Fix Issue 100: Improve Path Validation for Writable Directories (#166)

* fix(models): provide clear error messages for restricted path creation (#100)

Signed-off-by: sushant-suse <[email protected]>

* fix #100: updated path, removed useless tests

Signed-off-by: sushant-suse <[email protected]>

---------

Signed-off-by: sushant-suse <[email protected]>

Author: sushant-suse

src/docbuild/models/config/env.py

@@ -310,35 +310,37 @@ class EnvPathsConfig(BaseModel):
     )
     "Path for server root files."
 
-    repo_dir: Path = Field(
+    # --- WRITABLE PATHS START HERE ---
+
+    repo_dir: EnsureWritableDirectory = Field(
         title="Permanent Repository Directory",
         description="The directory where permanent bare Git repositories are stored.",
         examples=["/var/cache/docbuild/repos/permanent-full/"],
     )
     "Path for permanent bare Git repositories."
 
-    tmp_repo_dir: Path = Field(
+    tmp_repo_dir: EnsureWritableDirectory = Field(
         title="Temporary Repository Directory",
         description="Directory used for temporary working copies cloned from permanent bare repos.",
         examples=["/var/cache/docbuild/repos/temporary-branches/"],
     )
     "Directory for temporary working copies."
 
-    base_cache_dir: Path = Field(
+    base_cache_dir: EnsureWritableDirectory = Field(
         title="Base Cache Directory",
         description="The root directory for all application-level caches.",
         examples=["/var/cache/docserv"],
     )
     "Base path for all caches."
 
-    base_server_cache_dir: Path = Field(
+    base_server_cache_dir: EnsureWritableDirectory = Field(
         title="Base Server Cache Directory",
         description="The base directory for server-specific caches.",
         examples=["/var/cache/docserv/doc-example-com"],
     )
     "Base path for server caches."
 
-    meta_cache_dir: Path = Field(
+    meta_cache_dir: EnsureWritableDirectory = Field(
         title="Metadata Cache Directory",
         description="Cache specifically for repository and deliverable metadata.",
         examples=["/var/cache/docbuild/doc-example-com/meta"],

src/docbuild/models/path.py

@@ -57,22 +57,30 @@ def __get_pydantic_core_schema__(
     # --- Validation & Creation Logic ---
 
     @classmethod
-    def validate_and_create(cls, path: Path) -> Self:
-        """Expand user, checks if path exists.
-
-        If not, creates it. Then checks permissions.
-        """
+    def validate_and_create(cls: type[Self], path: Path) -> type[Self]:
+        """Expand user, check existence/permissions, or check parent for creation."""
         # Ensure user expansion happens before any filesystem operations
         path = path.expanduser()
 
-        # 1. Auto-Creation Logic
+        # 1. Existence and Creation Logic
         if not path.exists():
+            # Check if the parent is writable so we can create the directory
+            parent = path.parent
+            # Find the first existing parent directory to check for write permissions.
+            # For a path like '/a/b/c', path.parents is ('/a/b', '/a', '/').
+            # We find the first one in that sequence that exists.
+            parent = next((p for p in path.parents if p.exists()), path.root)
+
+            if not os.access(parent, os.W_OK):
+                raise ValueError(
+                    f"Cannot create directory '{path}'. "
+                    f"Permission denied: Parent directory '{parent}' is not writable."
+                )
+
             try:
-                # parents=True: creates /tmp/a/b even if /tmp/a doesn't exist
-                # exist_ok=True: prevents race conditions
                 path.mkdir(parents=True, exist_ok=True)
             except OSError as e:
-                raise ValueError(f"Could not create directory '{path}': {e}") from e
+                raise ValueError(f"Failed to create directory '{path}': {e.strerror}") from e
 
         # 2. Type Check
         if not path.is_dir():
@@ -93,7 +101,6 @@ def validate_and_create(cls, path: Path) -> Self:
                 f"Missing: {', '.join(missing_perms)}"
             )
 
-        # Return an instance of the custom type (the __init__ method runs next)
         return cls(path)
 
