| |
@@ -0,0 +1,299 @@
|
| |
+ # -*- coding: utf-8 -*-
|
| |
+
|
| |
+ """
|
| |
+ (c) 2018 - Copyright Red Hat Inc
|
| |
+
|
| |
+ Authors:
|
| |
+ Pierre-Yves Chibon <pingou@pingoured.fr>
|
| |
+
|
| |
+ """
|
| |
+
|
| |
+ from __future__ import unicode_literals
|
| |
+
|
| |
+ __requires__ = ['SQLAlchemy >= 0.8']
|
| |
+ import pkg_resources
|
| |
+
|
| |
+ import copy
|
| |
+ import datetime
|
| |
+ import unittest
|
| |
+ import shutil
|
| |
+ import sys
|
| |
+ import time
|
| |
+ import os
|
| |
+
|
| |
+ import json
|
| |
+ from mock import patch, MagicMock
|
| |
+
|
| |
+ sys.path.insert(0, os.path.join(os.path.dirname(
|
| |
+ os.path.abspath(__file__)), '..'))
|
| |
+
|
| |
+ import pagure
|
| |
+ import pagure.lib
|
| |
+ import tests
|
| |
+
|
| |
+
|
| |
+ class PagureFlaskApiProjectUpdateWatchTests(tests.Modeltests):
|
| |
+ """ Tests for the flask API of pagure for changing the watch status on
|
| |
+ a project via the API
|
| |
+ """
|
| |
+
|
| |
+ @patch('pagure.lib.notify.send_email', MagicMock(return_value=True))
|
| |
+ def setUp(self):
|
| |
+ """ Set up the environnment, ran before every tests. """
|
| |
+ super(PagureFlaskApiProjectUpdateWatchTests, self).setUp()
|
| |
+
|
| |
+ tests.create_projects(self.session)
|
| |
+ tests.create_projects_git(os.path.join(self.path, 'tickets'))
|
| |
+ tests.create_tokens(self.session)
|
| |
+ tests.create_tokens_acl(self.session)
|
| |
+
|
| |
+ # Create normal issue
|
| |
+ repo = pagure.lib.get_authorized_project(self.session, 'test')
|
| |
+ msg = pagure.lib.new_issue(
|
| |
+ session=self.session,
|
| |
+ repo=repo,
|
| |
+ title='Test issue #1',
|
| |
+ content='We should work on this',
|
| |
+ user='pingou',
|
| |
+ ticketfolder=None,
|
| |
+ private=False,
|
| |
+ )
|
| |
+ self.session.commit()
|
| |
+ self.assertEqual(msg.title, 'Test issue #1')
|
| |
+
|
| |
+ # Create project-less token for user foo
|
| |
+ item = pagure.lib.model.Token(
|
| |
+ id='project-less-foo',
|
| |
+ user_id=1,
|
| |
+ project_id=None,
|
| |
+ expiration=datetime.datetime.utcnow()
|
| |
+ + datetime.timedelta(days=30)
|
| |
+ )
|
| |
+ self.session.add(item)
|
| |
+ self.session.commit()
|
| |
+ tests.create_tokens_acl(self.session, token_id='project-less-foo')
|
| |
+
|
| |
+ def test_api_update_project_watchers_invalid_project(self):
|
| |
+ """ Test the api_update_project_watchers method of the flask api. """
|
| |
+
|
| |
+ headers = {'Authorization': 'token aaabbbcccddd'}
|
| |
+
|
| |
+ # Invalid project
|
| |
+ output = self.app.post(
|
| |
+ '/api/0/foobar/watchers/update', headers=headers)
|
| |
+ self.assertEqual(output.status_code, 404)
|
| |
+ data = json.loads(output.get_data(as_text=True))
|
| |
+ self.assertDictEqual(
|
| |
+ data,
|
| |
+ {
|
| |
+ "error": "Project not found",
|
| |
+ "error_code": "ENOPROJECT",
|
| |
+ }
|
| |
+ )
|
| |
+
|
| |
+ def test_api_change_status_issue_token_not_for_project(self):
|
| |
+ """ Test the api_update_project_watchers method of the flask api. """
|
| |
+
|
| |
+ headers = {'Authorization': 'token aaabbbcccddd'}
|
| |
+
|
| |
+ # Valid token, wrong project
|
| |
+ output = self.app.post(
|
| |
+ '/api/0/test2/watchers/update', headers=headers)
|
| |
+ self.assertEqual(output.status_code, 401)
|
| |
+ data = json.loads(output.get_data(as_text=True))
|
| |
+ self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.name,
|
| |
