can add public repo permission update (#3241)

* can add public repo permission update to both "can_add_public_repo" and "ENABLE_USER_CREATE_ORG_REPO"
2025-08-02 07:47:32 +00:00 · 2019-04-13 10:05:52 +08:00 · 2019-04-13 10:05:52 +08:00 · 704778d788
commit 704778d788
parent fce77f9985
6 changed files with 135 additions and 11 deletions
--- a/seahub/base/accounts.py
+++ b/seahub/base/accounts.py
@ -180,10 +180,11 @@ class UserPermissions(object):
                return False
        elif self.user.is_staff:
            return True
-        elif self._get_perm_by_roles('can_add_public_repo'):
+        elif self._get_perm_by_roles('can_add_public_repo') and \
+                bool(config.ENABLE_USER_CREATE_ORG_REPO):
            return True
        else:
-            return bool(config.ENABLE_USER_CREATE_ORG_REPO)
+            return False

    def can_drag_drop_folder_to_sync(self):
        return self._get_perm_by_roles('can_drag_drop_folder_to_sync')
--- a/tests/api/endpoints/test_shared_repos.py
+++ b/tests/api/endpoints/test_shared_repos.py
@ -9,6 +9,7 @@ from seaserv import seafile_api
 from seahub.profile.models import Profile
 from seahub.test_utils import BaseTestCase, TRAVIS
 from tests.common.utils import randstring
+from mock import patch, MagicMock


 class SharedReposTest(BaseTestCase):
@ -219,6 +220,7 @@ class SharedReposTest(BaseTestCase):
        target_repo = [repo for repo in repos if repo.repo_id == self.org_repo.id]
        assert target_repo[0].permission == 'r'

+    @patch('seahub.base.accounts.UserPermissions.can_add_public_repo', MagicMock(return_value=True))
    def test_can_update_public_share_perm(self):
        for r in seaserv.seafserv_threaded_rpc.list_inner_pub_repos():
            seafile_api.remove_inner_pub_repo(r.repo_id)
@ -229,6 +231,7 @@ class SharedReposTest(BaseTestCase):
        assert repos[0].permission == 'rw'

        self.login_as(self.user)
+        assert self.user.permissions.can_add_public_repo() is True

        url = reverse('api-v2.1-shared-repo', args=[self.repo_id])
        data = 'permission=r&share_type=public'
@ -239,6 +242,15 @@ class SharedReposTest(BaseTestCase):
        repos = seafile_api.list_inner_pub_repos_by_owner(self.user_name)
        assert repos[0].permission == 'r'

+    def test_can_not_update_public_share_perm_when_add_public_repo_disabled(self):
+        self.login_as(self.user)
+        assert self.user.permissions.can_add_public_repo() is False
+
+        url = reverse('api-v2.1-shared-repo', args=[self.repo_id])
+        data = 'permission=r&share_type=public'
+        resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
+        self.assertEqual(403, resp.status_code)
+
    def test_delete_user_share(self):
        self.share_repo_to_user()

--- a/tests/api/test_public_repo.py
+++ b/tests/api/test_public_repo.py
@ -6,6 +6,7 @@ pytestmark = pytest.mark.django_db
 from seaserv import seafile_api, ccnet_threaded_rpc

 from seahub.test_utils import BaseTestCase
+from mock import patch, MagicMock


 class RepoPublicTest(BaseTestCase):
@ -44,14 +45,23 @@ class RepoPublicTest(BaseTestCase):
        json_resp = json.loads(resp.content)
        assert 'success' in json_resp

+    @patch('seahub.base.accounts.UserPermissions.can_add_public_repo', MagicMock(return_value=True))
    def test_user_can_set_pub_repo(self):
        self.login_as(self.user)
+        assert self.user.permissions.can_add_public_repo() is True

        resp = self.client.put(self.user_repo_url+'?share_type=public&permission=rw')
        self.assertEqual(200, resp.status_code)
        json_resp = json.loads(resp.content)
        assert 'success' in json_resp

