Merge lp:~cjwatson/launchpad/git-permissions-webservice-ref into lp:launchpad
- git-permissions-webservice-ref
- Merge into devel
Proposed by
Colin Watson
Status: | Merged | ||||
---|---|---|---|---|---|
Merged at revision: | 18798 | ||||
Proposed branch: | lp:~cjwatson/launchpad/git-permissions-webservice-ref | ||||
Merge into: | lp:launchpad | ||||
Prerequisite: | lp:~cjwatson/launchpad/git-grant-limitedview | ||||
Diff against target: |
1291 lines (+875/-24) 12 files modified
lib/lp/_schema_circular_imports.py (+4/-0) lib/lp/app/webservice/marshallers.py (+62/-2) lib/lp/app/webservice/tests/test_marshallers.py (+77/-3) lib/lp/code/configure.zcml (+21/-4) lib/lp/code/interfaces/gitref.py (+41/-8) lib/lp/code/interfaces/gitrule.py (+26/-0) lib/lp/code/model/gitref.py (+32/-1) lib/lp/code/model/gitrule.py (+101/-3) lib/lp/code/model/tests/test_gitref.py (+189/-0) lib/lp/code/model/tests/test_gitrule.py (+301/-0) lib/lp/services/fields/__init__.py (+14/-2) lib/lp/services/webservice/configure.zcml (+7/-1) |
||||
To merge this branch: | bzr merge lp:~cjwatson/launchpad/git-permissions-webservice-ref | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
William Grant | code | Approve | |
Review via email: mp+355608@code.launchpad.net |
Commit message
Allow getting and setting grants for a single Git ref over the webservice.
Description of the change
Getting permissions is limited to people who can edit the repository; this is perhaps not a strictly necessary restriction, but it avoids needing to grant excessive LimitedView if somebody grants a private team access to a public repository.
To post a comment you must log in.
Revision history for this message
William Grant (wgrant) : | # |
review:
Approve
(code)
Revision history for this message
Colin Watson (cjwatson) wrote : | # |
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'lib/lp/_schema_circular_imports.py' | |||
2 | --- lib/lp/_schema_circular_imports.py 2018-08-23 17:03:05 +0000 | |||
3 | +++ lib/lp/_schema_circular_imports.py 2018-10-16 15:29:23 +0000 | |||
4 | @@ -68,6 +68,7 @@ | |||
5 | 68 | from lp.code.interfaces.diff import IPreviewDiff | 68 | from lp.code.interfaces.diff import IPreviewDiff |
6 | 69 | from lp.code.interfaces.gitref import IGitRef | 69 | from lp.code.interfaces.gitref import IGitRef |
7 | 70 | from lp.code.interfaces.gitrepository import IGitRepository | 70 | from lp.code.interfaces.gitrepository import IGitRepository |
8 | 71 | from lp.code.interfaces.gitrule import IGitNascentRuleGrant | ||
9 | 71 | from lp.code.interfaces.gitsubscription import IGitSubscription | 72 | from lp.code.interfaces.gitsubscription import IGitSubscription |
10 | 72 | from lp.code.interfaces.hasbranches import ( | 73 | from lp.code.interfaces.hasbranches import ( |
11 | 73 | IHasBranches, | 74 | IHasBranches, |
12 | @@ -150,6 +151,7 @@ | |||
13 | 150 | from lp.registry.interfaces.teammembership import ITeamMembership | 151 | from lp.registry.interfaces.teammembership import ITeamMembership |
14 | 151 | from lp.registry.interfaces.wikiname import IWikiName | 152 | from lp.registry.interfaces.wikiname import IWikiName |
15 | 152 | from lp.services.comments.interfaces.conversation import IComment | 153 | from lp.services.comments.interfaces.conversation import IComment |
16 | 154 | from lp.services.fields import InlineObject | ||
17 | 153 | from lp.services.messages.interfaces.message import ( | 155 | from lp.services.messages.interfaces.message import ( |
18 | 154 | IIndexedMessage, | 156 | IIndexedMessage, |
19 | 155 | IMessage, | 157 | IMessage, |
20 | @@ -506,6 +508,8 @@ | |||
21 | 506 | patch_entry_return_type(IGitRef, 'createMergeProposal', IBranchMergeProposal) | 508 | patch_entry_return_type(IGitRef, 'createMergeProposal', IBranchMergeProposal) |
22 | 507 | patch_collection_return_type( | 509 | patch_collection_return_type( |
23 | 508 | IGitRef, 'getMergeProposals', IBranchMergeProposal) | 510 | IGitRef, 'getMergeProposals', IBranchMergeProposal) |
24 | 511 | patch_list_parameter_type( | ||
25 | 512 | IGitRef, 'setGrants', 'grants', InlineObject(schema=IGitNascentRuleGrant)) | ||
26 | 509 | 513 | ||
27 | 510 | # IGitRepository | 514 | # IGitRepository |
28 | 511 | patch_collection_property(IGitRepository, 'branches', IGitRef) | 515 | patch_collection_property(IGitRepository, 'branches', IGitRef) |
29 | 512 | 516 | ||
30 | === modified file 'lib/lp/app/webservice/marshallers.py' | |||
31 | --- lib/lp/app/webservice/marshallers.py 2012-01-01 02:58:52 +0000 | |||
32 | +++ lib/lp/app/webservice/marshallers.py 2018-10-16 15:29:23 +0000 | |||
33 | @@ -1,4 +1,4 @@ | |||
35 | 1 | # Copyright 2011 Canonical Ltd. This software is licensed under the | 1 | # Copyright 2011-2018 Canonical Ltd. This software is licensed under the |
36 | 2 | # GNU Affero General Public License version 3 (see the file LICENSE). | 2 | # GNU Affero General Public License version 3 (see the file LICENSE). |
37 | 3 | 3 | ||
38 | 4 | """Launchpad-specific field marshallers for the web service.""" | 4 | """Launchpad-specific field marshallers for the web service.""" |
39 | @@ -10,10 +10,23 @@ | |||
40 | 10 | ] | 10 | ] |
41 | 11 | 11 | ||
42 | 12 | 12 | ||
43 | 13 | from lazr.restful.interfaces import ( | ||
44 | 14 | IEntry, | ||
45 | 15 | IFieldMarshaller, | ||
46 | 16 | ) | ||
47 | 13 | from lazr.restful.marshallers import ( | 17 | from lazr.restful.marshallers import ( |
48 | 18 | SimpleFieldMarshaller, | ||
49 | 14 | TextFieldMarshaller as LazrTextFieldMarshaller, | 19 | TextFieldMarshaller as LazrTextFieldMarshaller, |
50 | 15 | ) | 20 | ) |
52 | 16 | from zope.component import getUtility | 21 | from zope.component import ( |
53 | 22 | getMultiAdapter, | ||
54 | 23 | getUtility, | ||
55 | 24 | ) | ||
56 | 25 | from zope.component.interfaces import ComponentLookupError | ||
57 | 26 | from zope.schema.interfaces import ( | ||
58 | 27 | IField, | ||
59 | 28 | RequiredMissing, | ||
60 | 29 | ) | ||
61 | 17 | 30 | ||
62 | 18 | from lp.services.utils import obfuscate_email | 31 | from lp.services.utils import obfuscate_email |
63 | 19 | from lp.services.webapp.interfaces import ILaunchBag | 32 | from lp.services.webapp.interfaces import ILaunchBag |
64 | @@ -31,3 +44,50 @@ | |||
65 | 31 | if (value is not None and getUtility(ILaunchBag).user is None): | 44 | if (value is not None and getUtility(ILaunchBag).user is None): |
66 | 32 | return obfuscate_email(value) | 45 | return obfuscate_email(value) |
67 | 33 | return value | 46 | return value |
68 | 47 | |||
69 | 48 | |||
70 | 49 | class InlineObjectFieldMarshaller(SimpleFieldMarshaller): | ||
71 | 50 | """A marshaller that represents an object as a dict. | ||
72 | 51 | |||
73 | 52 | lazr.restful represents objects as URL references by default, but that | ||
74 | 53 | isn't what we want in all cases. | ||
75 | 54 | |||
76 | 55 | To use this marshaller to read JSON input data, you must register an | ||
77 | 56 | adapter from the expected top-level type of the loaded JSON data | ||
78 | 57 | (usually `dict`) to the `InlineObject` field's schema. The adapter will | ||
79 | 58 | be called with the deserialised input data, with all inner fields | ||
80 | 59 | already converted as indicated by the schema. | ||
81 | 60 | """ | ||
82 | 61 | |||
83 | 62 | def unmarshall(self, entry, value): | ||
84 | 63 | """See `IFieldMarshaller`.""" | ||
85 | 64 | result = {} | ||
86 | 65 | for name in self.field.schema.names(all=True): | ||
87 | 66 | field = self.field.schema[name] | ||
88 | 67 | if IField.providedBy(field): | ||
89 | 68 | marshaller = getMultiAdapter( | ||
90 | 69 | (field, self.request), IFieldMarshaller) | ||
91 | 70 | sub_value = getattr(value, name, field.default) | ||
92 | 71 | try: | ||
93 | 72 | sub_entry = getMultiAdapter( | ||
94 | 73 | (sub_value, self.request), IEntry) | ||
95 | 74 | except ComponentLookupError: | ||
96 | 75 | sub_entry = entry | ||
97 | 76 | result[marshaller.representation_name] = marshaller.unmarshall( | ||
98 | 77 | sub_entry, sub_value) | ||
99 | 78 | return result | ||
100 | 79 | |||
101 | 80 | def _marshall_from_json_data(self, value): | ||
102 | 81 | """See `SimpleFieldMarshaller`.""" | ||
103 | 82 | template = {} | ||
104 | 83 | for name in self.field.schema.names(all=True): | ||
105 | 84 | field = self.field.schema[name] | ||
106 | 85 | if IField.providedBy(field): | ||
107 | 86 | marshaller = getMultiAdapter( | ||
108 | 87 | (field, self.request), IFieldMarshaller) | ||
109 | 88 | if marshaller.representation_name in value: | ||
110 | 89 | template[name] = marshaller.marshall_from_json_data( | ||
111 | 90 | value[marshaller.representation_name]) | ||
112 | 91 | elif field.required: | ||
113 | 92 | raise RequiredMissing(name) | ||
