From c878c59bceac60de959e4b5c6bccf7561a6cb71d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89lie=20Bouttier?= Date: Tue, 2 Sep 2014 21:37:45 -0700 Subject: [PATCH] permissions tests --- ...st_views.json => test_accounts_views.json} | 0 accounts/tests.py | 2 +- permissions/fixtures/test_permissions.json | 99 +++ .../fixtures/test_permissions_views.json | 143 +++++ permissions/tests.py | 603 +++++++++++++++++- 5 files changed, 845 insertions(+), 2 deletions(-) rename accounts/fixtures/{test_views.json => test_accounts_views.json} (100%) create mode 100644 permissions/fixtures/test_permissions.json create mode 100644 permissions/fixtures/test_permissions_views.json diff --git a/accounts/fixtures/test_views.json b/accounts/fixtures/test_accounts_views.json similarity index 100% rename from accounts/fixtures/test_views.json rename to accounts/fixtures/test_accounts_views.json diff --git a/accounts/tests.py b/accounts/tests.py index 0b49aee..9b44feb 100644 --- a/accounts/tests.py +++ b/accounts/tests.py @@ -8,7 +8,7 @@ from accounts.models import * class TestViews(TestCase): - fixtures = ['test_views'] + fixtures = ['test_accounts_views'] def setUp(self): self.client.login(username='admin', password='admin') diff --git a/permissions/fixtures/test_permissions.json b/permissions/fixtures/test_permissions.json new file mode 100644 index 0000000..2db5214 --- /dev/null +++ b/permissions/fixtures/test_permissions.json @@ -0,0 +1,99 @@ +[ + { + "fields": { + "name": "group", + "permissions": [] + }, + "model": "auth.group", + "pk": 1 + }, + { + "fields": { + "date_joined": "2014-09-02T16:07:38.747Z", + "email": "", + "first_name": "", + "groups": [], + "is_active": true, + "is_staff": true, + "is_superuser": true, + "last_login": "2014-09-02T16:08:05.839Z", + "last_name": "", + "password": "pbkdf2_sha256$12000$z8uHznukGN2w$HDJtFsQFDuYyONnx5Ejwj1XWtCQToFNvNRlwIfnNEcw=", + "user_permissions": [], + "username": "admin" + }, + "model": "accounts.user", + "pk": 1 + }, + { + "fields": { + "date_joined": "2014-09-02T16:09:27.744Z", + "email": "", + "first_name": "", + "groups": [], + "is_active": true, + "is_staff": false, + "is_superuser": false, + "last_login": "2014-09-02T16:09:27.744Z", + "last_name": "", + "password": "pbkdf2_sha256$12000$ZyViBuyRbbPA$PlsNahF3uCKR95IQurfxf7EwAK3cnK5kn2ysV6+8TaE=", + "user_permissions": [], + "username": "user" + }, + "model": "accounts.user", + "pk": 2 + }, + { + "fields": { + "date_joined": "2014-09-02T16:48:07.271Z", + "email": "", + "first_name": "", + "groups": [], + "is_active": true, + "is_staff": false, + "is_superuser": false, + "last_login": "2014-09-02T16:48:07.271Z", + "last_name": "", + "password": "pbkdf2_sha256$12000$MEGMcVXtzJAc$8aunLFrw+FHAJl+CAH+e/aCvpeQkrZUd7CAlIJkKSsE=", + "user_permissions": [], + "username": "guess" + }, + "model": "accounts.user", + "pk": 3 + }, + { + "fields": { + "groups": [], + "name": "team", + "users": [] + }, + "model": "accounts.team", + "pk": 1 + }, + { + "fields": { + "access": 3, + "description": "", + "display_name": "Project 1", + "name": "project-1", + "subscribers": [ + 1 + ] + }, + "model": "tracker.project", + "pk": 1 + }, + { + "fields": { + "access": 3, + "description": "", + "display_name": "Project 2", + "name": "project-2", + "subscribers": [ + 1 + ] + }, + "model": "tracker.project", + "pk": 2 + } +] diff --git a/permissions/fixtures/test_permissions_views.json b/permissions/fixtures/test_permissions_views.json new file mode 100644 index 0000000..526e8e7 --- /dev/null +++ b/permissions/fixtures/test_permissions_views.json @@ -0,0 +1,143 @@ +[ + { + "fields": { + "name": "group", + "permissions": [] + }, + "model": "auth.group", + "pk": 1 + }, + { + "fields": { + "date_joined": "2014-09-02T16:07:38.747Z", + "email": "", + "first_name": "", + "groups": [], + "is_active": true, + "is_staff": true, + "is_superuser": true, + "last_login": "2014-09-02T16:08:05.839Z", + "last_name": "", + "password": "pbkdf2_sha256$12000$z8uHznukGN2w$HDJtFsQFDuYyONnx5Ejwj1XWtCQToFNvNRlwIfnNEcw=", + "user_permissions": [], + "username": "admin" + }, + "model": "accounts.user", + "pk": 1 + }, + { + "fields": { + "date_joined": "2014-09-02T16:09:27.744Z", + "email": "", + "first_name": "", + "groups": [], + "is_active": true, + "is_staff": false, + "is_superuser": false, + "last_login": "2014-09-02T16:09:27.744Z", + "last_name": "", + "password": "pbkdf2_sha256$12000$ZyViBuyRbbPA$PlsNahF3uCKR95IQurfxf7EwAK3cnK5kn2ysV6+8TaE=", + "user_permissions": [], + "username": "user" + }, + "model": "accounts.user", + "pk": 2 + }, + { + "fields": { + "date_joined": "2014-09-02T16:48:07.271Z", + "email": "", + "first_name": "", + "groups": [], + "is_active": true, + "is_staff": false, + "is_superuser": false, + "last_login": "2014-09-02T16:48:07.271Z", + "last_name": "", + "password": "pbkdf2_sha256$12000$MEGMcVXtzJAc$8aunLFrw+FHAJl+CAH+e/aCvpeQkrZUd7CAlIJkKSsE=", + "user_permissions": [], + "username": "guess" + }, + "model": "accounts.user", + "pk": 3 + }, + { + "fields": { + "groups": [], + "name": "team", + "users": [] + }, + "model": "accounts.team", + "pk": 1 + }, + { + "fields": { + "access": 3, + "description": "", + "display_name": "Project 1", + "name": "project-1", + "subscribers": [ + 1 + ] + }, + "model": "tracker.project", + "pk": 1 + }, + { + "fields": { + "access": 3, + "description": "", + "display_name": "Project 2", + "name": "project-2", + "subscribers": [ + 1 + ] + }, + "model": "tracker.project", + "pk": 2 + }, + { + "fields": { + "access_project": false, + "create_comment": false, + "create_issue": false, + "create_project": true, + "delete_comment": false, + "delete_issue": false, + "delete_project": false, + "delete_tags": false, + "grantee_id": 2, + "grantee_type": 0, + "manage_accounts": false, + "manage_global_permission": false, + "manage_issue": false, + "manage_project_permission": false, + "manage_settings": false, + "manage_tags": false, + "modify_comment": false, + "modify_issue": false, + "modify_project": false + }, + "model": "permissions.globalpermission", + "pk": 1 + }, + { + "fields": { + "create_comment": false, + "create_issue": false, + "delete_comment": false, + "delete_issue": false, + "delete_tags": false, + "grantee_id": 2, + "grantee_type": 0, + "manage_issue": false, + "manage_project_permission": true, + "manage_tags": false, + "modify_comment": false, + "modify_issue": false, + "project": 1 + }, + "model": "permissions.projectpermission", + "pk": 1 + } +] diff --git a/permissions/tests.py b/permissions/tests.py index 7ce503c..58cd819 100644 --- a/permissions/tests.py +++ b/permissions/tests.py @@ -1,3 +1,604 @@ from django.test import TestCase +from django.core.urlresolvers import reverse -# Create your tests here. +from permissions.models import * +from permissions.models import PermissionModel as PermModel +from accounts.models import * +from tracker.models import * + + +class TestViews(TestCase): + + fixtures = ['test_permissions_views'] + + def setUp(self): + self.client.login(username='admin', password='admin') + + def test_global_perm_list(self): + response = self.client.get(reverse('list-global-permission')) + self.assertEqual(response.status_code, 200) + self.assertContains(response, "Create project") + self.assertContains(response, "Access all project") + + def test_global_perm_add(self): + count = GlobalPermission.objects.count() + response = self.client.get(reverse('add-global-permission')) + self.assertEqual(response.status_code, 200) + # user + response = self.client.post(reverse('add-global-permission'), { + 'grantee_type': PermModel.GRANTEE_USER, + 'grantee_id': 42, + 'grantee_name': 'newuser', + }) + self.assertEqual(response.status_code, 200) + self.assertContains(response, 'does not exists') + user = User.objects.create(username='newuser') + response = self.client.post(reverse('add-global-permission'), { + 'grantee_type': PermModel.GRANTEE_USER, + 'grantee_id': 42, + 'grantee_name': user.username, + }) + self.assertRedirects(response, reverse('list-global-permission')) + self.assertEqual(GlobalPermission.objects.count(), count + 1) + # group + response = self.client.post(reverse('add-global-permission'), { + 'grantee_type': PermModel.GRANTEE_GROUP, + 'grantee_id': 42, + 'grantee_name': 'newgroup', + }) + self.assertEqual(response.status_code, 200) + self.assertContains(response, 'does not exists') + group = Group.objects.create(name='newgroup') + response = self.client.post(reverse('add-global-permission'), { + 'grantee_type': PermModel.GRANTEE_GROUP, + 'grantee_id': 42, + 'grantee_name': group.name, + }) + self.assertRedirects(response, reverse('list-global-permission')) + self.assertEqual(GlobalPermission.objects.count(), count + 2) + # team + response = self.client.post(reverse('add-global-permission'), { + 'grantee_type': PermModel.GRANTEE_TEAM, + 'grantee_id': 42, + 'grantee_name': 'newteam', + }) + self.assertEqual(response.status_code, 200) + self.assertContains(response, 'does not exists') + team = Team.objects.create(name='newteam') + response = self.client.post(reverse('add-global-permission'), { + 'grantee_type': PermModel.GRANTEE_TEAM, + 'grantee_id': 42, + 'grantee_name': team.name, + }) + self.assertRedirects(response, reverse('list-global-permission')) + self.assertEqual(GlobalPermission.objects.count(), count + 3) + + def test_global_perm_edit(self): + perm = GlobalPermission.objects.first() + response = self.client.get(reverse('edit-global-permission', args=[perm.id])) + self.assertEqual(response.status_code, 200) + # user + response = self.client.post(reverse('edit-global-permission', args=[perm.id]), { + 'grantee_type': PermModel.GRANTEE_USER, + 'grantee_id': 42, + 'grantee_name': 'newuser', + }) + self.assertEqual(response.status_code, 200) + self.assertContains(response, 'does not exists') + user = User.objects.create(username='newuser') + response = self.client.post(reverse('edit-global-permission', args=[perm.id]), { + 'grantee_type': PermModel.GRANTEE_USER, + 'grantee_id': 42, + 'grantee_name': user.username, + }) + self.assertRedirects(response, reverse('list-global-permission')) + perm = GlobalPermission.objects.get(pk=perm.pk) + self.assertEquals(user, perm.grantee) + # group + response = self.client.post(reverse('edit-global-permission', args=[perm.id]), { + 'grantee_type': PermModel.GRANTEE_GROUP, + 'grantee_id': 42, + 'grantee_name': 'newgroup', + }) + self.assertEqual(response.status_code, 200) + self.assertContains(response, 'does not exists') + group = Group.objects.create(name='newgroup') + response = self.client.post(reverse('edit-global-permission', args=[perm.id]), { + 'grantee_type': PermModel.GRANTEE_GROUP, + 'grantee_id': 42, + 'grantee_name': group.name, + }) + self.assertRedirects(response, reverse('list-global-permission')) + perm = GlobalPermission.objects.get(pk=perm.pk) + self.assertEquals(group, perm.grantee) + # team + response = self.client.post(reverse('edit-global-permission', args=[perm.id]), { + 'grantee_type': PermModel.GRANTEE_TEAM, + 'grantee_id': 42, + 'grantee_name': 'newteam', + }) + self.assertEqual(response.status_code, 200) + self.assertContains(response, 'does not exists') + team = Team.objects.create(name='newteam') + response = self.client.post(reverse('edit-global-permission', args=[perm.id]), { + 'grantee_type': PermModel.GRANTEE_TEAM, + 'grantee_id': 42, + 'grantee_name': team.name, + }) + self.assertRedirects(response, reverse('list-global-permission')) + perm = GlobalPermission.objects.get(pk=perm.pk) + self.assertEquals(team, perm.grantee) + + def test_global_perm_delete(self): + perm = GlobalPermission.objects.first() + count = GlobalPermission.objects.count() + response = self.client.get(reverse('delete-global-permission', args=[perm.id])) + self.assertEqual(response.status_code, 405) + response = self.client.post(reverse('delete-global-permission', args=[perm.id])) + self.assertRedirects(response, reverse('list-global-permission')) + self.assertEqual(GlobalPermission.objects.count(), count - 1) + + def test_global_perm_toggle(self): + perm = GlobalPermission.objects.first() + perm.create_project = True + perm.save() + response = self.client.get(reverse('toggle-global-permission', args=[perm.id, 'create_project'])) + self.assertEqual(response.status_code, 200) + self.assertEqual(response.content.decode('utf-8'), '0') + perm = GlobalPermission.objects.get(pk=perm.pk) + self.assertEqual(perm.create_project, False) + response = self.client.get(reverse('toggle-global-permission', args=[perm.id, 'create_project'])) + self.assertEqual(response.status_code, 200) + self.assertEqual(response.content.decode('utf-8'), '1') + perm = GlobalPermission.objects.get(pk=perm.pk) + self.assertEqual(perm.create_project, True) + + def test_project_perm_list(self): + project = Project.objects.first() + response = self.client.get(reverse('list-project-permission', args=[project.name])) + self.assertEqual(response.status_code, 200) + self.assertContains(response, "Create issue") + + def test_project_perm_add(self): + project = Project.objects.get(name='project-1') + wrongproject = Project.objects.get(name='project-2') + count = project.permissions.count() + response = self.client.get(reverse('add-project-permission', args=[project.name])) + self.assertEqual(response.status_code, 200) + # user + response = self.client.post(reverse('add-project-permission', args=[project.name]), { + 'project': project.id, + 'grantee_type': PermModel.GRANTEE_USER, + 'grantee_id': 42, + 'grantee_name': 'newuser', + }) + self.assertEqual(response.status_code, 200) + self.assertContains(response, 'does not exists') + user = User.objects.create(username='newuser') + response = self.client.post(reverse('add-project-permission', args=[project.name]), { + 'project': project.id, + 'grantee_type': PermModel.GRANTEE_USER, + 'grantee_id': 42, + 'grantee_name': user.username, + }) + self.assertRedirects(response, reverse('list-project-permission', args=[project.name])) + project = Project.objects.get(pk=project.pk) + self.assertEqual(project.permissions.count(), count + 1) + # group + response = self.client.post(reverse('add-project-permission', args=[project.name]), { + 'project': project.id, + 'grantee_type': PermModel.GRANTEE_GROUP, + 'grantee_id': 42, + 'grantee_name': 'newgroup', + }) + self.assertEqual(response.status_code, 200) + self.assertContains(response, 'does not exists') + group = Group.objects.create(name='newgroup') + response = self.client.post(reverse('add-project-permission', args=[project.name]), { + 'project': project.id, + 'grantee_type': PermModel.GRANTEE_GROUP, + 'grantee_id': 42, + 'grantee_name': group.name, + }) + self.assertRedirects(response, reverse('list-project-permission', args=[project.name])) + project = Project.objects.get(pk=project.pk) + self.assertEqual(project.permissions.count(), count + 2) + # team + response = self.client.post(reverse('add-project-permission', args=[project.name]), { + 'project': project.id, + 'grantee_type': PermModel.GRANTEE_TEAM, + 'grantee_id': 42, + 'grantee_name': 'newteam', + }) + self.assertEqual(response.status_code, 200) + self.assertContains(response, 'does not exists') + team = Team.objects.create(name='newteam') + response = self.client.post(reverse('add-project-permission', args=[project.name]), { + 'project': project.id, + 'grantee_type': PermModel.GRANTEE_TEAM, + 'grantee_id': 42, + 'grantee_name': team.name, + }) + self.assertRedirects(response, reverse('list-project-permission', args=[project.name])) + project = Project.objects.get(pk=project.pk) + self.assertEqual(project.permissions.count(), count + 3) + # wrong project + response = self.client.post(reverse('add-project-permission', args=[project.name]), { + 'project': wrongproject.id, + 'grantee_type': PermModel.GRANTEE_USER, + 'grantee_id': 42, + 'grantee_name': 'newuser', + }) + self.assertEqual(response.status_code, 403) + response = self.client.post(reverse('add-project-permission', args=[project.name]), { + 'project': 42, + 'grantee_type': PermModel.GRANTEE_USER, + 'grantee_id': 42, + 'grantee_name': 'newuser', + }) + self.assertEqual(response.status_code, 200) + + def test_project_perm_edit(self): + project = Project.objects.get(name='project-1') + wrongproject = Project.objects.get(name='project-2') + perm = project.permissions.first() + response = self.client.get(reverse('edit-project-permission', args=[project.name, perm.id])) + self.assertEqual(response.status_code, 200) + # user + response = self.client.post(reverse('edit-project-permission', args=[project.name, perm.id]), { + 'project': project.id, + 'grantee_type': PermModel.GRANTEE_USER, + 'grantee_id': 42, + 'grantee_name': 'newuser', + }) + self.assertEqual(response.status_code, 200) + self.assertContains(response, 'does not exists') + user = User.objects.create(username='newuser') + response = self.client.post(reverse('edit-project-permission', args=[project.name, perm.id]), { + 'project': project.id, + 'grantee_type': PermModel.GRANTEE_USER, + 'grantee_id': 42, + 'grantee_name': user.username, + }) + self.assertRedirects(response, reverse('list-project-permission', args=[project.name])) + perm = ProjectPermission.objects.get(pk=perm.pk) + self.assertEquals(user, perm.grantee) + # group + response = self.client.post(reverse('edit-project-permission', args=[project.name, perm.id]), { + 'project': project.id, + 'grantee_type': PermModel.GRANTEE_GROUP, + 'grantee_id': 42, + 'grantee_name': 'newgroup', + }) + self.assertEqual(response.status_code, 200) + self.assertContains(response, 'does not exists') + group = Group.objects.create(name='newgroup') + response = self.client.post(reverse('edit-project-permission', args=[project.name, perm.id]), { + 'project': project.id, + 'grantee_type': PermModel.GRANTEE_GROUP, + 'grantee_id': 42, + 'grantee_name': group.name, + }) + self.assertRedirects(response, reverse('list-project-permission', args=[project.name])) + perm = ProjectPermission.objects.get(pk=perm.pk) + self.assertEquals(group, perm.grantee) + # team + response = self.client.post(reverse('edit-project-permission', args=[project.name, perm.id]), { + 'project': project.id, + 'grantee_type': PermModel.GRANTEE_TEAM, + 'grantee_id': 42, + 'grantee_name': 'newteam', + }) + self.assertEqual(response.status_code, 200) + self.assertContains(response, 'does not exists') + team = Team.objects.create(name='newteam') + response = self.client.post(reverse('edit-project-permission', args=[project.name, perm.id]), { + 'project': project.id, + 'grantee_type': PermModel.GRANTEE_TEAM, + 'grantee_id': 42, + 'grantee_name': team.name, + }) + self.assertRedirects(response, reverse('list-project-permission', args=[project.name])) + perm = ProjectPermission.objects.get(pk=perm.pk) + self.assertEquals(team, perm.grantee) + # wrong project + response = self.client.post(reverse('edit-project-permission', args=[project.name, perm.id]), { + 'project': wrongproject.id, + 'grantee_type': PermModel.GRANTEE_USER, + 'grantee_id': 42, + 'grantee_name': 'newuser', + }) + self.assertEqual(response.status_code, 403) + response = self.client.post(reverse('edit-project-permission', args=[project.name, perm.id]), { + 'project': 42, + 'grantee_type': PermModel.GRANTEE_USER, + 'grantee_id': 42, + 'grantee_name': 'newuser', + }) + self.assertEqual(response.status_code, 200) + + def test_project_perm_delete(self): + project = Project.objects.get(name='project-1') + perm = project.permissions.first() + count = project.permissions.count() + ProjectPermission.objects.get(project=project, id=perm.id) + response = self.client.get(reverse('delete-project-permission', args=[project.name, perm.id])) + self.assertEqual(response.status_code, 405) + response = self.client.post(reverse('delete-project-permission', args=[project.name, perm.id])) + self.assertRedirects(response, reverse('list-project-permission', args=[project.name])) + project = Project.objects.get(pk=project.pk) + self.assertEqual(project.permissions.count(), count - 1) + + def test_project_perm_toggle(self): + project = Project.objects.get(name='project-1') + perm = project.permissions.first() + perm.create_issue = True + perm.save() + response = self.client.get(reverse('toggle-project-permission', args=[project.name, perm.id, 'create_issue'])) + self.assertEqual(response.status_code, 200) + self.assertEqual(response.content.decode('utf-8'), '0') + perm = ProjectPermission.objects.get(pk=perm.pk) + self.assertEqual(perm.create_issue, False) + response = self.client.get(reverse('toggle-project-permission', args=[project.name, perm.id, 'create_issue'])) + self.assertEqual(response.status_code, 200) + self.assertEqual(response.content.decode('utf-8'), '1') + perm = ProjectPermission.objects.get(pk=perm.pk) + self.assertEqual(perm.create_issue, True) + +class TestGlobalPerm(TestCase): + + fixtures = ['test_permissions'] + + def test_direct(self): + user = User.objects.get(username='user') + guess = User.objects.get(username='guess') + self.assertFalse(user.has_perm('create_project')) + self.assertFalse(user.has_perm('access_project')) + self.assertFalse(guess.has_perm('create_project')) + perm = GlobalPermission.objects.create( + grantee_type=PermModel.GRANTEE_USER, + grantee_id=user.id, + create_project=False, + access_project=False) + self.assertFalse(user.has_perm('create_project')) + self.assertFalse(user.has_perm('access_project')) + self.assertFalse(guess.has_perm('create_project')) + perm.create_project = True + perm.save() + self.assertTrue(user.has_perm('create_project')) + self.assertFalse(user.has_perm('access_project')) + self.assertFalse(guess.has_perm('create_project')) + perm.access_project = True + perm.save() + self.assertTrue(user.has_perm('create_project')) + self.assertTrue(user.has_perm('access_project')) + self.assertFalse(guess.has_perm('create_project')) + + def test_through_group(self): + user = User.objects.get(username='user') + guess = User.objects.get(username='guess') + group = Group.objects.get(name='group') + user.groups.add(group) + user.save() + self.assertFalse(user.has_perm('create_project')) + self.assertFalse(user.has_perm('access_project')) + self.assertFalse(guess.has_perm('create_project')) + perm = GlobalPermission.objects.create( + grantee_type=PermModel.GRANTEE_GROUP, + grantee_id=group.id, + create_project=False, + access_project=False) + self.assertFalse(user.has_perm('create_project')) + self.assertFalse(user.has_perm('access_project')) + self.assertFalse(guess.has_perm('create_project')) + perm.create_project = True + perm.save() + self.assertTrue(user.has_perm('create_project')) + self.assertFalse(user.has_perm('access_project')) + self.assertFalse(guess.has_perm('create_project')) + perm.access_project = True + perm.save() + self.assertTrue(user.has_perm('create_project')) + self.assertTrue(user.has_perm('access_project')) + self.assertFalse(guess.has_perm('create_project')) + + def test_through_team_direct(self): + user = User.objects.get(username='user') + guess = User.objects.get(username='guess') + team = Team.objects.get(name='team') + team.users.add(user) + team.save() + self.assertFalse(user.has_perm('create_project')) + self.assertFalse(user.has_perm('access_project')) + self.assertFalse(guess.has_perm('create_project')) + perm = GlobalPermission.objects.create( + grantee_type=PermModel.GRANTEE_TEAM, + grantee_id=team.id, + create_project=False, + access_project=False) + self.assertFalse(user.has_perm('create_project')) + self.assertFalse(user.has_perm('access_project')) + self.assertFalse(guess.has_perm('create_project')) + perm.create_project = True + perm.save() + self.assertTrue(user.has_perm('create_project')) + self.assertFalse(user.has_perm('access_project')) + self.assertFalse(guess.has_perm('create_project')) + perm.access_project = True + perm.save() + self.assertTrue(user.has_perm('create_project')) + self.assertTrue(user.has_perm('access_project')) + self.assertFalse(guess.has_perm('create_project')) + + def test_through_team_throught_group(self): + user = User.objects.get(username='user') + guess = User.objects.get(username='guess') + group = Group.objects.get(name='group') + team = Team.objects.get(name='team') + user.groups.add(group) + user.save() + team.groups.add(group) + team.save() + self.assertFalse(user.has_perm('create_project')) + self.assertFalse(user.has_perm('access_project')) + self.assertFalse(guess.has_perm('create_project')) + perm = GlobalPermission.objects.create( + grantee_type=PermModel.GRANTEE_TEAM, + grantee_id=team.id, + create_project=False, + access_project=False) + self.assertFalse(user.has_perm('create_project')) + self.assertFalse(user.has_perm('access_project')) + self.assertFalse(guess.has_perm('create_project')) + perm.create_project = True + perm.save() + self.assertTrue(user.has_perm('create_project')) + self.assertFalse(user.has_perm('access_project')) + self.assertFalse(guess.has_perm('create_project')) + perm.access_project = True + perm.save() + self.assertTrue(user.has_perm('create_project')) + self.assertTrue(user.has_perm('access_project')) + self.assertFalse(guess.has_perm('create_project')) + + +class TestProjectPerm(TestCase): + + fixtures = ['test_permissions'] + + def test_direct(self): + project1 = Project.objects.get(name='project-1') + project2 = Project.objects.get(name='project-2') + user = User.objects.get(username='user') + guess = User.objects.get(username='guess') + self.assertFalse(user.has_perm('create_issue', project1)) + self.assertFalse(user.has_perm('modify_issue', project1)) + self.assertFalse(guess.has_perm('create_issue', project1)) + perm = ProjectPermission.objects.create( + project=project1, + grantee_type=PermModel.GRANTEE_USER, + grantee_id=user.id, + create_issue=False, + modify_issue=False) + self.assertFalse(user.has_perm('create_issue', project1)) + self.assertFalse(user.has_perm('modify_issue', project1)) + self.assertFalse(user.has_perm('create_issue', project2)) + self.assertFalse(guess.has_perm('create_issue', project1)) + perm.create_issue = True + perm.save() + self.assertTrue(user.has_perm('create_issue', project1)) + self.assertFalse(user.has_perm('modify_issue', project1)) + self.assertFalse(user.has_perm('create_issue', project2)) + self.assertFalse(guess.has_perm('create_issue', project1)) + perm.modify_issue = True + perm.save() + self.assertTrue(user.has_perm('create_issue', project1)) + self.assertTrue(user.has_perm('modify_issue', project1)) + self.assertFalse(user.has_perm('create_issue', project2)) + self.assertFalse(guess.has_perm('create_issue', project1)) + + def test_through_group(self): + project1 = Project.objects.get(name='project-1') + project2 = Project.objects.get(name='project-2') + user = User.objects.get(username='user') + guess = User.objects.get(username='guess') + group = Group.objects.get(name='group') + user.groups.add(group) + user.save() + self.assertFalse(user.has_perm('create_issue', project1)) + self.assertFalse(user.has_perm('modify_issue', project1)) + self.assertFalse(guess.has_perm('create_issue', project1)) + perm = ProjectPermission.objects.create( + project=project1, + grantee_type=PermModel.GRANTEE_GROUP, + grantee_id=group.id, + create_issue=False, + modify_issue=False) + self.assertFalse(user.has_perm('create_issue', project1)) + self.assertFalse(user.has_perm('modify_issue', project1)) + self.assertFalse(user.has_perm('create_issue', project2)) + self.assertFalse(guess.has_perm('create_issue', project1)) + perm.create_issue = True + perm.save() + self.assertTrue(user.has_perm('create_issue', project1)) + self.assertFalse(user.has_perm('modify_issue', project1)) + self.assertFalse(user.has_perm('create_issue', project2)) + self.assertFalse(guess.has_perm('create_issue', project1)) + perm.modify_issue = True + perm.save() + self.assertTrue(user.has_perm('create_issue', project1)) + self.assertTrue(user.has_perm('modify_issue', project1)) + self.assertFalse(user.has_perm('create_issue', project2)) + self.assertFalse(guess.has_perm('create_issue', project1)) + + + def test_through_team_direct(self): + project1 = Project.objects.get(name='project-1') + project2 = Project.objects.get(name='project-2') + user = User.objects.get(username='user') + guess = User.objects.get(username='guess') + team = Team.objects.get(name='team') + team.users.add(user) + team.save() + self.assertFalse(user.has_perm('create_issue', project1)) + self.assertFalse(user.has_perm('modify_issue', project1)) + self.assertFalse(guess.has_perm('create_issue', project1)) + perm = ProjectPermission.objects.create( + project=project1, + grantee_type=PermModel.GRANTEE_TEAM, + grantee_id=team.id, + create_issue=False, + modify_issue=False) + self.assertFalse(user.has_perm('create_issue', project1)) + self.assertFalse(user.has_perm('modify_issue', project1)) + self.assertFalse(user.has_perm('create_issue', project2)) + self.assertFalse(guess.has_perm('create_issue', project1)) + perm.create_issue = True + perm.save() + self.assertTrue(user.has_perm('create_issue', project1)) + self.assertFalse(user.has_perm('modify_issue', project1)) + self.assertFalse(user.has_perm('create_issue', project2)) + self.assertFalse(guess.has_perm('create_issue', project1)) + perm.modify_issue = True + perm.save() + self.assertTrue(user.has_perm('create_issue', project1)) + self.assertTrue(user.has_perm('modify_issue', project1)) + self.assertFalse(user.has_perm('create_issue', project2)) + self.assertFalse(guess.has_perm('create_issue', project1)) + + def test_through_team_throught_group(self): + project1 = Project.objects.get(name='project-1') + project2 = Project.objects.get(name='project-2') + user = User.objects.get(username='user') + guess = User.objects.get(username='guess') + group = Group.objects.get(name='group') + team = Team.objects.get(name='team') + user.groups.add(group) + user.save() + team.groups.add(group) + team.save() + self.assertFalse(user.has_perm('create_issue', project1)) + self.assertFalse(user.has_perm('modify_issue', project1)) + self.assertFalse(guess.has_perm('create_issue', project1)) + perm = ProjectPermission.objects.create( + project=project1, + grantee_type=PermModel.GRANTEE_TEAM, + grantee_id=team.id, + create_issue=False, + modify_issue=False) + self.assertFalse(user.has_perm('create_issue', project1)) + self.assertFalse(user.has_perm('modify_issue', project1)) + self.assertFalse(user.has_perm('create_issue', project2)) + self.assertFalse(guess.has_perm('create_issue', project1)) + perm.create_issue = True + perm.save() + self.assertTrue(user.has_perm('create_issue', project1)) + self.assertFalse(user.has_perm('modify_issue', project1)) + self.assertFalse(user.has_perm('create_issue', project2)) + self.assertFalse(guess.has_perm('create_issue', project1)) + perm.modify_issue = True + perm.save() + self.assertTrue(user.has_perm('create_issue', project1)) + self.assertTrue(user.has_perm('modify_issue', project1)) + self.assertFalse(user.has_perm('create_issue', project2)) + self.assertFalse(guess.has_perm('create_issue', project1))