-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
gcp: respect permissions inherited from parent drives (#563)
Drive shares frequently get recreated because we fail to page through all results (we likely have over 100 shares for large folders), and when deletion was enabled (#540) we would also erroneously delete inherited permissions. Both of these issues result in many users receiving duplicate invites whenever Rocket performs a sync (#510, #497). To amend this, we make the following changes: * Permissions listing is now paginated * Permissions listing now happens for direct parents of target folders - permissions discovered in parents are treated as "inherited", and for these permissions we skip both recreation and deletion Co-authored-by: Cheuk Yin Ng <[email protected]>
- Loading branch information
Showing
3 changed files
with
204 additions
and
91 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -13,56 +13,101 @@ def setUp(self): | |
| self.gcp = GCPInterface(self.mock_drive, | ||
| subject="[email protected]") | ||
|
|
||
| def test_set_drive_permissions(self): | ||
| mock_list = mock.MagicMock() | ||
| mock_list.execute = mock.MagicMock(return_value={ | ||
| def test_ensure_drive_permissions(self): | ||
| # Mocks for files | ||
| mock_files_get = mock.MagicMock() | ||
| mock_files_get.execute = mock.MagicMock(return_value={ | ||
| "parents": [ | ||
| "parent-drive", | ||
| ] | ||
| }) | ||
|
|
||
| mock_files = mock.MagicMock() | ||
| mock_files.get = mock.MagicMock(return_value=mock_files_get) | ||
|
|
||
| # Mocks for permissions | ||
| mock_perms_list_parent = mock.MagicMock() | ||
| mock_perms_list_parent.execute = mock.MagicMock(return_value={ | ||
| "permissions": [ | ||
| { | ||
| # should not be removed (inherited) | ||
| "id": "99", | ||
| "emailAddress": "[email protected]", | ||
| }, | ||
| ] | ||
| }) | ||
| mock_perms_list_target = mock.MagicMock() | ||
| mock_perms_list_target.execute = mock.MagicMock(return_value={ | ||
| "permissions": [ | ||
| { | ||
| # should not be removed or created (exists in email list) | ||
| "id": "1", | ||
| "emailAddress": "[email protected]", | ||
| }, | ||
| { | ||
| # should be removed (does not exist in email list) | ||
| "id": "2", | ||
| "emailAddress": "[email protected]", | ||
| }, | ||
| { | ||
| # should not be removed | ||
| # should not be removed (actor) | ||
| "id": "3", | ||
| "emailAddress": "[email protected]" | ||
| } | ||
| "emailAddress": "[email protected]", | ||
| }, | ||
| { | ||
| # should not be removed (inherited) | ||
| "id": "99", | ||
| "emailAddress": "[email protected]", | ||
| }, | ||
| ] | ||
| }) | ||
| mock_perms_create = mock.MagicMock() | ||
| mock_perms_create.execute = mock.MagicMock(return_value={}) | ||
| mock_perms_delete = mock.MagicMock() | ||
| mock_perms_delete.execute = mock.MagicMock(return_value={}) | ||
|
|
||
| mock_create = mock.MagicMock() | ||
| mock_create.execute = mock.MagicMock(return_value={}) | ||
|
|
||
| mock_delete = mock.MagicMock() | ||
| mock_delete.execute = mock.MagicMock(return_value={}) | ||
| def perms_list_effect(**kwargs): | ||
| if kwargs['fileId'] == 'target-drive': | ||
| return mock_perms_list_target | ||
| if kwargs['fileId'] == 'parent-drive': | ||
| return mock_perms_list_parent | ||
|
|
||
| mock_perms = mock.MagicMock() | ||
| mock_perms.list = mock.MagicMock(return_value=mock_list) | ||
| mock_perms.create = mock.MagicMock(return_value=mock_create) | ||
| mock_perms.delete = mock.MagicMock(return_value=mock_delete) | ||
| mock_perms.list = mock.MagicMock(side_effect=perms_list_effect) | ||
| mock_perms.list_next = mock.MagicMock(return_value=None) | ||
| mock_perms.create = mock.MagicMock(return_value=mock_perms_create) | ||
| mock_perms.delete = mock.MagicMock(return_value=mock_perms_delete) | ||
|
|
||
| # Create Google Drive API | ||
| self.mock_drive.files = mock.MagicMock(return_value=mock_files) | ||
| self.mock_drive.permissions = mock.MagicMock(return_value=mock_perms) | ||
| self.gcp.set_drive_permissions('team', 'abcde', [ | ||
| self.gcp.ensure_drive_permissions('team', 'target-drive', [ | ||
| '[email protected]', | ||
| '[email protected]', | ||
| ], delete_permissions=True) | ||
| ]) | ||
|
|
||
| # initial list | ||
| mock_perms.list.assert_called() | ||
| mock_list.execute.assert_called() | ||
| # initial parent search | ||
| mock_files.get.assert_called_with(fileId='target-drive', | ||
| fields=mock.ANY) | ||
| mock_files_get.execute.assert_called() | ||
| # perms listing | ||
| mock_perms.list.assert_has_calls([ | ||
| mock.call(fileId='parent-drive', | ||
| fields=mock.ANY, pageSize=mock.ANY), | ||
| mock.call(fileId='target-drive', | ||
| fields=mock.ANY, pageSize=mock.ANY), | ||
| ]) | ||
| mock_perms_list_parent.execute.assert_called() | ||
| mock_perms_list_target.execute.assert_called() | ||
| # one email already exists, share to the new one | ||
| mock_perms.create\ | ||
| .assert_called_with(fileId='abcde', | ||
| .assert_called_with(fileId='target-drive', | ||
| body=new_create_permission_body( | ||
| '[email protected]'), | ||
| emailMessage=new_share_message('team'), | ||
| sendNotificationEmail=True, | ||
| supportsAllDrives=True) | ||
| mock_create.execute.assert_called() | ||
| sendNotificationEmail=True) | ||
| mock_perms_create.execute.assert_called() | ||
| # one email should no longer be shared, it is removed | ||
| mock_perms.delete.assert_called_with( | ||
| fileId='abcde', permissionId='2', supportsAllDrives=True) | ||
| mock_delete.execute.assert_called() | ||
| fileId='target-drive', permissionId='2') | ||
| mock_perms_delete.execute.assert_called() | ||