| # Copyright 2016 The Chromium Authors |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| """Tests for the API v1.""" |
| from __future__ import print_function |
| from __future__ import division |
| from __future__ import absolute_import |
| |
| import datetime |
| from unittest import mock |
| import endpoints |
| import logging |
| from mock import Mock, patch, ANY |
| import six |
| import time |
| import unittest |
| import webtest |
| |
| from google.appengine.api import oauth |
| from protorpc import messages |
| from protorpc import message_types |
| |
| from features import send_notifications |
| from framework import authdata |
| from framework import exceptions |
| from framework import framework_constants |
| from framework import permissions |
| from framework import profiler |
| from framework import template_helpers |
| from mrproto import api_pb2_v1 |
| from mrproto import project_pb2 |
| from mrproto import tracker_pb2 |
| from search import frontendsearchpipeline |
| from services import api_svc_v1 |
| from services import service_manager |
| from services import template_svc |
| from services import tracker_fulltext |
| from testing import fake |
| from testing import testing_helpers |
| from testing_utils import testing |
| from tracker import tracker_bizobj |
| from tracker import tracker_constants |
| from redirect import redirect_utils |
| |
| |
| def MakeFakeServiceManager(): |
| return service_manager.Services( |
| user=fake.UserService(), |
| usergroup=fake.UserGroupService(), |
| project=fake.ProjectService(), |
| config=fake.ConfigService(), |
| issue=fake.IssueService(), |
| issue_star=fake.IssueStarService(), |
| features=fake.FeaturesService(), |
| template=Mock(spec=template_svc.TemplateService), |
| cache_manager=fake.CacheManager()) |
| |
| |
| class FakeMonorailApiRequest(object): |
| |
| def __init__(self, request, services, perms=None): |
| self.profiler = profiler.Profiler() |
| self.cnxn = None |
| self.auth = authdata.AuthData.FromEmail( |
| self.cnxn, request['requester'], services) |
| self.me_user_id = self.auth.user_id |
| self.project_name = None |
| self.project = None |
| self.viewed_username = None |
| self.viewed_user_auth = None |
| self.config = None |
| if 'userId' in request: |
| self.viewed_username = request['userId'] |
| self.viewed_user_auth = authdata.AuthData.FromEmail( |
| self.cnxn, self.viewed_username, services) |
| else: |
| assert 'groupName' in request |
| self.viewed_username = request['groupName'] |
| try: |
| self.viewed_user_auth = authdata.AuthData.FromEmail( |
| self.cnxn, self.viewed_username, services) |
| except exceptions.NoSuchUserException: |
| self.viewed_user_auth = None |
| if 'projectId' in request: |
| self.project_name = request['projectId'] |
| self.project = services.project.GetProjectByName( |
| self.cnxn, self.project_name) |
| self.config = services.config.GetProjectConfig( |
| self.cnxn, self.project_id) |
| self.perms = perms or permissions.GetPermissions( |
| self.auth.user_pb, self.auth.effective_ids, self.project) |
| self.granted_perms = set() |
| |
| self.params = { |
| 'can': request.get('can', 1), |
| 'start': request.get('startIndex', 0), |
| 'num': request.get('maxResults', 100), |
| 'q': request.get('q', ''), |
| 'sort': request.get('sort', ''), |
| 'groupby': '', |
| 'projects': request.get('additionalProject', []) + [self.project_name]} |
| self.use_cached_searches = True |
| self.errors = template_helpers.EZTError() |
| self.mode = None |
| |
| self.query_project_names = self.GetParam('projects') |
| self.group_by_spec = self.GetParam('groupby') |
| self.sort_spec = self.GetParam('sort') |
| self.query = self.GetParam('q') |
| self.can = self.GetParam('can') |
| self.start = self.GetParam('start') |
| self.num = self.GetParam('num') |
| self.warnings = [] |
| |
| def CleanUp(self): |
| self.cnxn = None |
| |
| @property |
| def project_id(self): |
| return self.project.project_id if self.project else None |
| |
| def GetParam(self, query_param_name, default_value=None, |
| _antitamper_re=None): |
| return self.params.get(query_param_name, default_value) |
| |
| |
| class FakeFrontendSearchPipeline(object): |
| |
| def __init__(self): |
| issue1 = fake.MakeTestIssue( |
| project_id=12345, local_id=1, owner_id=222, status='New', summary='sum') |
| issue2 = fake.MakeTestIssue( |
| project_id=12345, local_id=2, owner_id=222, status='New', summary='sum') |
| self.allowed_results = [issue1, issue2] |
| self.visible_results = [issue1] |
| self.total_count = len(self.allowed_results) |
| self.config = None |
| self.projectId = 0 |
| |
| def SearchForIIDs(self): |
| pass |
| |
| def MergeAndSortIssues(self): |
| pass |
| |
| def Paginate(self): |
| pass |
| |
| |
| class MonorailApiBadAuthTest(testing.EndpointsTestCase): |
| |
| api_service_cls = api_svc_v1.MonorailApi |
| |
| def setUp(self): |
| super(MonorailApiBadAuthTest, self).setUp() |
| self.requester = RequesterMock(email='requester@example.com') |
| self.mock(endpoints, 'get_current_user', lambda: None) |
| self.request = {'userId': 'user@example.com'} |
| |
| def testUsersGet_BadOAuth(self): |
| """The requester's token is invalid, e.g., because it expired.""" |
| oauth.get_current_user = Mock( |
| return_value=RequesterMock(email='test@example.com')) |
| oauth.get_current_user.side_effect = oauth.Error() |
| with self.assertRaises(webtest.AppError) as cm: |
| self.call_api('users_get', self.request) |
| self.assertTrue(str(cm.exception).startswith('Bad response: 401')) |
| |
| |
| class MonorailApiTest(testing.EndpointsTestCase): |
| |
| api_service_cls = api_svc_v1.MonorailApi |
| |
| def setUp(self): |
| super(MonorailApiTest, self).setUp() |
| # Load queue.yaml. |
| self.requester = RequesterMock(email='requester@example.com') |
| self.mock(endpoints, 'get_current_user', lambda: self.requester) |
| self.config = None |
| self.services = MakeFakeServiceManager() |
| self.mock(api_svc_v1.MonorailApi, '_services', self.services) |
| self.services.user.TestAddUser('requester@example.com', 111) |
| self.services.user.TestAddUser('user@example.com', 222) |
| self.services.user.TestAddUser('group@example.com', 123) |
| self.services.usergroup.TestAddGroupSettings(123, 'group@example.com') |
| self.request = { |
| 'userId': 'user@example.com', |
| 'ownerProjectsOnly': False, |
| 'requester': 'requester@example.com', |
| 'projectId': 'test-project', |
| 'issueId': 1} |
| self.mock(api_svc_v1.MonorailApi, 'mar_factory', |
| lambda x, y, z: FakeMonorailApiRequest( |
| self.request, self.services)) |
| |
| # api_base_checks is tested in AllBaseChecksTest, |
| # so mock it to reduce noise. |
| self.mock(api_svc_v1, 'api_base_checks', |
| lambda x, y, z, u, v, w: ('id', 'email')) |
| |
| self.mock(tracker_fulltext, 'IndexIssues', lambda x, y, z, u, v: None) |
| self.mock(tracker_fulltext, 'UnindexIssues', lambda _: None) |
| |
| def SetUpComponents( |
| self, project_id, component_id, component_name, component_doc='doc', |
| deprecated=False, admin_ids=None, cc_ids=None, created=100000, |
| creator=111): |
| admin_ids = admin_ids or [] |
| cc_ids = cc_ids or [] |
| self.config = self.services.config.GetProjectConfig( |
| 'fake cnxn', project_id) |
| self.services.config.StoreConfig('fake cnxn', self.config) |
| cd = tracker_bizobj.MakeComponentDef( |
| component_id, project_id, component_name, component_doc, deprecated, |
| admin_ids, cc_ids, created, creator, modifier_id=creator) |
| self.config.component_defs.append(cd) |
| |
| def SetUpFieldDefs( |
| self, field_id, project_id, field_name, field_type_int, |
| min_value=0, max_value=100, needs_member=False, docstring='doc', |
| approval_id=None, is_phase_field=False): |
| self.config = self.services.config.GetProjectConfig( |
| 'fake cnxn', project_id) |
| self.services.config.StoreConfig('fake cnxn', self.config) |
| fd = tracker_bizobj.MakeFieldDef( |
| field_id, project_id, field_name, field_type_int, '', |
| '', False, False, False, min_value, max_value, None, needs_member, |
| None, '', tracker_pb2.NotifyTriggers.NEVER, 'no_action', docstring, |
| False, approval_id=approval_id, is_phase_field=is_phase_field) |
| self.config.field_defs.append(fd) |
| |
| def testUsersGet_NoProject(self): |
| """The viewed user has no projects.""" |
| |
| self.services.project.TestAddProject( |
| 'public-project', owner_ids=[111]) |
| resp = self.call_api('users_get', self.request).json_body |
| expected = { |
| 'id': '222', |
| 'kind': 'monorail#user'} |
| self.assertEqual(expected, resp) |
| |
| def testUsersGet_PublicProject(self): |
| """The viewed user has one public project.""" |
| self.services.template.GetProjectTemplates.return_value = \ |
| testing_helpers.DefaultTemplates() |
| self.services.project.TestAddProject( |
| 'public-project', owner_ids=[222]) |
| resp = self.call_api('users_get', self.request).json_body |
| |
| self.assertEqual(1, len(resp['projects'])) |
| self.assertEqual('public-project', resp['projects'][0]['name']) |
| |
| def testUsersGet_PrivateProject(self): |
| """The viewed user has one project but the requester cannot view.""" |
| |
| self.services.project.TestAddProject( |
| 'private-project', owner_ids=[222], |
| access=project_pb2.ProjectAccess.MEMBERS_ONLY) |
| resp = self.call_api('users_get', self.request).json_body |
| self.assertNotIn('projects', resp) |
| |
| def testUsersGet_OwnerProjectOnly(self): |
| """The viewed user has different roles of projects.""" |
| self.services.template.GetProjectTemplates.return_value = \ |
| testing_helpers.DefaultTemplates() |
| self.services.project.TestAddProject( |
