From 3d9cf63506507b01cad0008d2e5ba843d0bb2714 Mon Sep 17 00:00:00 2001 From: Lenka Segura Date: Mar 08 2019 13:01:20 +0000 Subject: add acls pull_request for user api token --- diff --git a/pagure/default_config.py b/pagure/default_config.py index b43d5ce..cc08ce3 100644 --- a/pagure/default_config.py +++ b/pagure/default_config.py @@ -368,6 +368,7 @@ CROSS_PROJECT_ACLS = [ "fork_project", "modify_project", "update_watch_status", + "pull_request_create", ] # ACLs with which admins are allowed to create project-less API tokens diff --git a/tests/__init__.py b/tests/__init__.py index ecdf3c8..718ae47 100644 --- a/tests/__init__.py +++ b/tests/__init__.py @@ -632,7 +632,6 @@ def create_projects(session, is_fork=False, user_id=1, hook_token_suffix=''): session.add(item) session.flush() create_locks(session, item) - session.commit() @@ -646,7 +645,6 @@ def create_projects_git(folder, bare=False): if not os.path.exists(repo_path): os.makedirs(repo_path) pygit2.init_repository(repo_path, bare=bare) - return repos @@ -675,7 +673,6 @@ def create_tokens(session, user_id=1, project_id=1): expiration=datetime.utcnow() - timedelta(days=1) ) session.add(item) - session.commit() diff --git a/tests/test_pagure_flask_api_fork.py b/tests/test_pagure_flask_api_fork.py index 6e9592a..00acee5 100644 --- a/tests/test_pagure_flask_api_fork.py +++ b/tests/test_pagure_flask_api_fork.py @@ -23,6 +23,7 @@ sys.path.insert(0, os.path.join(os.path.dirname( os.path.abspath(__file__)), '..')) import pagure.lib.query +import pagure.default_config import tests @@ -2646,6 +2647,121 @@ class PagureFlaskApiForktests(tests.Modeltests): ) @patch('pagure.lib.notify.send_email', MagicMock(return_value=True)) + def test_api_pull_request_open_project_token_different_project(self): + """Test the api_pull_request_create method with the project token + of a different project - fails""" + + tests.create_projects(self.session) + tests.create_projects_git(os.path.join(self.path, 'repos'), bare=True) + tests.create_projects_git(os.path.join(self.path, 'requests'), + bare=True) + tests.add_readme_git_repo(os.path.join(self.path, 'repos', 'test.git')) + tests.add_commit_git_repo(os.path.join(self.path, 'repos', 'test.git'), + branch='test') + tests.create_tokens(self.session, project_id=2) + tests.create_tokens_acl(self.session) + + headers = {'Authorization': 'token foo_token'} + data = { + 'title': 'Test of PR', + 'inicial comment': 'Some readme adjustment', + 'branch_to': 'master', + 'branch_from': 'test' + } + + output = self.app.post( + '/api/0/test/pull-request/new', headers=headers, data=data) + self.assertEqual(output.status_code, 401) + + + @patch('pagure.lib.notify.send_email', MagicMock(return_value=True)) + def test_api_pull_request_open_user_token_invalid_acls(self): + """Test the api_pull_request_create method with the user token, but with + no acls for opening pull request - fails""" + + tests.create_projects(self.session) + tests.create_projects_git(os.path.join(self.path, 'repos'), bare=True) + tests.create_projects_git(os.path.join(self.path, 'requests'), + bare=True) + tests.add_readme_git_repo(os.path.join(self.path, 'repos', 'test.git')) + tests.add_commit_git_repo(os.path.join(self.path, 'repos', 'test.git'), + branch='test') + tests.create_tokens(self.session, project_id=None) + for acl in ("create_project", "fork_project", "modify_project", + "update_watch_status"): + tests.create_tokens_acl(self.session, acl_name=acl) + + headers = {'Authorization': 'token aaabbbcccddd'} + data = { + 'title': 'Test of PR', + 'initial_comment': 'Some readme adjustment', + 'branch_to': 'master', + 'branch_from': 'test', + } + + output = self.app.post( + '/api/0/test/pull-request/new', headers=headers, data=data) + self.assertEqual(output.status_code, 401) + + @patch('pagure.lib.notify.send_email', MagicMock(return_value=True)) + def test_api_pull_request_open_from_branch_to_origin(self): + """Test the api_pull_request_create method from a fork to a master, + with project token of a origin with all the acls""" + + tests.create_projects(self.session) + tests.create_projects(self.session, is_fork=True, hook_token_suffix='foo') + project_query = self.session.query(pagure.lib.model.Project) + for project in project_query.filter_by(name='test').all(): + if project.parent_id == None: + parent = project + else: + child = project + tests.create_projects_git(os.path.join(self.path, 'repos'), bare=True) + tests.create_projects_git(os.path.join(self.path, 'requests'), + bare=True) + tests.add_readme_git_repo(os.path.join(self.path, 'repos', 'forks', + 'pingou', 'test.git'), branch='branch') + tests.add_commit_git_repo(os.path.join(self.path, 'repos', 'forks', + 'pingou', 'test.git'), branch='branch') + + # Create tokens + parent_token = pagure.lib.model.Token( + id='iamparenttoken', + user_id=parent.user_id, + project_id=parent.id, + expiration=datetime.datetime.utcnow() + datetime.timedelta(days=30) + ) + self.session.add(parent_token) + + fork_token = pagure.lib.model.Token( + id='iamforktoken', + user_id=child.user_id, + project_id=child.id, + expiration=datetime.datetime.utcnow() + datetime.timedelta(days=30) + ) + self.session.add(fork_token) + self.session.commit() + + tests.create_tokens_acl(self.session, token_id='iamparenttoken') + for acl in pagure.default_config.CROSS_PROJECT_ACLS: + tests.create_tokens_acl(self.session, token_id='iamforktoken', + acl_name=acl) + + headers = {'Authorization': 'token iamforktoken'} + + data = { + 'title': 'war of tomatoes', + 'initial_comment': 'the manifest', + 'branch_to': 'master', + 'branch_from': 'branch', + } + + output = self.app.post('/api/0/fork/pingou/test/pull-request/new', + headers=headers, data=data) + self.assertEqual(output.status_code, 200) + + + @patch('pagure.lib.notify.send_email', MagicMock(return_value=True)) def test_api_pull_request_open(self): """ Test the api_pull_request_create method of the flask api. """