#4251 Add acls pull_request for user api token
Merged 5 years ago by pingou. Opened 5 years ago by lenkaseg.
Unknown source acls  into  master

@@ -368,6 +368,7 @@

      "fork_project",

      "modify_project",

      "update_watch_status",

+     "pull_request_create",

  ]

  

  # ACLs with which admins are allowed to create project-less API tokens

file modified
-3
@@ -632,7 +632,6 @@

      session.add(item)

      session.flush()

      create_locks(session, item)

- 

      session.commit()

  

  
@@ -646,7 +645,6 @@

          if not os.path.exists(repo_path):

              os.makedirs(repo_path)

          pygit2.init_repository(repo_path, bare=bare)

- 

      return repos

  

  
@@ -675,7 +673,6 @@

          expiration=datetime.utcnow() - timedelta(days=1)

      )

      session.add(item)

- 

      session.commit()

  

  

@@ -23,6 +23,7 @@

      os.path.abspath(__file__)), '..'))

  

  import pagure.lib.query

+ import pagure.default_config

  import tests

  

  
@@ -2646,6 +2647,121 @@

          )

  

      @patch('pagure.lib.notify.send_email', MagicMock(return_value=True))

+     def test_api_pull_request_open_project_token_different_project(self):

+         """Test the api_pull_request_create method with the project token

+         of a different project - fails"""

+ 

+         tests.create_projects(self.session)

+         tests.create_projects_git(os.path.join(self.path, 'repos'), bare=True)

+         tests.create_projects_git(os.path.join(self.path, 'requests'),

+                 bare=True)

+         tests.add_readme_git_repo(os.path.join(self.path, 'repos', 'test.git'))

+         tests.add_commit_git_repo(os.path.join(self.path, 'repos', 'test.git'),

+                 branch='test')

+         tests.create_tokens(self.session, project_id=2)

+         tests.create_tokens_acl(self.session)

+ 

+         headers = {'Authorization': 'token foo_token'}

+         data = {

+             'title': 'Test of PR',

+             'inicial comment': 'Some readme adjustment',

+             'branch_to': 'master',

+             'branch_from': 'test'

+         }

+ 

+         output = self.app.post(

+                 '/api/0/test/pull-request/new', headers=headers, data=data)

+         self.assertEqual(output.status_code, 401)

+ 

+ 

+     @patch('pagure.lib.notify.send_email', MagicMock(return_value=True))

+     def test_api_pull_request_open_user_token_invalid_acls(self):

+         """Test the api_pull_request_create method with the user token, but with

+         no acls for opening pull request - fails"""

+ 

+         tests.create_projects(self.session)

+         tests.create_projects_git(os.path.join(self.path, 'repos'), bare=True)

+         tests.create_projects_git(os.path.join(self.path, 'requests'),

+                                   bare=True)

+         tests.add_readme_git_repo(os.path.join(self.path, 'repos', 'test.git'))

+         tests.add_commit_git_repo(os.path.join(self.path, 'repos', 'test.git'),

+                                   branch='test')

+         tests.create_tokens(self.session, project_id=None)

+         for acl in ("create_project", "fork_project", "modify_project",

+                     "update_watch_status"):

+             tests.create_tokens_acl(self.session, acl_name=acl)

+ 

+         headers = {'Authorization': 'token aaabbbcccddd'}

+         data = {

+             'title': 'Test of PR',

+             'initial_comment': 'Some readme adjustment',

+             'branch_to': 'master',

+             'branch_from': 'test',

+             }

+ 

+         output = self.app.post(

+             '/api/0/test/pull-request/new', headers=headers, data=data)

+         self.assertEqual(output.status_code, 401)

+ 

+     @patch('pagure.lib.notify.send_email', MagicMock(return_value=True))

+     def test_api_pull_request_open_from_branch_to_origin(self):

+         """Test the api_pull_request_create method from a fork to a master,

+        with project token of a origin with all the acls"""

+ 

+         tests.create_projects(self.session)

+         tests.create_projects(self.session, is_fork=True, hook_token_suffix='foo')

+         project_query = self.session.query(pagure.lib.model.Project)

+         for project in project_query.filter_by(name='test').all():

+             if project.parent_id == None:

+                 parent = project

+             else:

+                 child = project

+         tests.create_projects_git(os.path.join(self.path, 'repos'), bare=True)

+         tests.create_projects_git(os.path.join(self.path, 'requests'),

+                                     bare=True)

+         tests.add_readme_git_repo(os.path.join(self.path, 'repos', 'forks',

+             'pingou', 'test.git'), branch='branch')

+         tests.add_commit_git_repo(os.path.join(self.path, 'repos', 'forks',

+             'pingou', 'test.git'), branch='branch')