| 'owner-project', owner_ids=[222]) |
| self.services.project.TestAddProject( |
| 'member-project', owner_ids=[111], committer_ids=[222]) |
| resp = self.call_api('users_get', self.request).json_body |
| self.assertEqual(2, len(resp['projects'])) |
| |
| self.request['ownerProjectsOnly'] = True |
| resp = self.call_api('users_get', self.request).json_body |
| self.assertEqual(1, len(resp['projects'])) |
| self.assertEqual('owner-project', resp['projects'][0]['name']) |
| |
| def testIssuesGet_GetIssue(self): |
| """Get the requested issue.""" |
| |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| self.SetUpComponents(12345, 1, 'API') |
| self.SetUpFieldDefs(1, 12345, 'Field1', tracker_pb2.FieldTypes.INT_TYPE) |
| |
| fv = tracker_pb2.FieldValue( |
| field_id=1, |
| int_value=11) |
| issue1 = fake.MakeTestIssue( |
| project_id=12345, local_id=1, owner_id=222, reporter_id=111, |
| status='New', summary='sum', component_ids=[1], field_values=[fv]) |
| self.services.issue.TestAddIssue(issue1) |
| |
| resp = self.call_api('issues_get', self.request).json_body |
| self.assertEqual(1, resp['id']) |
| self.assertEqual('New', resp['status']) |
| self.assertEqual('open', resp['state']) |
| self.assertFalse(resp['canEdit']) |
| self.assertTrue(resp['canComment']) |
| self.assertEqual('requester@example.com', resp['author']['name']) |
| self.assertEqual('user@example.com', resp['owner']['name']) |
| self.assertEqual('API', resp['components'][0]) |
| self.assertEqual('Field1', resp['fieldValues'][0]['fieldName']) |
| self.assertEqual('11', resp['fieldValues'][0]['fieldValue']) |
| |
| @mock.patch('businesslogic.work_env.WorkEnv.GetIssueMigratedID') |
| def testIssuesGet_GetIssue_MigratedId(self, mockGetIssueMigratedId): |
| """Get the requested issue.""" |
| mockGetIssueMigratedId.return_value = '23456' |
| |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], project_id=12345) |
| self.SetUpComponents(12345, 1, 'API') |
| self.SetUpFieldDefs(1, 12345, 'Field1', tracker_pb2.FieldTypes.INT_TYPE) |
| |
| fv = tracker_pb2.FieldValue(field_id=1, int_value=11) |
| issue1 = fake.MakeTestIssue( |
| project_id=12345, |
| local_id=1, |
| owner_id=222, |
| reporter_id=111, |
| status='New', |
| summary='sum', |
| component_ids=[1], |
| field_values=[fv]) |
| self.services.issue.TestAddIssue(issue1) |
| |
| resp = self.call_api('issues_get', self.request).json_body |
| self.assertEqual(1, resp['id']) |
| self.assertEqual('New', resp['status']) |
| self.assertEqual('open', resp['state']) |
| self.assertFalse(resp['canEdit']) |
| self.assertTrue(resp['canComment']) |
| self.assertEqual('requester@example.com', resp['author']['name']) |
| self.assertEqual('user@example.com', resp['owner']['name']) |
| self.assertEqual('API', resp['components'][0]) |
| self.assertEqual('Field1', resp['fieldValues'][0]['fieldName']) |
| self.assertEqual('11', resp['fieldValues'][0]['fieldValue']) |
| self.assertEqual('23456', resp['migrated_id']) |
| |
| @patch('framework.cloud_tasks_helpers.create_task') |
| def testIssuesInsert_FreezeLabels(self, _create_task_mock): |
| """Attempts to add new labels are blocked""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], committer_ids=[111], project_id=999) |
| self.SetUpFieldDefs(1, 999, 'Field1', tracker_pb2.FieldTypes.INT_TYPE) |
| |
| issue1 = fake.MakeTestIssue( |
| project_id=999, |
| local_id=1, |
| owner_id=222, |
| reporter_id=111, |
| status='New', |
| summary='Test issue') |
| self.services.issue.TestAddIssue(issue1) |
| |
| issue_dict = { |
| 'blockedOn': [{ |
| 'issueId': 1 |
| }], |
| 'cc': [{ |
| 'name': 'user@example.com' |
| }, { |
| 'name': '' |
| }, { |
| 'name': ' ' |
| }], |
| 'description': 'description', |
| 'labels': ['freeze_new_label', 'label1'], |
| 'owner': { |
| 'name': 'requester@example.com' |
| }, |
| 'status': 'New', |
| 'summary': 'Test issue', |
| 'fieldValues': [{ |
| 'fieldName': 'Field1', |
| 'fieldValue': '11' |
| }] |
| } |
| self.request.update(issue_dict) |
| |
| with self.call_should_fail(400): |
| self.call_api('issues_insert', self.request) |
| |
| def testIssuesInsert_BadRequest(self): |
| """The request does not specify summary or status.""" |
| |
| with self.assertRaises(webtest.AppError): |
| self.call_api('issues_insert', self.request) |
| |
| issue_dict = { |
| 'status': 'New', |
| 'summary': 'Test issue', |
| 'owner': {'name': 'notexist@example.com'}} |
| self.request.update(issue_dict) |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| with self.call_should_fail(400): |
| self.call_api('issues_insert', self.request) |
| |
| # Invalid field value |
| self.SetUpFieldDefs(1, 12345, 'Field1', tracker_pb2.FieldTypes.INT_TYPE) |
| issue_dict = { |
| 'status': 'New', |
| 'summary': 'Test issue', |
| 'owner': {'name': 'requester@example.com'}, |
| 'fieldValues': [{'fieldName': 'Field1', 'fieldValue': '111'}]} |
| self.request.update(issue_dict) |
| with self.call_should_fail(400): |
| self.call_api('issues_insert', self.request) |
| |
| def testIssuesInsert_NoPermission(self): |
| """The requester has no permission to create issues.""" |
| |
| issue_dict = { |
| 'status': 'New', |
| 'summary': 'Test issue'} |
| self.request.update(issue_dict) |
| |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| access=project_pb2.ProjectAccess.MEMBERS_ONLY, |
| project_id=12345) |
| with self.call_should_fail(403): |
| self.call_api('issues_insert', self.request) |
| |
| @patch('framework.cloud_tasks_helpers.create_task') |
| def testIssuesInsert_CreateIssue(self, _create_task_mock): |
| """Create an issue as requested.""" |
| |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], committer_ids=[111], project_id=12345) |
| self.SetUpFieldDefs(1, 12345, 'Field1', tracker_pb2.FieldTypes.INT_TYPE) |
| |
| issue1 = fake.MakeTestIssue( |
| project_id=12345, local_id=1, owner_id=222, reporter_id=111, |
| status='New', summary='Test issue') |
| self.services.issue.TestAddIssue(issue1) |
| |
| issue_dict = { |
| 'blockedOn': [{'issueId': 1}], |
| 'cc': [{'name': 'user@example.com'}, {'name': ''}, {'name': ' '}], |
| 'description': 'description', |
| 'labels': ['label1', 'label2'], |
| 'owner': {'name': 'requester@example.com'}, |
| 'status': 'New', |
| 'summary': 'Test issue', |
| 'fieldValues': [{'fieldName': 'Field1', 'fieldValue': '11'}]} |
| self.request.update(issue_dict) |
| |
| resp = self.call_api('issues_insert', self.request).json_body |
| self.assertEqual('New', resp['status']) |
| self.assertEqual('requester@example.com', resp['author']['name']) |
| self.assertEqual('requester@example.com', resp['owner']['name']) |
| self.assertEqual('user@example.com', resp['cc'][0]['name']) |
| self.assertEqual(1, resp['blockedOn'][0]['issueId']) |
| self.assertEqual([u'label1', u'label2'], resp['labels']) |
| self.assertEqual('Test issue', resp['summary']) |
| self.assertEqual('Field1', resp['fieldValues'][0]['fieldName']) |
| self.assertEqual('11', resp['fieldValues'][0]['fieldValue']) |
| |
| new_issue = self.services.issue.GetIssueByLocalID( |
| 'fake cnxn', 12345, resp['id']) |
| |
| starrers = self.services.issue_star.LookupItemStarrers( |
| 'fake cnxn', new_issue.issue_id) |
| self.assertIn(111, starrers) |
| |
| @patch('framework.cloud_tasks_helpers.create_task') |
| def testIssuesInsert_EmptyOwnerCcNames(self, _create_task_mock): |
| """Create an issue as requested.""" |
| |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| self.SetUpFieldDefs(1, 12345, 'Field1', tracker_pb2.FieldTypes.INT_TYPE) |
| |
| issue_dict = { |
| 'cc': [{'name': 'user@example.com'}, {'name': ''}], |
| 'description': 'description', |
| 'owner': {'name': ''}, |
| 'status': 'New', |
| 'summary': 'Test issue'} |
| self.request.update(issue_dict) |
| |
| resp = self.call_api('issues_insert', self.request).json_body |
| self.assertEqual('New', resp['status']) |
| self.assertEqual('requester@example.com', resp['author']['name']) |
| self.assertTrue('owner' not in resp) |
| self.assertEqual('user@example.com', resp['cc'][0]['name']) |
| self.assertEqual(len(resp['cc']), 1) |
| self.assertEqual('Test issue', resp['summary']) |
| |
| new_issue = self.services.issue.GetIssueByLocalID( |
| 'fake cnxn', 12345, resp['id']) |
| self.assertEqual(new_issue.owner_id, 0) |
| |
| def testIssuesList_NoPermission(self): |
| """No permission for additional projects.""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| |
| self.services.project.TestAddProject( |
| 'test-project2', owner_ids=[222], |
| access=project_pb2.ProjectAccess.MEMBERS_ONLY, |
| project_id=123456) |
| self.request['additionalProject'] = ['test-project2'] |
| with self.call_should_fail(403): |
| self.call_api('issues_list', self.request) |
| |
| def testIssuesList_SearchIssues(self): |
| """Find issues of one project.""" |
| |
| self.mock( |
| frontendsearchpipeline, |
| 'FrontendSearchPipeline', lambda cnxn, serv, auth, me, q, q_proj_names, |
| num, start, can, group_spec, sort_spec, warnings, errors, use_cache, |
| profiler, project: FakeFrontendSearchPipeline()) |
| |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[111], # requester |
| access=project_pb2.ProjectAccess.MEMBERS_ONLY, |
| project_id=12345) |
| resp = self.call_api('issues_list', self.request).json_body |
| self.assertEqual(2, int(resp['totalResults'])) |
| self.assertEqual(1, len(resp['items'])) |
| self.assertEqual(1, resp['items'][0]['id']) |
| |
| def testIssuesCommentsList_GetComments(self): |
| """Get comments of requested issue.""" |
| |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| |
| issue1 = fake.MakeTestIssue( |
| project_id=12345, local_id=1, summary='test summary', status='New', |
