Mercurial > p > roundup > code
annotate test/test_xmlrpc.py @ 5548:fea11d05110e
Avoid errors from selecting "no selection" on multilink (issue2550722).
As discussed in issue 2550722 there are various cases where selecting
"no selection" on a multilink can result in inappropriate errors from
Roundup:
* If selecting "no selection" produces a null edit (a value was set in
the multilink in an edit with an error, then removed again, along
with all other changes, in the next form submission), so the page is
rendered from the form contents including the "-<id>" value for "no
selection" for the multilink.
* If creating an item with a nonempty value for a multilink has an
error, and the resubmission changes that multilink to "no selection"
(and this in turn has subcases, according to whether the creation
then succeeds or fails on the resubmission, which need fixes in
different places in the Roundup code).
All of these cases have in common that it is expected and OK to have a
"-<id>" value for a submission for a multilink when <id> is not set in
that multilink in the database (because the original attempt to set
<id> in that multilink had an error), so the hyperdb.py logic to give
an error in that case is thus removed. In the subcase of the second
case where the resubmission with "no selection" has an error, the
templating code tries to produce a menu entry for the "-<id>"
multilink value, which also results in an error, hence the
templating.py change to ignore such values in the list for a
multilink.
| author | Joseph Myers <jsm@polyomino.org.uk> |
|---|---|
| date | Thu, 27 Sep 2018 11:33:01 +0000 |
| parents | 7f3dfdd6a620 |
| children | 58817c3bf471 |
| rev | line source |
|---|---|
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
1 # |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
2 # Copyright (C) 2007 Stefan Seefeld |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
3 # All rights reserved. |
| 3839 | 4 # For license terms see the file COPYING.txt. |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
5 # |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
6 |
|
5376
64b05e24dbd8
Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5248
diff
changeset
|
7 from __future__ import print_function |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
8 import unittest, os, shutil, errno, sys, difflib, cgi, re |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
9 |
|
5408
e46ce04d5bbc
Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5388
diff
changeset
|
10 from roundup.anypy import xmlrpc_ |
|
e46ce04d5bbc
Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5388
diff
changeset
|
11 MultiCall = xmlrpc_.client.MultiCall |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
12 from roundup.cgi.exceptions import * |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
13 from roundup import init, instance, password, hyperdb, date |
|
4793
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
14 from roundup.xmlrpc import RoundupInstance, RoundupDispatcher |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
15 from roundup.backends import list_backends |
| 4781 | 16 from roundup.hyperdb import String |
|
4793
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
17 from roundup.cgi import TranslationService |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
18 |
|
5388
d26921b851c3
Python 3 preparation: make relative imports explicit.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5385
diff
changeset
|
19 from . import db_test_base |
|
5036
380d8d8b30a3
Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents:
5033
diff
changeset
|
20 from .test_mysql import skip_mysql |
|
380d8d8b30a3
Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents:
5033
diff
changeset
|
21 from .test_postgresql import skip_postgresql |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
22 |
|
5033
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
23 |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
24 class XmlrpcTest(object): |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
25 |
|
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
26 backend = None |
|
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
27 |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
28 def setUp(self): |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
29 self.dirname = '_test_xmlrpc' |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
30 # set up and open a tracker |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
31 self.instance = db_test_base.setupTracker(self.dirname, self.backend) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
32 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
33 # open the database |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
34 self.db = self.instance.open('admin') |
| 4781 | 35 |
|
5376
64b05e24dbd8
Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5248
diff
changeset
|
36 print("props_only default", self.db.security.get_props_only_default()) |
|
5199
1f72b73d7770
Still trying to figure out why travis ci fails without a call to
John Rouillard <rouilj@ieee.org>
parents:
5198
diff
changeset
|
37 |
| 4781 | 38 # Get user id (user4 maybe). Used later to get data from db. |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
39 self.joeid = 'user' + self.db.user.create(username='joe', |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
40 password=password.Password('random'), address='random@home.org', |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
41 realname='Joe Random', roles='User') |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
42 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
43 self.db.commit() |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
44 self.db.close() |
| 4083 | 45 self.db = self.instance.open('joe') |
| 4781 | 46 |
| 47 self.db.tx_Source = 'web' | |
| 48 | |
| 49 self.db.issue.addprop(tx_Source=hyperdb.String()) | |
| 50 self.db.msg.addprop(tx_Source=hyperdb.String()) | |
| 51 | |
| 52 self.db.post_init() | |
| 53 | |
|
4795
dad18ee491a9
Fix minor problems in tests
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4793
diff
changeset
|
54 thisdir = os.path.dirname(__file__) |
| 4781 | 55 vars = {} |
|
5385
e9fb7c539a52
Python 3 preparation: use exec(compile(open().read())) instead of execfile().
