Merge lp:~cjwatson/launchpad/git-permissions-webservice-ref into lp:launchpad
- git-permissions-webservice-ref
- Merge into devel
Proposed by
Colin Watson
| Status: | Merged | ||||
|---|---|---|---|---|---|
| Merged at revision: | 18798 | ||||
| Proposed branch: | lp:~cjwatson/launchpad/git-permissions-webservice-ref | ||||
| Merge into: | lp:launchpad | ||||
| Prerequisite: | lp:~cjwatson/launchpad/git-grant-limitedview | ||||
| Diff against target: |
1291 lines (+875/-24) 12 files modified
lib/lp/_schema_circular_imports.py (+4/-0) lib/lp/app/webservice/marshallers.py (+62/-2) lib/lp/app/webservice/tests/test_marshallers.py (+77/-3) lib/lp/code/configure.zcml (+21/-4) lib/lp/code/interfaces/gitref.py (+41/-8) lib/lp/code/interfaces/gitrule.py (+26/-0) lib/lp/code/model/gitref.py (+32/-1) lib/lp/code/model/gitrule.py (+101/-3) lib/lp/code/model/tests/test_gitref.py (+189/-0) lib/lp/code/model/tests/test_gitrule.py (+301/-0) lib/lp/services/fields/__init__.py (+14/-2) lib/lp/services/webservice/configure.zcml (+7/-1) |
||||
| To merge this branch: | bzr merge lp:~cjwatson/launchpad/git-permissions-webservice-ref | ||||
| Related bugs: |
|
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| William Grant | code | Approve | |
|
Review via email:
|
|||
Commit message
Allow getting and setting grants for a single Git ref over the webservice.
Description of the change
Getting permissions is limited to people who can edit the repository; this is perhaps not a strictly necessary restriction, but it avoids needing to grant excessive LimitedView if somebody grants a private team access to a public repository.
To post a comment you must log in.
Revision history for this message
| William Grant (wgrant) : | # |
review:
Approve
(code)
Revision history for this message
| Colin Watson (cjwatson) wrote : | # |
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
| 1 | === modified file 'lib/lp/_schema_circular_imports.py' | |||
| 2 | --- lib/lp/_schema_circular_imports.py 2018-08-23 17:03:05 +0000 | |||
| 3 | +++ lib/lp/_schema_circular_imports.py 2018-10-16 15:29:23 +0000 | |||
| 4 | @@ -68,6 +68,7 @@ | |||
| 5 | 68 | from lp.code.interfaces.diff import IPreviewDiff | 68 | from lp.code.interfaces.diff import IPreviewDiff |
| 6 | 69 | from lp.code.interfaces.gitref import IGitRef | 69 | from lp.code.interfaces.gitref import IGitRef |
| 7 | 70 | from lp.code.interfaces.gitrepository import IGitRepository | 70 | from lp.code.interfaces.gitrepository import IGitRepository |
| 8 | 71 | from lp.code.interfaces.gitrule import IGitNascentRuleGrant | ||
| 9 | 71 | from lp.code.interfaces.gitsubscription import IGitSubscription | 72 | from lp.code.interfaces.gitsubscription import IGitSubscription |
| 10 | 72 | from lp.code.interfaces.hasbranches import ( | 73 | from lp.code.interfaces.hasbranches import ( |
| 11 | 73 | IHasBranches, | 74 | IHasBranches, |
| 12 | @@ -150,6 +151,7 @@ | |||
| 13 | 150 | from lp.registry.interfaces.teammembership import ITeamMembership | 151 | from lp.registry.interfaces.teammembership import ITeamMembership |
| 14 | 151 | from lp.registry.interfaces.wikiname import IWikiName | 152 | from lp.registry.interfaces.wikiname import IWikiName |
| 15 | 152 | from lp.services.comments.interfaces.conversation import IComment | 153 | from lp.services.comments.interfaces.conversation import IComment |
| 16 | 154 | from lp.services.fields import InlineObject | ||
| 17 | 153 | from lp.services.messages.interfaces.message import ( | 155 | from lp.services.messages.interfaces.message import ( |
| 18 | 154 | IIndexedMessage, | 156 | IIndexedMessage, |
| 19 | 155 | IMessage, | 157 | IMessage, |
| 20 | @@ -506,6 +508,8 @@ | |||
| 21 | 506 | patch_entry_return_type(IGitRef, 'createMergeProposal', IBranchMergeProposal) | 508 | patch_entry_return_type(IGitRef, 'createMergeProposal', IBranchMergeProposal) |
| 22 | 507 | patch_collection_return_type( | 509 | patch_collection_return_type( |
| 23 | 508 | IGitRef, 'getMergeProposals', IBranchMergeProposal) | 510 | IGitRef, 'getMergeProposals', IBranchMergeProposal) |
| 24 | 511 | patch_list_parameter_type( | ||
| 25 | 512 | IGitRef, 'setGrants', 'grants', InlineObject(schema=IGitNascentRuleGrant)) | ||
| 26 | 509 | 513 | ||
| 27 | 510 | # IGitRepository | 514 | # IGitRepository |
| 28 | 511 | patch_collection_property(IGitRepository, 'branches', IGitRef) | 515 | patch_collection_property(IGitRepository, 'branches', IGitRef) |
| 29 | 512 | 516 | ||
| 30 | === modified file 'lib/lp/app/webservice/marshallers.py' | |||
| 31 | --- lib/lp/app/webservice/marshallers.py 2012-01-01 02:58:52 +0000 | |||
| 32 | +++ lib/lp/app/webservice/marshallers.py 2018-10-16 15:29:23 +0000 | |||
| 33 | @@ -1,4 +1,4 @@ | |||
| 35 | 1 | # Copyright 2011 Canonical Ltd. This software is licensed under the | 1 | # Copyright 2011-2018 Canonical Ltd. This software is licensed under the |
| 36 | 2 | # GNU Affero General Public License version 3 (see the file LICENSE). | 2 | # GNU Affero General Public License version 3 (see the file LICENSE). |
| 37 | 3 | 3 | ||
| 38 | 4 | """Launchpad-specific field marshallers for the web service.""" | 4 | """Launchpad-specific field marshallers for the web service.""" |
| 39 | @@ -10,10 +10,23 @@ | |||
| 40 | 10 | ] | 10 | ] |
| 41 | 11 | 11 | ||
| 42 | 12 | 12 | ||
| 43 | 13 | from lazr.restful.interfaces import ( | ||
| 44 | 14 | IEntry, | ||
| 45 | 15 | IFieldMarshaller, | ||
| 46 | 16 | ) | ||
| 47 | 13 | from lazr.restful.marshallers import ( | 17 | from lazr.restful.marshallers import ( |
| 48 | 18 | SimpleFieldMarshaller, | ||
| 49 | 14 | TextFieldMarshaller as LazrTextFieldMarshaller, | 19 | TextFieldMarshaller as LazrTextFieldMarshaller, |
| 50 | 15 | ) | 20 | ) |
| 52 | 16 | from zope.component import getUtility | 21 | from zope.component import ( |
| 53 | 22 | getMultiAdapter, | ||
| 54 | 23 | getUtility, | ||
| 55 | 24 | ) | ||
| 56 | 25 | from zope.component.interfaces import ComponentLookupError | ||
| 57 | 26 | from zope.schema.interfaces import ( | ||
| 58 | 27 | IField, | ||
| 59 | 28 | RequiredMissing, | ||
| 60 | 29 | ) | ||
| 61 | 17 | 30 | ||
| 62 | 18 | from lp.services.utils import obfuscate_email | 31 | from lp.services.utils import obfuscate_email |
| 63 | 19 | from lp.services.webapp.interfaces import ILaunchBag | 32 | from lp.services.webapp.interfaces import ILaunchBag |
| 64 | @@ -31,3 +44,50 @@ | |||
| 65 | 31 | if (value is not None and getUtility(ILaunchBag).user is None): | 44 | if (value is not None and getUtility(ILaunchBag).user is None): |
| 66 | 32 | return obfuscate_email(value) | 45 | return obfuscate_email(value) |
| 67 | 33 | return value | 46 | return value |
| 68 | 47 | |||
| 69 | 48 | |||
| 70 | 49 | class InlineObjectFieldMarshaller(SimpleFieldMarshaller): | ||
| 71 | 50 | """A marshaller that represents an object as a dict. | ||
| 72 | 51 | |||
| 73 | 52 | lazr.restful represents objects as URL references by default, but that | ||
| 74 | 53 | isn't what we want in all cases. | ||
| 75 | 54 | |||
| 76 | 55 | To use this marshaller to read JSON input data, you must register an | ||
| 77 | 56 | adapter from the expected top-level type of the loaded JSON data | ||
| 78 | 57 | (usually `dict`) to the `InlineObject` field's schema. The adapter will | ||
| 79 | 58 | be called with the deserialised input data, with all inner fields | ||
| 80 | 59 | already converted as indicated by the schema. | ||
| 81 | 60 | """ | ||
| 82 | 61 | |||
| 83 | 62 | def unmarshall(self, entry, value): | ||
| 84 | 63 | """See `IFieldMarshaller`.""" | ||
| 85 | 64 | result = {} | ||
| 86 | 65 | for name in self.field.schema.names(all=True): | ||
| 87 | 66 | field = self.field.schema[name] | ||
| 88 | 67 | if IField.providedBy(field): | ||
| 89 | 68 | marshaller = getMultiAdapter( | ||
| 90 | 69 | (field, self.request), IFieldMarshaller) | ||
| 91 | 70 | sub_value = getattr(value, name, field.default) | ||
| 92 | 71 | try: | ||
| 93 | 72 | sub_entry = getMultiAdapter( | ||
| 94 | 73 | (sub_value, self.request), IEntry) | ||
| 95 | 74 | except ComponentLookupError: | ||
| 96 | 75 | sub_entry = entry | ||
| 97 | 76 | result[marshaller.representation_name] = marshaller.unmarshall( | ||
| 98 | 77 | sub_entry, sub_value) | ||
| 99 | 78 | return result | ||
| 100 | 79 | |||
| 101 | 80 | def _marshall_from_json_data(self, value): | ||
| 102 | 81 | """See `SimpleFieldMarshaller`.""" | ||
| 103 | 82 | template = {} | ||
| 104 | 83 | for name in self.field.schema.names(all=True): | ||
| 105 | 84 | field = self.field.schema[name] | ||
| 106 | 85 | if IField.providedBy(field): | ||
| 107 | 86 | marshaller = getMultiAdapter( | ||
| 108 | 87 | (field, self.request), IFieldMarshaller) | ||
| 109 | 88 | if marshaller.representation_name in value: | ||
| 110 | 89 | template[name] = marshaller.marshall_from_json_data( | ||
| 111 | 90 | value[marshaller.representation_name]) | ||
| 112 | 91 | elif field.required: | ||
| 113 | 92 | raise RequiredMissing(name) | ||
| 114 | 93 | return self.field.schema(template) | ||
