foreman/test/unit/usergroup_test.rb @ 783fb4aa
9c0e127b | Paul Kelly | require 'test_helper'
|
|
class UsergroupTest < ActiveSupport::TestCase
|
|||
9fd7478e | Paul Kelly | setup do
|
|
e07f9a12 | Dominic Cleal | User.current = users :admin
|
|
9fd7478e | Paul Kelly | end
|
|
3035495f | Greg Sutcliffe | ||
9c0e127b | Paul Kelly | test "usergroups should be creatable" do
|
|
3035495f | Greg Sutcliffe | assert FactoryGirl.build(:usergroup).valid?
|
|
9c0e127b | Paul Kelly | end
|
|
test "name should be unique" do
|
|||
3035495f | Greg Sutcliffe | one = FactoryGirl.create(:usergroup)
|
|
two = FactoryGirl.build(:usergroup, :name => one.name)
|
|||
9c0e127b | Paul Kelly | ||
14e81700 | Tomas Strachota | refute two.valid?
|
|
end
|
|||
test "name can't be blank" do
|
|||
group = FactoryGirl.build(:usergroup, :name => "")
|
|||
refute group.valid?
|
|||
9c0e127b | Paul Kelly | end
|
|
test "name is unique across user as well as usergroup" do
|
|||
7a4ec5cf | Paul Kelly | user = User.create :auth_source => auth_sources(:one), :login => "user", :mail => "user@someware.com"
|
|
3035495f | Greg Sutcliffe | usergroup = FactoryGirl.build(:usergroup, :name => user.login)
|
|
9c0e127b | Paul Kelly | ||
14e81700 | Tomas Strachota | refute usergroup.valid?
|
|
9c0e127b | Paul Kelly | end
|
|
def populate_usergroups
|
|||
7a4ec5cf | Paul Kelly | @u1 = User.find_or_create_by_login :login => "u1", :mail => "u1@someware.com", :firstname => "u1", :auth_source => auth_sources(:one)
|
|
@u2 = User.find_or_create_by_login :login => "u2", :mail => "u2@someware.com", :firstname => "u2", :auth_source => auth_sources(:one)
|
|||
@u3 = User.find_or_create_by_login :login => "u3", :mail => "u3@someware.com", :firstname => "u3", :auth_source => auth_sources(:one)
|
|||
@u4 = User.find_or_create_by_login :login => "u4", :mail => "u4@someware.com", :firstname => "u4", :auth_source => auth_sources(:one)
|
|||
@u5 = User.find_or_create_by_login :login => "u5", :mail => "u5@someware.com", :firstname => "u5", :auth_source => auth_sources(:one)
|
|||
@u6 = User.find_or_create_by_login :login => "u6", :mail => "u6@someware.com", :firstname => "u6", :auth_source => auth_sources(:one)
|
|||
9c0e127b | Paul Kelly | ||
@ug1 = Usergroup.find_or_create_by_name :name => "ug1"
|
|||
@ug2 = Usergroup.find_or_create_by_name :name => "ug2"
|
|||
@ug3 = Usergroup.find_or_create_by_name :name => "ug3"
|
|||
@ug4 = Usergroup.find_or_create_by_name :name => "ug4"
|
|||
@ug5 = Usergroup.find_or_create_by_name :name => "ug5"
|
|||
@ug6 = Usergroup.find_or_create_by_name :name => "ug6"
|
|||
@ug1.users = [@u1, @u2]
|
|||
@ug2.users = [@u2, @u3]
|
|||
@ug3.users = [@u3, @u4]
|
|||
@ug3.usergroups = [@ug1]
|
|||
@ug4.usergroups = [@ug1, @ug2]
|
|||
@ug5.usergroups = [@ug1, @ug3, @ug4]
|
|||
@ug5.users = [@u5]
|
|||
end
|
|||
test "hosts should be retrieved from recursive/complex usergroup definitions" do
|
|||
populate_usergroups
|
|||
acb50a39 | Ohad Levy | disable_orchestration
|
|
9c0e127b | Paul Kelly | ||