Joseph Myers <jsm@polyomino.org.uk>
parents:
5376
diff
changeset
|
56 exec(compile(open(os.path.join(thisdir, |
|
e9fb7c539a52
Python 3 preparation: use exec(compile(open().read())) instead of execfile().
Joseph Myers <jsm@polyomino.org.uk>
parents:
5376
diff
changeset
|
57 "tx_Source_detector.py")).read(), |
|
e9fb7c539a52
Python 3 preparation: use exec(compile(open().read())) instead of execfile().
Joseph Myers <jsm@polyomino.org.uk>
parents:
5376
diff
changeset
|
58 os.path.join(thisdir, "tx_Source_detector.py"), 'exec'), |
|
e9fb7c539a52
Python 3 preparation: use exec(compile(open().read())) instead of execfile().
Joseph Myers <jsm@polyomino.org.uk>
parents:
5376
diff
changeset
|
59 vars) |
| 4781 | 60 vars['init'](self.db) |
| 61 | |
| 4083 | 62 self.server = RoundupInstance(self.db, self.instance.actions, None) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
63 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
64 def tearDown(self): |
|
4104
d8c2d214d688
do all the pre-release stuff...
Richard Jones <richard@users.sourceforge.net>
parents:
4083
diff
changeset
|
65 self.db.close() |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
66 try: |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
67 shutil.rmtree(self.dirname) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5199
diff
changeset
|
68 except OSError as error: |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
69 if error.errno not in (errno.ENOENT, errno.ESRCH): raise |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
70 |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
71 def testAccess(self): |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
72 # Retrieve all three users. |
| 4083 | 73 results = self.server.list('user', 'id') |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
74 self.assertEqual(len(results), 3) |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
75 |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
76 # Obtain data for 'joe'. |
| 4083 | 77 results = self.server.display(self.joeid) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
78 self.assertEqual(results['username'], 'joe') |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
79 self.assertEqual(results['realname'], 'Joe Random') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
80 |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
81 def testChange(self): |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
82 # Reset joe's 'realname'. |
| 4083 | 83 results = self.server.set(self.joeid, 'realname=Joe Doe') |
| 84 results = self.server.display(self.joeid, 'realname') | |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
85 self.assertEqual(results['realname'], 'Joe Doe') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
86 |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
87 # check we can't change admin's details |
| 4083 | 88 self.assertRaises(Unauthorised, self.server.set, 'user1', 'realname=Joe Doe') |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
89 |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
90 def testCreate(self): |
| 4083 | 91 results = self.server.create('issue', 'title=foo') |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
92 issueid = 'issue' + results |
| 4083 | 93 results = self.server.display(issueid, 'title') |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
94 self.assertEqual(results['title'], 'foo') |
| 4781 | 95 self.assertEqual(self.db.issue.get('1', "tx_Source"), 'web') |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
96 |
|
3992
fe2af84a5ca5
allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents:
3973
diff
changeset
|
97 def testFileCreate(self): |
| 4083 | 98 results = self.server.create('file', 'content=hello\r\nthere') |
|
3992
fe2af84a5ca5
allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents:
3973
diff
changeset
|
99 fileid = 'file' + results |
| 4083 | 100 results = self.server.display(fileid, 'content') |
|
3992
fe2af84a5ca5
allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents:
3973
diff
changeset
|
101 self.assertEqual(results['content'], 'hello\r\nthere') |
|
fe2af84a5ca5
allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents:
3973
diff
changeset
|
102 |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
103 def testSchema(self): |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
104 schema={'status': [('name', '<roundup.hyperdb.String>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
105 ('order', '<roundup.hyperdb.Number>')], |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
106 'keyword': [('name', '<roundup.hyperdb.String>')], |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
107 'priority': [('name', '<roundup.hyperdb.String>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
108 ('order', '<roundup.hyperdb.Number>')], |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
109 'user': [('address', '<roundup.hyperdb.String>'), |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
110 ('alternate_addresses', '<roundup.hyperdb.String>'), |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
111 ('organisation', '<roundup.hyperdb.String>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
112 ('password', '<roundup.hyperdb.Password>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
113 ('phone', '<roundup.hyperdb.String>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
114 ('queries', '<roundup.hyperdb.Multilink to "query">'), |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