114 | 93 | return self.field.schema(template) | ||
115 | 34 | 94 | ||
116 | === modified file 'lib/lp/app/webservice/tests/test_marshallers.py' | |||
117 | --- lib/lp/app/webservice/tests/test_marshallers.py 2012-01-01 02:58:52 +0000 | |||
118 | +++ lib/lp/app/webservice/tests/test_marshallers.py 2018-10-16 15:29:23 +0000 | |||
119 | @@ -1,19 +1,40 @@ | |||
121 | 1 | # Copyright 2011 Canonical Ltd. This software is licensed under the | 1 | # Copyright 2011-2018 Canonical Ltd. This software is licensed under the |
122 | 2 | # GNU Affero General Public License version 3 (see the file LICENSE). | 2 | # GNU Affero General Public License version 3 (see the file LICENSE). |
123 | 3 | 3 | ||
124 | 4 | """Tests for the webservice marshallers.""" | 4 | """Tests for the webservice marshallers.""" |
125 | 5 | 5 | ||
126 | 6 | __metaclass__ = type | 6 | __metaclass__ = type |
127 | 7 | 7 | ||
128 | 8 | from testtools.matchers import ( | ||
129 | 9 | Equals, | ||
130 | 10 | MatchesDict, | ||
131 | 11 | MatchesStructure, | ||
132 | 12 | ) | ||
133 | 8 | import transaction | 13 | import transaction |
134 | 14 | from zope.component import adapter | ||
135 | 15 | from zope.interface import ( | ||
136 | 16 | implementer, | ||
137 | 17 | Interface, | ||
138 | 18 | ) | ||
139 | 19 | from zope.schema import Choice | ||
140 | 9 | 20 | ||
142 | 10 | from lp.app.webservice.marshallers import TextFieldMarshaller | 21 | from lp.app.webservice.marshallers import ( |
143 | 22 | InlineObjectFieldMarshaller, | ||
144 | 23 | TextFieldMarshaller, | ||
145 | 24 | ) | ||
146 | 25 | from lp.services.fields import ( | ||
147 | 26 | InlineObject, | ||
148 | 27 | PersonChoice, | ||
149 | 28 | ) | ||
150 | 29 | from lp.services.job.interfaces.job import JobStatus | ||
151 | 30 | from lp.services.webapp.publisher import canonical_url | ||
152 | 11 | from lp.services.webapp.servers import WebServiceTestRequest | 31 | from lp.services.webapp.servers import WebServiceTestRequest |
153 | 12 | from lp.testing import ( | 32 | from lp.testing import ( |
154 | 13 | logout, | 33 | logout, |
155 | 14 | person_logged_in, | 34 | person_logged_in, |
156 | 15 | TestCaseWithFactory, | 35 | TestCaseWithFactory, |
157 | 16 | ) | 36 | ) |
158 | 37 | from lp.testing.fixture import ZopeAdapterFixture | ||
159 | 17 | from lp.testing.layers import DatabaseFunctionalLayer | 38 | from lp.testing.layers import DatabaseFunctionalLayer |
160 | 18 | from lp.testing.pages import ( | 39 | from lp.testing.pages import ( |
161 | 19 | LaunchpadWebServiceCaller, | 40 | LaunchpadWebServiceCaller, |
162 | @@ -37,7 +58,7 @@ | |||
163 | 37 | self.assertEqual(u"<email address hidden>", result) | 58 | self.assertEqual(u"<email address hidden>", result) |
164 | 38 | 59 | ||
165 | 39 | def test_unmarshall_not_obfuscated(self): | 60 | def test_unmarshall_not_obfuscated(self): |
167 | 40 | # Data is not obfuccated if the user is authenticated. | 61 | # Data is not obfuscated if the user is authenticated. |
168 | 41 | marshaller = TextFieldMarshaller(None, WebServiceTestRequest()) | 62 | marshaller = TextFieldMarshaller(None, WebServiceTestRequest()) |
169 | 42 | with person_logged_in(self.factory.makePerson()): | 63 | with person_logged_in(self.factory.makePerson()): |
170 | 43 | result = marshaller.unmarshall(None, u"foo@example.com") | 64 | result = marshaller.unmarshall(None, u"foo@example.com") |
171 | @@ -128,3 +149,56 @@ | |||
172 | 128 | webservice = LaunchpadWebServiceCaller() | 149 | webservice = LaunchpadWebServiceCaller() |
173 | 129 | etag_logged_out = webservice(ws_url(bug)).getheader('etag') | 150 | etag_logged_out = webservice(ws_url(bug)).getheader('etag') |
174 | 130 | self.assertNotEqual(etag_logged_in, etag_logged_out) | 151 | self.assertNotEqual(etag_logged_in, etag_logged_out) |
175 | 152 | |||
176 | 153 | |||
177 | 154 | class IInlineExample(Interface): | ||
178 | 155 | |||
179 | 156 | person = PersonChoice(vocabulary="ValidPersonOrTeam") | ||
180 | 157 | |||
181 | 158 | status = Choice(vocabulary=JobStatus) | ||
182 | 159 | |||
183 | 160 | |||
184 | 161 | @implementer(IInlineExample) | ||
185 | 162 | class InlineExample: | ||
186 | 163 | |||
187 | 164 | def __init__(self, person, status): | ||
188 | 165 | self.person = person | ||
189 | 166 | self.status = status | ||
190 | 167 | |||
191 | 168 | |||
192 | 169 | @adapter(dict) | ||
193 | 170 | @implementer(IInlineExample) | ||
194 | 171 | def inline_example_from_dict(template): | ||
195 | 172 | return InlineExample(**template) | ||
196 | 173 | |||
197 | 174 | |||
198 | 175 | class TestInlineObjectFieldMarshaller(TestCaseWithFactory): | ||
199 | 176 | |||
200 | 177 | layer = DatabaseFunctionalLayer | ||
201 | 178 | |||
202 | 179 | def test_unmarshall(self): | ||
203 | 180 | field = InlineObject(schema=IInlineExample) | ||
204 | 181 | request = WebServiceTestRequest() | ||
205 | 182 | request.setVirtualHostRoot(names=["devel"]) | ||
206 | 183 | marshaller = InlineObjectFieldMarshaller(field, request) | ||
207 | 184 | obj = InlineExample(self.factory.makePerson(), JobStatus.WAITING) | ||
208 | 185 | result = marshaller.unmarshall(None, obj) | ||
209 | 186 | self.assertThat(result, MatchesDict({ | ||
210 | 187 | "person_link": Equals(canonical_url(obj.person, request=request)), | ||
211 | 188 | "status": Equals("Waiting"), | ||
212 | 189 | })) | ||
213 | 190 | |||
214 | 191 | def test_marshall_from_json_data(self): | ||
215 | 192 | self.useFixture(ZopeAdapterFixture(inline_example_from_dict)) | ||
216 | 193 | field = InlineObject(schema=IInlineExample) | ||
217 | 194 | request = WebServiceTestRequest() | ||
218 | 195 | request.setVirtualHostRoot(names=["devel"]) | ||
219 | 196 | marshaller = InlineObjectFieldMarshaller(field, request) | ||
220 | 197 | person = self.factory.makePerson() | ||
221 | 198 | data = { | ||
222 | 199 | "person_link": canonical_url(person, request=request), | ||
223 | 200 | "status": "Running", | ||
224 | 201 | } | ||
225 | 202 | obj = marshaller.marshall_from_json_data(data) | ||
226 | 203 | self.assertThat(obj, MatchesStructure.byEquality( | ||
227 | 204 | person=person, status=JobStatus.RUNNING)) | ||
228 | 131 | 205 | ||
229 | === modified file 'lib/lp/code/configure.zcml' | |||
230 | --- lib/lp/code/configure.zcml 2018-10-15 14:44:25 +0000 | |||
231 | +++ lib/lp/code/configure.zcml 2018-10-16 15:29:23 +0000 | |||
232 | @@ -896,22 +896,34 @@ | |||
233 | 896 | <class class="lp.code.model.gitref.GitRef"> | 896 | <class class="lp.code.model.gitref.GitRef"> |
234 | 897 | <require | 897 | <require |
235 | 898 | permission="launchpad.View" | 898 | permission="launchpad.View" |
237 | 899 | interface="lp.code.interfaces.gitref.IGitRef" /> | 899 | interface="lp.code.interfaces.gitref.IGitRefView" /> |
238 | 900 | <require | ||
239 | 901 | permission="launchpad.Edit" | ||
240 | 902 | interface="lp.code.interfaces.gitref.IGitRefEdit" /> | ||
241 | 900 | </class> | 903 | </class> |
242 | 901 | <class class="lp.code.model.gitref.GitRefDefault"> | 904 | <class class="lp.code.model.gitref.GitRefDefault"> |
243 | 902 | <require | 905 | <require |
244 | 903 | permission="launchpad.View" | 906 | permission="launchpad.View" |
246 | 904 | interface="lp.code.interfaces.gitref.IGitRef" /> | 907 | interface="lp.code.interfaces.gitref.IGitRefView" /> |
247 | 908 | <require | ||
248 | 909 | permission="launchpad.Edit" | ||
249 | 910 | interface="lp.code.interfaces.gitref.IGitRefEdit" /> | ||
250 | 905 | </class> | 911 | </class> |
251 | 906 | <class class="lp.code.model.gitref.GitRefFrozen"> | 912 | <class class="lp.code.model.gitref.GitRefFrozen"> |
252 | 907 | <require | 913 | <require |
253 | 908 | permission="launchpad.View" | 914 | permission="launchpad.View" |
255 | 909 | interface="lp.code.interfaces.gitref.IGitRef" /> | 915 | interface="lp.code.interfaces.gitref.IGitRefView" /> |
256 | 916 | <require | ||
257 | 917 | permission="launchpad.Edit" | ||
258 | 918 | interface="lp.code.interfaces.gitref.IGitRefEdit" /> | ||
259 | 910 | </class> | 919 | </class> |
260 | 911 | <class class="lp.code.model.gitref.GitRefRemote"> | 920 | <class class="lp.code.model.gitref.GitRefRemote"> |
261 | 912 | <require | 921 | <require |
262 | 913 | permission="launchpad.View" | 922 | permission="launchpad.View" |
264 | 914 | interface="lp.code.interfaces.gitref.IGitRef" /> | 923 | interface="lp.code.interfaces.gitref.IGitRefView" /> |
265 | 924 | <require | ||
266 | 925 | permission="launchpad.Edit" | ||
267 | 926 | interface="lp.code.interfaces.gitref.IGitRefEdit" /> | ||
268 | 915 | </class> | 927 | </class> |
269 | 916 | <securedutility | 928 | <securedutility |
270 | 917 | component="lp.code.model.gitref.GitRefRemote" | 929 | component="lp.code.model.gitref.GitRefRemote" |
