Add TeamSync database and API support

Teams can now have a TeamSync entry in the database, indicating how they are synced via an external group. If found, then the user membership of the team cannot be changed via the API.
2017-02-17 12:01:41 -05:00 · 2017-02-17 12:01:41 -05:00 · f5a854c189
commit f5a854c189
parent d718829f5d
5 changed files with 131 additions and 13 deletions
--- a/test/test_api_usage.py
+++ b/test/test_api_usage.py
@ -7,6 +7,7 @@ import time
 import re
 import json as py_json

+from mock import patch
 from StringIO import StringIO
 from calendar import timegm
 from contextlib import contextmanager
@ -77,6 +78,7 @@ from endpoints.api.suconfig import (SuperUserRegistryStatus, SuperUserConfig, Su
                                    SuperUserCreateInitialSuperUser)
 from endpoints.api.manifest import RepositoryManifestLabels, ManageRepositoryManifestLabel
 from test.test_ssl_util import generate_test_cert
+from util.morecollections import AttrDict


 try:
@ -1592,6 +1594,54 @@ class TestUpdateOrganizationTeamMember(ApiTestCase):
      self.assertNotEqual(membername, member['name'])


+  def test_updatemembers_syncedteam(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    with patch('endpoints.api.team.authentication', AttrDict({'federated_service': 'foobar'})):
+      # Add the user to a non-synced team, which should succeed.
+      self.putJsonResponse(TeamMember,
+                           params=dict(orgname=ORGANIZATION, teamname='owners',
+                                       membername=READ_ACCESS_USER))
+
+      # Remove the user from the non-synced team, which should succeed.
+      self.deleteEmptyResponse(TeamMember,
+                               params=dict(orgname=ORGANIZATION, teamname='owners',
+                                           membername=READ_ACCESS_USER))
+
+      # Attempt to add the user to a synced team, which should fail.
+      self.putResponse(TeamMember,
+                       params=dict(orgname=ORGANIZATION, teamname='synced',
+                                   membername=READ_ACCESS_USER),
+                       expected_code=400)
+
+      # Attempt to remove the user from the synced team, which should fail.
+      self.deleteResponse(TeamMember,
+                          params=dict(orgname=ORGANIZATION, teamname='synced',
+                                      membername=READ_ACCESS_USER),
+                          expected_code=400)
+
+      # Add a robot to the synced team, which should succeed.
+      self.putJsonResponse(TeamMember,
+                           params=dict(orgname=ORGANIZATION, teamname='synced',
+                                       membername=ORGANIZATION + '+coolrobot'))
+
+      # Remove the robot from the non-synced team, which should succeed.
+      self.deleteEmptyResponse(TeamMember,
+                               params=dict(orgname=ORGANIZATION, teamname='synced',
+                                           membername=ORGANIZATION + '+coolrobot'))
+
+      # Invite a team member to a non-synced team, which should succeed.
+      self.putJsonResponse(InviteTeamMember,
+                           params=dict(orgname=ORGANIZATION, teamname='owners',
+                                       email='someguy+new@devtable.com'))
+
+      # Attempt to invite a team member to a synced team, which should fail.
+      self.putResponse(InviteTeamMember,
+                       params=dict(orgname=ORGANIZATION, teamname='synced',
+                                   email='someguy+new@devtable.com'),
+                       expected_code=400)
+
+
 class TestAcceptTeamMemberInvite(ApiTestCase):
  def test_accept(self):
    self.login(ADMIN_ACCESS_USER)