Implement Tests for groups and permissions

src/yunohost/tests/test_backuprestore.py

@@ -13,6 +13,7 @@ from yunohost.app import _is_installed
 from yunohost.backup import backup_create, backup_restore, backup_list, backup_info, backup_delete
 from yunohost.domain import _get_maindomain
 from yunohost.utils.error import YunohostError
+from yunohost.user import user_permission_list
 
 # Get main domain
 maindomain = ""
@@ -535,6 +536,7 @@ def _test_backup_and_restore_app(app):
     # Uninstall the app
     app_remove(auth, app)
     assert not app_is_installed(app)
+    assert app not in user_permission_list(auth)['permissions']
 
     # Restore the app
     backup_restore(auth, system=None, name=archives[0],
@@ -542,6 +544,11 @@ def _test_backup_and_restore_app(app):
 
     assert app_is_installed(app)
 
+    # Check permission
+    per_list = user_permission_list(auth)['permissions']
+    assert app in per_list
+    assert "main" in per_list[app]
+
 #
 # Some edge cases                                                            #
 #

src/yunohost/tests/test_permission.py

@@ -0,0 +1,316 @@
+import pytest
+
+from moulinette.core import init_authenticator, MoulinetteError
+from yunohost.app import app_install, app_remove, app_change_url
+from yunohost.user import user_list, user_create, user_permission_list, user_delete, user_group_list, user_group_delete, user_permission_add, user_permission_remove, user_permission_clear
+from yunohost.permission import permission_add, permission_update, permission_remove
+from yunohost.domain import _get_maindomain
+from yunohost.utils.error import YunohostError
+
+# Get main domain
+maindomain = _get_maindomain()
+
+# Instantiate LDAP Authenticator
+AUTH_IDENTIFIER = ('ldap', 'as-root')
+AUTH_PARAMETERS = {'uri': 'ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi',
+                   'base_dn': 'dc=yunohost,dc=org',
+                   'user_rdn': 'gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth'}
+
+auth = init_authenticator(AUTH_IDENTIFIER, AUTH_PARAMETERS)
+
+def clean_user_groups_permission():
+    for u in user_list(auth)['users']:
+        user_delete(auth, u)
+
+    for g in user_group_list(auth)['groups']:
+        if g != "all_users":
+            user_group_delete(auth, g)
+
+    for a, per in user_permission_list(auth)['permissions'].items():
+        if a in ['wiki', 'blog', 'site']:
+            for p in per:
+                permission_remove(auth, a, p, force=True, sync_perm=False)
+
+def setup_function(function):
+    clean_user_groups_permission()
+
+    user_create(auth, "alice", "Alice", "White", "alice@" + maindomain, "test123Ynh")
+    user_create(auth, "bob", "Bob", "Snow", "bob@" + maindomain, "test123Ynh")
+    permission_add(auth, "wiki", "main", [maindomain + "/wiki"], sync_perm=False)
+    permission_add(auth, "blog", "main", sync_perm=False)
+
+    user_permission_add(auth, ["blog"], "main", group="alice")
+
+def teardown_function(function):
+    clean_user_groups_permission()
+    try:
+        app_remove(auth, "permissions_app")
+    except:
+        pass
+
+#
+# List functions
+#
+
+def test_list_permission():
+    res = user_permission_list(auth)['permissions']
+
+    assert "wiki" in res
+    assert "main" in res['wiki']
+    assert "blog" in res
+    assert "main" in res['blog']
+    assert "mail" in res
+    assert "main" in res['mail']
+    assert "metronome" in res
+    assert "main" in res['metronome']
+    assert ["all_users"] == res['wiki']['main']['allowed_groups']
+    assert ["alice"] == res['blog']['main']['allowed_groups']
+    assert set(["alice", "bob"]) == set(res['wiki']['main']['allowed_users'])
+    assert ["alice"] == res['blog']['main']['allowed_users']
+    assert [maindomain + "/wiki"] == res['wiki']['main']['URL']
+
+#
+# Create - Remove functions
+#
+
+def test_add_permission_1():
+    permission_add(auth, "site", "test")
+
+    res = user_permission_list(auth)['permissions']
+    assert "site" in res
+    assert "test" in res['site']
+    assert "all_users" in res['site']['test']['allowed_groups']
+    assert set(["alice", "bob"]) == set(res['site']['test']['allowed_users'])
+
+def test_add_permission_2():
+    permission_add(auth, "site", "main", default_allow=False)
+
+    res = user_permission_list(auth)['permissions']
+    assert "site" in res
+    assert "main" in res['site']