271 | @@ -943,10 +955,15 @@ | |||
272 | 943 | permission="launchpad.Edit" | 955 | permission="launchpad.Edit" |
273 | 944 | interface="lp.code.interfaces.gitrule.IGitRuleGrantEdit" | 956 | interface="lp.code.interfaces.gitrule.IGitRuleGrantEdit" |
274 | 945 | set_schema="lp.code.interfaces.gitrule.IGitRuleGrantEditableAttributes" /> | 957 | set_schema="lp.code.interfaces.gitrule.IGitRuleGrantEditableAttributes" /> |
275 | 958 | <allow interface="lazr.restful.interfaces.IJSONPublishable" /> | ||
276 | 946 | </class> | 959 | </class> |
277 | 947 | <subscriber | 960 | <subscriber |
278 | 948 | for="lp.code.interfaces.gitrule.IGitRuleGrant zope.lifecycleevent.interfaces.IObjectModifiedEvent" | 961 | for="lp.code.interfaces.gitrule.IGitRuleGrant zope.lifecycleevent.interfaces.IObjectModifiedEvent" |
279 | 949 | handler="lp.code.model.gitrule.git_rule_grant_modified"/> | 962 | handler="lp.code.model.gitrule.git_rule_grant_modified"/> |
280 | 963 | <class class="lp.code.model.gitrule.GitNascentRuleGrant"> | ||
281 | 964 | <allow interface="lp.code.interfaces.gitrule.IGitNascentRuleGrant" /> | ||
282 | 965 | </class> | ||
283 | 966 | <adapter factory="lp.code.model.gitrule.nascent_rule_grant_from_dict" /> | ||
284 | 950 | 967 | ||
285 | 951 | <!-- GitActivity --> | 968 | <!-- GitActivity --> |
286 | 952 | 969 | ||
287 | 953 | 970 | ||
288 | === modified file 'lib/lp/code/interfaces/gitref.py' | |||
289 | --- lib/lp/code/interfaces/gitref.py 2018-08-20 23:33:01 +0000 | |||
290 | +++ lib/lp/code/interfaces/gitref.py 2018-10-16 15:29:23 +0000 | |||
291 | @@ -16,6 +16,7 @@ | |||
292 | 16 | export_as_webservice_entry, | 16 | export_as_webservice_entry, |
293 | 17 | export_factory_operation, | 17 | export_factory_operation, |
294 | 18 | export_read_operation, | 18 | export_read_operation, |
295 | 19 | export_write_operation, | ||
296 | 19 | exported, | 20 | exported, |
297 | 20 | operation_for_version, | 21 | operation_for_version, |
298 | 21 | operation_parameters, | 22 | operation_parameters, |
299 | @@ -50,16 +51,12 @@ | |||
300 | 50 | from lp.code.interfaces.hasbranches import IHasMergeProposals | 51 | from lp.code.interfaces.hasbranches import IHasMergeProposals |
301 | 51 | from lp.code.interfaces.hasrecipes import IHasRecipes | 52 | from lp.code.interfaces.hasrecipes import IHasRecipes |
302 | 52 | from lp.registry.interfaces.person import IPerson | 53 | from lp.registry.interfaces.person import IPerson |
303 | 54 | from lp.services.fields import InlineObject | ||
304 | 53 | from lp.services.webapp.interfaces import ITableBatchNavigator | 55 | from lp.services.webapp.interfaces import ITableBatchNavigator |
305 | 54 | 56 | ||
306 | 55 | 57 | ||
314 | 56 | class IGitRef(IHasMergeProposals, IHasRecipes, IPrivacy, IInformationType): | 58 | class IGitRefView(IHasMergeProposals, IHasRecipes, IPrivacy, IInformationType): |
315 | 57 | """A reference in a Git repository.""" | 59 | """IGitRef attributes that require launchpad.View permission.""" |
309 | 58 | |||
310 | 59 | # XXX cjwatson 2015-01-19 bug=760849: "beta" is a lie to get WADL | ||
311 | 60 | # generation working. Individual attributes must set their version to | ||
312 | 61 | # "devel". | ||
313 | 62 | export_as_webservice_entry(as_of="beta") | ||
316 | 63 | 60 | ||
317 | 64 | repository = exported(ReferenceChoice( | 61 | repository = exported(ReferenceChoice( |
318 | 65 | title=_("Repository"), required=True, readonly=True, | 62 | title=_("Repository"), required=True, readonly=True, |
319 | @@ -119,7 +116,7 @@ | |||
320 | 119 | 116 | ||
321 | 120 | commit_message_first_line = TextLine( | 117 | commit_message_first_line = TextLine( |
322 | 121 | title=_("The first line of the commit message."), | 118 | title=_("The first line of the commit message."), |
324 | 122 | required=True, readonly=True) | 119 | required=False, readonly=True) |
325 | 123 | 120 | ||
326 | 124 | identity = Attribute( | 121 | identity = Attribute( |
327 | 125 | "The identity of this reference. This will be the shortened path to " | 122 | "The identity of this reference. This will be the shortened path to " |
328 | @@ -392,6 +389,42 @@ | |||
329 | 392 | """ | 389 | """ |
330 | 393 | 390 | ||
331 | 394 | 391 | ||
332 | 392 | class IGitRefEdit(Interface): | ||
333 | 393 | """IGitRef methods that require launchpad.Edit permission.""" | ||
334 | 394 | |||
335 | 395 | @export_read_operation() | ||
336 | 396 | @operation_for_version("devel") | ||
337 | 397 | def getGrants(): | ||
338 | 398 | """Get the access grants specific to this reference. | ||
339 | 399 | |||
340 | 400 | Other grants may apply via wildcard rules. | ||
341 | 401 | """ | ||
342 | 402 | |||
343 | 403 | @operation_parameters( | ||
344 | 404 | grants=List( | ||
345 | 405 | title=_("Grants"), | ||
346 | 406 | # Really IGitNascentRuleGrant, patched in | ||
347 | 407 | # _schema_circular_imports.py. | ||
348 | 408 | value_type=InlineObject(schema=Interface))) | ||
349 | 409 | @call_with(user=REQUEST_USER) | ||
350 | 410 | @export_write_operation() | ||
351 | 411 | @operation_for_version("devel") | ||
352 | 412 | def setGrants(grants, user): | ||
353 | 413 | """Set the access grants specific to this reference. | ||
354 | 414 | |||
355 | 415 | Other grants may apply via wildcard rules. | ||
356 | 416 | """ | ||
357 | 417 | |||
358 | 418 | |||
359 | 419 | class IGitRef(IGitRefView, IGitRefEdit): | ||
360 | 420 | """A reference in a Git repository.""" | ||
361 | 421 | |||
362 | 422 | # XXX cjwatson 2015-01-19 bug=760849: "beta" is a lie to get WADL | ||
363 | 423 | # generation working. Individual attributes must set their version to | ||
364 | 424 | # "devel". | ||
365 | 425 | export_as_webservice_entry(as_of="beta") | ||
366 | 426 | |||
367 | 427 | |||
368 | 395 | class IGitRefBatchNavigator(ITableBatchNavigator): | 428 | class IGitRefBatchNavigator(ITableBatchNavigator): |
369 | 396 | pass | 429 | pass |
370 | 397 | 430 | ||
371 | 398 | 431 | ||
372 | === modified file 'lib/lp/code/interfaces/gitrule.py' | |||
373 | --- lib/lp/code/interfaces/gitrule.py 2018-10-12 16:41:14 +0000 | |||
374 | +++ lib/lp/code/interfaces/gitrule.py 2018-10-16 15:29:23 +0000 | |||
375 | @@ -7,11 +7,13 @@ | |||
376 | 7 | 7 | ||
377 | 8 | __metaclass__ = type | 8 | __metaclass__ = type |
378 | 9 | __all__ = [ | 9 | __all__ = [ |
379 | 10 | 'IGitNascentRuleGrant', | ||
380 | 10 | 'IGitRule', | 11 | 'IGitRule', |
381 | 11 | 'IGitRuleGrant', | 12 | 'IGitRuleGrant', |
382 | 12 | ] | 13 | ] |
383 | 13 | 14 | ||
384 | 14 | from lazr.restful.fields import Reference | 15 | from lazr.restful.fields import Reference |
385 | 16 | from lazr.restful.interface import copy_field | ||
386 | 15 | from zope.interface import ( | 17 | from zope.interface import ( |
387 | 16 | Attribute, | 18 | Attribute, |
388 | 17 | Interface, | 19 | Interface, |
389 | @@ -100,6 +102,9 @@ | |||
390 | 100 | matching this rule. | 102 | matching this rule. |
391 | 101 | """ | 103 | """ |
392 | 102 | 104 | ||
393 | 105 | def setGrants(grants, user): | ||
394 | 106 | """Set the access grants for this rule.""" | ||
395 | 107 | |||
396 | 103 | def destroySelf(user): | 108 | def destroySelf(user): |
397 | 104 | """Delete this rule. | 109 | """Delete this rule. |
398 | 105 | 110 | ||
399 | @@ -183,3 +188,24 @@ | |||
400 | 183 | class IGitRuleGrant(IGitRuleGrantView, IGitRuleGrantEditableAttributes, | 188 | class IGitRuleGrant(IGitRuleGrantView, IGitRuleGrantEditableAttributes, |
401 | 184 | IGitRuleGrantEdit): | 189 | IGitRuleGrantEdit): |
402 | 185 | """An access grant for a Git repository rule.""" | 190 | """An access grant for a Git repository rule.""" |
403 | 191 | |||
404 | 192 | |||
405 | 193 | class IGitNascentRuleGrant(Interface): | ||
406 | 194 | """An access grant in the process of being created. | ||
407 | 195 | |||
408 | 196 | This represents parameters for a grant that have been deserialised from | ||
409 | 197 | a webservice request, but that have not yet been attached to a rule. | ||
410 | 198 | """ | ||
411 | 199 | |||
412 | 200 | grantee_type = copy_field(IGitRuleGrant["grantee_type"]) | ||
413 | 201 | |||
414 | 202 | grantee = copy_field(IGitRuleGrant["grantee"]) | ||
415 | 203 | |||
416 | 204 | can_create = copy_field( | ||
417 | 205 | IGitRuleGrant["can_create"], required=False, default=False) | ||
418 | 206 | |||
419 | 207 | can_push = copy_field( | ||
420 | 208 | IGitRuleGrant["can_push"], required=False, default=False) | ||
421 | 209 | |||
422 | 210 | can_force_push = copy_field( | ||
423 | 211 | IGitRuleGrant["can_force_push"], required=False, default=False) | ||
424 | 186 | 212 | ||
425 | === modified file 'lib/lp/code/model/gitref.py' | |||
426 | --- lib/lp/code/model/gitref.py 2018-09-27 13:50:06 +0000 | |||
