diff options
author | Alex Legler <alex@a3li.li> | 2011-09-04 01:24:31 +0200 |
---|---|---|
committer | Alex Legler <alex@a3li.li> | 2011-09-04 01:24:31 +0200 |
commit | d9c95b12ab63093adc60ad3b45a79af089c27373 (patch) | |
tree | 95bba8cce0a215988eaa92254a86f807456245d8 /test | |
parent | Mark output html_safe in the glsa txt view (diff) | |
download | glsamaker-d9c95b12ab63093adc60ad3b45a79af089c27373.tar.gz glsamaker-d9c95b12ab63093adc60ad3b45a79af089c27373.tar.bz2 glsamaker-d9c95b12ab63093adc60ad3b45a79af089c27373.zip |
Add tests to properly test permissions throughout the application
Diffstat (limited to 'test')
-rw-r--r-- | test/fixtures/glsas.yml | 17 | ||||
-rw-r--r-- | test/fixtures/revisions.yml | 20 | ||||
-rw-r--r-- | test/fixtures/users.yml | 45 | ||||
-rw-r--r-- | test/functional/admin/index_controller_test.rb | 4 | ||||
-rw-r--r-- | test/functional/admin/templates_controller_test.rb | 4 | ||||
-rw-r--r-- | test/functional/admin/users_controller_test.rb | 4 | ||||
-rw-r--r-- | test/functional/glsa_controller_test.rb | 81 | ||||
-rw-r--r-- | test/integration/authentication_test.rb | 20 | ||||
-rw-r--r-- | test/test_helper.rb | 29 |
9 files changed, 209 insertions, 15 deletions
diff --git a/test/fixtures/glsas.yml b/test/fixtures/glsas.yml index be4ea3b..e5e93e3 100644 --- a/test/fixtures/glsas.yml +++ b/test/fixtures/glsas.yml @@ -4,4 +4,19 @@ glsa_one: glsa_two: id: 2 - glsa_id: GLSA-200901-02
\ No newline at end of file + glsa_id: GLSA-200901-02 + +restricted_glsa: + id: 3 + glsa_id: GLSA-201101-01 + restricted: true + status: draft + requester: 1 + submitter: 1 + +contributor_draft: + id: 4 + glsa_id: deadbabe + status: draft + requester: 4 + submitter: 4
\ No newline at end of file diff --git a/test/fixtures/revisions.yml b/test/fixtures/revisions.yml index dafe454..26e97ad 100644 --- a/test/fixtures/revisions.yml +++ b/test/fixtures/revisions.yml @@ -28,4 +28,24 @@ revision_three: title: GLSA 2 access: remote severity: high + description: blah + +revision_four: + id: 4 + glsa_id: 3 + revid: 0 + user_id: 1 + title: GLSA 3 (restricted) + access: remote + severity: high + description: blah + +revision_five: + id: 5 + glsa_id: 4 + revid: 0 + user_id: 1 + title: GLSA 4 (contributor draft) + access: remote + severity: high description: blah
\ No newline at end of file diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml index a4ba4de..6292256 100644 --- a/test/fixtures/users.yml +++ b/test/fixtures/users.yml @@ -1,12 +1,47 @@ test_user: id: 1 login: test - name: foo - email: foo@bar.org + name: Tim Est + email: user@localhost.invalid test_admin: id: 2 login: admin - name: Admin - email: ad@min.invalid - jefe: true
\ No newline at end of file + name: Alex Dmin + email: admin@localhost.invalid + jefe: true + +test_locked: + id: 3 + login: locked + name: Leroy Ocked + email: locked@localhost.invalid + disabled: true + +test_contributor: + id: 4 + login: contributor + name: Carl Ontributor + email: contributor@localhost.invalid + access: 0 + +test_padawan: + id: 5 + login: padawan + name: Peter Adawan + email: padawan@localhost.invalid + access: 1 + +test_member: + id: 6 + login: member + name: Mike Ember + email: member@localhost.invalid + access: 2 + +test_confidential_member: + id: 7 + login: confidential_member + name: James Bond + email: confidential_member@localhost.invalid + access: 3
\ No newline at end of file diff --git a/test/functional/admin/index_controller_test.rb b/test/functional/admin/index_controller_test.rb index b6d0cd1..443aec6 100644 --- a/test/functional/admin/index_controller_test.rb +++ b/test/functional/admin/index_controller_test.rb @@ -2,13 +2,13 @@ require 'test_helper' class Admin::IndexControllerTest < ActionController::TestCase test "should work for admins" do - @request.env['HTTP_AUTHORIZATION'] = basic_auth_creds('admin', GLSAMAKER_DEVEL_PASSWORD) + log_in_as :admin get :index assert_response :success end test "should not grant access to regular users" do - @request.env['HTTP_AUTHORIZATION'] = basic_auth_creds('test', GLSAMAKER_DEVEL_PASSWORD) + log_in_as :user get :index assert_redirected_to :controller => '/index', :action => 'error', :type => 'access' end diff --git a/test/functional/admin/templates_controller_test.rb b/test/functional/admin/templates_controller_test.rb index 37b8680..38c972b 100644 --- a/test/functional/admin/templates_controller_test.rb +++ b/test/functional/admin/templates_controller_test.rb @@ -3,11 +3,11 @@ require 'test_helper' class Admin::TemplatesControllerTest < ActionController::TestCase setup do @template = templates(:one) - @request.env['HTTP_AUTHORIZATION'] = basic_auth_creds('admin', GLSAMAKER_DEVEL_PASSWORD) + log_in_as :admin end test "should not grant access to regular users" do - @request.env['HTTP_AUTHORIZATION'] = basic_auth_creds('test', GLSAMAKER_DEVEL_PASSWORD) + log_in_as :user get :index assert_redirected_to :controller => '/index', :action => 'error', :type => 'access' end diff --git a/test/functional/admin/users_controller_test.rb b/test/functional/admin/users_controller_test.rb index ea0a0c1..03976e7 100644 --- a/test/functional/admin/users_controller_test.rb +++ b/test/functional/admin/users_controller_test.rb @@ -2,13 +2,13 @@ require 'test_helper' class Admin::UsersControllerTest < ActionController::TestCase