chore> implement tools segmentation

gitstart_bot · gitstart_bot · commit 7e0c98468ae0 · 2025-02-21T19:12:17.000Z
diff --git a/server/covmanager/views.py b/server/covmanager/views.py
@@ -12,7 +12,7 @@
 from rest_framework import filters, mixins, viewsets
 from rest_framework.authentication import SessionAuthentication, TokenAuthentication
 
-from crashmanager.models import Tool
+from crashmanager.models import Tool, User
 from server.views import JsonQueryFilterBackend, SimpleQueryFilterBackend
 
 from .models import Collection, Report, ReportConfiguration, ReportSummary, Repository
@@ -715,6 +715,25 @@ class CollectionViewSet(
         CollectionFilterBackend,
     ]
 
+    def create(self, request, *args, **kwargs):
+        """Check user has access to tools before creation"""
+        tools_str = request.data.get('tools')
+        requested_tools = set(tools_str.split(','))
+
+        user = User.get_or_create_restricted(request.user)[0]
+        if user.restricted:
+            allowed_tools = set(user.defaultToolsFilter.values_list('name', flat=True))
+            if not allowed_tools:
+                raise PermissionDenied({"message": "No tools assigned to user"})
+
+            unauthorized_tools = requested_tools - allowed_tools
+            if unauthorized_tools:
+                raise PermissionDenied(
+                    {"message": f"You don't have permission to use the following tools: {', '.join(unauthorized_tools)}"}
+                )
+
+        return super().create(request, *args, **kwargs)
+
 
