<div dir="ltr"><br><br><div class="gmail_quote"><div dir="ltr">On Thu, May 17, 2018 at 7:08 PM Fam Zheng <<a href="mailto:famz@redhat.com">famz@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">On Thu, 05/17 18:49, Shubham Jain wrote:<br>
> The test check for:<br>
> - user that is not a maintainer of any project should not result in any message being imported<br>
> - user that is not a maintainer of a project, but is in the importer groups, should result in the message being imported to all recognized projects<br>
> - user that is a maintainer of a project and is not in the importer group, should result in the message being imported to recognized & maintained projects<br>
<br>
The commit message is misleading. You want to mention the code change as well.<br>
<br></blockquote><div>I'll try to write better commit message next time.  </div><div><div class="gmail-adm"><div id="gmail-q_667" class="gmail-ajR gmail-h4"></div></div></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
> ---<br>
>  api/rest.py        | 19 +++++++++++++++----<br>
>  tests/test_rest.py | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++----<br>
>  2 files changed, 65 insertions(+), 8 deletions(-)<br>
> <br>
> diff --git a/api/rest.py b/api/rest.py<br>
> index 94b3162..3499250 100644<br>
> --- a/api/rest.py<br>
> +++ b/api/rest.py<br>
> @@ -48,6 +48,12 @@ class PatchewPermission(permissions.BasePermission):<br>
>      def has_project_permission(self, request, view, obj):<br>
>          return obj.maintained_by(request.user)<br>
>  <br>
> +    def has_maintainer_permission(self, request, view):<br>
> +        for p in Project.objects.all():<br>
> +            if p.maintained_by(request.user):<br>
> +                return True<br>
> +        return False<br>
> +                <br>
>      def has_message_permission(self, request, view, obj):<br>
>          return obj.project.maintained_by(request.user)<br>
>  <br>
> @@ -60,7 +66,8 @@ class PatchewPermission(permissions.BasePermission):<br>
>      def has_generic_permission(self, request, view):<br>
>          return (request.method in permissions.SAFE_METHODS) or \<br>
>                 self.is_superuser(request) or \<br>
> -               self.has_group_permission(request, view)<br>
> +               self.has_group_permission(request, view) or \<br>
> +               self.has_maintainer_permission(request, view)<br>
<br>
Does this do what we want? If the user maintains ANY project, it gets the<br>
permission, regardless of the project in request, which may not be the same one.<br>
<br></blockquote><div>Changing it to just IsAuthenticated class as Paolo suggested   </div><span class="gmail-im"></span><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
>  <br>
>      def has_permission(self, request, view):<br>
>          return self.has_generic_permission(request, view) or \<br>
> @@ -394,9 +401,13 @@ class MessagesViewSet(BaseMessageViewSet):<br>
>      parser_classes = (JSONParser, MessagePlainTextParser, )<br>
>      <br>
>      def create(self, request, *args, **kwargs):<br>
> -        projects = [p for p in Project.objects.all() if p.recognizes(MboxMessage(self.request.data['mbox']))]<br>
> -        if 'importers' not in self.request.user.groups.all():<br>
> -            projects = set(projects) & set([p for p in Project.objects.all() if p.maintained_by(self.request.user)])<br>
> +        m = MboxMessage(self.request.data['mbox'])<br>
> +        user_groups = request.user.groups.all()<br>
> +        user_group_names = [<a href="http://grp.name" rel="noreferrer" target="_blank">grp.name</a> for grp in user_groups]<br>
> +        if request.user.is_superuser or 'importers' in user_group_names:<br>
> +            projects = [p for p in Project.objects.all() if p.recognizes(m)]<br>
> +        else:<br>
