@@ -33,19 +33,14 @@ class VariableLookupKeysControllerTest < ActionController::TestCase
assert_redirected_to variable_lookup_keys_path
end

def setup_user
@request.session[:user] = users(:one).id
users(:one).roles = [Role.default, Role.find_by_name('Viewer')]
end

test 'user with viewer rights should fail to edit an external variable' do
setup_user
setup_users
get :edit, {:id => VariableLookupKey.first.id}, set_session_user.merge(:user => users(:one).id)
assert_equal response.status, 403
end

test 'user with viewer rights should succeed in viewing external variables' do
setup_user
setup_users
get :index, {}, set_session_user.merge(:user => users(:one).id)
assert_response :success
end
@@ -6,6 +6,8 @@
factory :domain do
sequence(:name) {|n| "example#{n}.com" }
fullname { |n| n.name }
organizations { [Organization.find_by_name('Organization 1')] } if SETTINGS[:organizations_enabled]
locations { [Location.find_by_name('Location 1')] } if SETTINGS[:locations_enabled]

trait :with_parameter do
after(:create) do |domain,evaluator|
@@ -17,6 +17,8 @@ def set_nic_attributes(host, attributes, evaluator)
sequence(:name) { |n| "ptable#{n}" }
layout 'zerombr\nclearpart --all --initlabel\npart /boot --fstype ext3 --size=<%= 10 * 10 %> --asprimary\npart / --f stype ext3 --size=1024 --grow\npart swap --recommended'
os_family 'Redhat'
organizations { [Organization.find_by_name('Organization 1')] } if SETTINGS[:organizations_enabled]
locations { [Location.find_by_name('Location 1')] } if SETTINGS[:locations_enabled]

trait :ubuntu do
sequence(:name) { |n| "ubuntu default#{n}" }
@@ -110,6 +112,8 @@ def set_nic_attributes(host, attributes, evaluator)
sequence(:name) { |n| "host#{n}" }
sequence(:hostname) { |n| "host#{n}" }
root_pass 'xybxa6JUkz63w'
organization { Organization.find_by_name('Organization 1') } if SETTINGS[:organizations_enabled]
location { Location.find_by_name('Location 1') } if SETTINGS[:locations_enabled]

# This allows a test to declare build/create(:host, :ip => '1.2.3.4') and
# have the primary interface correctly updated with the specified attrs
@@ -232,8 +236,6 @@ def set_nic_attributes(host, attributes, evaluator)
architecture { operatingsystem.try(:architectures).try(:first) }
medium { operatingsystem.try(:media).try(:first) }
ptable { operatingsystem.try(:ptables).try(:first) }
location
organization
domain
interfaces { [ FactoryGirl.build(:nic_primary_and_provision) ] }
association :operatingsystem, :with_associations
@@ -431,6 +433,8 @@ def set_nic_attributes(host, attributes, evaluator)

factory :hostgroup do
sequence(:name) { |n| "hostgroup#{n}" }
organizations { [Organization.find_by_name('Organization 1')] } if SETTINGS[:organizations_enabled]
locations { [Location.find_by_name('Location 1')] } if SETTINGS[:locations_enabled]

trait :with_parent do
association :parent, :factory => :hostgroup
@@ -2,6 +2,9 @@
factory :smart_proxy do
sequence(:name) {|n| "proxy#{n}" }
sequence(:url) {|n| "https://somewhere#{n}.net:8443" }
organizations { [Organization.find_by_name('Organization 1')] } if SETTINGS[:organizations_enabled]
locations { [Location.find_by_name('Location 1')] } if SETTINGS[:locations_enabled]

before(:create, :build, :build_stubbed) do
ProxyAPI::Features.any_instance.stubs(:features => Feature.name_map.keys)
end
@@ -6,6 +6,8 @@
factory :subnet do
sequence(:name) {|n| "subnet#{n}" }
ipam "None"
organizations { [Organization.find_by_name('Organization 1')] } if SETTINGS[:organizations_enabled]
locations { [Location.find_by_name('Location 1')] } if SETTINGS[:locations_enabled]

trait :tftp do
association :tftp, :factory => :template_smart_proxy
@@ -14,6 +14,8 @@
auth_source { AuthSourceInternal.first }
password 'password'
sequence(:login) {|n| "user#{n}" }
organizations { [ Organization.find_by_name('Organization 1') ] }
locations { [ Location.find_by_name('Location 1') ] }

trait :admin do
admin { true }
@@ -4,21 +4,11 @@
# model remove the '{}' from the fixture names and add the columns immediately
# below each fixture, per the syntax in the comments below
#
one:
taxonomy: location1
taxable: one
taxable_type: "Subnet"

two:
taxonomy: location1
taxable: one
taxable_type: "SmartProxy"

three:
taxonomy: organization1
taxable: one
taxable_type: "Subnet"

four:
taxonomy: organization1
taxable: one
@@ -54,16 +44,6 @@ nine:
taxable: mydomain
taxable_type: "Domain"

ten:
taxonomy: location1
taxable: one
taxable_type: "Medium"

ten2:
taxonomy: organization1
taxable: one
taxable_type: "Medium"

