copr / copr

Clone

#1625 frontend: allow project admins to edit chroots
Merged 5 years ago by praiskup. Opened 5 years ago by frostyx.
copr/ frostyx/copr edit-chroot-admin-permission  into  master

file modified
+2 -2 
@@ -35,7 +35,7 @@ 
 

      edit_chroot.html template.
 

      """
 

  

-     if flask.g.user.can_build_in(copr):
 

+     if flask.g.user.can_edit(copr):
 

          return render_template("coprs/detail/edit_chroot.html",
 

                                 form=form, copr=copr, chroot=chroot)
 

      raise AccessRestricted(
 
@@ -52,7 +52,7 @@ 
 

      form = forms.ChrootForm()
 

      chroot = ComplexLogic.get_copr_chroot_safe(copr, chroot_name)
 

  

-     if not flask.g.user.can_build_in(copr):
 

+     if not flask.g.user.can_edit(copr):
 

          raise AccessRestricted(
 

              "You are not allowed to modify chroots in project {0}."
 

              .format(copr.name))

file added
+85 
@@ -0,0 +1,85 @@ 
 

+ import pytest
 

+ from tests.coprs_test_case import CoprsTestCase, TransactionDecorator
 

+ from coprs.helpers import PermissionEnum
 

+ from coprs.models import CoprPermission
 

+ 

+ 

+ class TestCoprsChroots(CoprsTestCase):
 

+ 

+     @TransactionDecorator("u2")
 

+     @pytest.mark.usefixtures("f_users", "f_coprs", "f_mock_chroots", "f_db")
 

+     def test_edit_own_copr_chroot(self):
 

+         """
 

+         Test that a user can access and edit chroot settings of his project
 

+         """
 

+         self.db.session.add(self.c2)
 

+         self.db.session.commit()
 

+ 

+         url = "/coprs/{0}/edit_chroot/{1}/"\
 

+             .format(self.c2.full_name, self.c2.mock_chroots[0].name)
 

+         response = self.test_client.get(url, follow_redirects=True)
 

+         assert response.status_code == 200
 

+ 

+         url = "/coprs/{0}/update_chroot/{1}/"\
 

+             .format(self.c2.full_name, self.c2.mock_chroots[0].name)
 

+         data = {"buildroot_pkgs": "foo"}
 

+         response = self.test_client.post(url, data=data, follow_redirects=True)
 

+         assert response.status_code == 200
 

+ 

+     @TransactionDecorator("u2")
 

+     @pytest.mark.usefixtures("f_users", "f_coprs", "f_mock_chroots", "f_db")
 

+     def test_edit_someone_copr_chroot(self):
 

+         """
 

+         Test that a user can't access and edit chroot settings of someone else's
 

+         project. While we are at it, check that having permission to build in
 

+         the project doesn't change this fact.
 

+         """
 

+         perm = CoprPermission(
 

+             copr=self.c1,
 

+             user=self.u2,
 

+             copr_builder=PermissionEnum("approved"),
 

+             copr_admin=PermissionEnum("nothing")
 

+         )
 

+         self.db.session.add_all([self.c1, perm])
 

+         self.db.session.commit()
 

+ 

+         url = "/coprs/{0}/edit_chroot/{1}/"\
 

+             .format(self.c1.full_name, self.c1.mock_chroots[0].name)
 

+         response = self.test_client.get(url, follow_redirects=True)
 

+         assert response.status_code == 403
 

+         assert "You are not allowed to modify chroots in project"\
 

+             in str(response.data)
 

+ 

+         url = "/coprs/{0}/update_chroot/{1}/"\
 

+             .format(self.c1.full_name, self.c1.mock_chroots[0].name)
 

+         data = {"buildroot_pkgs": "foo"}
 

+         response = self.test_client.post(url, data=data, follow_redirects=True)
 

+         assert response.status_code == 403
 

+         assert "You are not allowed to modify chroots in project"\
 

+             in str(response.data)
 

+ 

+     @TransactionDecorator("u2")
 

+     @pytest.mark.usefixtures("f_users", "f_coprs", "f_mock_chroots", "f_db")
 

+     def test_edit_someone_copr_chroot_being_admin(self):
 

+         """
 

+         Test that as an admin of a project, user can access and edit its chroots
 

+         """
 

+         perm = CoprPermission(
 

+             copr=self.c1,
 

+             user=self.u2,
 

+             copr_builder=PermissionEnum("nothing"),
 

+             copr_admin=PermissionEnum("approved")
 

+         )
 

+         self.db.session.add_all([self.c1, perm])
 

+         self.db.session.commit()
 

+ 

+         url = "/coprs/{0}/edit_chroot/{1}/"\
 

+             .format(self.c1.full_name, self.c1.mock_chroots[0].name)
 

+         response = self.test_client.get(url, follow_redirects=True)
 

+         assert response.status_code == 200
 

+ 

+         url = "/coprs/{0}/update_chroot/{1}/"\
 

+             .format(self.c1.full_name, self.c1.mock_chroots[0].name)
 

+         data = {"buildroot_pkgs": "foo"}
 

+         response = self.test_client.post(url, data=data, follow_redirects=True)
 

+         assert response.status_code == 200

Fix #1621

IMHO people authorized to build in a project should not have rights to
edit chroots, so I am dropping it and allowing to edit them to project
admins instead.

+1

We struggle with the coverage in the web-UI routes, too. :(

rebased onto 0c312adf97f8d24a72b59b546304e50725b7e3d1
5 years ago

pretty please pagure-ci rebuild
5 years ago

rebased onto dbb8b768b51aa45952f51c806a2a54403ab0adea
5 years ago

I added some tests making sure that having a builder permission doesn't allow me to edit a chroot but having admin permission does.

rebased onto dc05840
5 years ago

Thank you for the update, awesome. The commit did not change, only new tests were added - merging.

Pull-Request has been merged by praiskup
5 years ago
Changes Summary 2
+2 -2
file changed
frontend/coprs_frontend/coprs/views/coprs_ns/coprs_chroots.py
+85
file added
frontend/coprs_frontend/tests/test_views/test_coprs_ns/test_coprs_chroots.py
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.