427 | +++ lib/lp/code/model/gitref.py 2018-10-16 15:29:23 +0000 | |||
428 | @@ -69,6 +69,10 @@ | |||
429 | 69 | BranchMergeProposal, | 69 | BranchMergeProposal, |
430 | 70 | BranchMergeProposalGetter, | 70 | BranchMergeProposalGetter, |
431 | 71 | ) | 71 | ) |
432 | 72 | from lp.code.model.gitrule import ( | ||
433 | 73 | GitRule, | ||
434 | 74 | GitRuleGrant, | ||
435 | 75 | ) | ||
436 | 72 | from lp.services.config import config | 76 | from lp.services.config import config |
437 | 73 | from lp.services.database.constants import UTC_NOW | 77 | from lp.services.database.constants import UTC_NOW |
438 | 74 | from lp.services.database.decoratedresultset import DecoratedResultSet | 78 | from lp.services.database.decoratedresultset import DecoratedResultSet |
439 | @@ -421,6 +425,24 @@ | |||
440 | 421 | hook = SourcePackageRecipe.preLoadDataForSourcePackageRecipes | 425 | hook = SourcePackageRecipe.preLoadDataForSourcePackageRecipes |
441 | 422 | return DecoratedResultSet(recipes, pre_iter_hook=hook) | 426 | return DecoratedResultSet(recipes, pre_iter_hook=hook) |
442 | 423 | 427 | ||
443 | 428 | def getGrants(self): | ||
444 | 429 | """See `IGitRef`.""" | ||
445 | 430 | return list(Store.of(self).find( | ||
446 | 431 | GitRuleGrant, GitRuleGrant.rule_id == GitRule.id, | ||
447 | 432 | GitRule.repository_id == self.repository_id, | ||
448 | 433 | GitRule.ref_pattern == self.path)) | ||
449 | 434 | |||
450 | 435 | def setGrants(self, grants, user): | ||
451 | 436 | """See `IGitRef`.""" | ||
452 | 437 | rule = Store.of(self).find( | ||
453 | 438 | GitRule, GitRule.repository_id == self.repository_id, | ||
454 | 439 | GitRule.ref_pattern == self.path).one() | ||
455 | 440 | if rule is None: | ||
456 | 441 | # We don't need to worry about position, since this is an | ||
457 | 442 | # exact-match rule and therefore has a canonical position. | ||
458 | 443 | rule = self.repository.addRule(self.path, user) | ||
459 | 444 | rule.setGrants(grants, user) | ||
460 | 445 | |||
461 | 424 | 446 | ||
462 | 425 | @implementer(IGitRef) | 447 | @implementer(IGitRef) |
463 | 426 | class GitRef(StormBase, GitRefMixin): | 448 | class GitRef(StormBase, GitRefMixin): |
464 | @@ -452,7 +474,10 @@ | |||
465 | 452 | 474 | ||
466 | 453 | @property | 475 | @property |
467 | 454 | def commit_message_first_line(self): | 476 | def commit_message_first_line(self): |
469 | 455 | return self.commit_message.split("\n", 1)[0] | 477 | if self.commit_message is not None: |
470 | 478 | return self.commit_message.split("\n", 1)[0] | ||
471 | 479 | else: | ||
472 | 480 | return None | ||
473 | 456 | 481 | ||
474 | 457 | @property | 482 | @property |
475 | 458 | def has_commits(self): | 483 | def has_commits(self): |
476 | @@ -795,6 +820,12 @@ | |||
477 | 795 | """See `IHasRecipes`.""" | 820 | """See `IHasRecipes`.""" |
478 | 796 | return [] | 821 | return [] |
479 | 797 | 822 | ||
480 | 823 | def getGrants(self): | ||
481 | 824 | """See `IGitRef`.""" | ||
482 | 825 | return [] | ||
483 | 826 | |||
484 | 827 | setGrants = _unimplemented | ||
485 | 828 | |||
486 | 798 | def __eq__(self, other): | 829 | def __eq__(self, other): |
487 | 799 | return ( | 830 | return ( |
488 | 800 | self.repository_url == other.repository_url and | 831 | self.repository_url == other.repository_url and |
489 | 801 | 832 | ||
490 | === modified file 'lib/lp/code/model/gitrule.py' | |||
491 | --- lib/lp/code/model/gitrule.py 2018-10-12 16:41:14 +0000 | |||
492 | +++ lib/lp/code/model/gitrule.py 2018-10-16 15:29:23 +0000 | |||
493 | @@ -11,7 +11,16 @@ | |||
494 | 11 | 'GitRuleGrant', | 11 | 'GitRuleGrant', |
495 | 12 | ] | 12 | ] |
496 | 13 | 13 | ||
497 | 14 | from collections import OrderedDict | ||
498 | 15 | |||
499 | 14 | from lazr.enum import DBItem | 16 | from lazr.enum import DBItem |
500 | 17 | from lazr.lifecycle.event import ObjectModifiedEvent | ||
501 | 18 | from lazr.lifecycle.snapshot import Snapshot | ||
502 | 19 | from lazr.restful.interfaces import ( | ||
503 | 20 | IFieldMarshaller, | ||
504 | 21 | IJSONPublishable, | ||
505 | 22 | ) | ||
506 | 23 | from lazr.restful.utils import get_current_browser_request | ||
507 | 15 | import pytz | 24 | import pytz |
508 | 16 | from storm.locals import ( | 25 | from storm.locals import ( |
509 | 17 | Bool, | 26 | Bool, |
510 | @@ -21,13 +30,22 @@ | |||
511 | 21 | Store, | 30 | Store, |
512 | 22 | Unicode, | 31 | Unicode, |
513 | 23 | ) | 32 | ) |
516 | 24 | from zope.component import getUtility | 33 | from zope.component import ( |
517 | 25 | from zope.interface import implementer | 34 | adapter, |
518 | 35 | getMultiAdapter, | ||
519 | 36 | getUtility, | ||
520 | 37 | ) | ||
521 | 38 | from zope.event import notify | ||
522 | 39 | from zope.interface import ( | ||
523 | 40 | implementer, | ||
524 | 41 | providedBy, | ||
525 | 42 | ) | ||
526 | 26 | from zope.security.proxy import removeSecurityProxy | 43 | from zope.security.proxy import removeSecurityProxy |
527 | 27 | 44 | ||
528 | 28 | from lp.code.enums import GitGranteeType | 45 | from lp.code.enums import GitGranteeType |
529 | 29 | from lp.code.interfaces.gitactivity import IGitActivitySet | 46 | from lp.code.interfaces.gitactivity import IGitActivitySet |
530 | 30 | from lp.code.interfaces.gitrule import ( | 47 | from lp.code.interfaces.gitrule import ( |
531 | 48 | IGitNascentRuleGrant, | ||
532 | 31 | IGitRule, | 49 | IGitRule, |
533 | 32 | IGitRuleGrant, | 50 | IGitRuleGrant, |
534 | 33 | ) | 51 | ) |
535 | @@ -42,6 +60,7 @@ | |||
536 | 42 | ) | 60 | ) |
537 | 43 | from lp.services.database.enumcol import DBEnum | 61 | from lp.services.database.enumcol import DBEnum |
538 | 44 | from lp.services.database.stormbase import StormBase | 62 | from lp.services.database.stormbase import StormBase |
539 | 63 | from lp.services.fields import InlineObject | ||
540 | 45 | 64 | ||
541 | 46 | 65 | ||
542 | 47 | def git_rule_modified(rule, event): | 66 | def git_rule_modified(rule, event): |
543 | @@ -118,6 +137,58 @@ | |||
544 | 118 | getUtility(IGitActivitySet).logGrantAdded(grant, grantor) | 137 | getUtility(IGitActivitySet).logGrantAdded(grant, grantor) |
545 | 119 | return grant | 138 | return grant |
546 | 120 | 139 | ||
547 | 140 | def _validateGrants(self, grants): | ||
548 | 141 | """Validate a new iterable of access grants.""" | ||
549 | 142 | for grant in grants: | ||
550 | 143 | if grant.grantee_type == GitGranteeType.PERSON: | ||
551 | 144 | if grant.grantee is None: | ||
552 | 145 | raise ValueError( | ||
553 | 146 | "Permission grant for %s has grantee_type 'Person' " | ||
554 | 147 | "but no grantee" % self.ref_pattern) | ||
555 | 148 | else: | ||
556 | 149 | if grant.grantee is not None: | ||
557 | 150 | raise ValueError( | ||
558 | 151 | "Permission grant for %s has grantee_type '%s', " | ||
559 | 152 | "contradicting grantee ~%s" % | ||
560 | 153 | (self.ref_pattern, grant.grantee_type, | ||
561 | 154 | grant.grantee.name)) | ||
562 | 155 | |||
563 | 156 | def setGrants(self, grants, user): | ||
564 | 157 | """See `IGitRule`.""" | ||
565 | 158 | self._validateGrants(grants) | ||
566 | 159 | existing_grants = { | ||
567 | 160 | (grant.grantee_type, grant.grantee): grant | ||
568 | 161 | for grant in self.grants} | ||
569 | 162 | new_grants = OrderedDict( | ||
570 | 163 | ((grant.grantee_type, grant.grantee), grant) | ||
571 | 164 | for grant in grants) | ||
572 | 165 | |||
573 | 166 | for grant_key, grant in existing_grants.items(): | ||
574 | 167 | if grant_key not in new_grants: | ||
575 | 168 | grant.destroySelf(user) | ||
576 | 169 | |||
577 | 170 | for grant_key, new_grant in new_grants.items(): | ||
578 | 171 | grant = existing_grants.get(grant_key) | ||
579 | 172 | if grant is None: | ||
580 | 173 | new_grantee = ( | ||
581 | 174 | new_grant.grantee | ||
582 | 175 | if new_grant.grantee_type == GitGranteeType.PERSON | ||
583 | 176 | else new_grant.grantee_type) | ||
584 | 177 | grant = self.addGrant( | ||
585 | 178 | new_grantee, user, can_create=new_grant.can_create, | ||
586 | 179 | can_push=new_grant.can_push, | ||
587 | 180 | can_force_push=new_grant.can_force_push) | ||
588 | 181 | else: | ||
589 | 182 | grant_before_modification = Snapshot( | ||
590 | 183 | grant, providing=providedBy(grant)) | ||
591 | 184 | edited_fields = [] | ||
592 | 185 | for field in ("can_create", "can_push", "can_force_push"): | ||
593 | 186 | if getattr(grant, field) != getattr(new_grant, field): | ||
594 | 187 | setattr(grant, field, getattr(new_grant, field)) | ||
595 | 188 | edited_fields.append(field) | ||
596 | 189 | notify(ObjectModifiedEvent( | ||
597 | 190 | grant, grant_before_modification, edited_fields)) | ||
598 | 191 | |||
599 | 121 | def destroySelf(self, user): | 192 | def destroySelf(self, user): |