+ data['error_code'])
|
| |
+ self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data['error'])
|
| |
+
|
| |
+ def test_api_update_project_watchers_no_user_watching(self):
|
| |
+ """ Test the api_update_project_watchers method of the flask api. """
|
| |
+
|
| |
+ headers = {'Authorization': 'token aaabbbcccddd'}
|
| |
+ data = {
|
| |
+ 'status': '42',
|
| |
+ }
|
| |
+
|
| |
+ output = self.app.post(
|
| |
+ '/api/0/test/watchers/update', headers=headers, data=data)
|
| |
+ self.assertEqual(output.status_code, 400)
|
| |
+ data = json.loads(output.get_data(as_text=True))
|
| |
+ self.assertDictEqual(
|
| |
+ data,
|
| |
+ {
|
| |
+ u'error': u'Invalid or incomplete input submitted',
|
| |
+ u'error_code': u'EINVALIDREQ'
|
| |
+ }
|
| |
+ )
|
| |
+
|
| |
+ def test_api_update_project_watchers_no_watch_status(self):
|
| |
+ """ Test the api_update_project_watchers method of the flask api. """
|
| |
+
|
| |
+ headers = {'Authorization': 'token aaabbbcccddd'}
|
| |
+ data = {
|
| |
+ 'watcher': 'pingou',
|
| |
+ }
|
| |
+
|
| |
+ output = self.app.post(
|
| |
+ '/api/0/test/watchers/update', headers=headers, data=data)
|
| |
+ self.assertEqual(output.status_code, 400)
|
| |
+ data = json.loads(output.get_data(as_text=True))
|
| |
+ self.assertDictEqual(
|
| |
+ data,
|
| |
+ {
|
| |
+ u'error': u'The watch value of "None" is invalid',
|
| |
+ u'error_code': u'ENOCODE'
|
| |
+ }
|
| |
+ )
|
| |
+
|
| |
+ def test_api_update_project_watchers_invalid_status(self):
|
| |
+ """ Test the api_update_project_watchers method of the flask api. """
|
| |
+
|
| |
+ headers = {'Authorization': 'token aaabbbcccddd'}
|
| |
+ data = {
|
| |
+ 'watcher': 'pingou',
|
| |
+ 'status': '42',
|
| |
+ }
|
| |
+
|
| |
+ output = self.app.post(
|
| |
+ '/api/0/test/watchers/update', headers=headers, data=data)
|
| |
+ self.assertEqual(output.status_code, 400)
|
| |
+ data = json.loads(output.get_data(as_text=True))
|
| |
+ self.assertDictEqual(
|
| |
+ data,
|
| |
+ {
|
| |
+ u'error': u'The watch value of "42" is invalid',
|
| |
+ u'error_code': u'ENOCODE'
|
| |
+ }
|
| |
+ )
|
| |
+
|
| |
+ def test_api_update_project_watchers_invalid_user(self):
|
| |
+ """ Test the api_update_project_watchers method of the flask api. """
|
| |
+
|
| |
+ headers = {'Authorization': 'token aaabbbcccddd'}
|
| |
+ data = {
|
| |
+ 'watcher': 'example',
|
| |
+ 'status': '2',
|
| |
+ }
|
| |
+
|
| |
+ output = self.app.post(
|
| |
+ '/api/0/test/watchers/update', headers=headers, data=data)
|
| |
+ self.assertEqual(output.status_code, 401)
|
| |
+ data = json.loads(output.get_data(as_text=True))
|
| |
+ self.assertDictEqual(
|
| |
+ data,
|
| |
+ {
|
| |
+ u'error': u'You are not allowed to modify this project',
|
| |
+ u'error_code': u'EMODIFYPROJECTNOTALLOWED'
|
| |
+ }
|
| |
+ )
|
| |
+
|
| |
+ def test_api_update_project_watchers_other_user(self):
|
| |
+ """ Test the api_update_project_watchers method of the flask api. """
|
| |
+
|
| |
+ headers = {'Authorization': 'token aaabbbcccddd'}
|
| |
+ data = {
|
| |
+ 'watcher': 'foo',
|
| |
+ 'status': '2',
|
| |
+ }
|
| |
+
|
| |
+ output = self.app.post(
|
| |
+ '/api/0/test/watchers/update', headers=headers, data=data)
|
| |
+ self.assertEqual(output.status_code, 401)
|
| |
+ data = json.loads(output.get_data(as_text=True))
|
| |
+ self.assertDictEqual(
|
| |
+ data,
|
| |
+ {
|
| |
+ u'error': u'You are not allowed to modify this project',