> +            projects =  [p for p in Project.objects.all() if p.maintained_by(self.request.user)]<br>
<br>
I think the else branch should still union the p.recognizes() filtering.<br></blockquote><div>As you have mentioned in the test case below "test_maintainer_of_project_x_import_a_patch_to_project_y()", does this mean even if user is maintainer of one project, but result in message is simply imported to all the recognised project. If yes, why are we just not using only recognised condition? </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<br>
>          results = []<br>
>          for project in projects:<br>
>              serializer = self.get_serializer(data=request.data)<br>
> diff --git a/tests/test_rest.py b/tests/test_rest.py<br>
> index 2da5459..af21c7b 100755<br>
> --- a/tests/test_rest.py<br>
> +++ b/tests/test_rest.py<br>
> @@ -274,7 +274,7 @@ class RestTest(PatchewTestCase):<br>
>          self.assertEqual(resp_after.status_code, 404)<br>
>          self.assertEqual(resp_reply_after.status_code, 404)<br>
>  <br>
> -    def test_create_message(self):<br>
> +    def test_json_create_project_message(self):<br>
<br>
Why the renames? Should they belong to a separate patch?<br>
<br>
>          dp = self.get_data_path("0022-another-simple-patch.json.gz")<br>
>          with open(dp, "r") as f:<br>
>              data = f.read()<br>
> @@ -286,7 +286,7 @@ class RestTest(PatchewTestCase):<br>
>          self.assertEqual(resp.data['subject'], "[Qemu-devel] [PATCH v2 10/27] imx_fec: Reserve full 4K "<br>
>                           "page for the register file")<br>
>  <br>
> -    def test_create_text_message(self):<br>
> +    def test_text_create_project_message(self):<br>
>          dp = self.get_data_path("0004-multiple-patch-reviewed.mbox.gz")<br>
>          with open(dp, "r") as f:<br>
>              data = f.read()<br>
> @@ -297,7 +297,7 @@ class RestTest(PatchewTestCase):<br>
>          self.assertEqual(resp_get.status_code, 200)<br>
>          self.assertEqual(resp.data['subject'], "[Qemu-devel] [PATCH v4 0/2] Report format specific info for LUKS block driver")<br>
>  <br>
> -    def test_create_message_without_project_pk(self):<br>
> +    def test_json_create_message(self):<br>
>          dp = self.get_data_path("0024-multiple-project-patch.json.gz")<br>
>          with open(dp, "r") as f:<br>
>              data = f.read()<br>
> @@ -311,7 +311,7 @@ class RestTest(PatchewTestCase):<br>
>          resp_get2 = self.api_client.get(self.PROJECT_BASE_2 + "messages/<a href="http://20180223132311.26555-2-marcandre.lureau@redhat.com/" rel="noreferrer" target="_blank">20180223132311.26555-2-marcandre.lureau@redhat.com/</a>")<br>
>          self.assertEqual(resp_get2.status_code, 200)<br>
>  <br>
> -    def test_create_text_message_without_project_pk(self):<br>
> +    def test_text_create_message(self):<br>
>          dp = self.get_data_path("0023-multiple-project-patch.mbox.gz")<br>
>          with open(dp, "r") as f:<br>
>              data = f.read()<br>
> @@ -325,6 +325,52 @@ class RestTest(PatchewTestCase):<br>
>          resp_get2 = self.api_client.get(self.PROJECT_BASE_2 + "messages/<a href="http://20180223132311.26555-2-marcandre.lureau@redhat.com/" rel="noreferrer" target="_blank">20180223132311.26555-2-marcandre.lureau@redhat.com/</a>")<br>
>          self.assertEqual(resp_get2.status_code, 200)<br>
>  <br>
> +    def test_without_login_create_message(self):<br>
> +        dp = self.get_data_path("0022-another-simple-patch.json.gz")<br>
> +        with open(dp, "r") as f:<br>
> +            data = f.read()<br>
> +        resp = self.api_client.post(self.PROJECT_BASE + "messages/", data, content_type='message/rfc822')<br>
> +        self.assertEqual(resp.status_code, 403)<br>
> +<br>
> +    def test_non_maintainer_create_message(self):<br>
> +        self.create_user(username="test", password="userpass")<br>