| issue_id=10001, owner_id=222, reporter_id=111) |
| self.services.issue.TestAddIssue(issue1) |
| |
| comment = tracker_pb2.IssueComment( |
| id=123, issue_id=10001, |
| project_id=12345, user_id=222, |
| content='this is a comment', |
| timestamp=1437700000) |
| self.services.issue.TestAddComment(comment, 1) |
| |
| resp = self.call_api('issues_comments_list', self.request).json_body |
| self.assertEqual(2, resp['totalResults']) |
| comment1 = resp['items'][0] |
| comment2 = resp['items'][1] |
| self.assertEqual('requester@example.com', comment1['author']['name']) |
| self.assertEqual('test summary', comment1['content']) |
| self.assertEqual('user@example.com', comment2['author']['name']) |
| self.assertEqual('this is a comment', comment2['content']) |
| |
| def testParseImportedReporter_Normal(self): |
| """Normal attempt to post a comment under the requester's name.""" |
| mar = FakeMonorailApiRequest(self.request, self.services) |
| container = api_pb2_v1.ISSUES_COMMENTS_INSERT_REQUEST_RESOURCE_CONTAINER |
| request = container.body_message_class() |
| |
| monorail_api = self.api_service_cls() |
| monorail_api._set_services(self.services) |
| reporter_id, timestamp = monorail_api.parse_imported_reporter(mar, request) |
| self.assertEqual(111, reporter_id) |
| self.assertIsNone(timestamp) |
| |
| # API users should not need to specify anything for author when posting |
| # as the signed-in user, but it is OK if they specify their own email. |
| request.author = api_pb2_v1.AtomPerson(name='requester@example.com') |
| request.published = datetime.datetime.now() # Ignored |
| monorail_api = self.api_service_cls() |
| monorail_api._set_services(self.services) |
| reporter_id, timestamp = monorail_api.parse_imported_reporter(mar, request) |
| self.assertEqual(111, reporter_id) |
| self.assertIsNone(timestamp) |
| |
| def testParseImportedReporter_Import_Allowed(self): |
| """User is importing a comment posted by a different user.""" |
| project = self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], contrib_ids=[111], |
| project_id=12345) |
| project.extra_perms = [project_pb2.Project.ExtraPerms( |
| member_id=111, perms=['ImportComment'])] |
| mar = FakeMonorailApiRequest(self.request, self.services) |
| container = api_pb2_v1.ISSUES_COMMENTS_INSERT_REQUEST_RESOURCE_CONTAINER |
| request = container.body_message_class() |
| request.author = api_pb2_v1.AtomPerson(name='user@example.com') |
| NOW = 1234567890 |
| request.published = datetime.datetime.utcfromtimestamp(NOW) |
| monorail_api = self.api_service_cls() |
| monorail_api._set_services(self.services) |
| |
| reporter_id, timestamp = monorail_api.parse_imported_reporter(mar, request) |
| |
| self.assertEqual(222, reporter_id) # that is user@ |
| self.assertEqual(NOW, timestamp) |
| |
| def testParseImportedReporter_Import_NotAllowed(self): |
| """User is importing a comment posted by a different user without perm.""" |
| mar = FakeMonorailApiRequest(self.request, self.services) |
| container = api_pb2_v1.ISSUES_COMMENTS_INSERT_REQUEST_RESOURCE_CONTAINER |
| request = container.body_message_class() |
| request.author = api_pb2_v1.AtomPerson(name='user@example.com') |
| NOW = 1234567890 |
| request.published = datetime.datetime.fromtimestamp(NOW) |
| monorail_api = self.api_service_cls() |
| monorail_api._set_services(self.services) |
| |
| with self.assertRaises(permissions.PermissionException): |
| monorail_api.parse_imported_reporter(mar, request) |
| |
| def testIssuesCommentsInsert_ApprovalFields(self): |
| """Attempts to update approval field values are blocked.""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| access=project_pb2.ProjectAccess.MEMBERS_ONLY, |
| project_id=12345) |
| |
| issue1 = fake.MakeTestIssue( |
| 12345, 1, 'Issue 1', 'New', 2, issue_id=1234501) |
| self.services.issue.TestAddIssue(issue1) |
| |
| self.SetUpFieldDefs( |
| 1, 12345, 'Field_int', tracker_pb2.FieldTypes.INT_TYPE) |
| self.SetUpFieldDefs( |
| 2, 12345, 'ApprovalChild', tracker_pb2.FieldTypes.STR_TYPE, |
| approval_id=1) |
| |
| self.request['updates'] = { |
| 'fieldValues': [{'fieldName': 'Field_int', 'fieldValue': '11'}, |
| {'fieldName': 'ApprovalChild', 'fieldValue': 'str'}]} |
| |
| with self.call_should_fail(403): |
| self.call_api('issues_comments_insert', self.request) |
| |
| def testIssuesCommentsInsert_NoCommentPermission(self): |
| """No permission to comment an issue.""" |
| |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| access=project_pb2.ProjectAccess.MEMBERS_ONLY, |
| project_id=12345) |
| |
| issue1 = fake.MakeTestIssue( |
| 12345, 1, 'Issue 1', 'New', 2) |
| self.services.issue.TestAddIssue(issue1) |
| |
| with self.call_should_fail(403): |
| self.call_api('issues_comments_insert', self.request) |
| |
| def testIssuesCommentsInsert_ArchivedProject(self): |
| """No permission to comment in an archived project.""" |
| self.services.project.TestAddProject( |
| 'test-project', |
| owner_ids=[111], |
| state=project_pb2.ProjectState.ARCHIVED, |
| project_id=12345) |
| issue1 = fake.MakeTestIssue(12345, 1, 'Issue 1', 'New', 2) |
| self.services.issue.TestAddIssue(issue1) |
| |
| self.services.project.TestAddProject( |
| 'archived-project', owner_ids=[222], project_id=6789) |
| issue2 = fake.MakeTestIssue( |
| 6789, 2, 'Issue 2', 'New', 222, project_name='archived-project') |
| self.services.issue.TestAddIssue(issue2) |
| |
| self.request['updates'] = { |
| 'blockedOn': ['archived-project:2'], |
| 'mergedInto': '', |
| } |
| with self.call_should_fail(403): |
| self.call_api('issues_comments_insert', self.request) |
| |
| self.request['updates'] = { |
| 'blockedOn': [], |
| 'mergedInto': 'archived-project:2', |
| } |
| with self.call_should_fail(403): |
| self.call_api('issues_comments_insert', self.request) |
| |
| def testIssuesCommentsInsert_CommentPermissionOnly(self): |
| """User has permission to comment, even though they cannot edit.""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[], project_id=12345) |
| |
| issue1 = fake.MakeTestIssue( |
| 12345, 1, 'Issue 1', 'New', 222) |
| self.services.issue.TestAddIssue(issue1) |
| |
| self.request['content'] = 'This is just a comment' |
| resp = self.call_api('issues_comments_insert', self.request).json_body |
| self.assertEqual('requester@example.com', resp['author']['name']) |
| self.assertEqual('This is just a comment', resp['content']) |
| |
| def testIssuesCommentsInsert_TooLongComment(self): |
| """Too long of a comment to add.""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[], project_id=12345) |
| |
| issue1 = fake.MakeTestIssue(12345, 1, 'Issue 1', 'New', 222) |
| self.services.issue.TestAddIssue(issue1) |
| |
| long_comment = ' ' + 'c' * tracker_constants.MAX_COMMENT_CHARS + ' ' |
| self.request['content'] = long_comment |
| with self.call_should_fail(400): |
| self.call_api('issues_comments_insert', self.request) |
| |
| def testIssuesCommentsInsert_FreezeLabels(self): |
| """Attempts to add new labels are blocked""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[111], project_id=999) |
| |
| issue1 = fake.MakeTestIssue( |
| 999, 1, 'Issue 1', 'New', 222, project_name='test-project') |
| self.services.issue.TestAddIssue(issue1) |
| |
| self.request['updates'] = { |
| 'summary': 'new summary', |
| 'status': 'Started', |
| 'owner': 'requester@example.com', |
| 'cc': ['user@example.com'], |
| 'labels': ['freeze_new_label', '-remove_label'], |
| 'blockedOn': ['2'], |
| 'blocking': ['3'], |
| } |
| |
| with self.call_should_fail(400): |
| self.call_api('issues_comments_insert', self.request) |
| |
| def testIssuesCommentsInsert_Amendments_Normal(self): |
| """Insert comments with amendments.""" |
| |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[111], |
| project_id=12345) |
| |
| issue1 = fake.MakeTestIssue( |
| 12345, 1, 'Issue 1', 'New', 222, project_name='test-project') |
| issue2 = fake.MakeTestIssue( |
| 12345, 2, 'Issue 2', 'New', 222, project_name='test-project') |
| issue3 = fake.MakeTestIssue( |
| 12345, 3, 'Issue 3', 'New', 222, project_name='test-project') |
| self.services.issue.TestAddIssue(issue1) |
| self.services.issue.TestAddIssue(issue2) |
| self.services.issue.TestAddIssue(issue3) |
| |
| self.request['updates'] = { |
| 'summary': 'new summary', |
| 'status': 'Started', |
| 'owner': 'requester@example.com', |
| 'cc': ['user@example.com'], |
| 'labels': ['add_label', '-remove_label'], |
| 'blockedOn': ['2'], |
| 'blocking': ['3'], |
| } |
| resp = self.call_api('issues_comments_insert', self.request).json_body |
| self.assertEqual('requester@example.com', resp['author']['name']) |
| self.assertEqual('Started', resp['updates']['status']) |
| self.assertEqual(0, issue1.merged_into) |
| |
| def testIssuesCommentsInsert_Amendments_NoPerms(self): |
| """Can't insert comments using account that lacks permissions.""" |
| |
| project1 = self.services.project.TestAddProject( |
| 'test-project', owner_ids=[], project_id=12345) |
| |
| issue1 = fake.MakeTestIssue( |
| 12345, 1, 'Issue 1', 'New', 222, project_name='test-project') |
| self.services.issue.TestAddIssue(issue1) |
| |
| self.request['updates'] = { |
| 'summary': 'new summary', |
| } |
| with self.call_should_fail(403): |
| self.call_api('issues_comments_insert', self.request) |
| |
| project1.contributor_ids = [1] # Does not grant edit perm. |
| with self.call_should_fail(403): |
| self.call_api('issues_comments_insert', self.request) |
| |
| def testIssuesCommentsInsert_Amendments_BadOwner(self): |
| """Can't set owner to someone who is not a project member.""" |
| |
