OLD | NEW |
(Empty) | |
| 1 # Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 # Use of this source code is govered by a BSD-style |
| 3 # license that can be found in the LICENSE file or at |
| 4 # https://developers.google.com/open-source/licenses/bsd |
| 5 |
| 6 """Unittests for the issueoptions JSON feed.""" |
| 7 |
| 8 import unittest |
| 9 |
| 10 import webapp2 |
| 11 |
| 12 from framework import permissions |
| 13 from proto import project_pb2 |
| 14 from services import service_manager |
| 15 from testing import fake |
| 16 from testing import testing_helpers |
| 17 from tracker import issueoptions |
| 18 |
| 19 |
| 20 class IssueOptionsJSONTest(unittest.TestCase): |
| 21 |
| 22 def setUp(self): |
| 23 services = service_manager.Services( |
| 24 project=fake.ProjectService(), |
| 25 config=fake.ConfigService(), |
| 26 issue=fake.IssueService(), |
| 27 user=fake.UserService(), |
| 28 usergroup=fake.UserGroupService()) |
| 29 services.user.TestAddUser('user_111@domain.com', 111L) |
| 30 services.user.TestAddUser('user_222@domain.com', 222L) |
| 31 services.user.TestAddUser('user_333@domain.com', 333L) |
| 32 |
| 33 # User group 888 has members: user_555 and proj@monorail.com |
| 34 services.user.TestAddUser('group888@googlegroups.com', 888L) |
| 35 services.usergroup.TestAddGroupSettings(888L, 'group888@googlegroups.com') |
| 36 services.usergroup.TestAddMembers(888L, [555L, 1001L]) |
| 37 |
| 38 # User group 999 has members: user_111 and user_444 |
| 39 services.user.TestAddUser('group999@googlegroups.com', 999L) |
| 40 services.usergroup.TestAddGroupSettings(999L, 'group999@googlegroups.com') |
| 41 services.usergroup.TestAddMembers(999L, [111L, 444L]) |
| 42 |
| 43 self.project = services.project.TestAddProject('proj') |
| 44 self.project.owner_ids.extend([111L]) |
| 45 self.project.committer_ids.extend([222L]) |
| 46 self.project.contributor_ids.extend([333L]) |
| 47 self.servlet = issueoptions.IssueOptionsJSON( |
| 48 'req', webapp2.Response(), services=services) |
| 49 |
| 50 def RunHandleRequest(self, logged_in_user_id, perms, effective_ids=None): |
| 51 mr = testing_helpers.MakeMonorailRequest(project=self.project, perms=perms) |
| 52 mr.auth.user_id = logged_in_user_id |
| 53 if effective_ids: |
| 54 mr.auth.effective_ids = effective_ids |
| 55 json_data = self.servlet.HandleRequest(mr) |
| 56 return json_data |
| 57 |
| 58 def RunAndGetMemberEmails( |
| 59 self, logged_in_user_id, perms, effective_ids=None): |
| 60 json_data = self.RunHandleRequest( |
| 61 logged_in_user_id, perms, effective_ids=effective_ids) |
| 62 member_emails = [member['name'] for member in json_data['members']] |
| 63 return member_emails |
| 64 |
| 65 def VerifyMembersInFeeds(self, logged_in_user_id, perms, expected_visible): |
| 66 member_emails = self.RunAndGetMemberEmails(logged_in_user_id, perms) |
| 67 if expected_visible: |
| 68 self.assertEqual( |
| 69 ['user_111@domain.com', 'user_222@domain.com', |
| 70 'user_333@domain.com'], |
| 71 member_emails) |
| 72 else: |
| 73 self.assertEqual( |
| 74 ['user_111@domain.com', 'user_222@domain.com'], |
| 75 member_emails) |
| 76 |
| 77 def testHandleRequest_Normal(self): |
| 78 # Everyone can see everyone |
| 79 self.VerifyMembersInFeeds( |
| 80 111L, permissions.OWNER_ACTIVE_PERMISSIONSET, True) |
| 81 self.VerifyMembersInFeeds( |
| 82 222L, permissions.COMMITTER_ACTIVE_PERMISSIONSET, True) |
| 83 self.VerifyMembersInFeeds( |
| 84 333L, permissions.CONTRIBUTOR_ACTIVE_PERMISSIONSET, True) |
| 85 |
| 86 def testHandleRequest_HideMembers(self): |
| 87 self.project.only_owners_see_contributors = True |
| 88 # Only project owners and committers can see everyone. |
| 89 self.VerifyMembersInFeeds( |
| 90 111L, permissions.OWNER_ACTIVE_PERMISSIONSET, True) |
| 91 self.VerifyMembersInFeeds( |
| 92 222L, permissions.COMMITTER_ACTIVE_PERMISSIONSET, True) |
| 93 self.VerifyMembersInFeeds( |