+    def test_user_can_not_set_pub_repo_when_add_public_repo_disabled(self):
+        self.login_as(self.user)
+        assert self.user.permissions.can_add_public_repo() is False
+
+        resp = self.client.put(self.user_repo_url+'?share_type=public&permission=rw')
+        self.assertEqual(403, resp.status_code)
+
    def test_admin_can_set_pub_repo_when_setting_disalbed(self):
        assert bool(self.config.ENABLE_USER_CREATE_ORG_REPO) is True
        self.config.ENABLE_USER_CREATE_ORG_REPO = False
--- a/tests/api/test_shared_repo.py
+++ b/tests/api/test_shared_repo.py
@ -3,6 +3,7 @@ pytestmark = pytest.mark.django_db

 from seahub.test_utils import BaseTestCase
 from seaserv import seafile_api
+from mock import patch, MagicMock


 class SharedRepoTest(BaseTestCase):
@ -28,14 +29,24 @@ class SharedRepoTest(BaseTestCase):
        self.assertEqual(200, resp.status_code)
        assert "success" in resp.content

+    @patch('seahub.base.accounts.UserPermissions.can_add_public_repo', MagicMock(return_value=True))
    def test_user_can_share_repo_to_public(self):
        self.login_as(self.user)
+        assert self.user.permissions.can_add_public_repo() is True

        url = self.shared_repo_url % self.repo.id
        resp = self.client.put(url)
        self.assertEqual(200, resp.status_code)
        assert "success" in resp.content

+    def test_user_can_not_share_repo_to_public_when_add_public_repo_disabled(self):
+        self.login_as(self.user)
+        assert self.user.permissions.can_add_public_repo() is False
+
+        url = self.shared_repo_url % self.repo.id
+        resp = self.client.put(url)
+        self.assertEqual(403, resp.status_code)
+
    def test_admin_can_set_pub_repo_when_setting_disalbed(self):
        assert bool(self.config.ENABLE_USER_CREATE_ORG_REPO) is True
        self.config.ENABLE_USER_CREATE_ORG_REPO = False
--- a/tests/seahub/base/test_accounts.py
+++ b/tests/seahub/base/test_accounts.py
@ -3,6 +3,54 @@ from seahub.base.accounts import User, RegistrationForm

 from seahub.options.models import UserOptions
 from post_office.models import Email
+from django.core.urlresolvers import reverse
+from mock import patch
+
+
+TEST_ADD_PUBLIC_ENABLED_ROLE_PERMISSIONS = {
+    'default': {
+        'can_add_repo': True,
+        'can_add_group': True,
+        'can_view_org': True,
+        'can_add_public_repo': True,
+        'can_use_global_address_book': True,
+        'can_generate_share_link': True,
+        'can_generate_upload_link': True,
+        'can_send_share_link_mail': True,
+        'can_invite_guest': False,
+        'can_drag_drop_folder_to_sync': True,
+        'can_connect_with_android_clients': True,
+        'can_connect_with_ios_clients': True,
+        'can_connect_with_desktop_clients': True,
+        'can_export_files_via_mobile_client': True,
+        'storage_ids': [],
+        'role_quota': '',
+        'can_use_wiki': True,
+    },
+    'guest': {
+        'can_add_repo': False,
+        'can_add_group': False,
+        'can_view_org': False,
+        'can_add_public_repo': False,
+        'can_use_global_address_book': False,
+        'can_generate_share_link': False,
+        'can_generate_upload_link': False,
+        'can_send_share_link_mail': False,
+        'can_invite_guest': False,
+        'can_drag_drop_folder_to_sync': False,
+        'can_connect_with_android_clients': False,
+        'can_connect_with_ios_clients': False,
+        'can_connect_with_desktop_clients': False,
+        'can_export_files_via_mobile_client': False,
+        'storage_ids': [],
+        'role_quota': '',
+        'can_use_wiki': False,
+    },
+}
+
+CLOUD_MODE_TRUE = True
+MULTI_TENANCY_TRUE = True
+MULTI_TENANCY_FALSE = False

 class UserTest(BaseTestCase):
    def test_freeze_user(self):
@ -33,6 +81,10 @@ class UserTest(BaseTestCase):
        assert len(UserOptions.objects.filter(email=test_email)) == 0