|
| |
+ u'error_code': u'EMODIFYPROJECTNOTALLOWED'
|
| |
+ }
|
| |
+ )
|
| |
+
|
| |
+ def test_api_update_project_watchers_all_good(self):
|
| |
+ """ Test the api_update_project_watchers method of the flask api. """
|
| |
+
|
| |
+ headers = {'Authorization': 'token aaabbbcccddd'}
|
| |
+ data = {
|
| |
+ 'watcher': 'pingou',
|
| |
+ 'status': 1,
|
| |
+ }
|
| |
+
|
| |
+ output = self.app.post(
|
| |
+ '/api/0/test/watchers/update', headers=headers, data=data)
|
| |
+ self.assertEqual(output.status_code, 200)
|
| |
+ data = json.loads(output.get_data(as_text=True))
|
| |
+ self.assertDictEqual(
|
| |
+ data,
|
| |
+ {
|
| |
+ u'message': u'You are now watching issues and PRs on this project',
|
| |
+ u'status': u'ok'
|
| |
+ }
|
| |
+ )
|
| |
+
|
| |
+ @patch('pagure.utils.is_admin', MagicMock(return_value=True))
|
| |
+ def test_api_update_project_watchers_other_user_admin(self):
|
| |
+ """ Test the api_update_project_watchers method of the flask api. """
|
| |
+
|
| |
+ headers = {'Authorization': 'token aaabbbcccddd'}
|
| |
+ data = {
|
| |
+ 'watcher': 'foo',
|
| |
+ 'status': '2',
|
| |
+ }
|
| |
+
|
| |
+ output = self.app.post(
|
| |
+ '/api/0/test/watchers/update', headers=headers, data=data)
|
| |
+ self.assertEqual(output.status_code, 200)
|
| |
+ data = json.loads(output.get_data(as_text=True))
|
| |
+ self.assertDictEqual(
|
| |
+ data,
|
| |
+ {
|
| |
+ u'message': u'You are now watching commits on this project',
|
| |
+ u'status': u'ok'
|
| |
+ }
|
| |
+ )
|
| |
+
|
| |
+ @patch('pagure.utils.is_admin', MagicMock(return_value=True))
|
| |
+ def test_api_update_project_watchers_invalid_user_admin(self):
|
| |
+ """ Test the api_update_project_watchers method of the flask api. """
|
| |
+
|
| |
+ headers = {'Authorization': 'token aaabbbcccddd'}
|
| |
+ data = {
|
| |
+ 'watcher': 'example',
|
| |
+ 'status': '2',
|
| |
+ }
|
| |
+
|
| |
+ output = self.app.post(
|
| |
+ '/api/0/test/watchers/update', headers=headers, data=data)
|
| |
+ self.assertEqual(output.status_code, 400)
|
| |
+ data = json.loads(output.get_data(as_text=True))
|
| |
+ self.assertDictEqual(
|
| |
+ data,
|
| |
+ {
|
| |
+ u'error': u'Invalid or incomplete input submitted',
|
| |
+ u'error_code': u'EINVALIDREQ'
|
| |
+ }
|
| |
+ )
|
| |
+
|
| |
+ @patch('pagure.utils.is_admin', MagicMock(return_value=True))
|
| |
+ def test_api_update_project_watchers_missing_user_admin(self):
|
| |
+ """ Test the api_update_project_watchers method of the flask api. """
|
| |
+
|
| |
+ headers = {'Authorization': 'token aaabbbcccddd'}
|
| |
+ data = {
|
| |
+ 'status': '2',
|
| |
+ }
|
| |
+
|
| |
+ output = self.app.post(
|
| |
+ '/api/0/test/watchers/update', headers=headers, data=data)
|
| |
+ self.assertEqual(output.status_code, 400)
|
| |
+ data = json.loads(output.get_data(as_text=True))
|
| |
+ self.assertDictEqual(
|
| |
+ data,
|
| |
+ {
|
| |
+ u'error': u'Invalid or incomplete input submitted',
|
| |
+ u'error_code': u'EINVALIDREQ'
|
| |
+ }
|
| |
+ )
|
| |
+
|
| |
+
|
| |
+ if __name__ == '__main__':
|
| |
+ unittest.main(verbosity=2)
|
| |
With this people with the appropriate API token will be able to adjust
their own watch status and instance-wide admins will be able to do it
for any user.
Fixes https://pagure.io/pagure/issue/3205
Fixes https://pagure.io/pagure/issue/3174
Signed-off-by: Pierre-Yves Chibon pingou@pingoured.fr