| _project1 = self.services.project.TestAddProject( |
| 'test-project', owner_ids=[111], project_id=12345) |
| |
| issue1 = fake.MakeTestIssue( |
| 12345, 1, 'Issue 1', 'New', 222, project_name='test-project') |
| self.services.issue.TestAddIssue(issue1) |
| |
| self.request['updates'] = { |
| 'owner': 'user@example.com', |
| } |
| with self.call_should_fail(400): |
| self.call_api('issues_comments_insert', self.request) |
| |
| @patch('framework.cloud_tasks_helpers.create_task') |
| def testIssuesCommentsInsert_MergeInto(self, _create_task_mock): |
| """Insert comment that merges an issue into another issue.""" |
| |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], committer_ids=[111], |
| project_id=12345) |
| |
| issue1 = fake.MakeTestIssue( |
| 12345, 1, 'Issue 1', 'New', 222, project_name='test-project') |
| issue2 = fake.MakeTestIssue( |
| 12345, 2, 'Issue 2', 'New', 222, project_name='test-project') |
| self.services.issue.TestAddIssue(issue1) |
| self.services.issue.TestAddIssue(issue2) |
| self.services.issue_star.SetStarsBatch( |
| 'cnxn', 'service', 'config', issue1.issue_id, [111, 222, 333], True) |
| self.services.issue_star.SetStarsBatch( |
| 'cnxn', 'service', 'config', issue2.issue_id, [555], True) |
| |
| self.request['updates'] = { |
| 'summary': 'new summary', |
| 'status': 'Duplicate', |
| 'owner': 'requester@example.com', |
| 'cc': ['user@example.com'], |
| 'labels': ['add_label', '-remove_label'], |
| 'mergedInto': '2', |
| } |
| resp = self.call_api('issues_comments_insert', self.request).json_body |
| self.assertEqual('requester@example.com', resp['author']['name']) |
| self.assertEqual('Duplicate', resp['updates']['status']) |
| self.assertEqual(issue2.issue_id, issue1.merged_into) |
| issue2_comments = self.services.issue.GetCommentsForIssue( |
| 'cnxn', issue2.issue_id) |
| self.assertEqual(2, len(issue2_comments)) # description and merge |
| source_starrers = self.services.issue_star.LookupItemStarrers( |
| 'cnxn', issue1.issue_id) |
| six.assertCountEqual(self, [111, 222, 333], source_starrers) |
| target_starrers = self.services.issue_star.LookupItemStarrers( |
| 'cnxn', issue2.issue_id) |
| six.assertCountEqual(self, [111, 222, 333, 555], target_starrers) |
| |
| def testIssuesCommentsInsert_CustomFields(self): |
| """Update custom field values.""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[111], |
| project_id=12345) |
| issue1 = fake.MakeTestIssue( |
| 12345, 1, 'Issue 1', 'New', 222, |
| project_name='test-project') |
| self.services.issue.TestAddIssue(issue1) |
| self.SetUpFieldDefs( |
| 1, 12345, 'Field_int', tracker_pb2.FieldTypes.INT_TYPE) |
| self.SetUpFieldDefs( |
| 2, 12345, 'Field_enum', tracker_pb2.FieldTypes.ENUM_TYPE) |
| |
| self.request['updates'] = { |
| 'fieldValues': [{'fieldName': 'Field_int', 'fieldValue': '11'}, |
| {'fieldName': 'Field_enum', 'fieldValue': 'str'}]} |
| resp = self.call_api('issues_comments_insert', self.request).json_body |
| self.assertEqual( |
| {'fieldName': 'Field_int', 'fieldValue': '11'}, |
| resp['updates']['fieldValues'][0]) |
| |
| def testIssuesCommentsInsert_IsDescription(self): |
| """Add a new issue description.""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[111], project_id=12345) |
| issue1 = fake.MakeTestIssue( |
| 12345, 1, 'Issue 1', 'New', 222, project_name='test-project') |
| self.services.issue.TestAddIssue(issue1) |
| # Note: the initially issue description will be "Issue 1". |
| |
| self.request['content'] = 'new desc' |
| self.request['updates'] = {'is_description': True} |
| resp = self.call_api('issues_comments_insert', self.request).json_body |
| self.assertEqual('new desc', resp['content']) |
| comments = self.services.issue.GetCommentsForIssue('cnxn', issue1.issue_id) |
| self.assertEqual(2, len(comments)) |
| self.assertTrue(comments[1].is_description) |
| self.assertEqual('new desc', comments[1].content) |
| |
| def testIssuesCommentsInsert_MoveToProject_NoPermsSrc(self): |
| """Don't move issue when user has no perms to edit issue.""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[], project_id=12345) |
| issue1 = fake.MakeTestIssue( |
| 12345, 1, 'Issue 1', 'New', 222, labels=[], |
| project_name='test-project') |
| self.services.issue.TestAddIssue(issue1) |
| self.services.project.TestAddProject( |
| 'test-project2', owner_ids=[111], project_id=12346) |
| |
| # The user has no permission in test-project. |
| self.request['projectId'] = 'test-project' |
| self.request['updates'] = { |
| 'moveToProject': 'test-project2'} |
| with self.call_should_fail(403): |
| self.call_api('issues_comments_insert', self.request) |
| |
| def testIssuesCommentsInsert_MoveToProject_NoPermsDest(self): |
| """Don't move issue to a different project where user has no perms.""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[111], project_id=12345) |
| issue1 = fake.MakeTestIssue( |
| 12345, 1, 'Issue 1', 'New', 222, labels=[], |
| project_name='test-project') |
| self.services.issue.TestAddIssue(issue1) |
| self.services.project.TestAddProject( |
| 'test-project2', owner_ids=[], project_id=12346) |
| |
| # The user has no permission in test-project2. |
| self.request['projectId'] = 'test-project' |
| self.request['updates'] = { |
| 'moveToProject': 'test-project2'} |
| with self.call_should_fail(400): |
| self.call_api('issues_comments_insert', self.request) |
| |
| def testIssuesCommentsInsert_MoveToProject_NoSuchProject(self): |
| """Don't move issue to a different project that does not exist.""" |
| project1 = self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], project_id=12345) |
| issue1 = fake.MakeTestIssue( |
| 12345, 1, 'Issue 1', 'New', 222, labels=[], |
| project_name='test-project') |
| self.services.issue.TestAddIssue(issue1) |
| |
| # Project doesn't exist. |
| project1.owner_ids = [111, 222] |
| self.request['updates'] = { |
| 'moveToProject': 'not exist'} |
| with self.call_should_fail(400): |
| self.call_api('issues_comments_insert', self.request) |
| |
| def testIssuesCommentsInsert_MoveToProject_SameProject(self): |
| """Don't move issue to the project it is already in.""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[111], project_id=12345) |
| issue1 = fake.MakeTestIssue( |
| 12345, 1, 'Issue 1', 'New', 222, labels=[], |
| project_name='test-project') |
| self.services.issue.TestAddIssue(issue1) |
| |
| # The issue is already in destination |
| self.request['updates'] = { |
| 'moveToProject': 'test-project'} |
| with self.call_should_fail(400): |
| self.call_api('issues_comments_insert', self.request) |
| |
| def testIssuesCommentsInsert_MoveToProject_Restricted(self): |
| """Don't move restricted issue to a different project.""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[111], project_id=12345) |
| issue1 = fake.MakeTestIssue( |
| 12345, 1, 'Issue 1', 'New', 222, labels=['Restrict-View-Google'], |
| project_name='test-project') |
| self.services.issue.TestAddIssue(issue1) |
| self.services.project.TestAddProject( |
| 'test-project2', owner_ids=[111], |
| project_id=12346) |
| |
| # Issue has restrict labels, so it cannot move. |
| self.request['projectId'] = 'test-project' |
| self.request['updates'] = { |
| 'moveToProject': 'test-project2'} |
| with self.call_should_fail(400): |
| self.call_api('issues_comments_insert', self.request) |
| |
| def testIssuesCommentsInsert_MoveToProject_Normal(self): |
| """Move issue.""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[111, 222], |
| project_id=12345) |
| self.services.project.TestAddProject( |
| 'test-project2', owner_ids=[111, 222], |
| project_id=12346) |
| issue1 = fake.MakeTestIssue( |
| 12345, 1, 'Issue 1', 'New', 222, project_name='test-project') |
| self.services.issue.TestAddIssue(issue1) |
| issue2 = fake.MakeTestIssue( |
| 12346, 1, 'Issue 1', 'New', 222, project_name='test-project2') |
| self.services.issue.TestAddIssue(issue2) |
| |
| self.request['updates'] = { |
| 'moveToProject': 'test-project2'} |
| resp = self.call_api('issues_comments_insert', self.request).json_body |
| |
| self.assertEqual( |
| 'Moved issue test-project:1 to now be issue test-project2:2.', |
| resp['content']) |
| |
| def testIssuesCommentsInsert_Import_Allowed(self): |
| """Post a comment attributed to another user, with permission.""" |
| project = self.services.project.TestAddProject( |
| 'test-project', committer_ids=[111, 222], project_id=12345) |
| project.extra_perms = [project_pb2.Project.ExtraPerms( |
| member_id=111, perms=['ImportComment'])] |
| issue1 = fake.MakeTestIssue( |
| 12345, 1, 'Issue 1', 'New', 222, project_name='test-project') |
| self.services.issue.TestAddIssue(issue1) |
| |
| self.request['author'] = {'name': 'user@example.com'} # 222 |
| self.request['content'] = 'a comment' |
| self.request['updates'] = { |
| 'owner': 'user@example.com', |
| } |
| |
| resp = self.call_api('issues_comments_insert', self.request).json_body |
| |
| self.assertEqual('a comment', resp['content']) |
| comments = self.services.issue.GetCommentsForIssue('cnxn', issue1.issue_id) |
| self.assertEqual(2, len(comments)) |
| self.assertEqual(222, comments[1].user_id) |
| self.assertEqual('a comment', comments[1].content) |
| |
| |
| def testIssuesCommentsInsert_Import_Self(self): |
| """Specifying the comment author is OK if it is the requester.""" |
| self.services.project.TestAddProject( |
| 'test-project', committer_ids=[111, 222], project_id=12345) |
| # Note: No ImportComment permission has been granted. |
| issue1 = fake.MakeTestIssue( |
| 12345, 1, 'Issue 1', 'New', 222, project_name='test-project') |
| self.services.issue.TestAddIssue(issue1) |
| |
