[Patchew-devel] [PATCH v2] test: more testcases around authorization

Shubham Jain posted 1 patch 5 years, 10 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/patchew-ci tags/patchew/20180518023658.6008-1-shubhamjain7495@gmail.com
api/rest.py        | 10 +++++++---
tests/test_rest.py | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 58 insertions(+), 3 deletions(-)
[Patchew-devel] [PATCH v2] test: more testcases around authorization
Posted by Shubham Jain 5 years, 10 months ago
The test check for:
- user that is not a maintainer of any project should not result in any message being imported
- user that is not a maintainer of a project, but is in the importer groups, should result in the message being imported to all recognized projects
- user that is a maintainer of a project and is not in the importer group, should result in the message being imported to maintained and recognized projects

Also, changed the permission level of the MessageView to just authenticated users. Now, each authenticated user would be able to create a message but the result of the message would only be imported to the projects according to the conditions ie recognized by mbox or maintained by the users
---
 api/rest.py        | 10 +++++++---
 tests/test_rest.py | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+), 3 deletions(-)

diff --git a/api/rest.py b/api/rest.py
index fd321b3..af6fe31 100644
--- a/api/rest.py
+++ b/api/rest.py
@@ -391,12 +391,16 @@ class ProjectMessagesViewSet(ProjectMessagesViewSetMixin,
 
 class MessagesViewSet(BaseMessageViewSet):
     serializer_class = MessageSerializer
+    permission_classes = (permissions.IsAuthenticated,)
     parser_classes = (JSONParser, MessagePlainTextParser, )
     
     def create(self, request, *args, **kwargs):
-        projects = [p for p in Project.objects.all() if p.recognizes(MboxMessage(self.request.data['mbox']))]
-        if 'importers' not in self.request.user.groups.all():
-            projects = (p for p in projects if p.maintained_by(self.request.user))
+        m = MboxMessage(request.data['mbox'])
+        projects = [p for p in Project.objects.all() if p.recognizes(m)]
+        grps = request.user.groups.all()
+        grps_name = [grp.name for grp in grps]
+        if 'importers' not in grps_name:
+            projects = set(projects) & set([p for p in projects if p.maintained_by(self.request.user)])
         results = []
         for project in projects:
             serializer = self.get_serializer(data=request.data)
diff --git a/tests/test_rest.py b/tests/test_rest.py
index 2da5459..9b4647a 100755
--- a/tests/test_rest.py
+++ b/tests/test_rest.py
@@ -325,6 +325,57 @@ class RestTest(PatchewTestCase):
         resp_get2 = self.api_client.get(self.PROJECT_BASE_2 + "messages/20180223132311.26555-2-marcandre.lureau@redhat.com/")
         self.assertEqual(resp_get2.status_code, 200)
 
+    def test_without_login_create_message(self):
+        dp = self.get_data_path("0022-another-simple-patch.json.gz")
+        with open(dp, "r") as f:
+            data = f.read()
+        resp = self.api_client.post(self.PROJECT_BASE + "messages/", data, content_type='message/rfc822')
+        self.assertEqual(resp.status_code, 403)
+
+    def test_non_maintainer_create_message(self):
+        self.create_user(username="test", password="userpass")
+        self.api_client.login(username="test", password="userpass")
+        dp = self.get_data_path("0023-multiple-project-patch.mbox.gz")
+        with open(dp, "r") as f:
+            data = f.read()
+        resp = self.api_client.post(self.REST_BASE + "messages/", data, content_type='message/rfc822')
+        self.assertEqual(resp.status_code, 201)
+        self.assertEqual(resp.data['count'], 0)
+        resp_get = self.api_client.get(self.PROJECT_BASE + "messages/20180223132311.26555-2-marcandre.lureau@redhat.com/")
+        self.assertEqual(resp_get.status_code, 404)
+        resp_get2 = self.api_client.get(self.PROJECT_BASE_2 + "messages/20180223132311.26555-2-marcandre.lureau@redhat.com/")
+        self.assertEqual(resp_get2.status_code, 404)
+
+    def test_maintainer_create_message(self):
+        test = self.create_user(username="test", password="userpass")
+        self.api_client.login(username="test", password="userpass")
+        self.p.maintainers = (test, )
+        dp = self.get_data_path("0023-multiple-project-patch.mbox.gz")
+        with open(dp, "r") as f:
+            data = f.read()
+        resp = self.api_client.post(self.REST_BASE + "messages/", data, content_type='message/rfc822')
+        self.assertEqual(resp.status_code, 201)
+        self.assertEqual(resp.data['count'], 1)
+        resp_get = self.api_client.get(self.PROJECT_BASE + "messages/20180223132311.26555-2-marcandre.lureau@redhat.com/")
+        self.assertEqual(resp_get.status_code, 200)
+        resp_get2 = self.api_client.get(self.PROJECT_BASE_2 + "messages/20180223132311.26555-2-marcandre.lureau@redhat.com/")
+        self.assertEqual(resp_get2.status_code, 404)
+
+    def test_importer_create_message(self):
+        dp = self.get_data_path("0023-multiple-project-patch.mbox.gz")
+        with open(dp, "r") as f:
+            data = f.read()
+        test = self.create_user(username="test", password="userpass", groups=['importers'])
+        self.api_client.login(username="test", password="userpass")
+        resp = self.api_client.post(self.REST_BASE + "messages/", data, content_type='message/rfc822')
+        self.assertEqual(resp.status_code, 201)
+        self.assertEqual(resp.data['count'], 2)
+        resp_get = self.api_client.get(self.PROJECT_BASE + "messages/20180223132311.26555-2-marcandre.lureau@redhat.com/")
+        self.assertEqual(resp_get.status_code, 200)
+        self.assertEqual(resp_get.data['subject'], "[Qemu-devel] [PATCH 1/7] SecurityPkg/Tcg2Pei: drop Tcg2PhysicalPresenceLib dependency")
+        resp_get2 = self.api_client.get(self.PROJECT_BASE_2 + "messages/20180223132311.26555-2-marcandre.lureau@redhat.com/")
+        self.assertEqual(resp_get2.status_code, 200)
+        
     def test_message(self):
         series = self.apply_and_retrieve('0001-simple-patch.mbox.gz',
                                          self.p.id, '20160628014747.20971-1-famz@redhat.com')
-- 
2.14.3 (Apple Git-98)

_______________________________________________
Patchew-devel mailing list
Patchew-devel@redhat.com
https://www.redhat.com/mailman/listinfo/patchew-devel