Merge lp:~cjwatson/launchpad/git-permissions-ui-edit into lp:launchpad
- git-permissions-ui-edit
- Merge into devel
Status: | Superseded | ||||
---|---|---|---|---|---|
Proposed branch: | lp:~cjwatson/launchpad/git-permissions-ui-edit | ||||
Merge into: | lp:launchpad | ||||
Prerequisite: | lp:~cjwatson/launchpad/snapshot-modifying-helper | ||||
Diff against target: |
2295 lines (+2023/-8) 13 files modified
lib/lp/code/browser/configure.zcml (+6/-0) lib/lp/code/browser/gitrepository.py (+486/-4) lib/lp/code/browser/tests/test_gitrepository.py (+612/-1) lib/lp/code/browser/widgets/gitgrantee.py (+253/-0) lib/lp/code/browser/widgets/templates/gitgrantee.pt (+27/-0) lib/lp/code/browser/widgets/tests/test_gitgrantee.py (+305/-0) lib/lp/code/interfaces/gitrepository.py (+6/-1) lib/lp/code/interfaces/gitrule.py (+4/-0) lib/lp/code/model/gitrepository.py (+12/-1) lib/lp/code/model/gitrule.py (+7/-0) lib/lp/code/model/tests/test_gitrepository.py (+111/-1) lib/lp/code/model/tests/test_gitrule.py (+2/-0) lib/lp/code/templates/gitrepository-permissions.pt (+192/-0) |
||||
To merge this branch: | bzr merge lp:~cjwatson/launchpad/git-permissions-ui-edit | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Launchpad code reviewers | Pending | ||
Review via email: mp+358099@code.launchpad.net |
This proposal has been superseded by a proposal from 2018-11-09.
Commit message
Add a Git repository permissions view.
Description of the change
This was very substantially complicated by not wanting to invest the time in a JS-based interface just yet (and wanting to have a non-JS fallback, in any case). Given that, we need to be able to cram everything into a single form which can be submitted in one go and specify the new state of the entire permissions structure. The UI-level separation between protected branches and protected tags also makes things hard, particularly when it comes to lining up columns consistently. This is the best I was able to do given those constraints; some bits are quite ugly (especially rule positions), but I think it's tolerable, and it should allow for future JS-based enhancement.
Example screenshot: https:/
This isn't ready for review yet since it has multiple prerequisites (https:/
Preview Diff
1 | === modified file 'lib/lp/code/browser/configure.zcml' | |||
2 | --- lib/lp/code/browser/configure.zcml 2018-11-08 11:40:25 +0000 | |||
3 | +++ lib/lp/code/browser/configure.zcml 2018-11-09 22:50:10 +0000 | |||
4 | @@ -871,6 +871,12 @@ | |||
5 | 871 | </class> | 871 | </class> |
6 | 872 | <browser:page | 872 | <browser:page |
7 | 873 | for="lp.code.interfaces.gitrepository.IGitRepository" | 873 | for="lp.code.interfaces.gitrepository.IGitRepository" |
8 | 874 | class="lp.code.browser.gitrepository.GitRepositoryPermissionsView" | ||
9 | 875 | name="+permissions" | ||
10 | 876 | permission="launchpad.Edit" | ||
11 | 877 | template="../templates/gitrepository-permissions.pt"/> | ||
12 | 878 | <browser:page | ||
13 | 879 | for="lp.code.interfaces.gitrepository.IGitRepository" | ||
14 | 874 | class="lp.code.browser.gitrepository.GitRepositoryDeletionView" | 880 | class="lp.code.browser.gitrepository.GitRepositoryDeletionView" |
15 | 875 | permission="launchpad.Edit" | 881 | permission="launchpad.Edit" |
16 | 876 | name="+delete" | 882 | name="+delete" |
17 | 877 | 883 | ||
18 | === modified file 'lib/lp/code/browser/gitrepository.py' | |||
19 | --- lib/lp/code/browser/gitrepository.py 2018-11-08 15:53:56 +0000 | |||
20 | +++ lib/lp/code/browser/gitrepository.py 2018-11-09 22:50:10 +0000 | |||
21 | @@ -17,10 +17,13 @@ | |||
22 | 17 | 'GitRepositoryEditReviewerView', | 17 | 'GitRepositoryEditReviewerView', |
23 | 18 | 'GitRepositoryEditView', | 18 | 'GitRepositoryEditView', |
24 | 19 | 'GitRepositoryNavigation', | 19 | 'GitRepositoryNavigation', |
25 | 20 | 'GitRepositoryPermissionsView', | ||
26 | 20 | 'GitRepositoryURL', | 21 | 'GitRepositoryURL', |
27 | 21 | 'GitRepositoryView', | 22 | 'GitRepositoryView', |
28 | 22 | ] | 23 | ] |
29 | 23 | 24 | ||
30 | 25 | import base64 | ||
31 | 26 | |||
32 | 24 | from lazr.lifecycle.event import ObjectModifiedEvent | 27 | from lazr.lifecycle.event import ObjectModifiedEvent |
33 | 25 | from lazr.lifecycle.snapshot import Snapshot | 28 | from lazr.lifecycle.snapshot import Snapshot |
34 | 26 | from lazr.restful.interface import ( | 29 | from lazr.restful.interface import ( |
35 | @@ -34,14 +37,21 @@ | |||
36 | 34 | from zope.component import getUtility | 37 | from zope.component import getUtility |
37 | 35 | from zope.event import notify | 38 | from zope.event import notify |
38 | 36 | from zope.formlib import form | 39 | from zope.formlib import form |
39 | 40 | from zope.formlib.textwidgets import IntWidget | ||
40 | 41 | from zope.formlib.widget import CustomWidgetFactory | ||
41 | 37 | from zope.interface import ( | 42 | from zope.interface import ( |
42 | 38 | implementer, | 43 | implementer, |
43 | 39 | Interface, | 44 | Interface, |
44 | 40 | providedBy, | 45 | providedBy, |
45 | 41 | ) | 46 | ) |
46 | 42 | from zope.publisher.interfaces.browser import IBrowserPublisher | 47 | from zope.publisher.interfaces.browser import IBrowserPublisher |
48 | 43 | from zope.schema import Choice | 48 | from zope.schema import ( |
49 | 49 | Bool, | ||
50 | 50 | Choice, | ||
51 | 51 | Int, | ||
52 | 52 | ) | ||
53 | 44 | from zope.schema.vocabulary import ( | 53 | from zope.schema.vocabulary import ( |
54 | 54 | getVocabularyRegistry, | ||
55 | 45 | SimpleTerm, | 55 | SimpleTerm, |
56 | 46 | SimpleVocabulary, | 56 | SimpleVocabulary, |
57 | 47 | ) | 57 | ) |
58 | @@ -53,7 +63,10 @@ | |||
59 | 53 | LaunchpadEditFormView, | 63 | LaunchpadEditFormView, |
60 | 54 | LaunchpadFormView, | 64 | LaunchpadFormView, |
61 | 55 | ) | 65 | ) |
63 | 56 | from lp.app.errors import NotFoundError | 66 | from lp.app.errors import ( |
64 | 67 | NotFoundError, | ||
65 | 68 | UnexpectedFormData, | ||
66 | 69 | ) | ||
67 | 57 | from lp.app.vocabularies import InformationTypeVocabulary | 70 | from lp.app.vocabularies import InformationTypeVocabulary |
68 | 58 | from lp.app.widgets.itemswidgets import LaunchpadRadioWidgetWithDescription | 71 | from lp.app.widgets.itemswidgets import LaunchpadRadioWidgetWithDescription |
69 | 59 | from lp.code.browser.branch import CodeEditOwnerMixin | 72 | from lp.code.browser.branch import CodeEditOwnerMixin |
70 | @@ -62,11 +75,19 @@ | |||
71 | 62 | ) | 75 | ) |
72 | 63 | from lp.code.browser.codeimport import CodeImportTargetMixin | 76 | from lp.code.browser.codeimport import CodeImportTargetMixin |
73 | 64 | from lp.code.browser.sourcepackagerecipelisting import HasRecipesMenuMixin | 77 | from lp.code.browser.sourcepackagerecipelisting import HasRecipesMenuMixin |
74 | 78 | from lp.code.browser.widgets.gitgrantee import ( | ||
75 | 79 | GitGranteeDisplayWidget, | ||
76 | 80 | GitGranteeField, | ||
77 | 81 | GitGranteeWidget, | ||
78 | 82 | ) | ||
79 | 65 | from lp.code.browser.widgets.gitrepositorytarget import ( | 83 | from lp.code.browser.widgets.gitrepositorytarget import ( |
80 | 66 | GitRepositoryTargetDisplayWidget, | 84 | GitRepositoryTargetDisplayWidget, |
81 | 67 | GitRepositoryTargetWidget, | 85 | GitRepositoryTargetWidget, |
82 | 68 | ) | 86 | ) |
84 | 69 | from lp.code.enums import GitRepositoryType | 87 | from lp.code.enums import ( |
85 | 88 | GitGranteeType, | ||
86 | 89 | GitRepositoryType, | ||
87 | 90 | ) | ||
88 | 70 | from lp.code.errors import ( | 91 | from lp.code.errors import ( |
89 | 71 | GitDefaultConflict, | 92 | GitDefaultConflict, |
90 | 72 | GitRepositoryCreationForbidden, | 93 | GitRepositoryCreationForbidden, |
91 | @@ -76,6 +97,7 @@ | |||
92 | 76 | from lp.code.interfaces.gitnamespace import get_git_namespace | 97 | from lp.code.interfaces.gitnamespace import get_git_namespace |
93 | 77 | from lp.code.interfaces.gitref import IGitRefBatchNavigator | 98 | from lp.code.interfaces.gitref import IGitRefBatchNavigator |
94 | 78 | from lp.code.interfaces.gitrepository import IGitRepository | 99 | from lp.code.interfaces.gitrepository import IGitRepository |
95 | 100 | from lp.code.vocabularies.gitrule import GitPermissionsVocabulary | ||
96 | 79 | from lp.registry.interfaces.person import ( | 101 | from lp.registry.interfaces.person import ( |
97 | 80 | IPerson, | 102 | IPerson, |
98 | 81 | IPersonSet, | 103 | IPersonSet, |
99 | @@ -84,6 +106,7 @@ | |||
100 | 84 | from lp.services.config import config | 106 | from lp.services.config import config |
101 | 85 | from lp.services.database.constants import UTC_NOW | 107 | from lp.services.database.constants import UTC_NOW |
102 | 86 | from lp.services.features import getFeatureFlag | 108 | from lp.services.features import getFeatureFlag |
103 | 109 | from lp.services.fields import UniqueField | ||
104 | 87 | from lp.services.propertycache import cachedproperty | 110 | from lp.services.propertycache import cachedproperty |
105 | 88 | from lp.services.webapp import ( | 111 | from lp.services.webapp import ( |
106 | 89 | canonical_url, | 112 | canonical_url, |
107 | @@ -105,6 +128,7 @@ | |||
108 | 105 | from lp.services.webapp.escaping import structured | 128 | from lp.services.webapp.escaping import structured |
109 | 106 | from lp.services.webapp.interfaces import ICanonicalUrlData | 129 | from lp.services.webapp.interfaces import ICanonicalUrlData |
110 | 107 | from lp.services.webapp.publisher import DataDownloadView | 130 | from lp.services.webapp.publisher import DataDownloadView |
111 | 131 | from lp.services.webapp.snapshot import notify_modified | ||
112 | 108 | from lp.services.webhooks.browser import WebhookTargetNavigationMixin | 132 | from lp.services.webhooks.browser import WebhookTargetNavigationMixin |
113 | 109 | from lp.snappy.browser.hassnaps import HasSnapsViewMixin | 133 | from lp.snappy.browser.hassnaps import HasSnapsViewMixin |
114 | 110 | 134 | ||
115 | @@ -211,7 +235,14 @@ | |||
116 | 211 | usedfor = IGitRepository | 235 | usedfor = IGitRepository |
117 | 212 | facet = "branches" | 236 | facet = "branches" |
118 | 213 | title = "Edit Git repository" | 237 | title = "Edit Git repository" |
120 | 214 | links = ["edit", "reviewer", "webhooks", "activity", "delete"] | 238 | links = [ |
121 | 239 | "edit", | ||
122 | 240 | "reviewer", | ||
123 | 241 | "permissions", | ||
124 | 242 | "activity", | ||
125 | 243 | "webhooks", | ||
126 | 244 | "delete", | ||
127 | 245 | ] | ||
128 | 215 | 246 | ||
129 | 216 | @enabled_with_permission("launchpad.Edit") | 247 | @enabled_with_permission("launchpad.Edit") |
130 | 217 | def edit(self): | 248 | def edit(self): |
131 | @@ -224,6 +255,11 @@ | |||
132 | 224 | return Link("+reviewer", text, icon="edit") | 255 | return Link("+reviewer", text, icon="edit") |
133 | 225 | 256 | ||
134 | 226 | @enabled_with_permission("launchpad.Edit") | 257 | @enabled_with_permission("launchpad.Edit") |
135 | 258 | def permissions(self): | ||
136 | 259 | text = "Manage permissions" | ||
137 | 260 | return Link("+permissions", text, icon="edit") | ||
138 | 261 | |||
139 | 262 | @enabled_with_permission("launchpad.Edit") | ||
140 | 227 | def webhooks(self): | 263 | def webhooks(self): |
141 | 228 | text = "Manage webhooks" | 264 | text = "Manage webhooks" |
142 | 229 | return Link( | 265 | return Link( |
143 | @@ -709,6 +745,452 @@ | |||
144 | 709 | return self, () | 745 | return self, () |
145 | 710 | 746 | ||
146 | 711 | 747 | ||
147 | 748 | def encode_form_field_id(value): | ||
148 | 749 | """Encode text for use in form field names. | ||
149 | 750 | |||
150 | 751 | We use a modified version of base32 which fits into CSS identifiers and | ||
151 | 752 | so doesn't cause FormattersAPI.zope_css_id to do unhelpful things. | ||
152 | 753 | """ | ||
153 | 754 | return base64.b32encode( | ||
154 | 755 | value.encode("UTF-8")).decode("UTF-8").replace("=", "_") | ||
155 | 756 | |||
156 | 757 | |||
157 | 758 | def decode_form_field_id(encoded): | ||
158 | 759 | """Inverse of `encode_form_field_id`.""" | ||
159 | 760 | return base64.b32decode( | ||
160 | 761 | encoded.replace("_", "=").encode("UTF-8")).decode("UTF-8") | ||
161 | 762 | |||
162 | 763 | |||
163 | 764 | class GitRulePatternField(UniqueField): | ||
164 | 765 | |||
165 | 766 | errormessage = _("%s is already in use by another rule") | ||
166 | 767 | attribute = "ref_pattern" | ||
167 | 768 | _content_iface = IGitRepository | ||
168 | 769 | |||
169 | 770 | def __init__(self, ref_prefix, rule=None, *args, **kwargs): | ||
170 | 771 | self.ref_prefix = ref_prefix | ||
171 | 772 | self.rule = rule | ||
172 | 773 | super(GitRulePatternField, self).__init__(*args, **kwargs) | ||
173 | 774 | |||
174 | 775 | def _getByAttribute(self, ref_pattern): | ||
175 | 776 | """See `UniqueField`.""" | ||
176 | 777 | if self._content_iface.providedBy(self.context): | ||
177 | 778 | return self.context.getRule(self.ref_prefix + ref_pattern) | ||
178 | 779 | else: | ||
179 | 780 | return None | ||
180 | 781 | |||
181 | 782 | def unchanged(self, input): | ||
182 | 783 | """See `UniqueField`.""" | ||
183 | 784 | return ( | ||
184 | 785 | self.rule is not None and | ||
185 | 786 | self.ref_prefix + input == self.rule.ref_pattern) | ||
186 | 787 | |||
187 | 788 | def set(self, object, value): | ||
188 | 789 | """See `IField`.""" | ||
189 | 790 | if value is not None: | ||
190 | 791 | value = value.strip() | ||
191 | 792 | super(GitRulePatternField, self).set(object, value) | ||
192 | 793 | |||
193 | 794 | |||
194 | 795 | class GitRepositoryPermissionsView(LaunchpadFormView): | ||
195 | 796 | """A view to manage repository permissions.""" | ||
196 | 797 | |||
197 | 798 | @property | ||
198 | 799 | def label(self): | ||
199 | 800 | return "Manage permissions for %s" % self.context.identity | ||
200 | 801 | |||
201 | 802 | page_title = "Manage permissions" | ||
202 | 803 | |||
203 | 804 | @cachedproperty | ||
204 | 805 | def repository(self): | ||
205 | 806 | return self.context | ||
206 | 807 | |||
207 | 808 | @cachedproperty | ||
208 | 809 | def rules(self): | ||
209 | 810 | return self.repository.getRules() | ||
210 | 811 | |||
211 | 812 | @cachedproperty | ||
212 | 813 | def branch_rules(self): | ||
213 | 814 | return [ | ||
214 | 815 | rule for rule in self.rules | ||
215 | 816 | if rule.ref_pattern.startswith(u"refs/heads/")] | ||
216 | 817 | |||
217 | 818 | @cachedproperty | ||
218 | 819 | def tag_rules(self): | ||
219 | 820 | return [ | ||
220 | 821 | rule for rule in self.rules | ||
221 | 822 | if rule.ref_pattern.startswith(u"refs/tags/")] | ||
222 | 823 | |||
223 | 824 | @cachedproperty | ||
224 | 825 | def other_rules(self): | ||
225 | 826 | return [ | ||
226 | 827 | rule for rule in self.rules | ||
227 | 828 | if not rule.ref_pattern.startswith(u"refs/heads/") and | ||
228 | 829 | not rule.ref_pattern.startswith(u"refs/tags/")] | ||
229 | 830 | |||
230 | 831 | def _getRuleGrants(self, rule): | ||
231 | 832 | def grantee_key(grant): | ||
232 | 833 | if grant.grantee is not None: | ||
233 | 834 | return grant.grantee_type, grant.grantee.name | ||
234 | 835 | else: | ||
235 | 836 | return (grant.grantee_type,) | ||
236 | 837 | |||
237 | 838 | return sorted(rule.grants, key=grantee_key) | ||
238 | 839 | |||
239 | 840 | def _parseRefPattern(self, ref_pattern): | ||
240 | 841 | """Parse a pattern into a prefix and the displayed portion.""" | ||
241 | 842 | for prefix in (u"refs/heads/", u"refs/tags/"): | ||
