diff --git a/kojihub/kojihub.py b/kojihub/kojihub.py index d619785e..bbde0f88 100644 --- a/kojihub/kojihub.py +++ b/kojihub/kojihub.py @@ -13392,6 +13392,34 @@ class RootExports(object): user_info = get_user(userID, strict=True) return get_user_perms(user_info['id'], with_groups=with_groups) + def getUserPermsInheritance(self, userID): + """Get a dict of the permissions granted directly to user or inherited from groups + with the sources. + + :param int userID: User id + :returns dict[str, list[str]]: list of permissions with source (None/group) + """ + user_info = get_user(userID, strict=True) + perms = {} + for perm in get_user_perms(user_info['id'], with_groups=False): + perms[perm] = [None] + + query = QueryProcessor(tables=['user_groups'], + columns=['permissions.name', 'users.name'], + aliases=['permission', 'group'], + clauses=[ + 'user_groups.active IS TRUE', + 'user_perms.active IS TRUE', + 'user_groups.user_id=%(user_id)s'], + joins=[ + 'user_perms ON user_perms.user_id = user_groups.group_id', + 'permissions ON perm_id = permissions.id', + 'users ON user_groups.group_id = users.id'], + values={'user_id': user_info['id']}) + for row in query.execute(): + perms.setdefault(row['permission'], []).append(row['group']) + return perms + def getAllPerms(self): """Get a list of all permissions in the system. Returns a list of maps. Each map contains the following keys: diff --git a/tests/test_hub/test_get_user_perms.py b/tests/test_hub/test_get_user_perms.py index 52355e3d..9af6bf04 100644 --- a/tests/test_hub/test_get_user_perms.py +++ b/tests/test_hub/test_get_user_perms.py @@ -1,6 +1,7 @@ import mock import unittest import koji +from .utils import DBQueryTestCase import kojihub @@ -22,3 +23,36 @@ class TestGetUserPerms(unittest.TestCase): self.get_user.return_value = {'id': 123, 'name': 'testuser'} kojihub.RootExports().getUserPerms(123) self.get_user_perms.assert_called_once_with(123, with_groups=True) + + +class TestGetUserPermsInheritance(DBQueryTestCase): + def setUp(self): + super(TestGetUserPermsInheritance, self).setUp() + self.get_user = mock.patch('kojihub.kojihub.get_user').start() + self.get_user_perms = mock.patch('kojihub.kojihub.get_user_perms').start() + + def tearDown(self): + mock.patch.stopall() + + def test_no_user(self): + self.get_user.side_effect = koji.GenericError + with self.assertRaises(koji.GenericError): + kojihub.RootExports().getUserPermsInheritance(123) + self.get_user_perms.assert_not_called() + + def test_normal(self): + self.get_user.return_value = {'id': 123, 'name': 'testuser'} + self.get_user_perms.return_value = ['test1', 'test2'] + self.qp_execute_return_value = [ + {'permission': 'test2', 'group': 'group1'}, + {'permission': 'test3', 'group': 'group1'}, + {'permission': 'test3', 'group': 'group2'}, + ] + result = kojihub.RootExports().getUserPermsInheritance(123) + self.assertEqual(result, { + 'test1': [None], + 'test2': [None, 'group1'], + 'test3': ['group1', 'group2'], + }) + self.get_user.assert_called_once_with(123, strict=True) + self.get_user_perms.assert_called_once_with(123, with_groups=False) diff --git a/tests/test_lib/test_auth.py b/tests/test_lib/test_auth.py index 6428ec45..3ac4fefa 100644 --- a/tests/test_lib/test_auth.py +++ b/tests/test_lib/test_auth.py @@ -719,7 +719,7 @@ class TestAuthSession(unittest.TestCase): query = self.queries[1] self.assertEqual(query.tables, ['user_groups']) self.assertEqual(query.joins, [ - 'LEFT JOIN user_perms ON user_perms.user_id = user_groups.group_id', + 'user_perms ON user_perms.user_id = user_groups.group_id', 'permissions ON perm_id = permissions.id']) self.assertEqual(sorted(query.clauses), sorted([ 'user_groups.active IS TRUE',