 class ReportFilterBackend(filters.BaseFilterBackend):
     """
diff --git a/server/crashmanager/management/commands/add_tool_to_token.py b/server/crashmanager/management/commands/add_tool_to_token.py
@@ -0,0 +1,37 @@
+from django.core.management.base import BaseCommand
+from rest_framework.authtoken.models import Token
+from crashmanager.models import Tool, User as CrashManagerUser
+
+
+class Command(BaseCommand):
+    help = "Assigns a tool to a user's defaultToolsFilter by looking up their token and ensures the user is restricted."
+
+    def add_arguments(self, parser):
+        parser.add_argument("token", help="The token string from get_auth_token command")
+        parser.add_argument("tool_name", help="Name of the tool to add")
+
+    def handle(self, *args, **options):
+        token_str = options["token"]
+        tool_name = options["tool_name"]
+
+        try:
+            token_obj = Token.objects.get(key=token_str)
+        except Token.DoesNotExist:
+            print(f"No token found for {token_str}")
+            return
+
+        crash_manager_user = CrashManagerUser.get_or_create_restricted(token_obj.user)[0]
+
+        tool, created = Tool.objects.get_or_create(name=tool_name)
+        if created:
+            print(f"Tool '{tool_name}' was created.")
+
+        # Ensure the user is restricted, so they can only access the tool being added
+        if not crash_manager_user.restricted:
+            crash_manager_user.restricted = True
+            crash_manager_user.save()
+            print(f"User '{crash_manager_user.user.username}' has been restricted for security.")
+
+        crash_manager_user.defaultToolsFilter.add(tool)
+
+        print(f"Tool '{tool_name}' added to user '{crash_manager_user.user.username}'.")
diff --git a/server/crashmanager/management/commands/remove_tool_from_token.py b/server/crashmanager/management/commands/remove_tool_from_token.py
@@ -0,0 +1,41 @@
+from django.core.management.base import BaseCommand
+from rest_framework.authtoken.models import Token
+from crashmanager.models import Tool, User as CrashManagerUser
+import sys
+
+
+class Command(BaseCommand):
+    help = "Removes a tool from a user's defaultToolsFilter by looking up their token."
+
+    def add_arguments(self, parser):
+        parser.add_argument("token", help="The token string from get_auth_token command")
+        parser.add_argument("tool_name", help="Name of the tool to remove")
+
+    def handle(self, *args, **options):
+        token_str = options["token"]
+        tool_name = options["tool_name"]
+
+        try:
+            token_obj = Token.objects.get(key=token_str)
+        except Token.DoesNotExist:
+            print(f"No token found for {token_str}")
+            return
+
+        crash_manager_user = CrashManagerUser.get_or_create_restricted(token_obj.user)[0]
+
+        try:
+            tool = Tool.objects.get(name=tool_name)
+        except Tool.DoesNotExist:
+            print(f"Error: Tool '{tool_name}' is not present in the database")
+            return
+
+        crash_manager_user.defaultToolsFilter.remove(tool)
+
+        # Keep user restricted regardless of tool count
+        if not crash_manager_user.restricted:
+            crash_manager_user.restricted = True
+            crash_manager_user.save()
+        if not crash_manager_user.defaultToolsFilter.exists():
+            print(f"User '{crash_manager_user.user.username}' has no tools assigned but remains restricted.")
+
+        print(f"Tool '{tool_name}' removed from user '{crash_manager_user.user.username}'.")
diff --git a/server/crashmanager/tests/test_mgmt_tool_token.py b/server/crashmanager/tests/test_mgmt_tool_token.py
@@ -0,0 +1,128 @@
+"""Tests for add/remove tool management commands
+
+@license:
+This Source Code Form is subject to the terms of the Mozilla Public
+License, v. 2.0. If a copy of the MPL was not distributed with this
+file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"""
+import pytest
+from django.core.management import CommandError, call_command
+from django.contrib.auth.models import User
+from rest_framework.authtoken.models import Token
+from crashmanager.models import Tool, User as CrashManagerUser
+
+pytestmark = pytest.mark.django_db()
+
+def test_add_tool_to_token_new_tool(capsys):
+    """Test adding new tool to user's filter"""
+    user = User.objects.create_user("testuser")
+    token = Token.objects.create(user=user)
+
+    call_command("add_tool_to_token", token.key, "newtool")
+
+    # Check command output
+    out, _ = capsys.readouterr()
+    assert "Tool 'newtool' was created." in out
+    assert "added to user" in out
+
+    # Verify database state
+    cm_user = CrashManagerUser.objects.get(user=user)
+    assert cm_user.restricted is True
+    assert cm_user.defaultToolsFilter.filter(name="newtool").exists()
+
+def test_add_tool_to_token_existing_tool(capsys):
+    """Test adding existing tool doesn't recreate it"""
+    # Create tool first
+    Tool.objects.create(name="existingtool")
+
+    user = User.objects.create_user("testuser")
+    token = Token.objects.create(user=user)
+
+    call_command("add_tool_to_token", token.key, "existingtool")
+
+    # Check command output
+    out, _ = capsys.readouterr()
+    assert "Tool 'existingtool' was created." not in out
+    assert "added to user" in out
+
+def test_add_tool_to_token_restricts_user(capsys):
+    """Test unrestricted user becomes restricted when adding tool"""
+    user = User.objects.create_user("testuser")
+    cm_user = CrashManagerUser.get_or_create_restricted(user)[0]
+    cm_user.restricted = False
+    cm_user.save()
+
+    token = Token.objects.create(user=user)
+
+    call_command("add_tool_to_token", token.key, "newtool")
+
+    # Check warning message
+    out, _ = capsys.readouterr()
+    assert "has been restricted for security" in out
+
+    # Verify restriction
+    cm_user.refresh_from_db()
+    assert cm_user.restricted is True
+
+def test_remove_tool_from_token_exists(capsys):
+    """Test removing existing tool from filter"""
+    user = User.objects.create_user("testuser")
+    cm_user = CrashManagerUser.get_or_create_restricted(user)[0]
+    tool = Tool.objects.create(name="oldtool")
+    cm_user.defaultToolsFilter.add(tool)
+
+    token = Token.objects.create(user=user)
+
+    call_command("remove_tool_from_token", token.key, "oldtool")
+
+    # Check output
+    out, _ = capsys.readouterr()
+    assert "removed from user" in out
+    assert not cm_user.defaultToolsFilter.filter(name="oldtool").exists()
+
+def test_remove_tool_from_token_last_tool(capsys):
+    """Test warning when removing last tool"""
+    user = User.objects.create_user("testuser")
+    cm_user = CrashManagerUser.get_or_create_restricted(user)[0]
+    tool = Tool.objects.create(name="lasttool")
+    cm_user.defaultToolsFilter.add(tool)
+
+    token = Token.objects.create(user=user)
+
+    call_command("remove_tool_from_token", token.key, "lasttool")
+
+    # Check warning
+    out, _ = capsys.readouterr()
+    assert "has no tools assigned" in out
+
+    # Refresh from DB to get updated restriction status
+    cm_user.refresh_from_db()
+    assert cm_user.restricted is True
+
+def test_remove_tool_from_token_nonexistent(capsys):
+    """Test removing non-existent tool shows error"""
+    user = User.objects.create_user("testuser")
+    token = Token.objects.create(user=user)
+
+    # Should return normally with error message
+    call_command("remove_tool_from_token", token.key, "notexist")
+
+    # Verify error message
+    out, _ = capsys.readouterr()
+    assert "Error: Tool 'notexist' is not present in the database" in out
+
+    # Verify no changes to tools
+    cm_user = CrashManagerUser.objects.get(user=user)
+    assert cm_user.defaultToolsFilter.count() == 0
+
+def test_add_tool_to_token_invalid_token(capsys):
+    """Test error handling for invalid token"""
+    call_command("add_tool_to_token", "invalid", "tool")
+    out, _ = capsys.readouterr()
+    assert "No token found for invalid" in out
+
+def test_remove_tool_from_token_invalid_token(capsys):
+    """Test error handling for invalid token"""
+    call_command("remove_tool_from_token", "invalid", "tool")
+    out, _ = capsys.readouterr()
+    assert "No token found for invalid" in out
diff --git a/server/crashmanager/tests/test_tool_segmentation.py b/server/crashmanager/tests/test_tool_segmentation.py
diff --git a/server/crashmanager/views.py b/server/crashmanager/views.py
