From 3afeeaccd0df5b38ed974d826acb4f1c4bac8fde Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= Date: Thu, 20 Oct 2016 12:57:59 +0200 Subject: [PATCH] Removed permission keys from node type definitions. This prevents replace_pillar_node_type_schemas() from overwriting existing permissions. --- pillar/api/node_types/asset.py | 2 -- pillar/api/node_types/blog.py | 8 ----- pillar/api/node_types/comment.py | 2 -- pillar/api/node_types/group.py | 2 -- pillar/api/node_types/page.py | 1 - pillar/api/node_types/post.py | 1 - pillar/api/node_types/storage.py | 7 ---- pillar/tests/common_test_data.py | 21 ++++-------- tests/test_api/test_auth.py | 10 +++--- tests/test_api/test_cli.py | 55 ++++++++++++++++++++++++++++++++ 10 files changed, 68 insertions(+), 41 deletions(-) create mode 100644 tests/test_api/test_cli.py diff --git a/pillar/api/node_types/asset.py b/pillar/api/node_types/asset.py index 7383ec80..f379f1ba 100644 --- a/pillar/api/node_types/asset.py +++ b/pillar/api/node_types/asset.py @@ -69,6 +69,4 @@ node_type_asset = { 'tags': {'visible': False}, 'categories': {'visible': False} }, - 'permissions': { - } } diff --git a/pillar/api/node_types/blog.py b/pillar/api/node_types/blog.py index 45c82b97..9cd0d6e3 100644 --- a/pillar/api/node_types/blog.py +++ b/pillar/api/node_types/blog.py @@ -18,12 +18,4 @@ node_type_blog = { 'template': {}, }, 'parent': ['project',], - 'permissions': { - # 'groups': [{ - # 'group': app.config['ADMIN_USER_GROUP'], - # 'methods': ['GET', 'PUT', 'POST'] - # }], - # 'users': [], - # 'world': ['GET'] - } } diff --git a/pillar/api/node_types/comment.py b/pillar/api/node_types/comment.py index adbd25e0..42eca2ff 100644 --- a/pillar/api/node_types/comment.py +++ b/pillar/api/node_types/comment.py @@ -65,6 +65,4 @@ node_type_comment = { 'is_reply': {} }, 'parent': ['asset', 'comment'], - 'permissions': { - } } diff --git a/pillar/api/node_types/group.py b/pillar/api/node_types/group.py index 1f71eecb..5d27b010 100644 --- a/pillar/api/node_types/group.py +++ b/pillar/api/node_types/group.py @@ -28,6 +28,4 @@ node_type_group = { 'notes': {'visible': False}, 'order': {'visible': False} }, - 'permissions': { - } } diff --git a/pillar/api/node_types/page.py b/pillar/api/node_types/page.py index 3b8a0482..83b94d7e 100644 --- a/pillar/api/node_types/page.py +++ b/pillar/api/node_types/page.py @@ -50,5 +50,4 @@ node_type_page = { 'attachments': {'visible': False}, }, 'parent': ['project', ], - 'permissions': {} } diff --git a/pillar/api/node_types/post.py b/pillar/api/node_types/post.py index 024d31df..f7904c71 100644 --- a/pillar/api/node_types/post.py +++ b/pillar/api/node_types/post.py @@ -55,5 +55,4 @@ node_type_post = { 'attachments': {'visible': False}, }, 'parent': ['blog', ], - 'permissions': {} } diff --git a/pillar/api/node_types/storage.py b/pillar/api/node_types/storage.py index bc573529..def05206 100644 --- a/pillar/api/node_types/storage.py +++ b/pillar/api/node_types/storage.py @@ -27,11 +27,4 @@ node_type_storage = { 'backend': {} }, 'parent': ['group', 'project'], - 'permissions': { - # 'groups': [{ - # 'group': app.config['ADMIN_USER_GROUP'], - # 'methods': ['GET', 'PUT', 'POST'] - # }], - # 'users': [], - } } diff --git a/pillar/tests/common_test_data.py b/pillar/tests/common_test_data.py index 1bf30b57..423eb4a3 100644 --- a/pillar/tests/common_test_data.py +++ b/pillar/tests/common_test_data.py @@ -56,8 +56,7 @@ EXAMPLE_PROJECT = { u'url': {u'type': u'string'}}, u'form_schema': {u'order': {}, u'status': {}, u'url': {}}, u'name': u'group_texture', - u'parent': [u'group_texture', u'project'], - u'permissions': {}}, + u'parent': [u'group_texture', u'project']}, {u'description': u'Generic group node type edited', u'dyn_schema': {u'notes': {u'maxlength': 256, u'type': u'string'}, u'order': {u'type': u'integer'}, @@ -66,8 +65,7 @@ EXAMPLE_PROJECT = { u'url': {u'type': u'string'}}, u'form_schema': {u'notes': {}, u'order': {}, u'status': {}, u'url': {}}, u'name': u'group', - u'parent': [u'group', u'project'], - u'permissions': {}}, + u'parent': [u'group', u'project']}, {u'description': u'Basic Asset Type', u'dyn_schema': { u'attachments': {u'schema': {u'schema': {u'field': {u'type': u'string'}, @@ -107,8 +105,7 @@ EXAMPLE_PROJECT = { u'status': {}, u'tags': {}}, u'name': u'asset', - u'parent': [u'group'], - u'permissions': {}}, + u'parent': [u'group']}, {u'description': u'Entrypoint to a