launchpad-reviewers team mailing list archive

[Enrique Sánchez <mp+493451@xxxxxxxxxxxxxxxxxx>]

Diff comments:

> diff --git a/lib/lp/bugs/tests/test_cve.py b/lib/lp/bugs/tests/test_cve.py
> index 23fd423..3f3107d 100644
> --- a/lib/lp/bugs/tests/test_cve.py
> +++ b/lib/lp/bugs/tests/test_cve.py
> @@ -383,3 +260,51 @@ class TestCve(TestCaseWithFactory):
>          # Admin can see the PROPRIETARY vulnerability
>          with admin_logged_in():
>              self.assertEqual(vulnerability, cve.vulnerabilities[0])
> +
> +    def test_cve_permissions_anonymous(self):
> +        """Test that anonymous user cannot view, edit or delete."""
> +        self.assertFalse(checkPermission("launchpad.View", self.cve))
> +        self.assertFalse(checkPermission("launchpad.Edit", self.cve))
> +        self.assertFalse(checkPermission("launchpad.Delete", self.cve))
> +
> +    def test_cve_permissions_authenticated(self):
> +        """Test that logged in user can view but not edit or delete."""
> +        person = self.factory.makePerson()
> +
> +        with person_logged_in(person):
> +            self.assertTrue(checkPermission("launchpad.View", self.cve))
> +            self.assertFalse(checkPermission("launchpad.Edit", self.cve))
> +            self.assertFalse(checkPermission("launchpad.Delete", self.cve))
> +
> +    def test_cve_permissions_admin(self):
> +        """Test that admin can view, edit and delete."""
> +        with admin_logged_in():
> +            self.assertTrue(checkPermission("launchpad.View", self.cve))
> +            self.assertTrue(checkPermission("launchpad.Edit", self.cve))
> +            self.assertTrue(checkPermission("launchpad.Delete", self.cve))
> +
> +    def test_cve_readonly(self):

do you think this test is useful? We are already checking that InternalScripts will be able to modify them in `test_cveimport.py`.

> +        """Test that app code cannot update Cve attributes, but
> +        InternalScripts can."""
> +        failure_regex = ".*InternalScriptsOnly"
> +
> +        with ExpectedException(Unauthorized, failure_regex):
> +            self.cve.sequence = "2099-9876"
> +        with ExpectedException(Unauthorized, failure_regex):
> +            self.cve.status = CveStatus.DEPRECATED
> +        with ExpectedException(Unauthorized, failure_regex):
> +            self.cve.description = "example"
> +        with ExpectedException(Unauthorized, failure_regex):
> +            self.cve.datecreated = datetime.utcnow()
> +        with ExpectedException(Unauthorized, failure_regex):
> +            self.cve.datemodified = datetime.utcnow()
> +        with ExpectedException(Unauthorized, failure_regex):
> +            self.cve.references = []
> +        with ExpectedException(Unauthorized, failure_regex):
> +            self.cve.date_made_public = datetime.utcnow()
> +        with ExpectedException(Unauthorized, failure_regex):
> +            self.cve.discovered_by = "example person"
> +        with ExpectedException(Unauthorized, failure_regex):
> +            self.cve._cvss = {"example authority": ["example score"]}
> +        with ExpectedException(Unauthorized, failure_regex):
> +            self.cve.metadata = {"meta": "data"}


-- 
https://code.launchpad.net/~enriqueesanchz/launchpad/+git/launchpad/+merge/493451
Your team Launchpad code reviewers is requested to review the proposed merge of ~enriqueesanchz/launchpad:add-metadata-cve-model into launchpad:master.