> +        self.api_client.login(username="test", password="userpass")<br>
> +        dp = self.get_data_path("0023-multiple-project-patch.mbox.gz")<br>
> +        with open(dp, "r") as f:<br>
> +            data = f.read()<br>
> +        resp = self.api_client.post(self.REST_BASE + "messages/", data, content_type='message/rfc822')<br>
> +        self.assertEqual(resp.status_code, 403)<br>
> +<br>
> +    def test_maintainer_create_message(self):<br>
> +        test = self.create_user(username="test", password="userpass")<br>
> +        self.api_client.login(username="test", password="userpass")<br>
> +        self.p.maintainers = (test, )<br>
> +        dp = self.get_data_path("0023-multiple-project-patch.mbox.gz")<br>
> +        with open(dp, "r") as f:<br>
> +            data = f.read()<br>
> +        resp = self.api_client.post(self.REST_BASE + "messages/", data, content_type='message/rfc822')<br>
> +        self.assertEqual(resp.status_code, 201)<br>
> +        self.assertEqual(resp.data['count'], 1)<br>
> +        resp_get = self.api_client.get(self.PROJECT_BASE + "messages/<a href="http://20180223132311.26555-2-marcandre.lureau@redhat.com/" rel="noreferrer" target="_blank">20180223132311.26555-2-marcandre.lureau@redhat.com/</a>")<br>
> +        self.assertEqual(resp_get.status_code, 200)<br>
> +        resp_get2 = self.api_client.get(self.PROJECT_BASE_2 + "messages/<a href="http://20180223132311.26555-2-marcandre.lureau@redhat.com/" rel="noreferrer" target="_blank">20180223132311.26555-2-marcandre.lureau@redhat.com/</a>")<br>
> +        self.assertEqual(resp_get2.status_code, 404)<br>
> +<br>
> +    def test_importer_create_message(self):<br>
> +        dp = self.get_data_path("0023-multiple-project-patch.mbox.gz")<br>
> +        with open(dp, "r") as f:<br>
> +            data = f.read()<br>
> +        test = self.create_user(username="test", password="userpass", groups=['importers'])<br>
> +        self.api_client.login(username="test", password="userpass")<br>
> +        resp = self.api_client.post(self.REST_BASE + "messages/", data, content_type='message/rfc822')<br>
> +        self.assertEqual(resp.status_code, 201)<br>
> +        self.assertEqual(resp.data['count'], 2)<br>
> +        resp_get = self.api_client.get(self.PROJECT_BASE + "messages/<a href="http://20180223132311.26555-2-marcandre.lureau@redhat.com/" rel="noreferrer" target="_blank">20180223132311.26555-2-marcandre.lureau@redhat.com/</a>")<br>
> +        self.assertEqual(resp_get.status_code, 200)<br>
> +        self.assertEqual(resp_get.data['subject'], "[Qemu-devel] [PATCH 1/7] SecurityPkg/Tcg2Pei: drop Tcg2PhysicalPresenceLib dependency")<br>
> +        resp_get2 = self.api_client.get(self.PROJECT_BASE_2 + "messages/<a href="http://20180223132311.26555-2-marcandre.lureau@redhat.com/" rel="noreferrer" target="_blank">20180223132311.26555-2-marcandre.lureau@redhat.com/</a>")<br>
> +        self.assertEqual(resp_get2.status_code, 200)<br>
<br>
Please also add a "test_maintainer_of_project_x_import_a_patch_to_project_y()"<br>
case.<br>
<br>
Fam<br>
<br>
> +<br>
>      def test_message(self):<br>
>          series = self.apply_and_retrieve('0001-simple-patch.mbox.gz',<br>
>                                           <a href="http://self.p.id" rel="noreferrer" target="_blank">self.p.id</a>, '<a href="mailto:20160628014747.20971-1-famz@redhat.com" target="_blank">20160628014747.20971-1-famz@redhat.com</a>')<br>
> -- <br>
> 2.14.3 (Apple Git-98)<br>
> <br>
> _______________________________________________<br>
> Patchew-devel mailing list<br>
> <a href="mailto:Patchew-devel@redhat.com" target="_blank">Patchew-devel@redhat.com</a><br>
> <a href="https://www.redhat.com/mailman/listinfo/patchew-devel" rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/patchew-devel</a><br>
</blockquote></div></div>