eleven:
taxonomy: location1
taxable: one
@@ -153,3 +133,63 @@ scoped_user_location1:
taxonomy: location1
taxable: scoped
taxable_type: User

user_one_org:
taxonomy: organization1
taxable: one
taxable_type: "User"

user_one_loc:
taxonomy: location1
taxable: one
taxable_type: "User"

subnet_one_org:
taxonomy: organization1
taxable: one
taxable_type: "Subnet"

subnet_one_loc:
taxonomy: location1
taxable: one
taxable_type: "Subnet"

compute_mycompute_org:
taxonomy: organization1
taxable: mycompute
taxable_type: "ComputeResource"

compute_mycompute_loc:
taxonomy: location1
taxable: mycompute
taxable_type: "ComputeResource"

hostgroup_common_org:
taxonomy: organization1
taxable: common
taxable_type: "Hostgroup"

hostgroup_common_loc:
taxonomy: location1
taxable: common
taxable_type: "Hostgroup"

medium_one_org:
taxonomy: organization1
taxable: one
taxable_type: "Medium"

medium_one_loc:
taxonomy: location1
taxable: one
taxable_type: "Medium"

auth_source_ldap_one_org:
taxonomy: organization1
taxable: one
taxable_type: "AuthSource"

auth_source_ldap_one_loc:
taxonomy: location1
taxable: one
taxable_type: "AuthSource"
@@ -2,7 +2,7 @@

class LocationIntegrationTest < ActionDispatch::IntegrationTest
def setup
FactoryGirl.create(:host)
FactoryGirl.create(:host, :location => nil)
end

test "index page" do
@@ -35,7 +35,7 @@ def setup

# content - click Assign All
test "create new page when some hosts are not assigned a location and click Assign All" do
assert_new_button(locations_path,"New Location",new_location_path)
assert_new_button(locations_path, "New Location", new_location_path)
fill_in "location_name", :with => "Raleigh"
click_button "Submit"
assert_current_path step2_location_path(Location.unscoped.order(:id).last)
@@ -2,7 +2,7 @@

class OrganizationIntegrationTest < ActionDispatch::IntegrationTest
def setup
FactoryGirl.create(:host)
FactoryGirl.create(:host, :organization => nil)
end

test "index page" do
@@ -42,7 +42,6 @@ class ApiTaxonomyScopeTest < ActiveSupport::TestCase
end

test "set_taxonomy_scope respects user association to orgs and locs, fails on not allowed organization" do
users(:one).locations << taxonomies(:location1)
Location.expects(:my_locations).returns(Location.where(:id => taxonomies(:location1).id))
Organization.expects(:my_organizations).returns(Organization.where(:id => nil))
@dummy.expects(:not_found)
@@ -52,8 +51,6 @@ class ApiTaxonomyScopeTest < ActiveSupport::TestCase
end

test "set_taxonomy_scope respects user association to orgs and locs, sets both if allowed" do
users(:one).locations << taxonomies(:location1)
users(:one).organizations << taxonomies(:organization1)
Location.expects(:my_locations).returns(Location.where(:id => taxonomies(:location1).id))
Organization.expects(:my_organizations).returns(Organization.where(:id => taxonomies(:organization1).id))
as_user :one do
@@ -120,7 +120,13 @@ def setup

test 'returns visible facts for unlimited user' do
user_role = FactoryGirl.create(:user_user_role)
FactoryGirl.create(:filter, :role => user_role.role, :permissions => Permission.where(:name => 'view_hosts'), :unlimited => true)
FactoryGirl.create(:filter, :role => user_role.role,
:permissions => Permission.unscoped.where(:name => 'view_hosts'),
:unlimited => true)
target_host.organization = user_role.owner.organizations.first
target_host.location = user_role.owner.locations.first
other_host.organization = user_role.owner.organizations.first
other_host.location = user_role.owner.locations.first
as_user user_role.owner do
assert_empty (target_host.fact_values + other_host.fact_values).map(&:id) - FactValue.my_facts.map(&:id)
end
@@ -175,10 +175,12 @@ def teardown
test "non-admin user should be able to create host with new lookup value" do
User.current = users(:one)
User.current.roles << [roles(:manager)]
assert_difference('LookupValue.count') do
assert_difference('LookupValue.unscoped.count') do
assert Host.create! :name => "abc.mydomain.net", :mac => "aabbecddeeff", :ip => "3.3.4.3",
:domain => domains(:mydomain), :operatingsystem => operatingsystems(:redhat),
:subnet => subnets(:two), :architecture => architectures(:x86_64), :puppet_proxy => smart_proxies(:puppetmaster), :medium => media(:one),
:subnet => subnets(:two), :architecture => architectures(:x86_64),
:puppet_proxy => smart_proxies(:puppetmaster), :medium => media(:one),
:organization => nil, :location => nil,
:environment => environments(:production), :disk => "empty partition",
:lookup_values_attributes => {"new_123456" => {"lookup_key_id" => lookup_keys(:complex).id, "value"=>"some_value", "match" => "fqdn=abc.mydomain.net"}}
end
@@ -655,6 +657,7 @@ def teardown
org2 = FactoryGirl.create(:organization)
org3 = FactoryGirl.create(:organization)
user = FactoryGirl.create(:user, :organizations => [org1, org2])
users(:one).organizations << [org1, org2, org3]
host1 = FactoryGirl.create(:host, :organization => org1)
host2 = FactoryGirl.create(:host, :organization => org2)
host3 = FactoryGirl.create(:host, :organization => org3)
@@ -59,7 +59,13 @@ def teardown
test "should delegate subnet attributes" do
subnet = subnets(:two)
domain = (subnet.domains.any? ? subnet.domains : subnet.domains << Domain.first).first
interface = Nic::Managed.create! :ip => "3.3.4.127", :mac => "cabbccddeeff", :host => FactoryGirl.create(:host), :subnet => subnet, :name => "a" + FactoryGirl.create(:host).name, :domain => domain
interface = FactoryGirl.build(:nic_managed,
:ip => "3.3.4.127",
:mac => "cabbccddeeff",
:host => FactoryGirl.create(:host),
:subnet => subnet,
:name => "a" + FactoryGirl.create(:host).name,
:domain => domain)
assert_equal subnet.network, interface.network
assert_equal subnet.vlanid, interface.vlanid
end
@@ -41,11 +41,9 @@ def setup
end

