YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Propagate all changes to tests

Browse source
This commit is contained in:
Alexandre Aubin 2019-09-12 17:49:35 +02:00
parent fe8f7f2210
commit b912cd0aec
1 changed files with 153 additions and 200 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

353
src/yunohost/tests/test_permission.py
View file

@ -5,7 +5,8 @@ from yunohost.app import app_install, app_remove, app_change_url, app_list
from yunohost.user import user_list, user_info, user_create, user_delete, user_update, \ from yunohost.user import user_list, user_info, user_create, user_delete, user_update, \
user_group_list, user_group_create, user_group_delete, user_group_update, user_group_info user_group_list, user_group_create, user_group_delete, user_group_update, user_group_info
from yunohost.permission import user_permission_update, user_permission_list, permission_create, permission_urls, permission_delete from yunohost.permission import user_permission_update, user_permission_list, user_permission_reset, \
permission_create, permission_urls, permission_delete
from yunohost.domain import _get_maindomain from yunohost.domain import _get_maindomain
from yunohost.utils.error import YunohostError from yunohost.utils.error import YunohostError
@ -20,20 +21,18 @@ def clean_user_groups_permission():
if g != "all_users": if g != "all_users":
user_group_delete(g) user_group_delete(g)
for a, per in user_permission_list()['permissions'].items(): for p in user_permission_list()['permissions']:
if a in ['wiki', 'blog', 'site']: if any(p.startswith(name) for name in ["wiki", "blog", "site", "permissions_app"]):
for p in per: permission_delete(p, force=True, sync_perm=False)
permission_delete(a, p, force=True, sync_perm=False)
def setup_function(function): def setup_function(function):
clean_user_groups_permission() clean_user_groups_permission()
user_create("alice", "Alice", "White", "alice@" + maindomain, "test123Ynh") user_create("alice", "Alice", "White", "alice@" + maindomain, "test123Ynh")
user_create("bob", "Bob", "Snow", "bob@" + maindomain, "test123Ynh") user_create("bob", "Bob", "Snow", "bob@" + maindomain, "test123Ynh")
permission_create("wiki", "main", [maindomain + "/wiki"], sync_perm=False) permission_create("wiki.main", urls=[maindomain + "/wiki"], sync_perm=False)
permission_create("blog", "main", sync_perm=False) permission_create("blog.main", sync_perm=False)
user_permission_update("blog.main", remove="all_users", add="alice")
user_permission_add(["blog"], "main", group="alice")
def teardown_function(function): def teardown_function(function):
clean_user_groups_permission() clean_user_groups_permission()
@ -144,100 +143,89 @@ def check_permission_for_apps():
# and we don't have any permission linked to no apps. The only exception who is not liked to an app # and we don't have any permission linked to no apps. The only exception who is not liked to an app
# is mail, xmpp, and sftp # is mail, xmpp, and sftp
from yunohost.utils.ldap import _get_ldap_interface app_perms = user_permission_list(ignore_system_perms=True)["permissions"].keys()
ldap = _get_ldap_interface()
permission_search = ldap.search('ou=permission,dc=yunohost,dc=org', # Keep only the prefix so that
'(objectclass=permissionYnh)', # ["foo.main", "foo.pwet", "bar.main"]