     # --- Usability Methods ---

tests/models/config/test_env.py

@@ -9,6 +9,7 @@
 
 import docbuild.config.app as config_app_mod
 from docbuild.models.config.env import EnvConfig
+from docbuild.models.path import EnsureWritableDirectory
 
 # --- Fixture Setup ---
 
@@ -83,7 +84,12 @@ def mock_placeholder_resolution(monkeypatch):
 
 @pytest.fixture
 def mock_valid_raw_env_data(tmp_path: Path) -> dict[str, Any]:
-    """Provide a minimal, valid dictionary representing env.toml data."""
+    """Provide a minimal, valid dictionary representing env.toml data with writable paths."""
+
+    # Create a base directory for the test inside the pytest temp folder
+    base = tmp_path / "docbuild_test"
+    base.mkdir()
+
     nested_xslt_params = {
         "external": {"js": {"onlineonly": "/docserv/res/extra.js"}},
         "show": {"edit": {"link": 1}},
@@ -106,18 +112,21 @@ def mock_valid_raw_env_data(tmp_path: Path) -> dict[str, Any]:
             "canonical_url_domain": "https://docs.example.com",
         },
         "paths": {
-            "config_dir": str(tmp_path / "config"),
-            "root_config_dir": "/etc/docbuild",
-            "jinja_dir": "/etc/docbuild/jinja",
-            "server_rootfiles_dir": "/etc/docbuild/rootfiles",
-            "base_server_cache_dir": "/var/cache/docserv/server",
-            "base_tmp_dir": "/var/tmp/docbuild",
-            "repo_dir": "/var/cache/docbuild/repos/permanent-full/",
-            "tmp_repo_dir": "/var/cache/docbuild/repos/temporary-branches/",
-            "base_cache_dir": "/var/cache/docserv",
-            "meta_cache_dir": "/var/cache/docbuild/doc-example-com/meta",
+            "config_dir": str(base / "config"),
+            "root_config_dir": str(base / "etc/docbuild"),
+            "jinja_dir": str(base / "etc/docbuild/jinja"),
+            "server_rootfiles_dir": str(base / "etc/docbuild/rootfiles"),
+
+            # These use EnsureWritableDirectory - MUST be in tmp_path
+            "base_cache_dir": str(base / "cache"),
+            "base_server_cache_dir": str(base / "cache/server"),
+            "base_tmp_dir": str(base / "var/tmp"),
+            "repo_dir": str(base / "repos/perm"),
+            "tmp_repo_dir": str(base / "repos/temp"),
+            "meta_cache_dir": str(base / "cache/meta"),
+
             "tmp": {
-                "tmp_base_dir": "/var/tmp/docbuild",
+                "tmp_base_dir": str(base / "var/tmp"),
                 "tmp_dir": "{tmp_base_dir}/doc-example-com",
                 "tmp_deliverable_dir": "{tmp_dir}/deliverable/",
                 "tmp_build_base_dir": "{tmp_dir}/build",
@@ -129,7 +138,7 @@ def mock_valid_raw_env_data(tmp_path: Path) -> dict[str, Any]:
             "target": {
                 "target_base_dir": "[email protected]:/srv/docs",
                 "target_dir_dyn": "{{product}}",
-                "backup_dir": Path("/data/docbuild/external-builds/"),
+                "backup_dir": str(base / "backups"),
             },
         },
         "build": {
@@ -150,7 +159,7 @@ def test_envconfig_full_success(mock_valid_raw_env_data: dict[str, Any]):
     assert isinstance(config, EnvConfig)
 
     # Check type coercion for core types
-    assert isinstance(config.paths.base_cache_dir, Path)
+    assert isinstance(config.paths.base_cache_dir, EnsureWritableDirectory)
 
