summaryrefslogtreecommitdiffstats
path: root/xt/selenium/private_attachments.t
blob: 51f09c4bc33925b67cbe18ebd6c24e6a9c3e3f89 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.

use 5.14.0;
use strict;
use warnings;

use FindBin qw($RealBin);
use lib "$RealBin/../lib";

use Test::More "no_plan";

use QA::Util;

# We have to upload files from the local computer. This requires
# chrome privileges.
my ($sel, $config) = get_selenium(CHROME_MODE);

# set the insidergroup parameter to the admin group, and make sure
# we can view and delete attachments.

log_in($sel, $config, 'admin');
set_parameters($sel, { "Group Security" => {"insidergroup" => {type => "select", value => "admin"}},
                       "Attachments"    => {"allow_attachment_display-on" => undef,
                                            "allow_attachment_deletion-on" => undef}
                     });

# First create a new bug with a private attachment.

file_bug_in_product($sel, "TestProduct");
my $bug_summary = "Some comments are private";
$sel->type_ok("short_desc", $bug_summary);
$sel->type_ok("comment", "and some attachments too, like this one.");
$sel->check_ok("comment_is_private");
$sel->click_ok('//input[@value="Add an attachment"]');
$sel->type_ok("data", $config->{attachment_file});
$sel->type_ok("description", "private attachment, v1");
$sel->check_ok("ispatch");
my $bug1_id = create_bug($sel, $bug_summary);
$sel->is_text_present_ok("private attachment, v1 (");
$sel->is_text_present_ok("and some attachments too, like this one.");
$sel->is_checked_ok('//a[@id="comment_link_0"]/../..//div//input[@type="checkbox"]');

# Now attach a public patch to the existing bug.

$sel->click_ok("link=Add an attachment");
$sel->wait_for_page_to_load_ok(WAIT_TIME);
$sel->title_is("Create New Attachment for Bug #$bug1_id");
$sel->type_ok("data", $config->{attachment_file});
$sel->type_ok("description", "public attachment, v2");
$sel->check_ok("ispatch");
# The existing attachment name must be displayed, to mark it as obsolete.
$sel->is_text_present_ok("private attachment, v1");
$sel->type_ok("comment", "this patch is public. Everyone can see it.");
$sel->value_is("isprivate", "off");
edit_bug($sel, $bug1_id, $bug_summary, {id => "create"});

# We need to store the attachment ID.

$sel->is_text_present_ok("public attachment, v2");
my $alink = $sel->get_attribute('//a[@title="public attachment, v2"]@href');
$alink =~ /id=(\d+)/;
my $attachment1_id = $1;
$sel->is_text_present_ok("this patch is public. Everyone can see it.");
ok(!$sel->is_checked('//a[@id="comment_link_1"]/../..//div//input[@type="checkbox"]'), "Public attachment is visible");
logout($sel);

# A logged out user cannot see the private attachment, only the public one.
# Same for a user with no privs.

foreach my $user ('', 'unprivileged') {
    log_in($sel, $config, $user) if $user;
    go_to_bug($sel, $bug1_id);
    ok(!$sel->is_text_present("private attachment, v1"), "Private attachment not visible");
    $sel->is_text_present_ok("public attachment, v2");
    ok(!$sel->is_text_present("and some attachments too, like this one"), "Private comment not visible");
    $sel->is_text_present_ok("this patch is public. Everyone can see it.");
}

# A powerless user can comment on attachments he doesn't own.

$sel->click_ok('//a[@href="attachment.cgi?id=' . $attachment1_id . '&action=edit"]');
$sel->wait_for_page_to_load_ok(WAIT_TIME);
$sel->title_like(qr/Attachment $attachment1_id Details for Bug $bug1_id/);
$sel->is_text_present_ok("created by admin");
$sel->type_ok("comment", "This attachment is not mine.");
edit_bug($sel, $bug1_id, $bug_summary, {id => "update"});
$sel->is_text_present_ok("This attachment is not mine");

# Powerless users will always be able to view their own attachments, even
# when those are marked private by a member of the insider group.