| self.request['author'] = {'name': 'requester@example.com'} # 111 |
| self.request['content'] = 'a comment' |
| self.request['updates'] = { |
| 'owner': 'user@example.com', |
| } |
| |
| resp = self.call_api('issues_comments_insert', self.request).json_body |
| |
| self.assertEqual('a comment', resp['content']) |
| comments = self.services.issue.GetCommentsForIssue('cnxn', issue1.issue_id) |
| self.assertEqual(2, len(comments)) |
| self.assertEqual(111, comments[1].user_id) |
| self.assertEqual('a comment', comments[1].content) |
| |
| def testIssuesCommentsInsert_Import_Denied(self): |
| """Cannot post a comment attributed to another user without permission.""" |
| self.services.project.TestAddProject( |
| 'test-project', committer_ids=[111, 222], project_id=12345) |
| # Note: No ImportComment permission has been granted. |
| issue1 = fake.MakeTestIssue( |
| 12345, 1, 'Issue 1', 'New', 222, project_name='test-project') |
| self.services.issue.TestAddIssue(issue1) |
| |
| self.request['author'] = {'name': 'user@example.com'} # 222 |
| self.request['content'] = 'a comment' |
| self.request['updates'] = { |
| 'owner': 'user@example.com', |
| } |
| |
| with self.call_should_fail(403): |
| self.call_api('issues_comments_insert', self.request) |
| |
| def testIssuesCommentsDelete_NoComment(self): |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| issue1 = fake.MakeTestIssue( |
| project_id=12345, local_id=1, summary='test summary', |
| issue_id=10001, status='New', owner_id=222, reporter_id=222) |
| self.services.issue.TestAddIssue(issue1) |
| self.request['commentId'] = 1 |
| with self.call_should_fail(404): |
| self.call_api('issues_comments_delete', self.request) |
| |
| def testIssuesCommentsDelete_NoDeletePermission(self): |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| issue1 = fake.MakeTestIssue( |
| project_id=12345, local_id=1, summary='test summary', |
| issue_id=10001, status='New', owner_id=222, reporter_id=222) |
| self.services.issue.TestAddIssue(issue1) |
| self.request['commentId'] = 0 |
| with self.call_should_fail(403): |
| self.call_api('issues_comments_delete', self.request) |
| |
| def testIssuesCommentsDelete_DeleteUndelete(self): |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| issue1 = fake.MakeTestIssue( |
| project_id=12345, local_id=1, summary='test summary', |
| issue_id=10001, status='New', owner_id=222, reporter_id=111) |
| self.services.issue.TestAddIssue(issue1) |
| comment = tracker_pb2.IssueComment( |
| id=123, issue_id=10001, |
| project_id=12345, user_id=111, |
| content='this is a comment', |
| timestamp=1437700000) |
| self.services.issue.TestAddComment(comment, 1) |
| self.request['commentId'] = 1 |
| |
| comments = self.services.issue.GetCommentsForIssue(None, 10001) |
| |
| self.call_api('issues_comments_delete', self.request) |
| self.assertEqual(111, comments[1].deleted_by) |
| |
| self.call_api('issues_comments_undelete', self.request) |
| self.assertIsNone(comments[1].deleted_by) |
| |
| def approvalRequest(self, approval, request_fields=None, comment=None, |
| issue_labels=None): |
| request = {'userId': 'user@example.com', |
| 'requester': 'requester@example.com', |
| 'projectId': 'test-project', |
| 'issueId': 1, |
| 'approvalName': 'Legal-Review', |
| 'sendEmail': False, |
| } |
| if request_fields: |
| request.update(request_fields) |
| |
| self.SetUpFieldDefs( |
| 1, 12345, 'Legal-Review', tracker_pb2.FieldTypes.APPROVAL_TYPE) |
| |
| issue1 = fake.MakeTestIssue( |
| 12345, 1, 'Issue 1', 'New', 222, approval_values=[approval], |
| labels=issue_labels) |
| self.services.issue.TestAddIssue(issue1) |
| |
| self.services.issue.DeltaUpdateIssueApproval = Mock(return_value=comment) |
| |
| self.mock(api_svc_v1.MonorailApi, 'mar_factory', |
| lambda x, y, z: FakeMonorailApiRequest( |
| request, self.services)) |
| return request, issue1 |
| |
| def getFakeComments(self): |
| return [ |
| tracker_pb2.IssueComment( |
| id=123, issue_id=1234501, project_id=12345, user_id=111, |
| content='1st comment', timestamp=1437700000, approval_id=1), |
| tracker_pb2.IssueComment( |
| id=223, issue_id=1234501, project_id=12345, user_id=111, |
| content='2nd comment', timestamp=1437700000, approval_id=2), |
| tracker_pb2.IssueComment( |
| id=323, issue_id=1234501, project_id=12345, user_id=111, |
| content='3rd comment', timestamp=1437700000, approval_id=1, |
| is_description=True), |
| tracker_pb2.IssueComment( |
| id=423, issue_id=1234501, project_id=12345, user_id=111, |
| content='4th comment', timestamp=1437700000)] |
| |
| def testApprovalsCommentsList_NoViewPermission(self): |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| |
| approval = tracker_pb2.ApprovalValue(approval_id=1) |
| request, _issue = self.approvalRequest( |
| approval, issue_labels=['Restrict-View-Google']) |
| |
| with self.call_should_fail(403): |
| self.call_api('approvals_comments_list', request) |
| |
| def testApprovalsCommentsList_NoApprovalFound(self): |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| |
| approval = tracker_pb2.ApprovalValue(approval_id=1) |
| request, _issue = self.approvalRequest(approval) |
| self.config.field_defs = [] # empty field_defs of approval fd |
| |
| with self.call_should_fail(400): |
| self.call_api('approvals_comments_list', request) |
| |
| def testApprovalsCommentsList(self): |
| """Get comments of requested issue approval.""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], project_id=12345) |
| self.services.issue.GetCommentsForIssue = Mock( |
| return_value=self.getFakeComments()) |
| |
| approval = tracker_pb2.ApprovalValue(approval_id=1) |
| request, _issue = self.approvalRequest(approval) |
| |
| response = self.call_api('approvals_comments_list', request).json_body |
| self.assertEqual(response['kind'], 'monorail#approvalCommentList') |
| self.assertEqual(response['totalResults'], 2) |
| self.assertEqual(len(response['items']), 2) |
| |
| def testApprovalsCommentsList_MaxResults(self): |
| """get comments of requested issue approval with maxResults.""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], project_id=12345) |
| self.services.issue.GetCommentsForIssue = Mock( |
| return_value=self.getFakeComments()) |
| |
| approval = tracker_pb2.ApprovalValue(approval_id=1) |
| request, _issue = self.approvalRequest( |
| approval, request_fields={'maxResults': 1}) |
| |
| response = self.call_api('approvals_comments_list', request).json_body |
| self.assertEqual(response['kind'], 'monorail#approvalCommentList') |
| self.assertEqual(response['totalResults'], 2) |
| self.assertEqual(len(response['items']), 1) |
| self.assertEqual(response['items'][0]['content'], '1st comment') |
| |
| @patch('testing.fake.IssueService.GetCommentsForIssue') |
| def testApprovalsCommentsList_StartIndex(self, mockGetComments): |
| """get comments of requested issue approval with maxResults.""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], project_id=12345) |
| mockGetComments.return_value = self.getFakeComments() |
| |
| approval = tracker_pb2.ApprovalValue(approval_id=1) |
| request, _issue = self.approvalRequest( |
| approval, request_fields={'startIndex': 1}) |
| |
| response = self.call_api('approvals_comments_list', request).json_body |
| self.assertEqual(response['kind'], 'monorail#approvalCommentList') |
| self.assertEqual(response['totalResults'], 2) |
| self.assertEqual(len(response['items']), 1) |
| self.assertEqual(response['items'][0]['content'], '3rd comment') |
| |
| def testApprovalsCommentsInsert_NoCommentPermission(self): |
| """No permission to comment on an issue, including approvals.""" |
| |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| access=project_pb2.ProjectAccess.MEMBERS_ONLY, |
| project_id=12345) |
| |
| approval = tracker_pb2.ApprovalValue(approval_id=1) |
| request, _issue = self.approvalRequest(approval) |
| |
| with self.call_should_fail(403): |
| self.call_api('approvals_comments_insert', request) |
| |
| def testApprovalsCommentsInsert_TooLongComment(self): |
| """Too long of a comment when comments on approvals.""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], project_id=12345) |
| |
| approval = tracker_pb2.ApprovalValue(approval_id=1) |
| request, _issue = self.approvalRequest(approval) |
| |
| long_comment = ' ' + 'c' * tracker_constants.MAX_COMMENT_CHARS + ' ' |
| request['content'] = long_comment |
| with self.call_should_fail(400): |
| self.call_api('approvals_comments_insert', request) |
| |
| def testApprovalsCommentsInsert_NoApprovalDefFound(self): |
| """No approval with approvalName found.""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| |
| approval = tracker_pb2.ApprovalValue(approval_id=1) |
| request, _issue = self.approvalRequest(approval) |
| self.config.field_defs = [] |
| |
| with self.call_should_fail(400): |
| self.call_api('approvals_comments_insert', request) |
| |
| # Test wrong field_type is also caught. |
| self.SetUpFieldDefs( |
| 1, 12345, 'Legal-Review', tracker_pb2.FieldTypes.STR_TYPE) |
| with self.call_should_fail(400): |
| self.call_api('approvals_comments_insert', request) |
| |
| def testApprovalscommentsInsert_NoIssueFound(self): |
| """No issue found in project.""" |
| request = {'userId': 'user@example.com', |
| 'requester': 'requester@example.com', |
| 'projectId': 'test-project', |
| 'issueId': 1, |
| 'approvalName': 'Legal-Review', |
| } |
| # No issue created. |
| with self.call_should_fail(400): |
| self.call_api('approvals_comments_insert', request) |
| |
| def testApprovalsCommentsInsert_NoIssueApprovalFound(self): |
| """No approval with the given name found in the issue.""" |