242 | 843 | if ref_pattern.startswith(prefix): | ||
243 | 844 | return prefix, ref_pattern[len(prefix):] | ||
244 | 845 | return u"", ref_pattern | ||
245 | 846 | |||
246 | 847 | def _getFieldName(self, name, ref_pattern, grantee=None): | ||
247 | 848 | """Get the combined field name for a ref pattern and optional grantee. | ||
248 | 849 | |||
249 | 850 | In order to be able to render a permissions table, we encode the ref | ||
250 | 851 | pattern and the grantee in the form field name. | ||
251 | 852 | """ | ||
252 | 853 | suffix = "." + encode_form_field_id(ref_pattern) | ||
253 | 854 | if grantee is not None: | ||
254 | 855 | if IPerson.providedBy(grantee): | ||
255 | 856 | suffix += "." + str(grantee.id) | ||
256 | 857 | else: | ||
257 | 858 | suffix += "._" + grantee.name.lower() | ||
258 | 859 | return name + suffix | ||
259 | 860 | |||
260 | 861 | def _parseFieldName(self, field_name): | ||
261 | 862 | """Parse a combined field name as described in `_getFieldName`. | ||
262 | 863 | |||
263 | 864 | :raises UnexpectedFormData: if the field name cannot be parsed or | ||
264 | 865 | the grantee cannot be found. | ||
265 | 866 | """ | ||
266 | 867 | field_bits = field_name.split(".") | ||
267 | 868 | if len(field_bits) < 2: | ||
268 | 869 | raise UnexpectedFormData( | ||
269 | 870 | "Cannot parse field name: %s" % field_name) | ||
270 | 871 | field_type = field_bits[0] | ||
271 | 872 | try: | ||
272 | 873 | ref_pattern = decode_form_field_id(field_bits[1]) | ||
273 | 874 | except TypeError: | ||
274 | 875 | raise UnexpectedFormData( | ||
275 | 876 | "Cannot parse field name: %s" % field_name) | ||
276 | 877 | if len(field_bits) > 2: | ||
277 | 878 | grantee_id = field_bits[2] | ||
278 | 879 | if grantee_id.startswith("_"): | ||
279 | 880 | grantee_id = grantee_id[1:] | ||
280 | 881 | try: | ||
281 | 882 | grantee = GitGranteeType.getTermByToken(grantee_id).value | ||
282 | 883 | except LookupError: | ||
283 | 884 | grantee = None | ||
284 | 885 | else: | ||
285 | 886 | try: | ||
286 | 887 | grantee_id = int(grantee_id) | ||
287 | 888 | except ValueError: | ||
288 | 889 | grantee = None | ||
289 | 890 | else: | ||
290 | 891 | grantee = getUtility(IPersonSet).get(grantee_id) | ||
291 | 892 | if grantee is None or grantee == GitGranteeType.PERSON: | ||
292 | 893 | raise UnexpectedFormData("No such grantee: %s" % grantee_id) | ||
293 | 894 | else: | ||
294 | 895 | grantee = None | ||
295 | 896 | return field_type, ref_pattern, grantee | ||
296 | 897 | |||
297 | 898 | def _getPermissionsTerm(self, grant): | ||
298 | 899 | """Return a term from `GitPermissionsVocabulary` for this grant.""" | ||
299 | 900 | vocabulary = getVocabularyRegistry().get(grant, "GitPermissions") | ||
300 | 901 | try: | ||
301 | 902 | return vocabulary.getTerm(grant.permissions) | ||
302 | 903 | except LookupError: | ||
303 | 904 | # This should never happen, because GitPermissionsVocabulary | ||
304 | 905 | # adds a custom term for the context grant if necessary. | ||
305 | 906 | raise AssertionError( | ||
306 | 907 | "Could not find GitPermissions term for %r" % grant) | ||
307 | 908 | |||
308 | 909 | def setUpFields(self): | ||
309 | 910 | """See `LaunchpadFormView`.""" | ||
310 | 911 | position_fields = [] | ||
311 | 912 | pattern_fields = [] | ||
312 | 913 | delete_fields = [] | ||
313 | 914 | readonly_grantee_fields = [] | ||
314 | 915 | grantee_fields = [] | ||
315 | 916 | permissions_fields = [] | ||
316 | 917 | |||
317 | 918 | default_permissions_by_prefix = { | ||
318 | 919 | "refs/heads/": "can_push", | ||
319 | 920 | "refs/tags/": "can_create", | ||
320 | 921 | "": "can_push", | ||
321 | 922 | } | ||
322 | 923 | |||
323 | 924 | for rule_index, rule in enumerate(self.rules): | ||
324 | 925 | # Remove the usual branch/tag prefixes from patterns. The full | ||
325 | 926 | # pattern goes into form field names, so no data is lost here. | ||
326 | 927 | ref_pattern = rule.ref_pattern | ||
327 | 928 | ref_prefix, short_pattern = self._parseRefPattern(ref_pattern) | ||
328 | 929 | position_fields.append( | ||
329 | 930 | Int( | ||
330 | 931 | __name__=self._getFieldName("position", ref_pattern), | ||
331 | 932 | required=True, readonly=False, default=rule_index + 1)) | ||
332 | 933 | pattern_fields.append( | ||
333 | 934 | GitRulePatternField( | ||
334 | 935 | __name__=self._getFieldName("pattern", ref_pattern), | ||
335 | 936 | required=True, readonly=False, ref_prefix=ref_prefix, | ||
336 | 937 | rule=rule, default=short_pattern)) | ||
337 | 938 | delete_fields.append( | ||
338 | 939 | Bool( | ||
339 | 940 | __name__=self._getFieldName("delete", ref_pattern), | ||
340 | 941 | readonly=False, default=False)) | ||
341 | 942 | for grant in self._getRuleGrants(rule): | ||
342 | 943 | grantee = grant.combined_grantee | ||
343 | 944 | readonly_grantee_fields.append( | ||
344 | 945 | GitGranteeField( | ||
345 | 946 | __name__=self._getFieldName( | ||
346 | 947 | "grantee", ref_pattern, grantee), | ||
347 | 948 | required=False, readonly=True, default=grantee, | ||
348 | 949 | rule=rule)) | ||
349 | 950 | permissions_fields.append( | ||
350 | 951 | Choice( | ||
351 | 952 | __name__=self._getFieldName( | ||
352 | 953 | "permissions", ref_pattern, grantee), | ||
353 | 954 | source=GitPermissionsVocabulary(grant), | ||
354 | 955 | readonly=False, | ||
355 | 956 | default=self._getPermissionsTerm(grant).value)) | ||
356 | 957 | delete_fields.append( | ||
357 | 958 | Bool( | ||
358 | 959 | __name__=self._getFieldName( | ||
359 | 960 | "delete", ref_pattern, grantee), | ||
360 | 961 | readonly=False, default=False)) | ||
361 | 962 | grantee_fields.append( | ||
362 | 963 | GitGranteeField( | ||
363 | 964 | __name__=self._getFieldName("grantee", ref_pattern), | ||
364 | 965 | required=False, readonly=False, rule=rule)) | ||
365 | 966 | permissions_vocabulary = GitPermissionsVocabulary(rule) | ||
366 | 967 | permissions_fields.append( | ||
367 | 968 | Choice( | ||
368 | 969 | __name__=self._getFieldName( | ||
369 | 970 | "permissions", ref_pattern), | ||
370 | 971 | source=permissions_vocabulary, readonly=False, | ||
371 | 972 | default=permissions_vocabulary.getTermByToken( | ||
372 | 973 | default_permissions_by_prefix[ref_prefix]).value)) | ||
373 | 974 | for ref_prefix in ("refs/heads/", "refs/tags/"): | ||
374 | 975 | position_fields.append( | ||
375 | 976 | Int( | ||
376 | 977 | __name__=self._getFieldName("new-position", ref_prefix), | ||
377 | 978 | required=False, readonly=True)) | ||
378 | 979 | pattern_fields.append( | ||
379 | 980 | GitRulePatternField( | ||
380 | 981 | __name__=self._getFieldName("new-pattern", ref_prefix), | ||
381 | 982 | required=False, readonly=False, ref_prefix=ref_prefix)) | ||
382 | 983 | |||
383 | 984 | self.form_fields = ( | ||
384 | 985 | form.FormFields( | ||
385 | 986 | *position_fields, | ||
386 | 987 | custom_widget=CustomWidgetFactory(IntWidget, displayWidth=2)) + | ||
387 | 988 | form.FormFields(*pattern_fields) + | ||
388 | 989 | form.FormFields(*delete_fields) + | ||
389 | 990 | form.FormFields( | ||
390 | 991 | *readonly_grantee_fields, | ||
391 | 992 | custom_widget=CustomWidgetFactory(GitGranteeDisplayWidget)) + | ||
392 | 993 | form.FormFields( | ||
393 | 994 | *grantee_fields, | ||
394 | 995 | custom_widget=CustomWidgetFactory(GitGranteeWidget)) + | ||
395 | 996 | form.FormFields(*permissions_fields)) | ||
396 | 997 | |||
397 | 998 | def setUpWidgets(self, context=None): | ||
398 | 999 | """See `LaunchpadFormView`.""" | ||
399 | 1000 | super(GitRepositoryPermissionsView, self).setUpWidgets( | ||
400 | 1001 | context=context) | ||
401 | 1002 | for widget in self.widgets: | ||
402 | 1003 | widget.display_label = False | ||
403 | 1004 | widget.hint = None | ||
404 | 1005 | |||
405 | 1006 | @property | ||
406 | 1007 | def cancel_url(self): | ||
407 | 1008 | return canonical_url(self.context) | ||
408 | 1009 | |||
409 | 1010 | def getRuleWidgets(self, rule): | ||
410 | 1011 | widgets_by_name = {widget.name: widget for widget in self.widgets} | ||
411 | 1012 | ref_pattern = rule.ref_pattern | ||
412 | 1013 | position_field_name = ( | ||
413 | 1014 | "field." + self._getFieldName("position", ref_pattern)) | ||
414 | 1015 | pattern_field_name = ( | ||
415 | 1016 | "field." + self._getFieldName("pattern", ref_pattern)) | ||
416 | 1017 | delete_field_name = ( | ||
417 | 1018 | "field." + self._getFieldName("delete", ref_pattern)) | ||
418 | 1019 | grant_widgets = [] | ||
419 | 1020 | for grant in self._getRuleGrants(rule): | ||
420 | 1021 | grantee = grant.combined_grantee | ||
421 | 1022 | grantee_field_name = ( | ||
422 | 1023 | "field." + self._getFieldName("grantee", ref_pattern, grantee)) | ||
423 | 1024 | permissions_field_name = ( | ||
424 | 1025 | "field." + | ||
425 | 1026 | self._getFieldName("permissions", ref_pattern, grantee)) | ||
426 | 1027 | delete_grant_field_name = ( | ||
427 | 1028 | "field." + self._getFieldName("delete", ref_pattern, grantee)) | ||
428 | 1029 | grant_widgets.append({ | ||
429 | 1030 | "grantee": widgets_by_name[grantee_field_name], | ||
430 | 1031 | "permissions": widgets_by_name[permissions_field_name], | ||
431 | 1032 | "delete": widgets_by_name[delete_grant_field_name], | ||
432 | 1033 | }) | ||
433 | 1034 | new_grantee_field_name = ( | ||
434 | 1035 | "field." + self._getFieldName("grantee", ref_pattern)) | ||
435 | 1036 | new_permissions_field_name = ( | ||
436 | 1037 | "field." + self._getFieldName("permissions", ref_pattern)) | ||
437 | 1038 | new_grant_widgets = { | ||
438 | 1039 | "grantee": widgets_by_name[new_grantee_field_name], | ||
439 | 1040 | "permissions": widgets_by_name[new_permissions_field_name], | ||
440 | 1041 | } | ||
441 | 1042 | return { | ||
442 | 1043 | "position": widgets_by_name[position_field_name], | ||
443 | 1044 | "pattern": widgets_by_name[pattern_field_name], | ||
444 | 1045 | "delete": widgets_by_name.get(delete_field_name), | ||
445 | 1046 | "grants": grant_widgets, | ||
446 | 1047 | "new_grant": new_grant_widgets, | ||
447 | 1048 | } | ||
448 | 1049 | |||
449 | 1050 | def getNewRuleWidgets(self, ref_prefix): | ||
450 | 1051 | widgets_by_name = {widget.name: widget for widget in self.widgets} | ||
451 | 1052 | new_position_field_name = ( | ||
452 | 1053 | "field." + self._getFieldName("new-position", ref_prefix)) | ||
453 | 1054 | new_pattern_field_name = ( | ||
454 | 1055 | "field." + self._getFieldName("new-pattern", ref_prefix)) | ||
455 | 1056 | return { | ||
456 | 1057 | "position": widgets_by_name[new_position_field_name], | ||
457 | 1058 | "pattern": widgets_by_name[new_pattern_field_name], | ||
458 | 1059 | } | ||
459 | 1060 | |||
460 | 1061 | def updateRepositoryFromData(self, repository, data): | ||
461 | 1062 | pattern_field_names = sorted( | ||
462 | 1063 | name for name in data if name.split(".")[0] == "pattern") | ||
463 | 1064 | new_pattern_field_names = sorted( | ||
464 | 1065 | name for name in data if name.split(".")[0] == "new-pattern") | ||
465 | 1066 | permissions_field_names = sorted( | ||
466 | 1067 | name for name in data if name.split(".")[0] == "permissions") | ||
467 | 1068 | |||
468 | 1069 | # Fetch rules before making any changes, since their ref_patterns | ||
469 | 1070 | # may change as a result of this update. | ||
470 | 1071 | rule_map = {rule.ref_pattern: rule for rule in self.repository.rules} | ||
471 | 1072 | grant_map = { | ||
472 | 1073 | (grant.rule.ref_pattern, grant.combined_grantee): grant | ||
473 | 1074 | for grant in self.repository.grants} | ||
474 | 1075 | |||
475 | 1076 | # Patterns must be processed in rule order so that position changes | ||
476 | 1077 | # work in a reasonably natural way. | ||
477 | 1078 | ordered_patterns = [] | ||
478 | 1079 | for pattern_field_name in pattern_field_names: | ||
479 | 1080 | _, ref_pattern, _ = self._parseFieldName(pattern_field_name) | ||
480 | 1081 | if ref_pattern is not None: | ||
481 | 1082 | rule = rule_map.get(ref_pattern) | ||
482 | 1083 | ordered_patterns.append( | ||
483 | 1084 | (pattern_field_name, ref_pattern, rule)) | ||
484 | 1085 | ordered_patterns.sort(key=lambda item: item[2].position) | ||
485 | 1086 | |||
486 | 1087 | for pattern_field_name, ref_pattern, rule in ordered_patterns: | ||
487 | 1088 | prefix, _ = self._parseRefPattern(ref_pattern) | ||
488 | 1089 | rule = rule_map.get(ref_pattern) | ||
489 | 1090 | delete_field_name = self._getFieldName("delete", ref_pattern) | ||
490 | 1091 | # If the rule was already deleted by somebody else, then we | ||
491 | 1092 | # have nothing to do. | ||
492 | 1093 | if rule is not None and data.get(delete_field_name): | ||
493 | 1094 | rule.destroySelf(self.user) | ||
494 | 1095 | rule_map[ref_pattern] = rule = None | ||
495 | 1096 | position_field_name = self._getFieldName("position", ref_pattern) | ||
496 | 1097 | if rule is not None: | ||
497 | 1098 | new_position = max(0, data[position_field_name] - 1) | ||
498 | 1099 | self.repository.moveRule(rule, new_position, self.user) | ||
499 | 1100 | new_pattern = prefix + data[pattern_field_name] | ||
500 | 1101 | if rule is not None and new_pattern != rule.ref_pattern: | ||
501 | 1102 | with notify_modified(rule, ["ref_pattern"]): | ||
502 | 1103 | rule.ref_pattern = new_pattern | ||
503 | 1104 | |||
504 | 1105 | for new_pattern_field_name in new_pattern_field_names: | ||
505 | 1106 | _, prefix, _ = self._parseFieldName(new_pattern_field_name) | ||
506 | 1107 | if data[new_pattern_field_name]: | ||
507 | 1108 | # This is an "add rule" entry. | ||
508 | 1109 | new_position_field_name = self._getFieldName( | ||
509 | 1110 | "position", prefix) | ||
510 | 1111 | new_pattern = prefix + data[new_pattern_field_name] | ||
511 | 1112 | rule = rule_map.get(new_pattern) | ||
512 | 1113 | if rule is None: | ||
513 | 1114 | if new_position_field_name in data: | ||
514 | 1115 | new_position = max( | ||
515 | 1116 | 0, data[new_position_field_name] - 1) | ||
516 | 1117 | else: | ||
517 | 1118 | new_position = None | ||
518 | 1119 | rule = repository.addRule( | ||
519 | 1120 | new_pattern, self.user, position=new_position) | ||
520 | 1121 | if prefix == "refs/tags/": | ||
521 | 1122 | # Tags are a special case: on creation, they | ||
522 | 1123 | # automatically get a grant of create permissions to | ||
523 | 1124 | # the repository owner (suppressing the normal | ||
524 | 1125 | # ability of the repository owner to push protected | ||
525 | 1126 | # references). | ||
526 | 1127 | rule.addGrant( | ||
527 | 1128 | GitGranteeType.REPOSITORY_OWNER, self.user, | ||
528 | 1129 | can_create=True) | ||
529 | 1130 | |||
530 | 1131 | for permissions_field_name in permissions_field_names: | ||
531 | 1132 | _, ref_pattern, grantee = self._parseFieldName( | ||
532 | 1133 | permissions_field_name) | ||
533 | 1134 | if ref_pattern not in rule_map: | ||
534 | 1135 | self.addError(structured( | ||
535 | 1136 | "Cannot edit grants for nonexistent rule %s", ref_pattern)) | ||
536 | 1137 | return | ||
537 | 1138 | rule = rule_map.get(ref_pattern) | ||
538 | 1139 | if rule is None: | ||
539 | 1140 | # Already deleted. | ||
540 | 1141 | continue | ||
541 | 1142 | |||
542 | 1143 | # Find or create the corresponding grant. We only create a | ||
543 | 1144 | # grant if explicitly processing an "add grant" entry in the UI; | ||
544 | 1145 | # if there isn't already a grant for an existing entry that's | ||