+    assert [] == res['site']['main']['allowed_groups']
+    assert [] == res['site']['main']['allowed_users']
+
+def test_remove_permission():
+    permission_remove(auth, "wiki", "main", force=True)
+
+    res = user_permission_list(auth)['permissions']
+    assert "wiki" not in res
+
+#
+# Error on create - remove function
+#
+
+def test_add_bad_permission():
+    # Create permission with same name
+    with pytest.raises(YunohostError):
+        permission_add(auth, "wiki", "main")
+
+def test_remove_bad_permission():
+    # Remove not existant permission
+    with pytest.raises(MoulinetteError):
+        permission_remove(auth, "non_exit", "main", force=True)
+
+    res = user_permission_list(auth)['permissions']
+    assert "wiki" in res
+    assert "main" in res['wiki']
+    assert "blog" in res
+    assert "main" in res['blog']
+    assert "mail" in res
+    assert "main" in res ['mail']
+    assert "metronome" in res
+    assert "main" in res['metronome']
+
+def test_remove_main_permission():
+    with pytest.raises(YunohostError):
+        permission_remove(auth, "blog", "main")
+
+    res = user_permission_list(auth)['permissions']
+    assert "mail" in res
+    assert "main" in res['mail']
+
+#
+# Update functions
+#
+
+# user side functions
+
+def test_allow_first_group():
+    # Remove permission to all_users and define per users
+    user_permission_add(auth, ["wiki"], "main", group="alice")
+
+    res = user_permission_list(auth)['permissions']
+    assert ['alice'] == res['wiki']['main']['allowed_users']
+    assert ['alice'] == res['wiki']['main']['allowed_groups']
+
+def test_allow_other_group():
+    # Allow new user in a permission
+    user_permission_add(auth, ["blog"], "main", group="bob")
+
+    res = user_permission_list(auth)['permissions']
+    assert set(["alice", "bob"]) == set(res['blog']['main']['allowed_users'])
+    assert set(["alice", "bob"]) == set(res['blog']['main']['allowed_groups'])
+
+def test_disallow_group_1():
+    # Disallow a user in a permission
+    user_permission_remove(auth, ["blog"], "main", group="alice")
+
+    res = user_permission_list(auth)['permissions']
+    assert [] == res['blog']['main']['allowed_users']
+    assert [] == res['blog']['main']['allowed_groups']
+
+def test_allow_group_1():
+    # Allow a user when he is already allowed
+    user_permission_add(auth, ["blog"], "main", group="alice")
+
+    res = user_permission_list(auth)['permissions']
+    assert ["alice"] == res['blog']['main']['allowed_users']
+    assert ["alice"] == res['blog']['main']['allowed_groups']
+
+def test_disallow_group_1():
+    # Disallow a user when he is already disallowed
+    user_permission_remove(auth, ["blog"], "main", group="bob")
+
+    res = user_permission_list(auth)['permissions']
+    assert ["alice"] == res['blog']['main']['allowed_users']
+    assert ["alice"] == res['blog']['main']['allowed_groups']
+
+def test_reset_permission():
+    # Reset permission
+    user_permission_remove(auth, ["blog"], "main", group="bob")
+
+    res = user_permission_list(auth)['permissions']
+    assert ["alice"] == res['blog']['main']['allowed_users']
+    assert ["alice"] == res['blog']['main']['allowed_groups']
+
+# internal functions
+
+def test_add_url_1():
+    # Add URL in permission which hasn't any URL defined
+    permission_update(auth, "blog", "main", add_url=[maindomain + "/testA"])
+
+    res = user_permission_list(auth)['permissions']
+    assert [maindomain + "/testA"] == res['blog']['main']['URL']
+
+def test_add_url_2():
+    # Add a second URL in a permission
+    permission_update(auth, "wiki", "main", add_url=[maindomain + "/testA"])
+
+    res = user_permission_list(auth)['permissions']
+    assert set([maindomain + "/testA", maindomain + "/wiki"]) == set(res['wiki']['main']['URL'])
+
+def test_remove_url_1():
+    permission_update(auth, "wiki", "main", remove_url=[maindomain + "/wiki"])
+
+    res = user_permission_list(auth)['permissions']
+    assert 'URL' not in res['wiki']['main']
+
+def test_add_url_3():
+    # Add a url already added
+    permission_update(auth, "wiki", "main", add_url=[maindomain + "/wiki"])
+
+    res = user_permission_list(auth)['permissions']
+    assert [maindomain + "/wiki"] == res['wiki']['main']['URL']
+
+def test_remove_url_2():
+    # Remove a url not added (with a permission which contain some URL)