test 'returns visible reports for filtered user' do
user_role = FactoryGirl.create(:user_user_role)
FactoryGirl.create(:filter, :role => user_role.role, :permissions => Permission.where(:name => 'view_hosts'), :search => "hostgroup_id = #{@target_host.hostgroup_id}")
as_user user_role.owner do
assert_equal @target_reports.map(&:id).sort, Report.my_reports.map(&:id).sort
end
setup_user('view', 'hosts',
"hostgroup_id = #{@target_host.hostgroup_id}")
assert_equal @target_reports.map(&:id).sort, Report.my_reports.map(&:id).sort
end

test "only return reports from host in user's taxonomies" do
@@ -52,6 +52,7 @@ module TaxonomiesBaseTest
test 'it should return array of used ids by hosts' do
taxonomy = taxonomies(:"#{taxonomy_name}1")
subnet = FactoryGirl.create(:subnet_ipv4,
:"#{opposite_taxonomy}_ids" => [],
:"#{taxonomy_name.pluralize}" => [taxonomy])
domain = FactoryGirl.create(:domain)
FactoryGirl.create(:host,
@@ -126,24 +127,24 @@ module TaxonomiesBaseTest
# check if they match
assert_equal selected_ids[:environment_ids].sort, environment_ids.sort
assert_equal selected_ids[:hostgroup_ids].sort, hostgroup_ids.sort
assert_equal selected_ids[:subnet_ids].sort, subnet_ids.sort
assert_equal selected_ids[:subnet_ids].sort, subnet_ids.uniq.sort
assert_equal selected_ids[:domain_ids].sort, domain_ids.sort
assert_equal selected_ids[:realm_ids].sort, realm_ids.sort
assert_equal selected_ids[:medium_ids].sort, medium_ids.sort
assert_equal selected_ids[:medium_ids].sort, medium_ids.uniq.sort
assert_equal selected_ids[:user_ids].sort, user_ids.sort
assert_equal selected_ids[:smart_proxy_ids].sort, smart_proxy_ids.sort
assert_equal selected_ids[:provisioning_template_ids].sort, provisioning_template_ids.sort
assert_equal selected_ids[:compute_resource_ids].sort, compute_resource_ids.sort
# match to manually generated taxable_taxonomies
assert_equal selected_ids[:environment_ids], [environments(:production).id]
assert_equal selected_ids[:hostgroup_ids], []
assert_equal selected_ids[:hostgroup_ids], [hostgroups(:common).id]
assert_equal selected_ids[:subnet_ids], [subnets(:one).id]
assert_equal selected_ids[:domain_ids], [domains(:mydomain).id, domains(:yourdomain).id]
assert_equal selected_ids[:medium_ids], [media(:one).id]
assert_equal selected_ids[:user_ids], [users(:scoped).id]
assert_equal selected_ids[:user_ids], [users(:one).id, users(:scoped).id]
assert_equal selected_ids[:smart_proxy_ids].sort, [smart_proxies(:puppetmaster).id, smart_proxies(:one).id, smart_proxies(:two).id, smart_proxies(:three).id, smart_proxies(:realm).id].sort
assert_equal selected_ids[:provisioning_template_ids], [templates(:mystring2).id]
assert_equal selected_ids[:compute_resource_ids], [compute_resources(:one).id]
assert_equal selected_ids[:compute_resource_ids], [compute_resources(:one).id, compute_resources(:mycompute).id]
end

test 'it should return selected_ids array of ALL values (when types are ignored)' do
@@ -168,8 +169,8 @@ module TaxonomiesBaseTest
test "it should clone organization with all associations" do
taxonomy = taxonomies(:"#{taxonomy_name}1")
taxonomy_dup = taxonomy.dup
taxonomy_dup.name = "taxonomy_dup_name"
assert taxonomy_dup.save!
taxonomy_dup.name = "taxonomy_dup_name_#{rand}"
assert taxonomy_dup.save
assert_equal taxonomy_dup.environment_ids, taxonomy.environment_ids
assert_equal taxonomy_dup.hostgroup_ids, taxonomy.hostgroup_ids
assert_equal taxonomy_dup.subnet_ids, taxonomy.subnet_ids
@@ -213,7 +214,7 @@ module TaxonomiesBaseTest
as_admin do
assert_equal expected.sort,
taxonomy_class.public_send(:"my_#{taxonomy_name.pluralize}",
users(:one)).pluck(:id).sort
users(:one)).sort
end
end

