summaryrefslogtreecommitdiffstats
path: root/testapi
diff options
context:
space:
mode:
authorthuva4 <tharma.thuva@gmail.com>2018-03-18 16:14:43 +0530
committerthuva4 <tharma.thuva@gmail.com>2018-03-18 16:14:43 +0530
commit5410727d88587663f0ef28e0fe399f7073e6cd7d (patch)
treedcfde6675f59f954847ff7160ecd278f0ccc3bf2 /testapi
parent3f179ccef8a3d49993ecdec58a008054288b622b (diff)
Add submitter check for testcase
prevent user(Non submitter) from create, update, delete a testcase tests are added Change-Id: I0c63dea7a6e0d3438802dd8c84e8a752ef7fe3f6 Signed-off-by: thuva4 <tharma.thuva@gmail.com>
Diffstat (limited to 'testapi')
-rw-r--r--testapi/opnfv_testapi/common/check.py12
-rw-r--r--testapi/opnfv_testapi/tests/unit/executor.py2
-rw-r--r--testapi/opnfv_testapi/tests/unit/handlers/test_base.py4
-rw-r--r--testapi/opnfv_testapi/tests/unit/handlers/test_testcase.py31
4 files changed, 36 insertions, 13 deletions
diff --git a/testapi/opnfv_testapi/common/check.py b/testapi/opnfv_testapi/common/check.py
index 18dc67d..09a9270 100644
--- a/testapi/opnfv_testapi/common/check.py
+++ b/testapi/opnfv_testapi/common/check.py
@@ -31,16 +31,22 @@ def is_authorized(method):
raises.Unauthorized(message.not_lfid())
if method.__name__ == "_create":
kwargs['creator'] = testapi_id
- if self.table in ['projects']:
+ if self.table in ['projects', 'testcases']:
+ map_name = {
+ 'projects': 'name',
+ 'testcases': 'project_name'
+ }
+ group = "opnfv-gerrit-{}-submitters"
query = kwargs.get('query')
if type(query) is not dict:
query_data = query()
else:
- if self.json_args is None or 'name' not in self.json_args:
+ if (self.json_args is None or
+ map_name[self.table] not in self.json_args):
query_data = query
else:
query_data = self.json_args
- group = "opnfv-gerrit-" + query_data['name'] + "-submitters"
+ group = group.format(query_data[map_name[self.table]])
if group not in user_info['groups']:
raises.Unauthorized(message.no_permission())
ret = yield gen.coroutine(method)(self, *args, **kwargs)
diff --git a/testapi/opnfv_testapi/tests/unit/executor.py b/testapi/opnfv_testapi/tests/unit/executor.py
index d08782c..5a8d688 100644
--- a/testapi/opnfv_testapi/tests/unit/executor.py
+++ b/testapi/opnfv_testapi/tests/unit/executor.py
@@ -91,7 +91,7 @@ def delete(excepted_status, excepted_response):
def wrap(self):
request = delete_request(self)
if isinstance(request, tuple):
- status, body = self.delete(request[0], *(request[1]))
+ status, body = self.delete(*request)
else:
status, body = self.delete(request)
if excepted_status == httplib.OK:
diff --git a/testapi/opnfv_testapi/tests/unit/handlers/test_base.py b/testapi/opnfv_testapi/tests/unit/handlers/test_base.py
index 9a7bc5c..1fd3324 100644
--- a/testapi/opnfv_testapi/tests/unit/handlers/test_base.py
+++ b/testapi/opnfv_testapi/tests/unit/handlers/test_base.py
@@ -63,7 +63,8 @@ class TestBase(testing.AsyncHTTPTestCase):
'opnfv-gerrit-functest-submitters',
'opnfv-gerrit-qtip-submitters',
'opnfv-gerrit-qtip-contributors',
- 'opnfv-gerrit-apex-submitters']
+ 'opnfv-gerrit-apex-submitters',
+ 'opnfv-gerrit-noProject-submitters']
})
def tearDown(self):
@@ -158,7 +159,6 @@ class TestBase(testing.AsyncHTTPTestCase):
res = self.fetch(url,
method='DELETE',
headers=self.headers)
-
return res.code, res.body
def delete(self, *args):
diff --git a/testapi/opnfv_testapi/tests/unit/handlers/test_testcase.py b/testapi/opnfv_testapi/tests/unit/handlers/test_testcase.py
index 97325e2..e0ce381 100644
--- a/testapi/opnfv_testapi/tests/unit/handlers/test_testcase.py
+++ b/testapi/opnfv_testapi/tests/unit/handlers/test_testcase.py
@@ -32,7 +32,6 @@ class TestCaseBase(base.TestBase):
self.update_res = tcm.Testcase
self.basePath = '/api/v1/projects/%s/cases'
fake_pymongo.projects.insert(self.project_e.format())
- print self.req_d.format()
self.results_d = rm.ResultCreateRequest.from_dict(
self.load_json('test_result'))
@@ -72,8 +71,8 @@ class TestCaseBase(base.TestBase):
return super(TestCaseBase, self).update(new, self.project, case)
@executor.mock_valid_lfid()
- def delete(self, case):
- return super(TestCaseBase, self).delete(self.project, case)
+ def delete(self, case=None, project=None):
+ return super(TestCaseBase, self).delete(project, case)
class TestCaseCreate(TestCaseBase):
@@ -81,6 +80,11 @@ class TestCaseCreate(TestCaseBase):
def test_noBody(self):
return None
+ @executor.create(httplib.FORBIDDEN, message.no_permission())
+ def test_unauthorized(self):
+ self.project = 'newProject'
+ return self.req_d
+
@executor.create(httplib.FORBIDDEN, message.not_found_base)
def test_noProject(self):
self.project = 'noProject'
@@ -154,6 +158,12 @@ class TestCaseUpdate(TestCaseBase):
self.create_e()
return self.update_req, self.req_d.name
+ @executor.update(httplib.FORBIDDEN, message.no_permission())
+ def test_unauthorized(self):
+ update_req_e = tcm.TestcaseUpdateRequest(project_name="newProject",
+ **self.req_e.format())
+ return update_req_e, self.req_d.name
+
@executor.update(httplib.FORBIDDEN, message.no_update())
def test_noUpdate(self):
update = tcm.TestcaseUpdateRequest(project_name=self.project,
@@ -184,19 +194,26 @@ class TestCaseDelete(TestCaseBase):
fake_pymongo.testcases.insert({
'name': self.results_d.case_name,
'project_name': self.results_d.project_name})
+ fake_pymongo.testcases.insert({
+ 'name': 'newCase',
+ 'project_name': 'newProject'})
@executor.delete(httplib.NOT_FOUND, message.not_found_base)
def test_notFound(self):
- return 'notFound'
+ return 'notFound', self.project
+
+ @executor.delete(httplib.FORBIDDEN, message.no_permission())
+ def test_unauthorized(self):
+ return 'newCase', 'newProject'
@executor.delete(httplib.UNAUTHORIZED, message.tied_with_resource())
def test_deleteNotAllowed(self):
- print self.create_help('/api/v1/results', self.results_d)
- return self.results_d.case_name
+ self.create_help('/api/v1/results', self.results_d)
+ return self.results_d.case_name, self.project
@executor.delete(httplib.OK, '_delete_success')
def test_success(self):
- return self.req_d.name
+ return self.req_d.name, self.project
def _delete_success(self, body):
self.assertEqual(body, '')