Mercurial > p > roundup > code
comparison test/test_admin.py @ 6393:51a1a9b0f567
- issue2551062: AddPermission doesn't validate property names.
roundup-admin security stops output when it finds an invalid
property. It used to try to print the rest of the security
properties. So errors were lost in the output.
If roundup-admin is run non-interactively it exits with status 1
so it can be used in a script to validate the properties schema.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 06 May 2021 18:56:47 -0400 |
| parents | 6a6b4651be1f |
| children | ff4ab763f47c |
comparison
equal
deleted
inserted
replaced
| 6392:99455aeec1ae | 6393:51a1a9b0f567 |
|---|---|
| 680 'Back ends: anydbm, sqlite' | 680 'Back ends: anydbm, sqlite' |
| 681 ] | 681 ] |
| 682 print(out) | 682 print(out) |
| 683 self.assertTrue(expected[0] in out) | 683 self.assertTrue(expected[0] in out) |
| 684 self.assertTrue("Back ends:" in out) | 684 self.assertTrue("Back ends:" in out) |
| 685 | |
| 686 def testSecurity(self): | |
| 687 ''' Note the tests will fail if you run this under pdb. | |
| 688 the context managers capture the pdb prompts and this screws | |
| 689 up the stdout strings with (pdb) prefixed to the line. | |
| 690 ''' | |
| 691 import sys | |
| 692 | |
| 693 self.install_init() | |
| 694 self.admin=AdminTool() | |
| 695 | |
| 696 with captured_output() as (out, err): | |
| 697 sys.argv=['main', '-i', self.dirname, 'security' ] | |
| 698 ret = self.admin.main() | |
| 699 | |
| 700 result = """New Web users get the Role "User" | |
| 701 New Email users get the Role "User" | |
| 702 Role "admin": | |
| 703 User may create everything (Create) | |
| 704 User may edit everything (Edit) | |
| 705 User may restore everything (Restore) | |
| 706 User may retire everything (Retire) | |
| 707 User may view everything (View) | |
| 708 User may access the web interface (Web Access) | |
| 709 User may access the rest interface (Rest Access) | |
| 710 User may access the xmlrpc interface (Xmlrpc Access) | |
| 711 User may manipulate user Roles through the web (Web Roles) | |
| 712 User may use the email interface (Email Access) | |
| 713 Role "anonymous": | |
| 714 User may access the web interface (Web Access) | |
| 715 User is allowed to register new user (Register for "user" only) | |
| 716 User is allowed to access issue (View for "issue" only) | |
| 717 User is allowed to access file (View for "file" only) | |
| 718 User is allowed to access msg (View for "msg" only) | |
| 719 User is allowed to access keyword (View for "keyword" only) | |
| 720 User is allowed to access priority (View for "priority" only) | |
| 721 User is allowed to access status (View for "status" only) | |
| 722 (Search for "user" only) | |
| 723 Role "user": | |
| 724 User may access the web interface (Web Access) | |
| 725 User may use the email interface (Email Access) | |
| 726 User may access the rest interface (Rest Access) | |
| 727 User may access the xmlrpc interface (Xmlrpc Access) | |
| 728 User is allowed to access issue (View for "issue" only) | |
| 729 User is allowed to edit issue (Edit for "issue" only) | |
| 730 User is allowed to create issue (Create for "issue" only) | |
| 731 User is allowed to access file (View for "file" only) | |
| 732 User is allowed to edit file (Edit for "file" only) | |
| 733 User is allowed to create file (Create for "file" only) | |
| 734 User is allowed to access msg (View for "msg" only) | |
| 735 User is allowed to edit msg (Edit for "msg" only) | |
| 736 User is allowed to create msg (Create for "msg" only) | |
| 737 User is allowed to access keyword (View for "keyword" only) | |
| 738 User is allowed to edit keyword (Edit for "keyword" only) | |
| 739 User is allowed to create keyword (Create for "keyword" only) | |
| 740 User is allowed to access priority (View for "priority" only) | |
| 741 User is allowed to access status (View for "status" only) | |
| 742 (View for "user": ('id', 'organisation', 'phone', 'realname', 'timezone', 'username') only) | |
| 743 User is allowed to view their own user details (View for "user" only) | |
| 744 User is allowed to edit their own user details (Edit for "user": ('username', 'password', 'address', 'realname', 'phone', 'organisation', 'alternate_addresses', 'queries', 'timezone') only) | |
| 745 User is allowed to view their own and public queries (View for "query" only) | |
| 746 (Search for "query" only) | |
| 747 User is allowed to edit their queries (Edit for "query" only) | |
