diff --git a/src/yunohost/tests/test_backuprestore.py b/src/yunohost/tests/test_backuprestore.py index 5775e1612..3560181bc 100644 --- a/src/yunohost/tests/test_backuprestore.py +++ b/src/yunohost/tests/test_backuprestore.py @@ -13,6 +13,7 @@ from yunohost.app import _is_installed from yunohost.backup import backup_create, backup_restore, backup_list, backup_info, backup_delete from yunohost.domain import _get_maindomain from yunohost.utils.error import YunohostError +from yunohost.user import user_permission_list # Get main domain maindomain = "" @@ -535,6 +536,7 @@ def _test_backup_and_restore_app(app): # Uninstall the app app_remove(auth, app) assert not app_is_installed(app) + assert app not in user_permission_list(auth)['permissions'] # Restore the app backup_restore(auth, system=None, name=archives[0], @@ -542,6 +544,11 @@ def _test_backup_and_restore_app(app): assert app_is_installed(app) + # Check permission + per_list = user_permission_list(auth)['permissions'] + assert app in per_list + assert "main" in per_list[app] + # # Some edge cases # # diff --git a/src/yunohost/tests/test_permission.py b/src/yunohost/tests/test_permission.py new file mode 100644 index 000000000..c6b7c4129 --- /dev/null +++ b/src/yunohost/tests/test_permission.py @@ -0,0 +1,316 @@ +import pytest + +from moulinette.core import init_authenticator, MoulinetteError +from yunohost.app import app_install, app_remove, app_change_url +from yunohost.user import user_list, user_create, user_permission_list, user_delete, user_group_list, user_group_delete, user_permission_add, user_permission_remove, user_permission_clear +from yunohost.permission import permission_add, permission_update, permission_remove +from yunohost.domain import _get_maindomain +from yunohost.utils.error import YunohostError + +# Get main domain +maindomain = _get_maindomain() + +# Instantiate LDAP Authenticator +AUTH_IDENTIFIER = ('ldap', 'as-root') +AUTH_PARAMETERS = {'uri': 'ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi', + 'base_dn': 'dc=yunohost,dc=org', + 'user_rdn': 'gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth'} + +auth = init_authenticator(AUTH_IDENTIFIER, AUTH_PARAMETERS) + +def clean_user_groups_permission(): + for u in user_list(auth)['users']: + user_delete(auth, u) + + for g in user_group_list(auth)['groups']: + if g != "all_users": + user_group_delete(auth, g) + + for a, per in user_permission_list(auth)['permissions'].items(): + if a in ['wiki', 'blog', 'site']: + for p in per: + permission_remove(auth, a, p, force=True, sync_perm=False) + +def setup_function(function): + clean_user_groups_permission() + + user_create(auth, "alice", "Alice", "White", "alice@" + maindomain, "test123Ynh") + user_create(auth, "bob", "Bob", "Snow", "bob@" + maindomain, "test123Ynh") + permission_add(auth, "wiki", "main", [maindomain + "/wiki"], sync_perm=False) + permission_add(auth, "blog", "main", sync_perm=False) + + user_permission_add(auth, ["blog"], "main", group="alice") + +def teardown_function(function): + clean_user_groups_permission() + try: + app_remove(auth, "permissions_app") + except: + pass + +# +# List functions +# + +def test_list_permission(): + res = user_permission_list(auth)['permissions'] + + assert "wiki" in res + assert "main" in res['wiki'] + assert "blog" in res + assert "main" in res['blog'] + assert "mail" in res + assert "main" in res['mail'] + assert "metronome" in res + assert "main" in res['metronome'] + assert ["all_users"] == res['wiki']['main']['allowed_groups'] + assert ["alice"] == res['blog']['main']['allowed_groups'] + assert set(["alice", "bob"]) == set(res['wiki']['main']['allowed_users']) + assert ["alice"] == res['blog']['main']['allowed_users'] + assert [maindomain + "/wiki"] == res['wiki']['main']['URL'] + +# +# Create - Remove functions +# + +def