particle-os/debian-koji
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

PR#1733: allow tag or target permissions as appropriate (on master)

Browse source 
Merges #1733
https://pagure.io/koji/pull-request/1733

Fixes: #1729
https://pagure.io/koji/issue/1729
koji CLI still checks for admin permission instead of tag/target/host
This commit is contained in:
Tomas Kopecek 2019-10-31 11:40:22 +01:00
commit 353eefea1d
5 changed files with 23 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

32
cli/koji_cli/commands.py
View file

@ -64,8 +64,8 @@ def handle_add_group(goptions, session, args):
group = args[1]
activate_session(session, goptions)
if not session.hasPerm('admin'):
print("This action requires admin privileges")
if not (session.hasPerm('admin') or session.hasPerm('tag')):
print("This action requires tag or admin privileges")
return 1
dsttag = session.getTag(tag)
@ -95,8 +95,8 @@ def handle_block_group(goptions, session, args):
group = args[1]
activate_session(session, goptions)
if not session.hasPerm('admin'):
print("This action requires admin privileges")
if not (session.hasPerm('admin') or session.hasPerm('tag')):
print("This action requires tag or admin privileges")
return 1
dsttag = session.getTag(tag)
@ -3397,8 +3397,8 @@ def handle_clone_tag(goptions, session, args):
assert False # pragma: no cover
activate_session(session, goptions)
if not session.hasPerm('admin') and not options.test:
parser.error(_("This action requires admin privileges"))
if not options.test and not (session.hasPerm('admin') or session.hasPerm('tag')):
parser.error(_("This action requires tag or admin privileges"))
if args[0] == args[1]:
parser.error(_('Source and destination tags must be different.'))
@ -3850,8 +3850,8 @@ def handle_add_target(goptions, session, args):
#most targets have the same name as their destination
dest_tag = name
activate_session(session, goptions)
if not session.hasPerm('admin'):
print("This action requires admin privileges")
if not (session.hasPerm('admin') or session.hasPerm('target')):
print("This action requires target or admin privileges")
return 1
chkbuildtag = session.getTag(build_tag)
@ -3885,8 +3885,8 @@ def handle_edit_target(goptions, session, args):
assert False # pragma: no cover
activate_session(session, goptions)
if not session.hasPerm('admin'):
print("This action requires admin privileges")
if not (session.hasPerm('admin') or session.hasPerm('target')):
print("This action requires target or admin privileges")
return
targetInfo = session.getBuildTarget(args[0])
@ -3928,8 +3928,8 @@ def handle_remove_target(goptions, session, args):
assert False # pragma: no cover
activate_session(session, goptions)
if not session.hasPerm('admin'):
print("This action requires admin privileges")
if not (session.hasPerm('admin') or session.hasPerm('target')):
print("This action requires target or admin privileges")
return
target = args[0]
@ -3953,8 +3953,8 @@ def handle_remove_tag(goptions, session, args):
assert False # pragma: no cover
activate_session(session, goptions)
if not session.hasPerm('admin'):
print("This action requires admin privileges")
if not (session.hasPerm('admin') or session.hasPerm('tag')):
print("This action requires tag or admin privileges")
return
tag = args[0]
@ -4953,8 +4953,8 @@ def handle_add_tag(goptions, session, args):
parser.error(_("Please specify a name for the tag"))
assert False # pragma: no cover
activate_session(session, goptions)
if not session.hasPerm('admin'):
print("This action requires admin privileges")
if not (session.hasPerm('admin') or session.hasPerm('tag')):
print("This action requires tag or admin privileges")
return
opts = {}
if options.parent:

5
tests/test_cli/test_add_group.py
View file

@ -129,12 +129,13 @@ class TestAddGroup(unittest.TestCase):
# Run it and check immediate output
rv = handle_add_group(options, session, arguments)
actual = stdout.getvalue()
expected = 'This action requires admin privileges\n'
expected = 'This action requires tag or admin privileges\n'
self.assertMultiLineEqual(actual, expected)
# Finally, assert that things were called as we expected.
activate_session_mock.assert_called_once_with(session, options)
session.hasPerm.assert_called_once_with('admin')
session.hasPerm.assert_has_calls([mock.call('admin'),
mock.call('tag')])
session.getTag.assert_not_called()
session.getTagGroups.assert_not_called()
session.groupListAdd.assert_not_called()

2
tests/test_cli/test_add_tag.py
View file

@ -44,7 +44,7 @@ class TestAddTag(utils.CliTestCase):
activate_session=None)
# Case 2. not admin account
expected = "This action requires admin privileges\n"
expected = "This action requires tag or admin privileges\n"
session.hasPerm.return_value = None
handle_add_tag(options, session, ['test-tag'])
self.assert_console_message(stdout, expected)

2
tests/test_cli/test_block_group.py
View file

@ -123,6 +123,6 @@ class TestBlockGroup(utils.CliTestCase):
session.hasPerm.return_value = False
rv = handle_block_group(options, session, ['tag', 'grp'])
self.assert_console_message(
stdout, 'This action requires admin privileges\n')
stdout, 'This action requires tag or admin privileges\n')
self.assertEqual(rv, 1)
activate_session_mock.assert_called_with(session, options)

4
tests/test_cli/test_clone_tag.py
View file

@ -59,10 +59,10 @@ clone-tag will create the destination tag if it does not already exist
self.session,
args,
stderr=self.format_error_message(
"This action requires admin privileges"),
"This action requires tag or admin privileges"),
activate_session=None)
self.activate_session.assert_called_once()
self.session.hasPerm.assert_called_once_with('admin')
self.session.hasPerm.assert_has_calls([call('admin'), call('tag')])
def test_handle_clone_tag_same_tag(self):
args = ['src-tag', 'src-tag']