93
106
[membership.team.name
94
107
for membership in self.person.team_memberships])
111
class TestTeamLimitedViewAccess(TestCaseWithFactory):
112
"""Tests for team limitedView access via the webservice."""
114
layer = AppServerLayer
117
super(TestTeamLimitedViewAccess, self).setUp()
118
flag = 'disclosure.extra_private_team_LimitedView_security.enabled'
119
flags = FeatureFixture({flag: 'true'})
121
self.addCleanup(flags.cleanUp)
123
# Make a private team.
124
team_owner = self.factory.makePerson()
125
db_team = self.factory.makeTeam(
126
name='private-team', owner=team_owner,
127
visibility=PersonVisibility.PRIVATE,
128
subscription_policy=TeamSubscriptionPolicy.RESTRICTED)
129
# Create a P3A for the team.
130
with person_logged_in(team_owner):
131
getUtility(IArchiveSet).new(
132
owner=db_team, purpose=ArchivePurpose.PPA,
133
private=True, name='private-ppa')
134
# Create an authorised user with limitedView permission on the team.
135
# We do that by subscribing the team and the user to the same
137
self.bug_owner = self.factory.makePerson()
138
bug = self.factory.makeBug(owner=self.bug_owner, private=True)
139
self.authorised_person = self.factory.makePerson()
140
with person_logged_in(self.bug_owner):
141
bug.subscribe(db_team, self.bug_owner)
142
bug.subscribe(self.authorised_person, self.bug_owner)
144
self.factory.makeProduct(name='some-product', bug_supervisor=db_team)
147
def test_unauthorised_cannot_see_team(self):
148
# Test that an unauthorised user cannot see the team.
149
some_person = self.factory.makePerson()
150
launchpad = self.factory.makeLaunchpadService(some_person)
151
with ExpectedException(KeyError, '.*'):
152
launchpad.people['private-team']
154
def test_unauthorised_cannot_navigate_to_team_details(self):
155
# Test that a user cannot get a team reference from another model
156
# object and use that to access unauthorised details.
157
some_person = self.factory.makePerson()
158
launchpad = self.factory.makeLaunchpadService(some_person)
159
team = launchpad.projects['some-product'].bug_supervisor
160
failure_regex = '.*permission to see.*'
161
with ExpectedException(ValueError, failure_regex):
164
def test_authorised_user_can_see_team_limitedView_details(self):
165
# Test that a user with limitedView permission can access the team and
166
# see attributes/methods on the IPersonLimitedView interface.
167
launchpad = self.factory.makeLaunchpadService(self.authorised_person)
168
team = launchpad.people['private-team']
169
self.assertEqual('private-team', team.name)
170
ppa = team.getPPAByName(name='private-ppa')
171
self.assertEqual('private-ppa', ppa.name)
173
def test_authorised_user_cannot_see_restricted_team_details(self):
174
# Test that a user with limitedView permission on a team cannot see
175
# prohibited detail, like attributes on IPersonViewRestricted.
176
launchpad = self.factory.makeLaunchpadService(self.authorised_person)
177
team = launchpad.people['private-team']
178
self.assertIn(':redacted', team.homepage_content)
179
failure_regex = '(.|\n)*api_activemembers.*launchpad.View(.|\n)*'
180
with ExpectedException(Unauthorized, failure_regex):
181
members = team.members
182
print members.total_size