PR#1733: allow tag or target permissions as appropriate (on master) - koji

koji

#1733 allow tag or target permissions as appropriate (on master)

Merged 4 years ago by tkopecek. Opened 4 years ago by cobrien.

cobrien/koji issue_1729_master into master

make tests work

Christopher O'Brien • 4 years ago

1407e0e

check for tag or target permission in addition to admin for relevant CLI calls

Christopher O'Brien • 4 years ago

bdb4fce

cli/koji_cli/commands.py

file modified

+16 -16

		`@@ -64,8 +64,8 @@`
		`group = args[1]`

		`activate_session(session, goptions)`
		`- if not session.hasPerm('admin'):`
		`- print("This action requires admin privileges")`
		`+ if not (session.hasPerm('admin') or session.hasPerm('tag')):`
		`+ print("This action requires tag or admin privileges")`
		`return 1`

		`dsttag = session.getTag(tag)`
		`@@ -95,8 +95,8 @@`
		`group = args[1]`

		`activate_session(session, goptions)`
		`- if not session.hasPerm('admin'):`
		`- print("This action requires admin privileges")`
		`+ if not (session.hasPerm('admin') or session.hasPerm('tag')):`
		`+ print("This action requires tag or admin privileges")`
		`return 1`

		`dsttag = session.getTag(tag)`
		`@@ -3397,8 +3397,8 @@`
		`assert False # pragma: no cover`
		`activate_session(session, goptions)`

		`- if not session.hasPerm('admin') and not options.test:`
		`- parser.error(_("This action requires admin privileges"))`
		`+ if not options.test and not (session.hasPerm('admin') or session.hasPerm('tag')):`
		`+ parser.error(_("This action requires tag or admin privileges"))`

		`if args[0] == args[1]:`
		`parser.error(_('Source and destination tags must be different.'))`
		`@@ -3850,8 +3850,8 @@`
		`#most targets have the same name as their destination`
		`dest_tag = name`
		`activate_session(session, goptions)`
		`- if not session.hasPerm('admin'):`
		`- print("This action requires admin privileges")`
		`+ if not (session.hasPerm('admin') or session.hasPerm('target')):`
		`+ print("This action requires target or admin privileges")`
		`return 1`

		`chkbuildtag = session.getTag(build_tag)`
		`@@ -3885,8 +3885,8 @@`
		`assert False # pragma: no cover`
		`activate_session(session, goptions)`

		`- if not session.hasPerm('admin'):`
		`- print("This action requires admin privileges")`
		`+ if not (session.hasPerm('admin') or session.hasPerm('target')):`
		`+ print("This action requires target or admin privileges")`
		`return`

		`targetInfo = session.getBuildTarget(args[0])`
		`@@ -3928,8 +3928,8 @@`
		`assert False # pragma: no cover`
		`activate_session(session, goptions)`

		`- if not session.hasPerm('admin'):`
		`- print("This action requires admin privileges")`
		`+ if not (session.hasPerm('admin') or session.hasPerm('target')):`
		`+ print("This action requires target or admin privileges")`
		`return`

		`target = args[0]`
		`@@ -3953,8 +3953,8 @@`
		`assert False # pragma: no cover`
		`activate_session(session, goptions)`

		`- if not session.hasPerm('admin'):`
		`- print("This action requires admin privileges")`
		`+ if not (session.hasPerm('admin') or session.hasPerm('tag')):`
		`+ print("This action requires tag or admin privileges")`
		`return`

		`tag = args[0]`
		`@@ -4953,8 +4953,8 @@`
		`parser.error(_("Please specify a name for the tag"))`
		`assert False # pragma: no cover`
		`activate_session(session, goptions)`
		`- if not session.hasPerm('admin'):`
		`- print("This action requires admin privileges")`
		`+ if not (session.hasPerm('admin') or session.hasPerm('tag')):`
		`+ print("This action requires tag or admin privileges")`
		`return`
		`opts = {}`
		`if options.parent:`

tests/test_cli/test_add_group.py

file modified

+3 -2

		`@@ -129,12 +129,13 @@`
		`# Run it and check immediate output`
		`rv = handle_add_group(options, session, arguments)`
		`actual = stdout.getvalue()`
		`- expected = 'This action requires admin privileges\n'`
		`+ expected = 'This action requires tag or admin privileges\n'`
		`self.assertMultiLineEqual(actual, expected)`

		`# Finally, assert that things were called as we expected.`
		`activate_session_mock.assert_called_once_with(session, options)`
		`- session.hasPerm.assert_called_once_with('admin')`
		`+ session.hasPerm.assert_has_calls([mock.call('admin'),`
		`+ mock.call('tag')])`
		`session.getTag.assert_not_called()`
		`session.getTagGroups.assert_not_called()`
		`session.groupListAdd.assert_not_called()`

tests/test_cli/test_add_tag.py

file modified

+1 -1

		`@@ -44,7 +44,7 @@`
		`activate_session=None)`

		`# Case 2. not admin account`
		`- expected = "This action requires admin privileges\n"`
		`+ expected = "This action requires tag or admin privileges\n"`
		`session.hasPerm.return_value = None`
		`handle_add_tag(options, session, ['test-tag'])`
		`self.assert_console_message(stdout, expected)`

tests/test_cli/test_block_group.py

file modified

+1 -1

		`@@ -123,6 +123,6 @@`
		`session.hasPerm.return_value = False`
		`rv = handle_block_group(options, session, ['tag', 'grp'])`
		`self.assert_console_message(`
		`- stdout, 'This action requires admin privileges\n')`
		`+ stdout, 'This action requires tag or admin privileges\n')`
		`self.assertEqual(rv, 1)`
		`activate_session_mock.assert_called_with(session, options)`

tests/test_cli/test_clone_tag.py

file modified

+2 -2

		`@@ -59,10 +59,10 @@`
		`self.session,`
		`args,`
		`stderr=self.format_error_message(`
		`- "This action requires admin privileges"),`
		`+ "This action requires tag or admin privileges"),`
		`activate_session=None)`
		`self.activate_session.assert_called_once()`
		`- self.session.hasPerm.assert_called_once_with('admin')`
		`+ self.session.hasPerm.assert_has_calls([call('admin'), call('tag')])`

		`def test_handle_clone_tag_same_tag(self):`
		`args = ['src-tag', 'src-tag']`