From 9b6ec1f545da1cc4088ddf9cc117747954e58e65 Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Fri, 26 Feb 2016 17:57:55 +0000
Subject: Bug 1069799 - move the QA repository into the main repository
 r=LpSolit

---
 xt/webservice/user_get.t | 222 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 222 insertions(+)
 create mode 100644 xt/webservice/user_get.t

(limited to 'xt/webservice/user_get.t')

diff --git a/xt/webservice/user_get.t b/xt/webservice/user_get.t
new file mode 100644
index 000000000..02cf00fe7
--- /dev/null
+++ b/xt/webservice/user_get.t
@@ -0,0 +1,222 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+######################################
+# Test for xmlrpc call to User.get() #
+######################################
+
+use 5.10.1;
+use strict;
+use warnings;
+
+use FindBin qw($RealBin);
+use lib "$RealBin/../lib";
+
+use QA::Util;
+use QA::Tests qw(PRIVATE_BUG_USER);
+use Test::More tests => 330;
+our ($config, @clients) = get_rpc_clients();
+
+my $get_user = $config->{'unprivileged_user_login'};
+my $canconfirm_user = $config->{'canconfirm_user_login'};
+my $priv_user = $config->{PRIVATE_BUG_USER . '_user_login'};
+my $disabled = $config->{'disabled_user_login'};
+my $disabled_match = substr($disabled, 0, length($disabled) - 1);
+
+# These are the basic tests. There are tests for include_fields
+# and exclude_field below.
+
+my @tests = (
+    { args => { names => [$get_user] },
+      test => "Logged-out user can get unprivileged user by name"
+    },
+    { args  => { match => [$get_user] },
+      test  => 'Logged-out user cannot use the match argument',
+      error => 'Logged-out users cannot use',
+    },
+    { args  => { ids => [1] },
+      test  => 'Logged-out users cannot use the "ids" argument',
+      error => 'Logged-out users cannot use',
+    },
+
+    # match & names
+    { user => 'unprivileged',
+      args => { names => [$get_user] },
+      test => "Unprivileged user can get himself",
+    },
+    { user => 'unprivileged',
+      args => { match => [$get_user] },
+      test => 'Logged-in user can use the match argument',
+    },
+    { user => 'unprivileged',
+      args => { match => [$get_user], names => [$get_user] },
+      test => 'Specifying the same thing in "match" and "names"',
+    },
+
+    # include_disabled
+    { user => 'unprivileged',
+      args => { match => [$get_user, $disabled_match] },
+      test => 'Disabled users are not normally returned'
+    },
+    { user => 'unprivileged',
+      args => { match => [$disabled_match], include_disabled => 1 },
+      test => 'Specifying include_disabled returns disabled users'
+    },
+    { user => 'unprivileged',
+      args => { match => [$disabled] },
+      test => 'Full match on a disabled user returns that user',
+    },
+
+    # groups and group_ids
+    { args  => { groups => ['QA-Selenium-TEST'] },
+      test  => 'Specifying just groups fails',
+      error => 'one of the following parameters',
+    },
+    { args => { group_ids => [1] },
+      test => 'Specifying just group ids fails',
+      error => 'one of the following parameters',
+    },
+    { args => { names => [$get_user, $priv_user], groups => ['QA-Selenium-TEST'] },
+      test => 'Limiting the return value to a group while being logged out fails',
+      error => 'The group you specified, QA-Selenium-TEST, is not valid here',
+    },
+    { user => 'unprivileged',
+      args => { names => [$get_user, $priv_user], groups => ['missing_group'] },
+      test => 'Limiting the return value to a group which does not exist fails',
+      error => 'The group you specified, missing_group, is not valid here',
+    },
+    { user => 'unprivileged',
+      args => { names => [$get_user, $priv_user], groups => ['QA-Selenium-TEST'] },
+      test => 'Limiting the return value to a group you do not belong to fails',
+      error => 'The group you specified, QA-Selenium-TEST, is not valid here',
+    },
+    { user => 'editbugs',
+      args => { names => [$get_user, $priv_user], groups => ['canconfirm', 'editbugs'] },
+      test => 'Limiting the return value to some groups you do not belong to fails',
+      error => 'The group you specified, canconfirm, is not valid here',
+    },
+    { user => 'admin',
+      args => { names => [$canconfirm_user], groups => ['canconfirm', 'editbugs'] },
+      test => 'Limiting the return value to groups you belong to',
+    },
+
+    # groups returned
+    { user => 'admin',
+      args => { names => [$get_user] },
+      test => 'Admin can get user',