@@ -238,7 +239,9 @@ module TaxonomiesBaseTest
parent = taxonomies(:"#{taxonomy_name}1")
taxonomy = taxonomy_class.create :name => "rack1", :parent_id => parent.id
# check that inherited_ids of taxonomy matches selected_ids of parent
assert_equal parent.selected_ids, taxonomy.inherited_ids
as_admin do
assert_equal parent.selected_ids, taxonomy.inherited_ids
end
end

test "selected_or_inherited_ids for inherited taxonomy" do
@@ -258,8 +261,8 @@ module TaxonomiesBaseTest
subnet = FactoryGirl.create(:subnet_ipv4, :organizations => [taxonomies(:organization1)])
domain1 = FactoryGirl.create(:domain)
domain2 = FactoryGirl.create(:domain)
parent.update_attribute(:domains,[domain1,domain2])
parent.update_attribute(:subnets,[subnet])
parent.update_attribute(:domains, [domain1, domain2])
parent.update_attribute(:subnets, [subnet])
# we're no longer using the fixture dhcp/dns/tftp proxy to create the host, so remove them
parent.update_attribute(:smart_proxies,[smart_proxies(:puppetmaster),smart_proxies(:realm)])

@@ -268,7 +271,7 @@ module TaxonomiesBaseTest
:compute_resource => compute_resources(:one),
:domain => domain1,
:environment => environments(:production),
:"#{taxonomy_name}" => parent,
:"#{taxonomy_name}" => parent,
:organization => taxonomies(:organization1),
:medium => media(:one),
:operatingsystem => operatingsystems(:centos5_3),
@@ -277,16 +280,16 @@ module TaxonomiesBaseTest
:realm => realms(:myrealm),
:subnet => subnet)
FactoryGirl.create(:host,
:"#{taxonomy_name}" => parent,
:"#{taxonomy_name}" => parent,
:domain => domain2)
FactoryGirl.create(:os_default_template,
:provisioning_template => templates(:mystring2),
:operatingsystem => operatingsystems(:centos5_3),
:template_kind => TemplateKind.find_by_name('provision'))

# check that inherited_ids of taxonomy matches selected_ids of parent
taxonomy.selected_or_inherited_ids.each do |k,v|
assert_equal v.sort, parent.used_and_selected_ids[k].sort
taxonomy.inherited_ids.each do |k,v|
assert_equal v.sort, parent.selected_ids[k].sort
end
end

@@ -299,7 +302,7 @@ module TaxonomiesBaseTest
end
end

test "multiple inheritence" do
test "multiple inheritance" do
parent1 = taxonomies(:"#{taxonomy_name}1")
assert_equal [subnets(:one).id], parent1.selected_ids["subnet_ids"]

@@ -26,7 +26,7 @@ def setup

test "should find the subnet by ip" do
subnet = FactoryGirl.create(:subnet_ipv6)
assert_equal subnet, Subnet::Ipv6.subnet_for(get_ip(subnet, 10))
assert_equal subnet, Subnet::Ipv6.unscoped.subnet_for(get_ip(subnet, 10))
end

test "from cant be bigger than to range" do
@@ -96,7 +96,7 @@ class Subnet::Test < Subnet; end
hostgroup = FactoryGirl.create(:hostgroup, :with_subnet)
subnet = hostgroup.subnet
refute subnet.destroy
assert_match /is being used by/, subnet.errors.full_messages.join("\n")
assert_match /is used by/, subnet.errors.full_messages.join("\n")
end

test "should not destroy if host uses it" do
@@ -70,7 +70,8 @@ def setup
test 'expands organizations and locations to actual values' do
org2 = FactoryGirl.create(:organization)
org3 = FactoryGirl.create(:organization)
user = FactoryGirl.create(:user, :organizations => [@org, org2])
user = FactoryGirl.create(:user, :organizations => [@org, org2],
:locations => [])

as_user(user) do
@dummy.class.with_taxonomy_scope(nil, nil)
@@ -162,47 +163,67 @@ def setup
assert_includes used_organizations, org4.id
end

test ".taxable_ids can work with empty array returning nil" do
dummy_class = @dummy.class
assert_nil dummy_class.taxable_ids([], [])
end
describe '#taxable_ids' do
test "can work with empty array returning nil" do
assert_nil @dummy.class.taxable_ids([], [])
end