545 | 1146 | # being modified, implicitly adding it is probably too | ||
546 | 1147 | # confusing. | ||
547 | 1148 | permissions = data[permissions_field_name] | ||
548 | 1149 | grant = None | ||
549 | 1150 | if grantee is not None: | ||
550 | 1151 | # This entry should correspond to an existing grant. Make | ||
551 | 1152 | # whatever changes were requested to it. | ||
552 | 1153 | grant = grant_map.get((ref_pattern, grantee)) | ||
553 | 1154 | delete_field_name = self._getFieldName( | ||
554 | 1155 | "delete", ref_pattern, grantee) | ||
555 | 1156 | # If the grant was already deleted by somebody else, then we | ||
556 | 1157 | # have nothing to do. | ||
557 | 1158 | if grant is not None and data.get(delete_field_name): | ||
558 | 1159 | grant.destroySelf(self.user) | ||
559 | 1160 | grant = None | ||
560 | 1161 | if grant is not None and permissions != grant.permissions: | ||
561 | 1162 | with notify_modified( | ||
562 | 1163 | grant, | ||
563 | 1164 | ["can_create", "can_push", "can_force_push"]): | ||
564 | 1165 | grant.permissions = permissions | ||
565 | 1166 | else: | ||
566 | 1167 | # This is an "add grant" entry. | ||
567 | 1168 | grantee_field_name = self._getFieldName("grantee", ref_pattern) | ||
568 | 1169 | grantee = data.get(grantee_field_name) | ||
569 | 1170 | if grantee: | ||
570 | 1171 | grant = grant_map.get((ref_pattern, grantee)) | ||
571 | 1172 | if grant is None: | ||
572 | 1173 | rule.addGrant( | ||
573 | 1174 | grantee, self.user, permissions=permissions) | ||
574 | 1175 | elif permissions != grant.permissions: | ||
575 | 1176 | # Somebody else added the grant since the form was | ||
576 | 1177 | # last rendered. Updating it with the permissions | ||
577 | 1178 | # from this request seems best. | ||
578 | 1179 | with notify_modified( | ||
579 | 1180 | grant, | ||
580 | 1181 | ["can_create", "can_push", "can_force_push"]): | ||
581 | 1182 | grant.permissions = permissions | ||
582 | 1183 | |||
583 | 1184 | self.request.response.addNotification( | ||
584 | 1185 | "Saved permissions for %s" % self.context.identity) | ||
585 | 1186 | self.next_url = canonical_url(self.context, view_name="+permissions") | ||
586 | 1187 | |||
587 | 1188 | @action("Save", name="save") | ||
588 | 1189 | def save_action(self, action, data): | ||
589 | 1190 | with notify_modified(self.repository, []): | ||
590 | 1191 | self.updateRepositoryFromData(self.repository, data) | ||
591 | 1192 | |||
592 | 1193 | |||
593 | 712 | class GitRepositoryDeletionView(LaunchpadFormView): | 1194 | class GitRepositoryDeletionView(LaunchpadFormView): |
594 | 713 | 1195 | ||
595 | 714 | schema = IGitRepository | 1196 | schema = IGitRepository |
596 | 715 | 1197 | ||
597 | === modified file 'lib/lp/code/browser/tests/test_gitrepository.py' | |||
598 | --- lib/lp/code/browser/tests/test_gitrepository.py 2018-11-08 15:33:03 +0000 | |||
599 | +++ lib/lp/code/browser/tests/test_gitrepository.py 2018-11-09 22:50:10 +0000 | |||
600 | @@ -7,16 +7,26 @@ | |||
601 | 7 | 7 | ||
602 | 8 | __metaclass__ = type | 8 | __metaclass__ = type |
603 | 9 | 9 | ||
604 | 10 | import base64 | ||
605 | 10 | from datetime import datetime | 11 | from datetime import datetime |
606 | 11 | import doctest | 12 | import doctest |
607 | 13 | from operator import attrgetter | ||
608 | 14 | import re | ||
609 | 12 | from textwrap import dedent | 15 | from textwrap import dedent |
610 | 13 | 16 | ||
611 | 14 | from fixtures import FakeLogger | 17 | from fixtures import FakeLogger |
612 | 15 | import pytz | 18 | import pytz |
613 | 19 | import soupmatchers | ||
614 | 16 | from storm.store import Store | 20 | from storm.store import Store |
615 | 17 | from testtools.matchers import ( | 21 | from testtools.matchers import ( |
616 | 22 | AfterPreprocessing, | ||
617 | 18 | DocTestMatches, | 23 | DocTestMatches, |
618 | 19 | Equals, | 24 | Equals, |
619 | 25 | Is, | ||
620 | 26 | MatchesDict, | ||
621 | 27 | MatchesListwise, | ||
622 | 28 | MatchesSetwise, | ||
623 | 29 | MatchesStructure, | ||
624 | 20 | ) | 30 | ) |
625 | 21 | import transaction | 31 | import transaction |
626 | 22 | from zope.component import getUtility | 32 | from zope.component import getUtility |
627 | @@ -26,11 +36,16 @@ | |||
628 | 26 | from zope.security.proxy import removeSecurityProxy | 36 | from zope.security.proxy import removeSecurityProxy |
629 | 27 | 37 | ||
630 | 28 | from lp.app.enums import InformationType | 38 | from lp.app.enums import InformationType |
631 | 39 | from lp.app.errors import UnexpectedFormData | ||
632 | 29 | from lp.app.interfaces.launchpad import ILaunchpadCelebrities | 40 | from lp.app.interfaces.launchpad import ILaunchpadCelebrities |
633 | 30 | from lp.app.interfaces.services import IService | 41 | from lp.app.interfaces.services import IService |
634 | 42 | from lp.code.browser.gitrepository import encode_form_field_id | ||
635 | 31 | from lp.code.enums import ( | 43 | from lp.code.enums import ( |
636 | 32 | BranchMergeProposalStatus, | 44 | BranchMergeProposalStatus, |
637 | 33 | CodeReviewVote, | 45 | CodeReviewVote, |
638 | 46 | GitActivityType, | ||
639 | 47 | GitGranteeType, | ||
640 | 48 | GitPermissionType, | ||
641 | 34 | GitRepositoryType, | 49 | GitRepositoryType, |
642 | 35 | ) | 50 | ) |
643 | 36 | from lp.code.interfaces.revision import IRevisionSet | 51 | from lp.code.interfaces.revision import IRevisionSet |
644 | @@ -40,7 +55,10 @@ | |||
645 | 40 | VCSType, | 55 | VCSType, |
646 | 41 | ) | 56 | ) |
647 | 42 | from lp.registry.interfaces.accesspolicy import IAccessPolicySource | 57 | from lp.registry.interfaces.accesspolicy import IAccessPolicySource |
649 | 43 | from lp.registry.interfaces.person import PersonVisibility | 58 | from lp.registry.interfaces.person import ( |
650 | 59 | IPerson, | ||
651 | 60 | PersonVisibility, | ||
652 | 61 | ) | ||
653 | 44 | from lp.services.beautifulsoup import BeautifulSoup | 62 | from lp.services.beautifulsoup import BeautifulSoup |
654 | 45 | from lp.services.database.constants import UTC_NOW | 63 | from lp.services.database.constants import UTC_NOW |
655 | 46 | from lp.services.features.testing import FeatureFixture | 64 | from lp.services.features.testing import FeatureFixture |
656 | @@ -1097,6 +1115,599 @@ | |||
657 | 1097 | browser.headers["Content-Disposition"]) | 1115 | browser.headers["Content-Disposition"]) |
658 | 1098 | 1116 | ||
659 | 1099 | 1117 | ||
660 | 1118 | class TestGitRepositoryPermissionsView(BrowserTestCase): | ||
661 | 1119 | |||
662 | 1120 | layer = DatabaseFunctionalLayer | ||
663 | 1121 | |||
664 | 1122 | def test_rules_properties(self): | ||
665 | 1123 | repository = self.factory.makeGitRepository() | ||
666 | 1124 | heads_rule = self.factory.makeGitRule( | ||
667 | 1125 | repository=repository, ref_pattern="refs/heads/*") | ||
668 | 1126 | tags_rule = self.factory.makeGitRule( | ||
669 | 1127 | repository=repository, ref_pattern="refs/tags/*") | ||
670 | 1128 | catch_all_rule = self.factory.makeGitRule( | ||
671 | 1129 | repository=repository, ref_pattern="*") | ||
672 | 1130 | login_person(repository.owner) | ||
673 | 1131 | view = create_initialized_view(repository, name="+permissions") | ||
674 | 1132 | self.assertEqual([heads_rule], view.branch_rules) | ||
675 | 1133 | self.assertEqual([tags_rule], view.tag_rules) | ||
676 | 1134 | self.assertEqual([catch_all_rule], view.other_rules) | ||
677 | 1135 | |||
678 | 1136 | def test__getRuleGrants(self): | ||
679 | 1137 | rule = self.factory.makeGitRule() | ||
680 | 1138 | grantees = sorted( | ||
681 | 1139 | [self.factory.makePerson() for _ in range(3)], | ||
682 | 1140 | key=attrgetter("name")) | ||
683 | 1141 | for grantee in (grantees[1], grantees[0], grantees[2]): | ||
684 | 1142 | self.factory.makeGitRuleGrant(rule=rule, grantee=grantee) | ||
685 | 1143 | self.factory.makeGitRuleGrant( | ||
686 | 1144 | rule=rule, grantee=GitGranteeType.REPOSITORY_OWNER) | ||
687 | 1145 | login_person(rule.repository.owner) | ||
688 | 1146 | view = create_initialized_view(rule.repository, name="+permissions") | ||
689 | 1147 | self.assertThat(view._getRuleGrants(rule), MatchesListwise([ | ||
690 | 1148 | MatchesStructure.byEquality( | ||
691 | 1149 | grantee_type=GitGranteeType.REPOSITORY_OWNER), | ||
692 | 1150 | MatchesStructure.byEquality(grantee=grantees[0]), | ||
693 | 1151 | MatchesStructure.byEquality(grantee=grantees[1]), | ||
694 | 1152 | MatchesStructure.byEquality(grantee=grantees[2]), | ||
695 | 1153 | ])) | ||
696 | 1154 | |||
697 | 1155 | def test__parseRefPattern(self): | ||
698 | 1156 | repository = self.factory.makeGitRepository() | ||
699 | 1157 | login_person(repository.owner) | ||
700 | 1158 | view = create_initialized_view(repository, name="+permissions") | ||
701 | 1159 | self.assertEqual( | ||
702 | 1160 | ("refs/heads/", "stable/*"), | ||
703 | 1161 | view._parseRefPattern("refs/heads/stable/*")) | ||
704 | 1162 | self.assertEqual( | ||
705 | 1163 | ("refs/tags/", "1.0"), view._parseRefPattern("refs/tags/1.0")) | ||
706 | 1164 | self.assertEqual( | ||
707 | 1165 | ("", "refs/other/*"), view._parseRefPattern("refs/other/*")) | ||
708 | 1166 | self.assertEqual(("", "*"), view._parseRefPattern("*")) | ||
709 | 1167 | |||
710 | 1168 | def test__getFieldName_no_grantee(self): | ||
711 | 1169 | repository = self.factory.makeGitRepository() | ||
712 | 1170 | login_person(repository.owner) | ||
713 | 1171 | view = create_initialized_view(repository, name="+permissions") | ||
714 | 1172 | encoded_ref_pattern = base64.b32encode( | ||
715 | 1173 | b"refs/heads/*").replace("=", "_").decode("UTF-8") | ||
716 | 1174 | self.assertEqual( | ||
717 | 1175 | "field.%s" % encoded_ref_pattern, | ||
718 | 1176 | view._getFieldName("field", "refs/heads/*")) | ||
719 | 1177 | |||
720 | 1178 | def test__getFieldName_grantee_repository_owner(self): | ||
721 | 1179 | repository = self.factory.makeGitRepository() | ||
722 | 1180 | login_person(repository.owner) | ||
723 | 1181 | view = create_initialized_view(repository, name="+permissions") | ||
724 | 1182 | encoded_ref_pattern = base64.b32encode( | ||
725 | 1183 | b"refs/tags/*").replace("=", "_").decode("UTF-8") | ||
726 | 1184 | self.assertEqual( | ||
727 | 1185 | "field.%s._repository_owner" % encoded_ref_pattern, | ||
728 | 1186 | view._getFieldName( | ||
729 | 1187 | "field", "refs/tags/*", | ||
730 | 1188 | grantee=GitGranteeType.REPOSITORY_OWNER)) | ||
731 | 1189 | |||
732 | 1190 | def test__getFieldName_grantee_person(self): | ||
733 | 1191 | repository = self.factory.makeGitRepository() | ||
734 | 1192 | grantee = self.factory.makePerson() | ||
735 | 1193 | login_person(repository.owner) | ||
736 | 1194 | view = create_initialized_view(repository, name="+permissions") | ||
737 | 1195 | encoded_ref_pattern = base64.b32encode( | ||
738 | 1196 | b"refs/*").replace("=", "_").decode("UTF-8") | ||
739 | 1197 | self.assertEqual( | ||
740 | 1198 | "field.%s.%s" % (encoded_ref_pattern, grantee.id), | ||
741 | 1199 | view._getFieldName("field", "refs/*", grantee=grantee)) | ||
742 | 1200 | |||
743 | 1201 | def test__parseFieldName_too_few_components(self): | ||
744 | 1202 | repository = self.factory.makeGitRepository() | ||
745 | 1203 | login_person(repository.owner) | ||
746 | 1204 | view = create_initialized_view(repository, name="+permissions") | ||
747 | 1205 | self.assertRaises(UnexpectedFormData, view._parseFieldName, "field") | ||
748 | 1206 | |||
749 | 1207 | def test__parseFieldName_bad_ref_pattern(self): | ||
750 | 1208 | repository = self.factory.makeGitRepository() | ||
751 | 1209 | login_person(repository.owner) | ||
752 | 1210 | view = create_initialized_view(repository, name="+permissions") | ||
753 | 1211 | self.assertRaises( | ||
754 | 1212 | UnexpectedFormData, view._parseFieldName, "field.nonsense") | ||
755 | 1213 | |||
756 | 1214 | def test__parseFieldName_no_grantee(self): | ||
757 | 1215 | repository = self.factory.makeGitRepository() | ||
758 | 1216 | login_person(repository.owner) | ||
759 | 1217 | view = create_initialized_view(repository, name="+permissions") | ||
760 | 1218 | encoded_ref_pattern = base64.b32encode( | ||
761 | 1219 | b"refs/heads/*").replace("=", "_").decode("UTF-8") | ||
762 | 1220 | self.assertEqual( | ||
763 | 1221 | ("permissions", "refs/heads/*", None), | ||
764 | 1222 | view._parseFieldName("permissions.%s" % encoded_ref_pattern)) | ||
765 | 1223 | |||
766 | 1224 | def test__parseFieldName_grantee_unknown_type(self): | ||
767 | 1225 | repository = self.factory.makeGitRepository() | ||
768 | 1226 | login_person(repository.owner) | ||
769 | 1227 | view = create_initialized_view(repository, name="+permissions") | ||
770 | 1228 | encoded_ref_pattern = base64.b32encode( | ||
771 | 1229 | b"refs/tags/*").replace("=", "_").decode("UTF-8") | ||
772 | 1230 | self.assertRaises( | ||
773 | 1231 | UnexpectedFormData, view._parseFieldName, | ||
774 | 1232 | "field.%s._nonsense" % encoded_ref_pattern) | ||
775 | 1233 | self.assertRaises( | ||
776 | 1234 | UnexpectedFormData, view._parseFieldName, | ||
777 | 1235 | "field.%s._person" % encoded_ref_pattern) | ||
778 | 1236 | |||
779 | 1237 | def test__parseFieldName_grantee_repository_owner(self): | ||
780 | 1238 | repository = self.factory.makeGitRepository() | ||
781 | 1239 | login_person(repository.owner) | ||
782 | 1240 | view = create_initialized_view(repository, name="+permissions") | ||
783 | 1241 | encoded_ref_pattern = base64.b32encode( | ||
784 | 1242 | b"refs/tags/*").replace("=", "_").decode("UTF-8") | ||
785 | 1243 | self.assertEqual( | ||
786 | 1244 | ("pattern", "refs/tags/*", GitGranteeType.REPOSITORY_OWNER), | ||
787 | 1245 | view._parseFieldName( | ||
788 | 1246 | "pattern.%s._repository_owner" % encoded_ref_pattern)) | ||
789 | 1247 | |||
790 | 1248 | def test__parseFieldName_grantee_unknown_person(self): | ||
791 | 1249 | repository = self.factory.makeGitRepository() | ||
792 | 1250 | grantee = self.factory.makePerson() | ||
793 | 1251 | login_person(repository.owner) | ||
794 | 1252 | view = create_initialized_view(repository, name="+permissions") | ||
795 | 1253 | encoded_ref_pattern = base64.b32encode( | ||
796 | 1254 | b"refs/*").replace("=", "_").decode("UTF-8") | ||
797 | 1255 | self.assertRaises( | ||
798 | 1256 | UnexpectedFormData, view._parseFieldName, | ||
799 | 1257 | "delete.%s.%s" % (encoded_ref_pattern, grantee.id * 2)) | ||
800 | 1258 | |||
801 | 1259 | def test__parseFieldName_grantee_person(self): | ||
802 | 1260 | repository = self.factory.makeGitRepository() | ||
803 | 1261 | grantee = self.factory.makePerson() | ||
804 | 1262 | login_person(repository.owner) | ||
805 | 1263 | view = create_initialized_view(repository, name="+permissions") | ||
806 | 1264 | encoded_ref_pattern = base64.b32encode( | ||
807 | 1265 | b"refs/*").replace("=", "_").decode("UTF-8") | ||
808 | 1266 | self.assertEqual( | ||
809 | 1267 | ("delete", "refs/*", grantee), | ||
810 | 1268 | view._parseFieldName( | ||
811 | 1269 | "delete.%s.%s" % (encoded_ref_pattern, grantee.id))) | ||
812 | 1270 | |||
813 | 1271 | def test__getPermissionsTerm_standard(self): | ||
814 | 1272 | grant = self.factory.makeGitRuleGrant( | ||
815 | 1273 | ref_pattern="refs/heads/*", can_create=True, can_push=True) | ||
816 | 1274 | login_person(grant.repository.owner) | ||
817 | 1275 | view = create_initialized_view(grant.repository, name="+permissions") | ||
818 | 1276 | self.assertThat( | ||