600 | 122 | """See `IGitRule`.""" | 193 | """See `IGitRule`.""" |
601 | 123 | getUtility(IGitActivitySet).logRuleRemoved(self, user) | 194 | getUtility(IGitActivitySet).logRuleRemoved(self, user) |
602 | @@ -142,7 +213,7 @@ | |||
603 | 142 | removeSecurityProxy(grant).date_last_modified = UTC_NOW | 213 | removeSecurityProxy(grant).date_last_modified = UTC_NOW |
604 | 143 | 214 | ||
605 | 144 | 215 | ||
607 | 145 | @implementer(IGitRuleGrant) | 216 | @implementer(IGitRuleGrant, IJSONPublishable) |
608 | 146 | class GitRuleGrant(StormBase): | 217 | class GitRuleGrant(StormBase): |
609 | 147 | """See `IGitRuleGrant`.""" | 218 | """See `IGitRuleGrant`.""" |
610 | 148 | 219 | ||
611 | @@ -215,8 +286,35 @@ | |||
612 | 215 | ", ".join(permissions), grantee_name, self.repository.unique_name, | 286 | ", ".join(permissions), grantee_name, self.repository.unique_name, |
613 | 216 | self.rule.ref_pattern) | 287 | self.rule.ref_pattern) |
614 | 217 | 288 | ||
615 | 289 | def toDataForJSON(self, media_type): | ||
616 | 290 | """See `IJSONPublishable`.""" | ||
617 | 291 | if media_type != "application/json": | ||
618 | 292 | raise ValueError("Unhandled media type %s" % media_type) | ||
619 | 293 | request = get_current_browser_request() | ||
620 | 294 | field = InlineObject(schema=IGitNascentRuleGrant).bind(self) | ||
621 | 295 | marshaller = getMultiAdapter((field, request), IFieldMarshaller) | ||
622 | 296 | return marshaller.unmarshall(None, self) | ||
623 | 297 | |||
624 | 218 | def destroySelf(self, user=None): | 298 | def destroySelf(self, user=None): |
625 | 219 | """See `IGitRuleGrant`.""" | 299 | """See `IGitRuleGrant`.""" |
626 | 220 | if user is not None: | 300 | if user is not None: |
627 | 221 | getUtility(IGitActivitySet).logGrantRemoved(self, user) | 301 | getUtility(IGitActivitySet).logGrantRemoved(self, user) |
628 | 222 | Store.of(self).remove(self) | 302 | Store.of(self).remove(self) |
629 | 303 | |||
630 | 304 | |||
631 | 305 | @implementer(IGitNascentRuleGrant) | ||
632 | 306 | class GitNascentRuleGrant: | ||
633 | 307 | |||
634 | 308 | def __init__(self, grantee_type, grantee=None, can_create=False, | ||
635 | 309 | can_push=False, can_force_push=False): | ||
636 | 310 | self.grantee_type = grantee_type | ||
637 | 311 | self.grantee = grantee | ||
638 | 312 | self.can_create = can_create | ||
639 | 313 | self.can_push = can_push | ||
640 | 314 | self.can_force_push = can_force_push | ||
641 | 315 | |||
642 | 316 | |||
643 | 317 | @adapter(dict) | ||
644 | 318 | @implementer(IGitNascentRuleGrant) | ||
645 | 319 | def nascent_rule_grant_from_dict(template): | ||
646 | 320 | return GitNascentRuleGrant(**template) | ||
647 | 223 | 321 | ||
648 | === modified file 'lib/lp/code/model/tests/test_gitref.py' | |||
649 | --- lib/lp/code/model/tests/test_gitref.py 2018-09-27 13:50:06 +0000 | |||
650 | +++ lib/lp/code/model/tests/test_gitref.py 2018-10-16 15:29:23 +0000 | |||
651 | @@ -17,20 +17,25 @@ | |||
652 | 17 | from bzrlib import urlutils | 17 | from bzrlib import urlutils |
653 | 18 | import pytz | 18 | import pytz |
654 | 19 | import responses | 19 | import responses |
655 | 20 | from storm.store import Store | ||
656 | 20 | from testtools.matchers import ( | 21 | from testtools.matchers import ( |
657 | 21 | ContainsDict, | 22 | ContainsDict, |
658 | 22 | EndsWith, | 23 | EndsWith, |
659 | 23 | Equals, | 24 | Equals, |
660 | 24 | Is, | 25 | Is, |
661 | 25 | LessThan, | 26 | LessThan, |
662 | 27 | MatchesDict, | ||
663 | 26 | MatchesListwise, | 28 | MatchesListwise, |
664 | 29 | MatchesSetwise, | ||
665 | 27 | MatchesStructure, | 30 | MatchesStructure, |
666 | 28 | ) | 31 | ) |
667 | 32 | import transaction | ||
668 | 29 | from zope.component import getUtility | 33 | from zope.component import getUtility |
669 | 30 | 34 | ||
670 | 31 | from lp.app.enums import InformationType | 35 | from lp.app.enums import InformationType |
671 | 32 | from lp.app.interfaces.informationtype import IInformationType | 36 | from lp.app.interfaces.informationtype import IInformationType |
672 | 33 | from lp.app.interfaces.launchpad import IPrivacy | 37 | from lp.app.interfaces.launchpad import IPrivacy |
673 | 38 | from lp.code.enums import GitGranteeType | ||
674 | 34 | from lp.code.errors import ( | 39 | from lp.code.errors import ( |
675 | 35 | GitRepositoryBlobNotFound, | 40 | GitRepositoryBlobNotFound, |
676 | 36 | GitRepositoryBlobUnsupportedRemote, | 41 | GitRepositoryBlobUnsupportedRemote, |
677 | @@ -38,8 +43,10 @@ | |||
678 | 38 | InvalidBranchMergeProposal, | 43 | InvalidBranchMergeProposal, |
679 | 39 | ) | 44 | ) |
680 | 40 | from lp.code.interfaces.gitrepository import IGitRepositorySet | 45 | from lp.code.interfaces.gitrepository import IGitRepositorySet |
681 | 46 | from lp.code.interfaces.gitrule import IGitNascentRuleGrant | ||
682 | 41 | from lp.code.tests.helpers import GitHostingFixture | 47 | from lp.code.tests.helpers import GitHostingFixture |
683 | 42 | from lp.services.config import config | 48 | from lp.services.config import config |
684 | 49 | from lp.services.database.sqlbase import get_transaction_timestamp | ||
685 | 43 | from lp.services.features.testing import FeatureFixture | 50 | from lp.services.features.testing import FeatureFixture |
686 | 44 | from lp.services.memcache.interfaces import IMemcacheClient | 51 | from lp.services.memcache.interfaces import IMemcacheClient |
687 | 45 | from lp.services.utils import seconds_since_epoch | 52 | from lp.services.utils import seconds_since_epoch |
688 | @@ -570,6 +577,106 @@ | |||
689 | 570 | self.assertEqual({(person1, "review1"), (person2, "review2")}, votes) | 577 | self.assertEqual({(person1, "review1"), (person2, "review2")}, votes) |
690 | 571 | 578 | ||
691 | 572 | 579 | ||
692 | 580 | class TestGitRefGrants(TestCaseWithFactory): | ||
693 | 581 | """Test handling of access grants for refs. | ||
694 | 582 | |||
695 | 583 | Most of the hard work here is done by GitRule, but we ensure that | ||
696 | 584 | getting and setting grants via GitRef operates only on the appropriate | ||
697 | 585 | exact-match rule. | ||
698 | 586 | """ | ||
699 | 587 | |||
700 | 588 | layer = DatabaseFunctionalLayer | ||
701 | 589 | |||
702 | 590 | def test_getGrants(self): | ||
703 | 591 | repository = self.factory.makeGitRepository() | ||
704 | 592 | [ref] = self.factory.makeGitRefs(repository=repository) | ||
705 | 593 | rule = self.factory.makeGitRule( | ||
706 | 594 | repository=repository, ref_pattern=ref.path) | ||
707 | 595 | grants = [ | ||
708 | 596 | self.factory.makeGitRuleGrant( | ||
709 | 597 | rule=rule, can_create=True, can_force_push=True), | ||
710 | 598 | self.factory.makeGitRuleGrant(rule=rule, can_push=True), | ||
711 | 599 | ] | ||
712 | 600 | wildcard_rule = self.factory.makeGitRule( | ||
713 | 601 | repository=repository, ref_pattern="refs/heads/*") | ||
714 | 602 | self.factory.makeGitRuleGrant(rule=wildcard_rule) | ||
715 | 603 | self.assertThat(ref.getGrants(), MatchesSetwise( | ||
716 | 604 | MatchesStructure( | ||
717 | 605 | rule=Equals(rule), | ||
718 | 606 | grantee_type=Equals(GitGranteeType.PERSON), | ||
719 | 607 | grantee=Equals(grants[0].grantee), | ||
720 | 608 | can_create=Is(True), | ||
721 | 609 | can_push=Is(False), | ||
722 | 610 | can_force_push=Is(True)), | ||
723 | 611 | MatchesStructure( | ||
724 | 612 | rule=Equals(rule), | ||
725 | 613 | grantee_type=Equals(GitGranteeType.PERSON), | ||
726 | 614 | grantee=Equals(grants[1].grantee), | ||
727 | 615 | can_create=Is(False), | ||
728 | 616 | can_push=Is(True), | ||
729 | 617 | can_force_push=Is(False)))) | ||
730 | 618 | |||
731 | 619 | def test_setGrants_no_matching_rule(self): | ||
732 | 620 | repository = self.factory.makeGitRepository() | ||
733 | 621 | [ref] = self.factory.makeGitRefs(repository=repository) | ||
734 | 622 | self.factory.makeGitRule( | ||
735 | 623 | repository=repository, ref_pattern="refs/heads/*") | ||
736 | 624 | other_repository = self.factory.makeGitRepository() | ||
737 | 625 | self.factory.makeGitRule( | ||
738 | 626 | repository=other_repository, ref_pattern=ref.path) | ||
739 | 627 | with person_logged_in(repository.owner): | ||
740 | 628 | ref.setGrants([ | ||
741 | 629 | IGitNascentRuleGrant({ | ||
742 | 630 | "grantee_type": GitGranteeType.REPOSITORY_OWNER, | ||
743 | 631 | "can_force_push": True, | ||
744 | 632 | }), | ||
745 | 633 | ], repository.owner) | ||
746 | 634 | self.assertThat(list(repository.rules), MatchesListwise([ | ||
747 | 635 | MatchesStructure( | ||
748 | 636 | repository=Equals(repository), | ||
749 | 637 | ref_pattern=Equals(ref.path), | ||
750 | 638 | grants=MatchesSetwise( | ||
751 | 639 | MatchesStructure( | ||
752 | 640 | grantee_type=Equals(GitGranteeType.REPOSITORY_OWNER), | ||