| 115 | 34 | 94 | ||
| 116 | === modified file 'lib/lp/app/webservice/tests/test_marshallers.py' | |||
| 117 | --- lib/lp/app/webservice/tests/test_marshallers.py 2012-01-01 02:58:52 +0000 | |||
| 118 | +++ lib/lp/app/webservice/tests/test_marshallers.py 2018-10-16 15:29:23 +0000 | |||
| 119 | @@ -1,19 +1,40 @@ | |||
| 121 | 1 | # Copyright 2011 Canonical Ltd. This software is licensed under the | 1 | # Copyright 2011-2018 Canonical Ltd. This software is licensed under the |
| 122 | 2 | # GNU Affero General Public License version 3 (see the file LICENSE). | 2 | # GNU Affero General Public License version 3 (see the file LICENSE). |
| 123 | 3 | 3 | ||
| 124 | 4 | """Tests for the webservice marshallers.""" | 4 | """Tests for the webservice marshallers.""" |
| 125 | 5 | 5 | ||
| 126 | 6 | __metaclass__ = type | 6 | __metaclass__ = type |
| 127 | 7 | 7 | ||
| 128 | 8 | from testtools.matchers import ( | ||
| 129 | 9 | Equals, | ||
| 130 | 10 | MatchesDict, | ||
| 131 | 11 | MatchesStructure, | ||
| 132 | 12 | ) | ||
| 133 | 8 | import transaction | 13 | import transaction |
| 134 | 14 | from zope.component import adapter | ||
| 135 | 15 | from zope.interface import ( | ||
| 136 | 16 | implementer, | ||
| 137 | 17 | Interface, | ||
| 138 | 18 | ) | ||
| 139 | 19 | from zope.schema import Choice | ||
| 140 | 9 | 20 | ||
| 142 | 10 | from lp.app.webservice.marshallers import TextFieldMarshaller | 21 | from lp.app.webservice.marshallers import ( |
| 143 | 22 | InlineObjectFieldMarshaller, | ||
| 144 | 23 | TextFieldMarshaller, | ||
| 145 | 24 | ) | ||
| 146 | 25 | from lp.services.fields import ( | ||
| 147 | 26 | InlineObject, | ||
| 148 | 27 | PersonChoice, | ||
| 149 | 28 | ) | ||
| 150 | 29 | from lp.services.job.interfaces.job import JobStatus | ||
| 151 | 30 | from lp.services.webapp.publisher import canonical_url | ||
| 152 | 11 | from lp.services.webapp.servers import WebServiceTestRequest | 31 | from lp.services.webapp.servers import WebServiceTestRequest |
| 153 | 12 | from lp.testing import ( | 32 | from lp.testing import ( |
| 154 | 13 | logout, | 33 | logout, |
| 155 | 14 | person_logged_in, | 34 | person_logged_in, |
| 156 | 15 | TestCaseWithFactory, | 35 | TestCaseWithFactory, |
| 157 | 16 | ) | 36 | ) |
| 158 | 37 | from lp.testing.fixture import ZopeAdapterFixture | ||
| 159 | 17 | from lp.testing.layers import DatabaseFunctionalLayer | 38 | from lp.testing.layers import DatabaseFunctionalLayer |
| 160 | 18 | from lp.testing.pages import ( | 39 | from lp.testing.pages import ( |
| 161 | 19 | LaunchpadWebServiceCaller, | 40 | LaunchpadWebServiceCaller, |
| 162 | @@ -37,7 +58,7 @@ | |||
| 163 | 37 | self.assertEqual(u"<email address hidden>", result) | 58 | self.assertEqual(u"<email address hidden>", result) |
| 164 | 38 | 59 | ||
| 165 | 39 | def test_unmarshall_not_obfuscated(self): | 60 | def test_unmarshall_not_obfuscated(self): |
| 167 | 40 | # Data is not obfuccated if the user is authenticated. | 61 | # Data is not obfuscated if the user is authenticated. |
| 168 | 41 | marshaller = TextFieldMarshaller(None, WebServiceTestRequest()) | 62 | marshaller = TextFieldMarshaller(None, WebServiceTestRequest()) |
| 169 | 42 | with person_logged_in(self.factory.makePerson()): | 63 | with person_logged_in(self.factory.makePerson()): |
| 170 | 43 | result = marshaller.unmarshall(None, u"foo@example.com") | 64 | result = marshaller.unmarshall(None, u"foo@example.com") |
| 171 | @@ -128,3 +149,56 @@ | |||
| 172 | 128 | webservice = LaunchpadWebServiceCaller() | 149 | webservice = LaunchpadWebServiceCaller() |
| 173 | 129 | etag_logged_out = webservice(ws_url(bug)).getheader('etag') | 150 | etag_logged_out = webservice(ws_url(bug)).getheader('etag') |
| 174 | 130 | self.assertNotEqual(etag_logged_in, etag_logged_out) | 151 | self.assertNotEqual(etag_logged_in, etag_logged_out) |
| 175 | 152 | |||
| 176 | 153 | |||
| 177 | 154 | class IInlineExample(Interface): | ||
| 178 | 155 | |||
| 179 | 156 | person = PersonChoice(vocabulary="ValidPersonOrTeam") | ||
| 180 | 157 | |||
| 181 | 158 | status = Choice(vocabulary=JobStatus) | ||
| 182 | 159 | |||
| 183 | 160 | |||
| 184 | 161 | @implementer(IInlineExample) | ||
| 185 | 162 | class InlineExample: | ||
| 186 | 163 | |||
| 187 | 164 | def __init__(self, person, status): | ||
| 188 | 165 | self.person = person | ||
| 189 | 166 | self.status = status | ||
| 190 | 167 | |||
| 191 | 168 | |||
| 192 | 169 | @adapter(dict) | ||
| 193 | 170 | @implementer(IInlineExample) | ||
| 194 | 171 | def inline_example_from_dict(template): | ||
| 195 | 172 | return InlineExample(**template) | ||
| 196 | 173 | |||
| 197 | 174 | |||
| 198 | 175 | class TestInlineObjectFieldMarshaller(TestCaseWithFactory): | ||
| 199 | 176 | |||
| 200 | 177 | layer = DatabaseFunctionalLayer | ||
| 201 | 178 | |||
| 202 | 179 | def test_unmarshall(self): | ||
| 203 | 180 | field = InlineObject(schema=IInlineExample) | ||
| 204 | 181 | request = WebServiceTestRequest() | ||
| 205 | 182 | request.setVirtualHostRoot(names=["devel"]) | ||
| 206 | 183 | marshaller = InlineObjectFieldMarshaller(field, request) | ||
| 207 | 184 | obj = InlineExample(self.factory.makePerson(), JobStatus.WAITING) | ||
| 208 | 185 | result = marshaller.unmarshall(None, obj) | ||
| 209 | 186 | self.assertThat(result, MatchesDict({ | ||
| 210 | 187 | "person_link": Equals(canonical_url(obj.person, request=request)), | ||
| 211 | 188 | "status": Equals("Waiting"), | ||
| 212 | 189 | })) | ||
| 213 | 190 | |||
| 214 | 191 | def test_marshall_from_json_data(self): | ||
| 215 | 192 | self.useFixture(ZopeAdapterFixture(inline_example_from_dict)) | ||
| 216 | 193 | field = InlineObject(schema=IInlineExample) | ||
| 217 | 194 | request = WebServiceTestRequest() | ||
| 218 | 195 | request.setVirtualHostRoot(names=["devel"]) | ||
| 219 | 196 | marshaller = InlineObjectFieldMarshaller(field, request) | ||
| 220 | 197 | person = self.factory.makePerson() | ||
| 221 | 198 | data = { | ||
| 222 | 199 | "person_link": canonical_url(person, request=request), | ||
| 223 | 200 | "status": "Running", | ||
| 224 | 201 | } | ||
| 225 | 202 | obj = marshaller.marshall_from_json_data(data) | ||
| 226 | 203 | self.assertThat(obj, MatchesStructure.byEquality( | ||
| 227 | 204 | person=person, status=JobStatus.RUNNING)) | ||
| 228 | 131 | 205 | ||
| 229 | === modified file 'lib/lp/code/configure.zcml' | |||
| 230 | --- lib/lp/code/configure.zcml 2018-10-15 14:44:25 +0000 | |||
| 231 | +++ lib/lp/code/configure.zcml 2018-10-16 15:29:23 +0000 | |||
| 232 | @@ -896,22 +896,34 @@ | |||
| 233 | 896 | <class class="lp.code.model.gitref.GitRef"> | 896 | <class class="lp.code.model.gitref.GitRef"> |
| 234 | 897 | <require | 897 | <require |
| 235 | 898 | permission="launchpad.View" | 898 | permission="launchpad.View" |
| 237 | 899 | interface="lp.code.interfaces.gitref.IGitRef" /> | 899 | interface="lp.code.interfaces.gitref.IGitRefView" /> |
| 238 | 900 | <require | ||
| 239 | 901 | permission="launchpad.Edit" | ||
| 240 | 902 | interface="lp.code.interfaces.gitref.IGitRefEdit" /> | ||
| 241 | 900 | </class> | 903 | </class> |
| 242 | 901 | <class class="lp.code.model.gitref.GitRefDefault"> | 904 | <class class="lp.code.model.gitref.GitRefDefault"> |
| 243 | 902 | <require | 905 | <require |
| 244 | 903 | permission="launchpad.View" | 906 | permission="launchpad.View" |
| 246 | 904 | interface="lp.code.interfaces.gitref.IGitRef" /> | 907 | interface="lp.code.interfaces.gitref.IGitRefView" /> |
| 247 | 908 | <require | ||
| 248 | 909 | permission="launchpad.Edit" | ||
| 249 | 910 | interface="lp.code.interfaces.gitref.IGitRefEdit" /> | ||
| 250 | 905 | </class> | 911 | </class> |
| 251 | 906 | <class class="lp.code.model.gitref.GitRefFrozen"> | 912 | <class class="lp.code.model.gitref.GitRefFrozen"> |
| 252 | 907 | <require | 913 | <require |
| 253 | 908 | permission="launchpad.View" | 914 | permission="launchpad.View" |
| 255 | 909 | interface="lp.code.interfaces.gitref.IGitRef" /> | 915 | interface="lp.code.interfaces.gitref.IGitRefView" /> |
| 256 | 916 | <require | ||
| 257 | 917 | permission="launchpad.Edit" | ||
| 258 | 918 | interface="lp.code.interfaces.gitref.IGitRefEdit" /> | ||
| 259 | 910 | </class> | 919 | </class> |
| 260 | 911 | <class class="lp.code.model.gitref.GitRefRemote"> | 920 | <class class="lp.code.model.gitref.GitRefRemote"> |
| 261 | 912 | <require | 921 | <require |
| 262 | 913 | permission="launchpad.View" | 922 | permission="launchpad.View" |
| 264 | 914 | interface="lp.code.interfaces.gitref.IGitRef" /> | 923 | interface="lp.code.interfaces.gitref.IGitRefView" /> |
| 265 | 924 | <require | ||
| 266 | 925 | permission="launchpad.Edit" | ||
| 267 | 926 | interface="lp.code.interfaces.gitref.IGitRefEdit" /> | ||
| 268 | 915 | </class> | 927 | </class> |
| 269 | 916 | <securedutility | 928 | <securedutility |
| 270 | 917 | component="lp.code.model.gitref.GitRefRemote" | 929 | component="lp.code.model.gitref.GitRefRemote" |
| 271 | @@ -943,10 +955,15 @@ | |||
| 272 | 943 | permission="launchpad.Edit" | 955 | permission="launchpad.Edit" |