| |
| request = {'userId': 'user@example.com', |
| 'requester': 'requester@example.com', |
| 'projectId': 'test-project', |
| 'issueId': 1, |
| 'approvalName': 'Legal-Review', |
| 'sendEmail': False, |
| } |
| |
| self.SetUpFieldDefs( |
| 1, 12345, 'Legal-Review', tracker_pb2.FieldTypes.APPROVAL_TYPE) |
| |
| # issue 1 does not contain the Legal-Review approval. |
| issue1 = fake.MakeTestIssue(12345, 1, 'Issue 1', 'New', 222) |
| self.services.issue.TestAddIssue(issue1) |
| |
| with self.call_should_fail(400): |
| self.call_api('approvals_comments_insert', request) |
| |
| def testApprovalsCommentsInsert_FieldValueChanges_NotFound(self): |
| """Approval's subfield value not found.""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| approval = tracker_pb2.ApprovalValue(approval_id=1) |
| |
| request, _issue = self.approvalRequest( |
| approval, |
| request_fields={ |
| 'approvalUpdates': { |
| 'fieldValues': [ |
| {'fieldName': 'DoesNotExist', 'fieldValue': 'cow'}] |
| }, |
| }) |
| with self.call_should_fail(400): |
| self.call_api('approvals_comments_insert', request) |
| |
| # Test field belongs to another approval |
| self.config.field_defs.append( |
| tracker_bizobj.MakeFieldDef( |
| 2, 12345, 'DoesNotExist', tracker_pb2.FieldTypes.STR_TYPE, |
| '', '', False, False, False, None, None, None, False, |
| None, '', tracker_pb2.NotifyTriggers.NEVER, 'no_action', |
| 'parent approval is wrong', False, approval_id=4)) |
| with self.call_should_fail(400): |
| self.call_api('approvals_comments_insert', request) |
| |
| @patch('time.time') |
| def testApprovalCommentsInsert_FieldValueChanges(self, mock_time): |
| """Field value changes are properly processed.""" |
| test_time = 6789 |
| mock_time.return_value = test_time |
| comment = tracker_pb2.IssueComment( |
| id=123, issue_id=10001, |
| project_id=12345, user_id=111, |
| content='cows moo', |
| timestamp=143770000) |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], project_id=12345) |
| approval = tracker_pb2.ApprovalValue( |
| approval_id=1, approver_ids=[444]) |
| |
| request, issue = self.approvalRequest( |
| approval, |
| request_fields={'approvalUpdates': { |
| 'fieldValues': [ |
| {'fieldName': 'CowLayerName', 'fieldValue': 'cow'}, |
| {'fieldName': 'CowType', 'fieldValue': 'skim'}, |
| {'fieldName': 'CowType', 'fieldValue': 'milk'}, |
| {'fieldName': 'CowType', 'fieldValue': 'chocolate', |
| 'operator': 'remove'}] |
| }}, |
| comment=comment) |
| self.config.field_defs.extend( |
| [tracker_bizobj.MakeFieldDef( |
| 2, 12345, 'CowLayerName', tracker_pb2.FieldTypes.STR_TYPE, |
| '', '', False, False, False, None, None, None, False, |
| None, '', tracker_pb2.NotifyTriggers.NEVER, 'no_action', |
| 'sub field value of approval 1', False, approval_id=1), |
| tracker_bizobj.MakeFieldDef( |
| 3, 12345, 'CowType', tracker_pb2.FieldTypes.ENUM_TYPE, |
| '', '', False, False, True, None, None, None, False, |
| None, '', tracker_pb2.NotifyTriggers.NEVER, 'no_action', |
| 'enum sub field value of approval 1', False, approval_id=1)]) |
| |
| response = self.call_api('approvals_comments_insert', request).json_body |
| fvs_add = [tracker_bizobj.MakeFieldValue( |
| 2, None, 'cow', None, None, None, False)] |
| labels_add = ['CowType-skim', 'CowType-milk'] |
| labels_remove = ['CowType-chocolate'] |
| approval_delta = tracker_bizobj.MakeApprovalDelta( |
| None, 111, [], [], fvs_add, [], [], |
| labels_add, labels_remove, set_on=test_time) |
| self.services.issue.DeltaUpdateIssueApproval.assert_called_with( |
| None, 111, self.config, issue, approval, approval_delta, |
| comment_content=None, is_description=None) |
| self.assertEqual(response['content'], comment.content) |
| |
| @patch('time.time') |
| def testApprovalsCommentsInsert_StatusChanges_Normal(self, mock_time): |
| test_time = 6789 |
| mock_time.return_value = test_time |
| comment = tracker_pb2.IssueComment( |
| id=123, issue_id=10001, |
| project_id=12345, user_id=111, # requester |
| content='this is a comment', |
| timestamp=1437700000, |
| amendments=[tracker_bizobj.MakeApprovalStatusAmendment( |
| tracker_pb2.ApprovalStatus.REVIEW_REQUESTED)]) |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], project_id=12345) |
| approval = tracker_pb2.ApprovalValue( |
| approval_id=1, approver_ids=[444], |
| status=tracker_pb2.ApprovalStatus.NOT_SET) |
| |
| request, issue = self.approvalRequest( |
| approval, |
| request_fields={'approvalUpdates': {'status': 'reviewRequested'}}, |
| comment=comment) |
| response = self.call_api('approvals_comments_insert', request).json_body |
| approval_delta = tracker_bizobj.MakeApprovalDelta( |
| tracker_pb2.ApprovalStatus.REVIEW_REQUESTED, 111, [], [], [], [], [], |
| [], [], set_on=test_time) |
| self.services.issue.DeltaUpdateIssueApproval.assert_called_with( |
| None, 111, self.config, issue, approval, approval_delta, |
| comment_content=None, is_description=None) |
| |
| self.assertEqual(response['author']['name'], 'requester@example.com') |
| self.assertEqual(response['content'], comment.content) |
| self.assertTrue(response['canDelete']) |
| self.assertEqual(response['approvalUpdates'], |
| {'kind': 'monorail#approvalCommentUpdate', |
| 'status': 'reviewRequested'}) |
| |
| def testApprovalsCommentsInsert_StatusChanges_NoPerms(self): |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| approval = tracker_pb2.ApprovalValue( |
| approval_id=1, approver_ids=[444], |
| status=tracker_pb2.ApprovalStatus.NOT_SET) |
| request, _issue = self.approvalRequest( |
| approval, |
| request_fields={'approvalUpdates': {'status': 'approved'}}) |
| with self.call_should_fail(403): |
| self.call_api('approvals_comments_insert', request) |
| |
| @patch('time.time') |
| def testApprovalsCommentsInsert_StatusChanges_ApproverPerms(self, mock_time): |
| test_time = 6789 |
| mock_time.return_value = test_time |
| comment = tracker_pb2.IssueComment( |
| id=123, issue_id=1234501, |
| project_id=12345, user_id=111, |
| content='this is a comment', |
| timestamp=1437700000, |
| amendments=[tracker_bizobj.MakeApprovalStatusAmendment( |
| tracker_pb2.ApprovalStatus.NOT_APPROVED)]) |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| approval = tracker_pb2.ApprovalValue( |
| approval_id=1, approver_ids=[111], # requester |
| status=tracker_pb2.ApprovalStatus.NOT_SET) |
| request, issue = self.approvalRequest( |
| approval, |
| request_fields={'approvalUpdates': {'status': 'notApproved'}}, |
| comment=comment) |
| response = self.call_api('approvals_comments_insert', request).json_body |
| |
| approval_delta = tracker_bizobj.MakeApprovalDelta( |
| tracker_pb2.ApprovalStatus.NOT_APPROVED, 111, [], [], [], [], [], |
| [], [], set_on=test_time) |
| self.services.issue.DeltaUpdateIssueApproval.assert_called_with( |
| None, 111, self.config, issue, approval, approval_delta, |
| comment_content=None, is_description=None) |
| self.assertEqual(response['author']['name'], 'requester@example.com') |
| self.assertEqual(response['content'], comment.content) |
| self.assertTrue(response['canDelete']) |
| self.assertEqual(response['approvalUpdates'], |
| {'kind': 'monorail#approvalCommentUpdate', |
| 'status': 'notApproved'}) |
| |
| def testApprovalsCommentsInsert_ApproverChanges_NoPerms(self): |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| |
| approval = tracker_pb2.ApprovalValue( |
| approval_id=1, approver_ids=[444], |
| status=tracker_pb2.ApprovalStatus.NOT_SET) |
| request, _issue = self.approvalRequest( |
| approval, |
| request_fields={'approvalUpdates': {'approvers': 'someone@test.com'}}) |
| with self.call_should_fail(403): |
| self.call_api('approvals_comments_insert', request) |
| |
| @patch('time.time') |
| def testApprovalsCommentsInsert_ApproverChanges_ApproverPerms( |
| self, mock_time): |
| test_time = 6789 |
| mock_time.return_value = test_time |
| comment = tracker_pb2.IssueComment( |
| id=123, issue_id=1234501, |
| project_id=12345, user_id=111, |
| content='this is a comment', |
| timestamp=1437700000, |
| amendments=[tracker_bizobj.MakeApprovalApproversAmendment( |
| [222], [123])]) |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| |
| approval = tracker_pb2.ApprovalValue( |
| approval_id=1, approver_ids=[111], # requester |
| status=tracker_pb2.ApprovalStatus.NOT_SET) |
| request, issue = self.approvalRequest( |
| approval, |
| request_fields={ |
| 'approvalUpdates': |
| {'approvers': ['user@example.com', '-group@example.com']}}, |
| comment=comment) |
| response = self.call_api('approvals_comments_insert', request).json_body |
| |
| approval_delta = tracker_bizobj.MakeApprovalDelta( |
| None, 111, [222], [123], [], [], [], [], [], set_on=test_time) |
| self.services.issue.DeltaUpdateIssueApproval.assert_called_with( |
| None, 111, self.config, issue, approval, approval_delta, |
| comment_content=None, is_description=None) |
| self.assertEqual(response['author']['name'], 'requester@example.com') |
| self.assertEqual(response['content'], comment.content) |
| self.assertTrue(response['canDelete']) |
| self.assertEqual(response['approvalUpdates'], |
| {'kind': 'monorail#approvalCommentUpdate', |
| 'approvers': ['user@example.com', '-group@example.com']}) |
| |
| @patch('time.time') |
| def testApprovalsCommentsInsert_IsSurvey(self, mock_time): |
| test_time = 6789 |
| mock_time.return_value = test_time |
| comment = tracker_pb2.IssueComment( |
| id=123, issue_id=10001, |
| project_id=12345, user_id=111, |
| content='this is a comment', |
| timestamp=1437700000) |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| |
| approval = tracker_pb2.ApprovalValue( |
