config object is less than with a missing config object. See if this brings CI runtimes back down. It reduces runtimes on my local box, but.... Code adapted from https://stackoverflow.com/questions/25188119/test-if-code-is-executed-from-within-a-py-test-session/44595269#
author John Rouillard <rouilj@ieee.org>
date Sat, 25 Feb 2023 14:50:34 -0500
parents 970cd6d2b8ea
children 8b2287d850c8
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1 # Copyright (c) 2002 ekit.com Inc (http://www.ekit-inc.com/)
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2 #
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 # Permission is hereby granted, free of charge, to any person obtaining a copy
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
4 # of this software and associated documentation files (the "Software"), to deal
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
5 # in the Software without restriction, including without limitation the rights
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
6 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
7 # copies of the Software, and to permit persons to whom the Software is
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
8 # furnished to do so, subject to the following conditions:
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9 #
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10 # The above copyright notice and this permission notice shall be included in
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
11 # all copies or substantial portions of the Software.
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12 #
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
13 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
14 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
15 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
16 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
17 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
18 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
19 # SOFTWARE.
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
20
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5269
diff changeset
21 from __future__ import print_function
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
22 import os, unittest, shutil
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
23
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
24 from roundup import backends
4480
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
25 import roundup.password
5388
d26921b851c3 Python 3 preparation: make relative imports explicit.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5376
diff changeset
26 from .db_test_base import setupSchema, MyTestCase, config
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
27
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 4570
diff changeset
28
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 4570
diff changeset
29 class PermissionTest(MyTestCase, unittest.TestCase):
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
30 def setUp(self):
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
31 backend = backends.get_backend('anydbm')
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
32 # remove previous test, ignore errors
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
33 if os.path.exists(config.DATABASE):
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
34 shutil.rmtree(config.DATABASE)
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
35 os.makedirs(config.DATABASE + '/files')
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
36 self.db = backend.Database(config, 'admin')
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
37 setupSchema(self.db, 1, backend)
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
38
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
39 def testInterfaceSecurity(self):
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
40 ' test that the CGI and mailgw have initialised security OK '
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
41 # TODO: some asserts
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
42
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
43 def testInitialiseSecurity(self):
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
44 ei = self.db.security.addPermission(name="Edit", klass="issue",
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
45 description="User is allowed to edit issues")
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
46 self.db.security.addPermissionToRole('User', ei)
905
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
47 ai = self.db.security.addPermission(name="View", klass="issue",
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
48 description="User is allowed to access issues")
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
49 self.db.security.addPermissionToRole('User', ai)
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
50
3535
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
51 def testAdmin(self):
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
52 ei = self.db.security.addPermission(name="Edit", klass="issue",
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
53 description="User is allowed to edit issues")
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
54 self.db.security.addPermissionToRole('User', ei)
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
55 ei = self.db.security.addPermission(name="Edit", klass=None,
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
56 description="User is allowed to edit issues")
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
57 self.db.security.addPermissionToRole('Admin', ei)
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
58
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
59 u1 = self.db.user.create(username='one', roles='Admin')
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
60 u2 = self.db.user.create(username='two', roles='User')
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
61
5649
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5388
diff changeset
62 self.assertTrue(self.db.security.hasPermission('Edit', u1, None))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5388
diff changeset
63 self.assertTrue(not self.db.security.hasPermission('Edit', u2, None))
3535
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
64
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
65
905
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
66 def testGetPermission(self):
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
67 self.db.security.getPermission('Edit')
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
68 self.db.security.getPermission('View')
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
69 self.assertRaises(ValueError, self.db.security.getPermission, 'x')
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
