blob: 547df8069d8898c6f8c59c2b426d66f4dc297038 [file] [log] [blame]
Copybara854996b2021-09-07 19:36:02 +00001# Copyright 2016 The Chromium Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style
3# license that can be found in the LICENSE file or at
4# https://developers.google.com/open-source/licenses/bsd
5
6"""Unittest for the people detail page."""
7from __future__ import print_function
8from __future__ import division
9from __future__ import absolute_import
10
11import logging
12
13import unittest
14
15import webapp2
16
17from framework import authdata
18from framework import exceptions
19from framework import permissions
20from project import peopledetail
21from proto import project_pb2
22from services import service_manager
23from testing import fake
24from testing import testing_helpers
25
26
27class PeopleDetailTest(unittest.TestCase):
28
29 def setUp(self):
30 services = service_manager.Services(
31 project=fake.ProjectService(),
32 usergroup=fake.UserGroupService(),
33 user=fake.UserService())
34 services.user.TestAddUser('jrobbins', 111)
35 services.user.TestAddUser('jrobbins@jrobbins.org', 333)
36 services.user.TestAddUser('jrobbins@chromium.org', 555)
37 services.user.TestAddUser('imso31337@gmail.com', 999)
38 self.project = services.project.TestAddProject('proj')
39 self.project.owner_ids.extend([111, 222])
40 self.project.committer_ids.extend([333, 444])
41 self.project.contributor_ids.extend([555])
42 self.servlet = peopledetail.PeopleDetail('req', 'res', services=services)
43
44 def VerifyAccess(self, exception_expected):
45 mr = testing_helpers.MakeMonorailRequest(
46 path='/p/proj/people/detail?u=111',
47 project=self.project,
48 perms=permissions.OWNER_ACTIVE_PERMISSIONSET)
49 self.servlet.AssertBasePermission(mr)
50 # Owner never raises PermissionException.
51
52 mr = testing_helpers.MakeMonorailRequest(
53 path='/p/proj/people/detail?u=333',
54 project=self.project,
55 perms=permissions.COMMITTER_ACTIVE_PERMISSIONSET)
56 self.servlet.AssertBasePermission(mr)
57 # Committer never raises PermissionException.
58
59 mr = testing_helpers.MakeMonorailRequest(
60 path='/p/proj/people/detail?u=555',
61 project=self.project,
62 perms=permissions.CONTRIBUTOR_ACTIVE_PERMISSIONSET)
63 if exception_expected:
64 self.assertRaises(permissions.PermissionException,
65 self.servlet.AssertBasePermission, mr)
66 else:
67 self.servlet.AssertBasePermission(mr)
68 # No PermissionException raised
69
70 # Sign-out users
71 mr = testing_helpers.MakeMonorailRequest(
72 path='/p/proj/people/detail?u=555',
73 project=self.project,
74 perms=permissions.READ_ONLY_PERMISSIONSET)
75 if exception_expected:
76 self.assertRaises(permissions.PermissionException,
77 self.servlet.AssertBasePermission, mr)
78 else:
79 self.servlet.AssertBasePermission(mr)
80
81 # Non-membr users
82 mr = testing_helpers.MakeMonorailRequest(
83 path='/p/proj/people/detail?u=555',
84 project=self.project,
85 perms=permissions.USER_PERMISSIONSET)
86 if exception_expected:
87 self.assertRaises(permissions.PermissionException,
88 self.servlet.AssertBasePermission, mr)
89 else:
90 self.servlet.AssertBasePermission(mr)
91
92 def testAssertBasePermission_Normal(self):
93 self.VerifyAccess(False)
94
95 def testAssertBasePermission_HubSpoke(self):
96 self.project.only_owners_see_contributors = True
97 self.VerifyAccess(True)
98
99 def testAssertBasePermission_HubSpokeViewingSelf(self):
100 self.project.only_owners_see_contributors = True
101 mr = testing_helpers.MakeMonorailRequest(
102 path='/p/proj/people/detail?u=333',
103 project=self.project,
104 perms=permissions.COMMITTER_ACTIVE_PERMISSIONSET)
105 mr.auth.user_id = 333
106 self.servlet.AssertBasePermission(mr)
107 # No PermissionException raised
108
109 def testGatherPageData(self):
110 mr = testing_helpers.MakeMonorailRequest(
111 path='/p/proj/people/detail?u=111',
112 project=self.project,
113 perms=permissions.OWNER_ACTIVE_PERMISSIONSET)
114 mr.auth = authdata.AuthData()
115 page_data = self.servlet.GatherPageData(mr)
116 self.assertFalse(page_data['warn_abandonment'])
117 self.assertEqual(2, page_data['total_num_owners'])
118 # TODO(jrobbins): fill in tests for all other aspects.