43c4bd72 | Marek Hulan | @h1 = FactoryGirl.create(:host, :owner => @u1)
|
|
@h2 = FactoryGirl.create(:host, :owner => @ug2)
|
|||
@h3 = FactoryGirl.create(:host, :owner => @u3)
|
|||
@h4 = FactoryGirl.create(:host, :owner => @ug5)
|
|||
@h5 = FactoryGirl.create(:host, :owner => @u2)
|
|||
@h6 = FactoryGirl.create(:host, :owner => @ug3)
|
|||
017e1049 | Ohad Levy | assert_equal @u1.hosts.sort, [@h1]
|
|
assert_equal @u2.hosts.sort, [@h2, @h5]
|
|||
assert_equal @u3.hosts.sort, [@h2, @h3, @h6]
|
|||
assert_equal @u4.hosts.sort, [@h6]
|
|||
assert_equal @u5.hosts.sort, [@h2, @h4, @h6]
|
|||
assert_equal @u6.hosts.sort, []
|
|||
9c0e127b | Paul Kelly | end
|
|
test "addresses should be retrieved from recursive/complex usergroup definitions" do
|
|||
populate_usergroups
|
|||
017e1049 | Ohad Levy | assert_equal @ug1.recipients.sort, %w{u1@someware.com u2@someware.com}
|
|
assert_equal @ug2.recipients.sort, %w{u2@someware.com u3@someware.com}
|
|||
assert_equal @ug3.recipients.sort, %w{u1@someware.com u2@someware.com u3@someware.com u4@someware.com}
|
|||
assert_equal @ug4.recipients.sort, %w{u1@someware.com u2@someware.com u3@someware.com}
|
|||
assert_equal @ug5.recipients.sort, %w{u1@someware.com u2@someware.com u3@someware.com u4@someware.com u5@someware.com}
|
|||
9c0e127b | Paul Kelly | end
|
|
test "cannot be destroyed when in use by a host" do
|
|||
316a4ccd | Ohad Levy | disable_orchestration
|
|
9c0e127b | Paul Kelly | @ug1 = Usergroup.find_or_create_by_name :name => "ug1"
|
|
e14b5758 | Greg Sutcliffe | @h1 = FactoryGirl.create(:host)
|
|
90b83222 | Ohad Levy | @h1.update_attributes :owner => @ug1
|
|
9c0e127b | Paul Kelly | @ug1.destroy
|
|
017e1049 | Ohad Levy | assert_equal @ug1.errors.full_messages[0], "ug1 is used by #{@h1}"
|
|
9c0e127b | Paul Kelly | end
|
|
acfbc458 | Marek Hulan | test "can be destroyed when in use by another usergroup, it removes association automatically" do
|
|
9c0e127b | Paul Kelly | @ug1 = Usergroup.find_or_create_by_name :name => "ug1"
|
|
@ug2 = Usergroup.find_or_create_by_name :name => "ug2"
|
|||
@ug1.usergroups = [@ug2]
|
|||
acfbc458 | Marek Hulan | assert @ug1.destroy
|
|
assert @ug2.reload
|
|||
assert_empty UsergroupMember.where(:member_id => @ug2.id)
|
|||
9c0e127b | Paul Kelly | end
|
|
test "removes user join model records" do
|
|||
ug1 = Usergroup.find_or_create_by_name :name => "ug1"
|
|||
7a4ec5cf | Paul Kelly | u1 = User.find_or_create_by_login :login => "u1", :mail => "u1@someware.com", :auth_source => auth_sources(:one)
|
|
9c0e127b | Paul Kelly | ug1.users = [u1]
|
|
assert_difference('UsergroupMember.count', -1) do
|
|||
ug1.destroy
|
|||
end
|
|||
end
|
|||
9fd7478e | Paul Kelly | ||
acfbc458 | Marek Hulan | test "removes all cached_user_roles when roles are disassociated" do
|
|
user = FactoryGirl.create(:user)
|
|||
record = FactoryGirl.create(:usergroup)
|
|||
record.users = [user]
|
|||
one = FactoryGirl.create(:role)
|
|||
two = FactoryGirl.create(:role)
|
|||
9fd7478e | Paul Kelly | ||
acfbc458 | Marek Hulan | record.roles = [one, two]
|
|