70 self.assertRaises(ValueError, self.db.security.getPermission, 'Edit',
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
71 'fubar')
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
72
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
73 add = self.db.security.addPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
74 get = self.db.security.getPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
75
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
76 # class
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
77 ei = add(name="Edit", klass="issue")
5794
95a366d46065 Replace deprecated assertEquals with assertEqual and failUnlessRaises
John Rouillard <rouilj@ieee.org>
parents: 5649
diff changeset
78 self.assertEqual(get('Edit', 'issue'), ei)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
79 ai = add(name="View", klass="issue")
5794
95a366d46065 Replace deprecated assertEquals with assertEqual and failUnlessRaises
John Rouillard <rouilj@ieee.org>
parents: 5649
diff changeset
80 self.assertEqual(get('View', 'issue'), ai)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
81
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
82 # property
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
83 epi1 = add(name="Edit", klass="issue", properties=['title'])
5794
95a366d46065 Replace deprecated assertEquals with assertEqual and failUnlessRaises
John Rouillard <rouilj@ieee.org>
parents: 5649
diff changeset
84 self.assertEqual(get('Edit', 'issue', properties=['title']), epi1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
85 epi2 = add(name="Edit", klass="issue", properties=['title'],
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
86 props_only=True)
5794
95a366d46065 Replace deprecated assertEquals with assertEqual and failUnlessRaises
John Rouillard <rouilj@ieee.org>
parents: 5649
diff changeset
87 self.assertEqual(get('Edit', 'issue', properties=['title'], props_only=False), epi1)
95a366d46065 Replace deprecated assertEquals with assertEqual and failUnlessRaises
John Rouillard <rouilj@ieee.org>
parents: 5649
diff changeset
88 self.assertEqual(get('Edit', 'issue', properties=['title'], props_only=True), epi2)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
89 self.db.security.set_props_only_default(True)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
90 self.assertEqual(get('Edit', 'issue', properties=['title']), epi2)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
91 api1 = add(name="View", klass="issue", properties=['title'])
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
92 self.assertEqual(get('View', 'issue', properties=['title']), api1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
93 self.db.security.set_props_only_default(False)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
94 api2 = add(name="View", klass="issue", properties=['title'])
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
95 self.assertEqual(get('View', 'issue', properties=['title']), api2)
5795
10747e4e4ec4 replace assertNotEquals with assertNotEqual
John Rouillard <rouilj@ieee.org>
parents: 5794
diff changeset
96 self.assertNotEqual(get('View', 'issue', properties=['title']), api1)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
97
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
98 # check function
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
99 dummy = lambda: 0
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
100 eci = add(name="Edit", klass="issue", check=dummy)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
101 self.assertEqual(get('Edit', 'issue', check=dummy), eci)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
102 # props_only only makes sense if you are setting props.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
103 # make it a no-op unless properties is set.
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
104 self.assertEqual(get('Edit', 'issue', check=dummy,
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
105 props_only=True), eci)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
106 aci = add(name="View", klass="issue", check=dummy)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
107 self.assertEqual(get('View', 'issue', check=dummy), aci)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
108
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
109 # all
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
110 epci = add(name="Edit", klass="issue", properties=['title'],
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
111 check=dummy)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
112
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
113 self.db.security.set_props_only_default(False)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
114 # implicit props_only=False
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
115 self.assertEqual(get('Edit', 'issue', properties=['title'],
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
116 check=dummy), epci)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
117 # explicit props_only=False
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
118 self.assertEqual(get('Edit', 'issue', properties=['title'],
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
119 check=dummy, props_only=False), epci)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
120
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
121 # implicit props_only=True
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
122 self.db.security.set_props_only_default(True)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
123 self.assertRaises(ValueError, get, 'Edit', 'issue',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
124 properties=['title'],
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
125 check=dummy)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
126 # explicit props_only=False
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
127 self.assertRaises(ValueError, get, 'Edit', 'issue',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
128 properties=['title'],
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
129 check=dummy, props_only=True)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
130
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
131 apci = add(name="View", klass="issue", properties=['title'],
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
132 check=dummy)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
133 self.assertEqual(get('View', 'issue', properties=['title'],
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
134 check=dummy), apci)
905
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
135
5200
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
136 # Reset to default. Somehow this setting looks like it
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
137 # was bleeding through to other tests in test_xmlrpc.