819 | 1277 | view._getPermissionsTerm(grant), MatchesStructure.byEquality( | ||
820 | 1278 | value={ | ||
821 | 1279 | GitPermissionType.CAN_CREATE, GitPermissionType.CAN_PUSH}, | ||
822 | 1280 | token="can_push", | ||
823 | 1281 | title="Can push")) | ||
824 | 1282 | |||
825 | 1283 | def test__getPermissionsTerm_custom(self): | ||
826 | 1284 | grant = self.factory.makeGitRuleGrant( | ||
827 | 1285 | ref_pattern="refs/heads/*", can_force_push=True) | ||
828 | 1286 | login_person(grant.repository.owner) | ||
829 | 1287 | view = create_initialized_view(grant.repository, name="+permissions") | ||
830 | 1288 | self.assertThat( | ||
831 | 1289 | view._getPermissionsTerm(grant), MatchesStructure.byEquality( | ||
832 | 1290 | value={GitPermissionType.CAN_FORCE_PUSH}, | ||
833 | 1291 | token="custom", | ||
834 | 1292 | title="Custom permissions: force-push")) | ||
835 | 1293 | |||
836 | 1294 | def _matchesCells(self, row_tag, cell_matchers): | ||
837 | 1295 | return AfterPreprocessing( | ||
838 | 1296 | str, soupmatchers.HTMLContains(*( | ||
839 | 1297 | soupmatchers.Within(row_tag, cell_matcher) | ||
840 | 1298 | for cell_matcher in cell_matchers))) | ||
841 | 1299 | |||
842 | 1300 | def _matchesRule(self, position, pattern, short_pattern): | ||
843 | 1301 | rule_tag = soupmatchers.Tag( | ||
844 | 1302 | "rule row", "tr", attrs={"class": "git-rule"}) | ||
845 | 1303 | suffix = "." + encode_form_field_id(pattern) | ||
846 | 1304 | position_field_name = "field.position" + suffix | ||
847 | 1305 | pattern_field_name = "field.pattern" + suffix | ||
848 | 1306 | delete_field_name = "field.delete" + suffix | ||
849 | 1307 | return self._matchesCells(rule_tag, [ | ||
850 | 1308 | soupmatchers.Within( | ||
851 | 1309 | soupmatchers.Tag("position cell", "td"), | ||
852 | 1310 | soupmatchers.Tag( | ||
853 | 1311 | "position widget", "input", | ||
854 | 1312 | attrs={"name": position_field_name, "value": position})), | ||
855 | 1313 | soupmatchers.Within( | ||
856 | 1314 | soupmatchers.Tag("pattern cell", "td"), | ||
857 | 1315 | soupmatchers.Tag( | ||
858 | 1316 | "pattern widget", "input", | ||
859 | 1317 | attrs={ | ||
860 | 1318 | "name": pattern_field_name, | ||
861 | 1319 | "value": short_pattern, | ||
862 | 1320 | })), | ||
863 | 1321 | soupmatchers.Within( | ||
864 | 1322 | soupmatchers.Tag("delete cell", "td"), | ||
865 | 1323 | soupmatchers.Tag( | ||
866 | 1324 | "delete widget", "input", | ||
867 | 1325 | attrs={"name": delete_field_name})), | ||
868 | 1326 | ]) | ||
869 | 1327 | |||
870 | 1328 | def _matchesNewRule(self, ref_prefix): | ||
871 | 1329 | new_rule_tag = soupmatchers.Tag( | ||
872 | 1330 | "new rule row", "tr", attrs={"class": "git-new-rule"}) | ||
873 | 1331 | suffix = "." + encode_form_field_id(ref_prefix) | ||
874 | 1332 | new_position_field_name = "field.new-position" + suffix | ||
875 | 1333 | new_pattern_field_name = "field.new-pattern" + suffix | ||
876 | 1334 | return self._matchesCells(new_rule_tag, [ | ||
877 | 1335 | soupmatchers.Within( | ||
878 | 1336 | soupmatchers.Tag("position cell", "td"), | ||
879 | 1337 | soupmatchers.Tag( | ||
880 | 1338 | "position widget", "input", | ||
881 | 1339 | attrs={"name": new_position_field_name, "value": ""})), | ||
882 | 1340 | soupmatchers.Within( | ||
883 | 1341 | soupmatchers.Tag("pattern cell", "td"), | ||
884 | 1342 | soupmatchers.Tag( | ||
885 | 1343 | "pattern widget", "input", | ||
886 | 1344 | attrs={"name": new_pattern_field_name, "value": ""})), | ||
887 | 1345 | ]) | ||
888 | 1346 | |||
889 | 1347 | def _matchesRuleGrant(self, pattern, grantee, permissions_token, | ||
890 | 1348 | permissions_title): | ||
891 | 1349 | rule_grant_tag = soupmatchers.Tag( | ||
892 | 1350 | "rule grant row", "tr", attrs={"class": "git-rule-grant"}) | ||
893 | 1351 | suffix = "." + encode_form_field_id(pattern) | ||
894 | 1352 | if IPerson.providedBy(grantee): | ||
895 | 1353 | suffix += "." + str(grantee.id) | ||
896 | 1354 | grantee_widget_matcher = soupmatchers.Tag( | ||
897 | 1355 | "grantee widget", "a", attrs={"href": canonical_url(grantee)}, | ||
898 | 1356 | text=" " + grantee.display_name) | ||
899 | 1357 | else: | ||
900 | 1358 | suffix += "._" + grantee.name.lower() | ||
901 | 1359 | grantee_widget_matcher = soupmatchers.Tag( | ||
902 | 1360 | "grantee widget", "label", | ||
903 | 1361 | text=re.compile(re.escape(grantee.title))) | ||
904 | 1362 | permissions_field_name = "field.permissions" + suffix | ||
905 | 1363 | delete_field_name = "field.delete" + suffix | ||
906 | 1364 | return self._matchesCells(rule_grant_tag, [ | ||
907 | 1365 | soupmatchers.Within( | ||
908 | 1366 | soupmatchers.Tag("grantee cell", "td"), | ||
909 | 1367 | grantee_widget_matcher), | ||
910 | 1368 | soupmatchers.Within( | ||
911 | 1369 | soupmatchers.Tag("permissions cell", "td"), | ||
912 | 1370 | soupmatchers.Within( | ||
913 | 1371 | soupmatchers.Tag( | ||
914 | 1372 | "permissions widget", "select", | ||
915 | 1373 | attrs={"name": permissions_field_name}), | ||
916 | 1374 | soupmatchers.Tag( | ||
917 | 1375 | "selected permissions option", "option", | ||
918 | 1376 | attrs={ | ||
919 | 1377 | "selected": "selected", | ||
920 | 1378 | "value": permissions_token, | ||
921 | 1379 | }, | ||
922 | 1380 | text=permissions_title))), | ||
923 | 1381 | soupmatchers.Within( | ||
924 | 1382 | soupmatchers.Tag("delete cell", "td"), | ||
925 | 1383 | soupmatchers.Tag( | ||
926 | 1384 | "delete widget", "input", | ||
927 | 1385 | attrs={"name": delete_field_name})), | ||
928 | 1386 | ]) | ||
929 | 1387 | |||
930 | 1388 | def _matchesNewRuleGrant(self, pattern, permissions_token): | ||
931 | 1389 | rule_grant_tag = soupmatchers.Tag( | ||
932 | 1390 | "rule grant row", "tr", attrs={"class": "git-new-rule-grant"}) | ||
933 | 1391 | suffix = "." + encode_form_field_id(pattern) | ||
934 | 1392 | grantee_field_name = "field.grantee" + suffix | ||
935 | 1393 | permissions_field_name = "field.permissions" + suffix | ||
936 | 1394 | return self._matchesCells(rule_grant_tag, [ | ||
937 | 1395 | soupmatchers.Within( | ||
938 | 1396 | soupmatchers.Tag("grantee cell", "td"), | ||
939 | 1397 | soupmatchers.Tag( | ||
940 | 1398 | "grantee widget", "input", | ||
941 | 1399 | attrs={"name": grantee_field_name})), | ||
942 | 1400 | soupmatchers.Within( | ||
943 | 1401 | soupmatchers.Tag("permissions cell", "td"), | ||
944 | 1402 | soupmatchers.Within( | ||
945 | 1403 | soupmatchers.Tag( | ||
946 | 1404 | "permissions widget", "select", | ||
947 | 1405 | attrs={"name": permissions_field_name}), | ||
948 | 1406 | soupmatchers.Tag( | ||
949 | 1407 | "selected permissions option", "option", | ||
950 | 1408 | attrs={ | ||
951 | 1409 | "selected": "selected", | ||
952 | 1410 | "value": permissions_token, | ||
953 | 1411 | }))), | ||
954 | 1412 | ]) | ||
955 | 1413 | |||
956 | 1414 | def test_rules_table(self): | ||
957 | 1415 | repository = self.factory.makeGitRepository() | ||
958 | 1416 | heads_rule = self.factory.makeGitRule( | ||
959 | 1417 | repository=repository, ref_pattern="refs/heads/stable/*") | ||
960 | 1418 | heads_grantee_1 = self.factory.makePerson( | ||
961 | 1419 | name=self.factory.getUniqueString("person-name-a")) | ||
962 | 1420 | heads_grantee_2 = self.factory.makePerson( | ||
963 | 1421 | name=self.factory.getUniqueString("person-name-b")) | ||
964 | 1422 | self.factory.makeGitRuleGrant( | ||
965 | 1423 | rule=heads_rule, grantee=heads_grantee_1, can_push=True) | ||
966 | 1424 | self.factory.makeGitRuleGrant( | ||
967 | 1425 | rule=heads_rule, grantee=heads_grantee_2, can_force_push=True) | ||
968 | 1426 | tags_rule = self.factory.makeGitRule( | ||
969 | 1427 | repository=repository, ref_pattern="refs/tags/*") | ||
970 | 1428 | self.factory.makeGitRuleGrant( | ||
971 | 1429 | rule=tags_rule, grantee=GitGranteeType.REPOSITORY_OWNER) | ||
972 | 1430 | login_person(repository.owner) | ||
973 | 1431 | view = create_initialized_view( | ||
974 | 1432 | repository, name="+permissions", principal=repository.owner) | ||
975 | 1433 | rules_table = find_tag_by_id(view(), "rules-table") | ||
976 | 1434 | rows = rules_table.findAll("tr", {"class": True}) | ||
977 | 1435 | self.assertThat(rows, MatchesListwise([ | ||
978 | 1436 | self._matchesRule("1", "refs/heads/stable/*", "stable/*"), | ||
979 | 1437 | self._matchesRuleGrant( | ||
980 | 1438 | "refs/heads/stable/*", heads_grantee_1, "can_push_existing", | ||
981 | 1439 | "Can push if the branch already exists"), | ||
982 | 1440 | self._matchesRuleGrant( | ||
983 | 1441 | "refs/heads/stable/*", heads_grantee_2, "custom", | ||
984 | 1442 | "Custom permissions: force-push"), | ||
985 | 1443 | self._matchesNewRuleGrant("refs/heads/stable/*", "can_push"), | ||
986 | 1444 | self._matchesNewRule("refs/heads/"), | ||
987 | 1445 | self._matchesRule("2", "refs/tags/*", "*"), | ||
988 | 1446 | self._matchesRuleGrant( | ||
989 | 1447 | "refs/tags/*", GitGranteeType.REPOSITORY_OWNER, | ||
990 | 1448 | "cannot_create", "Cannot create"), | ||
991 | 1449 | self._matchesNewRuleGrant("refs/tags/*", "can_create"), | ||
992 | 1450 | self._matchesNewRule("refs/tags/"), | ||
993 | 1451 | ])) | ||
994 | 1452 | |||
995 | 1453 | def assertHasRules(self, repository, ref_patterns): | ||
996 | 1454 | self.assertThat(list(repository.rules), MatchesListwise([ | ||
997 | 1455 | MatchesStructure.byEquality(ref_pattern=ref_pattern) | ||
998 | 1456 | for ref_pattern in ref_patterns | ||
999 | 1457 | ])) | ||
1000 | 1458 | |||
1001 | 1459 | def assertHasSavedNotification(self, view, repository): | ||
1002 | 1460 | self.assertThat(view.request.response.notifications, MatchesListwise([ | ||
1003 | 1461 | MatchesStructure.byEquality( | ||
1004 | 1462 | message="Saved permissions for %s" % repository.identity), | ||
1005 | 1463 | ])) | ||
1006 | 1464 | |||
1007 | 1465 | def test_save_add_rules(self): | ||
1008 | 1466 | repository = self.factory.makeGitRepository() | ||
1009 | 1467 | self.factory.makeGitRule( | ||
1010 | 1468 | repository=repository, ref_pattern="refs/heads/stable/*") | ||
1011 | 1469 | removeSecurityProxy(repository.getActivity()).remove() | ||
1012 | 1470 | login_person(repository.owner) | ||
1013 | 1471 | encoded_heads_prefix = encode_form_field_id("refs/heads/") | ||
1014 | 1472 | encoded_tags_prefix = encode_form_field_id("refs/tags/") | ||
1015 | 1473 | form = { | ||
1016 | 1474 | "field.new-pattern." + encoded_heads_prefix: "*", | ||
1017 | 1475 | "field.new-pattern." + encoded_tags_prefix: "1.0", | ||
1018 | 1476 | "field.actions.save": "Save", | ||
1019 | 1477 | } | ||
1020 | 1478 | view = create_initialized_view( | ||
1021 | 1479 | repository, name="+permissions", form=form, | ||
1022 | 1480 | principal=repository.owner) | ||
1023 | 1481 | self.assertHasRules( | ||
1024 | 1482 | repository, | ||
1025 | 1483 | ["refs/tags/1.0", "refs/heads/stable/*", "refs/heads/*"]) | ||
1026 | 1484 | self.assertThat(list(repository.getActivity()), MatchesListwise([ | ||
1027 | 1485 | # Adding a tag rule automatically adds a repository owner grant. | ||
1028 | 1486 | MatchesStructure( | ||
1029 | 1487 | changer=Equals(repository.owner), | ||
1030 | 1488 | changee=Is(None), | ||
1031 | 1489 | what_changed=Equals(GitActivityType.GRANT_ADDED), | ||
1032 | 1490 | new_value=MatchesDict({ | ||
1033 | 1491 | "changee_type": Equals("Repository owner"), | ||
1034 | 1492 | "ref_pattern": Equals("refs/tags/1.0"), | ||
1035 | 1493 | "can_create": Is(True), | ||
1036 | 1494 | "can_push": Is(False), | ||
1037 | 1495 | "can_force_push": Is(False), | ||
1038 | 1496 | })), | ||
1039 | 1497 | MatchesStructure( | ||
1040 | 1498 | changer=Equals(repository.owner), | ||
1041 | 1499 | what_changed=Equals(GitActivityType.RULE_ADDED), | ||
1042 | 1500 | new_value=MatchesDict({ | ||
1043 | 1501 | "ref_pattern": Equals("refs/tags/1.0"), | ||
1044 | 1502 | "position": Equals(0), | ||
1045 | 1503 | })), | ||
1046 | 1504 | MatchesStructure( | ||
1047 | 1505 | changer=Equals(repository.owner), | ||
1048 | 1506 | what_changed=Equals(GitActivityType.RULE_ADDED), | ||
1049 | 1507 | new_value=MatchesDict({ | ||
1050 | 1508 | "ref_pattern": Equals("refs/heads/*"), | ||
1051 | 1509 | # Initially inserted at 1, although refs/tags/1.0 was | ||
1052 | 1510 | # later inserted before it. | ||
1053 | 1511 | "position": Equals(1), | ||
1054 | 1512 | })), | ||
1055 | 1513 | ])) | ||
1056 | 1514 | self.assertHasSavedNotification(view, repository) | ||
1057 | 1515 | |||
1058 | 1516 | def test_save_add_duplicate_rule(self): | ||
1059 | 1517 | repository = self.factory.makeGitRepository() | ||
1060 | 1518 | self.factory.makeGitRule( | ||
1061 | 1519 | repository=repository, ref_pattern="refs/heads/stable/*") | ||
1062 | 1520 | transaction.commit() | ||
1063 | 1521 | login_person(repository.owner) | ||
1064 | 1522 | encoded_heads_prefix = encode_form_field_id("refs/heads/") | ||
1065 | 1523 | form = { | ||
1066 | 1524 | "field.new-pattern." + encoded_heads_prefix: "stable/*", | ||
1067 | 1525 | "field.actions.save": "Save", | ||
1068 | 1526 | } | ||
1069 | 1527 | view = create_initialized_view( | ||
1070 | 1528 | repository, name="+permissions", form=form, | ||
1071 | 1529 | principal=repository.owner) | ||
1072 | 1530 | self.assertThat(view.errors, MatchesListwise([ | ||
1073 | 1531 | MatchesStructure( | ||
1074 | 1532 | field_name=Equals("new-pattern." + encoded_heads_prefix), | ||
1075 | 1533 | errors=MatchesStructure.byEquality( | ||
1076 | 1534 | args=("stable/* is already in use by another rule",))), | ||
1077 | 1535 | ])) | ||
1078 | 1536 | self.assertHasRules(repository, ["refs/heads/stable/*"]) | ||
1079 | 1537 | |||
1080 | 1538 | def test_save_move_rule(self): | ||
1081 | 1539 | repository = self.factory.makeGitRepository() | ||
1082 | 1540 | self.factory.makeGitRule( | ||
1083 | 1541 | repository=repository, ref_pattern="refs/heads/stable/*") | ||
1084 | 1542 | self.factory.makeGitRule( | ||
1085 | 1543 | repository=repository, ref_pattern="refs/heads/*/next") | ||
1086 | 1544 | encoded_patterns = [ | ||
1087 | 1545 | encode_form_field_id(rule.ref_pattern) | ||
1088 | 1546 | for rule in repository.rules] | ||
1089 | 1547 | removeSecurityProxy(repository.getActivity()).remove() | ||
1090 | 1548 | login_person(repository.owner) | ||
1091 | 1549 | # Positions are 1-based in the UI. | ||
1092 | 1550 | form = { | ||
1093 | 1551 | "field.position." + encoded_patterns[0]: "2", | ||
1094 | 1552 | "field.pattern." + encoded_patterns[0]: "stable/*", | ||
1095 | 1553 | "field.position." + encoded_patterns[1]: "1", | ||
1096 | 1554 | "field.pattern." + encoded_patterns[1]: "*/more-next", | ||
1097 | 1555 | "field.actions.save": "Save", | ||
1098 | 1556 | } | ||
1099 | 1557 | view = create_initialized_view( | ||
1100 | 1558 | repository, name="+permissions", form=form, | ||
1101 | 1559 | principal=repository.owner) | ||
1102 | 1560 | self.assertHasRules( | ||
1103 | 1561 | repository, ["refs/heads/*/more-next", "refs/heads/stable/*"]) | ||
1104 | 1562 | self.assertThat(list(repository.getActivity()), MatchesListwise([ | ||
1105 | 1563 | MatchesStructure( | ||
1106 | 1564 | changer=Equals(repository.owner), | ||
1107 | 1565 | what_changed=Equals(GitActivityType.RULE_CHANGED), | ||
1108 | 1566 | old_value=MatchesDict({ | ||
1109 | 1567 | "ref_pattern": Equals("refs/heads/*/next"), | ||
1110 | 1568 | "position": Equals(0), | ||
1111 | 1569 | }), | ||
1112 | 1570 | new_value=MatchesDict({ | ||