+    permission_update(auth, "wiki", "main", remove_url=[maindomain + "/not_exist"])
+
+    res = user_permission_list(auth)['permissions']
+    assert [maindomain + "/wiki"] == res['wiki']['main']['URL']
+
+def test_remove_url_2():
+    # Remove a url not added (with a permission which contain no URL)
+    permission_update(auth, "blog", "main", remove_url=[maindomain + "/not_exist"])
+
+    res = user_permission_list(auth)['permissions']
+    assert 'URL' not in res['blog']['main']
+
+#
+# Error on update function
+#
+
+def test_disallow_bad_group_1():
+    # Disallow a group when the group all_users is allowed
+    with pytest.raises(YunohostError):
+        user_permission_remove(auth, "wiki", "main", group="alice")
+
+    res = user_permission_list(auth)['permissions']
+    assert ["all_users"] == res['wiki']['main']['allowed_groups']
+    assert set(["alice", "bob"]) == set(res['wiki']['main']['allowed_users'])
+
+def test_allow_bad_user():
+    # Allow a non existant group
+    with pytest.raises(YunohostError):
+        user_permission_add(auth, ["blog"], "main", group="not_exist")
+
+    res = user_permission_list(auth)['permissions']
+    assert ["alice"] == res['blog']['main']['allowed_groups']
+    assert ["alice"] == res['blog']['main']['allowed_users']
+
+def test_disallow_bad_group_2():
+    # Disallow a non existant group
+    with pytest.raises(YunohostError):
+        user_permission_remove(auth, ["blog"], "main", group="not_exist")
+
+    res = user_permission_list(auth)['permissions']
+    assert ["alice"] == res['blog']['main']['allowed_groups']
+    assert ["alice"] == res['blog']['main']['allowed_users']
+
+def test_allow_bad_permission_1():
+    # Allow a user to a non existant permission
+    with pytest.raises(YunohostError):
+        user_permission_add(auth, ["wiki"], "not_exit", group="alice")
+
+def test_allow_bad_permission_2():
+    # Allow a user to a non existant permission
+    with pytest.raises(YunohostError):
+        user_permission_add(auth, ["not_exit"], "main", group="alice")
+
+#
+# Application interaction
+#
+
+def test_install_app():
+    app_install(auth, "./tests/apps/permissions_app_ynh",
+                args="domain=%s&path=%s&admin=%s" % (maindomain, "/urlpermissionapp", "alice"), force=True)
+
+    res = user_permission_list(auth)['permissions']
+    assert "permissions_app" in res
+    assert "main" in res['permissions_app']
+    assert [maindomain + "/urlpermissionapp"] == res['permissions_app']['main']['URL']
+    assert [maindomain + "/urlpermissionapp/admin"] == res['permissions_app']['admin']['URL']
+    assert [maindomain + "/urlpermissionapp/dev"] == res['permissions_app']['dev']['URL']
+
+    assert ["all_users"] == res['permissions_app']['main']['allowed_groups']
+    assert set(["alice", "bob"]) == set(res['permissions_app']['main']['allowed_users'])
+
+    assert ["alice"] == res['permissions_app']['admin']['allowed_groups']
+    assert ["alice"] == res['permissions_app']['admin']['allowed_users']
+
+    assert ["all_users"] == res['permissions_app']['dev']['allowed_groups']
+    assert set(["alice", "bob"]) == set(res['permissions_app']['dev']['allowed_users'])
+
+def test_remove_app():
+    app_install(auth, "./tests/apps/permissions_app_ynh",
+                args="domain=%s&path=%s&admin=%s" % (maindomain, "/urlpermissionapp", "alice"), force=True)
+    app_remove(auth, "permissions_app")
+
+    res = user_permission_list(auth)['permissions']
+    assert "permissions_app" not in res
+
+def test_change_url():
+    app_install(auth, "./tests/apps/permissions_app_ynh",
+                args="domain=%s&path=%s&admin=%s" % (maindomain, "/urlpermissionapp", "alice"), force=True)
+
+    res = user_permission_list(auth)['permissions']
+    assert [maindomain + "/urlpermissionapp"] == res['permissions_app']['main']['URL']
+    assert [maindomain + "/urlpermissionapp/admin"] == res['permissions_app']['admin']['URL']
+    assert [maindomain + "/urlpermissionapp/dev"] == res['permissions_app']['dev']['URL']
+
+    app_change_url(auth, "permissions_app", maindomain, "/newchangeurl")
+
+    res = user_permission_list(auth)['permissions']
+    assert [maindomain + "/newchangeurl"] == res['permissions_app']['main']['URL']
+    assert [maindomain + "/newchangeurl/admin"] == res['permissions_app']['admin']['URL']
+    assert [maindomain + "/newchangeurl/dev"] == res['permissions_app']['dev']['URL']