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
138 # Is the security module being loaded only once for all tests??
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
139 self.db.security.set_props_only_default(False)
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
140
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
141 def testDBinit(self):
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
142 self.db.user.create(username="demo", roles='User')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
143 self.db.user.create(username="anonymous", roles='Anonymous')
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
144
905
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
145 def testAccessControls(self):
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
146 add = self.db.security.addPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
147 has = self.db.security.hasPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
148 addRole = self.db.security.addRole
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
149 addToRole = self.db.security.addPermissionToRole
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
150
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
151 none = self.db.user.create(username='none', roles='None')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
152
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
153 # test admin access
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
154 addRole(name='Super')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
155 addToRole('Super', add(name="Test"))
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
156 super = self.db.user.create(username='super', roles='Super')
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
157
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
158 # test class-level access
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
159 addRole(name='Role1')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
160 addToRole('Role1', add(name="Test", klass="test"))
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
161 user1 = self.db.user.create(username='user1', roles='Role1')
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
162 self.assertEqual(has('Test', user1, 'test'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
163 self.assertEqual(has('Test', super, 'test'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
164 self.assertEqual(has('Test', none, 'test'), 0)
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
165
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
166 # property
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
167 addRole(name='Role2')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
168 addToRole('Role2', add(name="Test", klass="test", properties=['a','b']))
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
169 user2 = self.db.user.create(username='user2', roles='Role2')
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
170
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
171 # check function
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
172 check_old_style = lambda db, userid, itemid: itemid == '2'
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
173 #def check_old_style(db, userid, itemid):
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
174 # print "checking userid, itemid: %r"%((userid,itemid),)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
175 # return(itemid == '2')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
176
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
177 # setup to check function new style. Make sure that
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
178 # other args are passed.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
179 def check(db,userid,itemid, **other):
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
180 prop = other['property']
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
181 prop = other['classname']
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
182 prop = other['permission']
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
183 return (itemid == '1')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
184
5269
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
185 # also create a check as a callable of a class
6268
bdcccd2b2141 Replace http:....roundup-tracker.org with https.
John Rouillard <rouilj@ieee.org>
parents: 5797
diff changeset
186 # https://issues.roundup-tracker.org/issue2550952
5269
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
187 class CheckClass(object):
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
188 def __call__(self, db,userid,itemid, **other):
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
189 prop = other['property']
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
190 prop = other['classname']
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
191 prop = other['permission']
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
192 return (itemid == '1')
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
193
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
194 addRole(name='Role3')
5269
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
195 # make sure check=CheckClass() and not check=CheckClass
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
196 # otherwise we get:
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
197 # inspectible <slot wrapper '__init__' of 'object' objects>
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
198 addToRole('Role3', add(name="Test", klass="test", check=CheckClass()))
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
199 user3 = self.db.user.create(username='user3', roles='Role3')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
200
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
201 addRole(name='Role4')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
202 addToRole('Role4', add(name="Test", klass="test", check=check,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
203 properties='a', props_only=True))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
204 user4 = self.db.user.create(username='user4', roles='Role4')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
205
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
206 self.db.security.set_props_only_default(props_only=True)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
207 addRole(name='Role5')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
208 addToRole('Role5', add(name="Test", klass="test",
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
209 check=check_old_style, properties=['a']))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
210 user5 = self.db.user.create(username='user5', roles='Role5')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
211
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
212 self.db.security.set_props_only_default(False)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
213 addRole(name='Role6')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
214 addToRole('Role6', add(name="Test", klass="test", check=check,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
215 properties=['a', 'b']))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
216 user6 = self.db.user.create(username='user6', roles='Role6')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
217
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
218 addRole(name='Role7')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
219 addToRole('Role7', add(name="Test", klass="test",