1113 | 1571 | "ref_pattern": Equals("refs/heads/*/more-next"), | ||
1114 | 1572 | "position": Equals(0), | ||
1115 | 1573 | })), | ||
1116 | 1574 | # Only one rule is recorded as moving; the other is already in | ||
1117 | 1575 | # its new position by the time it's processed. | ||
1118 | 1576 | MatchesStructure( | ||
1119 | 1577 | changer=Equals(repository.owner), | ||
1120 | 1578 | what_changed=Equals(GitActivityType.RULE_MOVED), | ||
1121 | 1579 | old_value=MatchesDict({ | ||
1122 | 1580 | "ref_pattern": Equals("refs/heads/stable/*"), | ||
1123 | 1581 | "position": Equals(0), | ||
1124 | 1582 | }), | ||
1125 | 1583 | new_value=MatchesDict({ | ||
1126 | 1584 | "ref_pattern": Equals("refs/heads/stable/*"), | ||
1127 | 1585 | "position": Equals(1), | ||
1128 | 1586 | })), | ||
1129 | 1587 | ])) | ||
1130 | 1588 | self.assertHasSavedNotification(view, repository) | ||
1131 | 1589 | |||
1132 | 1590 | def test_save_change_grants(self): | ||
1133 | 1591 | repository = self.factory.makeGitRepository() | ||
1134 | 1592 | stable_rule = self.factory.makeGitRule( | ||
1135 | 1593 | repository=repository, ref_pattern="refs/heads/stable/*") | ||
1136 | 1594 | next_rule = self.factory.makeGitRule( | ||
1137 | 1595 | repository=repository, ref_pattern="refs/heads/*/next") | ||
1138 | 1596 | grantees = [self.factory.makePerson() for _ in range(3)] | ||
1139 | 1597 | self.factory.makeGitRuleGrant( | ||
1140 | 1598 | rule=stable_rule, grantee=GitGranteeType.REPOSITORY_OWNER, | ||
1141 | 1599 | can_create=True) | ||
1142 | 1600 | self.factory.makeGitRuleGrant( | ||
1143 | 1601 | rule=stable_rule, | ||
1144 | 1602 | grantee=grantees[0], can_create=True, can_push=True) | ||
1145 | 1603 | self.factory.makeGitRuleGrant( | ||
1146 | 1604 | rule=next_rule, grantee=grantees[1], | ||
1147 | 1605 | can_create=True, can_push=True, can_force_push=True) | ||
1148 | 1606 | encoded_patterns = [ | ||
1149 | 1607 | encode_form_field_id(rule.ref_pattern) | ||
1150 | 1608 | for rule in repository.rules] | ||
1151 | 1609 | removeSecurityProxy(repository.getActivity()).remove() | ||
1152 | 1610 | login_person(repository.owner) | ||
1153 | 1611 | form = { | ||
1154 | 1612 | "field.permissions.%s._repository_owner" % encoded_patterns[0]: ( | ||
1155 | 1613 | "can_push"), | ||
1156 | 1614 | "field.permissions.%s.%s" % ( | ||
1157 | 1615 | encoded_patterns[0], grantees[0].id): "can_push", | ||
1158 | 1616 | "field.delete.%s.%s" % (encoded_patterns[0], grantees[0].id): "on", | ||
1159 | 1617 | "field.grantee.%s" % encoded_patterns[1]: "person", | ||
1160 | 1618 | "field.grantee.%s.person" % encoded_patterns[1]: grantees[2].name, | ||
1161 | 1619 | "field.permissions.%s" % encoded_patterns[1]: "can_push_existing", | ||
1162 | 1620 | "field.actions.save": "Save", | ||
1163 | 1621 | } | ||
1164 | 1622 | view = create_initialized_view( | ||
1165 | 1623 | repository, name="+permissions", form=form, | ||
1166 | 1624 | principal=repository.owner) | ||
1167 | 1625 | self.assertHasRules( | ||
1168 | 1626 | repository, ["refs/heads/stable/*", "refs/heads/*/next"]) | ||
1169 | 1627 | self.assertThat(stable_rule.grants, MatchesSetwise( | ||
1170 | 1628 | MatchesStructure.byEquality( | ||
1171 | 1629 | grantee_type=GitGranteeType.REPOSITORY_OWNER, | ||
1172 | 1630 | can_create=True, can_push=True, can_force_push=False))) | ||
1173 | 1631 | self.assertThat(next_rule.grants, MatchesSetwise( | ||
1174 | 1632 | MatchesStructure.byEquality( | ||
1175 | 1633 | grantee=grantees[1], | ||
1176 | 1634 | can_create=True, can_push=True, can_force_push=True), | ||
1177 | 1635 | MatchesStructure.byEquality( | ||
1178 | 1636 | grantee=grantees[2], | ||
1179 | 1637 | can_create=False, can_push=True, can_force_push=False))) | ||
1180 | 1638 | self.assertThat(repository.getActivity(), MatchesSetwise( | ||
1181 | 1639 | MatchesStructure( | ||
1182 | 1640 | changer=Equals(repository.owner), | ||
1183 | 1641 | changee=Is(None), | ||
1184 | 1642 | what_changed=Equals(GitActivityType.GRANT_CHANGED), | ||
1185 | 1643 | old_value=Equals({ | ||
1186 | 1644 | "changee_type": "Repository owner", | ||
1187 | 1645 | "ref_pattern": "refs/heads/stable/*", | ||
1188 | 1646 | "can_create": True, | ||
1189 | 1647 | "can_push": False, | ||
1190 | 1648 | "can_force_push": False, | ||
1191 | 1649 | }), | ||
1192 | 1650 | new_value=Equals({ | ||
1193 | 1651 | "changee_type": "Repository owner", | ||
1194 | 1652 | "ref_pattern": "refs/heads/stable/*", | ||
1195 | 1653 | "can_create": True, | ||
1196 | 1654 | "can_push": True, | ||
1197 | 1655 | "can_force_push": False, | ||
1198 | 1656 | })), | ||
1199 | 1657 | MatchesStructure( | ||
1200 | 1658 | changer=Equals(repository.owner), | ||
1201 | 1659 | changee=Equals(grantees[0]), | ||
1202 | 1660 | what_changed=Equals(GitActivityType.GRANT_REMOVED), | ||
1203 | 1661 | old_value=Equals({ | ||
1204 | 1662 | "changee_type": "Person", | ||
1205 | 1663 | "ref_pattern": "refs/heads/stable/*", | ||
1206 | 1664 | "can_create": True, | ||
1207 | 1665 | "can_push": True, | ||
1208 | 1666 | "can_force_push": False, | ||
1209 | 1667 | })), | ||
1210 | 1668 | MatchesStructure( | ||
1211 | 1669 | changer=Equals(repository.owner), | ||
1212 | 1670 | changee=Equals(grantees[2]), | ||
1213 | 1671 | what_changed=Equals(GitActivityType.GRANT_ADDED), | ||
1214 | 1672 | new_value=Equals({ | ||
1215 | 1673 | "changee_type": "Person", | ||
1216 | 1674 | "ref_pattern": "refs/heads/*/next", | ||
1217 | 1675 | "can_create": False, | ||
1218 | 1676 | "can_push": True, | ||
1219 | 1677 | "can_force_push": False, | ||
1220 | 1678 | })))) | ||
1221 | 1679 | self.assertHasSavedNotification(view, repository) | ||
1222 | 1680 | |||
1223 | 1681 | def test_save_delete_rule(self): | ||
1224 | 1682 | repository = self.factory.makeGitRepository() | ||
1225 | 1683 | self.factory.makeGitRule( | ||
1226 | 1684 | repository=repository, ref_pattern="refs/heads/stable/*") | ||
1227 | 1685 | self.factory.makeGitRule( | ||
1228 | 1686 | repository=repository, ref_pattern="refs/heads/*") | ||
1229 | 1687 | removeSecurityProxy(repository.getActivity()).remove() | ||
1230 | 1688 | login_person(repository.owner) | ||
1231 | 1689 | encoded_pattern = encode_form_field_id("refs/heads/*") | ||
1232 | 1690 | form = { | ||
1233 | 1691 | "field.pattern." + encoded_pattern: "*", | ||
1234 | 1692 | "field.delete." + encoded_pattern: "on", | ||
1235 | 1693 | "field.actions.save": "Save", | ||
1236 | 1694 | } | ||
1237 | 1695 | view = create_initialized_view( | ||
1238 | 1696 | repository, name="+permissions", form=form, | ||
1239 | 1697 | principal=repository.owner) | ||
1240 | 1698 | self.assertHasRules(repository, ["refs/heads/stable/*"]) | ||
1241 | 1699 | self.assertThat(list(repository.getActivity()), MatchesListwise([ | ||
1242 | 1700 | MatchesStructure( | ||
1243 | 1701 | changer=Equals(repository.owner), | ||
1244 | 1702 | what_changed=Equals(GitActivityType.RULE_REMOVED), | ||
1245 | 1703 | old_value=MatchesDict({ | ||
1246 | 1704 | "ref_pattern": Equals("refs/heads/*"), | ||
1247 | 1705 | "position": Equals(1), | ||
1248 | 1706 | })), | ||
1249 | 1707 | ])) | ||
1250 | 1708 | self.assertHasSavedNotification(view, repository) | ||
1251 | 1709 | |||
1252 | 1710 | |||
1253 | 1100 | class TestGitRepositoryDeletionView(BrowserTestCase): | 1711 | class TestGitRepositoryDeletionView(BrowserTestCase): |
1254 | 1101 | 1712 | ||
1255 | 1102 | layer = DatabaseFunctionalLayer | 1713 | layer = DatabaseFunctionalLayer |
1256 | 1103 | 1714 | ||
1257 | === added file 'lib/lp/code/browser/widgets/gitgrantee.py' | |||
1258 | --- lib/lp/code/browser/widgets/gitgrantee.py 1970-01-01 00:00:00 +0000 | |||
1259 | +++ lib/lp/code/browser/widgets/gitgrantee.py 2018-11-09 22:50:10 +0000 | |||
1260 | @@ -0,0 +1,253 @@ | |||
1261 | 1 | # Copyright 2018 Canonical Ltd. This software is licensed under the | ||
1262 | 2 | # GNU Affero General Public License version 3 (see the file LICENSE). | ||
1263 | 3 | |||
1264 | 4 | from __future__ import absolute_import, print_function, unicode_literals | ||
1265 | 5 | |||
1266 | 6 | __metaclass__ = type | ||
1267 | 7 | __all__ = [ | ||
1268 | 8 | 'GitGranteeDisplayWidget', | ||
1269 | 9 | 'GitGranteeField', | ||
1270 | 10 | 'GitGranteeWidget', | ||
1271 | 11 | ] | ||
1272 | 12 | |||
1273 | 13 | from lazr.enum import DBItem | ||
1274 | 14 | from lazr.restful.fields import Reference | ||
1275 | 15 | from z3c.ptcompat import ViewPageTemplateFile | ||
1276 | 16 | from zope.formlib.interfaces import ( | ||
1277 | 17 | ConversionError, | ||
1278 | 18 | IDisplayWidget, | ||
1279 | 19 | IInputWidget, | ||
1280 | 20 | InputErrors, | ||
1281 | 21 | MissingInputError, | ||
1282 | 22 | WidgetInputError, | ||
1283 | 23 | ) | ||
1284 | 24 | from zope.formlib.utility import setUpWidget | ||
1285 | 25 | from zope.formlib.widget import ( | ||
1286 | 26 | BrowserWidget, | ||
1287 | 27 | CustomWidgetFactory, | ||
1288 | 28 | DisplayWidget, | ||
1289 | 29 | InputWidget, | ||
1290 | 30 | renderElement, | ||
1291 | 31 | ) | ||
1292 | 32 | from zope.interface import implementer | ||
1293 | 33 | from zope.schema import ( | ||
1294 | 34 | Choice, | ||
1295 | 35 | Field, | ||
1296 | 36 | ) | ||
1297 | 37 | from zope.schema.interfaces import IField | ||
1298 | 38 | from zope.schema.vocabulary import getVocabularyRegistry | ||
1299 | 39 | from zope.security.proxy import isinstance as zope_isinstance | ||
1300 | 40 | |||
1301 | 41 | from lp import _ | ||
1302 | 42 | from lp.app.errors import UnexpectedFormData | ||
1303 | 43 | from lp.app.validators import LaunchpadValidationError | ||
1304 | 44 | from lp.app.widgets.popup import PersonPickerWidget | ||
1305 | 45 | from lp.code.enums import GitGranteeType | ||
1306 | 46 | from lp.code.interfaces.gitrule import IGitRule | ||
1307 | 47 | from lp.registry.interfaces.person import IPerson | ||
1308 | 48 | from lp.services.webapp.escaping import structured | ||
1309 | 49 | from lp.services.webapp.interfaces import ( | ||
1310 | 50 | IAlwaysSubmittedWidget, | ||
1311 | 51 | IMultiLineWidgetLayout, | ||
1312 | 52 | ) | ||
1313 | 53 | from lp.services.webapp.publisher import canonical_url | ||
1314 | 54 | |||
1315 | 55 | |||
1316 | 56 | class IGitGranteeField(IField): | ||
1317 | 57 | """An interface for a Git access grantee field.""" | ||
1318 | 58 | |||
1319 | 59 | rule = Reference( | ||
1320 | 60 | title=_("Rule"), required=True, readonly=True, schema=IGitRule, | ||
1321 | 61 | description=_("The rule that this grantee is for.")) | ||
1322 | 62 | |||
1323 | 63 | |||
1324 | 64 | @implementer(IGitGranteeField) | ||
1325 | 65 | class GitGranteeField(Field): | ||
1326 | 66 | """A field that holds a Git access grantee.""" | ||
1327 | 67 | |||
1328 | 68 | def __init__(self, rule, *args, **kwargs): | ||
1329 | 69 | super(GitGranteeField, self).__init__(*args, **kwargs) | ||
1330 | 70 | self.rule = rule | ||
1331 | 71 | |||
1332 | 72 | def constraint(self, value): | ||
1333 | 73 | """See `IField`.""" | ||
1334 | 74 | if zope_isinstance(value, DBItem) and value.enum == GitGranteeType: | ||
1335 | 75 | return value != GitGranteeType.PERSON | ||
1336 | 76 | else: | ||
1337 | 77 | return value in getVocabularyRegistry().get( | ||
1338 | 78 | None, "ValidPersonOrTeam") | ||
1339 | 79 | |||
1340 | 80 | |||
1341 | 81 | @implementer(IDisplayWidget) | ||
1342 | 82 | class GitGranteePersonDisplayWidget(BrowserWidget): | ||
1343 | 83 | |||
1344 | 84 | def __init__(self, context, vocabulary, request): | ||
1345 | 85 | super(GitGranteePersonDisplayWidget, self).__init__(context, request) | ||
1346 | 86 | |||
1347 | 87 | def __call__(self): | ||
1348 | 88 | if self._renderedValueSet(): | ||
1349 | 89 | grantee = self._data | ||
1350 | 90 | person_img = renderElement( | ||
1351 | 91 | "img", style="padding-bottom: 2px", src="/@@/person", alt="") | ||
1352 | 92 | return renderElement( | ||
1353 | 93 | "a", href=canonical_url(grantee), | ||
1354 | 94 | contents="%s %s" % ( | ||
1355 | 95 | person_img, | ||
1356 | 96 | structured("%s", grantee.display_name).escapedtext)) | ||
1357 | 97 | else: | ||
1358 | 98 | return "" | ||
1359 | 99 | |||
1360 | 100 | |||
1361 | 101 | @implementer(IMultiLineWidgetLayout) | ||
1362 | 102 | class GitGranteeWidgetBase(BrowserWidget): | ||
1363 | 103 | |||
1364 | 104 | template = ViewPageTemplateFile("templates/gitgrantee.pt") | ||
1365 | 105 | default_option = "person" | ||
1366 | 106 | _widgets_set_up = False | ||
1367 | 107 | |||
1368 | 108 | def setUpSubWidgets(self): | ||
1369 | 109 | if self._widgets_set_up: | ||
1370 | 110 | return | ||
1371 | 111 | fields = [ | ||
1372 | 112 | Choice( | ||
1373 | 113 | __name__="person", title=u"Person", | ||
1374 | 114 | required=False, vocabulary="ValidPersonOrTeam"), | ||
1375 | 115 | ] | ||
1376 | 116 | if self._read_only: | ||
1377 | 117 | self.person_widget = CustomWidgetFactory( | ||
1378 | 118 | GitGranteePersonDisplayWidget) | ||
1379 | 119 | else: | ||
1380 | 120 | self.person_widget = CustomWidgetFactory( | ||
1381 | 121 | PersonPickerWidget, | ||
1382 | 122 | # XXX cjwatson 2018-10-18: This is a little unfortunate, but | ||
1383 | 123 | # otherwise there's no spacing at all between the | ||
1384 | 124 | # (deliberately unlabelled) radio button and the text box. | ||
1385 | 125 | style="margin-left: 4px;") | ||
1386 | 126 | for field in fields: | ||
1387 | 127 | setUpWidget( | ||
1388 | 128 | self, field.__name__, field, self._sub_widget_interface, | ||
1389 | 129 | prefix=self.name) | ||
1390 | 130 | self._widgets_set_up = True | ||
1391 | 131 | |||
1392 | 132 | def setUpOptions(self): | ||
1393 | 133 | """Set up options to be rendered.""" | ||
1394 | 134 | self.options = {} | ||
1395 | 135 | for option in ("repository_owner", "person"): | ||
1396 | 136 | attributes = { | ||
1397 | 137 | "type": "radio", "name": self.name, "value": option, | ||
1398 | 138 | "id": "%s.option.%s" % (self.name, option), | ||
1399 | 139 | # XXX cjwatson 2018-10-18: Ugly, but it's worse without | ||
1400 | 140 | # this, especially in a permissions table where this widget | ||
1401 | 141 | # is normally used. | ||
1402 | 142 | "style": "margin-left: 0;", | ||
1403 | 143 | } | ||
1404 | 144 | if self.request.form_ng.getOne( | ||
1405 | 145 | self.name, self.default_option) == option: | ||
1406 | 146 | attributes["checked"] = "checked" | ||
1407 | 147 | if self._read_only: | ||
1408 | 148 | attributes["disabled"] = "disabled" | ||
1409 | 149 | self.options[option] = renderElement("input", **attributes) | ||
1410 | 150 | |||
1411 | 151 | @property | ||
1412 | 152 | def show_options(self): | ||
1413 | 153 | return { | ||
1414 | 154 | option: not self._read_only or self.default_option == option | ||
1415 | 155 | for option in ("repository_owner", "person")} | ||
1416 | 156 | |||
1417 | 157 | def setRenderedValue(self, value): | ||
1418 | 158 | """See `IWidget`.""" | ||
1419 | 159 | self.setUpSubWidgets() | ||
1420 | 160 | if value == GitGranteeType.REPOSITORY_OWNER: | ||
1421 | 161 | self.default_option = "repository_owner" | ||
1422 | 162 | return | ||
1423 | 163 | elif value is None or IPerson.providedBy(value): | ||
1424 | 164 | self.default_option = "person" | ||
1425 | 165 | self.person_widget.setRenderedValue(value) | ||
1426 | 166 | return | ||
1427 | 167 | else: | ||
1428 | 168 | raise AssertionError("Not a valid value: %r" % value) | ||
1429 | 169 | |||
1430 | 170 | def __call__(self): | ||