['cn', 'groupPermission', 'inheritPermission', 'memberUid']) # becomes
# {"bar", "foo"}
# and compare this to the list of installed apps ...
app_perms_prefix = set(p.split(".")[0] for p in app_perms)
installed_apps = {app['id'] for app in app_list(installed=True)['apps']} installed_apps = {app['id'] for app in app_list(installed=True)['apps']}
permission_list_set = {permission['cn'][0].split(".")[1] for permission in permission_search}
extra_service_permission = set(['mail', 'xmpp']) assert installed_apps == app_perms_prefix
if 'sftp' in permission_list_set:
extra_service_permission.add('sftp')
assert installed_apps == permission_list_set - extra_service_permission
# #
# List functions # List functions
# #
def test_list_permission(): def test_permission_list():
res = user_permission_list()['permissions'] res = user_permission_list(full=True)['permissions']
assert "wiki" in res assert "wiki.main" in res
assert "main" in res['wiki'] assert "blog.main" in res
assert "blog" in res assert "mail.main" in res
assert "main" in res['blog'] assert "xmpp.main" in res
assert "mail" in res assert res['wiki.main']['allowed'] == ["all_users"]
assert "main" in res['mail'] assert res['blog.main']['allowed'] == ["alice"]
assert "xmpp" in res assert set(res['wiki.main']['corresponding_users']) == set(["alice", "bob"])
assert "main" in res['xmpp'] assert res['blog.main']['corresponding_users'] == ["alice"]
assert ["all_users"] == res['wiki']['main']['allowed_groups'] assert res['wiki.main']['urls'] == [maindomain + "/wiki"]
assert ["alice"] == res['blog']['main']['allowed_groups']
assert set(["alice", "bob"]) == set(res['wiki']['main']['allowed_users'])
assert ["alice"] == res['blog']['main']['allowed_users']
assert [maindomain + "/wiki"] == res['wiki']['main']['URL']
# #
# Create - Remove functions # Create - Remove functions
# #
def test_add_permission_1(): def test_permission_create_main():
permission_create("site", "test") permission_create("site.main")
res = user_permission_list(full=True)['permissions']
assert "site.main" in res
assert res['site.main']['allowed'] == ["all_users"]
assert set(res['site.main']['corresponding_users']) == set(["alice", "bob"])
def test_permission_create_extra():
permission_create("site.test")
res = user_permission_list(full=True)['permissions']
assert "site.test" in res
# all_users is only enabled by default on .main perms
assert "all_users" not in res['site.test']['allowed']
assert res['site.test']['corresponding_users'] == []
def test_permission_delete():
permission_delete("wiki.main", force=True)
res = user_permission_list()['permissions'] res = user_permission_list()['permissions']
assert "site" in res assert "wiki.main" not in res
assert "test" in res['site']
assert "all_users" in res['site']['test']['allowed_groups']
assert set(["alice", "bob"]) == set(res['site']['test']['allowed_users'])
def test_add_permission_2():
permission_create("site", "main", default_allow=False)
res = user_permission_list()['permissions']
assert "site" in res
assert "main" in res['site']
assert [] == res['site']['main']['allowed_groups']
assert [] == res['site']['main']['allowed_users']
def test_remove_permission():
permission_delete("wiki", "main", force=True)
res = user_permission_list()['permissions']
assert "wiki" not in res
# #
# Error on create - remove function # Error on create - remove function
# #
def test_add_bad_permission(): def test_permission_create_already_existing():
# Create permission with same name
with pytest.raises(YunohostError): with pytest.raises(YunohostError):
permission_create("wiki", "main") permission_create("wiki.main")
def test_remove_bad_permission(): def test_permission_delete_doesnt_existing():
# Remove not existant permission
with pytest.raises(MoulinetteError): with pytest.raises(MoulinetteError):
permission_delete("non_exit", "main", force=True) permission_delete("doesnt.exist", force=True)
res = user_permission_list()['permissions'] res = user_permission_list()['permissions']
assert "wiki" in res assert "wiki.main" in res
assert "main" in res['wiki'] assert "blog.main" in res
assert "blog" in res assert "mail.main" in res
assert "main" in res['blog'] assert "xmpp.main" in res
assert "mail" in res
assert "main" in res['mail']