| 94 333L, permissions.CONTRIBUTOR_ACTIVE_PERMISSIONSET, False) |
| 95 |
| 96 def testHandleRequest_MemberIsGroup(self): |
| 97 self.project.contributor_ids.extend([999L]) |
| 98 json_data = self.RunHandleRequest( |
| 99 999L, permissions.CONTRIBUTOR_ACTIVE_PERMISSIONSET) |
| 100 for member in json_data['members']: |
| 101 if member['name'] == 'group999@googlegroups.com': |
| 102 self.assertTrue(member['is_group']) |
| 103 else: |
| 104 self.assertNotIn('is_group', member) |
| 105 |
| 106 @unittest.skip('TODO(jrobbins): reimplement') |
| 107 def skip_testHandleRequest_Groups(self): |
| 108 self.project.contributor_ids.extend([888L, 999L]) |
| 109 |
| 110 # User 111 can see 444 because they are both in the same user group, |
| 111 # and he can see 555 because of the project-is-a-member-of-group rule. |
| 112 member_emails = self.RunAndGetMemberEmails( |
| 113 111L, permissions.OWNER_ACTIVE_PERMISSIONSET, |
| 114 effective_ids={111L, 999L}) |
| 115 self.assertIn('user_444@domain.com', member_emails) |
| 116 self.assertIn('user_555@domain.com', member_emails) |
| 117 |
| 118 # User 333 can see 555 because 555 is in a user group that includes |
| 119 # proj@monorail.com. |
| 120 member_emails = self.RunAndGetMemberEmails( |
| 121 333L, permissions.OWNER_ACTIVE_PERMISSIONSET) |
| 122 self.assertTrue('user_555@domain.com' in member_emails) |
| 123 |
| 124 self.project.only_owners_see_contributors = True |
| 125 |
| 126 # User 111 can see 444 and 555, hub-and-spoke does not limit |
| 127 # project owners. |
| 128 member_emails = self.RunAndGetMemberEmails( |
| 129 111L, permissions.OWNER_ACTIVE_PERMISSIONSET, |
| 130 effective_ids={111L, 999L}) |
| 131 self.assertTrue('user_444@domain.com' in member_emails) |
| 132 self.assertTrue('user_555@domain.com' in member_emails) |
| 133 |
| 134 # User 333 can no longer see 555 because the project-is-a- |
| 135 # member-of-group rule does not exend to contributors when |
| 136 # hub-and-spoke is set. In that mode, contributors are not |
| 137 # supposed to know about all the other users. |
| 138 member_emails = self.RunAndGetMemberEmails( |
| 139 333L, permissions.OWNER_ACTIVE_PERMISSIONSET) |
| 140 self.assertTrue('user_555@domain.com' in member_emails) |
| 141 |
| 142 def testHandleRequest_RestrictionLabels(self): |
| 143 json_data = self.RunHandleRequest( |
| 144 111L, permissions.OWNER_ACTIVE_PERMISSIONSET) |
| 145 labels = [lab['name'] for lab in json_data['labels']] |
| 146 self.assertIn('Restrict-View-EditIssue', labels) |
| 147 self.assertIn('Restrict-AddIssueComment-EditIssue', labels) |
| 148 self.assertIn('Restrict-View-CoreTeam', labels) |
| 149 |
| 150 |
| 151 class FilterMemberDataTest(unittest.TestCase): |
| 152 |
| 153 def setUp(self): |
| 154 services = service_manager.Services( |
| 155 project=fake.ProjectService(), |
| 156 config=fake.ConfigService(), |
| 157 issue=fake.IssueService(), |
| 158 user=fake.UserService()) |
| 159 self.owner_email = 'owner@dom.com' |
| 160 self.committer_email = 'commit@dom.com' |
| 161 self.contributor_email = 'contrib@dom.com' |
| 162 self.indirect_member_email = 'ind@dom.com' |
| 163 self.all_emails = [self.owner_email, self.committer_email, |
| 164 self.contributor_email, self.indirect_member_email] |
| 165 self.project = services.project.TestAddProject('proj') |
| 166 |
| 167 def DoFiltering(self, perms, unsigned_user=False): |
| 168 mr = testing_helpers.MakeMonorailRequest( |
| 169 project=self.project, perms=perms) |
| 170 if not unsigned_user: |
| 171 mr.auth.user_id = 111L |
| 172 mr.auth.user_view = testing_helpers.Blank(domain='jrobbins.org') |
| 173 return issueoptions._FilterMemberData( |
| 174 mr, [self.owner_email], [self.committer_email], |
| 175 [self.contributor_email], [self.indirect_member_email]) |
| 176 |
| 177 def testUnsignedUser_NormalProject(self): |
| 178 visible_members = self.DoFiltering( |
| 179 permissions.READ_ONLY_PERMISSIONSET, unsigned_user=True) |