1431 | 171 | """See `zope.formlib.interfaces.IBrowserWidget`.""" | ||
1432 | 172 | self.setUpSubWidgets() | ||
1433 | 173 | self.setUpOptions() | ||
1434 | 174 | return self.template() | ||
1435 | 175 | |||
1436 | 176 | |||
1437 | 177 | @implementer(IDisplayWidget) | ||
1438 | 178 | class GitGranteeDisplayWidget(GitGranteeWidgetBase, DisplayWidget): | ||
1439 | 179 | """Widget for displaying a Git access grantee.""" | ||
1440 | 180 | |||
1441 | 181 | _sub_widget_interface = IDisplayWidget | ||
1442 | 182 | _read_only = True | ||
1443 | 183 | |||
1444 | 184 | |||
1445 | 185 | @implementer(IAlwaysSubmittedWidget, IInputWidget) | ||
1446 | 186 | class GitGranteeWidget(GitGranteeWidgetBase, InputWidget): | ||
1447 | 187 | """Widget for selecting a Git access grantee.""" | ||
1448 | 188 | |||
1449 | 189 | _sub_widget_interface = IInputWidget | ||
1450 | 190 | _read_only = False | ||
1451 | 191 | _widgets_set_up = False | ||
1452 | 192 | |||
1453 | 193 | @property | ||
1454 | 194 | def show_options(self): | ||
1455 | 195 | show_options = super(GitGranteeWidget, self).show_options | ||
1456 | 196 | # Hide options that indicate unique grantee_types (e.g. | ||
1457 | 197 | # repository_owner) if they already exist for the context rule. | ||
1458 | 198 | if (show_options["repository_owner"] and | ||
1459 | 199 | not self.context.rule.repository.findRuleGrantsByGrantee( | ||
1460 | 200 | GitGranteeType.REPOSITORY_OWNER, | ||
1461 | 201 | ref_pattern=self.context.rule.ref_pattern, | ||
1462 | 202 | exact_grantee=True).is_empty()): | ||
1463 | 203 | show_options["repository_owner"] = False | ||
1464 | 204 | return show_options | ||
1465 | 205 | |||
1466 | 206 | def hasInput(self): | ||
1467 | 207 | self.setUpSubWidgets() | ||
1468 | 208 | form_value = self.request.form_ng.getOne(self.name) | ||
1469 | 209 | if form_value is None: | ||
1470 | 210 | return False | ||
1471 | 211 | return form_value != "person" or self.person_widget.hasInput() | ||
1472 | 212 | |||
1473 | 213 | def hasValidInput(self): | ||
1474 | 214 | """See `zope.formlib.interfaces.IInputWidget`.""" | ||
1475 | 215 | try: | ||
1476 | 216 | self.getInputValue() | ||
1477 | 217 | return True | ||
1478 | 218 | except (InputErrors, UnexpectedFormData): | ||
1479 | 219 | return False | ||
1480 | 220 | |||
1481 | 221 | def getInputValue(self): | ||
1482 | 222 | """See `zope.formlib.interfaces.IInputWidget`.""" | ||
1483 | 223 | self.setUpSubWidgets() | ||
1484 | 224 | form_value = self.request.form_ng.getOne(self.name) | ||
1485 | 225 | if form_value == "repository_owner": | ||
1486 | 226 | return GitGranteeType.REPOSITORY_OWNER | ||
1487 | 227 | elif form_value == "person": | ||
1488 | 228 | try: | ||
1489 | 229 | return self.person_widget.getInputValue() | ||
1490 | 230 | except MissingInputError: | ||
1491 | 231 | raise WidgetInputError( | ||
1492 | 232 | self.name, self.label, | ||
1493 | 233 | LaunchpadValidationError( | ||
1494 | 234 | "Please enter a person or team name")) | ||
1495 | 235 | except ConversionError: | ||
1496 | 236 | entered_name = self.request.form_ng.getOne( | ||
1497 | 237 | "%s.person" % self.name) | ||
1498 | 238 | raise WidgetInputError( | ||
1499 | 239 | self.name, self.label, | ||
1500 | 240 | LaunchpadValidationError( | ||
1501 | 241 | "There is no person or team named '%s' registered in " | ||
1502 | 242 | "Launchpad" % entered_name)) | ||
1503 | 243 | else: | ||
1504 | 244 | raise UnexpectedFormData("No valid option was selected.") | ||
1505 | 245 | |||
1506 | 246 | def error(self): | ||
1507 | 247 | """See `zope.formlib.interfaces.IBrowserWidget`.""" | ||
1508 | 248 | try: | ||
1509 | 249 | if self.hasInput(): | ||
1510 | 250 | self.getInputValue() | ||
1511 | 251 | except InputErrors as error: | ||
1512 | 252 | self._error = error | ||
1513 | 253 | return super(GitGranteeWidget, self).error() | ||
1514 | 0 | 254 | ||
1515 | === added file 'lib/lp/code/browser/widgets/templates/gitgrantee.pt' | |||
1516 | --- lib/lp/code/browser/widgets/templates/gitgrantee.pt 1970-01-01 00:00:00 +0000 | |||
1517 | +++ lib/lp/code/browser/widgets/templates/gitgrantee.pt 2018-11-09 22:50:10 +0000 | |||
1518 | @@ -0,0 +1,27 @@ | |||
1519 | 1 | <table> | ||
1520 | 2 | <tr tal:condition="view/show_options/repository_owner"> | ||
1521 | 3 | <td colspan="2"> | ||
1522 | 4 | <label> | ||
1523 | 5 | <input | ||
1524 | 6 | type="radio" value="repository_owner" | ||
1525 | 7 | tal:condition="not: context/readonly" | ||
1526 | 8 | tal:replace="structure view/options/repository_owner" /> | ||
1527 | 9 | Repository owner | ||
1528 | 10 | </label> | ||
1529 | 11 | </td> | ||
1530 | 12 | </tr> | ||
1531 | 13 | |||
1532 | 14 | <tr tal:condition="view/show_options/person"> | ||
1533 | 15 | <td> | ||
1534 | 16 | <label> | ||
1535 | 17 | <input | ||
1536 | 18 | type="radio" value="person" | ||
1537 | 19 | tal:condition="not: context/readonly" | ||
1538 | 20 | tal:replace="structure view/options/person" /> | ||
1539 | 21 | </label> | ||
1540 | 22 | </td> | ||
1541 | 23 | <td> | ||
1542 | 24 | <tal:person replace="structure view/person_widget" /> | ||
1543 | 25 | </td> | ||
1544 | 26 | </tr> | ||
1545 | 27 | </table> | ||
1546 | 0 | 28 | ||
1547 | === added file 'lib/lp/code/browser/widgets/tests/test_gitgrantee.py' | |||
1548 | --- lib/lp/code/browser/widgets/tests/test_gitgrantee.py 1970-01-01 00:00:00 +0000 | |||
1549 | +++ lib/lp/code/browser/widgets/tests/test_gitgrantee.py 2018-11-09 22:50:10 +0000 | |||
1550 | @@ -0,0 +1,305 @@ | |||
1551 | 1 | # Copyright 2018 Canonical Ltd. This software is licensed under the | ||
1552 | 2 | # GNU Affero General Public License version 3 (see the file LICENSE). | ||
1553 | 3 | |||
1554 | 4 | from __future__ import absolute_import, print_function, unicode_literals | ||
1555 | 5 | |||
1556 | 6 | __metaclass__ = type | ||
1557 | 7 | |||
1558 | 8 | import re | ||
1559 | 9 | |||
1560 | 10 | from zope.formlib.interfaces import ( | ||
1561 | 11 | IBrowserWidget, | ||
1562 | 12 | IDisplayWidget, | ||
1563 | 13 | IInputWidget, | ||
1564 | 14 | WidgetInputError, | ||
1565 | 15 | ) | ||
1566 | 16 | |||
1567 | 17 | from lp.app.validators import LaunchpadValidationError | ||
1568 | 18 | from lp.code.browser.widgets.gitgrantee import ( | ||
1569 | 19 | GitGranteeDisplayWidget, | ||
1570 | 20 | GitGranteeField, | ||
1571 | 21 | GitGranteeWidget, | ||
1572 | 22 | ) | ||
1573 | 23 | from lp.code.enums import GitGranteeType | ||
1574 | 24 | from lp.registry.vocabularies import ValidPersonOrTeamVocabulary | ||
1575 | 25 | from lp.services.beautifulsoup import BeautifulSoup | ||
1576 | 26 | from lp.services.webapp.escaping import html_escape | ||
1577 | 27 | from lp.services.webapp.publisher import canonical_url | ||
1578 | 28 | from lp.services.webapp.servers import LaunchpadTestRequest | ||
1579 | 29 | from lp.testing import ( | ||
1580 | 30 | TestCaseWithFactory, | ||
1581 | 31 | verifyObject, | ||
1582 | 32 | ) | ||
1583 | 33 | from lp.testing.layers import DatabaseFunctionalLayer | ||
1584 | 34 | |||
1585 | 35 | |||
1586 | 36 | class TestGitGranteeWidgetBase: | ||
1587 | 37 | |||
1588 | 38 | layer = DatabaseFunctionalLayer | ||
1589 | 39 | |||
1590 | 40 | def setUp(self): | ||
1591 | 41 | super(TestGitGranteeWidgetBase, self).setUp() | ||
1592 | 42 | [self.ref] = self.factory.makeGitRefs() | ||
1593 | 43 | self.rule = self.factory.makeGitRule( | ||
1594 | 44 | repository=self.ref.repository, ref_pattern=self.ref.path) | ||
1595 | 45 | self.field = GitGranteeField(__name__="grantee", rule=self.rule) | ||
1596 | 46 | self.request = LaunchpadTestRequest() | ||
1597 | 47 | self.widget = self.widget_factory(self.field, self.request) | ||
1598 | 48 | |||
1599 | 49 | def test_implements(self): | ||
1600 | 50 | self.assertTrue(verifyObject(IBrowserWidget, self.widget)) | ||
1601 | 51 | self.assertTrue( | ||
1602 | 52 | verifyObject(self.expected_widget_interface, self.widget)) | ||
1603 | 53 | |||
1604 | 54 | def test_template(self): | ||
1605 | 55 | # The render template is setup. | ||
1606 | 56 | self.assertTrue( | ||
1607 | 57 | self.widget.template.filename.endswith("gitgrantee.pt"), | ||
1608 | 58 | "Template was not set up.") | ||
1609 | 59 | |||
1610 | 60 | def test_default_option(self): | ||
1611 | 61 | # The person field is the default option. | ||
1612 | 62 | self.assertEqual("person", self.widget.default_option) | ||
1613 | 63 | |||
1614 | 64 | def test_setUpSubWidgets_first_call(self): | ||
1615 | 65 | # The subwidget is set up and a flag is set. | ||
1616 | 66 | self.widget.setUpSubWidgets() | ||
1617 | 67 | self.assertTrue(self.widget._widgets_set_up) | ||
1618 | 68 | self.assertIsInstance( | ||
1619 | 69 | self.widget.person_widget.context.vocabulary, | ||
1620 | 70 | ValidPersonOrTeamVocabulary) | ||
1621 | 71 | |||
1622 | 72 | def test_setUpSubWidgets_second_call(self): | ||
1623 | 73 | # The setUpSubWidgets method exits early if a flag is set to | ||
1624 | 74 | # indicate that the subwidget was set up. | ||
1625 | 75 | self.widget._widgets_set_up = True | ||
1626 | 76 | self.widget.setUpSubWidgets() | ||
1627 | 77 | self.assertIsNone(getattr(self.widget, "person_widget", None)) | ||
1628 | 78 | |||
1629 | 79 | def test_setUpOptions_default_person_checked(self): | ||
1630 | 80 | # The radio button options are composed of the setup widgets with | ||
1631 | 81 | # the person widget set as the default. | ||
1632 | 82 | self.widget.setUpSubWidgets() | ||
1633 | 83 | self.widget.setUpOptions() | ||
1634 | 84 | self.assertEqual( | ||
1635 | 85 | '<input class="radioType" style="margin-left: 0;" ' + | ||
1636 | 86 | self.expected_disabled_attr + | ||
1637 | 87 | 'id="field.grantee.option.repository_owner" name="field.grantee" ' | ||
1638 | 88 | 'type="radio" value="repository_owner" />', | ||
1639 | 89 | self.widget.options["repository_owner"]) | ||
1640 | 90 | self.assertEqual( | ||
1641 | 91 | '<input class="radioType" style="margin-left: 0;" ' + | ||
1642 | 92 | 'checked="checked" ' + self.expected_disabled_attr + | ||
1643 | 93 | 'id="field.grantee.option.person" name="field.grantee" ' | ||
1644 | 94 | 'type="radio" value="person" />', | ||
1645 | 95 | self.widget.options["person"]) | ||
1646 | 96 | |||
1647 | 97 | def test_setUpOptions_repository_owner_checked(self): | ||
1648 | 98 | # The repository owner radio button is selected when the form is | ||
1649 | 99 | # submitted when the grantee field's value is 'repository_owner'. | ||
1650 | 100 | form = {"field.grantee": "repository_owner"} | ||
1651 | 101 | self.widget.request = LaunchpadTestRequest(form=form) | ||
1652 | 102 | self.widget.setUpSubWidgets() | ||
1653 | 103 | self.widget.setUpOptions() | ||
1654 | 104 | self.assertEqual( | ||
1655 | 105 | '<input class="radioType" style="margin-left: 0;" ' | ||
1656 | 106 | 'checked="checked" ' + self.expected_disabled_attr + | ||
1657 | 107 | 'id="field.grantee.option.repository_owner" name="field.grantee" ' | ||
1658 | 108 | 'type="radio" value="repository_owner" />', | ||
1659 | 109 | self.widget.options["repository_owner"]) | ||
1660 | 110 | self.assertEqual( | ||
1661 | 111 | '<input class="radioType" style="margin-left: 0;" ' + | ||
1662 | 112 | self.expected_disabled_attr + | ||
1663 | 113 | 'id="field.grantee.option.person" name="field.grantee" ' | ||
1664 | 114 | 'type="radio" value="person" />', | ||
1665 | 115 | self.widget.options["person"]) | ||
1666 | 116 | |||
1667 | 117 | def test_setUpOptions_person_checked(self): | ||
1668 | 118 | # The person radio button is selected when the form is submitted | ||
1669 | 119 | # when the grantee field's value is 'person'. | ||
1670 | 120 | form = {"field.grantee": "person"} | ||
1671 | 121 | self.widget.request = LaunchpadTestRequest(form=form) | ||
1672 | 122 | self.widget.setUpSubWidgets() | ||
1673 | 123 | self.widget.setUpOptions() | ||
1674 | 124 | self.assertEqual( | ||
1675 | 125 | '<input class="radioType" style="margin-left: 0;" ' + | ||
1676 | 126 | self.expected_disabled_attr + | ||
1677 | 127 | 'id="field.grantee.option.repository_owner" name="field.grantee" ' | ||
1678 | 128 | 'type="radio" value="repository_owner" />', | ||
1679 | 129 | self.widget.options["repository_owner"]) | ||
1680 | 130 | self.assertEqual( | ||
1681 | 131 | '<input class="radioType" style="margin-left: 0;" ' + | ||
1682 | 132 | 'checked="checked" ' + self.expected_disabled_attr + | ||
1683 | 133 | 'id="field.grantee.option.person" name="field.grantee" ' | ||
1684 | 134 | 'type="radio" value="person" />', | ||
1685 | 135 | self.widget.options["person"]) | ||
1686 | 136 | |||
1687 | 137 | def test_setRenderedValue_repository_owner(self): | ||
1688 | 138 | # Passing GitGranteeType.REPOSITORY_OWNER will set the widget's | ||
1689 | 139 | # render state to "repository_owner". | ||
1690 | 140 | self.widget.setUpSubWidgets() | ||
1691 | 141 | self.widget.setRenderedValue(GitGranteeType.REPOSITORY_OWNER) | ||
1692 | 142 | self.assertEqual("repository_owner", self.widget.default_option) | ||
1693 | 143 | |||
1694 | 144 | def test_setRenderedValue_person(self): | ||
1695 | 145 | # Passing a person will set the widget's render state to "person". | ||
1696 | 146 | self.widget.setUpSubWidgets() | ||
1697 | 147 | person = self.factory.makePerson() | ||
1698 | 148 | self.widget.setRenderedValue(person) | ||
1699 | 149 | self.assertEqual("person", self.widget.default_option) | ||
1700 | 150 | self.assertEqual(person, self.widget.person_widget._data) | ||
1701 | 151 | |||
1702 | 152 | def test_call(self): | ||
1703 | 153 | # The __call__ method sets up the widgets and the options. | ||
1704 | 154 | markup = self.widget() | ||
1705 | 155 | self.assertIsNotNone(self.widget.person_widget) | ||
1706 | 156 | self.assertIn("repository_owner", self.widget.options) | ||
1707 | 157 | self.assertIn("person", self.widget.options) | ||
1708 | 158 | soup = BeautifulSoup(markup) | ||
1709 | 159 | fields = soup.findAll(["input", "select"], {"id": re.compile(".*")}) | ||
1710 | 160 | ids = [field["id"] for field in fields] | ||
1711 | 161 | self.assertContentEqual(self.expected_ids, ids) | ||
1712 | 162 | |||
1713 | 163 | |||
1714 | 164 | class TestGitGranteeDisplayWidget( | ||
1715 | 165 | TestGitGranteeWidgetBase, TestCaseWithFactory): | ||
1716 | 166 | """Test the GitGranteeDisplayWidget class.""" | ||
1717 | 167 | |||
1718 | 168 | widget_factory = GitGranteeDisplayWidget | ||
1719 | 169 | expected_widget_interface = IDisplayWidget | ||
1720 | 170 | expected_disabled_attr = 'disabled="disabled" ' | ||
1721 | 171 | expected_ids = ["field.grantee.option.person"] | ||
1722 | 172 | |||
1723 | 173 | def test_setRenderedValue_person_display_widget(self): | ||
1724 | 174 | # If the widget's render state is "person", a customised display | ||
1725 | 175 | # widget is used. | ||
1726 | 176 | self.widget.setUpSubWidgets() | ||
1727 | 177 | person = self.factory.makePerson() | ||
1728 | 178 | self.widget.setRenderedValue(person) | ||
1729 | 179 | person_url = canonical_url(person) | ||
1730 | 180 | self.assertEqual( | ||
1731 | 181 | '<a href="%s">' | ||
1732 | 182 | '<img style="padding-bottom: 2px" alt="" src="/@@/person" /> ' | ||
1733 | 183 | '%s</a>' % (person_url, html_escape(person.display_name)), | ||
1734 | 184 | self.widget.person_widget()) | ||
1735 | 185 | |||
1736 | 186 | |||
1737 | 187 | class TestGitGranteeWidget(TestGitGranteeWidgetBase, TestCaseWithFactory): | ||