test "should work for admins" do - @request.env['HTTP_AUTHORIZATION'] = basic_auth_creds('admin', GLSAMAKER_DEVEL_PASSWORD) + log_in_as :admin get :index assert_response :success end test "should not grant access to regular users" do - @request.env['HTTP_AUTHORIZATION'] = basic_auth_creds('test', GLSAMAKER_DEVEL_PASSWORD) + log_in_as :user get :index assert_redirected_to :controller => '/index', :action => 'error', :type => 'access' end diff --git a/test/functional/glsa_controller_test.rb b/test/functional/glsa_controller_test.rb index bc0900b..e68c570 100644 --- a/test/functional/glsa_controller_test.rb +++ b/test/functional/glsa_controller_test.rb @@ -1,8 +1,83 @@ require 'test_helper' class GlsaControllerTest < ActionController::TestCase - # Replace this with your real tests. - test "the truth" do - assert true + fixtures :glsas + + def setup + @actions = [:show, :edit, :update, :diff, :prepare_release, :release, :import_references] + end + + # Basic tests for the four permission groups + test "should apply contributor permissions for restricted advisories correctly" do + @actions.each do |action| + log_in_as :contributor + get action, :id => glsas(:restricted_glsa).id + assert_access_denied "Failed action: #{action.to_s}" + end + end + + test "should apply padawan permissions for restricted advisories correctly" do + @actions.each do |action| + log_in_as :padawan + get action, :id => glsas(:restricted_glsa).id + assert_access_denied "Failed action: #{action.to_s}" + end + end + + test "should apply regular member permissions for restricted advisories correctly" do + @actions.each do |action| + log_in_as :full_member + get action, :id => glsas(:restricted_glsa).id + assert_access_denied "Failed action: #{action.to_s}" + end + end + + test "should apply confidential member permissions for restricted advisories correctly" do + @actions.each do |action| + next if action == :update # TODO + next if action == :diff # TODO + + next if action == :prepare_release # Confidential drafts cannot be released + next if action == :release # ditto + + log_in_as :confidential_member + get action, :id => glsas(:restricted_glsa).id + assert_response :success, "Failed action: #{action.to_s}" + end end + + # Specific tests for contributors + test "should apply contributor permissions for their own drafts correctly" do + @actions.each do |action| + next if action == :update # TODO + next if action == :diff # TODO + + next if action == :prepare_release # Off-limits for contributors + next if action == :release # ditto + + log_in_as :contributor + get action, :id => glsas(:contributor_draft).id + assert_response :success, "Failed action: #{action.to_s}" + end + end + + test "should apply contributor permissions for other drafts correctly" do + @actions.each do |action| + log_in_as :contributor + get action, :id => glsas(:glsa_one).id + assert_access_denied "Failed action #{action.to_s}" + end + end + + test "should not allow padawans to release advisories" do + log_in_as :padawan + get :prepare_release, :id => glsas(:glsa_one).id + assert_access_denied "Prepare release test failed" + + log_in_as :padawan + get :release, :id => glsas(:glsa_one).id + assert_access_denied "Release tes failed" + end + + # TODO: listing pages end diff --git a/test/integration/authentication_test.rb b/test/integration/authentication_test.rb new file mode 100644 index 0000000..9ace8f8 --- /dev/null +++ b/test/integration/authentication_test.rb @@ -0,0 +1,20 @@ +require 'test_helper' + +class AuthenticationTest < ActionDispatch::IntegrationTest + fixtures :all + + test "successful login" do + get '/', {}, { 'HTTP_AUTHORIZATION' => basic_auth_creds(users(:test_member).login, GLSAMAKER_DEVEL_PASSWORD) } + assert_response :success + end + + test "unknown user login" do + get '/', {}, { 'HTTP_AUTHORIZATION' => basic_auth_creds("doesnotexist", "invalidpassword") } + assert_response 401 + end + + test "locked user login" do + get '/', {}, { 'HTTP_AUTHORIZATION' => basic_auth_creds(users(:test_locked).login, GLSAMAKER_DEVEL_PASSWORD) } + assert_response 401 + end +end diff --git a/test/test_helper.rb b/test/test_helper.rb index 250533d..cef2b00 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -16,4 +16,33 @@ class ActiveSupport::TestCase def basic_auth_creds(user, password) ActionController::HttpAuthentication::Basic.encode_credentials(user, password) end + + # Logs in as a user. Available users are + # :user, :admin, :contributor, :padawan, :full_member, :confidential_member, :locked_user + def log_in_as(who) + user = nil + case who + when :user + user = users(:test_user).login + when :locked_user + user = users(:test_locked).login + when :admin + user = users(:test_admin).login + when :contributor + user = users(:test_contributor).login + when :padawan + user = users(:test_padawan).login + when :full_member + user = users(:test_member).login + when :confidential_member + user = users(:test_confidential_member).login + end + + raise "Invalid user" if user.nil? + @request.env['HTTP_AUTHORIZATION'] = basic_auth_creds(user, GLSAMAKER_DEVEL_PASSWORD) + end + + def assert_access_denied(message = nil) + assert_redirected_to({:controller => '/index', :action => 'error', :type => 'access'}, message) + end end
\ No newline at end of file |