assert "xmpp" in res
assert "main" in res['xmpp']
def test_remove_main_permission(): def test_permission_delete_main_without_force():
with pytest.raises(YunohostError): with pytest.raises(YunohostError):
permission_delete("blog", "main") permission_delete("blog.main")
res = user_permission_list()['permissions'] res = user_permission_list()['permissions']
assert "mail" in res assert "blog.main" in res
assert "main" in res['mail']
# #
# Update functions # Update functions
@ -245,137 +233,100 @@ def test_remove_main_permission():
# user side functions # user side functions
def test_allow_first_group(): def test_permission_add_group():
# Remove permission to all_users and define per users user_permission_update("wiki.main", add="alice")
user_permission_add(["wiki"], "main", group="alice")
res = user_permission_list()['permissions'] res = user_permission_list(full=True)['permissions']
assert ['alice'] == res['wiki']['main']['allowed_users'] assert set(res['wiki.main']['allowed']) == set(["all_users", "alice"])
assert ['alice'] == res['wiki']['main']['allowed_groups'] assert set(res['wiki.main']['corresponding_users']) == set(["alice", "bob"])
def test_allow_other_group(): def test_permission_remove_group():
# Allow new user in a permission user_permission_update("blog.main", remove="alice")
user_permission_add(["blog"], "main", group="bob")
res = user_permission_list()['permissions'] res = user_permission_list(full=True)['permissions']
assert set(["alice", "bob"]) == set(res['blog']['main']['allowed_users']) assert res['blog.main']['allowed'] == []
assert set(["alice", "bob"]) == set(res['blog']['main']['allowed_groups']) assert res['blog.main']['corresponding_users'] == []
def test_disallow_group_1(): def test_permission_add_and_remove_group():
# Disallow a user in a permission user_permission_update("wiki.main", add="alice", remove="all_users")
user_permission_remove(["blog"], "main", group="alice")
res = user_permission_list()['permissions'] res = user_permission_list(full=True)['permissions']
assert [] == res['blog']['main']['allowed_users'] assert res['wiki.main']['allowed'] == ["alice"]
assert [] == res['blog']['main']['allowed_groups'] assert res['wiki.main']['corresponding_users'] == ["alice"]
def test_allow_group_1(): def test_permission_add_group_already_allowed():
# Allow a user when he is already allowed user_permission_update("blog.main", add="alice")
user_permission_add(["blog"], "main", group="alice")
res = user_permission_list()['permissions'] res = user_permission_list(full=True)['permissions']
assert ["alice"] == res['blog']['main']['allowed_users'] assert res['blog.main']['allowed'] == ["alice"]
assert ["alice"] == res['blog']['main']['allowed_groups'] assert res['blog.main']['corresponding_users'] == ["alice"]
def test_disallow_group_1(): def test_permission_remove_group_already_not_allowed():
# Disallow a user when he is already disallowed user_permission_update("blog.main", remove="bob")
user_permission_remove(["blog"], "main", group="bob")
res = user_permission_list()['permissions'] res = user_permission_list(full=True)['permissions']
assert ["alice"] == res['blog']['main']['allowed_users'] assert res['blog.main']['allowed'] == ["alice"]
assert ["alice"] == res['blog']['main']['allowed_groups'] assert res['blog.main']['corresponding_users'] == ["alice"]
def test_reset_permission(): def test_permission_reset():
# Reset permission # Reset permission
user_permission_clear(["blog"], "main") user_permission_reset("blog.main")
res = user_permission_list()['permissions'] res = user_permission_list(full=True)['permissions']
assert set(["alice", "bob"]) == set(res['blog']['main']['allowed_users']) assert res['blog.main']['allowed'] == ["all_users"]
assert ["all_users"] == res['blog']['main']['allowed_groups'] assert set(res['blog.main']['corresponding_users']) == set(["alice", "bob"])
# internal functions
def test_add_url_1():
# Add URL in permission which hasn't any URL defined
permission_update("blog", "main", add_url=[maindomain + "/testA"])
res = user_permission_list()['permissions']
assert [maindomain + "/testA"] == res['blog']['main']['URL']
def test_add_url_2():
# Add a second URL in a permission
permission_update("wiki", "main", add_url=[maindomain + "/testA"])