     # Check tmp_dir instead of tmp_path
     assert config.paths.tmp.tmp_dir.is_absolute()

tests/models/test_path.py

@@ -22,39 +22,6 @@ class PathTestModel(BaseModel):
 # --- Test Cases ---
 
 
-def test_writable_directory_success_exists(tmp_path: Path):
-    """Test validation succeeds for an existing, writable directory."""
-    existing_dir = tmp_path / "existing_test_dir"
-    existing_dir.mkdir()
-
-    # Validation should succeed and return the custom type instance
-    model = PathTestModel(writable_dir=existing_dir)  # type: ignore
-
-    assert isinstance(model.writable_dir, EnsureWritableDirectory)
-    assert Path(str(model.writable_dir)).resolve() == existing_dir.resolve()
-    assert model.writable_dir.is_dir()  # Test __getattr__ functionality
-
-
-def test_writable_directory_success_create_new(tmp_path: Path):
-    """Test validation succeeds and creates a new directory.
-
-    This test ensures that if the provided path does not exist, it is
-    automatically created with the necessary parent directories.
-    """
-    new_dir = tmp_path / "non_existent" / "deep" / "path"
-
-    # Assert precondition: Path does not exist
-    assert not new_dir.exists()
-
-    # Validation should trigger auto-creation
-    model = PathTestModel(writable_dir=new_dir)  # type: ignore
-
-    # Assert postcondition: Path now exists and is a directory
-    assert model.writable_dir.exists()
-    assert model.writable_dir.is_dir()
-    assert Path(str(model.writable_dir)).resolve() == new_dir.resolve()
-
-
 def test_writable_directory_path_expansion(monkeypatch, tmp_path: Path):
     """Test that the path correctly expands the user home directory (~)."""
     # 1. Setup Mock Home Directory
@@ -85,82 +52,6 @@ def test_writable_directory_failure_not_a_directory(tmp_path: Path):
     assert "Path exists but is not a directory" in excinfo.value.errors()[0]["msg"]
 
 
-def test_writable_directory_failure_not_writable(tmp_path: Path, monkeypatch):
-    """Test validation fails when the directory lacks write permission.
-
-    This test is robust against being run by the root user by patching
-    ``os.access`` to simulate a write permission failure.
-    """
-    read_only_dir = tmp_path / "read_only_dir"
-    read_only_dir.mkdir()
-
-    _original_os_access = os.access
-
-    # Patch os.access() to always report write permission is MISSING on this directory
-    def fake_access(path, mode):
-        # If we are checking the specific read_only directory for WRITE
-        # permission, fail it.
-        if path == read_only_dir.resolve() and mode == os.W_OK:
-            return False
-
-        # Otherwise, call the safely stored original function.
-        return _original_os_access(path, mode)
-
-    monkeypatch.setattr(os, "access", fake_access)
-
-    # The actual chmod is now primarily symbolic, the mock forces the logic path
-    read_only_dir.chmod(0o444)
-
-    try:
-        with pytest.raises(ValidationError) as excinfo:
-            PathTestModel(writable_dir=read_only_dir)  # type: ignore
-
-        assert (
-            "Insufficient permissions for directory" in excinfo.value.errors()[0]["msg"]
-        )
-        assert "WRITE" in excinfo.value.errors()[0]["msg"]
-    finally:
-        # Restore permissions to ensure cleanup (Crucial for CI)
-        read_only_dir.chmod(0o777)
-
-
-def test_writable_directory_failure_not_executable(tmp_path: Path, monkeypatch):
-    """Test validation fails when the directory lacks execute permission.
-
-    This test is robust against being run by the root user by patching
-    ``os.access`` to simulate an execute/search permission failure.
-    """
-    no_exec_dir = tmp_path / "no_exec_dir"
-    no_exec_dir.mkdir()
-
-    _original_os_access = os.access
-
-    # Patch os.access() to always report execute permission is MISSING
-    def fake_access(path, mode):
-        if path == no_exec_dir.resolve() and mode == os.X_OK:
-            return False  # Force failure on execute check
-
-        # Otherwise, call the safely stored original function.
-        return _original_os_access(path, mode)
-
-    monkeypatch.setattr(os, "access", fake_access)
-
-    # The actual chmod is now primarily symbolic, the mock forces the logic path
-    no_exec_dir.chmod(0o666)
-
-    try:
-        with pytest.raises(ValidationError) as excinfo:
-            PathTestModel(writable_dir=no_exec_dir)  # type: ignore
-
-        assert (
-            "Insufficient permissions for directory" in excinfo.value.errors()[0]["msg"]
-        )
-        assert "EXECUTE" in excinfo.value.errors()[0]["msg"]
-    finally:
-        # Restore permissions
-        no_exec_dir.chmod(0o777)
-
-
 def test_writable_directory_failure_mkdir_os_error(monkeypatch, tmp_path: Path):
     """Test that an OSError during directory creation is handled.
 