119
120 def testValidateMemberID(self):
121 # We can validate owners
122 self.assertEqual(
123 111, self.servlet.ValidateMemberID('fake cnxn', 111, self.project))
124
125 # We can parse members
126 self.assertEqual(
127 333, self.servlet.ValidateMemberID('fake cnxn', 333, self.project))
128
129 # 404 for user that does not exist
130 with self.assertRaises(webapp2.HTTPException) as cm:
131 self.servlet.ValidateMemberID('fake cnxn', 8933, self.project)
132 self.assertEqual(404, cm.exception.code)
133
134 # 404 for valid user that is not in this project
135 with self.assertRaises(webapp2.HTTPException) as cm:
136 self.servlet.ValidateMemberID('fake cnxn', 999, self.project)
137 self.assertEqual(404, cm.exception.code)
138
139 def testParsePersonData_BadPost(self):
140 mr = testing_helpers.MakeMonorailRequest(
141 path='/p/proj/people/detail',
142 project=self.project)
143 post_data = fake.PostData()
144 with self.assertRaises(exceptions.InputException):
145 _result = self.servlet.ParsePersonData(mr, post_data)
146
147 def testParsePersonData_NoDetails(self):
148 mr = testing_helpers.MakeMonorailRequest(
149 path='/p/proj/people/detail?u=111',
150 project=self.project)
151 post_data = fake.PostData(role=['owner'])
152 u, r, ac, n, _, _ = self.servlet.ParsePersonData(mr, post_data)
153 self.assertEqual(111, u)
154 self.assertEqual('owner', r)
155 self.assertEqual([], ac)
156 self.assertEqual('', n)
157
158 mr = testing_helpers.MakeMonorailRequest(
159 path='/p/proj/people/detail?u=333',
160 project=self.project)
161 post_data = fake.PostData(role=['owner'])
162 u, r, ac, n, _, _ = self.servlet.ParsePersonData(mr, post_data)
163 self.assertEqual(333, u)
164
165 def testParsePersonData(self):
166 mr = testing_helpers.MakeMonorailRequest(
167 path='/p/proj/people/detail?u=111',
168 project=self.project)
169 post_data = fake.PostData(
170 role=['owner'], extra_perms=['ViewQuota', 'EditIssue'])
171 u, r, ac, n, _, _ = self.servlet.ParsePersonData(mr, post_data)
172 self.assertEqual(111, u)
173 self.assertEqual('owner', r)
174 self.assertEqual(['ViewQuota', 'EditIssue'], ac)
175 self.assertEqual('', n)
176
177 post_data = fake.PostData({
178 'role': ['owner'],
179 'extra_perms': [' ', ' \t'],
180 'notes': [''],
181 'ac_include': [123],
182 'ac_expand': [123],
183 })
184 (u, r, ac, n, ac_exclusion, no_expand
185 ) = self.servlet.ParsePersonData(mr, post_data)
186 self.assertEqual(111, u)
187 self.assertEqual('owner', r)
188 self.assertEqual([], ac)
189 self.assertEqual('', n)
190 self.assertFalse(ac_exclusion)
191 self.assertFalse(no_expand)
192
193 post_data = fake.PostData({
194 'username': ['jrobbins'],
195 'role': ['owner'],
196 'extra_perms': ['_ViewQuota', ' __EditIssue'],
197 'notes': [' Our local Python expert '],
198 })
199 (u, r, ac, n, ac_exclusion, no_expand
200 )= self.servlet.ParsePersonData(mr, post_data)
201 self.assertEqual(111, u)
202 self.assertEqual('owner', r)
203 self.assertEqual(['ViewQuota', 'EditIssue'], ac)
204 self.assertEqual('Our local Python expert', n)
205 self.assertTrue(ac_exclusion)
206 self.assertTrue(no_expand)
207
208 def testCanEditMemberNotes(self):
209 """Only owners can edit member notes."""
210 mr = testing_helpers.MakeMonorailRequest(
211 path='/p/proj/people/detail?u=111',
212 project=self.project,
213 perms=permissions.CONTRIBUTOR_ACTIVE_PERMISSIONSET)
214 result = self.servlet.CanEditMemberNotes(mr, 222)
215 self.assertFalse(result)
216
217 mr.auth.user_id = 222
218 result = self.servlet.CanEditMemberNotes(mr, 222)
219 self.assertTrue(result)
220
221 mr = testing_helpers.MakeMonorailRequest(
222 path='/p/proj/people/detail?u=111',
223 project=self.project,
224 perms=permissions.OWNER_ACTIVE_PERMISSIONSET)
225 result = self.servlet.CanEditMemberNotes(mr, 222)
226 self.assertTrue(result)
227
228 def testCanEditPerms(self):
229 """Only owners can edit member perms."""
230 mr = testing_helpers.MakeMonorailRequest(
231 path='/p/proj/people/detail?u=111',
232 project=self.project,
233 perms=permissions.CONTRIBUTOR_ACTIVE_PERMISSIONSET)
234 result = self.servlet.CanEditPerms(mr)
235 self.assertFalse(result)
236
237 mr = testing_helpers.MakeMonorailRequest(
238 path='/p/proj/people/detail?u=111',
239 project=self.project,
240 perms=permissions.OWNER_ACTIVE_PERMISSIONSET)
241 result = self.servlet.CanEditPerms(mr)
242 self.assertTrue(result)
243
244 def testCanRemoveRole(self):
245 """Owners can remove members. Users could also remove themselves."""
246 mr = testing_helpers.MakeMonorailRequest(
247 path='/p/proj/people/detail?u=111',
248 project=self.project,
249 perms=permissions.CONTRIBUTOR_ACTIVE_PERMISSIONSET)
250 result = self.servlet.CanRemoveRole(mr, 222)
251 self.assertFalse(result)
252
253 mr.auth.user_id = 111
254 result = self.servlet.CanRemoveRole(mr, 111)
255 self.assertTrue(result)
256
257 mr = testing_helpers.MakeMonorailRequest(
258 path='/p/proj/people/detail?u=111',
259 project=self.project,
260 perms=permissions.OWNER_ACTIVE_PERMISSIONSET)
261 result = self.servlet.CanRemoveRole(mr, 222)
262 self.assertTrue(result)