test_add_permission_1(): + permission_add(auth, "site", "test") + + res = user_permission_list(auth)['permissions'] + assert "site" in res + assert "test" in res['site'] + assert "all_users" in res['site']['test']['allowed_groups'] + assert set(["alice", "bob"]) == set(res['site']['test']['allowed_users']) + +def test_add_permission_2(): + permission_add(auth, "site", "main", default_allow=False) + + res = user_permission_list(auth)['permissions'] + assert "site" in res + assert "main" in res['site'] + assert [] == res['site']['main']['allowed_groups'] + assert [] == res['site']['main']['allowed_users'] + +def test_remove_permission(): + permission_remove(auth, "wiki", "main", force=True) + + res = user_permission_list(auth)['permissions'] + assert "wiki" not in res + +# +# Error on create - remove function +# + +def test_add_bad_permission(): + # Create permission with same name + with pytest.raises(YunohostError): + permission_add(auth, "wiki", "main") + +def test_remove_bad_permission(): + # Remove not existant permission + with pytest.raises(MoulinetteError): + permission_remove(auth, "non_exit", "main", force=True) + + res = user_permission_list(auth)['permissions'] + assert "wiki" in res + assert "main" in res['wiki'] + assert "blog" in res + assert "main" in res['blog'] + assert "mail" in res + assert "main" in res ['mail'] + assert "metronome" in res + assert "main" in res['metronome'] + +def test_remove_main_permission(): + with pytest.raises(YunohostError): + permission_remove(auth, "blog", "main") + + res = user_permission_list(auth)['permissions'] + assert "mail" in res + assert "main" in res['mail'] + +# +# Update functions +# + +# user side functions + +def test_allow_first_group(): + # Remove permission to all_users and define per users + user_permission_add(auth, ["wiki"], "main", group="alice") + + res = user_permission_list(auth)['permissions'] + assert ['alice'] == res['wiki']['main']['allowed_users'] + assert ['alice'] == res['wiki']['main']['allowed_groups'] + +def test_allow_other_group(): + # Allow new user in a permission + user_permission_add(auth, ["blog"], "main", group="bob") + + res = user_permission_list(auth)['permissions'] + assert set(["alice", "bob"]) == set(res['blog']['main']['allowed_users']) + assert set(["alice", "bob"]) == set(res['blog']['main']['allowed_groups']) + +def test_disallow_group_1(): + # Disallow a user in a permission + user_permission_remove(auth, ["blog"], "main", group="alice") + + res = user_permission_list(auth)['permissions'] + assert [] == res['blog']['main']['allowed_users'] + assert [] == res['blog']['main']['allowed_groups'] + +def test_allow_group_1(): + # Allow a user when he is already allowed + user_permission_add(auth, ["blog"], "main", group="alice") + + res = user_permission_list(auth)['permissions'] + assert ["alice"] == res['blog']['main']['allowed_users'] + assert ["alice"] == res['blog']['main']['allowed_groups'] + +def test_disallow_group_1(): + # Disallow a user when he is already disallowed + user_permission_remove(auth, ["blog"], "main", group="bob") + + res = user_permission_list(auth)['permissions'] + assert ["alice"] == res['blog']['main']['allowed_users'] + assert ["alice"] == res['blog']['main']['allowed_groups'] + +def test_reset_permission(): + # Reset permission + user_permission_remove(auth, ["blog"], "main", group="bob") + + res = user_permission_list(auth)['permissions'] + assert ["alice"] == res['blog']['main']['allowed_users'] + assert ["alice"] == res['blog']['main']['allowed_groups'] + +# internal functions + +def test_add_url_1(): + # Add URL in permission which hasn't any URL defined + permission_update(auth, "blog", "main", add_url=[maindomain + "/testA"]) + + res = user_permission_list(auth)['permissions'] + assert [maindomain + "/testA"] == res['blog']['main']['URL'] + +def