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
220 check=check_old_style,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
221 properties=['a', 'b']))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
222 user7 = self.db.user.create(username='user7', roles='Role7')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5269
diff changeset
223 print(user7)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
224
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
225 # *any* access to class
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
226 self.assertEqual(has('Test', user1, 'test'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
227 self.assertEqual(has('Test', user2, 'test'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
228 self.assertEqual(has('Test', user3, 'test'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
229 # user4 and user5 should not return true as the permission
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
230 # is limited to property checks
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
231 self.assertEqual(has('Test', user4, 'test'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
232 self.assertEqual(has('Test', user5, 'test'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
233 # user6 will will return access
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
234 self.assertEqual(has('Test', user6, 'test'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
235 # will work because check is ignored, if check was
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
236 # used this would work but next test would fail
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
237 self.assertEqual(has('Test', user7, 'test', itemid='2'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
238 # returns true because class tests ignore the check command
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
239 # if there is no itemid no check command is run
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
240 self.assertEqual(has('Test', user7, 'test'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
241 self.assertEqual(has('Test', none, 'test'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
242
3119
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
243
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
244 # *any* access to item
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
245 self.assertEqual(has('Test', user1, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
246 self.assertEqual(has('Test', user2, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
247 self.assertEqual(has('Test', user3, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
248 self.assertEqual(has('Test', user4, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
249 self.assertEqual(has('Test', user5, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
250 self.assertEqual(has('Test', user6, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
251 self.assertEqual(has('Test', user7, 'test', itemid='2'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
252 self.assertEqual(has('Test', user7, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
253 self.assertEqual(has('Test', super, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
254 self.assertEqual(has('Test', none, 'test', itemid='1'), 0)
3119
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
255
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
256 # now property test: no default itemid so check functions not run.
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
257 self.assertEqual(has('Test', user7, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
258 self.assertEqual(has('Test', user7, 'test', property='b'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
259 self.assertEqual(has('Test', user7, 'test', property='c'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
260
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
261 self.assertEqual(has('Test', user6, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
262 self.assertEqual(has('Test', user6, 'test', property='b'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
263 self.assertEqual(has('Test', user6, 'test', property='c'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
264
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
265 self.assertEqual(has('Test', user5, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
266 self.assertEqual(has('Test', user5, 'test', property='b'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
267 self.assertEqual(has('Test', user5, 'test', property='c'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
268
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
269 self.assertEqual(has('Test', user4, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
270 self.assertEqual(has('Test', user4, 'test', property='b'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
271 self.assertEqual(has('Test', user4, 'test', property='c'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
272
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
273 self.assertEqual(has('Test', user3, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
274 self.assertEqual(has('Test', user3, 'test', property='b'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
275 self.assertEqual(has('Test', user3, 'test', property='c'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
276
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
277 self.assertEqual(has('Test', user2, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
278 self.assertEqual(has('Test', user2, 'test', property='b'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
279 self.assertEqual(has('Test', user2, 'test', property='c'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
280 self.assertEqual(has('Test', user1, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
281 self.assertEqual(has('Test', user1, 'test', property='b'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
282 self.assertEqual(has('Test', user1, 'test', property='c'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
283 self.assertEqual(has('Test', super, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
284 self.assertEqual(has('Test', super, 'test', property='b'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
285 self.assertEqual(has('Test', super, 'test', property='c'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
286 self.assertEqual(has('Test', none, 'test', property='a'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
287 self.assertEqual(has('Test', none, 'test', property='b'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
288 self.assertEqual(has('Test', none, 'test', property='c'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
289 self.assertEqual(has('Test', none, 'test'), 0)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
290
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
291 # now check function
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
292 self.assertEqual(has('Test', user7, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
293 self.assertEqual(has('Test', user7, 'test', itemid='2'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
294 self.assertEqual(has('Test', user6, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
295 self.assertEqual(has('Test', user6, 'test', itemid='2'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
296 # check functions will not run for user4/user5 since the
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
297 # only perms are for properties only.