test ".taxable_ids (and .inner_select) can work with array of taxonomies" do
loc1 = FactoryGirl.create(:location)
loc2 = FactoryGirl.create(:location, :parent_id => loc1.id)
loc3 = FactoryGirl.create(:location, :parent_id => loc2.id)
loc4 = FactoryGirl.create(:location)
org = FactoryGirl.create(:organization)
env1 = FactoryGirl.create(:environment, :organizations => [org], :locations => [loc2])
env2 = FactoryGirl.create(:environment, :organizations => [org])
env3 = FactoryGirl.create(:environment, :locations => [loc2])
env4 = FactoryGirl.create(:environment, :locations => [loc4])
env5 = FactoryGirl.create(:environment, :locations => [loc1])
env6 = FactoryGirl.create(:environment, :locations => [loc3])

taxable_ids = Environment.taxable_ids([loc2, loc4], org, :subtree_ids)
visible = [ env1 ]
invisible = [ env2, env3, env4, env5, env6 ]
visible.each { |env| assert_includes taxable_ids, env.id }
invisible.each { |env| refute_includes taxable_ids, env.id }

taxable_ids = Environment.taxable_ids([], org, :subtree_ids)
visible = [ env1, env2 ]
invisible = [ env3, env4, env5, env6 ]
visible.each { |env| assert_includes taxable_ids, env.id }
invisible.each { |env| refute_includes taxable_ids, env.id }

taxable_ids = Environment.taxable_ids(loc2, [], :subtree_ids)
visible = [ env1, env3, env5, env6 ]
invisible = [ env2, env4 ]
visible.each { |env| assert_includes taxable_ids, env.id }
invisible.each { |env| refute_includes taxable_ids, env.id }

taxable_ids = Environment.taxable_ids([loc2, loc4], [], :subtree_ids)
visible = [ env1, env3, env4, env5, env6 ]
invisible = [ env2 ]
visible.each { |env| assert_includes taxable_ids, env.id }
invisible.each { |env| refute_includes taxable_ids, env.id }
test 'returns IDs for non-admin user of any context when no org/loc' do
assert @dummy.class.all.count > 1

as_user(:one) do
any_org = User.current.organizations
any_loc = User.current.locations

visible_dummies = any_org.map(&:"#{@dummy.class.table_name}").flatten.map(&:id) &
any_loc.map(&:"#{@dummy.class.table_name}").flatten.map(&:id)

# We need to call '.taxable_ids' using the Environment class because
# '.taxable_ids' will look for the 'taxable_taxonomies.taxable_type'
# table of the caller.
# Since TaxonomixDummy is defined in terms of the Environment table,
# the table will have Environment, not TaxonomixDummy as taxable_type
assert_equal visible_dummies, Environment.taxable_ids(nil, nil)
assert_equal visible_dummies, Environment.taxable_ids([], [])
end
end

test "can work with array of taxonomies" do
loc1 = FactoryGirl.create(:location)
loc2 = FactoryGirl.create(:location, :parent_id => loc1.id)
loc3 = FactoryGirl.create(:location, :parent_id => loc2.id)
loc4 = FactoryGirl.create(:location)
org = FactoryGirl.create(:organization)
env1 = FactoryGirl.create(:environment, :organizations => [org], :locations => [loc2])
env2 = FactoryGirl.create(:environment, :organizations => [org])
env3 = FactoryGirl.create(:environment, :locations => [loc2])
env4 = FactoryGirl.create(:environment, :locations => [loc4])
env5 = FactoryGirl.create(:environment, :locations => [loc1])
env6 = FactoryGirl.create(:environment, :locations => [loc3])
taxable_ids = Environment.taxable_ids([loc2, loc4], org, :subtree_ids)
visible = [ env1 ]
invisible = [ env2, env3, env4, env5, env6 ]
visible.each { |env| assert_includes taxable_ids, env.id }
invisible.each { |env| refute_includes taxable_ids, env.id }

taxable_ids = Environment.taxable_ids([], org, :subtree_ids)
visible = [ env1, env2 ]
invisible = [ env3, env4, env5, env6 ]
visible.each { |env| assert_includes taxable_ids, env.id }
invisible.each { |env| refute_includes taxable_ids, env.id }

taxable_ids = Environment.taxable_ids(loc2, [], :subtree_ids)
visible = [ env1, env3, env5, env6 ]
invisible = [ env2, env4 ]
visible.each { |env| assert_includes taxable_ids, env.id }
invisible.each { |env| refute_includes taxable_ids, env.id }

taxable_ids = Environment.taxable_ids([loc2, loc4], [], :subtree_ids)
visible = [ env1, env3, env4, env5, env6 ]
invisible = [ env2 ]
visible.each { |env| assert_includes taxable_ids, env.id }
invisible.each { |env| refute_includes taxable_ids, env.id }
end
end

test "validation does not prevent taxonomy association if user does not have permissions of already assigned taxonomies" do
@@ -279,8 +300,47 @@ def setup
user = FactoryGirl.create(:user, :id => 25, :organizations => [org])
ugroup = FactoryGirl.create(:usergroup, :id=> 25)
FactoryGirl.create(:host, :owner => ugroup, :organization => org)
used_organizations = user.used_organization_ids
assert_empty used_organizations
assert_equal used_organizations.count, 0
as_admin do
used_organizations = user.used_organization_ids
assert_empty used_organizations
assert_equal used_organizations.count, 0
end
end