115 ('realname', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
116 ('roles', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
117 ('timezone', '<roundup.hyperdb.String>'), |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
118 ('username', '<roundup.hyperdb.String>')], |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
119 'file': [('content', '<roundup.hyperdb.String>'), |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
120 ('name', '<roundup.hyperdb.String>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
121 ('type', '<roundup.hyperdb.String>')], |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
122 'msg': [('author', '<roundup.hyperdb.Link to "user">'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
123 ('content', '<roundup.hyperdb.String>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
124 ('date', '<roundup.hyperdb.Date>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
125 ('files', '<roundup.hyperdb.Multilink to "file">'), |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
126 ('inreplyto', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
127 ('messageid', '<roundup.hyperdb.String>'), |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
128 ('recipients', '<roundup.hyperdb.Multilink to "user">'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
129 ('summary', '<roundup.hyperdb.String>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
130 ('tx_Source', '<roundup.hyperdb.String>'), |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
131 ('type', '<roundup.hyperdb.String>')], |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
132 'query': [('klass', '<roundup.hyperdb.String>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
133 ('name', '<roundup.hyperdb.String>'), |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
134 ('private_for', '<roundup.hyperdb.Link to "user">'), |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
135 ('url', '<roundup.hyperdb.String>')], |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
136 'issue': [('assignedto', '<roundup.hyperdb.Link to "user">'), |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
137 ('files', '<roundup.hyperdb.Multilink to "file">'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
138 ('keyword', '<roundup.hyperdb.Multilink to "keyword">'), |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
139 ('messages', '<roundup.hyperdb.Multilink to "msg">'), |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
140 ('nosy', '<roundup.hyperdb.Multilink to "user">'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
141 ('priority', '<roundup.hyperdb.Link to "priority">'), |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
142 ('status', '<roundup.hyperdb.Link to "status">'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
143 ('superseder', '<roundup.hyperdb.Multilink to "issue">'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
144 ('title', '<roundup.hyperdb.String>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
145 ('tx_Source', '<roundup.hyperdb.String>')]} |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
146 |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
147 results = self.server.schema() |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
148 self.assertEqual(results, schema) |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
149 |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
150 def testLookup(self): |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
151 self.assertRaises(KeyError, self.server.lookup, 'user', '1') |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
152 results = self.server.lookup('user', 'admin') |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
153 self.assertEqual(results, '1') |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
154 |
| 4083 | 155 def testAction(self): |
| 156 # As this action requires special previledges, we temporarily switch | |
| 157 # to 'admin' | |
| 158 self.db.setCurrentUser('admin') | |
| 159 users_before = self.server.list('user') | |
| 160 try: | |
| 161 tmp = 'user' + self.db.user.create(username='tmp') | |
| 162 self.server.action('retire', tmp) | |
| 163 finally: | |
| 164 self.db.setCurrentUser('joe') | |
| 165 users_after = self.server.list('user') | |
| 166 self.assertEqual(users_before, users_after) | |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
167 |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
168 # test a bogus action |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
169 with self.assertRaises(Exception) as cm: |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
170 self.server.action('bogus') |
|
5376
64b05e24dbd8
Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5248
diff
changeset
|
171 print(cm.exception) |
|
5471
28613ada27db
check excpetion.args instead of exception.message
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5408
diff
changeset
|
172 self.assertEqual(cm.exception.args[0], |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
173 'action "bogus" is not supported ') |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
174 |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
175 def testAuthDeniedEdit(self): |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
176 # Wrong permissions (caught by roundup security module). |
|
3829
d0ac8188d274
Re-add failing test to make sure permissions are respected.