src/yunohost/tests/test_user-group.py

@@ -0,0 +1,210 @@
+import pytest
+
+from moulinette.core import init_authenticator, MoulinetteError
+from yunohost.user import user_list, user_info, user_group_list, user_create, user_delete, user_update, user_group_add, user_group_delete, user_group_update, user_group_info
+from yunohost.domain import _get_maindomain
+from yunohost.utils.error import YunohostError
+
+# Get main domain
+maindomain = _get_maindomain()
+
+# Instantiate LDAP Authenticator
+AUTH_IDENTIFIER = ('ldap', 'as-root')
+AUTH_PARAMETERS = {'uri': 'ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi',
+                   'base_dn': 'dc=yunohost,dc=org',
+                   'user_rdn': 'gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth'}
+
+auth = init_authenticator(AUTH_IDENTIFIER, AUTH_PARAMETERS)
+
+def clean_user_groups():
+    for u in user_list(auth)['users']:
+        user_delete(auth, u)
+
+    for g in user_group_list(auth)['groups']:
+        if g != "all_users":
+            user_group_delete(auth, g)
+
+def setup_function(function):
+    clean_user_groups()
+
+    user_create(auth, "alice", "Alice", "White", "alice@" + maindomain, "test123Ynh")
+    user_create(auth, "bob", "Bob", "Snow", "bob@" + maindomain, "test123Ynh")
+    user_create(auth, "jack", "Jack", "Black", "jack@" + maindomain, "test123Ynh")
+
+    user_group_add(auth, "dev")
+    user_group_add(auth, "apps")
+    user_group_update(auth, "dev", add_user=["alice"])
+    user_group_update(auth, "apps", add_user=["bob"])
+
+def teardown_function(function):
+    clean_user_groups()
+
+#
+# List functions
+#
+
+def test_list_users():
+    res = user_list(auth)['users']
+
+    assert "alice" in res
+    assert "bob" in res
+    assert "jack" in res
+
+def test_list_groups():
+    res = user_group_list(auth)['groups']
+
+    assert "all_users" in res
+    assert "alice" in res
+    assert "bob" in res
+    assert "jack" in res
+    for u in ["alice", "bob", "jack"]:
+        assert u in res
+        assert u in res[u]['members']
+        assert u in res["all_users"]['members']
+
+#
+# Create - Remove functions
+#
+
+def test_create_user():
+    user_create(auth, "albert", "Albert", "Good", "alber@" + maindomain, "test123Ynh")
+
+    group_res = user_group_list(auth)['groups']
+    assert "albert" in user_list(auth)['users']
+    assert "albert" in group_res
+    assert "albert" in group_res['albert']['members']
+    assert "albert" in group_res['all_users']['members']
+
+def test_del_user():
+    user_delete(auth, "alice")
+
+    group_res = user_group_list(auth)['groups']
+    assert "alice" not in user_list(auth)
+    assert "alice" not in group_res
+    assert "alice" not in group_res['all_users']['members']
+
+def test_add_group():
+    user_group_add(auth, "adminsys")
+
+    group_res = user_group_list(auth)['groups']
+    assert "adminsys" in group_res
+    assert "members" not in group_res['adminsys']
+
+def test_del_group():
+    user_group_delete(auth, "dev")
+
+    group_res = user_group_list(auth)['groups']
+    assert "dev" not in group_res
+
+#
+# Error on create / remove function
+#
+
+def test_add_bad_user_1():
+    # Check email already exist
+    with pytest.raises(MoulinetteError):
+        user_create(auth, "alice2", "Alice", "White", "alice@" + maindomain, "test123Ynh")
+
+def test_add_bad_user_2():