test_add_url_2(): + # Add a second URL in a permission + permission_update(auth, "wiki", "main", add_url=[maindomain + "/testA"]) + + res = user_permission_list(auth)['permissions'] + assert set([maindomain + "/testA", maindomain + "/wiki"]) == set(res['wiki']['main']['URL']) + +def test_remove_url_1(): + permission_update(auth, "wiki", "main", remove_url=[maindomain + "/wiki"]) + + res = user_permission_list(auth)['permissions'] + assert 'URL' not in res['wiki']['main'] + +def test_add_url_3(): + # Add a url already added + permission_update(auth, "wiki", "main", add_url=[maindomain + "/wiki"]) + + res = user_permission_list(auth)['permissions'] + assert [maindomain + "/wiki"] == res['wiki']['main']['URL'] + +def test_remove_url_2(): + # Remove a url not added (with a permission which contain some URL) + permission_update(auth, "wiki", "main", remove_url=[maindomain + "/not_exist"]) + + res = user_permission_list(auth)['permissions'] + assert [maindomain + "/wiki"] == res['wiki']['main']['URL'] + +def test_remove_url_2(): + # Remove a url not added (with a permission which contain no URL) + permission_update(auth, "blog", "main", remove_url=[maindomain + "/not_exist"]) + + res = user_permission_list(auth)['permissions'] + assert 'URL' not in res['blog']['main'] + +# +# Error on update function +# + +def test_disallow_bad_group_1(): + # Disallow a group when the group all_users is allowed + with pytest.raises(YunohostError): + user_permission_remove(auth, "wiki", "main", group="alice") + + res = user_permission_list(auth)['permissions'] + assert ["all_users"] == res['wiki']['main']['allowed_groups'] + assert set(["alice", "bob"]) == set(res['wiki']['main']['allowed_users']) + +def test_allow_bad_user(): + # Allow a non existant group + with pytest.raises(YunohostError): + user_permission_add(auth, ["blog"], "main", group="not_exist") + + res = user_permission_list(auth)['permissions'] + assert ["alice"] == res['blog']['main']['allowed_groups'] + assert ["alice"] == res['blog']['main']['allowed_users'] + +def test_disallow_bad_group_2(): + # Disallow a non existant group + with pytest.raises(YunohostError): + user_permission_remove(auth, ["blog"], "main", group="not_exist") + + res = user_permission_list(auth)['permissions'] + assert ["alice"] == res['blog']['main']['allowed_groups'] + assert ["alice"] == res['blog']['main']['allowed_users'] + +def test_allow_bad_permission_1(): + # Allow a user to a non existant permission + with pytest.raises(YunohostError): + user_permission_add(auth, ["wiki"], "not_exit", group="alice") + +def test_allow_bad_permission_2(): + # Allow a user to a non existant permission + with pytest.raises(YunohostError): + user_permission_add(auth, ["not_exit"], "main", group="alice") + +# +# Application interaction +# + +def test_install_app(): + app_install(auth, "./tests/apps/permissions_app_ynh", + args="domain=%s&path=%s&admin=%s" % (maindomain, "/urlpermissionapp", "alice"), force=True) + + res = user_permission_list(auth)['permissions'] + assert "permissions_app" in res + assert "main" in res['permissions_app'] + assert [maindomain + "/urlpermissionapp"] == res['permissions_app']['main']['URL'] + assert [maindomain + "/urlpermissionapp/admin"] == res['permissions_app']['admin']['URL'] + assert [maindomain + "/urlpermissionapp/dev"] == res['permissions_app']['dev']['URL'] + + assert ["all_users"] == res['permissions_app']['main']['allowed_groups'] + assert set(["alice", "bob"]) == set(res['permissions_app']['main']['allowed_users']) + + assert ["alice"] == res['permissions_app']['admin']['allowed_groups'] + assert ["alice"] == res['permissions_app']['admin']['allowed_users'] + + assert ["all_users"] == res['permissions_app']['dev']['allowed_groups'] + assert set(["alice", "bob"]) == set(res['permissions_app']['dev']['allowed_users']) + +def