context 'admin permissions' do
test "returns only visible objects when org/loc are selected" do
scoped_environments = Environment.
with_taxonomy_scope([taxonomies(:organization1)])
assert scoped_environments.include?(*taxonomies(:organization1).environments)
assert_not_equal Environment.unscoped.all, scoped_environments
assert_equal taxonomies(:organization1).environments, scoped_environments
end

test "returns nil (all objects) when there are no org/loc" do
assert_equal User.with_taxonomy_scope([],[]).sort, User.unscoped.all.sort
end
end

test 'current user ID and admin IDs are always visible' do
as_user(:one) do
scoped_users = User.with_taxonomy_scope([],[])
assert_include scoped_users, User.current
assert_include scoped_users, users(:admin)
end
end

test 'users can only see objects scoped to its current taxonomies' do
# Environment in organization 1 and location 1 cannot be seen by an user
# who is scoped to organization 1 and location 2
users(:one).organizations = [taxonomies(:organization1)]
users(:one).locations = [taxonomies(:location2)]
unreachable_env = FactoryGirl.create(
:environment,
:organizations => [taxonomies(:organization1)],
:locations => [taxonomies(:location1)])

as_user(:one) do
assert_not_include Environment.all, unreachable_env
end
end
end
@@ -64,7 +64,7 @@ def setup

test 'for non admin user, nil is expanded to [] if user is not assigned to any org' do
# we have to run on specific taxonomy because my_* is defined only in Organization and Location
user = FactoryGirl.create(:user)
user = FactoryGirl.create(:user, :organizations => [])
as_user(user) do
assert_equal [], Organization.expand(nil)
assert_equal [], Organization.expand([])
@@ -113,15 +113,15 @@ def setup
user = users(:internal)
last_login = user.last_login_on
assert_not_nil User.try_to_login(user.login, "changeme")
assert_not_equal last_login, User.find(user.id).last_login_on
assert_not_equal last_login, User.unscoped.find(user.id).last_login_on
end

test "updating the last login time must not persist invalid attributes" do
user = FactoryGirl.create(:user, :with_mail, :auth_source => FactoryGirl.create(:auth_source_ldap))
AuthSourceLdap.any_instance.expects(:authenticate).returns(:mail => 'foo#bar')
AuthSourceLdap.any_instance.stubs(:update_usergroups).returns(true)
assert_not_nil User.try_to_login(user.login, "changeme")
reloaded_user = User.find(user.id)
reloaded_user = User.unscoped.find(user.id)
assert_not_equal user.last_login_on, reloaded_user.last_login_on
assert_equal user.mail, reloaded_user.mail
end
@@ -209,7 +209,10 @@ def setup_user(operation)

test "user with create permissions should be able to create" do
setup_user "create"
record = User.new :login => "dummy", :mail => "j@j.com", :auth_source_id => AuthSourceInternal.first.id
record = User.new :login => "dummy", :mail => "j@j.com",
:auth_source_id => AuthSourceInternal.first.id,
:organizations => User.current.organizations,
:locations => User.current.locations
record.password_hash = "asd"
assert record.save
assert record.valid?
@@ -243,8 +246,11 @@ def setup_user(operation)
test "non-admin user can delegate roles he has assigned already" do
setup_user "create"
create_role = Role.find_by_name 'create_users'
record = User.new :login => "dummy", :mail => "j@j.com", :auth_source_id => AuthSourceInternal.first.id,
:role_ids => [create_role.id.to_s]
record = User.new(:login => "dummy", :mail => "j@j.com",
:auth_source_id => AuthSourceInternal.first.id,
:role_ids => [create_role.id.to_s],
:organizations => User.current.organizations,
:locations => User.current.locations)
record.password_hash = "asd"
assert record.valid?
assert record.save
@@ -254,8 +260,11 @@ def setup_user(operation)
test "admin can set admin flag and set any role" do
as_admin do
extra_role = Role.where(:name => "foobar").first_or_create
record = User.new :login => "dummy", :mail => "j@j.com", :auth_source_id => AuthSourceInternal.first.id,
:role_ids => [extra_role.id].map(&:to_s)
record = User.new(:login => "dummy", :mail => "j@j.com",
:auth_source_id => AuthSourceInternal.first.id,
:role_ids => [extra_role.id.to_s],
:organizations => User.current.organizations,
:locations => User.current.locations)
record.password_hash = "asd"
record.admin = true
assert record.save
@@ -388,6 +397,8 @@ def setup_user_for_audits
test "user can save user if he does not change roles" do
setup_user "edit"
record = users(:two)
record.organizations = User.current.organizations
record.locations = User.current.locations
assert record.save
end