@@ -184,7 +75,7 @@ def mock_mkdir(*args, **kwargs):
     # Assert that the error is correctly wrapped in a ValueError/ValidationError
     error_msg = excinfo.value.errors()[0]["msg"]
     assert "Value error" in error_msg
-    assert "Could not create directory" in error_msg
+    assert "Failed to create directory" in error_msg
     assert "Simulated permission denied" in error_msg
 
 
@@ -229,3 +120,76 @@ def test_fspath_protocol_compatibility(
     result = path_consumer(custom_path_obj)
     expected = expected_factory(test_dir)
     assert result == expected
+
+
+def test_writable_directory_failure_parent_not_writable(tmp_path: Path, monkeypatch):
+    """Test validation fails when the parent directory is not writable.
+
+    This simulates the scenario where a user tries to create a directory
+    in a protected root folder (like /data).
+    """
+    # 1. Setup a "protected" parent and a target child
+    protected_parent = tmp_path / "protected_parent"
+    protected_parent.mkdir()
+    target_dir = protected_parent / "new_child_dir"
+
+    # 2. Mock os.access to report the parent as NOT writable
+    _original_os_access = os.access
+
+    def fake_access(path, mode):
+        # Resolve path to ensure comparison works on all OSs
+        if str(path) == str(protected_parent.resolve()) and mode == os.W_OK:
+            return False
+        return _original_os_access(path, mode)
+
+    monkeypatch.setattr(os, "access", fake_access)
+
+    # 3. Action & Assertions
+    with pytest.raises(ValidationError) as excinfo:
+        PathTestModel(writable_dir=target_dir)  # type: ignore
+
+    error_msg = excinfo.value.errors()[0]["msg"]
+    assert "Cannot create directory" in error_msg
+    assert "Permission denied: Parent directory" in error_msg
+    assert str(protected_parent.resolve()) in error_msg
+
+
+@pytest.mark.parametrize(
+    "permission_to_fail, expected_missing_perm",
+    [
+        (os.R_OK, "READ"),
+        (os.W_OK, "WRITE"),
+        (os.X_OK, "EXECUTE"),
+    ],
+    ids=["missing_read", "missing_write", "missing_execute"],
+)
+def test_writable_directory_permission_failures(
+    tmp_path: Path, monkeypatch, permission_to_fail, expected_missing_perm
+):
+    """Test validation fails when a specific permission is missing.
+
+    This test is robust against being run by the root user by patching
+    ``os.access`` to simulate a specific permission failure (R, W, or X).
+    """
+    test_dir = tmp_path / "permission_test_dir"
+    test_dir.mkdir()
+
+    original_os_access = os.access
+
+    # Patch os.access() to fail only the specified permission check for our test directory.
+    def fake_access(path, mode):
+        # Resolve path to ensure comparison works reliably across OSs
+        if Path(path).resolve() == test_dir.resolve() and mode == permission_to_fail:
+            return False
+
+        # For all other checks, or other paths, use the original behavior.
+        return original_os_access(path, mode)
+
+    monkeypatch.setattr(os, "access", fake_access)
+
+    with pytest.raises(ValidationError) as excinfo:
+        PathTestModel(writable_dir=test_dir)  # type: ignore
+
+    error_msg = excinfo.value.errors()[0]["msg"]
+    assert "Insufficient permissions for directory" in error_msg
+    assert f"Missing: {expected_missing_perm}" in error_msg