← Back to team overview

launchpad-reviewers team mailing list archive

[Merge] ~jugmac00/launchpad:refactor-archive-permissions into launchpad:master

 

Jürgen Gmach has proposed merging ~jugmac00/launchpad:refactor-archive-permissions into launchpad:master.

Commit message:
Convert archive permissions tests to unit tests

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~jugmac00/launchpad/+git/launchpad/+merge/436144
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~jugmac00/launchpad:refactor-archive-permissions into launchpad:master.
diff --git a/lib/lp/soyuz/doc/archive.rst b/lib/lp/soyuz/doc/archive.rst
index 870e9d9..d260e89 100644
--- a/lib/lp/soyuz/doc/archive.rst
+++ b/lib/lp/soyuz/doc/archive.rst
@@ -1923,37 +1923,6 @@ Re-enable Celso's PPA.
     >>> login("foo.bar@xxxxxxxxxxxxx")
     >>> cprov_archive.enable()
 
-PPA or commercial admins can manage the privacy and build settings of any
-PPA.  Additionally, a member of launchpad-ppa-self-admins can manage those
-settings on PPAs that they can otherwise edit.
-
-    >>> login("celso.providelo@xxxxxxxxxxxxx")
-    >>> check_permission("launchpad.Admin", cprov_archive)
-    False
-
-    >>> ppa_admin = getUtility(IPersonSet).getByName("launchpad-ppa-admins")
-    >>> ppa_admin_member = factory.makePerson(
-    ...     email="ppa-member@xxxxxxxxxxxxx", member_of=[ppa_admin]
-    ... )
-    >>> login("ppa-member@xxxxxxxxxxxxx")
-    >>> check_permission("launchpad.Admin", cprov_archive)
-    True
-
-    >>> login("commercial-member@xxxxxxxxxxxxx")
-    >>> check_permission("launchpad.Admin", cprov_archive)
-    True
-
-    >>> celeb = getUtility(IPersonSet).getByName("launchpad-ppa-self-admins")
-    >>> celeb.addMember(person=cprov, reviewer=celeb.teamowner)
-    (True, ...)
-
-    >>> login("celso.providelo@xxxxxxxxxxxxx")
-    >>> check_permission("launchpad.Admin", cprov_archive)
-    True
-    >>> check_permission("launchpad.Admin", joes_ppa)
-    False
-
-
 Rebuild archives
 ----------------
 
diff --git a/lib/lp/soyuz/tests/test_archive.py b/lib/lp/soyuz/tests/test_archive.py
index dbef25a..3febf74 100644
--- a/lib/lp/soyuz/tests/test_archive.py
+++ b/lib/lp/soyuz/tests/test_archive.py
@@ -65,6 +65,7 @@ from lp.services.job.interfaces.job import JobStatus
 from lp.services.macaroons.testing import MacaroonVerifies
 from lp.services.propertycache import clear_property_cache, get_property_cache
 from lp.services.timeout import default_timeout
+from lp.services.webapp.authorization import check_permission
 from lp.services.webapp.interfaces import OAuthPermission
 from lp.services.worlddata.interfaces.country import ICountrySet
 from lp.soyuz.adapters.archivedependencies import get_sources_list_for_building
@@ -129,6 +130,7 @@ from lp.testing import (
     admin_logged_in,
     celebrity_logged_in,
     login,
+    login_celebrity,
     login_person,
     person_logged_in,
 )
@@ -6629,3 +6631,36 @@ class TestMarkSuiteDirty(TestCaseWithFactory):
             ["%s-updates" % distroseries.name, distroseries.name],
             archive.dirty_suites,
         )
+
+
+class TestArchivePermissions(TestCaseWithFactory):
+
+    layer = DatabaseFunctionalLayer
+
+    def test_archive_owner_does_not_have_admin(self):
+        archive = self.factory.makeArchive()
+        login_person(archive.owner)
+        self.assertFalse(check_permission("launchpad.Admin", archive))
+
+    def test_archive_launchpad_ppa_admins_have_admin(self):
+        archive = self.factory.makeArchive()
+        login_celebrity("ppa_admin")
+        self.assertTrue(check_permission("launchpad.Admin", archive))
+
+    def test_archive_commercial_admin_have_admin(self):
+        archive = self.factory.makeArchive()
+        login_celebrity("commercial_admin")
+        self.assertTrue(check_permission("launchpad.Admin", archive))
+
+    def test_launchpad_ppa_self_admins_no_admin_for_other_archives(self):
+        archive = self.factory.makeArchive()
+        # archive owner is not part of `ppa_self_admins`
+        login_celebrity("ppa_self_admins")
+        self.assertFalse(check_permission("launchpad.Admin", archive))
+
+    def test_launchpad_ppa_self_admins_have_admin_for_own_archives(self):
+        celeb = getUtility(IPersonSet).getByName("launchpad-ppa-self-admins")
+        owner = self.factory.makePerson(member_of=[celeb])
+        archive = self.factory.makeArchive(owner=owner)
+        login_person(archive.owner)
+        self.assertTrue(check_permission("launchpad.Admin", archive))