$sel->click_ok("link=Add an attachment");
$sel->wait_for_page_to_load_ok(WAIT_TIME);
$sel->title_is("Create New Attachment for Bug #$bug1_id");
$sel->type_ok("data", $config->{attachment_file});
$sel->check_ok("ispatch");
# The user doesn't have editbugs privs.
ok(!$sel->is_text_present("Check each existing attachment made obsolete by your new attachment"), "No attachments can be marked as obsolete");
$sel->type_ok("description", "My patch, which I should see, always");
$sel->type_ok("comment", "This is my patch!");
edit_bug($sel, $bug1_id, $bug_summary, {id => "create"});
$sel->is_text_present_ok("My patch, which I should see, always (");
$alink = $sel->get_attribute('//a[@title="My patch, which I should see, always"]@href');
$alink =~ /id=(\d+)/;
my $attachment2_id = $1;
$sel->is_text_present_ok("This is my patch!");
logout($sel);

# Let the admin mark the powerless user's attachment as private.

log_in($sel, $config, 'admin');
go_to_bug($sel, $bug1_id);
$sel->click_ok('//a[@href="attachment.cgi?id=' . $attachment2_id . '&action=edit"]');
$sel->wait_for_page_to_load_ok(WAIT_TIME);
$sel->title_like(qr/Attachment $attachment2_id Details for Bug $bug1_id/);
$sel->check_ok("isprivate");
$sel->type_ok("comment", "Making the powerless user's patch private.");
edit_bug($sel, $bug1_id, $bug_summary, {id => "update"});
$sel->is_text_present_ok("My patch, which I should see, always (");
$sel->is_checked_ok('//a[@id="comment_link_4"]/../..//div//input[@type="checkbox"]');
$sel->is_text_present_ok("Making the powerless user's patch private.");
logout($sel);

# A logged out user cannot see private attachments.

go_to_bug($sel, $bug1_id);
ok(!$sel->is_text_present("private attachment, v1"), "Private attachment not visible to logged out users");
ok(!$sel->is_text_present("My patch, which I should see, always ("), "Private attachment not visible to logged out users");
$sel->is_text_present_ok("This is my patch!");
ok(!$sel->is_text_present("Making the powerless user's patch private"), "Private comment not visible to logged out users");

# A powerless user can only see private attachments he owns.

log_in($sel, $config, 'unprivileged');
go_to_bug($sel, $bug1_id);
$sel->is_text_present_ok("My patch, which I should see, always (");
$sel->click_ok("link=My patch, which I should see, always");
$sel->wait_for_page_to_load_ok(WAIT_TIME);
# No title displayed while viewing an attachment.
$sel->title_is("");
$sel->go_back_ok();
$sel->wait_for_page_to_load_ok(WAIT_TIME);
logout($sel);

# Admins can delete attachments.

log_in($sel, $config, 'admin');
go_to_bug($sel, $bug1_id);
$sel->click_ok('//a[@href="attachment.cgi?id=' . $attachment2_id . '&action=edit"]');
$sel->wait_for_page_to_load_ok(WAIT_TIME);
$sel->title_like(qr/Attachment $attachment2_id Details for Bug $bug1_id/);
$sel->click_ok("link=Delete");
$sel->wait_for_page_to_load_ok(WAIT_TIME);
$sel->title_is("Delete Attachment $attachment2_id of Bug $bug1_id");
$sel->is_text_present_ok("Do you really want to delete this attachment?");
$sel->type_ok("reason", "deleted by Selenium");
edit_bug_and_return($sel, $bug1_id, $bug_summary, {id => "delete"});
$sel->is_text_present_ok("deleted by Selenium");
$sel->click_ok("link=attachment $attachment2_id");
$sel->wait_for_page_to_load_ok(WAIT_TIME);
$sel->title_is("Attachment Removed");
$sel->is_text_present_ok("The attachment you are attempting to access has been removed");

set_parameters($sel, {
    "Group Security" => {"insidergroup" => { type => "select",
                                             value => "QA-Selenium-TEST" }},
});
logout($sel);