res = user_permission_list()['permissions']
assert set([maindomain + "/testA", maindomain + "/wiki"]) == set(res['wiki']['main']['URL'])
def test_remove_url_1():
permission_update("wiki", "main", remove_url=[maindomain + "/wiki"])
res = user_permission_list()['permissions']
assert 'URL' not in res['wiki']['main']
def test_add_url_3():
# Add a url already added
permission_update("wiki", "main", add_url=[maindomain + "/wiki"])
res = user_permission_list()['permissions']
assert [maindomain + "/wiki"] == res['wiki']['main']['URL']
def test_remove_url_2():
# Remove a url not added (with a permission which contain some URL)
permission_update("wiki", "main", remove_url=[maindomain + "/not_exist"])
res = user_permission_list()['permissions']
assert [maindomain + "/wiki"] == res['wiki']['main']['URL']
def test_remove_url_2():
# Remove a url not added (with a permission which contain no URL)
permission_update("blog", "main", remove_url=[maindomain + "/not_exist"])
res = user_permission_list()['permissions']
assert 'URL' not in res['blog']['main']
# #
# Error on update function # Error on update function
# #
def test_disallow_bad_group_1(): def test_permission_add_group_that_doesnt_exist():
# Disallow a group when the group all_users is allowed
with pytest.raises(YunohostError): with pytest.raises(YunohostError):
user_permission_remove("wiki", "main", group="alice") user_permission_update("blog.main", add="doesnt_exist")
res = user_permission_list()['permissions'] res = user_permission_list(full=True)['permissions']
assert ["all_users"] == res['wiki']['main']['allowed_groups'] assert res['blog.main']['allowed'] == ["alice"]
assert set(["alice", "bob"]) == set(res['wiki']['main']['allowed_users']) assert res['blog.main']['corresponding_users'] == ["alice"]
def test_allow_bad_user(): def test_permission_update_permission_that_doesnt_exist():
# Allow a non existant group
with pytest.raises(YunohostError): with pytest.raises(YunohostError):
user_permission_add(["blog"], "main", group="not_exist") user_permission_update("doesnt.exist", add="alice")
res = user_permission_list()['permissions']
assert ["alice"] == res['blog']['main']['allowed_groups']
assert ["alice"] == res['blog']['main']['allowed_users']
def test_disallow_bad_group_2(): # Permission url management
# Disallow a non existant group
with pytest.raises(YunohostError):
user_permission_remove(["blog"], "main", group="not_exist")
res = user_permission_list()['permissions'] def test_permission_add_url():
assert ["alice"] == res['blog']['main']['allowed_groups'] permission_urls("blog.main", add=[maindomain + "/testA"])
assert ["alice"] == res['blog']['main']['allowed_users']
def test_allow_bad_permission_1(): res = user_permission_list(full=True)['permissions']
# Allow a user to a non existant permission assert res["blog.main"]["urls"] == [maindomain + "/testA"]
with pytest.raises(YunohostError):
user_permission_add(["wiki"], "not_exit", group="alice")
def test_allow_bad_permission_2(): def test_permission_add_second_url():
# Allow a user to a non existant permission permission_urls("wiki.main", add=[maindomain + "/testA"])
with pytest.raises(YunohostError):
user_permission_add(["not_exit"], "main", group="alice") res = user_permission_list(full=True)['permissions']
assert set(res["wiki.main"]["urls"]) == set([maindomain + "/testA", maindomain + "/wiki"])
def test_permission_remove_url():
permission_urls("wiki.main", remove=[maindomain + "/wiki"])
res = user_permission_list(full=True)['permissions']
assert res["wiki.main"]["urls"] == []
def test_permission_add_url_already_added():
res = user_permission_list(full=True)['permissions']
assert res["wiki.main"]["urls"] == [maindomain + "/wiki"]
permission_urls("wiki.main", add=[maindomain + "/wiki"])
res = user_permission_list(full=True)['permissions']
assert res["wiki.main"]["urls"] == [maindomain + "/wiki"]
def test_permission_remove_url_not_added():
permission_urls("wiki.main", remove=[maindomain + "/doesnt_exist"])
res = user_permission_list(full=True)['permissions']
assert res['wiki.main']['urls'] == [maindomain + "/wiki"]
# #
# Application interaction # Application interaction
@ -385,42 +336,44 @@ def test_install_app():