a0bd5bb2 | Maria Nita | assert_equal 3, user.reload.cached_user_roles.size
|
|
9fd7478e | Paul Kelly | ||
acfbc458 | Marek Hulan | assert record.update_attributes(:role_ids => [ two.id ])
|
|
a0bd5bb2 | Maria Nita | assert_equal 2, user.reload.cached_user_roles.size
|
|
9fd7478e | Paul Kelly | ||
acfbc458 | Marek Hulan | record.role_ids = [ ]
|
|
assert_equal 1, user.reload.cached_user_roles.size
|
|||
9fd7478e | Paul Kelly | ||
a0bd5bb2 | Maria Nita | assert record.update_attribute(:role_ids, [ one.id ])
|
|
acfbc458 | Marek Hulan | assert_equal 2, user.reload.cached_user_roles.size
|
|
a0bd5bb2 | Maria Nita | ||
record.roles << two
|
|||
assert_equal 3, user.reload.cached_user_roles.size
|
|||
9fd7478e | Paul Kelly | end
|
|
2ef6f4da | Daniel Lobato | test 'add_users is case insensitive and does not add nonexistent users' do
|
|
d5953972 | Jan Pazdziora | usergroup = FactoryGirl.create(:usergroup)
|
|
2ef6f4da | Daniel Lobato | usergroup.send(:add_users, ['OnE', 'TwO', 'tHREE'])
|
|
d5953972 | Jan Pazdziora | ||
# users 'one' 'two' are defined in fixtures, 'three' is not defined
|
|||
e07f9a12 | Dominic Cleal | assert_equal ['one', 'two'], usergroup.users.map(&:login).sort
|
|
d5953972 | Jan Pazdziora | end
|
|
2ef6f4da | Daniel Lobato | test 'remove_users removes user list and is case insensitive' do
|
|
d5953972 | Jan Pazdziora | usergroup = FactoryGirl.create(:usergroup)
|
|
2ef6f4da | Daniel Lobato | usergroup.send(:add_users, ['OnE', 'tWo'])
|
|
assert_equal ['one', 'two'], usergroup.users.map(&:login).sort
|
|||
d5953972 | Jan Pazdziora | ||
2ef6f4da | Daniel Lobato | usergroup.send(:remove_users, ['ONE', 'TWO'])
|
|
d5953972 | Jan Pazdziora | assert_equal [], usergroup.users
|
|
end
|
|||
e07f9a12 | Dominic Cleal | test "can remove the admin flag from the group when another admin exists" do
|
|
usergroup = FactoryGirl.create(:usergroup, :admin => true)
|
|||
admin1 = FactoryGirl.create(:user)
|
|||
admin2 = FactoryGirl.create(:user, :admin => true)
|
|||
usergroup.users = [admin1]
|
|||
User.unscoped.except_hidden.only_admin.where('login NOT IN (?)', [admin1.login, admin2.login]).destroy_all
|
|||
usergroup.admin = false
|
|||
assert_valid usergroup
|
|||
end
|
|||
test "cannot remove the admin flag from the group providing the last admin account(s)" do
|
|||
usergroup = FactoryGirl.create(:usergroup, :admin => true)
|
|||
admin = FactoryGirl.create(:user)
|
|||
usergroup.users = [admin]
|
|||
User.unscoped.except_hidden.only_admin.where('login <> ?', admin.login).destroy_all
|
|||
usergroup.admin = false
|
|||
refute_valid usergroup, :admin, /last admin account/
|
|||
end
|
|||
test "cannot destroy the group providing the last admin accounts" do
|
|||
usergroup = FactoryGirl.create(:usergroup, :admin => true)
|
|||
admin = FactoryGirl.create(:user)
|
|||
usergroup.users = [admin]
|
|||
User.unscoped.except_hidden.only_admin.where('login <> ?', admin.login).destroy_all
|
|||
refute_with_errors usergroup.destroy, usergroup, :base, /last admin user group/
|
|||
end
|
|||