| 748 User is allowed to retire their queries (Retire for "query" only) | |
| 749 User is allowed to restore their queries (Restore for "query" only) | |
| 750 User is allowed to create queries (Create for "query" only) | |
| 751 """ | |
| 752 print(out.getvalue()) | |
| 753 | |
| 754 self.assertEqual(result, out.getvalue()) | |
| 755 self.assertEqual(ret, 0) | |
| 756 | |
| 757 def testSecurityInvalidAttribute(self): | |
| 758 ''' Test with an invalid attribute. | |
| 759 Note the tests will fail if you run this under pdb. | |
| 760 the context managers capture the pdb prompts and this screws | |
| 761 up the stdout strings with (pdb) prefixed to the line. | |
| 762 ''' | |
| 763 import sys | |
| 764 | |
| 765 self.maxDiff = None # we want full diff | |
| 766 | |
| 767 self.install_init() | |
| 768 | |
| 769 # edit in an invalid attribute/property | |
| 770 with open(self.dirname + "/schema.py", "r+") as f: | |
| 771 d = f.readlines() | |
| 772 f.seek(0) | |
| 773 for i in d: | |
| 774 if "organisation" in i: | |
| 775 i = i.replace("'id', 'organisation'","'id', 'organization'") | |
| 776 f.write(i) | |
| 777 f.truncate() | |
| 778 | |
| 779 self.admin=AdminTool() | |
| 780 | |
| 781 with captured_output() as (out, err): | |
| 782 sys.argv=['main', '-i', self.dirname, 'security' ] | |
| 783 ret = self.admin.main() | |
| 784 | |
| 785 result = """New Web users get the Role "User" | |
| 786 New Email users get the Role "User" | |
| 787 Role "admin": | |
| 788 User may create everything (Create) | |
| 789 User may edit everything (Edit) | |
| 790 User may restore everything (Restore) | |
| 791 User may retire everything (Retire) | |
| 792 User may view everything (View) | |
| 793 User may access the web interface (Web Access) | |
| 794 User may access the rest interface (Rest Access) | |
| 795 User may access the xmlrpc interface (Xmlrpc Access) | |
| 796 User may manipulate user Roles through the web (Web Roles) | |
| 797 User may use the email interface (Email Access) | |
| 798 Role "anonymous": | |
| 799 User may access the web interface (Web Access) | |
| 800 User is allowed to register new user (Register for "user" only) | |
| 801 User is allowed to access issue (View for "issue" only) | |
| 802 User is allowed to access file (View for "file" only) | |
| 803 User is allowed to access msg (View for "msg" only) | |
| 804 User is allowed to access keyword (View for "keyword" only) | |
| 805 User is allowed to access priority (View for "priority" only) | |
| 806 User is allowed to access status (View for "status" only) | |
| 807 (Search for "user" only) | |
| 808 Role "user": | |
| 809 User may access the web interface (Web Access) | |
| 810 User may use the email interface (Email Access) | |
| 811 User may access the rest interface (Rest Access) | |
| 812 User may access the xmlrpc interface (Xmlrpc Access) | |
| 813 User is allowed to access issue (View for "issue" only) | |
| 814 User is allowed to edit issue (Edit for "issue" only) | |
| 815 User is allowed to create issue (Create for "issue" only) | |
| 816 User is allowed to access file (View for "file" only) | |
| 817 User is allowed to edit file (Edit for "file" only) | |
| 818 User is allowed to create file (Create for "file" only) | |
| 819 User is allowed to access msg (View for "msg" only) | |
| 820 User is allowed to edit msg (Edit for "msg" only) | |
| 821 User is allowed to create msg (Create for "msg" only) | |
| 822 User is allowed to access keyword (View for "keyword" only) | |
| 823 User is allowed to edit keyword (Edit for "keyword" only) | |
| 824 User is allowed to create keyword (Create for "keyword" only) | |
| 825 User is allowed to access priority (View for "priority" only) | |
| 826 User is allowed to access status (View for "status" only) | |
| 827 (View for "user": ('id', 'organization', 'phone', 'realname', 'timezone', 'username') only) | |
| 828 | |
| 829 **Invalid properties for user: ['organization'] | |
| 830 | |
| 831 """ | |
| 832 print(out.getvalue()) | |
| 833 | |
| 834 self.assertEqual(result, out.getvalue()) | |
| 835 self.assertEqual(ret, 1) | |
| 685 | 836 |
| 686 def testSet(self): | 837 def testSet(self): |
| 687 ''' Note the tests will fail if you run this under pdb. | 838 ''' Note the tests will fail if you run this under pdb. |
| 688 the context managers capture the pdb prompts and this screws | 839 the context managers capture the pdb prompts and this screws |
| 689 up the stdout strings with (pdb) prefixed to the line. | 840 up the stdout strings with (pdb) prefixed to the line. |