xt/webservice/user_get.t


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222

# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.

######################################
# Test for xmlrpc call to User.get() #
######################################

use 5.14.0;
use strict;
use warnings;

use FindBin qw($RealBin);
use lib "$RealBin/../lib";

use QA::Util;
use QA::Tests qw(PRIVATE_BUG_USER);
use Test::More tests => 330;
our ($config, @clients) = get_rpc_clients();

my $get_user = $config->{'unprivileged_user_login'};
my $canconfirm_user = $config->{'canconfirm_user_login'};
my $priv_user = $config->{PRIVATE_BUG_USER . '_user_login'};
my $disabled = $config->{'disabled_user_login'};
my $disabled_match = substr($disabled, 0, length($disabled) - 1);

# These are the basic tests. There are tests for include_fields
# and exclude_field below.

my @tests = (
    { args => { names => [$get_user] },
      test => "Logged-out user can get unprivileged user by name"
    },
    { args  => { match => [$get_user] },
      test  => 'Logged-out user cannot use the match argument',
      error => 'Logged-out users cannot use',
    },
    { args  => { ids => [1] },
      test  => 'Logged-out users cannot use the "ids" argument',
      error => 'Logged-out users cannot use',
    },

    # match & names
    { user => 'unprivileged',
      args => { names => [$get_user] },
      test => "Unprivileged user can get himself",
    },
    { user => 'unprivileged',
      args => { match => [$get_user] },
      test => 'Logged-in user can use the match argument',
    },
    { user => 'unprivileged',
      args => { match => [$get_user], names => [$get_user] },
      test => 'Specifying the same thing in "match" and "names"',
    },

    # include_disabled
    { user => 'unprivileged',
      args => { match => [$get_user, $disabled_match] },
      test => 'Disabled users are not normally returned'
    },
    { user => 'unprivileged',
      args => { match => [$disabled_match], include_disabled => 1 },
      test => 'Specifying include_disabled returns disabled users'
    },
    { user => 'unprivileged',
      args => { match => [$disabled] },
      test => 'Full match on a disabled user returns that user',
    },

    # groups and group_ids
    { args  => { groups => ['QA-Selenium-TEST'] },
      test  => 'Specifying just groups fails',
      error => 'one of the following parameters',
    },
    { args => { group_ids => [1] },
      test => 'Specifying just group ids fails',
      error => 'one of the following parameters',
    },
    { args => { names => [$get_user, $priv_user], groups => ['QA-Selenium-TEST'] },
      test => 'Limiting the return value to a group while being logged out fails',
      error => 'The group you specified, QA-Selenium-TEST, is not valid here',
    },
    { user => 'unprivileged',
      args => { names => [$get_user, $priv_user], groups => ['missing_group'] },
      test => 'Limiting the return value to a group which does not exist fails',
      error => 'The group you specified, missing_group, is not valid here',
    },
    { user => 'unprivileged',
      args => { names => [$get_user, $priv_user], groups => ['QA-Selenium-TEST'] },
      test => 'Limiting the return value to a group you do not belong to fails',
      error => 'The group you specified, QA-Selenium-TEST, is not valid here',
    },
    { user => 'editbugs',
      args => { names => [$get_user, $priv_user], groups => ['canconfirm', 'editbugs'] },
      test => 'Limiting the return value to some groups you do not belong to fails',
      error => 'The group you specified, canconfirm, is not valid here',
    },
    { user => 'admin',
      args => { names => [$canconfirm_user], groups => ['canconfirm', 'editbugs'] },
      test => 'Limiting the return value to groups you belong to',
    },