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
298 self.assertEqual(has('Test', user5, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
299 self.assertEqual(has('Test', user5, 'test', itemid='2'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
300 self.assertEqual(has('Test', user4, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
301 self.assertEqual(has('Test', user4, 'test', itemid='2'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
302 self.assertEqual(has('Test', user3, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
303 self.assertEqual(has('Test', user3, 'test', itemid='2'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
304 self.assertEqual(has('Test', user2, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
305 self.assertEqual(has('Test', user2, 'test', itemid='2'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
306 self.assertEqual(has('Test', user1, 'test', itemid='2'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
307 self.assertEqual(has('Test', user1, 'test', itemid='2'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
308 self.assertEqual(has('Test', super, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
309 self.assertEqual(has('Test', super, 'test', itemid='2'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
310 self.assertEqual(has('Test', none, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
311 self.assertEqual(has('Test', none, 'test', itemid='2'), 0)
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
312
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
313 # now mix property and check commands
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
314 # check is old style props_only = false
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
315 self.assertEqual(has('Test', user7, 'test', property="c",
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
316 itemid='2'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
317 self.assertEqual(has('Test', user7, 'test', property="c",
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
318 itemid='1'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
319
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
320 self.assertEqual(has('Test', user7, 'test', property="a",
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
321 itemid='2'), 1)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
322 self.assertEqual(has('Test', user7, 'test', property="a",
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
323 itemid='1'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
324
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
325 # check is new style props_only = false
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
326 self.assertEqual(has('Test', user6, 'test', itemid='2',
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
327 property='c'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
328 self.assertEqual(has('Test', user6, 'test', itemid='1',
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
329 property='c'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
330 self.assertEqual(has('Test', user6, 'test', itemid='2',
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
331 property='b'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
332 self.assertEqual(has('Test', user6, 'test', itemid='1',
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
333 property='b'), 1)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
334 self.assertEqual(has('Test', user6, 'test', itemid='2',
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
335 property='a'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
336 self.assertEqual(has('Test', user6, 'test', itemid='1',
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
337 property='a'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
338
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
339 # check is old style props_only = true
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
340 self.assertEqual(has('Test', user5, 'test', itemid='2',
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
341 property='b'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
342 self.assertEqual(has('Test', user5, 'test', itemid='1',
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
343 property='b'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
344 self.assertEqual(has('Test', user5, 'test', itemid='2',
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
345 property='a'), 1)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
346 self.assertEqual(has('Test', user5, 'test', itemid='1',
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
347 property='a'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
348
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
349 # check is new style props_only = true
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
350 self.assertEqual(has('Test', user4, 'test', itemid='2',
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
351 property='b'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
352 self.assertEqual(has('Test', user4, 'test', itemid='1',
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
353 property='b'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
354 self.assertEqual(has('Test', user4, 'test', itemid='2',
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
355 property='a'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
356 self.assertEqual(has('Test', user4, 'test', itemid='1',
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
357 property='a'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
358
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
359 def testTransitiveSearchPermissions(self):
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
360 add = self.db.security.addPermission
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
361 has = self.db.security.hasSearchPermission
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
362 addRole = self.db.security.addRole
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
363 addToRole = self.db.security.addPermissionToRole
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
364 addRole(name='User')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
365 addRole(name='Anonymous')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
366 addRole(name='Issue')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
367 addRole(name='Msg')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
368 addRole(name='UV')
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
369 user = self.db.user.create(username='user1', roles='User')
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
370 anon = self.db.user.create(username='anonymous', roles='Anonymous')
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
371 ui = self.db.user.create(username='user2', roles='Issue')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
372 uim = self.db.user.create(username='user3', roles='Issue,Msg')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