d5953972 | Jan Pazdziora | ||
3a36bdf6 | Stephen Benjamin | test "receipients_for provides subscribers of notification recipients" do
|
|
users = [FactoryGirl.create(:user, :with_mail_notification), FactoryGirl.create(:user)]
|
|||
notification = users[0].mail_notifications.first.name
|
|||
usergroup = FactoryGirl.create(:usergroup)
|
|||
usergroup.users << users
|
|||
recipients = usergroup.recipients_for(notification)
|
|||
assert_equal recipients, [users[0]]
|
|||
end
|
|||
acfbc458 | Marek Hulan | # TODO test who can modify usergroup roles and who can assign users!!! possible privileges escalation
|
|
9fd7478e | Paul Kelly | ||
6421fa1c | Daniel Lobato | context 'external usergroups' do
|
|
setup do
|
|||
@usergroup = FactoryGirl.create(:usergroup)
|
|||
@external = @usergroup.external_usergroups.new(:auth_source_id => FactoryGirl.create(:auth_source_ldap).id,
|
|||
:name => 'aname')
|
|||
LdapFluff.any_instance.stubs(:ldap).returns(Net::LDAP.new)
|
|||
end
|
|||
test "can be associated with external_usergroups" do
|
|||
LdapFluff.any_instance.stubs(:valid_group?).returns(true)
|
|||
assert @external.save
|
|||
assert @usergroup.external_usergroups.include? @external
|
|||
end
|
|||
test "won't save if usergroup is not in LDAP" do
|
|||
LdapFluff.any_instance.stubs(:valid_group?).returns(false)
|
|||
refute @external.save
|
|||
assert_equal @external.errors.first, [:name, 'is not found in the authentication source']
|
|||
end
|
|||
test "delete user if not in LDAP directory" do
|
|||
0fd7412f | Dominic Cleal | LdapFluff.any_instance.stubs(:valid_group?).with('aname').returns(false)
|
|
6421fa1c | Daniel Lobato | @usergroup.users << users(:one)
|
|
@usergroup.save
|
|||
0fd7412f | Dominic Cleal | AuthSourceLdap.any_instance.expects(:users_in_group).with('aname').returns([])
|
|
6421fa1c | Daniel Lobato | @usergroup.external_usergroups.select { |eu| eu.name == 'aname'}.first.refresh
|
|
refute_includes @usergroup.users, users(:one)
|
|||
end
|
|||
test "add user if in LDAP directory" do
|
|||
0fd7412f | Dominic Cleal | LdapFluff.any_instance.stubs(:valid_group?).with('aname').returns(true)
|
|
6421fa1c | Daniel Lobato | @usergroup.save
|
|
0fd7412f | Dominic Cleal | AuthSourceLdap.any_instance.expects(:users_in_group).with('aname').returns([users(:one).login])
|
|
6421fa1c | Daniel Lobato | @usergroup.external_usergroups.select { |eu| eu.name == 'aname'}.first.refresh
|
|
assert_includes @usergroup.users, users(:one)
|
|||
end
|
|||
test "keep user if in LDAP directory" do
|
|||
0fd7412f | Dominic Cleal | LdapFluff.any_instance.stubs(:valid_group?).with('aname').returns(true)
|
|
6421fa1c | Daniel Lobato | @usergroup.users << users(:one)
|
|
@usergroup.save
|
|||
0fd7412f | Dominic Cleal | AuthSourceLdap.any_instance.expects(:users_in_group).with('aname').returns([users(:one).login])
|
|
6421fa1c | Daniel Lobato | @usergroup.external_usergroups.select { |eu| eu.name == 'aname'}.first.refresh
|
|
assert_includes @usergroup.users, users(:one)
|
|||
end
|
|||
end
|
|||
9c0e127b | Paul Kelly | end
|