| 273 | 944 | interface="lp.code.interfaces.gitrule.IGitRuleGrantEdit" | 956 | interface="lp.code.interfaces.gitrule.IGitRuleGrantEdit" |
| 274 | 945 | set_schema="lp.code.interfaces.gitrule.IGitRuleGrantEditableAttributes" /> | 957 | set_schema="lp.code.interfaces.gitrule.IGitRuleGrantEditableAttributes" /> |
| 275 | 958 | <allow interface="lazr.restful.interfaces.IJSONPublishable" /> | ||
| 276 | 946 | </class> | 959 | </class> |
| 277 | 947 | <subscriber | 960 | <subscriber |
| 278 | 948 | for="lp.code.interfaces.gitrule.IGitRuleGrant zope.lifecycleevent.interfaces.IObjectModifiedEvent" | 961 | for="lp.code.interfaces.gitrule.IGitRuleGrant zope.lifecycleevent.interfaces.IObjectModifiedEvent" |
| 279 | 949 | handler="lp.code.model.gitrule.git_rule_grant_modified"/> | 962 | handler="lp.code.model.gitrule.git_rule_grant_modified"/> |
| 280 | 963 | <class class="lp.code.model.gitrule.GitNascentRuleGrant"> | ||
| 281 | 964 | <allow interface="lp.code.interfaces.gitrule.IGitNascentRuleGrant" /> | ||
| 282 | 965 | </class> | ||
| 283 | 966 | <adapter factory="lp.code.model.gitrule.nascent_rule_grant_from_dict" /> | ||
| 284 | 950 | 967 | ||
| 285 | 951 | <!-- GitActivity --> | 968 | <!-- GitActivity --> |
| 286 | 952 | 969 | ||
| 287 | 953 | 970 | ||
| 288 | === modified file 'lib/lp/code/interfaces/gitref.py' | |||
| 289 | --- lib/lp/code/interfaces/gitref.py 2018-08-20 23:33:01 +0000 | |||
| 290 | +++ lib/lp/code/interfaces/gitref.py 2018-10-16 15:29:23 +0000 | |||
| 291 | @@ -16,6 +16,7 @@ | |||
| 292 | 16 | export_as_webservice_entry, | 16 | export_as_webservice_entry, |
| 293 | 17 | export_factory_operation, | 17 | export_factory_operation, |
| 294 | 18 | export_read_operation, | 18 | export_read_operation, |
| 295 | 19 | export_write_operation, | ||
| 296 | 19 | exported, | 20 | exported, |
| 297 | 20 | operation_for_version, | 21 | operation_for_version, |
| 298 | 21 | operation_parameters, | 22 | operation_parameters, |
| 299 | @@ -50,16 +51,12 @@ | |||
| 300 | 50 | from lp.code.interfaces.hasbranches import IHasMergeProposals | 51 | from lp.code.interfaces.hasbranches import IHasMergeProposals |
| 301 | 51 | from lp.code.interfaces.hasrecipes import IHasRecipes | 52 | from lp.code.interfaces.hasrecipes import IHasRecipes |
| 302 | 52 | from lp.registry.interfaces.person import IPerson | 53 | from lp.registry.interfaces.person import IPerson |
| 303 | 54 | from lp.services.fields import InlineObject | ||
| 304 | 53 | from lp.services.webapp.interfaces import ITableBatchNavigator | 55 | from lp.services.webapp.interfaces import ITableBatchNavigator |
| 305 | 54 | 56 | ||
| 306 | 55 | 57 | ||
| 314 | 56 | class IGitRef(IHasMergeProposals, IHasRecipes, IPrivacy, IInformationType): | 58 | class IGitRefView(IHasMergeProposals, IHasRecipes, IPrivacy, IInformationType): |
| 315 | 57 | """A reference in a Git repository.""" | 59 | """IGitRef attributes that require launchpad.View permission.""" |
| 309 | 58 | |||
| 310 | 59 | # XXX cjwatson 2015-01-19 bug=760849: "beta" is a lie to get WADL | ||
| 311 | 60 | # generation working. Individual attributes must set their version to | ||
| 312 | 61 | # "devel". | ||
| 313 | 62 | export_as_webservice_entry(as_of="beta") | ||
| 316 | 63 | 60 | ||
| 317 | 64 | repository = exported(ReferenceChoice( | 61 | repository = exported(ReferenceChoice( |
| 318 | 65 | title=_("Repository"), required=True, readonly=True, | 62 | title=_("Repository"), required=True, readonly=True, |
| 319 | @@ -119,7 +116,7 @@ | |||
| 320 | 119 | 116 | ||
| 321 | 120 | commit_message_first_line = TextLine( | 117 | commit_message_first_line = TextLine( |
| 322 | 121 | title=_("The first line of the commit message."), | 118 | title=_("The first line of the commit message."), |
| 324 | 122 | required=True, readonly=True) | 119 | required=False, readonly=True) |
| 325 | 123 | 120 | ||
| 326 | 124 | identity = Attribute( | 121 | identity = Attribute( |
| 327 | 125 | "The identity of this reference. This will be the shortened path to " | 122 | "The identity of this reference. This will be the shortened path to " |
| 328 | @@ -392,6 +389,42 @@ | |||
| 329 | 392 | """ | 389 | """ |
| 330 | 393 | 390 | ||
| 331 | 394 | 391 | ||
| 332 | 392 | class IGitRefEdit(Interface): | ||
| 333 | 393 | """IGitRef methods that require launchpad.Edit permission.""" | ||
| 334 | 394 | |||
| 335 | 395 | @export_read_operation() | ||
| 336 | 396 | @operation_for_version("devel") | ||
| 337 | 397 | def getGrants(): | ||
| 338 | 398 | """Get the access grants specific to this reference. | ||
| 339 | 399 | |||
| 340 | 400 | Other grants may apply via wildcard rules. | ||
| 341 | 401 | """ | ||
| 342 | 402 | |||
| 343 | 403 | @operation_parameters( | ||
| 344 | 404 | grants=List( | ||
| 345 | 405 | title=_("Grants"), | ||
| 346 | 406 | # Really IGitNascentRuleGrant, patched in | ||
| 347 | 407 | # _schema_circular_imports.py. | ||
| 348 | 408 | value_type=InlineObject(schema=Interface))) | ||
| 349 | 409 | @call_with(user=REQUEST_USER) | ||
| 350 | 410 | @export_write_operation() | ||
| 351 | 411 | @operation_for_version("devel") | ||
| 352 | 412 | def setGrants(grants, user): | ||
| 353 | 413 | """Set the access grants specific to this reference. | ||
| 354 | 414 | |||
| 355 | 415 | Other grants may apply via wildcard rules. | ||
| 356 | 416 | """ | ||
| 357 | 417 | |||
| 358 | 418 | |||
| 359 | 419 | class IGitRef(IGitRefView, IGitRefEdit): | ||
| 360 | 420 | """A reference in a Git repository.""" | ||
| 361 | 421 | |||
| 362 | 422 | # XXX cjwatson 2015-01-19 bug=760849: "beta" is a lie to get WADL | ||
| 363 | 423 | # generation working. Individual attributes must set their version to | ||
| 364 | 424 | # "devel". | ||
| 365 | 425 | export_as_webservice_entry(as_of="beta") | ||
| 366 | 426 | |||
| 367 | 427 | |||
| 368 | 395 | class IGitRefBatchNavigator(ITableBatchNavigator): | 428 | class IGitRefBatchNavigator(ITableBatchNavigator): |
| 369 | 396 | pass | 429 | pass |
| 370 | 397 | 430 | ||
| 371 | 398 | 431 | ||
| 372 | === modified file 'lib/lp/code/interfaces/gitrule.py' | |||
| 373 | --- lib/lp/code/interfaces/gitrule.py 2018-10-12 16:41:14 +0000 | |||
| 374 | +++ lib/lp/code/interfaces/gitrule.py 2018-10-16 15:29:23 +0000 | |||
| 375 | @@ -7,11 +7,13 @@ | |||
| 376 | 7 | 7 | ||
| 377 | 8 | __metaclass__ = type | 8 | __metaclass__ = type |
| 378 | 9 | __all__ = [ | 9 | __all__ = [ |
| 379 | 10 | 'IGitNascentRuleGrant', | ||
| 380 | 10 | 'IGitRule', | 11 | 'IGitRule', |
| 381 | 11 | 'IGitRuleGrant', | 12 | 'IGitRuleGrant', |
| 382 | 12 | ] | 13 | ] |
| 383 | 13 | 14 | ||
| 384 | 14 | from lazr.restful.fields import Reference | 15 | from lazr.restful.fields import Reference |
| 385 | 16 | from lazr.restful.interface import copy_field | ||
| 386 | 15 | from zope.interface import ( | 17 | from zope.interface import ( |
| 387 | 16 | Attribute, | 18 | Attribute, |
| 388 | 17 | Interface, | 19 | Interface, |
| 389 | @@ -100,6 +102,9 @@ | |||
| 390 | 100 | matching this rule. | 102 | matching this rule. |
| 391 | 101 | """ | 103 | """ |
| 392 | 102 | 104 | ||
| 393 | 105 | def setGrants(grants, user): | ||
| 394 | 106 | """Set the access grants for this rule.""" | ||
| 395 | 107 | |||
| 396 | 103 | def destroySelf(user): | 108 | def destroySelf(user): |
| 397 | 104 | """Delete this rule. | 109 | """Delete this rule. |
| 398 | 105 | 110 | ||
| 399 | @@ -183,3 +188,24 @@ | |||
| 400 | 183 | class IGitRuleGrant(IGitRuleGrantView, IGitRuleGrantEditableAttributes, | 188 | class IGitRuleGrant(IGitRuleGrantView, IGitRuleGrantEditableAttributes, |
| 401 | 184 | IGitRuleGrantEdit): | 189 | IGitRuleGrantEdit): |
| 402 | 185 | """An access grant for a Git repository rule.""" | 190 | """An access grant for a Git repository rule.""" |
| 403 | 191 | |||
| 404 | 192 | |||
| 405 | 193 | class IGitNascentRuleGrant(Interface): | ||
| 406 | 194 | """An access grant in the process of being created. | ||
| 407 | 195 | |||
| 408 | 196 | This represents parameters for a grant that have been deserialised from | ||
| 409 | 197 | a webservice request, but that have not yet been attached to a rule. | ||
| 410 | 198 | """ | ||
| 411 | 199 | |||
| 412 | 200 | grantee_type = copy_field(IGitRuleGrant["grantee_type"]) | ||
| 413 | 201 | |||
| 414 | 202 | grantee = copy_field(IGitRuleGrant["grantee"]) | ||
| 415 | 203 | |||
| 416 | 204 | can_create = copy_field( | ||
| 417 | 205 | IGitRuleGrant["can_create"], required=False, default=False) | ||
| 418 | 206 | |||
| 419 | 207 | can_push = copy_field( | ||
| 420 | 208 | IGitRuleGrant["can_push"], required=False, default=False) | ||
| 421 | 209 | |||
| 422 | 210 | can_force_push = copy_field( | ||
| 423 | 211 | IGitRuleGrant["can_force_push"], required=False, default=False) | ||
| 424 | 186 | 212 | ||
| 425 | === modified file 'lib/lp/code/model/gitref.py' | |||
| 426 | --- lib/lp/code/model/gitref.py 2018-09-27 13:50:06 +0000 | |||
| 427 | +++ lib/lp/code/model/gitref.py 2018-10-16 15:29:23 +0000 | |||
| 428 | @@ -69,6 +69,10 @@ | |||