+    },
+    { user => 'admin',
+      args => { names => [$canconfirm_user] },
+      test => 'Admin can get user',
+    },
+    { user => 'canconfirm',
+      args => { names => [$canconfirm_user] },
+      test => 'Privileged user can get himself',
+    },
+    { user => 'editbugs',
+      args => { names => [$canconfirm_user] },
+      test => 'Privileged user can get another user',
+    },
+);
+
+sub post_success {
+    my ($call, $t) = @_;
+
+    my $result = $call->result;
+    is(scalar @{ $result->{users} }, 1, "Got exactly one user");
+    my $item = $result->{users}->[0];
+    my $user = $t->{user} || '';
+
+    if ($user eq 'admin') {
+        ok(exists $item->{email} && exists $item->{can_login}
+           && exists $item->{email_enabled} && exists $item->{login_denied_text},
+           'Admin correctly gets all user fields');
+    }
+    elsif ($user) {
+        ok(exists $item->{email} && exists $item->{can_login},
+           'Logged-in user correctly gets email and can_login');
+        ok(!exists $item->{email_enabled}
+           && !exists $item->{login_denied_text},
+           "Non-admin user doesn't get email_enabled and login_denied_text");
+    }
+    else {
+        my @item_keys = sort keys %$item;
+        is_deeply(\@item_keys, ['id', 'name', 'real_name'],
+            'Only id, name, and real_name are returned to logged-out users');
+        return;
+    }
+
+    my $username = $config->{"${user}_user_login"};
+    # FIXME We have no way to create a saved search or a saved report from
+    # the WebService, so we cannot test that the correct data is returned
+    # if the user is accessing his own account.
+    if ($username eq $item->{name}) {
+        ok(exists $item->{saved_searches} && exists $item->{saved_reports},
+           'Users can get the list of saved searches and reports for their own account');
+    }
+    else {
+        ok(!exists $item->{saved_searches} && !exists $item->{saved_reports},
+           "Users cannot get the list of saved searches and reports from someone else's acccount");
+    }
+
+    my @groups = map { $_->{name} } @{$item->{groups}};
+    # Admins can see all groups a user belongs to (assuming they inherited
+    # membership for all groups). Same for a user querying his own account.
+    if ($username eq $item->{name} || $user eq 'admin') {
+        if ($username eq $get_user) {
+            ok(!scalar @groups, "The unprivileged user doesn't belong to any group");
+        }
+        elsif ($username eq $canconfirm_user) {
+            ok(grep($_ eq 'canconfirm', @groups), "Group 'canconfirm' returned");
+        }
+    }
+    else {
+        ok(!scalar @groups, "No groups are visible to users without bless privs");
+    }
+}
+
+foreach my $rpc (@clients) {
+    $rpc->bz_run_tests(tests => \@tests, method => 'User.get',
+                       post_success => \&post_success);
+
+    #############################
+    # Include and Exclude Tests #
+    #############################
+
+    my $include_nothing = $rpc->bz_call_success('User.get', {
+        names => [$get_user], include_fields => ['asdfasdfsdf'],
+    }, 'User.get including only invalid fields');
+    is(scalar keys %{ $include_nothing->result->{users}->[0] }, 0,
+       'No fields returned for user');
+
+    my $include_one = $rpc->bz_call_success('User.get', {
+        names => [$get_user], include_fields => ['id'],
+    }, 'User.get including only id');
+    is(scalar keys %{ $include_one->result->{users}->[0] }, 1,
+       'Only one field returned for user');
+
+    my $exclude_none = $rpc->bz_call_success('User.get', {
+        names => [$get_user], exclude_fields => ['asdfasdfsdf'],
+    }, 'User.get excluding only invalid fields');
+    is(scalar keys %{ $exclude_none->result->{users}->[0] }, 3,
+       'All fields returned for user');
+
+    my $exclude_one = $rpc->bz_call_success('User.get', {
+        names => [$get_user], exclude_fields => ['id'],
+    }, 'User.get excluding id');
+    is(scalar keys %{ $exclude_one->result->{users}->[0] }, 2,
+       'Only two fields returned for user');
+
+    my $override = $rpc->bz_call_success('User.get', {
+        names => [$get_user], include_fields => ['id', 'name'],
+        exclude_fields => ['id']
+    }, 'User.get with both include and exclude');
+    is(scalar keys %{ $override->result->{users}->[0] }, 1,
+       'Only one field returned');
+    ok(exists $override->result->{users}->[0]->{name},
+       '...and that field is the "name" field');
+}
-- 
cgit v1.2.3-24-g4f1b