test_remove_app(): + app_install(auth, "./tests/apps/permissions_app_ynh", + args="domain=%s&path=%s&admin=%s" % (maindomain, "/urlpermissionapp", "alice"), force=True) + app_remove(auth, "permissions_app") + + res = user_permission_list(auth)['permissions'] + assert "permissions_app" not in res + +def test_change_url(): + app_install(auth, "./tests/apps/permissions_app_ynh", + args="domain=%s&path=%s&admin=%s" % (maindomain, "/urlpermissionapp", "alice"), force=True) + + res = user_permission_list(auth)['permissions'] + assert [maindomain + "/urlpermissionapp"] == res['permissions_app']['main']['URL'] + assert [maindomain + "/urlpermissionapp/admin"] == res['permissions_app']['admin']['URL'] + assert [maindomain + "/urlpermissionapp/dev"] == res['permissions_app']['dev']['URL'] + + app_change_url(auth, "permissions_app", maindomain, "/newchangeurl") + + res = user_permission_list(auth)['permissions'] + assert [maindomain + "/newchangeurl"] == res['permissions_app']['main']['URL'] + assert [maindomain + "/newchangeurl/admin"] == res['permissions_app']['admin']['URL'] + assert [maindomain + "/newchangeurl/dev"] == res['permissions_app']['dev']['URL'] diff --git a/src/yunohost/tests/test_user-group.py b/src/yunohost/tests/test_user-group.py new file mode 100644 index 000000000..351a3b432 --- /dev/null +++ b/src/yunohost/tests/test_user-group.py @@ -0,0 +1,210 @@ +import pytest + +from moulinette.core import init_authenticator, MoulinetteError +from yunohost.user import user_list, user_info, user_group_list, user_create, user_delete, user_update, user_group_add, user_group_delete, user_group_update, user_group_info +from yunohost.domain import _get_maindomain +from yunohost.utils.error import YunohostError + +# Get main domain +maindomain = _get_maindomain() + +# Instantiate LDAP Authenticator +AUTH_IDENTIFIER = ('ldap', 'as-root') +AUTH_PARAMETERS = {'uri': 'ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi', + 'base_dn': 'dc=yunohost,dc=org', + 'user_rdn': 'gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth'} + +auth = init_authenticator(AUTH_IDENTIFIER, AUTH_PARAMETERS) + +def clean_user_groups(): + for u in user_list(auth)['users']: + user_delete(auth, u) + + for g in user_group_list(auth)['groups']: + if g != "all_users": + user_group_delete(auth, g) + +def setup_function(function): + clean_user_groups() + + user_create(auth, "alice", "Alice", "White", "alice@" + maindomain, "test123Ynh") + user_create(auth, "bob", "Bob", "Snow", "bob@" + maindomain, "test123Ynh") + user_create(auth, "jack", "Jack", "Black", "jack@" + maindomain, "test123Ynh") + + user_group_add(auth, "dev") + user_group_add(auth, "apps") + user_group_update(auth, "dev", add_user=["alice"]) + user_group_update(auth, "apps", add_user=["bob"]) + +def teardown_function(function): + clean_user_groups() + +# +# List functions +# + +def test_list_users(): + res = user_list(auth)['users'] + + assert "alice" in res + assert "bob" in res + assert "jack" in res + +def test_list_groups(): + res = user_group_list(auth)['groups'] + + assert "all_users" in res + assert "alice" in res + assert "bob" in res + assert "jack" in res + for u in ["alice", "bob", "jack"]: + assert u in res + assert u in res[u]['members'] + assert u in res["all_users"]['members'] + +# +# Create - Remove functions +# + +def test_create_user(): + user_create(auth, "albert", "Albert", "Good", "alber@" + maindomain, "test123Ynh") + + group_res = user_group_list(auth)['groups'] + assert "albert" in user_list(auth)['users'] + assert "albert" in group_res + assert "albert" in group_res['albert']['members'] + assert "albert" in group_res['all_users']['members'] + +def test_del_user(): + user_delete(auth, "alice") + + group_res = user_group_list(auth)['groups'] + assert "alice" not in