| 429 | 69 | BranchMergeProposal, | 69 | BranchMergeProposal, |
| 430 | 70 | BranchMergeProposalGetter, | 70 | BranchMergeProposalGetter, |
| 431 | 71 | ) | 71 | ) |
| 432 | 72 | from lp.code.model.gitrule import ( | ||
| 433 | 73 | GitRule, | ||
| 434 | 74 | GitRuleGrant, | ||
| 435 | 75 | ) | ||
| 436 | 72 | from lp.services.config import config | 76 | from lp.services.config import config |
| 437 | 73 | from lp.services.database.constants import UTC_NOW | 77 | from lp.services.database.constants import UTC_NOW |
| 438 | 74 | from lp.services.database.decoratedresultset import DecoratedResultSet | 78 | from lp.services.database.decoratedresultset import DecoratedResultSet |
| 439 | @@ -421,6 +425,24 @@ | |||
| 440 | 421 | hook = SourcePackageRecipe.preLoadDataForSourcePackageRecipes | 425 | hook = SourcePackageRecipe.preLoadDataForSourcePackageRecipes |
| 441 | 422 | return DecoratedResultSet(recipes, pre_iter_hook=hook) | 426 | return DecoratedResultSet(recipes, pre_iter_hook=hook) |
| 442 | 423 | 427 | ||
| 443 | 428 | def getGrants(self): | ||
| 444 | 429 | """See `IGitRef`.""" | ||
| 445 | 430 | return list(Store.of(self).find( | ||
| 446 | 431 | GitRuleGrant, GitRuleGrant.rule_id == GitRule.id, | ||
| 447 | 432 | GitRule.repository_id == self.repository_id, | ||
| 448 | 433 | GitRule.ref_pattern == self.path)) | ||
| 449 | 434 | |||
| 450 | 435 | def setGrants(self, grants, user): | ||
| 451 | 436 | """See `IGitRef`.""" | ||
| 452 | 437 | rule = Store.of(self).find( | ||
| 453 | 438 | GitRule, GitRule.repository_id == self.repository_id, | ||
| 454 | 439 | GitRule.ref_pattern == self.path).one() | ||
| 455 | 440 | if rule is None: | ||
| 456 | 441 | # We don't need to worry about position, since this is an | ||
| 457 | 442 | # exact-match rule and therefore has a canonical position. | ||
| 458 | 443 | rule = self.repository.addRule(self.path, user) | ||
| 459 | 444 | rule.setGrants(grants, user) | ||
| 460 | 445 | |||
| 461 | 424 | 446 | ||
| 462 | 425 | @implementer(IGitRef) | 447 | @implementer(IGitRef) |
| 463 | 426 | class GitRef(StormBase, GitRefMixin): | 448 | class GitRef(StormBase, GitRefMixin): |
| 464 | @@ -452,7 +474,10 @@ | |||
| 465 | 452 | 474 | ||
| 466 | 453 | @property | 475 | @property |
| 467 | 454 | def commit_message_first_line(self): | 476 | def commit_message_first_line(self): |
| 469 | 455 | return self.commit_message.split("\n", 1)[0] | 477 | if self.commit_message is not None: |
| 470 | 478 | return self.commit_message.split("\n", 1)[0] | ||
| 471 | 479 | else: | ||
| 472 | 480 | return None | ||
| 473 | 456 | 481 | ||
| 474 | 457 | @property | 482 | @property |
| 475 | 458 | def has_commits(self): | 483 | def has_commits(self): |
| 476 | @@ -795,6 +820,12 @@ | |||
| 477 | 795 | """See `IHasRecipes`.""" | 820 | """See `IHasRecipes`.""" |
| 478 | 796 | return [] | 821 | return [] |
| 479 | 797 | 822 | ||
| 480 | 823 | def getGrants(self): | ||
| 481 | 824 | """See `IGitRef`.""" | ||
| 482 | 825 | return [] | ||
| 483 | 826 | |||
| 484 | 827 | setGrants = _unimplemented | ||
| 485 | 828 | |||
| 486 | 798 | def __eq__(self, other): | 829 | def __eq__(self, other): |
| 487 | 799 | return ( | 830 | return ( |
| 488 | 800 | self.repository_url == other.repository_url and | 831 | self.repository_url == other.repository_url and |
| 489 | 801 | 832 | ||
| 490 | === modified file 'lib/lp/code/model/gitrule.py' | |||
| 491 | --- lib/lp/code/model/gitrule.py 2018-10-12 16:41:14 +0000 | |||
| 492 | +++ lib/lp/code/model/gitrule.py 2018-10-16 15:29:23 +0000 | |||
| 493 | @@ -11,7 +11,16 @@ | |||
| 494 | 11 | 'GitRuleGrant', | 11 | 'GitRuleGrant', |
| 495 | 12 | ] | 12 | ] |
| 496 | 13 | 13 | ||
| 497 | 14 | from collections import OrderedDict | ||
| 498 | 15 | |||
| 499 | 14 | from lazr.enum import DBItem | 16 | from lazr.enum import DBItem |
| 500 | 17 | from lazr.lifecycle.event import ObjectModifiedEvent | ||
| 501 | 18 | from lazr.lifecycle.snapshot import Snapshot | ||
| 502 | 19 | from lazr.restful.interfaces import ( | ||
| 503 | 20 | IFieldMarshaller, | ||
| 504 | 21 | IJSONPublishable, | ||
| 505 | 22 | ) | ||
| 506 | 23 | from lazr.restful.utils import get_current_browser_request | ||
| 507 | 15 | import pytz | 24 | import pytz |
| 508 | 16 | from storm.locals import ( | 25 | from storm.locals import ( |
| 509 | 17 | Bool, | 26 | Bool, |
| 510 | @@ -21,13 +30,22 @@ | |||
| 511 | 21 | Store, | 30 | Store, |
| 512 | 22 | Unicode, | 31 | Unicode, |
| 513 | 23 | ) | 32 | ) |
| 516 | 24 | from zope.component import getUtility | 33 | from zope.component import ( |
| 517 | 25 | from zope.interface import implementer | 34 | adapter, |
| 518 | 35 | getMultiAdapter, | ||
| 519 | 36 | getUtility, | ||
| 520 | 37 | ) | ||
| 521 | 38 | from zope.event import notify | ||
| 522 | 39 | from zope.interface import ( | ||
| 523 | 40 | implementer, | ||
| 524 | 41 | providedBy, | ||
| 525 | 42 | ) | ||
| 526 | 26 | from zope.security.proxy import removeSecurityProxy | 43 | from zope.security.proxy import removeSecurityProxy |
| 527 | 27 | 44 | ||
| 528 | 28 | from lp.code.enums import GitGranteeType | 45 | from lp.code.enums import GitGranteeType |
| 529 | 29 | from lp.code.interfaces.gitactivity import IGitActivitySet | 46 | from lp.code.interfaces.gitactivity import IGitActivitySet |
| 530 | 30 | from lp.code.interfaces.gitrule import ( | 47 | from lp.code.interfaces.gitrule import ( |
| 531 | 48 | IGitNascentRuleGrant, | ||
| 532 | 31 | IGitRule, | 49 | IGitRule, |
| 533 | 32 | IGitRuleGrant, | 50 | IGitRuleGrant, |
| 534 | 33 | ) | 51 | ) |
| 535 | @@ -42,6 +60,7 @@ | |||
| 536 | 42 | ) | 60 | ) |
| 537 | 43 | from lp.services.database.enumcol import DBEnum | 61 | from lp.services.database.enumcol import DBEnum |
| 538 | 44 | from lp.services.database.stormbase import StormBase | 62 | from lp.services.database.stormbase import StormBase |
| 539 | 63 | from lp.services.fields import InlineObject | ||
| 540 | 45 | 64 | ||
| 541 | 46 | 65 | ||
| 542 | 47 | def git_rule_modified(rule, event): | 66 | def git_rule_modified(rule, event): |
| 543 | @@ -118,6 +137,58 @@ | |||
| 544 | 118 | getUtility(IGitActivitySet).logGrantAdded(grant, grantor) | 137 | getUtility(IGitActivitySet).logGrantAdded(grant, grantor) |
| 545 | 119 | return grant | 138 | return grant |
| 546 | 120 | 139 | ||
| 547 | 140 | def _validateGrants(self, grants): | ||
| 548 | 141 | """Validate a new iterable of access grants.""" | ||
| 549 | 142 | for grant in grants: | ||
| 550 | 143 | if grant.grantee_type == GitGranteeType.PERSON: | ||
| 551 | 144 | if grant.grantee is None: | ||
| 552 | 145 | raise ValueError( | ||
| 553 | 146 | "Permission grant for %s has grantee_type 'Person' " | ||
| 554 | 147 | "but no grantee" % self.ref_pattern) | ||
| 555 | 148 | else: | ||
| 556 | 149 | if grant.grantee is not None: | ||
| 557 | 150 | raise ValueError( | ||
| 558 | 151 | "Permission grant for %s has grantee_type '%s', " | ||
| 559 | 152 | "contradicting grantee ~%s" % | ||
| 560 | 153 | (self.ref_pattern, grant.grantee_type, | ||
| 561 | 154 | grant.grantee.name)) | ||
| 562 | 155 | |||
| 563 | 156 | def setGrants(self, grants, user): | ||
| 564 | 157 | """See `IGitRule`.""" | ||
| 565 | 158 | self._validateGrants(grants) | ||
| 566 | 159 | existing_grants = { | ||
| 567 | 160 | (grant.grantee_type, grant.grantee): grant | ||
| 568 | 161 | for grant in self.grants} | ||
| 569 | 162 | new_grants = OrderedDict( | ||
| 570 | 163 | ((grant.grantee_type, grant.grantee), grant) | ||
| 571 | 164 | for grant in grants) | ||
| 572 | 165 | |||
| 573 | 166 | for grant_key, grant in existing_grants.items(): | ||
| 574 | 167 | if grant_key not in new_grants: | ||
| 575 | 168 | grant.destroySelf(user) | ||
| 576 | 169 | |||
| 577 | 170 | for grant_key, new_grant in new_grants.items(): | ||
| 578 | 171 | grant = existing_grants.get(grant_key) | ||
| 579 | 172 | if grant is None: | ||
| 580 | 173 | new_grantee = ( | ||
| 581 | 174 | new_grant.grantee | ||
| 582 | 175 | if new_grant.grantee_type == GitGranteeType.PERSON | ||
| 583 | 176 | else new_grant.grantee_type) | ||
| 584 | 177 | grant = self.addGrant( | ||
| 585 | 178 | new_grantee, user, can_create=new_grant.can_create, | ||
| 586 | 179 | can_push=new_grant.can_push, | ||
| 587 | 180 | can_force_push=new_grant.can_force_push) | ||
| 588 | 181 | else: | ||
| 589 | 182 | grant_before_modification = Snapshot( | ||
| 590 | 183 | grant, providing=providedBy(grant)) | ||
| 591 | 184 | edited_fields = [] | ||
| 592 | 185 | for field in ("can_create", "can_push", "can_force_push"): | ||
| 593 | 186 | if getattr(grant, field) != getattr(new_grant, field): | ||
| 594 | 187 | setattr(grant, field, getattr(new_grant, field)) | ||
| 595 | 188 | edited_fields.append(field) | ||
| 596 | 189 | notify(ObjectModifiedEvent( | ||
| 597 | 190 | grant, grant_before_modification, edited_fields)) | ||
| 598 | 191 | |||
| 599 | 121 | def destroySelf(self, user): | 192 | def destroySelf(self, user): |
| 600 | 122 | """See `IGitRule`.""" | 193 | """See `IGitRule`.""" |