remote or local storage solution', u'dyn_schema': {u'backend': {u'type': u'string'}, u'subdir': {u'type': u'string'}}, @@ -145,16 +142,14 @@ EXAMPLE_PROJECT = { u'ratings': {}, u'status': {}}, u'name': u'comment', - u'parent': [u'asset', u'comment'], - u'permissions': {}}, + u'parent': [u'asset', u'comment']}, {u'description': u'Container for node_type post.', u'dyn_schema': {u'categories': {u'schema': {u'type': u'string'}, u'type': u'list'}, u'template': {u'type': u'string'}}, u'form_schema': {u'categories': {}, u'template': {}}, u'name': u'blog', - u'parent': [u'project'], - u'permissions': {}}, + u'parent': [u'project']}, {u'description': u'A blog post, for any project', u'dyn_schema': { u'attachments': {u'schema': {u'schema': {u'field': {u'type': u'string'}, @@ -189,8 +184,7 @@ EXAMPLE_PROJECT = { u'status': {}, u'url': {}}, u'name': u'post', - u'parent': [u'blog'], - u'permissions': {}}, + u'parent': [u'blog']}, {u'description': u'Image Texture', u'dyn_schema': {u'aspect_ratio': {u'type': u'float'}, u'categories': {u'type': u'string'}, @@ -230,8 +224,7 @@ EXAMPLE_PROJECT = { u'status': {}, u'tags': {}}, u'name': u'texture', - u'parent': [u'group'], - u'permissions': {}}], + u'parent': [u'group']}], u'nodes_blog': [], u'nodes_featured': [], u'nodes_latest': [], diff --git a/tests/test_api/test_auth.py b/tests/test_api/test_auth.py index c938334b..fa216052 100644 --- a/tests/test_api/test_auth.py +++ b/tests/test_api/test_auth.py @@ -18,15 +18,17 @@ EXAMPLE_PROJECT = copy.deepcopy(ctd.EXAMPLE_PROJECT) _texture_nt = next(nt for nt in EXAMPLE_PROJECT['node_types'] if nt['name'] == 'texture') -_texture_nt['permissions']['groups'] = [ +_texture_nt['permissions'] = {'groups': [ {u'group': ObjectId('5596e975ea893b269af85c0f'), u'methods': [u'GET']}, - {u'group': ObjectId('564733b56dcaf85da2faee8a'), u'methods': [u'GET']}, ] + {u'group': ObjectId('564733b56dcaf85da2faee8a'), u'methods': [u'GET']} +]} _asset_nt = next(nt for nt in EXAMPLE_PROJECT['node_types'] if nt['name'] == 'asset') -_asset_nt['permissions']['groups'] = [ +_asset_nt['permissions'] = {'groups': [ {u'group': ObjectId('5596e975ea893b269af85c0f'), u'methods': [u'DELETE', u'GET']}, - {u'group': ObjectId('564733b56dcaf85da2faee8a'), u'methods': [u'GET']}] + {u'group': ObjectId('564733b56dcaf85da2faee8a'), u'methods': [u'GET']} +]} class AuthenticationTests(AbstractPillarTest): diff --git a/tests/test_api/test_cli.py b/tests/test_api/test_cli.py new file mode 100644 index 00000000..b1b83b00 --- /dev/null +++ b/tests/test_api/test_cli.py @@ -0,0 +1,55 @@ +from __future__ import absolute_import + +from pillar.tests import AbstractPillarTest +from pillar.tests import common_test_data as ctd + + +class PatchCommentTest(AbstractPillarTest): + def setUp(self, **kwargs): + AbstractPillarTest.setUp(self, **kwargs) + + # Create a project that doesn't reference non-existing files, so that + # Eve can actually PUT it later without validation errors. + self.project_id, self.proj = self.ensure_project_exists(project_overrides={ + 'picture_square': None, + 'picture_header': None, + }) + + def test_replace_pillar_node_type_schemas(self): + from pillar.api.node_types.group import node_type_group + from pillar.cli import replace_pillar_node_type_schemas + + group_perms = {u'group': ctd.EXAMPLE_PROJECT_READONLY_GROUP_ID, + u'methods': [u'POST', u'PUT']} + + # Assign some permissions to the node types, so we're sure they don't get overwritten. + with self.app.app_context(): + proj_coll = self.app.db()['projects'] + proj_coll.update_one( + {'_id': self.project_id, + 'node_types.name': 'asset'}, + {'$push': {'node_types.$.permissions.groups': group_perms}} + ) + + # Run the CLI command + with self.app.test_request_context(): + replace_pillar_node_type_schemas(proj_url=self.proj['url']) + + # Fetch the project again from MongoDB + with self.app.app_context(): + proj_coll = self.app.db()['projects'] + dbproj = proj_coll.find_one(self.project_id) + + # Perform our tests + def nt(node_type_name): + found = [nt for nt in dbproj['node_types'] + if nt['name'] == node_type_name] + return found[0] + + # Test that the node types were updated + nt_group = nt('group') + self.assertEqual(node_type_group['description'], nt_group['description']) + + # Test that the permissions set previously are still there. + nt_asset = nt('asset') + self.assertEqual([group_perms], nt_asset['permissions']['groups'])