| approval_id=1, approver_ids=[111], # requester |
| status=tracker_pb2.ApprovalStatus.NOT_SET) |
| request, issue = self.approvalRequest( |
| approval, |
| request_fields={'content': 'updated survey', 'is_description': True}, |
| comment=comment) |
| response = self.call_api('approvals_comments_insert', request).json_body |
| |
| approval_delta = tracker_bizobj.MakeApprovalDelta( |
| None, 111, [], [], [], [], [], [], [], set_on=test_time) |
| self.services.issue.DeltaUpdateIssueApproval.assert_called_with( |
| None, 111, self.config, issue, approval, approval_delta, |
| comment_content='updated survey', is_description=True) |
| self.assertEqual(response['author']['name'], 'requester@example.com') |
| self.assertTrue(response['canDelete']) |
| |
| @patch('time.time') |
| @patch('features.send_notifications.PrepareAndSendApprovalChangeNotification') |
| def testApprovalsCommentsInsert_SendEmail( |
| self, mockPrepareAndSend, mock_time,): |
| test_time = 6789 |
| mock_time.return_value = test_time |
| comment = tracker_pb2.IssueComment( |
| id=123, issue_id=10001, |
| project_id=12345, user_id=111, |
| content='this is a comment', |
| timestamp=1437700000) |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| |
| approval = tracker_pb2.ApprovalValue( |
| approval_id=1, approver_ids=[111], # requester |
| status=tracker_pb2.ApprovalStatus.NOT_SET) |
| request, issue = self.approvalRequest( |
| approval, |
| request_fields={'content': comment.content, 'sendEmail': True}, |
| comment=comment) |
| |
| response = self.call_api('approvals_comments_insert', request).json_body |
| |
| mockPrepareAndSend.assert_called_with( |
| issue.issue_id, approval.approval_id, ANY, comment.id, send_email=True) |
| |
| approval_delta = tracker_bizobj.MakeApprovalDelta( |
| None, 111, [], [], [], [], [], [], [], set_on=test_time) |
| self.services.issue.DeltaUpdateIssueApproval.assert_called_with( |
| None, 111, self.config, issue, approval, approval_delta, |
| comment_content=comment.content, is_description=None) |
| self.assertEqual(response['author']['name'], 'requester@example.com') |
| self.assertTrue(response['canDelete']) |
| |
| def testGroupsSettingsList_AllSettings(self): |
| resp = self.call_api('groups_settings_list', self.request).json_body |
| all_settings = resp['groupSettings'] |
| self.assertEqual(1, len(all_settings)) |
| self.assertEqual('group@example.com', all_settings[0]['groupName']) |
| |
| def testGroupsSettingsList_ImportedSettings(self): |
| self.services.user.TestAddUser('imported@example.com', 234) |
| self.services.usergroup.TestAddGroupSettings( |
| 234, 'imported@example.com', external_group_type='mdb') |
| self.request['importedGroupsOnly'] = True |
| resp = self.call_api('groups_settings_list', self.request).json_body |
| all_settings = resp['groupSettings'] |
| self.assertEqual(1, len(all_settings)) |
| self.assertEqual('imported@example.com', all_settings[0]['groupName']) |
| |
| def testGroupsCreate_NoPermission(self): |
| self.request['groupName'] = 'group' |
| with self.call_should_fail(403): |
| self.call_api('groups_create', self.request) |
| |
| def SetUpGroupRequest( |
| self, |
| group_name, |
| who_can_view_members='MEMBERS', |
| ext_group_type='CHROME_INFRA_AUTH', |
| perms=None, |
| requester='requester@example.com'): |
| request = { |
| 'groupName': group_name, |
| 'requester': requester, |
| 'who_can_view_members': who_can_view_members, |
| 'ext_group_type': ext_group_type} |
| self.request.pop("userId", None) |
| self.mock(api_svc_v1.MonorailApi, 'mar_factory', |
| lambda x, y, z: FakeMonorailApiRequest( |
| request, self.services, perms=perms)) |
| return request |
| |
| def testGroupsCreate_Normal(self): |
| request = self.SetUpGroupRequest('newgroup@example.com', 'MEMBERS', |
| 'MDB', permissions.ADMIN_PERMISSIONSET) |
| |
| resp = self.call_api('groups_create', request).json_body |
| self.assertIn('groupID', resp) |
| |
| def testGroupsGet_NoPermission(self): |
| request = self.SetUpGroupRequest('group@example.com') |
| with self.call_should_fail(403): |
| self.call_api('groups_get', request) |
| |
| def testGroupsGet_Normal(self): |
| request = self.SetUpGroupRequest('group@example.com', |
| perms=permissions.ADMIN_PERMISSIONSET) |
| self.services.usergroup.TestAddMembers(123, [111], 'member') |
| self.services.usergroup.TestAddMembers(123, [222], 'owner') |
| resp = self.call_api('groups_get', request).json_body |
| self.assertEqual(123, resp['groupID']) |
| self.assertEqual(['requester@example.com'], resp['groupMembers']) |
| self.assertEqual(['user@example.com'], resp['groupOwners']) |
| self.assertEqual('group@example.com', resp['groupSettings']['groupName']) |
| |
| def testGroupsUpdate_NoPermission(self): |
| request = self.SetUpGroupRequest('group@example.com') |
| with self.call_should_fail(403): |
| self.call_api('groups_update', request) |
| |
| def testGroupsUpdate_Normal(self): |
| request = self.SetUpGroupRequest('group@example.com') |
| request = self.SetUpGroupRequest('group@example.com', |
| perms=permissions.ADMIN_PERMISSIONSET) |
| request['last_sync_time'] = 123456789 |
| request['groupOwners'] = ['requester@example.com'] |
| request['groupMembers'] = ['user@example.com'] |
| resp = self.call_api('groups_update', request).json_body |
| self.assertFalse(resp.get('error')) |
| |
| def testComponentsList(self): |
| """Get components for a project.""" |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| self.SetUpComponents(12345, 1, 'API') |
| resp = self.call_api('components_list', self.request).json_body |
| |
| self.assertEqual(1, len(resp['components'])) |
| cd = resp['components'][0] |
| self.assertEqual(1, cd['componentId']) |
| self.assertEqual('API', cd['componentPath']) |
| self.assertEqual(1, cd['componentId']) |
| self.assertEqual('test-project', cd['projectName']) |
| |
| def testComponentsCreate_NoPermission(self): |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| self.SetUpComponents(12345, 1, 'API') |
| |
| cd_dict = { |
| 'componentName': 'Test'} |
| self.request.update(cd_dict) |
| |
| with self.call_should_fail(403): |
| self.call_api('components_create', self.request) |
| |
| def testComponentsCreate_Invalid(self): |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[111], |
| project_id=12345) |
| self.SetUpComponents(12345, 1, 'API') |
| |
| # Component with invalid name |
| cd_dict = { |
| 'componentName': 'c>d>e'} |
| self.request.update(cd_dict) |
| with self.call_should_fail(400): |
| self.call_api('components_create', self.request) |
| |
| # Name already in use |
| cd_dict = { |
| 'componentName': 'API'} |
| self.request.update(cd_dict) |
| with self.call_should_fail(400): |
| self.call_api('components_create', self.request) |
| |
| # Parent component does not exist |
| cd_dict = { |
| 'componentName': 'test', |
| 'parentPath': 'NotExist'} |
| self.request.update(cd_dict) |
| with self.call_should_fail(404): |
| self.call_api('components_create', self.request) |
| |
| |
| def testComponentsCreate_Normal(self): |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[111], |
| project_id=12345) |
| self.SetUpComponents(12345, 1, 'API') |
| |
| cd_dict = { |
| 'componentName': 'Test', |
| 'description': 'test comp', |
| 'cc': ['requester@example.com', ''] |
| } |
| self.request.update(cd_dict) |
| |
| resp = self.call_api('components_create', self.request).json_body |
| self.assertEqual('test comp', resp['description']) |
| self.assertEqual('requester@example.com', resp['creator']) |
| self.assertEqual([u'requester@example.com'], resp['cc']) |
| self.assertEqual('Test', resp['componentPath']) |
| |
| cd_dict = { |
| 'componentName': 'TestChild', |
| 'parentPath': 'API'} |
| self.request.update(cd_dict) |
| resp = self.call_api('components_create', self.request).json_body |
| |
| self.assertEqual('API>TestChild', resp['componentPath']) |
| |
| def testComponentsDelete_Invalid(self): |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| self.SetUpComponents(12345, 1, 'API') |
| |
| # Fail to delete a non-existent component |
| cd_dict = { |
| 'componentPath': 'NotExist'} |
| self.request.update(cd_dict) |
| with self.call_should_fail(404): |
| self.call_api('components_delete', self.request) |
| |
| # The user has no permission to delete component |
| cd_dict = { |
| 'componentPath': 'API'} |
| self.request.update(cd_dict) |
| with self.call_should_fail(403): |
| self.call_api('components_delete', self.request) |
| |
| # The user tries to delete component that had subcomponents |
| self.services.project.TestAddProject( |
| 'test-project2', owner_ids=[111], |
| project_id=123456) |
| self.SetUpComponents(123456, 1, 'Parent') |
| self.SetUpComponents(123456, 2, 'Parent>Child') |
| cd_dict = { |
| 'componentPath': 'Parent', |
| 'projectId': 'test-project2',} |
| self.request.update(cd_dict) |
| with self.call_should_fail(403): |
| self.call_api('components_delete', self.request) |
| |
| def testComponentsDelete_Normal(self): |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[111], |
| project_id=12345) |
| self.SetUpComponents(12345, 1, 'API') |
| |
| cd_dict = { |
| 'componentPath': 'API'} |
| self.request.update(cd_dict) |
| with self.assertWarns(webtest.lint.WSGIWarning): |
| _ = self.call_api('components_delete', self.request) |
| self.assertEqual(0, len(self.config.component_defs)) |
| |
| def testComponentsUpdate_Invalid(self): |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[222], |
| project_id=12345) |
| self.SetUpComponents(12345, 1, 'API') |
| self.SetUpComponents(12345, 2, 'Test', admin_ids=[111]) |
| |
| # Fail to update a non-existent component |
