Role management

Adding and deleting roles

Author: di

tests/unit/manage/__init__.py

@@ -0,0 +1,11 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.

tests/unit/manage/test_forms.py

@@ -0,0 +1,71 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import pretend
+import pytest
+import wtforms
+
+from webob.multidict import MultiDict
+
+from warehouse.manage import forms
+
+
+class TestCreateRoleForm:
+
+    def test_creation(self):
+        user_service = pretend.stub()
+        form = forms.CreateRoleForm(user_service=user_service)
+
+        assert form.user_service is user_service
+
+    def test_validate_username_with_no_user(self):
+        user_service = pretend.stub(
+            find_userid=pretend.call_recorder(lambda userid: None),
+        )
+        form = forms.CreateRoleForm(user_service=user_service)
+        field = pretend.stub(data="my_username")
+
+        with pytest.raises(wtforms.validators.ValidationError):
+            form.validate_username(field)
+
+        assert user_service.find_userid.calls == [pretend.call("my_username")]
+
+    def test_validate_username_with_user(self):
+        user_service = pretend.stub(
+            find_userid=pretend.call_recorder(lambda userid: 1),
+        )
+        form = forms.CreateRoleForm(user_service=user_service)
+        field = pretend.stub(data="my_username")
+
+        form.validate_username(field)
+
+        assert user_service.find_userid.calls == [pretend.call("my_username")]
+
+    @pytest.mark.parametrize(("value", "expected"), [
+        ("", "Must select a role"),
+        ("invalid", "Not a valid choice"),
+        (None, "Not a valid choice"),
+    ])
+    def test_validate_role_name_fails(self, value, expected):
+        user_service = pretend.stub(
+            find_userid=pretend.call_recorder(lambda userid: 1),
+        )
+        form = forms.CreateRoleForm(
+            MultiDict({
+                'role_name': value,
+                'username': 'valid_username',
+            }),
+            user_service=user_service,
+        )
+
+        assert not form.validate()
+        assert form.role_name.errors == [expected]

tests/unit/manage/test_views.py

@@ -10,9 +10,18 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+import uuid
+
 import pretend
 
+from pyramid.httpexceptions import HTTPSeeOther
+from webob.multidict import MultiDict
+
 from warehouse.manage import views
+from warehouse.accounts.interfaces import IUserService
+from warehouse.packaging.models import Role
+
+from ...common.db.packaging import ProjectFactory, RoleFactory, UserFactory
 
