blob: 59052345a76a72ce479c61d49ad797a2770f7c0c [file] [log] [blame]
Copybara854996b2021-09-07 19:36:02 +00001# Copyright 2018 The Chromium Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style
3# license that can be found in the LICENSE file or at
4# https://developers.google.com/open-source/licenses/bsd
5
6"""Unit tests for monorail.search.search_helpers."""
7from __future__ import print_function
8from __future__ import division
9from __future__ import absolute_import
10
11import mox
12import unittest
13
14from search import search_helpers
15
16from google.appengine.ext import testbed
17from framework import permissions
18from framework import sql
19from proto import user_pb2
20from services import chart_svc
21from services import service_manager
22from testing import fake
23
24
25def MakeChartService(my_mox, config):
26 chart_service = chart_svc.ChartService(config)
27 for table_var in ['issuesnapshot_tbl', 'labeldef_tbl']:
28 setattr(chart_service, table_var, my_mox.CreateMock(sql.SQLTableManager))
29 return chart_service
30
31
32class SearchHelpersTest(unittest.TestCase):
33 """Tests for functions in search_helpers.
34
35 Also covered by search.backendnonviewable.GetAtRiskIIDs cases.
36 """
37
38 def setUp(self):
39 self.testbed = testbed.Testbed()
40 self.testbed.activate()
41 self.testbed.init_memcache_stub()
42
43 self.mox = mox.Mox()
44 self.cnxn = self.mox.CreateMock(sql.MonorailConnection)
45 self.services = service_manager.Services()
46 self.services.chart = MakeChartService(self.mox, self.services.config)
47 self.config_service = fake.ConfigService()
48 self.user = user_pb2.User()
49
50 def testGetPersonalAtRiskLabelIDs_ReadOnly(self):
51 """Test returns risky IDs a read-only user cannot access."""
52 self.mox.StubOutWithMock(self.config_service, 'GetLabelDefRowsAnyProject')
53 self.config_service.GetLabelDefRowsAnyProject(
54 self.cnxn, where=[('LOWER(label) LIKE %s', ['restrict-view-%'])]
55 ).AndReturn([
56 (123, 789, 0, 'Restrict-View-Google', 'docstring', 0),
57 (124, 789, 0, 'Restrict-View-SecurityTeam', 'docstring', 0),
58 ])
59
60 self.mox.ReplayAll()
61 ids = search_helpers.GetPersonalAtRiskLabelIDs(
62 self.cnxn,
63 self.user,
64 self.config_service,
65 effective_ids=[10, 20],
66 project=fake.Project(project_id=789),
67 perms=permissions.READ_ONLY_PERMISSIONSET)
68 self.mox.VerifyAll()
69
70 self.assertEqual(ids, [123, 124])
71
72 def testGetPersonalAtRiskLabelIDs_LoggedInUser(self):
73 """Test returns restricted label IDs a logged in user cannot access."""
74 self.mox.StubOutWithMock(self.config_service, 'GetLabelDefRowsAnyProject')
75 self.config_service.GetLabelDefRowsAnyProject(
76 self.cnxn, where=[('LOWER(label) LIKE %s', ['restrict-view-%'])]
77 ).AndReturn([
78 (123, 789, 0, 'Restrict-View-Google', 'docstring', 0),
79 (124, 789, 0, 'Restrict-View-SecurityTeam', 'docstring', 0),
80 ])
81
82 self.mox.ReplayAll()
83 ids = search_helpers.GetPersonalAtRiskLabelIDs(
84 self.cnxn,
85 self.user,
86 self.config_service,
87 effective_ids=[10, 20],
88 project=fake.Project(project_id=789),
89 perms=permissions.USER_PERMISSIONSET)
90 self.mox.VerifyAll()
91
92 self.assertEqual(ids, [123, 124])
93
94 def testGetPersonalAtRiskLabelIDs_UserWithRVG(self):
95 """Test returns restricted label IDs a logged in user cannot access."""
96 self.mox.StubOutWithMock(self.config_service, 'GetLabelDefRowsAnyProject')
97 self.config_service.GetLabelDefRowsAnyProject(
98 self.cnxn, where=[('LOWER(label) LIKE %s', ['restrict-view-%'])]
99 ).AndReturn([
100 (123, 789, 0, 'Restrict-View-Google', 'docstring', 0),
101 (124, 789, 0, 'Restrict-View-SecurityTeam', 'docstring', 0),
102 ])
103
104 self.mox.ReplayAll()
105 perms = permissions.PermissionSet(['Google'])
106 ids = search_helpers.GetPersonalAtRiskLabelIDs(
107 self.cnxn,
108 self.user,
109 self.config_service,
110 effective_ids=[10, 20],
111 project=fake.Project(project_id=789),
112 perms=perms)
113 self.mox.VerifyAll()
114
115 self.assertEqual(ids, [124])
116
117 def testGetPersonalAtRiskLabelIDs_Admin(self):
118 """Test returns nothing for an admin (who can view everything)."""
119 self.user.is_site_admin = True
120 self.mox.ReplayAll()
121 ids = search_helpers.GetPersonalAtRiskLabelIDs(
122 self.cnxn,
123 self.user,
124 self.config_service,
125 effective_ids=[10, 20],
126 project=fake.Project(project_id=789),
127 perms=permissions.ADMIN_PERMISSIONSET)
128 self.mox.VerifyAll()
129
130 self.assertEqual(ids, [])