Blame - search/test/search_helpers_test.py - monorail-avm99963

blob: e5746a6ab73102e05b86ad62a0501935f532edeb [file] [log] [blame]

Adrià Vilanova Martínez	f19ea43	2024-01-23 20:20:52 +0100	[diff] [blame]	1	# Copyright 2018 The Chromium Authors
				2	# Use of this source code is governed by a BSD-style license that can be
				3	# found in the LICENSE file.
Copybara	854996b	2021-09-07 19:36:02 +0000	[diff] [blame]	4
				5	"""Unit tests for monorail.search.search_helpers."""
				6	from __future__ import print_function
				7	from __future__ import division
				8	from __future__ import absolute_import
				9
Adrià Vilanova Martínez	9f9ade5	2022-10-10 23:20:11 +0200	[diff] [blame]	10	try:
				11	from mox3 import mox
				12	except ImportError:
				13	import mox
Copybara	854996b	2021-09-07 19:36:02 +0000	[diff] [blame]	14	import unittest
				15
				16	from search import search_helpers
				17
				18	from google.appengine.ext import testbed
				19	from framework import permissions
				20	from framework import sql
Adrià Vilanova Martínez	f19ea43	2024-01-23 20:20:52 +0100	[diff] [blame]	21	from mrproto import user_pb2
Copybara	854996b	2021-09-07 19:36:02 +0000	[diff] [blame]	22	from services import chart_svc
				23	from services import service_manager
				24	from testing import fake
				25
				26
				27	def MakeChartService(my_mox, config):
				28	chart_service = chart_svc.ChartService(config)
				29	for table_var in ['issuesnapshot_tbl', 'labeldef_tbl']:
				30	setattr(chart_service, table_var, my_mox.CreateMock(sql.SQLTableManager))
				31	return chart_service
				32
				33
				34	class SearchHelpersTest(unittest.TestCase):
				35	"""Tests for functions in search_helpers.
				36
				37	Also covered by search.backendnonviewable.GetAtRiskIIDs cases.
				38	"""
				39
				40	def setUp(self):
				41	self.testbed = testbed.Testbed()
				42	self.testbed.activate()
				43	self.testbed.init_memcache_stub()
				44
				45	self.mox = mox.Mox()
				46	self.cnxn = self.mox.CreateMock(sql.MonorailConnection)
				47	self.services = service_manager.Services()
				48	self.services.chart = MakeChartService(self.mox, self.services.config)
				49	self.config_service = fake.ConfigService()
				50	self.user = user_pb2.User()
				51
				52	def testGetPersonalAtRiskLabelIDs_ReadOnly(self):
				53	"""Test returns risky IDs a read-only user cannot access."""
				54	self.mox.StubOutWithMock(self.config_service, 'GetLabelDefRowsAnyProject')
				55	self.config_service.GetLabelDefRowsAnyProject(
				56	self.cnxn, where=[('LOWER(label) LIKE %s', ['restrict-view-%'])]
				57	).AndReturn([
				58	(123, 789, 0, 'Restrict-View-Google', 'docstring', 0),
				59	(124, 789, 0, 'Restrict-View-SecurityTeam', 'docstring', 0),
				60	])
				61
				62	self.mox.ReplayAll()
				63	ids = search_helpers.GetPersonalAtRiskLabelIDs(
				64	self.cnxn,
				65	self.user,
				66	self.config_service,
				67	effective_ids=[10, 20],
				68	project=fake.Project(project_id=789),
				69	perms=permissions.READ_ONLY_PERMISSIONSET)
				70	self.mox.VerifyAll()
				71
				72	self.assertEqual(ids, [123, 124])
				73
				74	def testGetPersonalAtRiskLabelIDs_LoggedInUser(self):
				75	"""Test returns restricted label IDs a logged in user cannot access."""
				76	self.mox.StubOutWithMock(self.config_service, 'GetLabelDefRowsAnyProject')
				77	self.config_service.GetLabelDefRowsAnyProject(
				78	self.cnxn, where=[('LOWER(label) LIKE %s', ['restrict-view-%'])]
				79	).AndReturn([
				80	(123, 789, 0, 'Restrict-View-Google', 'docstring', 0),
				81	(124, 789, 0, 'Restrict-View-SecurityTeam', 'docstring', 0),
				82	])
				83
				84	self.mox.ReplayAll()
				85	ids = search_helpers.GetPersonalAtRiskLabelIDs(
				86	self.cnxn,
				87	self.user,
				88	self.config_service,
				89	effective_ids=[10, 20],
				90	project=fake.Project(project_id=789),
				91	perms=permissions.USER_PERMISSIONSET)
				92	self.mox.VerifyAll()
				93
				94	self.assertEqual(ids, [123, 124])
				95
				96	def testGetPersonalAtRiskLabelIDs_UserWithRVG(self):
				97	"""Test returns restricted label IDs a logged in user cannot access."""
				98	self.mox.StubOutWithMock(self.config_service, 'GetLabelDefRowsAnyProject')
				99	self.config_service.GetLabelDefRowsAnyProject(
				100	self.cnxn, where=[('LOWER(label) LIKE %s', ['restrict-view-%'])]
				101	).AndReturn([
				102	(123, 789, 0, 'Restrict-View-Google', 'docstring', 0),
				103	(124, 789, 0, 'Restrict-View-SecurityTeam', 'docstring', 0),
				104	])
				105
				106	self.mox.ReplayAll()
				107	perms = permissions.PermissionSet(['Google'])
				108	ids = search_helpers.GetPersonalAtRiskLabelIDs(
				109	self.cnxn,
				110	self.user,
				111	self.config_service,
				112	effective_ids=[10, 20],
				113	project=fake.Project(project_id=789),
				114	perms=perms)
				115	self.mox.VerifyAll()
				116
				117	self.assertEqual(ids, [124])
				118
				119	def testGetPersonalAtRiskLabelIDs_Admin(self):
				120	"""Test returns nothing for an admin (who can view everything)."""
				121	self.user.is_site_admin = True
				122	self.mox.ReplayAll()
				123	ids = search_helpers.GetPersonalAtRiskLabelIDs(
				124	self.cnxn,
				125	self.user,
				126	self.config_service,
				127	effective_ids=[10, 20],
				128	project=fake.Project(project_id=789),
				129	perms=permissions.ADMIN_PERMISSIONSET)
				130	self.mox.VerifyAll()
				131
				132	self.assertEqual(ids, [])