| Copybara | 854996b | 2021-09-07 19:36:02 +0000 | [diff] [blame^] | 1 | # Copyright 2018 The Chromium Authors. All rights reserved. |
| 2 | # Use of this source code is governed by a BSD-style |
| 3 | # license that can be found in the LICENSE file or at |
| 4 | # https://developers.google.com/open-source/licenses/bsd |
| 5 | |
| 6 | """Unit tests for monorail.search.search_helpers.""" |
| 7 | from __future__ import print_function |
| 8 | from __future__ import division |
| 9 | from __future__ import absolute_import |
| 10 | |
| 11 | import mox |
| 12 | import unittest |
| 13 | |
| 14 | from search import search_helpers |
| 15 | |
| 16 | from google.appengine.ext import testbed |
| 17 | from framework import permissions |
| 18 | from framework import sql |
| 19 | from proto import user_pb2 |
| 20 | from services import chart_svc |
| 21 | from services import service_manager |
| 22 | from testing import fake |
| 23 | |
| 24 | |
| 25 | def MakeChartService(my_mox, config): |
| 26 | chart_service = chart_svc.ChartService(config) |
| 27 | for table_var in ['issuesnapshot_tbl', 'labeldef_tbl']: |
| 28 | setattr(chart_service, table_var, my_mox.CreateMock(sql.SQLTableManager)) |
| 29 | return chart_service |
| 30 | |
| 31 | |
| 32 | class SearchHelpersTest(unittest.TestCase): |
| 33 | """Tests for functions in search_helpers. |
| 34 | |
| 35 | Also covered by search.backendnonviewable.GetAtRiskIIDs cases. |
| 36 | """ |
| 37 | |
| 38 | def setUp(self): |
| 39 | self.testbed = testbed.Testbed() |
| 40 | self.testbed.activate() |
| 41 | self.testbed.init_memcache_stub() |
| 42 | |
| 43 | self.mox = mox.Mox() |
| 44 | self.cnxn = self.mox.CreateMock(sql.MonorailConnection) |
| 45 | self.services = service_manager.Services() |
| 46 | self.services.chart = MakeChartService(self.mox, self.services.config) |
| 47 | self.config_service = fake.ConfigService() |
| 48 | self.user = user_pb2.User() |
| 49 | |
| 50 | def testGetPersonalAtRiskLabelIDs_ReadOnly(self): |
| 51 | """Test returns risky IDs a read-only user cannot access.""" |
| 52 | self.mox.StubOutWithMock(self.config_service, 'GetLabelDefRowsAnyProject') |
| 53 | self.config_service.GetLabelDefRowsAnyProject( |
| 54 | self.cnxn, where=[('LOWER(label) LIKE %s', ['restrict-view-%'])] |
| 55 | ).AndReturn([ |
| 56 | (123, 789, 0, 'Restrict-View-Google', 'docstring', 0), |
| 57 | (124, 789, 0, 'Restrict-View-SecurityTeam', 'docstring', 0), |
| 58 | ]) |
| 59 | |
| 60 | self.mox.ReplayAll() |
| 61 | ids = search_helpers.GetPersonalAtRiskLabelIDs( |
| 62 | self.cnxn, |
| 63 | self.user, |
| 64 | self.config_service, |
| 65 | effective_ids=[10, 20], |
| 66 | project=fake.Project(project_id=789), |
| 67 | perms=permissions.READ_ONLY_PERMISSIONSET) |
| 68 | self.mox.VerifyAll() |
| 69 | |
| 70 | self.assertEqual(ids, [123, 124]) |
| 71 | |
| 72 | def testGetPersonalAtRiskLabelIDs_LoggedInUser(self): |
| 73 | """Test returns restricted label IDs a logged in user cannot access.""" |
| 74 | self.mox.StubOutWithMock(self.config_service, 'GetLabelDefRowsAnyProject') |
| 75 | self.config_service.GetLabelDefRowsAnyProject( |
| 76 | self.cnxn, where=[('LOWER(label) LIKE %s', ['restrict-view-%'])] |
| 77 | ).AndReturn([ |
| 78 | (123, 789, 0, 'Restrict-View-Google', 'docstring', 0), |
| 79 | (124, 789, 0, 'Restrict-View-SecurityTeam', 'docstring', 0), |
| 80 | ]) |
| 81 | |
| 82 | self.mox.ReplayAll() |
| 83 | ids = search_helpers.GetPersonalAtRiskLabelIDs( |
| 84 | self.cnxn, |
| 85 | self.user, |
| 86 | self.config_service, |
| 87 | effective_ids=[10, 20], |
| 88 | project=fake.Project(project_id=789), |
| 89 | perms=permissions.USER_PERMISSIONSET) |
| 90 | self.mox.VerifyAll() |
| 91 | |
| 92 | self.assertEqual(ids, [123, 124]) |
| 93 | |
| 94 | def testGetPersonalAtRiskLabelIDs_UserWithRVG(self): |
| 95 | """Test returns restricted label IDs a logged in user cannot access.""" |
| 96 | self.mox.StubOutWithMock(self.config_service, 'GetLabelDefRowsAnyProject') |
| 97 | self.config_service.GetLabelDefRowsAnyProject( |
| 98 | self.cnxn, where=[('LOWER(label) LIKE %s', ['restrict-view-%'])] |
| 99 | ).AndReturn([ |
| 100 | (123, 789, 0, 'Restrict-View-Google', 'docstring', 0), |
| 101 | (124, 789, 0, 'Restrict-View-SecurityTeam', 'docstring', 0), |
| 102 | ]) |
| 103 | |
| 104 | self.mox.ReplayAll() |
| 105 | perms = permissions.PermissionSet(['Google']) |
| 106 | ids = search_helpers.GetPersonalAtRiskLabelIDs( |
| 107 | self.cnxn, |
| 108 | self.user, |
| 109 | self.config_service, |
| 110 | effective_ids=[10, 20], |
| 111 | project=fake.Project(project_id=789), |
| 112 | perms=perms) |
| 113 | self.mox.VerifyAll() |
| 114 | |
| 115 | self.assertEqual(ids, [124]) |
| 116 | |
| 117 | def testGetPersonalAtRiskLabelIDs_Admin(self): |
| 118 | """Test returns nothing for an admin (who can view everything).""" |
| 119 | self.user.is_site_admin = True |
| 120 | self.mox.ReplayAll() |
| 121 | ids = search_helpers.GetPersonalAtRiskLabelIDs( |
| 122 | self.cnxn, |
| 123 | self.user, |
| 124 | self.config_service, |
| 125 | effective_ids=[10, 20], |
| 126 | project=fake.Project(project_id=789), |
| 127 | perms=permissions.ADMIN_PERMISSIONSET) |
| 128 | self.mox.VerifyAll() |
| 129 | |
| 130 | self.assertEqual(ids, []) |