From 271249c8339102fcedc0de9f08707433b8185af8 Mon Sep 17 00:00:00 2001 From: Tomas Kopecek Date: Jun 13 2019 17:43:14 +0000 Subject: add "tag" permission --- diff --git a/docs/source/permissions.rst b/docs/source/permissions.rst index b44dd46..2d90f04 100644 --- a/docs/source/permissions.rst +++ b/docs/source/permissions.rst @@ -34,6 +34,9 @@ Administration ``host`` Restricted permission for handling host-related management tasks. +``tag`` + Permission for adding/deleting/editing tags + Tasks ----- diff --git a/hub/kojihub.py b/hub/kojihub.py index 3462dfd..a4bbc18 100644 --- a/hub/kojihub.py +++ b/hub/kojihub.py @@ -688,7 +688,7 @@ def readDescendantsData(tag_id, event=None): def writeInheritanceData(tag_id, changes, clear=False): """Add or change inheritance data for a tag""" - context.session.assertPerm('admin') + context.session.assertPerm('tag') _writeInheritanceData(tag_id, changes, clear) @@ -1638,7 +1638,7 @@ def _direct_untag_build(tag, build, user, strict=True, force=False): def grplist_add(taginfo, grpinfo, block=False, force=False, **opts): """Add to (or update) group list for tag""" #only admins.... - context.session.assertPerm('admin') + context.session.assertPerm('tag') _grplist_add(taginfo, grpinfo, block, force, **opts) @@ -1696,7 +1696,7 @@ def grplist_remove(taginfo, grpinfo, force=False): Most of the time you really want to use the block or unblock functions """ #only admins.... - context.session.assertPerm('admin') + context.session.assertPerm('tag') _grplist_remove(taginfo, grpinfo, force) @@ -1724,7 +1724,7 @@ def grplist_unblock(taginfo, grpinfo): Otherwise, raise an error """ # only admins... - context.session.assertPerm('admin') + context.session.assertPerm('tag') _grplist_unblock(taginfo, grpinfo) @@ -1758,7 +1758,7 @@ def _grplist_unblock(taginfo, grpinfo): def grp_pkg_add(taginfo, grpinfo, pkg_name, block=False, force=False, **opts): """Add package to group for tag""" #only admins.... - context.session.assertPerm('admin') + context.session.assertPerm('tag') _grp_pkg_add(taginfo, grpinfo, pkg_name, block, force, **opts) @@ -1822,7 +1822,7 @@ def grp_pkg_remove(taginfo, grpinfo, pkg_name, force=False): Most of the time you really want to use the block or unblock functions """ #only admins.... - context.session.assertPerm('admin') + context.session.assertPerm('tag') _grp_pkg_remove(taginfo, grpinfo, pkg_name, force) @@ -1848,7 +1848,7 @@ def grp_pkg_unblock(taginfo, grpinfo, pkg_name): Otherwise, raise an error """ # only admins... - context.session.assertPerm('admin') + context.session.assertPerm('tag') _grp_pkg_unblock(taginfo, grpinfo, pkg_name) @@ -1881,7 +1881,7 @@ def _grp_pkg_unblock(taginfo, grpinfo, pkg_name): def grp_req_add(taginfo, grpinfo, reqinfo, block=False, force=False, **opts): """Add group requirement to group for tag""" #only admins.... - context.session.assertPerm('admin') + context.session.assertPerm('tag') _grp_req_add(taginfo, grpinfo, reqinfo, block, force, **opts) @@ -1946,7 +1946,7 @@ def grp_req_remove(taginfo, grpinfo, reqinfo, force=False): Most of the time you really want to use the block or unblock functions """ #only admins.... - context.session.assertPerm('admin') + context.session.assertPerm('tag') _grp_req_remove(taginfo, grpinfo, reqinfo, force) @@ -1973,7 +1973,7 @@ def grp_req_unblock(taginfo, grpinfo, reqinfo): Otherwise, raise an error """ # only admins... - context.session.assertPerm('admin') + context.session.assertPerm('tag') _grp_req_unblock(taginfo, grpinfo, reqinfo) @@ -3051,7 +3051,7 @@ def lookup_build_target(info, strict=False, create=False): def create_tag(name, parent=None, arches=None, perm=None, locked=False, maven_support=False, maven_include_all=False, extra=None): """Create a new tag""" - context.session.assertPerm('admin') + context.session.assertPerm('tag') return _create_tag(name, parent, arches, perm, locked, maven_support, maven_include_all, extra) @@ -3206,7 +3206,7 @@ def edit_tag(tagInfo, **kwargs): :param list remove_extra: remove extra tag parameters. """ - context.session.assertPerm('admin') + context.session.assertPerm('tag') _edit_tag(tagInfo, **kwargs) @@ -3316,7 +3316,7 @@ def old_edit_tag(tagInfo, name, arches, locked, permissionID, extra=None): def delete_tag(tagInfo): """Delete the specified tag.""" - context.session.assertPerm('admin') + context.session.assertPerm('tag') _delete_tag(tagInfo) @@ -3469,7 +3469,7 @@ def delete_external_repo(info): def add_external_repo_to_tag(tag_info, repo_info, priority, merge_mode='koji'): """Add an external repo to a tag""" - context.session.assertPerm('admin') + context.session.assertPerm('tag') if