373 uimu = self.db.user.create(username='user4', roles='Issue,Msg,UV')
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
374 iv = add(name="View", klass="issue")
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
375 addToRole('User', iv)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
376 addToRole('Anonymous', iv)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
377 addToRole('Issue', iv)
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
378 ms = add(name="Search", klass="msg")
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
379 addToRole('User', ms)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
380 addToRole('Anonymous', ms)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
381 addToRole('Msg', ms)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
382 uv = add(name="View", klass="user")
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
383 addToRole('User', uv)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
384 addToRole('UV', uv)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
385 self.assertEqual(has(anon, 'issue', 'messages'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
386 self.assertEqual(has(anon, 'issue', 'messages.author'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
387 self.assertEqual(has(anon, 'issue', 'messages.author.username'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
388 self.assertEqual(has(anon, 'issue', 'messages.recipients'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
389 self.assertEqual(has(anon, 'issue', 'messages.recipients.username'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
390 self.assertEqual(has(user, 'issue', 'messages'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
391 self.assertEqual(has(user, 'issue', 'messages.author'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
392 self.assertEqual(has(user, 'issue', 'messages.author.username'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
393 self.assertEqual(has(user, 'issue', 'messages.recipients'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
394 self.assertEqual(has(user, 'issue', 'messages.recipients.username'), 1)
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
395
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
396 self.assertEqual(has(ui, 'issue', 'messages'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
397 self.assertEqual(has(ui, 'issue', 'messages.author'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
398 self.assertEqual(has(ui, 'issue', 'messages.author.username'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
399 self.assertEqual(has(ui, 'issue', 'messages.recipients'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
400 self.assertEqual(has(ui, 'issue', 'messages.recipients.username'), 0)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
401
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
402 self.assertEqual(has(uim, 'issue', 'messages'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
403 self.assertEqual(has(uim, 'issue', 'messages.author'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
404 self.assertEqual(has(uim, 'issue', 'messages.author.username'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
405 self.assertEqual(has(uim, 'issue', 'messages.recipients'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
406 self.assertEqual(has(uim, 'issue', 'messages.recipients.username'), 0)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
407
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
408 self.assertEqual(has(uimu, 'issue', 'messages'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
409 self.assertEqual(has(uimu, 'issue', 'messages.author'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
410 self.assertEqual(has(uimu, 'issue', 'messages.author.username'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
411 self.assertEqual(has(uimu, 'issue', 'messages.recipients'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
412 self.assertEqual(has(uimu, 'issue', 'messages.recipients.username'), 1)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
413
6626
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
414 # roundup.password has its own built-in tests, call them.
4480
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
415 def test_password(self):
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
416 roundup.password.test()
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
417
6626
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
418 # pretend import of crypt failed
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
419 orig_crypt = roundup.password.crypt
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
420 roundup.password.crypt = None
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
421 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
422 roundup.password.test_missing_crypt()
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
423 roundup.password.crypt = orig_crypt
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
424
7165
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
425 def test_pbkdf2_migrate_rounds(self):
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
426 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 10000
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
427
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
428 p = roundup.password.Password('sekrit', 'PBKDF2',
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
429 config=self.db.config)
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
430
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
431 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 2000000
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
432
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
433 self.assertEqual(p.needs_migration(config=self.db.config), True)
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
434
7167
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
435 def test_encodePasswordNoConfig(self):
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
436 # should run cleanly as we are in a test.
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
437 #
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
438 p = roundup.password.encodePassword('sekrit', 'PBKDF2')
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
439
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
440 del(os.environ["PYTEST_CURRENT_TEST"])
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
441 self.assertNotIn("PYTEST_CURRENT_TEST", os.environ)
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
442
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
443 with self.assertRaises(roundup.password.ConfigNotSet) as ctx:
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
444 roundup.password.encodePassword('sekrit', 'PBKDF2')
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
445
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
446 # vim: set filetype=python sts=4 sw=4 et si :
Roundup Issue Tracker: http://roundup-tracker.org/