| 601 | 123 | getUtility(IGitActivitySet).logRuleRemoved(self, user) | 194 | getUtility(IGitActivitySet).logRuleRemoved(self, user) |
| 602 | @@ -142,7 +213,7 @@ | |||
| 603 | 142 | removeSecurityProxy(grant).date_last_modified = UTC_NOW | 213 | removeSecurityProxy(grant).date_last_modified = UTC_NOW |
| 604 | 143 | 214 | ||
| 605 | 144 | 215 | ||
| 607 | 145 | @implementer(IGitRuleGrant) | 216 | @implementer(IGitRuleGrant, IJSONPublishable) |
| 608 | 146 | class GitRuleGrant(StormBase): | 217 | class GitRuleGrant(StormBase): |
| 609 | 147 | """See `IGitRuleGrant`.""" | 218 | """See `IGitRuleGrant`.""" |
| 610 | 148 | 219 | ||
| 611 | @@ -215,8 +286,35 @@ | |||
| 612 | 215 | ", ".join(permissions), grantee_name, self.repository.unique_name, | 286 | ", ".join(permissions), grantee_name, self.repository.unique_name, |
| 613 | 216 | self.rule.ref_pattern) | 287 | self.rule.ref_pattern) |
| 614 | 217 | 288 | ||
| 615 | 289 | def toDataForJSON(self, media_type): | ||
| 616 | 290 | """See `IJSONPublishable`.""" | ||
| 617 | 291 | if media_type != "application/json": | ||
| 618 | 292 | raise ValueError("Unhandled media type %s" % media_type) | ||
| 619 | 293 | request = get_current_browser_request() | ||
| 620 | 294 | field = InlineObject(schema=IGitNascentRuleGrant).bind(self) | ||
| 621 | 295 | marshaller = getMultiAdapter((field, request), IFieldMarshaller) | ||
| 622 | 296 | return marshaller.unmarshall(None, self) | ||
| 623 | 297 | |||
| 624 | 218 | def destroySelf(self, user=None): | 298 | def destroySelf(self, user=None): |
| 625 | 219 | """See `IGitRuleGrant`.""" | 299 | """See `IGitRuleGrant`.""" |
| 626 | 220 | if user is not None: | 300 | if user is not None: |
| 627 | 221 | getUtility(IGitActivitySet).logGrantRemoved(self, user) | 301 | getUtility(IGitActivitySet).logGrantRemoved(self, user) |
| 628 | 222 | Store.of(self).remove(self) | 302 | Store.of(self).remove(self) |
| 629 | 303 | |||
| 630 | 304 | |||
| 631 | 305 | @implementer(IGitNascentRuleGrant) | ||
| 632 | 306 | class GitNascentRuleGrant: | ||
| 633 | 307 | |||
| 634 | 308 | def __init__(self, grantee_type, grantee=None, can_create=False, | ||
| 635 | 309 | can_push=False, can_force_push=False): | ||
| 636 | 310 | self.grantee_type = grantee_type | ||
| 637 | 311 | self.grantee = grantee | ||
| 638 | 312 | self.can_create = can_create | ||
| 639 | 313 | self.can_push = can_push | ||
| 640 | 314 | self.can_force_push = can_force_push | ||
| 641 | 315 | |||
| 642 | 316 | |||
| 643 | 317 | @adapter(dict) | ||
| 644 | 318 | @implementer(IGitNascentRuleGrant) | ||
| 645 | 319 | def nascent_rule_grant_from_dict(template): | ||
| 646 | 320 | return GitNascentRuleGrant(**template) | ||
| 647 | 223 | 321 | ||
| 648 | === modified file 'lib/lp/code/model/tests/test_gitref.py' | |||
| 649 | --- lib/lp/code/model/tests/test_gitref.py 2018-09-27 13:50:06 +0000 | |||
| 650 | +++ lib/lp/code/model/tests/test_gitref.py 2018-10-16 15:29:23 +0000 | |||
| 651 | @@ -17,20 +17,25 @@ | |||
| 652 | 17 | from bzrlib import urlutils | 17 | from bzrlib import urlutils |
| 653 | 18 | import pytz | 18 | import pytz |
| 654 | 19 | import responses | 19 | import responses |
| 655 | 20 | from storm.store import Store | ||
| 656 | 20 | from testtools.matchers import ( | 21 | from testtools.matchers import ( |
| 657 | 21 | ContainsDict, | 22 | ContainsDict, |
| 658 | 22 | EndsWith, | 23 | EndsWith, |
| 659 | 23 | Equals, | 24 | Equals, |
| 660 | 24 | Is, | 25 | Is, |
| 661 | 25 | LessThan, | 26 | LessThan, |
| 662 | 27 | MatchesDict, | ||
| 663 | 26 | MatchesListwise, | 28 | MatchesListwise, |
| 664 | 29 | MatchesSetwise, | ||
| 665 | 27 | MatchesStructure, | 30 | MatchesStructure, |
| 666 | 28 | ) | 31 | ) |
| 667 | 32 | import transaction | ||
| 668 | 29 | from zope.component import getUtility | 33 | from zope.component import getUtility |
| 669 | 30 | 34 | ||
| 670 | 31 | from lp.app.enums import InformationType | 35 | from lp.app.enums import InformationType |
| 671 | 32 | from lp.app.interfaces.informationtype import IInformationType | 36 | from lp.app.interfaces.informationtype import IInformationType |
| 672 | 33 | from lp.app.interfaces.launchpad import IPrivacy | 37 | from lp.app.interfaces.launchpad import IPrivacy |
| 673 | 38 | from lp.code.enums import GitGranteeType | ||
| 674 | 34 | from lp.code.errors import ( | 39 | from lp.code.errors import ( |
| 675 | 35 | GitRepositoryBlobNotFound, | 40 | GitRepositoryBlobNotFound, |
| 676 | 36 | GitRepositoryBlobUnsupportedRemote, | 41 | GitRepositoryBlobUnsupportedRemote, |
| 677 | @@ -38,8 +43,10 @@ | |||
| 678 | 38 | InvalidBranchMergeProposal, | 43 | InvalidBranchMergeProposal, |
| 679 | 39 | ) | 44 | ) |
| 680 | 40 | from lp.code.interfaces.gitrepository import IGitRepositorySet | 45 | from lp.code.interfaces.gitrepository import IGitRepositorySet |
| 681 | 46 | from lp.code.interfaces.gitrule import IGitNascentRuleGrant | ||
| 682 | 41 | from lp.code.tests.helpers import GitHostingFixture | 47 | from lp.code.tests.helpers import GitHostingFixture |
| 683 | 42 | from lp.services.config import config | 48 | from lp.services.config import config |
| 684 | 49 | from lp.services.database.sqlbase import get_transaction_timestamp | ||
| 685 | 43 | from lp.services.features.testing import FeatureFixture | 50 | from lp.services.features.testing import FeatureFixture |
| 686 | 44 | from lp.services.memcache.interfaces import IMemcacheClient | 51 | from lp.services.memcache.interfaces import IMemcacheClient |
| 687 | 45 | from lp.services.utils import seconds_since_epoch | 52 | from lp.services.utils import seconds_since_epoch |
| 688 | @@ -570,6 +577,106 @@ | |||
| 689 | 570 | self.assertEqual({(person1, "review1"), (person2, "review2")}, votes) | 577 | self.assertEqual({(person1, "review1"), (person2, "review2")}, votes) |
| 690 | 571 | 578 | ||
| 691 | 572 | 579 | ||
| 692 | 580 | class TestGitRefGrants(TestCaseWithFactory): | ||
| 693 | 581 | """Test handling of access grants for refs. | ||
| 694 | 582 | |||
| 695 | 583 | Most of the hard work here is done by GitRule, but we ensure that | ||
| 696 | 584 | getting and setting grants via GitRef operates only on the appropriate | ||
| 697 | 585 | exact-match rule. | ||
| 698 | 586 | """ | ||
| 699 | 587 | |||
| 700 | 588 | layer = DatabaseFunctionalLayer | ||
| 701 | 589 | |||
| 702 | 590 | def test_getGrants(self): | ||
| 703 | 591 | repository = self.factory.makeGitRepository() | ||
| 704 | 592 | [ref] = self.factory.makeGitRefs(repository=repository) | ||
| 705 | 593 | rule = self.factory.makeGitRule( | ||
| 706 | 594 | repository=repository, ref_pattern=ref.path) | ||
| 707 | 595 | grants = [ | ||
| 708 | 596 | self.factory.makeGitRuleGrant( | ||
| 709 | 597 | rule=rule, can_create=True, can_force_push=True), | ||
| 710 | 598 | self.factory.makeGitRuleGrant(rule=rule, can_push=True), | ||
| 711 | 599 | ] | ||
| 712 | 600 | wildcard_rule = self.factory.makeGitRule( | ||
| 713 | 601 | repository=repository, ref_pattern="refs/heads/*") | ||
| 714 | 602 | self.factory.makeGitRuleGrant(rule=wildcard_rule) | ||
| 715 | 603 | self.assertThat(ref.getGrants(), MatchesSetwise( | ||
| 716 | 604 | MatchesStructure( | ||
| 717 | 605 | rule=Equals(rule), | ||
| 718 | 606 | grantee_type=Equals(GitGranteeType.PERSON), | ||
| 719 | 607 | grantee=Equals(grants[0].grantee), | ||
| 720 | 608 | can_create=Is(True), | ||
| 721 | 609 | can_push=Is(False), | ||
| 722 | 610 | can_force_push=Is(True)), | ||
| 723 | 611 | MatchesStructure( | ||
| 724 | 612 | rule=Equals(rule), | ||
| 725 | 613 | grantee_type=Equals(GitGranteeType.PERSON), | ||
| 726 | 614 | grantee=Equals(grants[1].grantee), | ||
| 727 | 615 | can_create=Is(False), | ||
| 728 | 616 | can_push=Is(True), | ||
| 729 | 617 | can_force_push=Is(False)))) | ||
| 730 | 618 | |||
| 731 | 619 | def test_setGrants_no_matching_rule(self): | ||
| 732 | 620 | repository = self.factory.makeGitRepository() | ||
| 733 | 621 | [ref] = self.factory.makeGitRefs(repository=repository) | ||
| 734 | 622 | self.factory.makeGitRule( | ||
| 735 | 623 | repository=repository, ref_pattern="refs/heads/*") | ||
| 736 | 624 | other_repository = self.factory.makeGitRepository() | ||
| 737 | 625 | self.factory.makeGitRule( | ||
| 738 | 626 | repository=other_repository, ref_pattern=ref.path) | ||
| 739 | 627 | with person_logged_in(repository.owner): | ||
| 740 | 628 | ref.setGrants([ | ||
| 741 | 629 | IGitNascentRuleGrant({ | ||
| 742 | 630 | "grantee_type": GitGranteeType.REPOSITORY_OWNER, | ||
| 743 | 631 | "can_force_push": True, | ||
| 744 | 632 | }), | ||
| 745 | 633 | ], repository.owner) | ||
| 746 | 634 | self.assertThat(list(repository.rules), MatchesListwise([ | ||
| 747 | 635 | MatchesStructure( | ||
| 748 | 636 | repository=Equals(repository), | ||
| 749 | 637 | ref_pattern=Equals(ref.path), | ||
| 750 | 638 | grants=MatchesSetwise( | ||
| 751 | 639 | MatchesStructure( | ||
| 752 | 640 | grantee_type=Equals(GitGranteeType.REPOSITORY_OWNER), | ||
| 753 | 641 | grantee=Is(None), | ||
| 754 | 642 | can_create=Is(False), | ||
