Adrià Vilanova Martínez | f19ea43 | 2024-01-23 20:20:52 +0100 | [diff] [blame] | 1 | # Copyright 2018 The Chromium Authors |
| 2 | # Use of this source code is governed by a BSD-style license that can be |
| 3 | # found in the LICENSE file. |
Copybara | 854996b | 2021-09-07 19:36:02 +0000 | [diff] [blame] | 4 | |
| 5 | """Unit tests for monorail.search.search_helpers.""" |
| 6 | from __future__ import print_function |
| 7 | from __future__ import division |
| 8 | from __future__ import absolute_import |
| 9 | |
Adrià Vilanova Martínez | 9f9ade5 | 2022-10-10 23:20:11 +0200 | [diff] [blame] | 10 | try: |
| 11 | from mox3 import mox |
| 12 | except ImportError: |
| 13 | import mox |
Copybara | 854996b | 2021-09-07 19:36:02 +0000 | [diff] [blame] | 14 | import unittest |
| 15 | |
| 16 | from search import search_helpers |
| 17 | |
| 18 | from google.appengine.ext import testbed |
| 19 | from framework import permissions |
| 20 | from framework import sql |
Adrià Vilanova Martínez | f19ea43 | 2024-01-23 20:20:52 +0100 | [diff] [blame] | 21 | from mrproto import user_pb2 |
Copybara | 854996b | 2021-09-07 19:36:02 +0000 | [diff] [blame] | 22 | from services import chart_svc |
| 23 | from services import service_manager |
| 24 | from testing import fake |
| 25 | |
| 26 | |
| 27 | def MakeChartService(my_mox, config): |
| 28 | chart_service = chart_svc.ChartService(config) |
| 29 | for table_var in ['issuesnapshot_tbl', 'labeldef_tbl']: |
| 30 | setattr(chart_service, table_var, my_mox.CreateMock(sql.SQLTableManager)) |
| 31 | return chart_service |
| 32 | |
| 33 | |
| 34 | class SearchHelpersTest(unittest.TestCase): |
| 35 | """Tests for functions in search_helpers. |
| 36 | |
| 37 | Also covered by search.backendnonviewable.GetAtRiskIIDs cases. |
| 38 | """ |
| 39 | |
| 40 | def setUp(self): |
| 41 | self.testbed = testbed.Testbed() |
| 42 | self.testbed.activate() |
| 43 | self.testbed.init_memcache_stub() |
| 44 | |
| 45 | self.mox = mox.Mox() |
| 46 | self.cnxn = self.mox.CreateMock(sql.MonorailConnection) |
| 47 | self.services = service_manager.Services() |
| 48 | self.services.chart = MakeChartService(self.mox, self.services.config) |
| 49 | self.config_service = fake.ConfigService() |
| 50 | self.user = user_pb2.User() |
| 51 | |
| 52 | def testGetPersonalAtRiskLabelIDs_ReadOnly(self): |
| 53 | """Test returns risky IDs a read-only user cannot access.""" |
| 54 | self.mox.StubOutWithMock(self.config_service, 'GetLabelDefRowsAnyProject') |
| 55 | self.config_service.GetLabelDefRowsAnyProject( |
| 56 | self.cnxn, where=[('LOWER(label) LIKE %s', ['restrict-view-%'])] |
| 57 | ).AndReturn([ |
| 58 | (123, 789, 0, 'Restrict-View-Google', 'docstring', 0), |
| 59 | (124, 789, 0, 'Restrict-View-SecurityTeam', 'docstring', 0), |
| 60 | ]) |
| 61 | |
| 62 | self.mox.ReplayAll() |
| 63 | ids = search_helpers.GetPersonalAtRiskLabelIDs( |
| 64 | self.cnxn, |
| 65 | self.user, |
| 66 | self.config_service, |
| 67 | effective_ids=[10, 20], |
| 68 | project=fake.Project(project_id=789), |
| 69 | perms=permissions.READ_ONLY_PERMISSIONSET) |
| 70 | self.mox.VerifyAll() |
| 71 | |
| 72 | self.assertEqual(ids, [123, 124]) |
| 73 | |
| 74 | def testGetPersonalAtRiskLabelIDs_LoggedInUser(self): |
| 75 | """Test returns restricted label IDs a logged in user cannot access.""" |
| 76 | self.mox.StubOutWithMock(self.config_service, 'GetLabelDefRowsAnyProject') |
| 77 | self.config_service.GetLabelDefRowsAnyProject( |
| 78 | self.cnxn, where=[('LOWER(label) LIKE %s', ['restrict-view-%'])] |
| 79 | ).AndReturn([ |
| 80 | (123, 789, 0, 'Restrict-View-Google', 'docstring', 0), |
| 81 | (124, 789, 0, 'Restrict-View-SecurityTeam', 'docstring', 0), |
| 82 | ]) |
| 83 | |
| 84 | self.mox.ReplayAll() |
| 85 | ids = search_helpers.GetPersonalAtRiskLabelIDs( |
| 86 | self.cnxn, |
| 87 | self.user, |
| 88 | self.config_service, |
| 89 | effective_ids=[10, 20], |
| 90 | project=fake.Project(project_id=789), |
| 91 | perms=permissions.USER_PERMISSIONSET) |
| 92 | self.mox.VerifyAll() |
| 93 | |
| 94 | self.assertEqual(ids, [123, 124]) |
| 95 | |
| 96 | def testGetPersonalAtRiskLabelIDs_UserWithRVG(self): |
| 97 | """Test returns restricted label IDs a logged in user cannot access.""" |
| 98 | self.mox.StubOutWithMock(self.config_service, 'GetLabelDefRowsAnyProject') |
| 99 | self.config_service.GetLabelDefRowsAnyProject( |
| 100 | self.cnxn, where=[('LOWER(label) LIKE %s', ['restrict-view-%'])] |
| 101 | ).AndReturn([ |
| 102 | (123, 789, 0, 'Restrict-View-Google', 'docstring', 0), |
| 103 | (124, 789, 0, 'Restrict-View-SecurityTeam', 'docstring', 0), |
| 104 | ]) |
| 105 | |
| 106 | self.mox.ReplayAll() |
| 107 | perms = permissions.PermissionSet(['Google']) |
| 108 | ids = search_helpers.GetPersonalAtRiskLabelIDs( |
| 109 | self.cnxn, |
| 110 | self.user, |
| 111 | self.config_service, |
| 112 | effective_ids=[10, 20], |
| 113 | project=fake.Project(project_id=789), |
| 114 | perms=perms) |
| 115 | self.mox.VerifyAll() |
| 116 | |
| 117 | self.assertEqual(ids, [124]) |
| 118 | |
| 119 | def testGetPersonalAtRiskLabelIDs_Admin(self): |
| 120 | """Test returns nothing for an admin (who can view everything).""" |
| 121 | self.user.is_site_admin = True |
| 122 | self.mox.ReplayAll() |
| 123 | ids = search_helpers.GetPersonalAtRiskLabelIDs( |
| 124 | self.cnxn, |
| 125 | self.user, |
| 126 | self.config_service, |
| 127 | effective_ids=[10, 20], |
| 128 | project=fake.Project(project_id=789), |
| 129 | perms=permissions.ADMIN_PERMISSIONSET) |
| 130 | self.mox.VerifyAll() |
| 131 | |
| 132 | self.assertEqual(ids, []) |