+    # Check to short password
+    with pytest.raises(MoulinetteError):
+        user_create(auth, "other", "Alice", "White", "other@" + maindomain, "12")
+
+def test_add_bad_user_3():
+    # Check user already exist
+    with pytest.raises(MoulinetteError):
+        user_create(auth, "alice", "Alice", "White", "other@" + maindomain, "test123Ynh")
+
+def test_del_bad_user_1():
+    # Check user not found
+    with pytest.raises(MoulinetteError):
+        user_delete(auth, "not_exit")
+
+def test_add_bad_group_1():
+    # Check groups already exist with special group "all_users"
+    with pytest.raises(YunohostError):
+        user_group_add(auth, "all_users")
+
+def test_add_bad_group_2():
+    # Check groups already exist (for standard groups)
+    with pytest.raises(MoulinetteError):
+        user_group_add(auth, "dev")
+
+def test_del_bad_group_1():
+    # Check not allowed to remove this groups
+    with pytest.raises(YunohostError):
+        user_group_delete(auth, "all_users")
+
+def test_del_bad_group_2():
+    # Check groups not found
+    with pytest.raises(MoulinetteError):
+        user_group_delete(auth, "not_exit")
+
+#
+# Update function
+#
+
+def test_update_user_1():
+    user_update(auth, "alice", firstname="NewName", lastname="NewLast")
+
+    info = user_info(auth, "alice")
+    assert "NewName" == info['firstname']
+    assert "NewLast" == info['lastname']
+
+def test_update_group_1():
+    user_group_update(auth, "dev", add_user=["bob"])
+
+    group_res = user_group_list(auth)['groups']
+    assert set(["alice", "bob"]) == set(group_res['dev']['members'])
+
+def test_update_group_2():
+    # Try to add a user in a group when the user is already in
+    user_group_update(auth, "apps", add_user=["bob"])
+
+    group_res = user_group_list(auth)['groups']
+    assert ["bob"] == group_res['apps']['members']
+
+def test_update_group_3():
+    # Try to remove a user in a group
+    user_group_update(auth, "apps", remove_user=["bob"])
+
+    group_res = user_group_list(auth)['groups']
+    assert "members" not in group_res['apps']
+
+def test_update_group_4():
+    # Try to remove a user in a group when it is not already in
+    user_group_update(auth, "apps", remove_user=["jack"])
+
+    group_res = user_group_list(auth)['groups']
+    assert ["bob"] == group_res['apps']['members']
+
+#
+# Error on update functions
+#
+
+def test_bad_update_user_1():
+    # Check user not found
+    with pytest.raises(YunohostError):
+        user_update(auth, "not_exit", firstname="NewName", lastname="NewLast")
+
+def bad_update_group_1():
+    # Check groups not found
+    with pytest.raises(YunohostError):
+        user_group_update(auth, "not_exit", add_user=["alice"])
+
+def test_bad_update_group_2():
+    # Check remove user in groups "all_users" not allowed
+    with pytest.raises(YunohostError):
+        user_group_update(auth, "all_users", remove_user=["alice"])
+
+def test_bad_update_group_3():
+    # Check remove user in it own group not allowed
+    with pytest.raises(YunohostError):
+        user_group_update(auth, "alice", remove_user=["alice"])
+
+def test_bad_update_group_1():
+    # Check add bad user in group
+    with pytest.raises(YunohostError):
+        user_group_update(auth, "dev", add_user=["not_exist"])
+
+    assert "not_exist" not in user_group_list(auth)["groups"]["dev"]