merge_mode not in koji.REPO_MERGE_MODES: raise koji.GenericError('Invalid merge mode: %s' % merge_mode) @@ -3496,7 +3496,7 @@ def add_external_repo_to_tag(tag_info, repo_info, priority, merge_mode='koji'): def remove_external_repo_from_tag(tag_info, repo_info): """Remove an external repo from a tag""" - context.session.assertPerm('admin') + context.session.assertPerm('tag') tag = get_tag(tag_info, strict=True) tag_id = tag['id'] @@ -3516,7 +3516,7 @@ def edit_tag_external_repo(tag_info, repo_info, priority): """Edit a tag<->external repo association This allows you to update the priority without removing/adding the repo.""" - context.session.assertPerm('admin') + context.session.assertPerm('tag') tag = get_tag(tag_info, strict=True) tag_id = tag['id'] @@ -10185,7 +10185,7 @@ class RootExports(object): """ # verify existence of tag and/or convert name to id tag = get_tag_id(tag, strict=True) - context.session.assertPerm('admin') + context.session.assertPerm('tag') return writeInheritanceData(tag, data, clear=clear) def getFullInheritance(self, tag, event=None, reverse=False, stops=None, jumps=None): diff --git a/tests/test_hub/test_delete_tag.py b/tests/test_hub/test_delete_tag.py index ef182d8..7fcf6b4 100644 --- a/tests/test_hub/test_delete_tag.py +++ b/tests/test_hub/test_delete_tag.py @@ -37,7 +37,7 @@ class TestDeleteTag(unittest.TestCase): with self.assertRaises(koji.GenericError): kojihub.delete_tag('badtag') self.assertEqual(self.updates, []) - self.context.session.assertPerm.assert_called_with('admin') + self.context.session.assertPerm.assert_called_with('tag') def test_good_tag(self): self.get_tag.return_value = {'id': 'TAGID'} @@ -50,4 +50,4 @@ class TestDeleteTag(unittest.TestCase): self.assertEqual(u.values, {'value': 'TAGID'}) self.assertEqual(u.rawdata, {'active': 'NULL'}) self.assertEqual(u.data, data) - self.context.session.assertPerm.assert_called_with('admin') + self.context.session.assertPerm.assert_called_with('tag') diff --git a/tests/test_hub/test_group_operations.py b/tests/test_hub/test_group_operations.py index aee0095..e53101b 100644 --- a/tests/test_hub/test_group_operations.py +++ b/tests/test_hub/test_group_operations.py @@ -66,7 +66,7 @@ class TestGrouplist(unittest.TestCase): kojihub.grplist_add(tag, group) # what was called - self.context.session.assertPerm.assert_called_once_with('admin') + self.context.session.assertPerm.assert_called_once_with('tag') self.get_tag.assert_called_once_with(tag, strict=True) self.lookup_group.assert_called_once_with(group, create=True) self.get_tag_groups.assert_called_with('tag_id', inherit=True, @@ -100,7 +100,7 @@ class TestGrouplist(unittest.TestCase): self.context.session.assertPerm.side_effect = koji.GenericError with self.assertRaises(koji.GenericError): kojihub.grplist_add('tag', 'group') - self.context.session.assertPerm.assert_called_once_with('admin') + self.context.session.assertPerm.assert_called_once_with('tag') self.assertEqual(len(self.inserts), 0) self.assertEqual(len(self.updates), 0) @@ -108,7 +108,7 @@ class TestGrouplist(unittest.TestCase): self.get_tag.side_effect = koji.GenericError with self.assertRaises(koji.GenericError): kojihub.grplist_add('tag', 'group') - self.context.session.assertPerm.assert_called_once_with('admin') + self.context.session.assertPerm.assert_called_once_with('tag') self.assertEqual(len(self.inserts), 0) self.assertEqual(len(self.updates), 0) @@ -125,7 +125,7 @@ class TestGrouplist(unittest.TestCase): kojihub.grplist_block(tag, group) # what was called - self.context.session.assertPerm.assert_called_once_with('admin') + self.context.session.assertPerm.assert_called_once_with('tag') self.get_tag.assert_called_once_with(tag, strict=True) self.lookup_group.assert_called_once_with(group, create=True) self.get_tag_groups.assert_called_with('tag_id', inherit=True, @@ -166,7 +166,7 @@ class TestGrouplist(unittest.TestCase): kojihub.grplist_remove(tag, group) # what was called - self.context.session.assertPerm.assert_called_once_with('admin') + self.context.session.assertPerm.assert_called_once_with('tag') self.get_tag.assert_called_once_with(tag, strict=True) self.lookup_group.assert_called_once_with(group, strict=True) @@ -192,7 +192,7 @@ class TestGrouplist(unittest.TestCase): kojihub.grplist_unblock(tag, group) # what was called - self.context.session.assertPerm.assert_called_once_with('admin') + self.context.session.assertPerm.assert_called_once_with('tag') self.lookup_tag.assert_called_once_with(tag, strict=True) self.lookup_group.assert_called_once_with(group, strict=True)