753 | 641 | grantee=Is(None), | ||
754 | 642 | can_create=Is(False), | ||
755 | 643 | can_push=Is(False), | ||
756 | 644 | can_force_push=Is(True)))), | ||
757 | 645 | MatchesStructure( | ||
758 | 646 | repository=Equals(repository), | ||
759 | 647 | ref_pattern=Equals("refs/heads/*"), | ||
760 | 648 | grants=MatchesSetwise()), | ||
761 | 649 | ])) | ||
762 | 650 | |||
763 | 651 | def test_setGrants_matching_rule(self): | ||
764 | 652 | repository = self.factory.makeGitRepository() | ||
765 | 653 | [ref] = self.factory.makeGitRefs(repository=repository) | ||
766 | 654 | rule = self.factory.makeGitRule( | ||
767 | 655 | repository=repository, ref_pattern=ref.path) | ||
768 | 656 | date_created = get_transaction_timestamp(Store.of(rule)) | ||
769 | 657 | transaction.commit() | ||
770 | 658 | with person_logged_in(repository.owner): | ||
771 | 659 | ref.setGrants([ | ||
772 | 660 | IGitNascentRuleGrant({ | ||
773 | 661 | "grantee_type": GitGranteeType.REPOSITORY_OWNER, | ||
774 | 662 | "can_force_push": True, | ||
775 | 663 | }), | ||
776 | 664 | ], repository.owner) | ||
777 | 665 | self.assertThat(list(repository.rules), MatchesListwise([ | ||
778 | 666 | MatchesStructure( | ||
779 | 667 | repository=Equals(repository), | ||
780 | 668 | ref_pattern=Equals(ref.path), | ||
781 | 669 | date_created=Equals(date_created), | ||
782 | 670 | grants=MatchesSetwise( | ||
783 | 671 | MatchesStructure( | ||
784 | 672 | grantee_type=Equals(GitGranteeType.REPOSITORY_OWNER), | ||
785 | 673 | grantee=Is(None), | ||
786 | 674 | can_create=Is(False), | ||
787 | 675 | can_push=Is(False), | ||
788 | 676 | can_force_push=Is(True)))), | ||
789 | 677 | ])) | ||
790 | 678 | |||
791 | 679 | |||
792 | 573 | class TestGitRefWebservice(TestCaseWithFactory): | 680 | class TestGitRefWebservice(TestCaseWithFactory): |
793 | 574 | """Tests for the webservice.""" | 681 | """Tests for the webservice.""" |
794 | 575 | 682 | ||
795 | @@ -686,3 +793,85 @@ | |||
796 | 686 | self.assertEqual(1, len(dependent_landings["entries"])) | 793 | self.assertEqual(1, len(dependent_landings["entries"])) |
797 | 687 | self.assertThat( | 794 | self.assertThat( |
798 | 688 | dependent_landings["entries"][0]["self_link"], EndsWith(bmp_url)) | 795 | dependent_landings["entries"][0]["self_link"], EndsWith(bmp_url)) |
799 | 796 | |||
800 | 797 | def test_getGrants(self): | ||
801 | 798 | [ref] = self.factory.makeGitRefs() | ||
802 | 799 | rule = self.factory.makeGitRule( | ||
803 | 800 | repository=ref.repository, ref_pattern=ref.path) | ||
804 | 801 | self.factory.makeGitRuleGrant( | ||
805 | 802 | rule=rule, grantee=GitGranteeType.REPOSITORY_OWNER, | ||
806 | 803 | can_create=True, can_force_push=True) | ||
807 | 804 | grantee = self.factory.makePerson() | ||
808 | 805 | self.factory.makeGitRuleGrant( | ||
809 | 806 | rule=rule, grantee=grantee, can_push=True) | ||
810 | 807 | with person_logged_in(ref.owner): | ||
811 | 808 | ref_url = api_url(ref) | ||
812 | 809 | grantee_url = api_url(grantee) | ||
813 | 810 | webservice = webservice_for_person( | ||
814 | 811 | ref.owner, permission=OAuthPermission.WRITE_PUBLIC) | ||
815 | 812 | webservice.default_api_version = "devel" | ||
816 | 813 | response = webservice.named_get(ref_url, "getGrants") | ||
817 | 814 | self.assertThat(json.loads(response.body), MatchesSetwise( | ||
818 | 815 | MatchesDict({ | ||
819 | 816 | "grantee_type": Equals("Repository owner"), | ||
820 | 817 | "grantee_link": Is(None), | ||
821 | 818 | "can_create": Is(True), | ||
822 | 819 | "can_push": Is(False), | ||
823 | 820 | "can_force_push": Is(True), | ||
824 | 821 | }), | ||
825 | 822 | MatchesDict({ | ||
826 | 823 | "grantee_type": Equals("Person"), | ||
827 | 824 | "grantee_link": Equals(webservice.getAbsoluteUrl(grantee_url)), | ||
828 | 825 | "can_create": Is(False), | ||
829 | 826 | "can_push": Is(True), | ||
830 | 827 | "can_force_push": Is(False), | ||
831 | 828 | }))) | ||
832 | 829 | |||
833 | 830 | def test_setGrants(self): | ||
834 | 831 | [ref] = self.factory.makeGitRefs() | ||
835 | 832 | owner = ref.owner | ||
836 | 833 | grantee = self.factory.makePerson() | ||
837 | 834 | with person_logged_in(owner): | ||
838 | 835 | ref_url = api_url(ref) | ||
839 | 836 | grantee_url = api_url(grantee) | ||
840 | 837 | webservice = webservice_for_person( | ||
841 | 838 | owner, permission=OAuthPermission.WRITE_PUBLIC) | ||
842 | 839 | webservice.default_api_version = "devel" | ||
843 | 840 | response = webservice.named_post( | ||
844 | 841 | ref_url, "setGrants", | ||
845 | 842 | grants=[ | ||
846 | 843 | { | ||
847 | 844 | "grantee_type": "Repository owner", | ||
848 | 845 | "can_create": True, | ||
849 | 846 | "can_force_push": True, | ||
850 | 847 | }, | ||
851 | 848 | { | ||
852 | 849 | "grantee_type": "Person", | ||
853 | 850 | "grantee_link": grantee_url, | ||
854 | 851 | "can_push": True, | ||
855 | 852 | }, | ||
856 | 853 | ]) | ||
857 | 854 | self.assertEqual(200, response.status) | ||
858 | 855 | with person_logged_in(owner): | ||
859 | 856 | self.assertThat(list(ref.repository.rules), MatchesListwise([ | ||
860 | 857 | MatchesStructure( | ||
861 | 858 | repository=Equals(ref.repository), | ||
862 | 859 | ref_pattern=Equals(ref.path), | ||
863 | 860 | creator=Equals(owner), | ||
864 | 861 | grants=MatchesSetwise( | ||
865 | 862 | MatchesStructure( | ||
866 | 863 | grantor=Equals(owner), | ||
867 | 864 | grantee_type=Equals( | ||
868 | 865 | GitGranteeType.REPOSITORY_OWNER), | ||
869 | 866 | grantee=Is(None), | ||
870 | 867 | can_create=Is(True), | ||
871 | 868 | can_push=Is(False), | ||
872 | 869 | can_force_push=Is(True)), | ||
873 | 870 | MatchesStructure( | ||
874 | 871 | grantor=Equals(owner), | ||
875 | 872 | grantee_type=Equals(GitGranteeType.PERSON), | ||
876 | 873 | grantee=Equals(grantee), | ||
877 | 874 | can_create=Is(False), | ||
878 | 875 | can_push=Is(True), | ||
879 | 876 | can_force_push=Is(False)))), | ||
880 | 877 | ])) | ||
881 | 689 | 878 | ||
882 | === modified file 'lib/lp/code/model/tests/test_gitrule.py' | |||
883 | --- lib/lp/code/model/tests/test_gitrule.py 2018-10-12 16:41:14 +0000 | |||
884 | +++ lib/lp/code/model/tests/test_gitrule.py 2018-10-16 15:29:23 +0000 | |||
885 | @@ -14,17 +14,21 @@ | |||
886 | 14 | Equals, | 14 | Equals, |
887 | 15 | Is, | 15 | Is, |
888 | 16 | MatchesDict, | 16 | MatchesDict, |
889 | 17 | MatchesListwise, | ||
890 | 17 | MatchesSetwise, | 18 | MatchesSetwise, |
891 | 18 | MatchesStructure, | 19 | MatchesStructure, |
892 | 19 | ) | 20 | ) |
893 | 21 | import transaction | ||
894 | 20 | from zope.event import notify | 22 | from zope.event import notify |
895 | 21 | from zope.interface import providedBy | 23 | from zope.interface import providedBy |
896 | 24 | from zope.security.proxy import removeSecurityProxy | ||
897 | 22 | 25 | ||
898 | 23 | from lp.code.enums import ( | 26 | from lp.code.enums import ( |
899 | 24 | GitActivityType, | 27 | GitActivityType, |
900 | 25 | GitGranteeType, | 28 | GitGranteeType, |
901 | 26 | ) | 29 | ) |
902 | 27 | from lp.code.interfaces.gitrule import ( | 30 | from lp.code.interfaces.gitrule import ( |
903 | 31 | IGitNascentRuleGrant, | ||
904 | 28 | IGitRule, | 32 | IGitRule, |
905 | 29 | IGitRuleGrant, | 33 | IGitRuleGrant, |
906 | 30 | ) | 34 | ) |
907 | @@ -122,6 +126,303 @@ | |||
908 | 122 | can_push=Is(False), | 126 | can_push=Is(False), |
909 | 123 | can_force_push=Is(True)))) | 127 | can_force_push=Is(True)))) |
910 | 124 | 128 | ||
911 | 129 | def test__validateGrants_ok(self): | ||
912 | 130 | rule = self.factory.makeGitRule() | ||
913 | 131 | grants = [ | ||
914 | 132 | IGitNascentRuleGrant({ | ||
915 | 133 | "grantee_type": GitGranteeType.REPOSITORY_OWNER, | ||
916 | 134 | "can_force_push": True, | ||
917 | 135 | }), | ||
918 | 136 | ] | ||
919 | 137 | removeSecurityProxy(rule)._validateGrants(grants) | ||
920 | 138 | |||
921 | 139 | def test__validateGrants_grantee_type_person_but_no_grantee(self): | ||
922 | 140 | rule = self.factory.makeGitRule(ref_pattern="refs/heads/*") | ||
923 | 141 | grants = [ | ||
924 | 142 | IGitNascentRuleGrant({ | ||
925 | 143 | "grantee_type": GitGranteeType.PERSON, | ||
926 | 144 | "can_force_push": True, | ||
927 | 145 | }), | ||
928 | 146 | ] | ||
929 | 147 | self.assertRaisesWithContent( | ||
930 | 148 | ValueError, | ||
931 | 149 | "Permission grant for refs/heads/* has grantee_type 'Person' but " | ||
932 | 150 | "no grantee", | ||
933 | 151 | removeSecurityProxy(rule)._validateGrants, grants) | ||
934 | 152 | |||
935 | 153 | def test__validateGrants_grantee_but_wrong_grantee_type(self): | ||
936 | 154 | rule = self.factory.makeGitRule(ref_pattern="refs/heads/*") | ||
937 | 155 | grantee = self.factory.makePerson() | ||
