| Copybara | 854996b | 2021-09-07 19:36:02 +0000 | [diff] [blame] | 1 | # Copyright 2020 The Chromium Authors. All rights reserved. |
| 2 | # Use of this source code is governed by a BSD-style |
| 3 | # license that can be found in the LICENSE file. |
| 4 | """Tests for the permissions servicer.""" |
| 5 | from __future__ import print_function |
| 6 | from __future__ import division |
| 7 | from __future__ import absolute_import |
| 8 | |
| 9 | import unittest |
| 10 | |
| 11 | from api.v3 import permission_converters as pc |
| 12 | from api.v3 import permissions_servicer |
| 13 | from api.v3.api_proto import permissions_pb2 |
| 14 | from api.v3.api_proto import permission_objects_pb2 |
| 15 | from framework import exceptions |
| 16 | from framework import monorailcontext |
| 17 | from framework import permissions |
| 18 | from testing import fake |
| 19 | from services import features_svc |
| 20 | from services import service_manager |
| 21 | |
| 22 | |
| 23 | class PermissionsServicerTest(unittest.TestCase): |
| 24 | |
| 25 | def setUp(self): |
| 26 | self.cnxn = fake.MonorailConnection() |
| 27 | self.services = service_manager.Services( |
| 28 | features=fake.FeaturesService(), |
| 29 | issue=fake.IssueService(), |
| 30 | project=fake.ProjectService(), |
| 31 | config=fake.ConfigService(), |
| 32 | user=fake.UserService(), |
| 33 | usergroup=fake.UserGroupService()) |
| 34 | self.project = self.services.project.TestAddProject( |
| 35 | 'proj', project_id=789, committer_ids=[111]) |
| 36 | self.permissions_svcr = permissions_servicer.PermissionsServicer( |
| 37 | self.services, make_rate_limiter=False) |
| 38 | self.user_1 = self.services.user.TestAddUser('goose_1@example.com', 111) |
| 39 | self.hotlist_1 = self.services.features.TestAddHotlist( |
| 40 | 'ThingsToBreak', owner_ids=[self.user_1.user_id]) |
| 41 | self.services.config.CreateFieldDef( |
| 42 | self.cnxn, self.project.project_id, 'Field_1', 'STR_TYPE', None, None, |
| 43 | None, None, None, None, None, None, None, None, None, None, None, None, |
| 44 | [], []) |
| 45 | self.config = self.services.config.GetProjectConfig( |
| 46 | self.cnxn, self.project.project_id) |
| 47 | |
| 48 | def CallWrapped(self, wrapped_handler, *args, **kwargs): |
| 49 | return wrapped_handler.wrapped(self.permissions_svcr, *args, **kwargs) |
| 50 | |
| 51 | def testBatchGetPermissionSets_Hotlist(self): |
| 52 | """We can batch get PermissionSets for hotlists.""" |
| 53 | hotlist_1_name = 'hotlists/%s' % self.hotlist_1.hotlist_id |
| 54 | request = permissions_pb2.BatchGetPermissionSetsRequest( |
| 55 | names=[hotlist_1_name]) |
| 56 | mc = monorailcontext.MonorailContext( |
| 57 | self.services, cnxn=self.cnxn, requester=self.user_1.email) |
| 58 | mc.LookupLoggedInUserPerms(None) |
| 59 | response = self.CallWrapped( |
| 60 | self.permissions_svcr.BatchGetPermissionSets, mc, request) |
| 61 | |
| 62 | expected_permission_sets = [ |
| 63 | permission_objects_pb2.PermissionSet( |
| 64 | resource=hotlist_1_name, |
| 65 | permissions=[ |
| 66 | permission_objects_pb2.Permission.Value('HOTLIST_ADMINISTER'), |
| 67 | permission_objects_pb2.Permission.Value('HOTLIST_EDIT'), |
| 68 | ]) |
| 69 | ] |
| 70 | self.assertEqual( |
| 71 | response, |
| 72 | permissions_pb2.BatchGetPermissionSetsResponse( |
| 73 | permission_sets=expected_permission_sets)) |
| 74 | |
| 75 | def testBatchGetPermissionSets_FieldDef(self): |
| 76 | """We can batch get PermissionSets for fields.""" |
| 77 | field = self.config.field_defs[0] |
| 78 | field_1_name = 'projects/%s/fieldDefs/%s' % ( |
| 79 | self.project.project_name, field.field_id) |
| 80 | request = permissions_pb2.BatchGetPermissionSetsRequest( |
| 81 | names=[field_1_name]) |
| 82 | mc = monorailcontext.MonorailContext( |
| 83 | self.services, cnxn=self.cnxn, requester=self.user_1.email) |
| 84 | mc.LookupLoggedInUserPerms(self.project) |
| 85 | response = self.CallWrapped( |
| 86 | self.permissions_svcr.BatchGetPermissionSets, mc, request) |
| 87 | |
| 88 | expected_permission_sets = [ |
| 89 | permission_objects_pb2.PermissionSet( |
| 90 | resource=field_1_name, |
| 91 | permissions=[ |
| 92 | permission_objects_pb2.Permission.Value('FIELD_DEF_VALUE_EDIT'), |
| 93 | ]) |
| 94 | ] |
| 95 | self.assertEqual( |
| 96 | response, |
| 97 | permissions_pb2.BatchGetPermissionSetsResponse( |
| 98 | permission_sets=expected_permission_sets)) |
| 99 | |
| 100 | # Each case of recognized resource name is tested in testBatchGetPermissions. |
| 101 | def testGetPermissionSet_InvalidName(self): |
| 102 | """We raise exception when the resource name is unrecognized.""" |
| 103 | we = None |
| 104 | with self.assertRaises(exceptions.InputException): |
| 105 | self.permissions_svcr._GetPermissionSet(self.cnxn, we, 'goose/honk') |