Stefan Seefeld <stefan@seefeld.name>
parents:
3828
diff
changeset
|
177 self.assertRaises(Unauthorised, self.server.set, |
| 4083 | 178 'user1', 'realname=someone') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
179 |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
180 def testAuthDeniedCreate(self): |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
181 self.assertRaises(Unauthorised, self.server.create, |
| 4083 | 182 'user', {'username': 'blah'}) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
183 |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
184 def testAuthAllowedEdit(self): |
| 4083 | 185 self.db.setCurrentUser('admin') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
186 try: |
|
4241
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
187 try: |
|
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
188 self.server.set('user2', 'realname=someone') |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5199
diff
changeset
|
189 except Unauthorised as err: |
|
4241
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
190 self.fail('raised %s'%err) |
| 4083 | 191 finally: |
| 192 self.db.setCurrentUser('joe') | |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
193 |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
194 def testAuthAllowedCreate(self): |
| 4083 | 195 self.db.setCurrentUser('admin') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
196 try: |
|
4241
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
197 try: |
|
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
198 self.server.create('user', 'username=blah') |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5199
diff
changeset
|
199 except Unauthorised as err: |
|
4241
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
200 self.fail('raised %s'%err) |
| 4083 | 201 finally: |
| 202 self.db.setCurrentUser('joe') | |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
203 |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
204 def testAuthFilter(self): |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
205 # this checks if we properly check for search permissions |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
206 self.db.security.permissions = {} |
|
5199
1f72b73d7770
Still trying to figure out why travis ci fails without a call to
John Rouillard <rouilj@ieee.org>
parents:
5198
diff
changeset
|
207 # self.db.security.set_props_only_default(props_only=False) |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
208 self.db.security.addRole(name='User') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
209 self.db.security.addRole(name='Project') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
210 self.db.security.addPermissionToRole('User', 'Web Access') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
211 self.db.security.addPermissionToRole('Project', 'Web Access') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
212 # Allow viewing keyword |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
213 p = self.db.security.addPermission(name='View', klass='keyword') |
|
5376
64b05e24dbd8
Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5248
diff
changeset
|
214 print("View keyword class: %r"%p) |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
215 self.db.security.addPermissionToRole('User', p) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
216 # Allow viewing interesting things (but not keyword) on issue |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
217 # But users might only view issues where they are on nosy |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
218 # (so in the real world the check method would be better) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
219 p = self.db.security.addPermission(name='View', klass='issue', |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
220 properties=("title", "status"), check=lambda x,y,z: True) |
|
5376
64b05e24dbd8
Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5248
diff
changeset
|
221 print("View keyword class w/ props: %r"%p) |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
222 self.db.security.addPermissionToRole('User', p) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
223 # Allow role "Project" access to whole issue |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
224 p = self.db.security.addPermission(name='View', klass='issue') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
225 self.db.security.addPermissionToRole('Project', p) |
|
4446
17f796a78647
fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
226 # Allow all access to status: |
|
17f796a78647
fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
227 p = self.db.security.addPermission(name='View', klass='status') |
|
17f796a78647
fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
228 self.db.security.addPermissionToRole('User', p) |
|
17f796a78647
fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
229 self.db.security.addPermissionToRole('Project', p) |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
230 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
231 keyword = self.db.keyword |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
232 status = self.db.status |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
233 issue = self.db.issue |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
234 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
235 d1 = keyword.create(name='d1') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
236 d2 = keyword.create(name='d2') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
237 open = status.create(name='open') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
238 closed = status.create(name='closed') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
239 issue.create(title='i1', status=open, keyword=[d2]) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
240 issue.create(title='i2', status=open, keyword=[d1]) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
241 issue.create(title='i2', status=closed, keyword=[d1]) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
242 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
243 chef = self.db.user.create(username = 'chef', roles='User, Project') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
244 joe = self.db.user.lookup('joe') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
245 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
246 # Conditionally allow view of whole issue (check is False here, |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
247 # this might check for keyword owner in the real world) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
248 p = self.db.security.addPermission(name='View', klass='issue', |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
249 check=lambda x,y,z: False) |
|
5376
64b05e24dbd8
Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5248
diff
changeset
|
250 print("View issue class: %r"%p) |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
251 self.db.security.addPermissionToRole('User', p) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
252 # Allow user to search for issue.status |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
253 p = self.db.security.addPermission(name='Search', klass='issue', |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
254 properties=("status",)) |
|
5376
64b05e24dbd8
Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5248
diff
changeset
|
255 print("View Search class w/ props: %r"%p) |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
256 self.db.security.addPermissionToRole('User', p) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
257 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
258 keyw = {'keyword':self.db.keyword.lookup('d1')} |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
259 stat = {'status':self.db.status.lookup('open')} |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
260 keygroup = keysort = [('+', 'keyword')] |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
261 self.db.commit() |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
262 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
263 # Filter on keyword ignored for role 'User': |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
264 r = self.server.filter('issue', None, keyw) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
265 self.assertEqual(r, ['1', '2', '3']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
266 # Filter on status works for all: |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
267 r = self.server.filter('issue', None, stat) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
268 self.assertEqual(r, ['1', '2']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
269 # Sorting and grouping for class User fails: |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
270 r = self.server.filter('issue', None, {}, sort=keysort) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
271 self.assertEqual(r, ['1', '2', '3']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
272 r = self.server.filter('issue', None, {}, group=keygroup) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
273 self.assertEqual(r, ['1', '2', '3']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
274 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
275 self.db.close() |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
276 self.db = self.instance.open('chef') |
| 4781 | 277 self.db.tx_Source = 'web' |
| 278 | |
| 279 self.db.issue.addprop(tx_Source=hyperdb.String()) | |
| 280 self.db.msg.addprop(tx_Source=hyperdb.String()) | |
| 281 self.db.post_init() | |
| 282 | |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
283 self.server = RoundupInstance(self.db, self.instance.actions, None) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
284 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
285 # Filter on keyword works for role 'Project': |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
286 r = self.server.filter('issue', None, keyw) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
287 self.assertEqual(r, ['2', '3']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
288 # Filter on status works for all: |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
289 r = self.server.filter('issue', None, stat) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
290 self.assertEqual(r, ['1', '2']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
291 # Sorting and grouping for class Project works: |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
292 r = self.server.filter('issue', None, {}, sort=keysort) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
293 self.assertEqual(r, ['2', '3', '1']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
294 r = self.server.filter('issue', None, {}, group=keygroup) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
295 self.assertEqual(r, ['2', '3', '1']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
296 |
|
4793
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
297 def testMulticall(self): |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
298 translator = TranslationService.get_translation( |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
299 language=self.instance.config["TRACKER_LANGUAGE"], |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
300 tracker_home=self.instance.config["TRACKER_HOME"]) |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
301 self.server = RoundupDispatcher(self.db, self.instance.actions, |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
302 translator, allow_none = True) |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
303 class S: |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
304 multicall=self.server.funcs['system.multicall'] |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
305 self.server.system = S() |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
306 self.db.issue.create(title='i1') |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
307 self.db.issue.create(title='i2') |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
308 m = MultiCall(self.server) |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
309 m.display('issue1') |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
310 m.display('issue2') |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
311 result = m() |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
312 results = [ |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
313 {'files': [], 'status': '1', 'tx_Source': 'web', |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
314 'keyword': [], 'title': 'i1', 'nosy': [], 'messages': [], |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
315 'priority': None, 'assignedto': None, 'superseder': []}, |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
316 {'files': [], 'status': '1', 'tx_Source': 'web', |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
317 'keyword': [], 'title': 'i2', 'nosy': [], 'messages': [], |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
318 'priority': None, 'assignedto': None, 'superseder': []}] |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
319 for n, r in enumerate(result): |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
320 self.assertEqual(r, results[n]) |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
321 |
|
5033
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
322 |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
323 class anydbmXmlrpcTest(XmlrpcTest, unittest.TestCase): |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
324 backend = 'anydbm' |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
325 |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
326 |
|
5036
380d8d8b30a3
Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents:
5033
diff
changeset
|
327 @skip_mysql |
|
5033
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
328 class mysqlXmlrpcTest(XmlrpcTest, unittest.TestCase): |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
329 backend = 'mysql' |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
330 |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
331 |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
332 class sqliteXmlrpcTest(XmlrpcTest, unittest.TestCase): |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
333 backend = 'sqlite' |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
334 |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
335 |
|
5036
380d8d8b30a3
Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents:
5033
diff
changeset
|
336 @skip_postgresql |
|
5033
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
337 class postgresqlXmlrpcTest(XmlrpcTest, unittest.TestCase): |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
338 backend = 'postgresql' |