938 | 156 | grants = [ | ||
939 | 157 | IGitNascentRuleGrant({ | ||
940 | 158 | "grantee_type": GitGranteeType.REPOSITORY_OWNER, | ||
941 | 159 | "grantee": grantee, | ||
942 | 160 | "can_force_push": True, | ||
943 | 161 | }), | ||
944 | 162 | ] | ||
945 | 163 | self.assertRaisesWithContent( | ||
946 | 164 | ValueError, | ||
947 | 165 | "Permission grant for refs/heads/* has grantee_type " | ||
948 | 166 | "'Repository owner', contradicting grantee ~%s" % grantee.name, | ||
949 | 167 | removeSecurityProxy(rule)._validateGrants, grants) | ||
950 | 168 | |||
951 | 169 | def test_setGrants_add(self): | ||
952 | 170 | owner = self.factory.makeTeam() | ||
953 | 171 | member = self.factory.makePerson(member_of=[owner]) | ||
954 | 172 | rule = self.factory.makeGitRule(owner=owner) | ||
955 | 173 | grantee = self.factory.makePerson() | ||
956 | 174 | removeSecurityProxy(rule.repository.getActivity()).remove() | ||
957 | 175 | with person_logged_in(member): | ||
958 | 176 | rule.setGrants([ | ||
959 | 177 | IGitNascentRuleGrant({ | ||
960 | 178 | "grantee_type": GitGranteeType.REPOSITORY_OWNER, | ||
961 | 179 | "can_create": True, | ||
962 | 180 | "can_force_push": True, | ||
963 | 181 | }), | ||
964 | 182 | IGitNascentRuleGrant({ | ||
965 | 183 | "grantee_type": GitGranteeType.PERSON, | ||
966 | 184 | "grantee": grantee, | ||
967 | 185 | "can_push": True, | ||
968 | 186 | }), | ||
969 | 187 | ], member) | ||
970 | 188 | self.assertThat(rule.grants, MatchesSetwise( | ||
971 | 189 | MatchesStructure( | ||
972 | 190 | rule=Equals(rule), | ||
973 | 191 | grantor=Equals(member), | ||
974 | 192 | grantee_type=Equals(GitGranteeType.REPOSITORY_OWNER), | ||
975 | 193 | grantee=Is(None), | ||
976 | 194 | can_create=Is(True), | ||
977 | 195 | can_push=Is(False), | ||
978 | 196 | can_force_push=Is(True)), | ||
979 | 197 | MatchesStructure( | ||
980 | 198 | rule=Equals(rule), | ||
981 | 199 | grantor=Equals(member), | ||
982 | 200 | grantee_type=Equals(GitGranteeType.PERSON), | ||
983 | 201 | grantee=Equals(grantee), | ||
984 | 202 | can_create=Is(False), | ||
985 | 203 | can_push=Is(True), | ||
986 | 204 | can_force_push=Is(False)))) | ||
987 | 205 | self.assertThat(list(rule.repository.getActivity()), MatchesListwise([ | ||
988 | 206 | MatchesStructure( | ||
989 | 207 | repository=Equals(rule.repository), | ||
990 | 208 | changer=Equals(member), | ||
991 | 209 | changee=Equals(grantee), | ||
992 | 210 | what_changed=Equals(GitActivityType.GRANT_ADDED), | ||
993 | 211 | old_value=Is(None), | ||
994 | 212 | new_value=MatchesDict({ | ||
995 | 213 | "changee_type": Equals("Person"), | ||
996 | 214 | "ref_pattern": Equals(rule.ref_pattern), | ||
997 | 215 | "can_create": Is(False), | ||
998 | 216 | "can_push": Is(True), | ||
999 | 217 | "can_force_push": Is(False), | ||
1000 | 218 | })), | ||
1001 | 219 | MatchesStructure( | ||
1002 | 220 | repository=Equals(rule.repository), | ||
1003 | 221 | changer=Equals(member), | ||
1004 | 222 | changee=Is(None), | ||
1005 | 223 | what_changed=Equals(GitActivityType.GRANT_ADDED), | ||
1006 | 224 | old_value=Is(None), | ||
1007 | 225 | new_value=MatchesDict({ | ||
1008 | 226 | "changee_type": Equals("Repository owner"), | ||
1009 | 227 | "ref_pattern": Equals(rule.ref_pattern), | ||
1010 | 228 | "can_create": Is(True), | ||
1011 | 229 | "can_push": Is(False), | ||
1012 | 230 | "can_force_push": Is(True), | ||
1013 | 231 | })), | ||
1014 | 232 | ])) | ||
1015 | 233 | |||
1016 | 234 | def test_setGrants_modify(self): | ||
1017 | 235 | owner = self.factory.makeTeam() | ||
1018 | 236 | members = [ | ||
1019 | 237 | self.factory.makePerson(member_of=[owner]) for _ in range(2)] | ||
1020 | 238 | rule = self.factory.makeGitRule(owner=owner) | ||
1021 | 239 | grantees = [self.factory.makePerson() for _ in range(2)] | ||
1022 | 240 | self.factory.makeGitRuleGrant( | ||
1023 | 241 | rule=rule, grantee=GitGranteeType.REPOSITORY_OWNER, | ||
1024 | 242 | grantor=members[0], can_create=True) | ||
1025 | 243 | self.factory.makeGitRuleGrant( | ||
1026 | 244 | rule=rule, grantee=grantees[0], grantor=members[0], can_push=True) | ||
1027 | 245 | self.factory.makeGitRuleGrant( | ||
1028 | 246 | rule=rule, grantee=grantees[1], grantor=members[0], | ||
1029 | 247 | can_force_push=True) | ||
1030 | 248 | date_created = get_transaction_timestamp(Store.of(rule)) | ||
1031 | 249 | transaction.commit() | ||
1032 | 250 | removeSecurityProxy(rule.repository.getActivity()).remove() | ||
1033 | 251 | with person_logged_in(members[1]): | ||
1034 | 252 | rule.setGrants([ | ||
1035 | 253 | IGitNascentRuleGrant({ | ||
1036 | 254 | "grantee_type": GitGranteeType.REPOSITORY_OWNER, | ||
1037 | 255 | "can_force_push": True, | ||
1038 | 256 | }), | ||
1039 | 257 | IGitNascentRuleGrant({ | ||
1040 | 258 | "grantee_type": GitGranteeType.PERSON, | ||
1041 | 259 | "grantee": grantees[1], | ||
1042 | 260 | "can_create": True, | ||
1043 | 261 | }), | ||
1044 | 262 | IGitNascentRuleGrant({ | ||
1045 | 263 | "grantee_type": GitGranteeType.PERSON, | ||
1046 | 264 | "grantee": grantees[0], | ||
1047 | 265 | "can_push": True, | ||
1048 | 266 | "can_force_push": True, | ||
1049 | 267 | }), | ||
1050 | 268 | ], members[1]) | ||
1051 | 269 | date_modified = get_transaction_timestamp(Store.of(rule)) | ||
1052 | 270 | self.assertThat(rule.grants, MatchesSetwise( | ||
1053 | 271 | MatchesStructure( | ||
1054 | 272 | rule=Equals(rule), | ||
1055 | 273 | grantor=Equals(members[0]), | ||
1056 | 274 | grantee_type=Equals(GitGranteeType.REPOSITORY_OWNER), | ||
1057 | 275 | grantee=Is(None), | ||
1058 | 276 | can_create=Is(False), | ||
1059 | 277 | can_push=Is(False), | ||
1060 | 278 | can_force_push=Is(True), | ||
1061 | 279 | date_created=Equals(date_created), | ||
1062 | 280 | date_last_modified=Equals(date_modified)), | ||
1063 | 281 | MatchesStructure( | ||
1064 | 282 | rule=Equals(rule), | ||
1065 | 283 | grantor=Equals(members[0]), | ||
1066 | 284 | grantee_type=Equals(GitGranteeType.PERSON), | ||
1067 | 285 | grantee=Equals(grantees[0]), | ||
1068 | 286 | can_create=Is(False), | ||
1069 | 287 | can_push=Is(True), | ||
1070 | 288 | can_force_push=Is(True), | ||
1071 | 289 | date_created=Equals(date_created), | ||
1072 | 290 | date_last_modified=Equals(date_modified)), | ||
1073 | 291 | MatchesStructure( | ||
1074 | 292 | rule=Equals(rule), | ||
1075 | 293 | grantor=Equals(members[0]), | ||
1076 | 294 | grantee_type=Equals(GitGranteeType.PERSON), | ||
1077 | 295 | grantee=Equals(grantees[1]), | ||
1078 | 296 | can_create=Is(True), | ||
1079 | 297 | can_push=Is(False), | ||
1080 | 298 | can_force_push=Is(False), | ||
1081 | 299 | date_created=Equals(date_created), | ||
1082 | 300 | date_last_modified=Equals(date_modified)))) | ||
1083 | 301 | self.assertThat(list(rule.repository.getActivity()), MatchesListwise([ | ||
1084 | 302 | MatchesStructure( | ||
1085 | 303 | repository=Equals(rule.repository), | ||
1086 | 304 | changer=Equals(members[1]), | ||
1087 | 305 | changee=Equals(grantees[0]), | ||
1088 | 306 | what_changed=Equals(GitActivityType.GRANT_CHANGED), | ||
1089 | 307 | old_value=MatchesDict({ | ||
1090 | 308 | "changee_type": Equals("Person"), | ||
1091 | 309 | "ref_pattern": Equals(rule.ref_pattern), | ||
1092 | 310 | "can_create": Is(False), | ||
1093 | 311 | "can_push": Is(True), | ||
1094 | 312 | "can_force_push": Is(False), | ||
1095 | 313 | }), | ||
1096 | 314 | new_value=MatchesDict({ | ||
1097 | 315 | "changee_type": Equals("Person"), | ||
1098 | 316 | "ref_pattern": Equals(rule.ref_pattern), | ||
1099 | 317 | "can_create": Is(False), | ||
1100 | 318 | "can_push": Is(True), | ||
1101 | 319 | "can_force_push": Is(True), | ||
1102 | 320 | })), | ||
1103 | 321 | MatchesStructure( | ||
1104 | 322 | repository=Equals(rule.repository), | ||
1105 | 323 | changer=Equals(members[1]), | ||
1106 | 324 | changee=Equals(grantees[1]), | ||
1107 | 325 | what_changed=Equals(GitActivityType.GRANT_CHANGED), | ||
1108 | 326 | old_value=MatchesDict({ | ||
1109 | 327 | "changee_type": Equals("Person"), | ||
1110 | 328 | "ref_pattern": Equals(rule.ref_pattern), | ||
1111 | 329 | "can_create": Is(False), | ||
1112 | 330 | "can_push": Is(False), | ||
1113 | 331 | "can_force_push": Is(True), | ||
1114 | 332 | }), | ||
1115 | 333 | new_value=MatchesDict({ | ||
1116 | 334 | "changee_type": Equals("Person"), | ||
1117 | 335 | "ref_pattern": Equals(rule.ref_pattern), | ||
1118 | 336 | "can_create": Is(True), | ||
1119 | 337 | "can_push": Is(False), | ||
1120 | 338 | "can_force_push": Is(False), | ||
1121 | 339 | })), | ||
1122 | 340 | MatchesStructure( | ||
1123 | 341 | repository=Equals(rule.repository), | ||
1124 | 342 | changer=Equals(members[1]), | ||
1125 | 343 | changee=Is(None), | ||