| 755 | 643 | can_push=Is(False), | ||
| 756 | 644 | can_force_push=Is(True)))), | ||
| 757 | 645 | MatchesStructure( | ||
| 758 | 646 | repository=Equals(repository), | ||
| 759 | 647 | ref_pattern=Equals("refs/heads/*"), | ||
| 760 | 648 | grants=MatchesSetwise()), | ||
| 761 | 649 | ])) | ||
| 762 | 650 | |||
| 763 | 651 | def test_setGrants_matching_rule(self): | ||
| 764 | 652 | repository = self.factory.makeGitRepository() | ||
| 765 | 653 | [ref] = self.factory.makeGitRefs(repository=repository) | ||
| 766 | 654 | rule = self.factory.makeGitRule( | ||
| 767 | 655 | repository=repository, ref_pattern=ref.path) | ||
| 768 | 656 | date_created = get_transaction_timestamp(Store.of(rule)) | ||
| 769 | 657 | transaction.commit() | ||
| 770 | 658 | with person_logged_in(repository.owner): | ||
| 771 | 659 | ref.setGrants([ | ||
| 772 | 660 | IGitNascentRuleGrant({ | ||
| 773 | 661 | "grantee_type": GitGranteeType.REPOSITORY_OWNER, | ||
| 774 | 662 | "can_force_push": True, | ||
| 775 | 663 | }), | ||
| 776 | 664 | ], repository.owner) | ||
| 777 | 665 | self.assertThat(list(repository.rules), MatchesListwise([ | ||
| 778 | 666 | MatchesStructure( | ||
| 779 | 667 | repository=Equals(repository), | ||
| 780 | 668 | ref_pattern=Equals(ref.path), | ||
| 781 | 669 | date_created=Equals(date_created), | ||
| 782 | 670 | grants=MatchesSetwise( | ||
| 783 | 671 | MatchesStructure( | ||
| 784 | 672 | grantee_type=Equals(GitGranteeType.REPOSITORY_OWNER), | ||
| 785 | 673 | grantee=Is(None), | ||
| 786 | 674 | can_create=Is(False), | ||
| 787 | 675 | can_push=Is(False), | ||
| 788 | 676 | can_force_push=Is(True)))), | ||
| 789 | 677 | ])) | ||
| 790 | 678 | |||
| 791 | 679 | |||
| 792 | 573 | class TestGitRefWebservice(TestCaseWithFactory): | 680 | class TestGitRefWebservice(TestCaseWithFactory): |
| 793 | 574 | """Tests for the webservice.""" | 681 | """Tests for the webservice.""" |
| 794 | 575 | 682 | ||
| 795 | @@ -686,3 +793,85 @@ | |||
| 796 | 686 | self.assertEqual(1, len(dependent_landings["entries"])) | 793 | self.assertEqual(1, len(dependent_landings["entries"])) |
| 797 | 687 | self.assertThat( | 794 | self.assertThat( |
| 798 | 688 | dependent_landings["entries"][0]["self_link"], EndsWith(bmp_url)) | 795 | dependent_landings["entries"][0]["self_link"], EndsWith(bmp_url)) |
| 799 | 796 | |||
| 800 | 797 | def test_getGrants(self): | ||
| 801 | 798 | [ref] = self.factory.makeGitRefs() | ||
| 802 | 799 | rule = self.factory.makeGitRule( | ||
| 803 | 800 | repository=ref.repository, ref_pattern=ref.path) | ||
| 804 | 801 | self.factory.makeGitRuleGrant( | ||
| 805 | 802 | rule=rule, grantee=GitGranteeType.REPOSITORY_OWNER, | ||
| 806 | 803 | can_create=True, can_force_push=True) | ||
| 807 | 804 | grantee = self.factory.makePerson() | ||
| 808 | 805 | self.factory.makeGitRuleGrant( | ||
| 809 | 806 | rule=rule, grantee=grantee, can_push=True) | ||
| 810 | 807 | with person_logged_in(ref.owner): | ||
| 811 | 808 | ref_url = api_url(ref) | ||
| 812 | 809 | grantee_url = api_url(grantee) | ||
| 813 | 810 | webservice = webservice_for_person( | ||
| 814 | 811 | ref.owner, permission=OAuthPermission.WRITE_PUBLIC) | ||
| 815 | 812 | webservice.default_api_version = "devel" | ||
| 816 | 813 | response = webservice.named_get(ref_url, "getGrants") | ||
| 817 | 814 | self.assertThat(json.loads(response.body), MatchesSetwise( | ||
| 818 | 815 | MatchesDict({ | ||
| 819 | 816 | "grantee_type": Equals("Repository owner"), | ||
| 820 | 817 | "grantee_link": Is(None), | ||
| 821 | 818 | "can_create": Is(True), | ||
| 822 | 819 | "can_push": Is(False), | ||
| 823 | 820 | "can_force_push": Is(True), | ||
| 824 | 821 | }), | ||
| 825 | 822 | MatchesDict({ | ||
| 826 | 823 | "grantee_type": Equals("Person"), | ||
| 827 | 824 | "grantee_link": Equals(webservice.getAbsoluteUrl(grantee_url)), | ||
| 828 | 825 | "can_create": Is(False), | ||
| 829 | 826 | "can_push": Is(True), | ||
| 830 | 827 | "can_force_push": Is(False), | ||
| 831 | 828 | }))) | ||
| 832 | 829 | |||
| 833 | 830 | def test_setGrants(self): | ||
| 834 | 831 | [ref] = self.factory.makeGitRefs() | ||
| 835 | 832 | owner = ref.owner | ||
| 836 | 833 | grantee = self.factory.makePerson() | ||
| 837 | 834 | with person_logged_in(owner): | ||
| 838 | 835 | ref_url = api_url(ref) | ||
| 839 | 836 | grantee_url = api_url(grantee) | ||
| 840 | 837 | webservice = webservice_for_person( | ||
| 841 | 838 | owner, permission=OAuthPermission.WRITE_PUBLIC) | ||
| 842 | 839 | webservice.default_api_version = "devel" | ||
| 843 | 840 | response = webservice.named_post( | ||
| 844 | 841 | ref_url, "setGrants", | ||
| 845 | 842 | grants=[ | ||
| 846 | 843 | { | ||
| 847 | 844 | "grantee_type": "Repository owner", | ||
| 848 | 845 | "can_create": True, | ||
| 849 | 846 | "can_force_push": True, | ||
| 850 | 847 | }, | ||
| 851 | 848 | { | ||
| 852 | 849 | "grantee_type": "Person", | ||
| 853 | 850 | "grantee_link": grantee_url, | ||
| 854 | 851 | "can_push": True, | ||
| 855 | 852 | }, | ||
| 856 | 853 | ]) | ||
| 857 | 854 | self.assertEqual(200, response.status) | ||
| 858 | 855 | with person_logged_in(owner): | ||
| 859 | 856 | self.assertThat(list(ref.repository.rules), MatchesListwise([ | ||
| 860 | 857 | MatchesStructure( | ||
| 861 | 858 | repository=Equals(ref.repository), | ||
| 862 | 859 | ref_pattern=Equals(ref.path), | ||
| 863 | 860 | creator=Equals(owner), | ||
| 864 | 861 | grants=MatchesSetwise( | ||
| 865 | 862 | MatchesStructure( | ||
| 866 | 863 | grantor=Equals(owner), | ||
| 867 | 864 | grantee_type=Equals( | ||
| 868 | 865 | GitGranteeType.REPOSITORY_OWNER), | ||
| 869 | 866 | grantee=Is(None), | ||
| 870 | 867 | can_create=Is(True), | ||
| 871 | 868 | can_push=Is(False), | ||
| 872 | 869 | can_force_push=Is(True)), | ||
| 873 | 870 | MatchesStructure( | ||
| 874 | 871 | grantor=Equals(owner), | ||
| 875 | 872 | grantee_type=Equals(GitGranteeType.PERSON), | ||
| 876 | 873 | grantee=Equals(grantee), | ||
| 877 | 874 | can_create=Is(False), | ||
| 878 | 875 | can_push=Is(True), | ||
| 879 | 876 | can_force_push=Is(False)))), | ||
| 880 | 877 | ])) | ||
| 881 | 689 | 878 | ||
| 882 | === modified file 'lib/lp/code/model/tests/test_gitrule.py' | |||
| 883 | --- lib/lp/code/model/tests/test_gitrule.py 2018-10-12 16:41:14 +0000 | |||
| 884 | +++ lib/lp/code/model/tests/test_gitrule.py 2018-10-16 15:29:23 +0000 | |||
| 885 | @@ -14,17 +14,21 @@ | |||
| 886 | 14 | Equals, | 14 | Equals, |
| 887 | 15 | Is, | 15 | Is, |
| 888 | 16 | MatchesDict, | 16 | MatchesDict, |
| 889 | 17 | MatchesListwise, | ||
| 890 | 17 | MatchesSetwise, | 18 | MatchesSetwise, |
| 891 | 18 | MatchesStructure, | 19 | MatchesStructure, |
| 892 | 19 | ) | 20 | ) |
| 893 | 21 | import transaction | ||
| 894 | 20 | from zope.event import notify | 22 | from zope.event import notify |
| 895 | 21 | from zope.interface import providedBy | 23 | from zope.interface import providedBy |
| 896 | 24 | from zope.security.proxy import removeSecurityProxy | ||
| 897 | 22 | 25 | ||
| 898 | 23 | from lp.code.enums import ( | 26 | from lp.code.enums import ( |
| 899 | 24 | GitActivityType, | 27 | GitActivityType, |
| 900 | 25 | GitGranteeType, | 28 | GitGranteeType, |
| 901 | 26 | ) | 29 | ) |
| 902 | 27 | from lp.code.interfaces.gitrule import ( | 30 | from lp.code.interfaces.gitrule import ( |
| 903 | 31 | IGitNascentRuleGrant, | ||
| 904 | 28 | IGitRule, | 32 | IGitRule, |
| 905 | 29 | IGitRuleGrant, | 33 | IGitRuleGrant, |
| 906 | 30 | ) | 34 | ) |
| 907 | @@ -122,6 +126,303 @@ | |||
| 908 | 122 | can_push=Is(False), | 126 | can_push=Is(False), |
| 909 | 123 | can_force_push=Is(True)))) | 127 | can_force_push=Is(True)))) |
| 910 | 124 | 128 | ||
| 911 | 129 | def test__validateGrants_ok(self): | ||
| 912 | 130 | rule = self.factory.makeGitRule() | ||
| 913 | 131 | grants = [ | ||
| 914 | 132 | IGitNascentRuleGrant({ | ||
| 915 | 133 | "grantee_type": GitGranteeType.REPOSITORY_OWNER, | ||
| 916 | 134 | "can_force_push": True, | ||
| 917 | 135 | }), | ||
| 918 | 136 | ] | ||
| 919 | 137 | removeSecurityProxy(rule)._validateGrants(grants) | ||
| 920 | 138 | |||
| 921 | 139 | def test__validateGrants_grantee_type_person_but_no_grantee(self): | ||
| 922 | 140 | rule = self.factory.makeGitRule(ref_pattern="refs/heads/*") | ||
| 923 | 141 | grants = [ | ||
| 924 | 142 | IGitNascentRuleGrant({ | ||
| 925 | 143 | "grantee_type": GitGranteeType.PERSON, | ||
| 926 | 144 | "can_force_push": True, | ||
| 927 | 145 | }), | ||
| 928 | 146 | ] | ||
| 929 | 147 | self.assertRaisesWithContent( | ||
| 930 | 148 | ValueError, | ||
| 931 | 149 | "Permission grant for refs/heads/* has grantee_type 'Person' but " | ||
| 932 | 150 | "no grantee", | ||
| 933 | 151 | removeSecurityProxy(rule)._validateGrants, grants) | ||
| 934 | 152 | |||
| 935 | 153 | def test__validateGrants_grantee_but_wrong_grantee_type(self): | ||
| 936 | 154 | rule = self.factory.makeGitRule(ref_pattern="refs/heads/*") | ||
| 937 | 155 | grantee = self.factory.makePerson() | ||
| 938 | 156 | grants = [ | ||