app_install("./tests/apps/permissions_app_ynh", app_install("./tests/apps/permissions_app_ynh",
args="domain=%s&path=%s&admin=%s" % (maindomain, "/urlpermissionapp", "alice"), force=True) args="domain=%s&path=%s&admin=%s" % (maindomain, "/urlpermissionapp", "alice"), force=True)
res = user_permission_list()['permissions'] res = user_permission_list(full=True)['permissions']
assert "permissions_app" in res assert "permissions_app.main" in res
assert "main" in res['permissions_app'] assert "permissions_app.admin" in res
assert [maindomain + "/urlpermissionapp"] == res['permissions_app']['main']['URL'] assert "permissions_app.dev" in res
assert [maindomain + "/urlpermissionapp/admin"] == res['permissions_app']['admin']['URL'] assert res['permissions_app.main']['urls'] == [maindomain + "/urlpermissionapp"]
assert [maindomain + "/urlpermissionapp/dev"] == res['permissions_app']['dev']['URL'] assert res['permissions_app.admin']['urls'] == [maindomain + "/urlpermissionapp/admin"]
assert res['permissions_app.dev']['urls'] == [maindomain + "/urlpermissionapp/dev"]
assert ["all_users"] == res['permissions_app']['main']['allowed_groups'] assert res['permissions_app.main']['allowed'] == ["all_users"]
assert set(["alice", "bob"]) == set(res['permissions_app']['main']['allowed_users']) assert set(res['permissions_app.main']['corresponding_users']) == set(["alice", "bob"])
assert ["alice"] == res['permissions_app']['admin']['allowed_groups'] assert res['permissions_app.admin']['allowed'] == ["alice"]
assert ["alice"] == res['permissions_app']['admin']['allowed_users'] assert res['permissions_app.admin']['corresponding_users'] == ["alice"]
assert ["all_users"] == res['permissions_app']['dev']['allowed_groups'] assert res['permissions_app.dev']['allowed'] == []
assert set(["alice", "bob"]) == set(res['permissions_app']['dev']['allowed_users']) assert set(res['permissions_app.dev']['corresponding_users']) == set()
def test_remove_app(): def test_remove_app():
app_install("./tests/apps/permissions_app_ynh", app_install("./tests/apps/permissions_app_ynh",
args="domain=%s&path=%s&admin=%s" % (maindomain, "/urlpermissionapp", "alice"), force=True) args="domain=%s&path=%s&admin=%s" % (maindomain, "/urlpermissionapp", "alice"), force=True)
app_remove("permissions_app") app_remove("permissions_app")
res = user_permission_list()['permissions'] # Check all permissions for this app got deleted
assert "permissions_app" not in res res = user_permission_list(full=True)['permissions']
assert not any(p.startswith("permissions_app.") for p in res.keys())
def test_change_url(): def test_change_url():
app_install("./tests/apps/permissions_app_ynh", app_install("./tests/apps/permissions_app_ynh",
args="domain=%s&path=%s&admin=%s" % (maindomain, "/urlpermissionapp", "alice"), force=True) args="domain=%s&path=%s&admin=%s" % (maindomain, "/urlpermissionapp", "alice"), force=True)
res = user_permission_list()['permissions'] res = user_permission_list(full=True)['permissions']
assert [maindomain + "/urlpermissionapp"] == res['permissions_app']['main']['URL'] assert res['permissions_app.main']['urls'] == [maindomain + "/urlpermissionapp"]
assert [maindomain + "/urlpermissionapp/admin"] == res['permissions_app']['admin']['URL'] assert res['permissions_app.admin']['urls'] == [maindomain + "/urlpermissionapp/admin"]
assert [maindomain + "/urlpermissionapp/dev"] == res['permissions_app']['dev']['URL'] assert res['permissions_app.dev']['urls'] == [maindomain + "/urlpermissionapp/dev"]
app_change_url("permissions_app", maindomain, "/newchangeurl") app_change_url("permissions_app", maindomain, "/newchangeurl")
res = user_permission_list()['permissions'] res = user_permission_list(full=True)['permissions']
assert [maindomain + "/newchangeurl"] == res['permissions_app']['main']['URL'] assert res['permissions_app.main']['urls'] == [maindomain + "/newchangeurl"]
assert [maindomain + "/newchangeurl/admin"] == res['permissions_app']['admin']['URL'] assert res['permissions_app.admin']['urls'] == [maindomain + "/newchangeurl/admin"]
assert [maindomain + "/newchangeurl/dev"] == res['permissions_app']['dev']['URL'] assert res['permissions_app.dev']['urls'] == [maindomain + "/newchangeurl/dev"]