Skip to content

Commit

Permalink
Merge 397135b into 29a679f
Browse files Browse the repository at this point in the history
  • Loading branch information
@hluk
hluk committed Nov 30, 2023
2 parents 29a679f + 397135b commit a33962b
Show file tree
Hide file tree
Showing 5 changed files with 67 additions and 15 deletions.
29 changes: 28 additions & 1 deletion tests/test_api_v10.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -886,7 +886,7 @@ def test_permissions_endpoint(client):
"maintainers": ["alice@example.com"],
"_testcase_regex_pattern": "^kernel-qe",
"groups": ["devel", "qa"],
"users": ["alice@example.com"],
"users": ["alice"],
},
{
"name": "Greenwave Tests",
Expand Down Expand Up @@ -928,6 +928,33 @@ def test_permissions_endpoint(client):
assert f"<td>{config['PERMISSIONS'][1]['name']}</td>" in r.text


def test_permissions_endpoint_include_following(client):
config = {
'PERMISSIONS': [
{
"name": "Security",
"testcases": ["security.*"],
"groups": ["security"],
},
{
"name": "Development",
"testcases": ["*"],
"groups": ["devel"],
"testcases_ignore": ["security.*"],
}
]
}

with patch.dict(client.application.config, config):
r = client.get('/api/v1.0/permissions?testcase=security.test1')
assert r.status_code == 200, r.text
assert r.json == config['PERMISSIONS'][0:1]

r = client.get('/api/v1.0/permissions?testcase=security-not.test1')
assert r.status_code == 200, r.text
assert r.json == config['PERMISSIONS'][1:]


def test_config_endpoint_superusers(client):
config = {
'SUPERUSERS': ['alice', 'bob']
Expand Down
15 changes: 14 additions & 1 deletion waiverdb/api_v1.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -681,6 +681,18 @@ def get(self):
"""
Returns the waiver permissions.
Each entry has "testcases" (list of glob patterns for matching test
case name) and "users" or "groups".
Optional "testcases_ignore" (similar to "testcases") allows to ignore a
permission entry on a matching test case name.
The full list of users and groups permitted to waive given test case is
constructed by iterating the permissions in order and adding "users"
and "groups" from each permission entry which has at least one pattern
in "testcases" matching the test case name and no matching pattern in
"testcases_ignore".
**Sample response**:
.. sourcecode:: none
Expand All @@ -696,8 +708,9 @@ def get(self):
"name": "kernel-qe",
"maintainers": ["alice@example.com"],
"testcases": ["kernel-qe.*"],
"testcases_ignore": ["kernel-qe.unwaivable.*"],
"groups": ["devel", "qa"],
"users": ["alice@example.com"]
"users": ["alice@example.com"],
},
{
"name": "Greenwave Tests",
Expand Down
12 changes: 8 additions & 4 deletions waiverdb/authorization.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,13 +32,17 @@ def get_group_membership(ldap, user, con, ldap_search):
raise Unauthorized('Some error occurred initializing the LDAP connection.')


def match_testcase(testcase: str, patterns: dict[str, Any]):
return any(fnmatch(testcase, pattern) for pattern in patterns)


def match_testcase_permissions(testcase: str, permissions: list[dict[str, Any]]):
for permission in permissions:
if match_testcase(testcase, permission.get("testcases_ignore", [])):
continue

if "testcases" in permission:
testcase_match = any(
fnmatch(testcase, testcase_pattern)
for testcase_pattern in permission["testcases"]
)
testcase_match = match_testcase(testcase, permission["testcases"])
elif "_testcase_regex_pattern" in permission:
testcase_match = re.search(
permission["_testcase_regex_pattern"], testcase)
Expand Down
4 changes: 4 additions & 0 deletions waiverdb/templates/layout.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,10 @@
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-OERcA2EqjJCMA+/3y+gxIOqMEjwtxJY7qPCqsdltbNJuaOe923+mo//f6V8Qbsw3" crossorigin="anonymous"></script>
{% block scripts %}
{% endblock %}

<style>
tr ul { padding-left: 1rem; }
</style>
</head>

<body>
Expand Down
22 changes: 13 additions & 9 deletions waiverdb/templates/permissions.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,19 +21,23 @@
{% for p in permissions -%}
<tr>
<td>{{ p["name"] }}</td>
<td>{{ p["maintainers"] | map("urlize") | join(" ") | safe }}</td>
<td>{{ p["testcases"] | join("<br />") | replace('-', '&#8209;') | safe }}</td>
<td><ul>
{%- for maintainer in p["maintainers"] %}<li>{{ maintainer | urlize }}</li>{% endfor -%}
</ul></td>
<td><ul>
{%- if p["_testcase_regex_pattern"] -%}<li><code>/{{ p["_testcase_regex_pattern"] }}/</code></li>{%- endif -%}
{%- for testcase in p["testcases_ignore"] %}<li><b>NOT</b> <code>{{ testcase }}</code></li>{% endfor -%}
{%- for testcase in p["testcases"] %}<li><code>{{ testcase }}</code></li>{% endfor -%}
</ul></td>
<td>
{% if p["groups"] | length > 0 -%}
<span class="font-weight-bold">Groups:</span><br />
{{ p["groups"] | join("<br />") | replace('-', '&#8209;') | safe }}
{% if p["users"] | length > 0 -%}
<br />
{%- endif %}
<b>Groups:</b>
<ul>{%- for group in p["groups"] %}<li>{{ group }}</li>{% endfor -%}</ul>
{%- endif %}

{% if p["users"] | length > 0 -%}
<span class="font-weight-bold">Users:</span><br />
{{ p["users"] | join("<br />") | replace('-', '&#8209;') | safe }}
<b>Users:</b>
<ul>{%- for user in p["users"] %}<li>{{ user }}</li>{% endfor -%}</ul>
{%- endif %}
</td>
</tr>
Expand Down

0 comments on commit a33962b

Please sign in to comment.