1738 | 188 | """Test the GitGranteeWidget class.""" | ||
1739 | 189 | |||
1740 | 190 | widget_factory = GitGranteeWidget | ||
1741 | 191 | expected_widget_interface = IInputWidget | ||
1742 | 192 | expected_disabled_attr = "" | ||
1743 | 193 | expected_ids = [ | ||
1744 | 194 | "field.grantee.option.repository_owner", | ||
1745 | 195 | "field.grantee.option.person", | ||
1746 | 196 | "field.grantee.person", | ||
1747 | 197 | ] | ||
1748 | 198 | |||
1749 | 199 | def setUp(self): | ||
1750 | 200 | super(TestGitGranteeWidget, self).setUp() | ||
1751 | 201 | self.person = self.factory.makePerson() | ||
1752 | 202 | |||
1753 | 203 | def test_show_options_repository_owner_grant_already_exists(self): | ||
1754 | 204 | # If the rule already has a repository owner grant, the input widget | ||
1755 | 205 | # doesn't offer that option. | ||
1756 | 206 | self.factory.makeGitRuleGrant( | ||
1757 | 207 | rule=self.rule, grantee=GitGranteeType.REPOSITORY_OWNER) | ||
1758 | 208 | self.assertEqual( | ||
1759 | 209 | {"repository_owner": False, "person": True}, | ||
1760 | 210 | self.widget.show_options) | ||
1761 | 211 | |||
1762 | 212 | def test_show_options_repository_owner_grant_does_not_exist(self): | ||
1763 | 213 | # If the rule doesn't have a repository owner grant, the input | ||
1764 | 214 | # widget offers that option. | ||
1765 | 215 | self.factory.makeGitRuleGrant(rule=self.rule) | ||
1766 | 216 | self.assertEqual( | ||
1767 | 217 | {"repository_owner": True, "person": True}, | ||
1768 | 218 | self.widget.show_options) | ||
1769 | 219 | |||
1770 | 220 | @property | ||
1771 | 221 | def form(self): | ||
1772 | 222 | return { | ||
1773 | 223 | "field.grantee": "person", | ||
1774 | 224 | "field.grantee.person": self.person.name, | ||
1775 | 225 | } | ||
1776 | 226 | |||
1777 | 227 | def test_hasInput_not_in_form(self): | ||
1778 | 228 | # hasInput is false when the widget's name is not in the form data. | ||
1779 | 229 | self.widget.request = LaunchpadTestRequest(form={}) | ||
1780 | 230 | self.assertEqual("field.grantee", self.widget.name) | ||
1781 | 231 | self.assertFalse(self.widget.hasInput()) | ||
1782 | 232 | |||
1783 | 233 | def test_hasInput_no_person(self): | ||
1784 | 234 | # hasInput is false when the person radio button is selected and the | ||
1785 | 235 | # person widget's name is not in the form data. | ||
1786 | 236 | self.widget.request = LaunchpadTestRequest( | ||
1787 | 237 | form={"field.grantee": "person"}) | ||
1788 | 238 | self.assertEqual("field.grantee", self.widget.name) | ||
1789 | 239 | self.assertFalse(self.widget.hasInput()) | ||
1790 | 240 | |||
1791 | 241 | def test_hasInput_repository_owner(self): | ||
1792 | 242 | # hasInput is true when the repository owner radio button is selected. | ||
1793 | 243 | self.widget.request = LaunchpadTestRequest( | ||
1794 | 244 | form={"field.grantee": "repository_owner"}) | ||
1795 | 245 | self.assertEqual("field.grantee", self.widget.name) | ||
1796 | 246 | self.assertTrue(self.widget.hasInput()) | ||
1797 | 247 | |||
1798 | 248 | def test_hasInput_person(self): | ||
1799 | 249 | # hasInput is true when the person radio button is selected and the | ||
1800 | 250 | # person widget's name is in the form data. | ||
1801 | 251 | self.widget.request = LaunchpadTestRequest(form=self.form) | ||
1802 | 252 | self.assertEqual("field.grantee", self.widget.name) | ||
1803 | 253 | self.assertTrue(self.widget.hasInput()) | ||
1804 | 254 | |||
1805 | 255 | def test_hasValidInput_true(self): | ||
1806 | 256 | # The field input is valid when all submitted parts are valid. | ||
1807 | 257 | self.widget.request = LaunchpadTestRequest(form=self.form) | ||
1808 | 258 | self.assertTrue(self.widget.hasValidInput()) | ||
1809 | 259 | |||
1810 | 260 | def test_hasValidInput_false(self): | ||
1811 | 261 | # The field input is invalid if any of the submitted parts are invalid. | ||
1812 | 262 | form = self.form | ||
1813 | 263 | form["field.grantee.person"] = "non-existent" | ||
1814 | 264 | self.widget.request = LaunchpadTestRequest(form=form) | ||
1815 | 265 | self.assertFalse(self.widget.hasValidInput()) | ||
1816 | 266 | |||
1817 | 267 | def test_getInputValue_repository_owner(self): | ||
1818 | 268 | # The field value is GitGranteeType.REPOSITORY_OWNER when the | ||
1819 | 269 | # repository owner radio button is selected. | ||
1820 | 270 | form = self.form | ||
1821 | 271 | form["field.grantee"] = "repository_owner" | ||
1822 | 272 | self.widget.request = LaunchpadTestRequest(form=form) | ||
1823 | 273 | self.assertEqual( | ||
1824 | 274 | GitGranteeType.REPOSITORY_OWNER, self.widget.getInputValue()) | ||
1825 | 275 | |||
1826 | 276 | def test_getInputValue_person(self): | ||
1827 | 277 | # The field value is the person when the person radio button is | ||
1828 | 278 | # selected and the person sub field is valid. | ||
1829 | 279 | form = self.form | ||
1830 | 280 | form["field.grantee"] = "person" | ||
1831 | 281 | self.widget.request = LaunchpadTestRequest(form=form) | ||
1832 | 282 | self.assertEqual(self.person, self.widget.getInputValue()) | ||
1833 | 283 | |||
1834 | 284 | def test_getInputValue_person_missing(self): | ||
1835 | 285 | # An error is raised when the person field is missing. | ||
1836 | 286 | form = self.form | ||
1837 | 287 | form["field.grantee"] = "person" | ||
1838 | 288 | del form["field.grantee.person"] | ||
1839 | 289 | self.widget.request = LaunchpadTestRequest(form=form) | ||
1840 | 290 | message = "Please enter a person or team name" | ||
1841 | 291 | e = self.assertRaises(WidgetInputError, self.widget.getInputValue) | ||
1842 | 292 | self.assertEqual(LaunchpadValidationError(message), e.errors) | ||
1843 | 293 | |||
1844 | 294 | def test_getInputValue_person_invalid(self): | ||
1845 | 295 | # An error is raised when the person is not valid. | ||
1846 | 296 | form = self.form | ||
1847 | 297 | form["field.grantee"] = "person" | ||
1848 | 298 | form["field.grantee.person"] = "non-existent" | ||
1849 | 299 | self.widget.request = LaunchpadTestRequest(form=form) | ||
1850 | 300 | message = ( | ||
1851 | 301 | "There is no person or team named 'non-existent' registered in " | ||
1852 | 302 | "Launchpad") | ||
1853 | 303 | e = self.assertRaises(WidgetInputError, self.widget.getInputValue) | ||
1854 | 304 | self.assertEqual(LaunchpadValidationError(message), e.errors) | ||
1855 | 305 | self.assertEqual(html_escape(message), self.widget.error()) | ||
1856 | 0 | 306 | ||
1857 | === modified file 'lib/lp/code/interfaces/gitrepository.py' | |||
1858 | --- lib/lp/code/interfaces/gitrepository.py 2018-11-09 22:06:43 +0000 | |||
1859 | +++ lib/lp/code/interfaces/gitrepository.py 2018-11-09 22:50:10 +0000 | |||
1860 | @@ -766,12 +766,17 @@ | |||
1861 | 766 | :param user: The `IPerson` who is moving the rule. | 766 | :param user: The `IPerson` who is moving the rule. |
1862 | 767 | """ | 767 | """ |
1863 | 768 | 768 | ||
1865 | 769 | def findRuleGrantsByGrantee(grantee): | 769 | def findRuleGrantsByGrantee(grantee, exact_grantee=False, |
1866 | 770 | ref_pattern=None): | ||
1867 | 770 | """Find the grants for a grantee applied to this repository. | 771 | """Find the grants for a grantee applied to this repository. |
1868 | 771 | 772 | ||
1869 | 772 | :param grantee: The `IPerson` to search for, or an item of | 773 | :param grantee: The `IPerson` to search for, or an item of |
1870 | 773 | `GitGranteeType` other than `GitGranteeType.PERSON` to search | 774 | `GitGranteeType` other than `GitGranteeType.PERSON` to search |
1871 | 774 | for some other kind of entity. | 775 | for some other kind of entity. |
1872 | 776 | :param exact_grantee: If True, match `grantee` exactly; if False | ||
1873 | 777 | (the default), also accept teams of which `grantee` is a member. | ||
1874 | 778 | :param ref_pattern: If not None, only return grants for rules with | ||
1875 | 779 | this ref_pattern. | ||
1876 | 775 | """ | 780 | """ |
1877 | 776 | 781 | ||
1878 | 777 | @export_read_operation() | 782 | @export_read_operation() |
1879 | 778 | 783 | ||
1880 | === modified file 'lib/lp/code/interfaces/gitrule.py' | |||
1881 | --- lib/lp/code/interfaces/gitrule.py 2018-10-23 16:17:39 +0000 | |||
1882 | +++ lib/lp/code/interfaces/gitrule.py 2018-11-09 22:50:10 +0000 | |||
1883 | @@ -158,6 +158,10 @@ | |||
1884 | 158 | vocabulary="ValidPersonOrTeam", | 158 | vocabulary="ValidPersonOrTeam", |
1885 | 159 | description=_("The person being granted access.")) | 159 | description=_("The person being granted access.")) |
1886 | 160 | 160 | ||
1887 | 161 | combined_grantee = Attribute( | ||
1888 | 162 | "The overall grantee of this grant: either a `GitGranteeType` (other " | ||
1889 | 163 | "than `PERSON`) or an `IPerson`.") | ||
1890 | 164 | |||
1891 | 161 | date_created = Datetime( | 165 | date_created = Datetime( |
1892 | 162 | title=_("Date created"), required=True, readonly=True, | 166 | title=_("Date created"), required=True, readonly=True, |
1893 | 163 | description=_("The time when this grant was created.")) | 167 | description=_("The time when this grant was created.")) |
1894 | 164 | 168 | ||
1895 | === modified file 'lib/lp/code/model/gitrepository.py' | |||
1896 | --- lib/lp/code/model/gitrepository.py 2018-11-09 22:06:43 +0000 | |||
1897 | +++ lib/lp/code/model/gitrepository.py 2018-11-09 22:50:10 +0000 | |||
1898 | @@ -1216,7 +1216,8 @@ | |||
1899 | 1216 | return Store.of(self).find( | 1216 | return Store.of(self).find( |
1900 | 1217 | GitRuleGrant, GitRuleGrant.repository_id == self.id) | 1217 | GitRuleGrant, GitRuleGrant.repository_id == self.id) |
1901 | 1218 | 1218 | ||
1903 | 1219 | def findRuleGrantsByGrantee(self, grantee): | 1219 | def findRuleGrantsByGrantee(self, grantee, exact_grantee=False, |
1904 | 1220 | ref_pattern=None): | ||
1905 | 1220 | """See `IGitRepository`.""" | 1221 | """See `IGitRepository`.""" |
1906 | 1221 | if isinstance(grantee, DBItem) and grantee.enum == GitGranteeType: | 1222 | if isinstance(grantee, DBItem) and grantee.enum == GitGranteeType: |
1907 | 1222 | if grantee == GitGranteeType.PERSON: | 1223 | if grantee == GitGranteeType.PERSON: |
1908 | @@ -1224,12 +1225,22 @@ | |||
1909 | 1224 | "grantee may not be GitGranteeType.PERSON; pass a person " | 1225 | "grantee may not be GitGranteeType.PERSON; pass a person " |
1910 | 1225 | "object instead") | 1226 | "object instead") |
1911 | 1226 | clauses = [GitRuleGrant.grantee_type == grantee] | 1227 | clauses = [GitRuleGrant.grantee_type == grantee] |
1912 | 1228 | elif exact_grantee: | ||
1913 | 1229 | clauses = [ | ||
1914 | 1230 | GitRuleGrant.grantee_type == GitGranteeType.PERSON, | ||
1915 | 1231 | GitRuleGrant.grantee == grantee, | ||
1916 | 1232 | ] | ||
1917 | 1227 | else: | 1233 | else: |
1918 | 1228 | clauses = [ | 1234 | clauses = [ |
1919 | 1229 | GitRuleGrant.grantee_type == GitGranteeType.PERSON, | 1235 | GitRuleGrant.grantee_type == GitGranteeType.PERSON, |
1920 | 1230 | TeamParticipation.person == grantee, | 1236 | TeamParticipation.person == grantee, |
1921 | 1231 | GitRuleGrant.grantee == TeamParticipation.teamID | 1237 | GitRuleGrant.grantee == TeamParticipation.teamID |
1922 | 1232 | ] | 1238 | ] |
1923 | 1239 | if ref_pattern is not None: | ||
1924 | 1240 | clauses.extend([ | ||
1925 | 1241 | GitRuleGrant.rule_id == GitRule.id, | ||
1926 | 1242 | GitRule.ref_pattern == ref_pattern, | ||
1927 | 1243 | ]) | ||
1928 | 1233 | return self.grants.find(*clauses).config(distinct=True) | 1244 | return self.grants.find(*clauses).config(distinct=True) |
1929 | 1234 | 1245 | ||
1930 | 1235 | def getRules(self): | 1246 | def getRules(self): |
1931 | 1236 | 1247 | ||
1932 | === modified file 'lib/lp/code/model/gitrule.py' | |||
1933 | --- lib/lp/code/model/gitrule.py 2018-10-29 14:27:36 +0000 | |||
1934 | +++ lib/lp/code/model/gitrule.py 2018-11-09 22:50:10 +0000 | |||
1935 | @@ -310,6 +310,13 @@ | |||
1936 | 310 | self.date_created = date_created | 310 | self.date_created = date_created |
1937 | 311 | self.date_last_modified = date_created | 311 | self.date_last_modified = date_created |
1938 | 312 | 312 | ||
1939 | 313 | @property | ||
1940 | 314 | def combined_grantee(self): | ||
1941 | 315 | if self.grantee_type == GitGranteeType.PERSON: | ||
1942 | 316 | return self.grantee | ||
1943 | 317 | else: | ||
1944 | 318 | return self.grantee_type | ||
1945 | 319 | |||
1946 | 313 | def __repr__(self): | 320 | def __repr__(self): |
1947 | 314 | if self.grantee_type == GitGranteeType.PERSON: | 321 | if self.grantee_type == GitGranteeType.PERSON: |
1948 | 315 | grantee_name = "~%s" % self.grantee.name | 322 | grantee_name = "~%s" % self.grantee.name |
1949 | 316 | 323 | ||
1950 | === modified file 'lib/lp/code/model/tests/test_gitrepository.py' | |||
1951 | --- lib/lp/code/model/tests/test_gitrepository.py 2018-11-09 22:06:43 +0000 | |||
1952 | +++ lib/lp/code/model/tests/test_gitrepository.py 2018-11-09 22:50:10 +0000 | |||
1953 | @@ -265,7 +265,7 @@ | |||
1954 | 265 | grant = self.factory.makeGitRuleGrant( | 265 | grant = self.factory.makeGitRuleGrant( |
1955 | 266 | rule=rule, grantee=requester, can_push=True, can_create=True) | 266 | rule=rule, grantee=requester, can_push=True, can_create=True) |
1956 | 267 | 267 | ||
1958 | 268 | results = repository.findRuleGrantsByGrantee(requester) | 268 | results = repository.findRuleGrantsByGrantee(member) |
1959 | 269 | self.assertEqual([grant], list(results)) | 269 | self.assertEqual([grant], list(results)) |
1960 | 270 | 270 | ||
1961 | 271 | def test_findRuleGrantsByGrantee_team_in_team(self): | 271 | def test_findRuleGrantsByGrantee_team_in_team(self): |
1962 | @@ -357,6 +357,116 @@ | |||
1963 | 357 | results = repository.findRuleGrantsByGrantee(requester) | 357 | results = repository.findRuleGrantsByGrantee(requester) |
1964 | 358 | self.assertEqual([owner_grant], list(results)) | 358 | self.assertEqual([owner_grant], list(results)) |
1965 | 359 | 359 | ||
1966 | 360 | def test_findRuleGrantsByGrantee_ref_pattern(self): | ||
1967 | 361 | requester = self.factory.makePerson() | ||
1968 | 362 | repository = removeSecurityProxy( | ||
1969 | 363 | self.factory.makeGitRepository(owner=requester)) | ||
1970 | 364 | [ref] = self.factory.makeGitRefs(repository=repository) | ||
1971 | 365 | |||
1972 | 366 | exact_grant = self.factory.makeGitRuleGrant( | ||
1973 | 367 | repository=repository, ref_pattern=ref.path, grantee=requester) | ||
1974 | 368 | self.factory.makeGitRuleGrant( | ||
1975 | 369 | repository=repository, ref_pattern="refs/heads/*", | ||
1976 | 370 | grantee=requester) | ||
1977 | 371 | |||
1978 | 372 | results = repository.findRuleGrantsByGrantee( | ||
1979 | 373 | requester, ref_pattern=ref.path) | ||
1980 | 374 | self.assertEqual([exact_grant], list(results)) | ||
1981 | 375 | |||
1982 | 376 | def test_findRuleGrantsByGrantee_exact_grantee_person(self): | ||
1983 | 377 | requester = self.factory.makePerson() | ||
1984 | 378 | repository = removeSecurityProxy( | ||
1985 | 379 | self.factory.makeGitRepository(owner=requester)) | ||
1986 | 380 | |||
1987 | 381 | rule = self.factory.makeGitRule(repository) | ||
1988 | 382 | grant = self.factory.makeGitRuleGrant(rule=rule, grantee=requester) | ||
1989 | 383 | |||
1990 | 384 | results = repository.findRuleGrantsByGrantee( | ||
1991 | 385 | requester, exact_grantee=True) | ||
1992 | 386 | self.assertEqual([grant], list(results)) | ||