    # groups returned
    { user => 'admin',
      args => { names => [$get_user] },
      test => 'Admin can get user',
    },
    { user => 'admin',
      args => { names => [$canconfirm_user] },
      test => 'Admin can get user',
    },
    { user => 'canconfirm',
      args => { names => [$canconfirm_user] },
      test => 'Privileged user can get himself',
    },
    { user => 'editbugs',
      args => { names => [$canconfirm_user] },
      test => 'Privileged user can get another user',
    },
);

sub post_success {
    my ($call, $t) = @_;

    my $result = $call->result;
    is(scalar @{ $result->{users} }, 1, "Got exactly one user");
    my $item = $result->{users}->[0];
    my $user = $t->{user} || '';

    if ($user eq 'admin') {
        ok(exists $item->{email} && exists $item->{can_login}
           && exists $item->{email_enabled} && exists $item->{login_denied_text},
           'Admin correctly gets all user fields');
    }
    elsif ($user) {
        ok(exists $item->{email} && exists $item->{can_login},
           'Logged-in user correctly gets email and can_login');
        ok(!exists $item->{email_enabled}
           && !exists $item->{login_denied_text},
           "Non-admin user doesn't get email_enabled and login_denied_text");
    }
    else {
        my @item_keys = sort keys %$item;
        is_deeply(\@item_keys, ['id', 'name', 'real_name'],
            'Only id, name, and real_name are returned to logged-out users');
        return;
    }

    my $username = $config->{"${user}_user_login"};
    # FIXME We have no way to create a saved search or a saved report from
    # the WebService, so we cannot test that the correct data is returned
    # if the user is accessing his own account.
    if ($username eq $item->{name}) {
        ok(exists $item->{saved_searches} && exists $item->{saved_reports},
           'Users can get the list of saved searches and reports for their own account');
    }
    else {
        ok(!exists $item->{saved_searches} && !exists $item->{saved_reports},
           "Users cannot get the list of saved searches and reports from someone else's acccount");
    }

    my @groups = map { $_->{name} } @{$item->{groups}};
    # Admins can see all groups a user belongs to (assuming they inherited
    # membership for all groups). Same for a user querying his own account.
    if ($username eq $item->{name} || $user eq 'admin') {
        if ($username eq $get_user) {
            ok(!scalar @groups, "The unprivileged user doesn't belong to any group");
        }
        elsif ($username eq $canconfirm_user) {
            ok(grep($_ eq 'canconfirm', @groups), "Group 'canconfirm' returned");
        }
    }
    else {
        ok(!scalar @groups, "No groups are visible to users without bless privs");
    }
}

foreach my $rpc (@clients) {
    $rpc->bz_run_tests(tests => \@tests, method => 'User.get',
                       post_success => \&post_success);

    #############################
    # Include and Exclude Tests #
    #############################

    my $include_nothing = $rpc->bz_call_success('User.get', {
        names => [$get_user], include_fields => ['asdfasdfsdf'],
    }, 'User.get including only invalid fields');
    is(scalar keys %{ $include_nothing->result->{users}->[0] }, 0,
       'No fields returned for user');

    my $include_one = $rpc->bz_call_success('User.get', {
        names => [$get_user], include_fields => ['id'],
    }, 'User.get including only id');
    is(scalar keys %{ $include_one->result->{users}->[0] }, 1,
       'Only one field returned for user');

    my $exclude_none = $rpc->bz_call_success('User.get', {
        names => [$get_user], exclude_fields => ['asdfasdfsdf'],
    }, 'User.get excluding only invalid fields');
    is(scalar keys %{ $exclude_none->result->{users}->[0] }, 3,
       'All fields returned for user');

    my $exclude_one = $rpc->bz_call_success('User.get', {
        names => [$get_user], exclude_fields => ['id'],
    }, 'User.get excluding id');
    is(scalar keys %{ $exclude_one->result->{users}->[0] }, 2,
       'Only two fields returned for user');

    my $override = $rpc->bz_call_success('User.get', {
        names => [$get_user], include_fields => ['id', 'name'],
        exclude_fields => ['id']
    }, 'User.get with both include and exclude');
    is(scalar keys %{ $override->result->{users}->[0] }, 1,
       'Only one field returned');
    ok(exists $override->result->{users}->[0]->{name},
       '...and that field is the "name" field');
}