+ 

+         # Create tokens

+         parent_token = pagure.lib.model.Token(

+             id='iamparenttoken',

+             user_id=parent.user_id,

+             project_id=parent.id,

+             expiration=datetime.datetime.utcnow() + datetime.timedelta(days=30)

+         )

+         self.session.add(parent_token)

+ 

+         fork_token = pagure.lib.model.Token(

+             id='iamforktoken',

+             user_id=child.user_id,

+             project_id=child.id,

+             expiration=datetime.datetime.utcnow() + datetime.timedelta(days=30)

+         )

+         self.session.add(fork_token)

+         self.session.commit()

+ 

+         tests.create_tokens_acl(self.session, token_id='iamparenttoken')

+         for acl in pagure.default_config.CROSS_PROJECT_ACLS:

+             tests.create_tokens_acl(self.session, token_id='iamforktoken',

+                     acl_name=acl)

+ 

+         headers = {'Authorization': 'token iamforktoken'}

+ 

+         data = {

+             'title': 'war of tomatoes',

+             'initial_comment': 'the manifest',

+             'branch_to': 'master',

+             'branch_from': 'branch',

+             }

+ 

+         output = self.app.post('/api/0/fork/pingou/test/pull-request/new',

+                 headers=headers, data=data)

+         self.assertEqual(output.status_code, 200)

+ 

+ 

+     @patch('pagure.lib.notify.send_email', MagicMock(return_value=True))

      def test_api_pull_request_open(self):

          """ Test the api_pull_request_create method of the flask api. """

  

Now it's possible to use both user token and project token to open a pull request with the API.
I made sure a pull request cannot be open with another project token.

Looks good, it will need tests though :)

True, I will write them!

1 new commit added

  • acl tests
5 years ago

rebased onto d67624e7191fb2e6da73b18d5ee7803b6653b0db

5 years ago

rebased onto 1f0de2546eb8c544b0907f32b7da09bd014eed08

5 years ago

I have an impression that the def setup for my test function will not be generally liked, but I don't know if it's better to split it to the appropriate functions in the __init__.py module or better move it to the test_pagure_flask_api_fork.py inside the test_api_pull_request_user_token?

pretty please pagure-ci rebuild

5 years ago

pretty please pagure-ci rebuild

5 years ago

We'll need a more descriptive name :)

We already have methods to create projects as well as git repos and tokens, we should be able to just reuse them :)

hm, I'm only see changes to the test and to one default value in the configuration, is that expected?

rebased onto 4e94ed70077a0fc82ac9befce5a596d2b1bac9be

5 years ago

hm, I'm only see changes to the test and to one default value in the configuration, is that expected?

yes, it is :)

We already have methods to create projects as well as git repos and tokens, we should be able to just reuse them :)

And how about the specific test just sets it's own resources? :) (I just wanted to make sure there are no interferences for this specific case)

And how about the specific test just sets it's own resources? :) (I just wanted to make sure there are no interferences for this specific case)

Doable but each run starts from a clean slate and just the setUp is called before the method, so up to you :)

Doable but each run starts from a clean slate and just the setUp is called before the method, so up to you :)

Ok, I will try to fit it into the init.py methods :)

rebased onto 41065360a99ade83bf98a607b1276e7125a39ba0

5 years ago

branch: master
change: no, tests: no
expected: pass
actual: pass

branch: acls
change: yes, tests: yes
expected: pass
actual: pass

branch: master_acl_tests
change: no, tests: yes
expected: fail
actual: fail
failed tests: 1
failed test: test_api_pull_request_open_from_branch_to_origin
AssertionError: 401 != 200

rebased onto d2ff0bbcf5ec17af233915f5358234f25e97d4fd

5 years ago

I reused the methods for creating projects, repos and tokens and removed the setup_for_my_function thing.

rebased onto 8250a2ea39dc47e7cb6912a01e668207a0aa4079

5 years ago

Seems I broke 11 other tests with trying to fit it in already made methods :(

rebased onto c93acb3b9438985f49e5946d2d90ef116964cfe1

5 years ago

Only 1 test broken now..let's see if I can fix it. Hints very welcomed :)

rebased onto b1065bf51a46846ef574a9e3f440518d3a973d5b

5 years ago

rebased onto c22f0a20c894492132e4b7813cb9e5524e2982f9

5 years ago

test_pagure_lib.py is failing on master too

rebased onto 2409e93cf207aa2c55365c177a548d5cfe6ee204

5 years ago

Looks good to me, thanks for adjusting the tests :)

If jenkins is happy, we'll get this in :)

rebased onto 3d9cf63

5 years ago

Pull-Request has been merged by pingou

5 years ago