| 180 self.assertItemsEqual( |
| 181 [self.owner_email, self.committer_email, self.contributor_email, |
| 182 self.indirect_member_email], |
| 183 visible_members) |
| 184 |
| 185 def testUnsignedUser_RestrictedProject(self): |
| 186 self.project.only_owners_see_contributors = True |
| 187 visible_members = self.DoFiltering( |
| 188 permissions.READ_ONLY_PERMISSIONSET, unsigned_user=True) |
| 189 self.assertItemsEqual( |
| 190 [self.owner_email, self.committer_email, self.indirect_member_email], |
| 191 visible_members) |
| 192 |
| 193 def testOwnersAndAdminsCanSeeAll_NormalProject(self): |
| 194 visible_members = self.DoFiltering( |
| 195 permissions.OWNER_ACTIVE_PERMISSIONSET) |
| 196 self.assertItemsEqual(self.all_emails, visible_members) |
| 197 |
| 198 visible_members = self.DoFiltering( |
| 199 permissions.ADMIN_PERMISSIONSET) |
| 200 self.assertItemsEqual(self.all_emails, visible_members) |
| 201 |
| 202 def testOwnersAndAdminsCanSeeAll_HubAndSpoke(self): |
| 203 self.project.only_owners_see_contributors = True |
| 204 |
| 205 visible_members = self.DoFiltering( |
| 206 permissions.OWNER_ACTIVE_PERMISSIONSET) |
| 207 self.assertItemsEqual(self.all_emails, visible_members) |
| 208 |
| 209 visible_members = self.DoFiltering( |
| 210 permissions.ADMIN_PERMISSIONSET) |
| 211 self.assertItemsEqual(self.all_emails, visible_members) |
| 212 |
| 213 visible_members = self.DoFiltering( |
| 214 permissions.COMMITTER_ACTIVE_PERMISSIONSET) |
| 215 self.assertItemsEqual(self.all_emails, visible_members) |
| 216 |
| 217 def testNonOwnersCanSeeAll_NormalProject(self): |
| 218 visible_members = self.DoFiltering( |
| 219 permissions.COMMITTER_ACTIVE_PERMISSIONSET) |
| 220 self.assertItemsEqual(self.all_emails, visible_members) |
| 221 |
| 222 visible_members = self.DoFiltering( |
| 223 permissions.CONTRIBUTOR_ACTIVE_PERMISSIONSET) |
| 224 self.assertItemsEqual(self.all_emails, visible_members) |
| 225 |
| 226 def testCommittersSeeOnlySameDomain_HubAndSpoke(self): |
| 227 self.project.only_owners_see_contributors = True |
| 228 |
| 229 visible_members = self.DoFiltering( |
| 230 permissions.CONTRIBUTOR_ACTIVE_PERMISSIONSET) |
| 231 self.assertItemsEqual( |
| 232 [self.owner_email, self.committer_email, self.indirect_member_email], |
| 233 visible_members) |
| 234 |
| 235 |
| 236 class BuildRestrictionChoicesTest(unittest.TestCase): |
| 237 |
| 238 def testBuildRestrictionChoices(self): |
| 239 project = project_pb2.Project() |
| 240 choices = issueoptions._BuildRestrictionChoices(project, [], []) |
| 241 self.assertEquals([], choices) |
| 242 |
| 243 choices = issueoptions._BuildRestrictionChoices( |
| 244 project, [], ['Hop', 'Jump']) |
| 245 self.assertEquals([], choices) |
| 246 |
| 247 freq = [('View', 'B', 'You need permission B to do anything'), |
| 248 ('A', 'B', 'You need B to use A')] |
| 249 choices = issueoptions._BuildRestrictionChoices(project, freq, []) |
| 250 expected = [dict(name='Restrict-View-B', |
| 251 doc='You need permission B to do anything'), |
| 252 dict(name='Restrict-A-B', |
| 253 doc='You need B to use A')] |
| 254 self.assertListEqual(expected, choices) |
| 255 |
| 256 extra_perms = project_pb2.Project.ExtraPerms( |
| 257 perms=['Over18', 'Over21']) |
| 258 project.extra_perms.append(extra_perms) |
| 259 choices = issueoptions._BuildRestrictionChoices( |
| 260 project, [], ['Drink', 'Smoke']) |
| 261 expected = [dict(name='Restrict-Drink-Over18', |
| 262 doc='Permission Over18 needed to use Drink'), |
| 263 dict(name='Restrict-Drink-Over21', |
| 264 doc='Permission Over21 needed to use Drink'), |
| 265 dict(name='Restrict-Smoke-Over18', |
| 266 doc='Permission Over18 needed to use Smoke'), |
| 267 dict(name='Restrict-Smoke-Over21', |
| 268 doc='Permission Over21 needed to use Smoke')] |
| 269 self.assertListEqual(expected, choices) |
| 270 |
| 271 |
| 272 if __name__ == '__main__': |
| 273 unittest.main() |
OLD | NEW |