| 939 | 157 | IGitNascentRuleGrant({ | ||
| 940 | 158 | "grantee_type": GitGranteeType.REPOSITORY_OWNER, | ||
| 941 | 159 | "grantee": grantee, | ||
| 942 | 160 | "can_force_push": True, | ||
| 943 | 161 | }), | ||
| 944 | 162 | ] | ||
| 945 | 163 | self.assertRaisesWithContent( | ||
| 946 | 164 | ValueError, | ||
| 947 | 165 | "Permission grant for refs/heads/* has grantee_type " | ||
| 948 | 166 | "'Repository owner', contradicting grantee ~%s" % grantee.name, | ||
| 949 | 167 | removeSecurityProxy(rule)._validateGrants, grants) | ||
| 950 | 168 | |||
| 951 | 169 | def test_setGrants_add(self): | ||
| 952 | 170 | owner = self.factory.makeTeam() | ||
| 953 | 171 | member = self.factory.makePerson(member_of=[owner]) | ||
| 954 | 172 | rule = self.factory.makeGitRule(owner=owner) | ||
| 955 | 173 | grantee = self.factory.makePerson() | ||
| 956 | 174 | removeSecurityProxy(rule.repository.getActivity()).remove() | ||
| 957 | 175 | with person_logged_in(member): | ||
| 958 | 176 | rule.setGrants([ | ||
| 959 | 177 | IGitNascentRuleGrant({ | ||
| 960 | 178 | "grantee_type": GitGranteeType.REPOSITORY_OWNER, | ||
| 961 | 179 | "can_create": True, | ||
| 962 | 180 | "can_force_push": True, | ||
| 963 | 181 | }), | ||
| 964 | 182 | IGitNascentRuleGrant({ | ||
| 965 | 183 | "grantee_type": GitGranteeType.PERSON, | ||
| 966 | 184 | "grantee": grantee, | ||
| 967 | 185 | "can_push": True, | ||
| 968 | 186 | }), | ||
| 969 | 187 | ], member) | ||
| 970 | 188 | self.assertThat(rule.grants, MatchesSetwise( | ||
| 971 | 189 | MatchesStructure( | ||
| 972 | 190 | rule=Equals(rule), | ||
| 973 | 191 | grantor=Equals(member), | ||
| 974 | 192 | grantee_type=Equals(GitGranteeType.REPOSITORY_OWNER), | ||
| 975 | 193 | grantee=Is(None), | ||
| 976 | 194 | can_create=Is(True), | ||
| 977 | 195 | can_push=Is(False), | ||
| 978 | 196 | can_force_push=Is(True)), | ||
| 979 | 197 | MatchesStructure( | ||
| 980 | 198 | rule=Equals(rule), | ||
| 981 | 199 | grantor=Equals(member), | ||
| 982 | 200 | grantee_type=Equals(GitGranteeType.PERSON), | ||
| 983 | 201 | grantee=Equals(grantee), | ||
| 984 | 202 | can_create=Is(False), | ||
| 985 | 203 | can_push=Is(True), | ||
| 986 | 204 | can_force_push=Is(False)))) | ||
| 987 | 205 | self.assertThat(list(rule.repository.getActivity()), MatchesListwise([ | ||
| 988 | 206 | MatchesStructure( | ||
| 989 | 207 | repository=Equals(rule.repository), | ||
| 990 | 208 | changer=Equals(member), | ||
| 991 | 209 | changee=Equals(grantee), | ||
| 992 | 210 | what_changed=Equals(GitActivityType.GRANT_ADDED), | ||
| 993 | 211 | old_value=Is(None), | ||
| 994 | 212 | new_value=MatchesDict({ | ||
| 995 | 213 | "changee_type": Equals("Person"), | ||
| 996 | 214 | "ref_pattern": Equals(rule.ref_pattern), | ||
| 997 | 215 | "can_create": Is(False), | ||
| 998 | 216 | "can_push": Is(True), | ||
| 999 | 217 | "can_force_push": Is(False), | ||
| 1000 | 218 | })), | ||
| 1001 | 219 | MatchesStructure( | ||
| 1002 | 220 | repository=Equals(rule.repository), | ||
| 1003 | 221 | changer=Equals(member), | ||
| 1004 | 222 | changee=Is(None), | ||
| 1005 | 223 | what_changed=Equals(GitActivityType.GRANT_ADDED), | ||
| 1006 | 224 | old_value=Is(None), | ||
| 1007 | 225 | new_value=MatchesDict({ | ||
| 1008 | 226 | "changee_type": Equals("Repository owner"), | ||
| 1009 | 227 | "ref_pattern": Equals(rule.ref_pattern), | ||
| 1010 | 228 | "can_create": Is(True), | ||
| 1011 | 229 | "can_push": Is(False), | ||
| 1012 | 230 | "can_force_push": Is(True), | ||
| 1013 | 231 | })), | ||
| 1014 | 232 | ])) | ||
| 1015 | 233 | |||
| 1016 | 234 | def test_setGrants_modify(self): | ||
| 1017 | 235 | owner = self.factory.makeTeam() | ||
| 1018 | 236 | members = [ | ||
| 1019 | 237 | self.factory.makePerson(member_of=[owner]) for _ in range(2)] | ||
| 1020 | 238 | rule = self.factory.makeGitRule(owner=owner) | ||
| 1021 | 239 | grantees = [self.factory.makePerson() for _ in range(2)] | ||
| 1022 | 240 | self.factory.makeGitRuleGrant( | ||
| 1023 | 241 | rule=rule, grantee=GitGranteeType.REPOSITORY_OWNER, | ||
| 1024 | 242 | grantor=members[0], can_create=True) | ||
| 1025 | 243 | self.factory.makeGitRuleGrant( | ||
| 1026 | 244 | rule=rule, grantee=grantees[0], grantor=members[0], can_push=True) | ||
| 1027 | 245 | self.factory.makeGitRuleGrant( | ||
| 1028 | 246 | rule=rule, grantee=grantees[1], grantor=members[0], | ||
| 1029 | 247 | can_force_push=True) | ||
| 1030 | 248 | date_created = get_transaction_timestamp(Store.of(rule)) | ||
| 1031 | 249 | transaction.commit() | ||
| 1032 | 250 | removeSecurityProxy(rule.repository.getActivity()).remove() | ||
| 1033 | 251 | with person_logged_in(members[1]): | ||
| 1034 | 252 | rule.setGrants([ | ||
| 1035 | 253 | IGitNascentRuleGrant({ | ||
| 1036 | 254 | "grantee_type": GitGranteeType.REPOSITORY_OWNER, | ||
| 1037 | 255 | "can_force_push": True, | ||
| 1038 | 256 | }), | ||
| 1039 | 257 | IGitNascentRuleGrant({ | ||
| 1040 | 258 | "grantee_type": GitGranteeType.PERSON, | ||
| 1041 | 259 | "grantee": grantees[1], | ||
| 1042 | 260 | "can_create": True, | ||
| 1043 | 261 | }), | ||
| 1044 | 262 | IGitNascentRuleGrant({ | ||
| 1045 | 263 | "grantee_type": GitGranteeType.PERSON, | ||
| 1046 | 264 | "grantee": grantees[0], | ||
| 1047 | 265 | "can_push": True, | ||
| 1048 | 266 | "can_force_push": True, | ||
| 1049 | 267 | }), | ||
| 1050 | 268 | ], members[1]) | ||
| 1051 | 269 | date_modified = get_transaction_timestamp(Store.of(rule)) | ||
| 1052 | 270 | self.assertThat(rule.grants, MatchesSetwise( | ||
| 1053 | 271 | MatchesStructure( | ||
| 1054 | 272 | rule=Equals(rule), | ||
| 1055 | 273 | grantor=Equals(members[0]), | ||
| 1056 | 274 | grantee_type=Equals(GitGranteeType.REPOSITORY_OWNER), | ||
| 1057 | 275 | grantee=Is(None), | ||
| 1058 | 276 | can_create=Is(False), | ||
| 1059 | 277 | can_push=Is(False), | ||
| 1060 | 278 | can_force_push=Is(True), | ||
| 1061 | 279 | date_created=Equals(date_created), | ||
| 1062 | 280 | date_last_modified=Equals(date_modified)), | ||
| 1063 | 281 | MatchesStructure( | ||
| 1064 | 282 | rule=Equals(rule), | ||
| 1065 | 283 | grantor=Equals(members[0]), | ||
| 1066 | 284 | grantee_type=Equals(GitGranteeType.PERSON), | ||
| 1067 | 285 | grantee=Equals(grantees[0]), | ||
| 1068 | 286 | can_create=Is(False), | ||
| 1069 | 287 | can_push=Is(True), | ||
| 1070 | 288 | can_force_push=Is(True), | ||
| 1071 | 289 | date_created=Equals(date_created), | ||
| 1072 | 290 | date_last_modified=Equals(date_modified)), | ||
| 1073 | 291 | MatchesStructure( | ||
| 1074 | 292 | rule=Equals(rule), | ||
| 1075 | 293 | grantor=Equals(members[0]), | ||
| 1076 | 294 | grantee_type=Equals(GitGranteeType.PERSON), | ||
| 1077 | 295 | grantee=Equals(grantees[1]), | ||
| 1078 | 296 | can_create=Is(True), | ||
| 1079 | 297 | can_push=Is(False), | ||
| 1080 | 298 | can_force_push=Is(False), | ||
| 1081 | 299 | date_created=Equals(date_created), | ||
| 1082 | 300 | date_last_modified=Equals(date_modified)))) | ||
| 1083 | 301 | self.assertThat(list(rule.repository.getActivity()), MatchesListwise([ | ||
| 1084 | 302 | MatchesStructure( | ||
| 1085 | 303 | repository=Equals(rule.repository), | ||
| 1086 | 304 | changer=Equals(members[1]), | ||
| 1087 | 305 | changee=Equals(grantees[0]), | ||
| 1088 | 306 | what_changed=Equals(GitActivityType.GRANT_CHANGED), | ||
| 1089 | 307 | old_value=MatchesDict({ | ||
| 1090 | 308 | "changee_type": Equals("Person"), | ||
| 1091 | 309 | "ref_pattern": Equals(rule.ref_pattern), | ||
| 1092 | 310 | "can_create": Is(False), | ||
| 1093 | 311 | "can_push": Is(True), | ||
| 1094 | 312 | "can_force_push": Is(False), | ||
| 1095 | 313 | }), | ||
| 1096 | 314 | new_value=MatchesDict({ | ||
| 1097 | 315 | "changee_type": Equals("Person"), | ||
| 1098 | 316 | "ref_pattern": Equals(rule.ref_pattern), | ||
| 1099 | 317 | "can_create": Is(False), | ||
| 1100 | 318 | "can_push": Is(True), | ||
| 1101 | 319 | "can_force_push": Is(True), | ||
| 1102 | 320 | })), | ||
| 1103 | 321 | MatchesStructure( | ||
| 1104 | 322 | repository=Equals(rule.repository), | ||
| 1105 | 323 | changer=Equals(members[1]), | ||
| 1106 | 324 | changee=Equals(grantees[1]), | ||
| 1107 | 325 | what_changed=Equals(GitActivityType.GRANT_CHANGED), | ||
| 1108 | 326 | old_value=MatchesDict({ | ||
| 1109 | 327 | "changee_type": Equals("Person"), | ||
| 1110 | 328 | "ref_pattern": Equals(rule.ref_pattern), | ||
| 1111 | 329 | "can_create": Is(False), | ||
| 1112 | 330 | "can_push": Is(False), | ||
| 1113 | 331 | "can_force_push": Is(True), | ||
| 1114 | 332 | }), | ||
| 1115 | 333 | new_value=MatchesDict({ | ||
| 1116 | 334 | "changee_type": Equals("Person"), | ||
| 1117 | 335 | "ref_pattern": Equals(rule.ref_pattern), | ||
| 1118 | 336 | "can_create": Is(True), | ||
| 1119 | 337 | "can_push": Is(False), | ||
| 1120 | 338 | "can_force_push": Is(False), | ||
| 1121 | 339 | })), | ||
| 1122 | 340 | MatchesStructure( | ||
| 1123 | 341 | repository=Equals(rule.repository), | ||
| 1124 | 342 | changer=Equals(members[1]), | ||
| 1125 | 343 | changee=Is(None), | ||
