Add missing permission checks in runs/get_case_runs.html

[ivo0126]

Fixes #716

[codecov-io]

Codecov Report

Merging #750 into master will decrease coverage by 6.44%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master     #750      +/-   ##
==========================================
- Coverage   73.42%   66.97%   -6.45%     
==========================================
  Files         111      114       +3     
  Lines        4753     5893    +1140     
  Branches      607      782     +175     
==========================================
+ Hits         3490     3947     +457     
- Misses       1041     1706     +665     
- Partials      222      240      +18

Impacted Files	Coverage Δ
tcms/urls.py	73.33% <0%> (-3.81%)	⬇️
tcms/testcases/forms.py	79.06% <0%> (-2.39%)	⬇️
tcms/settings/common.py	96.36% <0%> (-2.03%)	⬇️
tcms/core/templatetags/extra_filters.py	87.5% <0%> (-1.39%)	⬇️
tcms/issuetracker/types.py	35.25% <0%> (-0.6%)	⬇️
tcms/testplans/models.py	75.96% <0%> (-0.37%)	⬇️
tcms/testplans/views.py	63.67% <0%> (-0.24%)	⬇️
tcms/kiwi_auth/forms.py	92.5% <0%> (-0.19%)	⬇️
tcms/xmlrpc/api/testplan.py	54.66% <0%> (-0.1%)	⬇️
tcms/testcases/views.py	60.42% <0%> (-0.03%)	⬇️
... and 30 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0473f32...a816615. Read the comment docs.

[coveralls]

Pull Request Test Coverage Report for Build 2407

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 64.489%

---

Totals
Change from base Build 2400:	0.0%
Covered Lines:	4016
Relevant Lines:	5825

---

💛 - Coveralls

[coveralls]

Pull Request Test Coverage Report for Build 3165

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 74.057%

---

Totals
Change from base Build 3152:	0.0%
Covered Lines:	3712
Relevant Lines:	4753

---

💛 - Coveralls

[atodorov]

Fix MissingPermissionsChecker visit_module booliean condition

• fix the typo in the commit log
• explain why you do this, not only what you have done

[atodorov]

Fix the commit log for the linter so I can cherry-pick it. The rest will need a lot more work before it is ready.

[atodorov]

you don't need a function that has only 2 lines. Repeating them, specially in tests is just fine. It saves you from having to go back and see what this function does.

[atodorov]

Not very nice. These should be separate test methods so that when something fails we know what failed. Otherwise when this method fails we have to spend the time to debug the entire menu and its permissions to figure out which exactly part failed.

While at it the menu_html list should become separate variables for each part of the menu.

[atodorov]

Same as above, separate test methods so we know what and when fails!

[atodorov]

testruns.change_testcaserun means to edit the TestCaseRun object, that is to be able to edit the recorded status of a test execution which we don't do.

Only the 'Update' and 'Assignee' actions in this menu are controlled by this permission so it is wrong to surround the entire sub-menu with it.

[atodorov]

Now this one should be controlled via testruns.change_testcaserun. Also the view handling this request is missing the permissions required decorator so you will have to create tests for it and add the missing decorator before continuing with the HTML template (better use a separate pull request)

[atodorov]

This one is also controlled by testruns.change_testcaserun so group it with the previous one. This time the backend portion has the permission decorator applied.

[atodorov]

testruns.change_testcaserun

[atodorov]

The backend ajax function doesn't use any permissions and should be removed in favor of existing JSON-RPC

[atodorov]

Same thing here, refactor to JSON-RPC first.

[atodorov]

Same thing here. No permissions used on the backend, must be refactored first to use JSON-RPC (TestCaseRun.add_comment). On the backend no permissions are enforced when adding comments and there are 2 duplicate helpers that do this.

[atodorov]

Do not change spaces if you are not changing anything else. It makes the PR harder to read/review and doesn't bring anything useful.

[atodorov]

Not resolved, revert white-space changes if nothing else changed.

[atodorov]

Method that only calls super() is useless. It doesn't do anything on its own and directly delegates to the parent class as if it didn't exist.

[atodorov]

setUp is executed before every test method, while setUpTestData is executed only once. Given that your testing data doesn't change between the various test methods you probably want this executed only once.

[atodorov]

I believe this is already done in one of the parent classes. Why do we need it?

[atodorov]

It would be best to have permissions assigned inside the test method and only assign/remove permissions for which we are testing. Nothing else! This will mean the tests are in their most strict form and will catch possible errors in the future where we mess up permissions.

[atodorov]

It is getting there, but there is still work to be done which will be very hard in such a big PR. You will have to start splitting this into smaller pieces so we can make progress on it:

1. For the Cases menu, there are permission label checks inside the template from before. However Rename model TestCaseRun to TestExecution #848 renames them. Do the following: Checkout PR 848 into a separate branch (git fetch upstream pull/848/head:pr848) and create a new branch on top of it. Cherry-pick only the tests commit and apply modifications to it:

• update the permission label names
• remove other test scenarios for the other menus
• Rename test class to reference only the Cases menu
• Rename test methods to not include the _get_ part

Then submit a new PR which we can review first!

2. For the Status menu permission labels seem to be OK, tests need some changes. This is independent of 1). Also the tests must be in their own class to avoid making the test class too big.

3. Bugs menu: you have extra white-space (tabs vs. space) in the template without any other changes. No permission labels in the template, no tests.

4. Comments menu: extra white space, missing permission label checks in template, no tests (there is the add_comment_html variable but it is unused.

So we're looking at 4 separate pull requests.

[atodorov]

You have to iterate over the html menu options, not the status objects in the database.

[atodorov]

This is not needed b/c assertContains will check if the status is OK

[atodorov]

All test names must end without the extra s.

[atodorov]

Not resolved, revert white-space changes if nothing else changed.