@@ -596,14 +607,13 @@ def setup_user_for_audits
end

test "user can't set empty taxonomies set if he's assigned to some" do
user = FactoryGirl.create(:user)
org1 = FactoryGirl.create(:organization)
user.organizations << org1
user = FactoryGirl.create(:user, :organizations => [org1], :locations => [])

as_user user do
as_user(user) do
# empty set
new_user = FactoryGirl.build(:user)
refute new_user.save
new_user = FactoryGirl.build(:user, :organizations => [], :locations => [])
refute new_user.valid?
assert_not_empty new_user.errors[:organization_ids]
assert_empty new_user.errors[:location_ids]
end
@@ -773,8 +783,8 @@ def editing_self_helper
end

test 'default taxonomy inclusion validator' do
users(:one).default_location = Location.first
users(:one).default_organization = Organization.first
users(:one).default_location = taxonomies(:location2)
users(:one).default_organization = taxonomies(:organization2)

refute users(:one).valid?
assert users(:one).errors.messages.has_key? :default_location
@@ -790,8 +800,8 @@ def editing_self_helper

test "return location and child ids for non-admin user" do
as_user :one do
# User 'one' contains location1 already
in_taxonomy :location1 do
assert User.current.locations << Location.current
assert child = Location.create!(:name => 'child location', :parent_id => Location.current.id)
assert_equal [Location.current.id, child.id].sort, User.current.location_and_child_ids
end
@@ -800,8 +810,8 @@ def editing_self_helper

test "return organization and child ids for non-admin user" do
as_user :one do
# User 'one' contains organization1 already
in_taxonomy :organization1 do
assert User.current.organizations << Organization.current
assert child = Organization.create!(:name => 'child organization', :parent_id => Organization.current.id)
assert_equal [Organization.current.id, child.id].sort, User.current.organization_and_child_ids
end
@@ -40,7 +40,12 @@ class ActionView::TestCase

class ActionController::TestCase
include ::BasicRestResponseTest
setup :setup_set_script_name, :set_api_user, :turn_off_login, :disable_webpack
setup :setup_set_script_name, :set_api_user, :turn_off_login,
:disable_webpack, :set_admin

def set_admin
User.current = users(:admin)
end

def turn_off_login
SETTINGS[:require_ssl] = false
@@ -74,6 +74,10 @@ class HasManyCommonTest < ActiveSupport::TestCase
host = FactoryGirl.build(:host)
orig_id = host.hostgroup_id
host.hostgroup_name = "Parent/inherited"
host.hostgroup.subnet.locations = [host.location]
host.hostgroup.subnet.organizations = [host.organization]
host.hostgroup.subnet6.locations = [host.location]
host.hostgroup.subnet6.organizations = [host.organization]
host.save!
new_id = host.hostgroup_id
refute_equal orig_id, new_id
@@ -212,15 +212,15 @@ def setup
get_an_instance.send(:update_classes_in_foreman, @envs.first.name,
{@pc.name => {'obsolete' => [lks.first.key]}})
assert_equal [@envs.last], lks.first.environments
assert_equal @envs, lks.last.environments
assert_equal @envs.to_a.sort, lks.last.environments.to_a.sort
end

test 'when overridden' do
lks = FactoryGirl.create_list(:puppetclass_lookup_key, 2, :as_smart_class_param, :with_override, :puppetclass => @pc)
get_an_instance.send(:update_classes_in_foreman, @envs.first.name,
{@pc.name => {'obsolete' => [lks.first.key]}})
assert_equal [@envs.last], lks.first.environments
assert_equal @envs, lks.last.environments
assert_equal @envs.to_a.sort, lks.last.environments.sort
end

test 'deletes the key from all environments' do
@@ -232,7 +232,7 @@ def setup
{@pc.name => {'obsolete' => [lks.first.key]}})
refute PuppetclassLookupKey.find_by_id(lks.first.id)
refute LookupValue.find_by_id(lval.id)
assert_equal @envs, lks.last.environments
assert_equal @envs.to_a.sort, lks.last.environments.to_a.sort
end
end

@@ -12,6 +12,7 @@ class BasicTest < ActiveSupport::TestCase
end

test 'authenticates if user.current is not set' do
User.current = nil
basic = SSO::Basic.new(get_basic_controller(true))
assert_equal 'testuser', basic.authenticated?
end
@@ -15,7 +15,8 @@ class SeedsTest < ActiveSupport::TestCase

def seed
# Authorisation is disabled usually when run from a rake db:* task
User.current = FactoryGirl.build(:user, :admin => true)
User.current = FactoryGirl.build(:user, :admin => true,
:organizations => [], :locations => [])
load File.expand_path('../../../../db/seeds.rb', __FILE__)
end