| 1126 | 344 | what_changed=Equals(GitActivityType.GRANT_CHANGED), | ||
| 1127 | 345 | old_value=MatchesDict({ | ||
| 1128 | 346 | "changee_type": Equals("Repository owner"), | ||
| 1129 | 347 | "ref_pattern": Equals(rule.ref_pattern), | ||
| 1130 | 348 | "can_create": Is(True), | ||
| 1131 | 349 | "can_push": Is(False), | ||
| 1132 | 350 | "can_force_push": Is(False), | ||
| 1133 | 351 | }), | ||
| 1134 | 352 | new_value=MatchesDict({ | ||
| 1135 | 353 | "changee_type": Equals("Repository owner"), | ||
| 1136 | 354 | "ref_pattern": Equals(rule.ref_pattern), | ||
| 1137 | 355 | "can_create": Is(False), | ||
| 1138 | 356 | "can_push": Is(False), | ||
| 1139 | 357 | "can_force_push": Is(True), | ||
| 1140 | 358 | })), | ||
| 1141 | 359 | ])) | ||
| 1142 | 360 | |||
| 1143 | 361 | def test_setGrants_remove(self): | ||
| 1144 | 362 | owner = self.factory.makeTeam() | ||
| 1145 | 363 | members = [ | ||
| 1146 | 364 | self.factory.makePerson(member_of=[owner]) for _ in range(2)] | ||
| 1147 | 365 | rule = self.factory.makeGitRule(owner=owner) | ||
| 1148 | 366 | grantees = [self.factory.makePerson() for _ in range(2)] | ||
| 1149 | 367 | self.factory.makeGitRuleGrant( | ||
| 1150 | 368 | rule=rule, grantee=GitGranteeType.REPOSITORY_OWNER, | ||
| 1151 | 369 | grantor=members[0], can_create=True) | ||
| 1152 | 370 | self.factory.makeGitRuleGrant( | ||
| 1153 | 371 | rule=rule, grantee=grantees[0], grantor=members[0], can_push=True) | ||
| 1154 | 372 | self.factory.makeGitRuleGrant( | ||
| 1155 | 373 | rule=rule, grantee=grantees[1], grantor=members[0], | ||
| 1156 | 374 | can_force_push=True) | ||
| 1157 | 375 | date_created = get_transaction_timestamp(Store.of(rule)) | ||
| 1158 | 376 | transaction.commit() | ||
| 1159 | 377 | removeSecurityProxy(rule.repository.getActivity()).remove() | ||
| 1160 | 378 | with person_logged_in(members[1]): | ||
| 1161 | 379 | rule.setGrants([ | ||
| 1162 | 380 | IGitNascentRuleGrant({ | ||
| 1163 | 381 | "grantee_type": GitGranteeType.PERSON, | ||
| 1164 | 382 | "grantee": grantees[0], | ||
| 1165 | 383 | "can_push": True, | ||
| 1166 | 384 | }), | ||
| 1167 | 385 | ], members[1]) | ||
| 1168 | 386 | self.assertThat(rule.grants, MatchesSetwise( | ||
| 1169 | 387 | MatchesStructure( | ||
| 1170 | 388 | rule=Equals(rule), | ||
| 1171 | 389 | grantor=Equals(members[0]), | ||
| 1172 | 390 | grantee_type=Equals(GitGranteeType.PERSON), | ||
| 1173 | 391 | grantee=Equals(grantees[0]), | ||
| 1174 | 392 | can_create=Is(False), | ||
| 1175 | 393 | can_push=Is(True), | ||
| 1176 | 394 | can_force_push=Is(False), | ||
| 1177 | 395 | date_created=Equals(date_created), | ||
| 1178 | 396 | date_last_modified=Equals(date_created)))) | ||
| 1179 | 397 | self.assertThat(list(rule.repository.getActivity()), MatchesSetwise( | ||
| 1180 | 398 | MatchesStructure( | ||
| 1181 | 399 | repository=Equals(rule.repository), | ||
| 1182 | 400 | changer=Equals(members[1]), | ||
| 1183 | 401 | changee=Is(None), | ||
| 1184 | 402 | what_changed=Equals(GitActivityType.GRANT_REMOVED), | ||
| 1185 | 403 | old_value=MatchesDict({ | ||
| 1186 | 404 | "changee_type": Equals("Repository owner"), | ||
| 1187 | 405 | "ref_pattern": Equals(rule.ref_pattern), | ||
| 1188 | 406 | "can_create": Is(True), | ||
| 1189 | 407 | "can_push": Is(False), | ||
| 1190 | 408 | "can_force_push": Is(False), | ||
| 1191 | 409 | }), | ||
| 1192 | 410 | new_value=Is(None)), | ||
| 1193 | 411 | MatchesStructure( | ||
| 1194 | 412 | repository=Equals(rule.repository), | ||
| 1195 | 413 | changer=Equals(members[1]), | ||
| 1196 | 414 | changee=Equals(grantees[1]), | ||
| 1197 | 415 | what_changed=Equals(GitActivityType.GRANT_REMOVED), | ||
| 1198 | 416 | old_value=MatchesDict({ | ||
| 1199 | 417 | "changee_type": Equals("Person"), | ||
| 1200 | 418 | "ref_pattern": Equals(rule.ref_pattern), | ||
| 1201 | 419 | "can_create": Is(False), | ||
| 1202 | 420 | "can_push": Is(False), | ||
| 1203 | 421 | "can_force_push": Is(True), | ||
| 1204 | 422 | }), | ||
| 1205 | 423 | new_value=Is(None)), | ||
| 1206 | 424 | )) | ||
| 1207 | 425 | |||
| 1208 | 125 | def test_activity_rule_added(self): | 426 | def test_activity_rule_added(self): |
| 1209 | 126 | owner = self.factory.makeTeam() | 427 | owner = self.factory.makeTeam() |
| 1210 | 127 | member = self.factory.makePerson(member_of=[owner]) | 428 | member = self.factory.makePerson(member_of=[owner]) |
| 1211 | 128 | 429 | ||
| 1212 | === modified file 'lib/lp/services/fields/__init__.py' | |||
| 1213 | --- lib/lp/services/fields/__init__.py 2015-09-28 17:38:45 +0000 | |||
| 1214 | +++ lib/lp/services/fields/__init__.py 2018-10-16 15:29:23 +0000 | |||
| 1215 | @@ -1,10 +1,9 @@ | |||
| 1217 | 1 | # Copyright 2009-2012 Canonical Ltd. This software is licensed under the | 1 | # Copyright 2009-2018 Canonical Ltd. This software is licensed under the |
| 1218 | 2 | # GNU Affero General Public License version 3 (see the file LICENSE). | 2 | # GNU Affero General Public License version 3 (see the file LICENSE). |
| 1219 | 3 | 3 | ||
| 1220 | 4 | __metaclass__ = type | 4 | __metaclass__ = type |
| 1221 | 5 | __all__ = [ | 5 | __all__ = [ |
| 1222 | 6 | 'AnnouncementDate', | 6 | 'AnnouncementDate', |
| 1223 | 7 | 'FormattableDate', | ||
| 1224 | 8 | 'BaseImageUpload', | 7 | 'BaseImageUpload', |
| 1225 | 9 | 'BlacklistableContentNameField', | 8 | 'BlacklistableContentNameField', |
| 1226 | 10 | 'BugField', | 9 | 'BugField', |
| 1227 | @@ -13,10 +12,12 @@ | |||
| 1228 | 13 | 'Datetime', | 12 | 'Datetime', |
| 1229 | 14 | 'DuplicateBug', | 13 | 'DuplicateBug', |
| 1230 | 15 | 'FieldNotBoundError', | 14 | 'FieldNotBoundError', |
| 1231 | 15 | 'FormattableDate', | ||
| 1232 | 16 | 'IAnnouncementDate', | 16 | 'IAnnouncementDate', |
| 1233 | 17 | 'IBaseImageUpload', | 17 | 'IBaseImageUpload', |
| 1234 | 18 | 'IBugField', | 18 | 'IBugField', |
| 1235 | 19 | 'IDescription', | 19 | 'IDescription', |
| 1236 | 20 | 'IInlineObject', | ||
| 1237 | 20 | 'INoneableTextLine', | 21 | 'INoneableTextLine', |
| 1238 | 21 | 'IPersonChoice', | 22 | 'IPersonChoice', |
| 1239 | 22 | 'IStrippedTextLine', | 23 | 'IStrippedTextLine', |
| 1240 | @@ -26,6 +27,7 @@ | |||
| 1241 | 26 | 'IURIField', | 27 | 'IURIField', |
| 1242 | 27 | 'IWhiteboard', | 28 | 'IWhiteboard', |
| 1243 | 28 | 'IconImageUpload', | 29 | 'IconImageUpload', |
| 1244 | 30 | 'InlineObject', | ||
| 1245 | 29 | 'KEEP_SAME_IMAGE', | 31 | 'KEEP_SAME_IMAGE', |
| 1246 | 30 | 'LogoImageUpload', | 32 | 'LogoImageUpload', |
| 1247 | 31 | 'MugshotImageUpload', | 33 | 'MugshotImageUpload', |
| 1248 | @@ -71,6 +73,7 @@ | |||
| 1249 | 71 | Date, | 73 | Date, |
| 1250 | 72 | Datetime, | 74 | Datetime, |
| 1251 | 73 | Int, | 75 | Int, |
| 1252 | 76 | Object, | ||
| 1253 | 74 | Text, | 77 | Text, |
| 1254 | 75 | TextLine, | 78 | TextLine, |
| 1255 | 76 | Tuple, | 79 | Tuple, |
| 1256 | @@ -909,3 +912,12 @@ | |||
| 1257 | 909 | "for the target '%s'." % \ | 912 | "for the target '%s'." % \ |
| 1258 | 910 | (milestone_name, target.name)) | 913 | (milestone_name, target.name)) |
| 1259 | 911 | return milestone | 914 | return milestone |
| 1260 | 915 | |||
| 1261 | 916 | |||
| 1262 | 917 | class IInlineObject(IObject): | ||
| 1263 | 918 | """A marker for an object represented as a dict.""" | ||
| 1264 | 919 | |||
| 1265 | 920 | |||
| 1266 | 921 | @implementer(IInlineObject) | ||
| 1267 | 922 | class InlineObject(Object): | ||
| 1268 | 923 | """An object that is represented as a dict rather than a URL reference.""" | ||
| 1269 | 912 | 924 | ||
| 1270 | === modified file 'lib/lp/services/webservice/configure.zcml' | |||
| 1271 | --- lib/lp/services/webservice/configure.zcml 2015-04-28 15:22:46 +0000 | |||
| 1272 | +++ lib/lp/services/webservice/configure.zcml 2018-10-16 15:29:23 +0000 | |||
| 1273 | @@ -1,4 +1,4 @@ | |||
| 1275 | 1 | <!-- Copyright 2011 Canonical Ltd. This software is licensed under the | 1 | <!-- Copyright 2011-2018 Canonical Ltd. This software is licensed under the |
| 1276 | 2 | GNU Affero General Public License version 3 (see the file LICENSE). | 2 | GNU Affero General Public License version 3 (see the file LICENSE). |
| 1277 | 3 | --> | 3 | --> |
| 1278 | 4 | 4 | ||
| 1279 | @@ -84,6 +84,12 @@ | |||
| 1280 | 84 | provides="lazr.restful.interfaces.IFieldMarshaller" | 84 | provides="lazr.restful.interfaces.IFieldMarshaller" |
| 1281 | 85 | factory="lazr.restful.marshallers.ObjectLookupFieldMarshaller" | 85 | factory="lazr.restful.marshallers.ObjectLookupFieldMarshaller" |
| 1282 | 86 | /> | 86 | /> |
| 1283 | 87 | <adapter | ||
| 1284 | 88 | for="lp.services.fields.IInlineObject | ||
| 1285 | 89 | zope.publisher.interfaces.http.IHTTPRequest" | ||
| 1286 | 90 | provides="lazr.restful.interfaces.IFieldMarshaller" | ||
| 1287 | 91 | factory="lp.app.webservice.marshallers.InlineObjectFieldMarshaller" | ||
| 1288 | 92 | /> | ||
| 1289 | 87 | 93 | ||
| 1290 | 88 | <!-- The API documentation --> | 94 | <!-- The API documentation --> |
| 1291 | 89 | <browser:page | 95 | <browser:page |
I've applied most of your suggestions; thanks.