Remove referenced read access when teams are removed
[gitorious:thomas-mainline.git] / test / unit / ldap_group_test.rb
1 # encoding: utf-8
2 #--
3 #   Copyright (C) 2012 Gitorious AS
4 #
5 #   This program is free software: you can redistribute it and/or modify
6 #   it under the terms of the GNU Affero General Public License as published by
7 #   the Free Software Foundation, either version 3 of the License, or
8 #   (at your option) any later version.
9 #
10 #   This program is distributed in the hope that it will be useful,
11 #   but WITHOUT ANY WARRANTY; without even the implied warranty of
12 #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 #   GNU Affero General Public License for more details.
14 #
15 #   You should have received a copy of the GNU Affero General Public License
16 #   along with this program.  If not, see <http://www.gnu.org/licenses/>.
17 #++
18 require 'test_helper'
19
20 class LdapGroupTest < ActiveSupport::TestCase
21   should_validate_presence_of :name
22
23   def setup
24     LdapGroup.any_instance.stubs(:validate_ldap_dns)
25   end
26   
27   context "Ldap group serialization" do
28     setup {
29       @group = ldap_groups(:first_ldap_group)
30       @group.member_dns = ["cn=testers","cn=developers"]
31       @group.save
32     }
33
34     should "provide one membering DN per line" do
35       assert_equal("cn=testers\ncn=developers", @group.ldap_group_names)
36     end
37
38     should "accept a newline separated list of member DNs" do
39       @group.ldap_group_names = "cn=admin\ncn=developers"
40       assert_equal(["cn=admin","cn=developers"], @group.member_dns)
41     end
42   end
43
44   context "Membership" do
45     setup {
46       @group = ldap_groups(:first_ldap_group)
47       @user = users(:johan)
48     }
49
50     should "list filter LDAP groups which are known to us" do
51       stub_ldap_groups(["cn=managers", "cn=admins","cn=developers"]) do        
52         assert_equal([@group], LdapGroup.groups_for_user(@user))
53       end
54     end
55
56     should "return an empty list if no matches are found" do
57       stub_ldap_groups(["cn=managers","cn=temps"]) do
58         assert_equal([], LdapGroup.groups_for_user(@user))
59       end
60     end
61
62     should "not try looking up memberships for anonymous users" do
63       assert_equal([], LdapGroup.groups_for_user(:false))
64     end
65   end
66
67   context "Owner prefix" do
68     setup { @group = ldap_groups(:first_ldap_group) }
69
70     should "use the + prefix" do
71       assert_equal "+FirstLdapGroup", @group.to_param_with_prefix
72     end
73   end
74
75   context "Deletion" do
76     setup { @group = ldap_groups(:first_ldap_group) }
77
78     should "be disallowed for groups owning projects" do
79       p = projects(:johans)
80       p.owner = @group
81       assert p.save
82       refute @group.deletable?
83     end
84
85     should "remove read-access to projects when deleted" do
86       p = projects(:johans)
87       p.content_memberships.create(:content => p, :member => @group)
88       assert_incremented_by ContentMembership, :count, -1 do
89         @group.destroy
90       end
91     end
92   end
93
94   context "LDAP filters" do
95     setup do
96       @group = ldap_groups(:first_ldap_group)
97     end
98
99     should "extract an LDAP filter" do
100       assert_equal "(cn=admins)", @group.generate_ldap_filters_from_dn("cn=admins").to_s
101     end
102
103     should "extract an LDAP filter for two attributes" do
104       assert_equal "(&(cn=admins)(ou=development))", @group.generate_ldap_filters_from_dn("cn=admins,ou=development").to_s
105     end
106   end
107
108   context "Looking up members of a group" do
109     setup do
110       @group = ldap_groups(:first_ldap_group)
111     end
112
113     should "query each membering group for members" do
114       LdapGroup.stubs(:ldap_configurator).returns(stub({
115                                                          :members_attribute_name => "uniquemember",
116                                                          :login_attribute => "cn"
117                                                        }))
118       LdapGroup.expects(:user_dns_in_group).with("cn=testers", "uniquemember").returns(["cn=johan"])
119       LdapGroup.expects(:user_dns_in_group).with("cn=developers","uniquemember").returns([])
120       assert_equal([users(:johan)], @group.members)
121     end
122   end
123
124   def stub_ldap_groups(groups)
125     LdapGroup.stubs(:ldap_group_names_for_user).returns(groups)
126     LdapGroup.stubs(:ldap_configurator).returns(stub(:group_search_dn => nil))
127     yield
128   end
129 end