1126 | 344 | what_changed=Equals(GitActivityType.GRANT_CHANGED), | ||
1127 | 345 | old_value=MatchesDict({ | ||
1128 | 346 | "changee_type": Equals("Repository owner"), | ||
1129 | 347 | "ref_pattern": Equals(rule.ref_pattern), | ||
1130 | 348 | "can_create": Is(True), | ||
1131 | 349 | "can_push": Is(False), | ||
1132 | 350 | "can_force_push": Is(False), | ||
1133 | 351 | }), | ||
1134 | 352 | new_value=MatchesDict({ | ||
1135 | 353 | "changee_type": Equals("Repository owner"), | ||
1136 | 354 | "ref_pattern": Equals(rule.ref_pattern), | ||
1137 | 355 | "can_create": Is(False), | ||
1138 | 356 | "can_push": Is(False), | ||
1139 | 357 | "can_force_push": Is(True), | ||
1140 | 358 | })), | ||
1141 | 359 | ])) | ||
1142 | 360 | |||
1143 | 361 | def test_setGrants_remove(self): | ||
1144 | 362 | owner = self.factory.makeTeam() | ||
1145 | 363 | members = [ | ||
1146 | 364 | self.factory.makePerson(member_of=[owner]) for _ in range(2)] | ||
1147 | 365 | rule = self.factory.makeGitRule(owner=owner) | ||
1148 | 366 | grantees = [self.factory.makePerson() for _ in range(2)] | ||
1149 | 367 | self.factory.makeGitRuleGrant( | ||
1150 | 368 | rule=rule, grantee=GitGranteeType.REPOSITORY_OWNER, | ||
1151 | 369 | grantor=members[0], can_create=True) | ||
1152 | 370 | self.factory.makeGitRuleGrant( | ||
1153 | 371 | rule=rule, grantee=grantees[0], grantor=members[0], can_push=True) | ||
1154 | 372 | self.factory.makeGitRuleGrant( | ||
1155 | 373 | rule=rule, grantee=grantees[1], grantor=members[0], | ||
1156 | 374 | can_force_push=True) | ||
1157 | 375 | date_created = get_transaction_timestamp(Store.of(rule)) | ||
1158 | 376 | transaction.commit() | ||
1159 | 377 | removeSecurityProxy(rule.repository.getActivity()).remove() | ||
1160 | 378 | with person_logged_in(members[1]): | ||
1161 | 379 | rule.setGrants([ | ||
1162 | 380 | IGitNascentRuleGrant({ | ||
1163 | 381 | "grantee_type": GitGranteeType.PERSON, | ||
1164 | 382 | "grantee": grantees[0], | ||
1165 | 383 | "can_push": True, | ||
1166 | 384 | }), | ||
1167 | 385 | ], members[1]) | ||
1168 | 386 | self.assertThat(rule.grants, MatchesSetwise( | ||
1169 | 387 | MatchesStructure( | ||
1170 | 388 | rule=Equals(rule), | ||
1171 | 389 | grantor=Equals(members[0]), | ||
1172 | 390 | grantee_type=Equals(GitGranteeType.PERSON), | ||
1173 | 391 | grantee=Equals(grantees[0]), | ||
1174 | 392 | can_create=Is(False), | ||
1175 | 393 | can_push=Is(True), | ||
1176 | 394 | can_force_push=Is(False), | ||
1177 | 395 | date_created=Equals(date_created), | ||
1178 | 396 | date_last_modified=Equals(date_created)))) | ||
1179 | 397 | self.assertThat(list(rule.repository.getActivity()), MatchesSetwise( | ||
1180 | 398 | MatchesStructure( | ||
1181 | 399 | repository=Equals(rule.repository), | ||
1182 | 400 | changer=Equals(members[1]), | ||
1183 | 401 | changee=Is(None), | ||
1184 | 402 | what_changed=Equals(GitActivityType.GRANT_REMOVED), | ||
1185 | 403 | old_value=MatchesDict({ | ||
1186 | 404 | "changee_type": Equals("Repository owner"), | ||
1187 | 405 | "ref_pattern": Equals(rule.ref_pattern), | ||
1188 | 406 | "can_create": Is(True), | ||
1189 | 407 | "can_push": Is(False), | ||
1190 | 408 | "can_force_push": Is(False), | ||
1191 | 409 | }), | ||
1192 | 410 | new_value=Is(None)), | ||
1193 | 411 | MatchesStructure( | ||
1194 | 412 | repository=Equals(rule.repository), | ||
1195 | 413 | changer=Equals(members[1]), | ||
1196 | 414 | changee=Equals(grantees[1]), | ||
1197 | 415 | what_changed=Equals(GitActivityType.GRANT_REMOVED), | ||
1198 | 416 | old_value=MatchesDict({ | ||
1199 | 417 | "changee_type": Equals("Person"), | ||
1200 | 418 | "ref_pattern": Equals(rule.ref_pattern), | ||
1201 | 419 | "can_create": Is(False), | ||
1202 | 420 | "can_push": Is(False), | ||
1203 | 421 | "can_force_push": Is(True), | ||
1204 | 422 | }), | ||
1205 | 423 | new_value=Is(None)), | ||
1206 | 424 | )) | ||
1207 | 425 | |||
1208 | 125 | def test_activity_rule_added(self): | 426 | def test_activity_rule_added(self): |
1209 | 126 | owner = self.factory.makeTeam() | 427 | owner = self.factory.makeTeam() |
1210 | 127 | member = self.factory.makePerson(member_of=[owner]) | 428 | member = self.factory.makePerson(member_of=[owner]) |
1211 | 128 | 429 | ||
1212 | === modified file 'lib/lp/services/fields/__init__.py' | |||
1213 | --- lib/lp/services/fields/__init__.py 2015-09-28 17:38:45 +0000 | |||
1214 | +++ lib/lp/services/fields/__init__.py 2018-10-16 15:29:23 +0000 | |||
1215 | @@ -1,10 +1,9 @@ | |||
1217 | 1 | # Copyright 2009-2012 Canonical Ltd. This software is licensed under the | 1 | # Copyright 2009-2018 Canonical Ltd. This software is licensed under the |
1218 | 2 | # GNU Affero General Public License version 3 (see the file LICENSE). | 2 | # GNU Affero General Public License version 3 (see the file LICENSE). |
1219 | 3 | 3 | ||
1220 | 4 | __metaclass__ = type | 4 | __metaclass__ = type |
1221 | 5 | __all__ = [ | 5 | __all__ = [ |
1222 | 6 | 'AnnouncementDate', | 6 | 'AnnouncementDate', |
1223 | 7 | 'FormattableDate', | ||
1224 | 8 | 'BaseImageUpload', | 7 | 'BaseImageUpload', |
1225 | 9 | 'BlacklistableContentNameField', | 8 | 'BlacklistableContentNameField', |
1226 | 10 | 'BugField', | 9 | 'BugField', |
1227 | @@ -13,10 +12,12 @@ | |||
1228 | 13 | 'Datetime', | 12 | 'Datetime', |
1229 | 14 | 'DuplicateBug', | 13 | 'DuplicateBug', |
1230 | 15 | 'FieldNotBoundError', | 14 | 'FieldNotBoundError', |
1231 | 15 | 'FormattableDate', | ||
1232 | 16 | 'IAnnouncementDate', | 16 | 'IAnnouncementDate', |
1233 | 17 | 'IBaseImageUpload', | 17 | 'IBaseImageUpload', |
1234 | 18 | 'IBugField', | 18 | 'IBugField', |
1235 | 19 | 'IDescription', | 19 | 'IDescription', |
1236 | 20 | 'IInlineObject', | ||
1237 | 20 | 'INoneableTextLine', | 21 | 'INoneableTextLine', |
1238 | 21 | 'IPersonChoice', | 22 | 'IPersonChoice', |
1239 | 22 | 'IStrippedTextLine', | 23 | 'IStrippedTextLine', |
1240 | @@ -26,6 +27,7 @@ | |||
1241 | 26 | 'IURIField', | 27 | 'IURIField', |
1242 | 27 | 'IWhiteboard', | 28 | 'IWhiteboard', |
1243 | 28 | 'IconImageUpload', | 29 | 'IconImageUpload', |
1244 | 30 | 'InlineObject', | ||
1245 | 29 | 'KEEP_SAME_IMAGE', | 31 | 'KEEP_SAME_IMAGE', |
1246 | 30 | 'LogoImageUpload', | 32 | 'LogoImageUpload', |
1247 | 31 | 'MugshotImageUpload', | 33 | 'MugshotImageUpload', |
1248 | @@ -71,6 +73,7 @@ | |||
1249 | 71 | Date, | 73 | Date, |
1250 | 72 | Datetime, | 74 | Datetime, |
1251 | 73 | Int, | 75 | Int, |
1252 | 76 | Object, | ||
1253 | 74 | Text, | 77 | Text, |
1254 | 75 | TextLine, | 78 | TextLine, |
1255 | 76 | Tuple, | 79 | Tuple, |
1256 | @@ -909,3 +912,12 @@ | |||
1257 | 909 | "for the target '%s'." % \ | 912 | "for the target '%s'." % \ |
1258 | 910 | (milestone_name, target.name)) | 913 | (milestone_name, target.name)) |
1259 | 911 | return milestone | 914 | return milestone |
1260 | 915 | |||
1261 | 916 | |||
1262 | 917 | class IInlineObject(IObject): | ||
1263 | 918 | """A marker for an object represented as a dict.""" | ||
1264 | 919 | |||
1265 | 920 | |||
1266 | 921 | @implementer(IInlineObject) | ||
1267 | 922 | class InlineObject(Object): | ||
1268 | 923 | """An object that is represented as a dict rather than a URL reference.""" | ||
1269 | 912 | 924 | ||
1270 | === modified file 'lib/lp/services/webservice/configure.zcml' | |||
1271 | --- lib/lp/services/webservice/configure.zcml 2015-04-28 15:22:46 +0000 | |||
1272 | +++ lib/lp/services/webservice/configure.zcml 2018-10-16 15:29:23 +0000 | |||
1273 | @@ -1,4 +1,4 @@ | |||
1275 | 1 | <!-- Copyright 2011 Canonical Ltd. This software is licensed under the | 1 | <!-- Copyright 2011-2018 Canonical Ltd. This software is licensed under the |
1276 | 2 | GNU Affero General Public License version 3 (see the file LICENSE). | 2 | GNU Affero General Public License version 3 (see the file LICENSE). |
1277 | 3 | --> | 3 | --> |
1278 | 4 | 4 | ||
1279 | @@ -84,6 +84,12 @@ | |||
1280 | 84 | provides="lazr.restful.interfaces.IFieldMarshaller" | 84 | provides="lazr.restful.interfaces.IFieldMarshaller" |
1281 | 85 | factory="lazr.restful.marshallers.ObjectLookupFieldMarshaller" | 85 | factory="lazr.restful.marshallers.ObjectLookupFieldMarshaller" |
1282 | 86 | /> | 86 | /> |
1283 | 87 | <adapter | ||
1284 | 88 | for="lp.services.fields.IInlineObject | ||
1285 | 89 | zope.publisher.interfaces.http.IHTTPRequest" | ||
1286 | 90 | provides="lazr.restful.interfaces.IFieldMarshaller" | ||
1287 | 91 | factory="lp.app.webservice.marshallers.InlineObjectFieldMarshaller" | ||
1288 | 92 | /> | ||
1289 | 87 | 93 | ||
1290 | 88 | <!-- The API documentation --> | 94 | <!-- The API documentation --> |
1291 | 89 | <browser:page | 95 | <browser:page |
I've applied most of your suggestions; thanks.