user_list(auth) + assert "alice" not in group_res + assert "alice" not in group_res['all_users']['members'] + +def test_add_group(): + user_group_add(auth, "adminsys") + + group_res = user_group_list(auth)['groups'] + assert "adminsys" in group_res + assert "members" not in group_res['adminsys'] + +def test_del_group(): + user_group_delete(auth, "dev") + + group_res = user_group_list(auth)['groups'] + assert "dev" not in group_res + +# +# Error on create / remove function +# + +def test_add_bad_user_1(): + # Check email already exist + with pytest.raises(MoulinetteError): + user_create(auth, "alice2", "Alice", "White", "alice@" + maindomain, "test123Ynh") + +def test_add_bad_user_2(): + # Check to short password + with pytest.raises(MoulinetteError): + user_create(auth, "other", "Alice", "White", "other@" + maindomain, "12") + +def test_add_bad_user_3(): + # Check user already exist + with pytest.raises(MoulinetteError): + user_create(auth, "alice", "Alice", "White", "other@" + maindomain, "test123Ynh") + +def test_del_bad_user_1(): + # Check user not found + with pytest.raises(MoulinetteError): + user_delete(auth, "not_exit") + +def test_add_bad_group_1(): + # Check groups already exist with special group "all_users" + with pytest.raises(YunohostError): + user_group_add(auth, "all_users") + +def test_add_bad_group_2(): + # Check groups already exist (for standard groups) + with pytest.raises(MoulinetteError): + user_group_add(auth, "dev") + +def test_del_bad_group_1(): + # Check not allowed to remove this groups + with pytest.raises(YunohostError): + user_group_delete(auth, "all_users") + +def test_del_bad_group_2(): + # Check groups not found + with pytest.raises(MoulinetteError): + user_group_delete(auth, "not_exit") + +# +# Update function +# + +def test_update_user_1(): + user_update(auth, "alice", firstname="NewName", lastname="NewLast") + + info = user_info(auth, "alice") + assert "NewName" == info['firstname'] + assert "NewLast" == info['lastname'] + +def test_update_group_1(): + user_group_update(auth, "dev", add_user=["bob"]) + + group_res = user_group_list(auth)['groups'] + assert set(["alice", "bob"]) == set(group_res['dev']['members']) + +def test_update_group_2(): + # Try to add a user in a group when the user is already in + user_group_update(auth, "apps", add_user=["bob"]) + + group_res = user_group_list(auth)['groups'] + assert ["bob"] == group_res['apps']['members'] + +def test_update_group_3(): + # Try to remove a user in a group + user_group_update(auth, "apps", remove_user=["bob"]) + + group_res = user_group_list(auth)['groups'] + assert "members" not in group_res['apps'] + +def test_update_group_4(): + # Try to remove a user in a group when it is not already in + user_group_update(auth, "apps", remove_user=["jack"]) + + group_res = user_group_list(auth)['groups'] + assert ["bob"] == group_res['apps']['members'] + +# +# Error on update functions +# + +def test_bad_update_user_1(): + # Check user not found + with pytest.raises(YunohostError): + user_update(auth, "not_exit", firstname="NewName", lastname="NewLast") + +def bad_update_group_1(): + # Check groups not found + with pytest.raises(YunohostError): + user_group_update(auth, "not_exit", add_user=["alice"]) + +def test_bad_update_group_2(): + # Check remove user in groups "all_users" not allowed + with pytest.raises(YunohostError): + user_group_update(auth, "all_users", remove_user=["alice"]) + +def test_bad_update_group_3(): + # Check remove user in it own group not allowed + with pytest.raises(YunohostError): + user_group_update(auth, "alice", remove_user=["alice"]) + +def test_bad_update_group_1(): + # Check add bad user in group + with pytest.raises(YunohostError): + user_group_update(auth, "dev", add_user=["not_exist"]) + + assert "not_exist" not in user_group_list(auth)["groups"]["dev"]