| cd_dict = { |
| 'componentPath': 'NotExist'} |
| self.request.update(cd_dict) |
| with self.call_should_fail(404): |
| self.call_api('components_update', self.request) |
| |
| # The user has no permission to edit component |
| cd_dict = { |
| 'componentPath': 'API'} |
| self.request.update(cd_dict) |
| with self.call_should_fail(403): |
| self.call_api('components_update', self.request) |
| |
| # The user tries an invalid component name |
| cd_dict = { |
| 'componentPath': 'Test', |
| 'updates': [{'field': 'LEAF_NAME', 'leafName': 'c>e'}]} |
| self.request.update(cd_dict) |
| with self.call_should_fail(400): |
| self.call_api('components_update', self.request) |
| |
| # The user tries a name already in use |
| cd_dict = { |
| 'componentPath': 'Test', |
| 'updates': [{'field': 'LEAF_NAME', 'leafName': 'API'}]} |
| self.request.update(cd_dict) |
| with self.call_should_fail(400): |
| self.call_api('components_update', self.request) |
| |
| def testComponentsUpdate_Normal(self): |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[111], |
| project_id=12345) |
| self.SetUpComponents(12345, 1, 'API') |
| self.SetUpComponents(12345, 2, 'Parent') |
| self.SetUpComponents(12345, 3, 'Parent>Child') |
| |
| cd_dict = { |
| 'componentPath': 'API', |
| 'updates': [ |
| {'field': 'DESCRIPTION', 'description': ''}, |
| {'field': 'CC', 'cc': [ |
| 'requester@example.com', 'user@example.com', '', ' ']}, |
| {'field': 'DEPRECATED', 'deprecated': True}]} |
| self.request.update(cd_dict) |
| with self.assertWarns(webtest.lint.WSGIWarning): |
| _ = self.call_api('components_update', self.request) |
| component_def = tracker_bizobj.FindComponentDef( |
| 'API', self.config) |
| self.assertIsNotNone(component_def) |
| self.assertEqual('', component_def.docstring) |
| six.assertCountEqual(self, [111, 222], component_def.cc_ids) |
| self.assertTrue(component_def.deprecated) |
| |
| cd_dict = { |
| 'componentPath': 'Parent', |
| 'updates': [ |
| {'field': 'LEAF_NAME', 'leafName': 'NewParent'}]} |
| self.request.update(cd_dict) |
| with self.assertWarns(webtest.lint.WSGIWarning): |
| _ = self.call_api('components_update', self.request) |
| cd_parent = tracker_bizobj.FindComponentDef( |
| 'NewParent', self.config) |
| cd_child = tracker_bizobj.FindComponentDef( |
| 'NewParent>Child', self.config) |
| self.assertIsNotNone(cd_parent) |
| self.assertIsNotNone(cd_child) |
| |
| |
| class RequestMock(object): |
| |
| def __init__(self): |
| self.projectId = None |
| self.issueId = None |
| |
| |
| class RequesterMock(object): |
| |
| def __init__(self, email=None): |
| self._email = email |
| |
| def email(self): |
| return self._email |
| |
| |
| class AllBaseChecksTest(unittest.TestCase): |
| |
| def setUp(self): |
| self.services = MakeFakeServiceManager() |
| self.services.user.TestAddUser('test@example.com', 111) |
| self.user_2 = self.services.user.TestAddUser('test@google.com', 222) |
| self.services.project.TestAddProject( |
| 'test-project', owner_ids=[111], project_id=123, |
| access=project_pb2.ProjectAccess.MEMBERS_ONLY) |
| self.auth_client_ids = ['123456789.apps.googleusercontent.com'] |
| oauth.get_client_id = Mock(return_value=self.auth_client_ids[0]) |
| oauth.get_current_user = Mock( |
| return_value=RequesterMock(email='test@example.com')) |
| oauth.get_authorized_scopes = Mock() |
| |
| def testUnauthorizedRequester(self): |
| with self.assertRaises(endpoints.UnauthorizedException): |
| api_svc_v1.api_base_checks(None, None, None, None, [], []) |
| |
| def testNoUser(self): |
| requester = RequesterMock(email='notexist@example.com') |
| with self.assertRaises(exceptions.NoSuchUserException): |
| api_svc_v1.api_base_checks( |
| None, requester, self.services, None, self.auth_client_ids, []) |
| |
| def testAllowedDomain_MonorailScope(self): |
| oauth.get_authorized_scopes.return_value = [ |
| framework_constants.MONORAIL_SCOPE] |
| oauth.get_current_user.return_value = RequesterMock( |
| email=self.user_2.email) |
| allowlisted_client_ids = [] |
| allowlisted_emails = [] |
| client_id, email = api_svc_v1.api_base_checks( |
| None, None, self.services, None, allowlisted_client_ids, |
| allowlisted_emails) |
| self.assertEqual(client_id, self.auth_client_ids[0]) |
| self.assertEqual(email, self.user_2.email) |
| |
| def testAllowedDomain_NoMonorailScope(self): |
| oauth.get_authorized_scopes.return_value = [] |
| oauth.get_current_user.return_value = RequesterMock( |
| email=self.user_2.email) |
| allowlisted_client_ids = [] |
| allowlisted_emails = [] |
| with self.assertRaises(endpoints.UnauthorizedException): |
| api_svc_v1.api_base_checks( |
| None, None, self.services, None, allowlisted_client_ids, |
| allowlisted_emails) |
| |
| def testAllowedDomain_BadEmail(self): |
| oauth.get_authorized_scopes.return_value = [ |
| framework_constants.MONORAIL_SCOPE] |
| oauth.get_current_user.return_value = RequesterMock( |
| email='chicken@chicken.test') |
| allowlisted_client_ids = [] |
| allowlisted_emails = [] |
| self.services.user.TestAddUser('chicken@chicken.test', 333) |
| with self.assertRaises(endpoints.UnauthorizedException): |
| api_svc_v1.api_base_checks( |
| None, None, self.services, None, allowlisted_client_ids, |
| allowlisted_emails) |
| |
| def testNoOauthUser(self): |
| oauth.get_current_user.side_effect = oauth.Error() |
| with self.assertRaises(endpoints.UnauthorizedException): |
| api_svc_v1.api_base_checks( |
| None, None, self.services, None, [], []) |
| |
| def testBannedUser(self): |
| banned_email = 'banned@example.com' |
| self.services.user.TestAddUser(banned_email, 222, banned=True) |
| requester = RequesterMock(email=banned_email) |
| with self.assertRaises(permissions.BannedUserException): |
| api_svc_v1.api_base_checks( |
| None, requester, self.services, None, self.auth_client_ids, []) |
| |
| def testNoProject(self): |
| request = RequestMock() |
| request.projectId = 'notexist-project' |
| requester = RequesterMock(email='test@example.com') |
| with self.assertRaises(exceptions.NoSuchProjectException): |
| api_svc_v1.api_base_checks( |
| request, requester, self.services, None, self.auth_client_ids, []) |
| |
| def testNonLiveProject(self): |
| archived_project = 'archived-project' |
| self.services.project.TestAddProject( |
| archived_project, owner_ids=[111], |
| state=project_pb2.ProjectState.ARCHIVED) |
| request = RequestMock() |
| request.projectId = archived_project |
| requester = RequesterMock(email='test@example.com') |
| with self.assertRaises(permissions.PermissionException): |
| api_svc_v1.api_base_checks( |
| request, requester, self.services, None, self.auth_client_ids, []) |
| |
| def testNonLiveMigratedProject(self): |
| archived_project = 'archived-migrated-project' |
| redirect_utils.PROJECT_REDIRECT_MAP = { |
| 'archived-migrated-project': 'https://example.dev' |
| } |
| self.services.project.TestAddProject( |
| archived_project, |
| owner_ids=[111], |
| state=project_pb2.ProjectState.ARCHIVED) |
| request = RequestMock() |
| request.projectId = archived_project |
| requester = RequesterMock(email='test@example.com') |
| api_svc_v1.api_base_checks( |
| request, requester, self.services, None, self.auth_client_ids, []) |
| |
| def testNoViewProjectPermission(self): |
| nonmember_email = 'nonmember@example.com' |
| self.services.user.TestAddUser(nonmember_email, 222) |
| requester = RequesterMock(email=nonmember_email) |
| request = RequestMock() |
| request.projectId = 'test-project' |
| with self.assertRaises(permissions.PermissionException): |
| api_svc_v1.api_base_checks( |
| request, requester, self.services, None, self.auth_client_ids, []) |
| |
| def testAllPass(self): |
| requester = RequesterMock(email='test@example.com') |
| request = RequestMock() |
| request.projectId = 'test-project' |
| api_svc_v1.api_base_checks( |
| request, requester, self.services, None, self.auth_client_ids, []) |
| |
| def testNoIssue(self): |
| requester = RequesterMock(email='test@example.com') |
| request = RequestMock() |
| request.projectId = 'test-project' |
| request.issueId = 12345 |
| with self.assertRaises(exceptions.NoSuchIssueException): |
| api_svc_v1.api_base_checks( |
| request, requester, self.services, None, self.auth_client_ids, []) |
| |
| def testNoViewIssuePermission(self): |
| requester = RequesterMock(email='test@example.com') |
| request = RequestMock() |
| request.projectId = 'test-project' |
| request.issueId = 1 |
| issue1 = fake.MakeTestIssue( |
| project_id=123, local_id=1, summary='test summary', |
| status='New', owner_id=111, reporter_id=111) |
| issue1.deleted = True |
| self.services.issue.TestAddIssue(issue1) |
| with self.assertRaises(permissions.PermissionException): |
| api_svc_v1.api_base_checks( |
| request, requester, self.services, None, self.auth_client_ids, []) |
| |
| def testAnonymousClients(self): |
| # Some clients specifically pass "anonymous" as the client ID. |
| oauth.get_client_id = Mock(return_value='anonymous') |
| requester = RequesterMock(email='test@example.com') |
| request = RequestMock() |
| request.projectId = 'test-project' |
| api_svc_v1.api_base_checks( |
| request, requester, self.services, None, [], ['test@example.com']) |
| |
| # Any client_id is OK if the email is allowlisted. |
| oauth.get_client_id = Mock(return_value='anything') |
| api_svc_v1.api_base_checks( |
| request, requester, self.services, None, [], ['test@example.com']) |
| |
| # Reject request when neither client ID nor email is allowlisted. |
| with self.assertRaises(endpoints.UnauthorizedException): |
| api_svc_v1.api_base_checks( |
| request, requester, self.services, None, [], []) |