 class UserPermissionsTest(BaseTestCase):
+    def setUp(self):
+        from constance import config
+        self.config = config
+
    def test_permissions(self):
        assert self.user.permissions.can_add_repo() is True
        assert self.user.permissions.can_add_group() is True
@ -48,6 +100,45 @@ class UserPermissionsTest(BaseTestCase):

        assert self.user.permissions.can_export_files_via_mobile_client() is True

+    def test_admin_permissions_can_add_public_repo(self):
+
+        assert self.admin.permissions.can_add_public_repo() is True
+
+    @patch('seahub.base.accounts.CLOUD_MODE', CLOUD_MODE_TRUE)
+    def test_CLOUD_MODE_permissions_can_add_public_repo(self):
+
+        with patch('seahub.base.accounts.MULTI_TENANCY', MULTI_TENANCY_TRUE):
+            assert self.user.permissions.can_add_public_repo() is True
+        with patch('seahub.base.accounts.MULTI_TENANCY', MULTI_TENANCY_FALSE):
+            assert self.user.permissions.can_add_public_repo() is False
+
+    def test_user_permissions_can_add_public_repo(self):
+        # both have
+        self.config.ENABLE_USER_CREATE_ORG_REPO = 1
+        assert bool(self.config.ENABLE_USER_CREATE_ORG_REPO) is True
+        with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_ADD_PUBLIC_ENABLED_ROLE_PERMISSIONS):
+            assert self.user.permissions._get_perm_by_roles('can_add_public_repo') is True
+            assert self.user.permissions.can_add_public_repo() is True
+
+        # only have can_add_public_repo
+        self.config.ENABLE_USER_CREATE_ORG_REPO = 0
+        assert bool(self.config.ENABLE_USER_CREATE_ORG_REPO) is False
+        with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_ADD_PUBLIC_ENABLED_ROLE_PERMISSIONS):
+            assert self.user.permissions._get_perm_by_roles('can_add_public_repo') is True
+            assert self.user.permissions.can_add_public_repo() is False
+
+        # only have ENABLE_USER_CREATE_ORG_REPO
+        self.config.ENABLE_USER_CREATE_ORG_REPO = 1
+        assert bool(self.config.ENABLE_USER_CREATE_ORG_REPO) is True
+        assert self.user.permissions._get_perm_by_roles('can_add_public_repo') is False
+        assert self.user.permissions.can_add_public_repo() is False
+
+        # neither have
+        self.config.ENABLE_USER_CREATE_ORG_REPO = 0
+        assert bool(self.config.ENABLE_USER_CREATE_ORG_REPO) is False
+        assert self.user.permissions._get_perm_by_roles('can_add_public_repo') is False
+        assert self.user.permissions.can_add_public_repo() is False
+

 class RegistrationFormTest(BaseTestCase):
    def setUp(self):
--- a/tests/seahub/views/init/test_libraries.py
+++ b/tests/seahub/views/init/test_libraries.py
@ -6,6 +6,8 @@ pytestmark = pytest.mark.django_db

 from seahub.options.models import UserOptions
 from seahub.test_utils import BaseTestCase
+from mock import patch, MagicMock
+

 class LibrariesTest(BaseTestCase):
    def setUp(self):
@ -36,16 +38,13 @@ class LibrariesTest(BaseTestCase):
        # user
        self.login_as(self.user)

-        self.config.ENABLE_USER_CREATE_ORG_REPO = 1
-        assert bool(self.config.ENABLE_USER_CREATE_ORG_REPO) is True
-
-        resp = self.client.get(self.url)
-        self.assertEqual(200, resp.status_code)
-        assert resp.context['can_add_public_repo'] is True
-
-        self.config.ENABLE_USER_CREATE_ORG_REPO = 0
-        assert bool(self.config.ENABLE_USER_CREATE_ORG_REPO) is False
+        # can_add_public_repo
+        with patch('seahub.base.accounts.UserPermissions.can_add_public_repo', MagicMock(return_value=True)):
+            resp = self.client.get(self.url)
+            self.assertEqual(200, resp.status_code)
+            assert resp.context['can_add_public_repo'] is True

+        # can_not_add_public_repo
        resp = self.client.get(self.url)
        self.assertEqual(200, resp.status_code)
        assert resp.context['can_add_public_repo'] is False