 
 class TestManageProfile:
@@ -40,3 +49,245 @@ def test_manage_project_settings(self):
         assert views.manage_project_settings(project, request) == {
             "project": project,
         }
+
+
+class TestManageProjectRoles:
+
+    def test_get_manage_project_roles(self, db_request):
+        user_service = pretend.stub()
+        db_request.find_service = pretend.call_recorder(
+            lambda iface, context: user_service
+        )
+        form_obj = pretend.stub()
+        form_class = pretend.call_recorder(lambda d, user_service: form_obj)
+
+        project = ProjectFactory.create(name="foobar")
+        user = UserFactory.create()
+        role = RoleFactory.create(user=user, project=project)
+
+        result = views.manage_project_roles(
+            project, db_request, _form_class=form_class
+        )
+
+        assert db_request.find_service.calls == [
+            pretend.call(IUserService, context=None),
+        ]
+        assert form_class.calls == [
+            pretend.call(db_request.POST, user_service=user_service),
+        ]
+        assert result == {
+            "project": project,
+            "roles": [role],
+            "form": form_obj,
+        }
+
+    def test_post_new_role_validation_fails(self, db_request):
+        project = ProjectFactory.create(name="foobar")
+        user = UserFactory.create(username="testuser")
+        role = RoleFactory.create(user=user, project=project)
+
+        user_service = pretend.stub()
+        db_request.find_service = pretend.call_recorder(
+            lambda iface, context: user_service
+        )
+        db_request.method = "POST"
+        form_obj = pretend.stub(validate=pretend.call_recorder(lambda: False))
+        form_class = pretend.call_recorder(lambda d, user_service: form_obj)
+
+        result = views.manage_project_roles(
+            project, db_request, _form_class=form_class
+        )
+
+        assert db_request.find_service.calls == [
+            pretend.call(IUserService, context=None),
+        ]
+        assert form_class.calls == [
+            pretend.call(db_request.POST, user_service=user_service),
+        ]
+        assert form_obj.validate.calls == [pretend.call()]
+        assert result == {
+            "project": project,
+            "roles": [role],
+            "form": form_obj,
+        }
+
+    def test_post_new_role(self, db_request):
+        project = ProjectFactory.create(name="foobar")
+        user = UserFactory.create(username="testuser")
+
+        user_service = pretend.stub(
+            find_userid=lambda username: user.id,
+            get_user=lambda userid: user,
+        )
+        db_request.find_service = pretend.call_recorder(
+            lambda iface, context: user_service
+        )
+        db_request.method = "POST"
+        db_request.POST = pretend.stub()
+        form_obj = pretend.stub(
+            validate=pretend.call_recorder(lambda: True),
+            username=pretend.stub(data=user.username),
+            role_name=pretend.stub(data="Owner"),
+        )
+        form_class = pretend.call_recorder(lambda *a, **kw: form_obj)
+        db_request.session = pretend.stub(
+            flash=pretend.call_recorder(lambda *a, **kw: None),
+        )
+
+        result = views.manage_project_roles(
+            project, db_request, _form_class=form_class
+        )
+
+        assert db_request.find_service.calls == [
+            pretend.call(IUserService, context=None),
+        ]
+        assert form_obj.validate.calls == [pretend.call()]
+        assert form_class.calls == [
+            pretend.call(db_request.POST, user_service=user_service),
+            pretend.call(user_service=user_service),
+        ]
+        assert db_request.session.flash.calls == [
+            pretend.call("Added collaborator 'testuser'", queue="success"),
+        ]
+
+        # Only one role is created
+        role = db_request.db.query(Role).one()
+
+        assert result == {
+            "project": project,
+            "roles": [role],
+            "form": form_obj,
+        }
+
+    def test_post_duplicate_role(self, db_request):
+        project = ProjectFactory.create(name="foobar")
+        user = UserFactory.create(username="testuser")
+        role = RoleFactory.create(
+            user=user, project=project, role_name="Owner"
+        )
+
+        user_service = pretend.stub(
+            find_userid=lambda username: user.id,
+            get_user=lambda userid: user,
+        )
+        db_request.find_service = pretend.call_recorder(
+            lambda iface, context: user_service
+        )
+        db_request.method = "POST"
+        db_request.POST = pretend.stub()
+        form_obj = pretend.stub(
+            validate=pretend.call_recorder(lambda: True),
+            username=pretend.stub(data=user.username),
+            role_name=pretend.stub(data=role.role_name),
+        )
+        form_class = pretend.call_recorder(lambda *a, **kw: form_obj)
+        db_request.session = pretend.stub(
+            flash=pretend.call_recorder(lambda *a, **kw: None),
+        )
+
+        result = views.manage_project_roles(
+            project, db_request, _form_class=form_class
+        )
+
+        assert db_request.find_service.calls == [
+            pretend.call(IUserService, context=None),
+        ]
+        assert form_obj.validate.calls == [pretend.call()]
+        assert form_class.calls == [
+            pretend.call(db_request.POST, user_service=user_service),
+            pretend.call(user_service=user_service),
+        ]
+        assert db_request.session.flash.calls == [
+            pretend.call(
+                "User 'testuser' already has Owner role for project",
+                queue="error",
+            ),
+        ]
+
+        # No additional roles are created
+        assert role == db_request.db.query(Role).one()
+
+        assert result == {
+            "project": project,
+            "roles": [role],
+            "form": form_obj,
+        }
+
+
+class TestDeleteProjectRoles:
+
+    def test_delete_role(self, db_request):
+        project = ProjectFactory.create(name="foobar")
+        user = UserFactory.create(username="testuser")
+        role = RoleFactory.create(
+            user=user, project=project, role_name="Owner"
+        )
+
+        db_request.method = "POST"
+        db_request.user = pretend.stub()
+        db_request.POST = MultiDict({"role_id": role.id})
+        db_request.session = pretend.stub(
+            flash=pretend.call_recorder(lambda *a, **kw: None),
+        )
+        db_request.route_path = pretend.call_recorder(
+            lambda *a, **kw: "/the-redirect"
+        )
+
+        result = views.delete_project_role(project, db_request)
+
+        assert db_request.route_path.calls == [
+            pretend.call('manage.project.roles', name=project.name),
+        ]
+        assert db_request.db.query(Role).all() == []
+        assert db_request.session.flash.calls == [
+            pretend.call("Successfully removed role", queue="success"),
+        ]
+        assert isinstance(result, HTTPSeeOther)
+        assert result.headers["Location"] == "/the-redirect"
+
+    def test_delete_missing_role(self, db_request):
+        project = ProjectFactory.create(name="foobar")
+        missing_role_id = str(uuid.uuid4())
+
+        db_request.method = "POST"
+        db_request.user = pretend.stub()
+        db_request.POST = MultiDict({"role_id": missing_role_id})
+        db_request.session = pretend.stub(
+            flash=pretend.call_recorder(lambda *a, **kw: None),
+        )
+        db_request.route_path = pretend.call_recorder(
+            lambda *a, **kw: "/the-redirect"
+        )
+
+        result = views.delete_project_role(project, db_request)
+
+        assert db_request.session.flash.calls == [
+            pretend.call("Could not find role", queue="error"),
+        ]
+        assert isinstance(result, HTTPSeeOther)
+        assert result.headers["Location"] == "/the-redirect"
+
+    def test_delete_own_owner_role(self, db_request):
+        project = ProjectFactory.create(name="foobar")
+        user = UserFactory.create(username="testuser")
+        role = RoleFactory.create(
+            user=user, project=project, role_name="Owner"
+        )
+
+        db_request.method = "POST"
+        db_request.user = user
+        db_request.POST = MultiDict({"role_id": role.id})
+        db_request.session = pretend.stub(
+            flash=pretend.call_recorder(lambda *a, **kw: None),
+        )
+        db_request.route_path = pretend.call_recorder(
+            lambda *a, **kw: "/the-redirect"
+        )
+
+        result = views.delete_project_role(project, db_request)
+
+        assert db_request.session.flash.calls == [
+            pretend.call("Cannot remove yourself as Owner", queue="error"),
+        ]
+        assert isinstance(result, HTTPSeeOther)
+        assert result.headers["Location"] == "/the-redirect"

tests/unit/test_routes.py

@@ -132,6 +132,20 @@ def add_policy(name, filename):
             traverse="/{name}",
             domain=warehouse,
         ),
+        pretend.call(
+            "manage.project.roles",
+            "/project/{name}/collaboration/",
+            factory="warehouse.packaging.models:ProjectFactory",
+            traverse="/{name}",
+            domain=warehouse,
+        ),
+        pretend.call(
+            "manage.project.delete_role",
+            "/project/{name}/collaboration/delete/",
+            factory="warehouse.packaging.models:ProjectFactory",
+            traverse="/{name}",
+            domain=warehouse,
+        ),
         pretend.call(
             "packaging.project",
             "/project/{name}/",

warehouse/manage/__init__.py

@@ -1,2 +1,15 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
 def includeme(config):
     pass