1993 | 387 | |||
1994 | 388 | def test_findRuleGrantsByGrantee_exact_grantee_team(self): | ||
1995 | 389 | team = self.factory.makeTeam() | ||
1996 | 390 | repository = removeSecurityProxy( | ||
1997 | 391 | self.factory.makeGitRepository(owner=team)) | ||
1998 | 392 | |||
1999 | 393 | rule = self.factory.makeGitRule(repository) | ||
2000 | 394 | grant = self.factory.makeGitRuleGrant(rule=rule, grantee=team) | ||
2001 | 395 | |||
2002 | 396 | results = repository.findRuleGrantsByGrantee(team, exact_grantee=True) | ||
2003 | 397 | self.assertEqual([grant], list(results)) | ||
2004 | 398 | |||
2005 | 399 | def test_findRuleGrantsByGrantee_exact_grantee_member_of_team(self): | ||
2006 | 400 | member = self.factory.makePerson() | ||
2007 | 401 | team = self.factory.makeTeam(members=[member]) | ||
2008 | 402 | repository = removeSecurityProxy( | ||
2009 | 403 | self.factory.makeGitRepository(owner=team)) | ||
2010 | 404 | |||
2011 | 405 | rule = self.factory.makeGitRule(repository) | ||
2012 | 406 | self.factory.makeGitRuleGrant(rule=rule, grantee=team) | ||
2013 | 407 | |||
2014 | 408 | results = repository.findRuleGrantsByGrantee( | ||
2015 | 409 | member, exact_grantee=True) | ||
2016 | 410 | self.assertEqual([], list(results)) | ||
2017 | 411 | |||
2018 | 412 | def test_findRuleGrantsByGrantee_no_owner_grant(self): | ||
2019 | 413 | repository = removeSecurityProxy(self.factory.makeGitRepository()) | ||
2020 | 414 | |||
2021 | 415 | rule = self.factory.makeGitRule(repository=repository) | ||
2022 | 416 | self.factory.makeGitRuleGrant(rule=rule) | ||
2023 | 417 | |||
2024 | 418 | results = repository.findRuleGrantsByGrantee( | ||
2025 | 419 | GitGranteeType.REPOSITORY_OWNER) | ||
2026 | 420 | self.assertEqual([], list(results)) | ||
2027 | 421 | |||
2028 | 422 | def test_findRuleGrantsByGrantee_owner_grant(self): | ||
2029 | 423 | repository = removeSecurityProxy(self.factory.makeGitRepository()) | ||
2030 | 424 | |||
2031 | 425 | rule = self.factory.makeGitRule(repository=repository) | ||
2032 | 426 | grant = self.factory.makeGitRuleGrant( | ||
2033 | 427 | rule=rule, grantee=GitGranteeType.REPOSITORY_OWNER) | ||
2034 | 428 | self.factory.makeGitRuleGrant(rule=rule) | ||
2035 | 429 | |||
2036 | 430 | results = repository.findRuleGrantsByGrantee( | ||
2037 | 431 | GitGranteeType.REPOSITORY_OWNER) | ||
2038 | 432 | self.assertEqual([grant], list(results)) | ||
2039 | 433 | |||
2040 | 434 | def test_findRuleGrantsByGrantee_owner_ref_pattern(self): | ||
2041 | 435 | repository = removeSecurityProxy(self.factory.makeGitRepository()) | ||
2042 | 436 | [ref] = self.factory.makeGitRefs(repository=repository) | ||
2043 | 437 | |||
2044 | 438 | exact_grant = self.factory.makeGitRuleGrant( | ||
2045 | 439 | repository=repository, ref_pattern=ref.path, | ||
2046 | 440 | grantee=GitGranteeType.REPOSITORY_OWNER) | ||
2047 | 441 | self.factory.makeGitRuleGrant( | ||
2048 | 442 | repository=repository, ref_pattern="refs/heads/*", | ||
2049 | 443 | grantee=GitGranteeType.REPOSITORY_OWNER) | ||
2050 | 444 | |||
2051 | 445 | results = ref.repository.findRuleGrantsByGrantee( | ||
2052 | 446 | GitGranteeType.REPOSITORY_OWNER, ref_pattern=ref.path) | ||
2053 | 447 | self.assertEqual([exact_grant], list(results)) | ||
2054 | 448 | |||
2055 | 449 | def test_findRuleGrantsByGrantee_owner_exact_grantee(self): | ||
2056 | 450 | repository = removeSecurityProxy(self.factory.makeGitRepository()) | ||
2057 | 451 | [ref] = self.factory.makeGitRefs(repository=repository) | ||
2058 | 452 | |||
2059 | 453 | exact_grant = self.factory.makeGitRuleGrant( | ||
2060 | 454 | repository=repository, ref_pattern=ref.path, | ||
2061 | 455 | grantee=GitGranteeType.REPOSITORY_OWNER) | ||
2062 | 456 | self.factory.makeGitRuleGrant( | ||
2063 | 457 | rule=exact_grant.rule, grantee=repository.owner) | ||
2064 | 458 | wildcard_grant = self.factory.makeGitRuleGrant( | ||
2065 | 459 | repository=repository, ref_pattern="refs/heads/*", | ||
2066 | 460 | grantee=GitGranteeType.REPOSITORY_OWNER) | ||
2067 | 461 | |||
2068 | 462 | results = ref.repository.findRuleGrantsByGrantee( | ||
2069 | 463 | GitGranteeType.REPOSITORY_OWNER, exact_grantee=True) | ||
2070 | 464 | self.assertItemsEqual([exact_grant, wildcard_grant], list(results)) | ||
2071 | 465 | results = ref.repository.findRuleGrantsByGrantee( | ||
2072 | 466 | GitGranteeType.REPOSITORY_OWNER, ref_pattern=ref.path, | ||
2073 | 467 | exact_grantee=True) | ||
2074 | 468 | self.assertEqual([exact_grant], list(results)) | ||
2075 | 469 | |||
2076 | 360 | 470 | ||
2077 | 361 | class TestGitIdentityMixin(TestCaseWithFactory): | 471 | class TestGitIdentityMixin(TestCaseWithFactory): |
2078 | 362 | """Test the defaults and identities provided by GitIdentityMixin.""" | 472 | """Test the defaults and identities provided by GitIdentityMixin.""" |
2079 | 363 | 473 | ||
2080 | === modified file 'lib/lp/code/model/tests/test_gitrule.py' | |||
2081 | --- lib/lp/code/model/tests/test_gitrule.py 2018-10-21 17:38:05 +0000 | |||
2082 | +++ lib/lp/code/model/tests/test_gitrule.py 2018-11-09 22:50:10 +0000 | |||
2083 | @@ -594,6 +594,7 @@ | |||
2084 | 594 | rule=Equals(rule), | 594 | rule=Equals(rule), |
2085 | 595 | grantee_type=Equals(GitGranteeType.REPOSITORY_OWNER), | 595 | grantee_type=Equals(GitGranteeType.REPOSITORY_OWNER), |
2086 | 596 | grantee=Is(None), | 596 | grantee=Is(None), |
2087 | 597 | combined_grantee=Equals(GitGranteeType.REPOSITORY_OWNER), | ||
2088 | 597 | can_create=Is(True), | 598 | can_create=Is(True), |
2089 | 598 | can_push=Is(False), | 599 | can_push=Is(False), |
2090 | 599 | can_force_push=Is(True), | 600 | can_force_push=Is(True), |
2091 | @@ -614,6 +615,7 @@ | |||
2092 | 614 | rule=Equals(rule), | 615 | rule=Equals(rule), |
2093 | 615 | grantee_type=Equals(GitGranteeType.PERSON), | 616 | grantee_type=Equals(GitGranteeType.PERSON), |
2094 | 616 | grantee=Equals(grantee), | 617 | grantee=Equals(grantee), |
2095 | 618 | combined_grantee=Equals(grantee), | ||
2096 | 617 | can_create=Is(False), | 619 | can_create=Is(False), |
2097 | 618 | can_push=Is(True), | 620 | can_push=Is(True), |
2098 | 619 | can_force_push=Is(False), | 621 | can_force_push=Is(False), |
2099 | 620 | 622 | ||
2100 | === added file 'lib/lp/code/templates/gitrepository-permissions.pt' | |||
2101 | --- lib/lp/code/templates/gitrepository-permissions.pt 1970-01-01 00:00:00 +0000 | |||
2102 | +++ lib/lp/code/templates/gitrepository-permissions.pt 2018-11-09 22:50:10 +0000 | |||
2103 | @@ -0,0 +1,192 @@ | |||
2104 | 1 | <html | ||
2105 | 2 | xmlns="http://www.w3.org/1999/xhtml" | ||
2106 | 3 | xmlns:tal="http://xml.zope.org/namespaces/tal" | ||
2107 | 4 | xmlns:metal="http://xml.zope.org/namespaces/metal" | ||
2108 | 5 | xmlns:i18n="http://xml.zope.org/namespaces/i18n" | ||
2109 | 6 | metal:use-macro="view/macro:page/main_only" | ||
2110 | 7 | i18n:domain="launchpad"> | ||
2111 | 8 | <body> | ||
2112 | 9 | |||
2113 | 10 | <metal:macros fill-slot="bogus"> | ||
2114 | 11 | <metal:macro define-macro="rule-rows"> | ||
2115 | 12 | <tal:rule repeat="rule rules"> | ||
2116 | 13 | <tal:rule_widgets | ||
2117 | 14 | define="rule_widgets python:view.getRuleWidgets(rule)"> | ||
2118 | 15 | <tr class="git-rule"> | ||
2119 | 16 | <td tal:define="widget nocall:rule_widgets/position"> | ||
2120 | 17 | <metal:block use-macro="context/@@launchpad_form/widget_div" /> | ||
2121 | 18 | </td> | ||
2122 | 19 | <td tal:define="widget nocall:rule_widgets/pattern" colspan="2"> | ||
2123 | 20 | <metal:block use-macro="context/@@launchpad_form/widget_div" /> | ||
2124 | 21 | </td> | ||
2125 | 22 | <td tal:define="widget nocall:rule_widgets/delete"> | ||
2126 | 23 | <metal:block use-macro="context/@@launchpad_form/widget_div" /> | ||
2127 | 24 | </td> | ||
2128 | 25 | </tr> | ||
2129 | 26 | <tr class="git-rule-grant" | ||
2130 | 27 | tal:repeat="grant_widgets rule_widgets/grants"> | ||
2131 | 28 | <td></td> | ||
2132 | 29 | <td tal:define="widget nocall:grant_widgets/grantee"> | ||
2133 | 30 | <metal:block use-macro="context/@@launchpad_form/widget_div" /> | ||
2134 | 31 | </td> | ||
2135 | 32 | <td tal:define="widget nocall:grant_widgets/permissions"> | ||
2136 | 33 | <metal:block use-macro="context/@@launchpad_form/widget_div" /> | ||
2137 | 34 | </td> | ||
2138 | 35 | <td tal:define="widget nocall:grant_widgets/delete"> | ||
2139 | 36 | <metal:block use-macro="context/@@launchpad_form/widget_div" /> | ||
2140 | 37 | </td> | ||
2141 | 38 | </tr> | ||
2142 | 39 | <tr class="git-new-rule-grant" | ||
2143 | 40 | tal:define="new_grant_widgets rule_widgets/new_grant"> | ||
2144 | 41 | <td></td> | ||
2145 | 42 | <td tal:define="widget nocall:new_grant_widgets/grantee"> | ||
2146 | 43 | <metal:block use-macro="context/@@launchpad_form/widget_div" /> | ||
2147 | 44 | </td> | ||
2148 | 45 | <td tal:define="widget nocall:new_grant_widgets/permissions"> | ||
2149 | 46 | <metal:block use-macro="context/@@launchpad_form/widget_div" /> | ||
2150 | 47 | </td> | ||
2151 | 48 | <td></td> | ||
2152 | 49 | </tr> | ||
2153 | 50 | </tal:rule_widgets> | ||
2154 | 51 | </tal:rule> | ||
2155 | 52 | <tal:allows-new-rule condition="ref_prefix"> | ||
2156 | 53 | <tr class="git-new-rule" | ||
2157 | 54 | tal:define="new_rule_widgets python:view.getNewRuleWidgets(ref_prefix)"> | ||
2158 | 55 | <td tal:define="widget nocall:new_rule_widgets/position"> | ||
2159 | 56 | <metal:block use-macro="context/@@launchpad_form/widget_div" /> | ||
2160 | 57 | </td> | ||
2161 | 58 | <td tal:define="widget nocall:new_rule_widgets/pattern" colspan="2"> | ||
2162 | 59 | <metal:block use-macro="context/@@launchpad_form/widget_div" /> | ||
2163 | 60 | </td> | ||
2164 | 61 | <td></td> | ||
2165 | 62 | </tr> | ||
2166 | 63 | </tal:allows-new-rule> | ||
2167 | 64 | </metal:macro> | ||
2168 | 65 | </metal:macros> | ||
2169 | 66 | |||
2170 | 67 | <div metal:fill-slot="main"> | ||
2171 | 68 | <p> | ||
2172 | 69 | By default, repository owners may create, push, force-push, or delete | ||
2173 | 70 | any branch or tag in their repositories, and nobody else may modify | ||
2174 | 71 | them in any way. | ||
2175 | 72 | </p> | ||
2176 | 73 | <p> | ||
2177 | 74 | If any of the rules below matches a branch or tag, then it is | ||
2178 | 75 | <em>protected</em>. By default, protecting a branch implicitly | ||
2179 | 76 | prevents repository owners from force-pushing to it or deleting it, | ||
2180 | 77 | while protecting a tag prevents repository owners from moving it. | ||
2181 | 78 | Protecting a branch or tag also allows you to grant other permissions. | ||
2182 | 79 | </p> | ||
2183 | 80 | <p> | ||
2184 | 81 | You may create rules that match a single branch or tag, or wildcard | ||
2185 | 82 | rules that match a pattern: for example, <code>*</code> matches | ||
2186 | 83 | everything, while <code>stable/*</code> matches | ||
2187 | 84 | <code>stable/1.0</code> but not <code>master</code>. | ||
2188 | 85 | </p> | ||
2189 | 86 | |||
2190 | 87 | <metal:grants-form use-macro="context/@@launchpad_form/form"> | ||
2191 | 88 | <div class="form" metal:fill-slot="widgets"> | ||
2192 | 89 | <table id="rules-table" class="listing" | ||
2193 | 90 | style="max-width: 60em; margin-bottom: 1em;"> | ||
2194 | 91 | <thead> | ||
2195 | 92 | <tr> | ||
2196 | 93 | <th>Position</th> | ||
2197 | 94 | <th colspan="2">Rule</th> | ||
2198 | 95 | <th>Delete?</th> | ||
2199 | 96 | </tr> | ||
2200 | 97 | </thead> | ||
2201 | 98 | <tbody> | ||
2202 | 99 | <tr> | ||
2203 | 100 | <td colspan="4"> | ||
2204 | 101 | <h3>Protected branches (under <code>refs/heads/</code>)</h3> | ||
2205 | 102 | </td> | ||
2206 | 103 | </tr> | ||
2207 | 104 | <tal:branches define="rules view/branch_rules; | ||
2208 | 105 | ref_prefix string:refs/heads/"> | ||
2209 | 106 | <metal:grants use-macro="template/macros/rule-rows" /> | ||
2210 | 107 | </tal:branches> | ||
2211 | 108 | |||
2212 | 109 | <tr> | ||
2213 | 110 | <td colspan="4"> | ||
2214 | 111 | <h3>Protected tags (under <code>refs/tags/</code>)</h3> | ||
2215 | 112 | </td> | ||
2216 | 113 | </tr> | ||
2217 | 114 | <tal:tags define="rules view/tag_rules; | ||
2218 | 115 | ref_prefix string:refs/tags/"> | ||
2219 | 116 | <metal:grants use-macro="template/macros/rule-rows" /> | ||
2220 | 117 | </tal:tags> | ||
2221 | 118 | |||
2222 | 119 | <tal:has-other condition="view/other_rules"> | ||
2223 | 120 | <tr><td colspan="4"><h3>Other protected references</h3></td></tr> | ||
2224 | 121 | <tal:other define="rules view/other_rules; ref_prefix nothing"> | ||
2225 | 122 | <metal:grants use-macro="template/macros/rule-rows" /> | ||
2226 | 123 | </tal:other> | ||
2227 | 124 | </tal:has-other> | ||
2228 | 125 | </tbody> | ||
2229 | 126 | </table> | ||
2230 | 127 | |||
2231 | 128 | <p class="actions"> | ||
2232 | 129 | <input tal:replace="structure view/save_action/render" /> | ||
2233 | 130 | or <a tal:attributes="href view/cancel_url">Cancel</a> | ||
2234 | 131 | </p> | ||
2235 | 132 | </div> | ||
2236 | 133 | |||
2237 | 134 | <metal:buttons fill-slot="buttons" /> | ||
2238 | 135 | </metal:grants-form> | ||
2239 | 136 | |||
2240 | 137 | <h2>Wildcards</h2> | ||
2241 | 138 | <p>The special characters used in wildcard rules are:</p> | ||
2242 | 139 | <table class="listing narrow-listing"> | ||
2243 | 140 | <thead> | ||
2244 | 141 | <tr> | ||
2245 | 142 | <th>Pattern</th> | ||
2246 | 143 | <th>Meaning</th> | ||
2247 | 144 | </tr> | ||
2248 | 145 | </thead> | ||
2249 | 146 | <tbody> | ||
2250 | 147 | <tr> | ||
2251 | 148 | <td><code>*</code></td> | ||
2252 | 149 | <td>matches zero or more characters</td> | ||
2253 | 150 | </tr> | ||
2254 | 151 | <tr> | ||
2255 | 152 | <td><code>?</code></td> | ||
2256 | 153 | <td>matches any single character</td> | ||
2257 | 154 | </tr> | ||
2258 | 155 | <tr> | ||
2259 | 156 | <td><code>[chars]</code></td> | ||
2260 | 157 | <td>matches any character in <em>chars</em></td> | ||
2261 | 158 | </tr> | ||
2262 | 159 | <tr> | ||
2263 | 160 | <td><code>[!chars]</code></td> | ||
2264 | 161 | <td>matches any character not in <em>chars</em></td> | ||
2265 | 162 | </tr> | ||
2266 | 163 | </tbody> | ||
2267 | 164 | </table> | ||
2268 | 165 | |||
2269 | 166 | <h2>Effective permissions</h2> | ||
2270 | 167 | <p> | ||
2271 | 168 | Launchpad works out the effective permissions that a user has on a | ||
2272 | 169 | protected branch as follows: | ||
2273 | 170 | </p> | ||
2274 | 171 | <ol> | ||
2275 | 172 | <li>Take all the rules that match the branch.</li> | ||
2276 | 173 | <li> | ||
2277 | 174 | For each matching rule, select any grants whose grantee matches the | ||
2278 | 175 | user, as long as the same grantee has not already been seen in an | ||
2279 | 176 | earlier matching rule. (A user can be matched by more than one | ||
2280 | 177 | grantee: for example, they might be in multiple teams.) | ||
2281 | 178 | </li> | ||
2282 | 179 | <li> | ||
2283 | 180 | If the user is an owner of the repository and there was no previous | ||
2284 | 181 | “Repository owner” grant, then add an implicit grant allowing them | ||
2285 | 182 | to create or push. | ||
2286 | 183 | </li> | ||
2287 | 184 | <li> | ||
2288 | 185 | The effective permission set is the union of the permissions granted | ||
2289 | 186 | by all the selected grants. | ||
2290 | 187 | </li> | ||
2291 | 188 | </ol> | ||
2292 | 189 | </div> | ||
2293 | 190 | |||
2294 | 191 | </body> | ||
2295 | 192 | </html> |