@@ -46,18 +47,18 @@ def seed

context 'populating an initial admin user' do
test 'with defaults' do
assert_difference 'User.where(:login => "admin").count', 1 do
assert_difference 'User.unscoped.where(:login => "admin").count', 1 do
seed
end
user = User.find_by_login('admin')
user = User.unscoped.find_by_login('admin')
assert user.password_hash.present?
assert user.password_salt.present?
assert user.admin?
assert_valid user
end

test 'with environment overrides' do
assert_difference 'User.where(:login => "seed_test").count', 1 do
assert_difference 'User.unscoped.where(:login => "seed_test").count', 1 do
with_env('SEED_ADMIN_USER' => 'seed_test',
'SEED_ADMIN_PASSWORD' => 'seed_secret',
'SEED_ADMIN_FIRST_NAME' => 'Seed',
@@ -66,7 +67,7 @@ def seed
seed
end
end
user = User.find_by_login('seed_test')
user = User.unscoped.find_by_login('seed_test')
assert user.matching_password? 'seed_secret'
assert user.admin?
refute user.hidden?
@@ -75,37 +76,37 @@ def seed
end

test 'populates partition tables' do
count = Ptable.count
count = Ptable.unscoped.count
seed
assert_not_equal count, Ptable.count
refute Ptable.where(:os_family => nil).any?
assert_not_equal count, Ptable.unscoped.count
refute Ptable.unscoped.where(:os_family => nil).any?
end

test 'populates installation media' do
count = Medium.count
count = Medium.unscoped.count
seed
assert_not_equal count, Medium.count
refute Medium.where(:os_family => nil).any?
assert_not_equal count, Medium.unscoped.count
refute Medium.unscoped.where(:os_family => nil).any?
end

test 'populates config templates' do
count = ProvisioningTemplate.count
count = ProvisioningTemplate.unscoped.count
seed
assert_not_equal count, ProvisioningTemplate.count
assert_not_equal count, ProvisioningTemplate.unscoped.count

Dir["#{Rails.root}/app/views/unattended/**/*.erb"].each do |tmpl|
if tmpl =~ /disklayout/
assert Ptable.where(:template => File.read(tmpl)).any?, "No partition table containing #{tmpl}"
assert Ptable.unscoped.where(:template => File.read(tmpl)).any?, "No partition table containing #{tmpl}"
else
assert ProvisioningTemplate.where(:template => File.read(tmpl)).any?, "No template containing #{tmpl}"
assert ProvisioningTemplate.unscoped.where(:template => File.read(tmpl)).any?, "No template containing #{tmpl}"
end
end
end

test 'populates bookmarks' do
count = Bookmark.where(:public => true).count
count = Bookmark.unscoped.where(:public => true).count
seed
assert_not_equal count, Bookmark.where(:public => true).count
assert_not_equal count, Bookmark.unscoped.where(:public => true).count
end

test 'is idempotent' do
@@ -116,25 +117,26 @@ def seed

test "does update template that was not modified by user" do
seed
ProvisioningTemplate.without_auditing { ProvisioningTemplate.find_by_name('Kickstart default').update_attributes(:template => 'test') }
ProvisioningTemplate.without_auditing { ProvisioningTemplate.unscoped.find_by_name('Kickstart default').update_attributes(:template => 'test') }
seed
refute_equal ProvisioningTemplate.find_by_name('Kickstart default').template, 'test'
refute_equal ProvisioningTemplate.unscoped.find_by_name('Kickstart default').template, 'test'
end

test "doesn't add a template back that was deleted" do
seed
assert_equal 1, ProvisioningTemplate.destroy_all(:name => 'Kickstart default').size
assert_equal 1, ProvisioningTemplate.unscoped.
destroy_all(:name => 'Kickstart default').size
seed
refute ProvisioningTemplate.find_by_name('Kickstart default')
refute ProvisioningTemplate.unscoped.find_by_name('Kickstart default')
end

test "doesn't add a template back that was renamed" do
seed
tmpl = ProvisioningTemplate.find_by_name('Kickstart default')
tmpl = ProvisioningTemplate.unscoped.find_by_name('Kickstart default')
tmpl.name = 'test'
tmpl.save!
seed
refute ProvisioningTemplate.find_by_name('Kickstart default')
refute ProvisioningTemplate.unscoped.find_by_name('Kickstart default')
end

test "no audits are recorded" do
@@ -147,31 +149,31 @@ def seed
with_env('SEED_ORGANIZATION' => 'seed_test') do
seed
end
assert Organization.find_by_name('seed_test')
assert Organization.unscoped.find_by_name('seed_test')
end

test "don't seed organization when an org already exists" do
Organization.stubs(:any?).returns(true)
with_env('SEED_ORGANIZATION' => 'seed_test') do
seed
end
refute Organization.find_by_name('seed_test')
refute Organization.unscoped.find_by_name('seed_test')
end

test "seed location when environment SEED_LOCATION specified" do
Location.stubs(:any?).returns(false)
with_env('SEED_LOCATION' => 'seed_test') do
seed
end
assert Location.find_by_name('seed_test')
assert Location.unscoped.find_by_name('seed_test')
end

test "don't seed location when a location already exists" do
Location.stubs(:any?).returns(true)
with_env('SEED_LOCATION' => 'seed_test') do
seed
end
refute Location.find_by_name('seed_test')
refute Location.unscoped.find_by_name('seed_test')
end

test "all access permissions are created by permissions seed" do
@@ -187,6 +189,6 @@ def seed
test "viewer role contains all view permissions" do
seed
view_permissions = Permission.all.select { |permission| permission.name.match(/view/) }
assert_equal [], view_permissions - Role.find_by_name('Viewer').permissions
assert_equal [], view_permissions - Role.unscoped.find_by_name('Viewer').permissions
end
end