def test_modify_acl_ok(self):
self.mock(utils, 'utcnow', lambda: datetime.datetime(2014, 1, 1))
resp = self.call_api(
'modify_acl', {
'package_path':
'a/b',
'changes': [
{
'action': 'GRANT',
'role': 'OWNER',
'principal': 'user:[email protected]',
},
{
'action': 'GRANT',
'role': 'READER',
'principal': 'group:readers-group',
},
{
'action': 'REVOKE',
'role': 'WRITER',
'principal': 'anonymous:anonymous',
},
],
})
self.assertEqual(200, resp.status_code)
self.assertEqual({'status': 'SUCCESS'}, resp.json_body)
owner = acl.get_package_acls('a/b/c', 'OWNER')
self.assertEqual(1, len(owner))
self.assertEqual(
{
'groups': [],
'modified_by':
auth.Identity(kind='user', name='*****@*****.**'),
'modified_ts':
datetime.datetime(2014, 1, 1, 0, 0),
'rev':
1,
'users': [auth.Identity(kind='user', name='*****@*****.**')],
}, owner[0].to_dict())
reader = acl.get_package_acls('a/b/c', 'READER')
self.assertEqual(1, len(reader))
self.assertEqual(
{
'groups': ['readers-group'],
'modified_by':
auth.Identity(kind='user', name='*****@*****.**'),
'modified_ts':
datetime.datetime(2014, 1, 1, 0, 0),
'rev':
1,
'users': [],
}, reader[0].to_dict())
def test_modify_acl_ok(self):
self.mock(utils, 'utcnow', lambda: datetime.datetime(2014, 1, 1))
resp = self.call_api('modify_acl', {
'package_path': 'a/b',
'changes': [
{
'action': 'GRANT',
'role': 'OWNER',
'principal': 'user:[email protected]',
},
{
'action': 'GRANT',
'role': 'READER',
'principal': 'group:readers-group',
},
{
'action': 'REVOKE',
'role': 'WRITER',
'principal': 'anonymous:anonymous',
},
],
})
self.assertEqual(200, resp.status_code)
self.assertEqual({'status': 'SUCCESS'}, resp.json_body)
owner = acl.get_package_acls('a/b/c', 'OWNER')
self.assertEqual(1, len(owner))
self.assertEqual({
'groups': [],
'modified_by': auth.Identity(kind='user', name='*****@*****.**'),
'modified_ts': datetime.datetime(2014, 1, 1, 0, 0),
'rev': 1,
'users': [auth.Identity(kind='user', name='*****@*****.**')],
}, owner[0].to_dict())
reader = acl.get_package_acls('a/b/c', 'READER')
self.assertEqual(1, len(reader))
self.assertEqual({
'groups': ['readers-group'],
'modified_by': auth.Identity(kind='user', name='*****@*****.**'),
'modified_ts': datetime.datetime(2014, 1, 1, 0, 0),
'rev': 1,
'users': [],
}, reader[0].to_dict())
def test_modify_acl_ok(self):
self.mock(utils, "utcnow", lambda: datetime.datetime(2014, 1, 1))
resp = self.call_api(
"modify_acl",
{
"package_path": "a/b",
"changes": [
{"action": "GRANT", "role": "OWNER", "principal": "user:[email protected]"},
{"action": "GRANT", "role": "READER", "principal": "group:readers-group"},
{"action": "REVOKE", "role": "WRITER", "principal": "anonymous:anonymous"},
],
},
)
self.assertEqual(200, resp.status_code)
self.assertEqual({"status": "SUCCESS"}, resp.json_body)
owner = acl.get_package_acls("a/b/c", "OWNER")
self.assertEqual(1, len(owner))
self.assertEqual(
{
"groups": [],
"modified_by": auth.Identity(kind="user", name="*****@*****.**"),
"modified_ts": datetime.datetime(2014, 1, 1, 0, 0),
"rev": 1,
"users": [auth.Identity(kind="user", name="*****@*****.**")],
},
owner[0].to_dict(),
)
reader = acl.get_package_acls("a/b/c", "READER")
self.assertEqual(1, len(reader))
self.assertEqual(
{
"groups": ["readers-group"],
"modified_by": auth.Identity(kind="user", name="*****@*****.**"),
"modified_ts": datetime.datetime(2014, 1, 1, 0, 0),
"rev": 1,
"users": [],
},
reader[0].to_dict(),
)
def test_has_role(self):
acl.PackageACL(
key=acl.package_acl_key('a', 'OWNER'),
users=[auth.Identity.from_bytes('user:[email protected]')]).put()
acl.PackageACL(
key=acl.package_acl_key('a/b/c', 'OWNER'),
groups=['mid-group']).put()
acl.PackageACL(
key=acl.package_acl_key('a/b/c/d/e', 'OWNER'),
groups=['leaf-group']).put()
# Verify get_package_acls works.
self.assertEqual(
[('a', 'OWNER'), ('a/b/c', 'OWNER'), ('a/b/c/d/e', 'OWNER')],
[
(e.package_path, e.role)
for e in acl.get_package_acls('a/b/c/d/e/f', 'OWNER')
])
# Mock groups.
def mocked_is_group_member(group, ident):
if group == 'mid-group' and ident.name == '*****@*****.**':
return True
if group == 'leaf-group' and ident.name == '*****@*****.**':
return True
return False
self.mock(acl.auth, 'is_group_member', mocked_is_group_member)
# Verify has_role works.
check = lambda p, i: acl.has_role(p, 'OWNER', auth.Identity.from_bytes(i))
self.assertTrue(check('a', 'user:[email protected]'))
self.assertFalse(check('b', 'user:[email protected]'))
self.assertTrue(check('a/b/c/d/e/f', 'user:[email protected]'))
self.assertFalse(check('a', 'user:[email protected]'))
self.assertTrue(check('a/b/c/d/e/f', 'user:[email protected]'))
self.assertFalse(check('a/b/c/d', 'user:[email protected]'))
self.assertTrue(check('a/b/c/d/e/f', 'user:[email protected]'))
def test_has_role(self):
acl.PackageACL(
key=acl.package_acl_key('a', 'OWNER'),
users=[auth.Identity.from_bytes('user:[email protected]')
]).put()
acl.PackageACL(key=acl.package_acl_key('a/b/c', 'OWNER'),
groups=['mid-group']).put()
acl.PackageACL(key=acl.package_acl_key('a/b/c/d/e', 'OWNER'),
groups=['leaf-group']).put()
# Verify get_package_acls works.
self.assertEqual(
[('a', 'OWNER'), ('a/b/c', 'OWNER'), ('a/b/c/d/e', 'OWNER')],
[(e.package_path, e.role)
for e in acl.get_package_acls('a/b/c/d/e/f', 'OWNER')])
# Mock groups.
def mocked_is_group_member(group, ident):
if group == 'mid-group' and ident.name == '*****@*****.**':
return True
if group == 'leaf-group' and ident.name == '*****@*****.**':
return True
return False
self.mock(acl.auth, 'is_group_member', mocked_is_group_member)
# Verify has_role works.
check = lambda p, i: acl.has_role(p, 'OWNER',
auth.Identity.from_bytes(i))
self.assertTrue(check('a', 'user:[email protected]'))
self.assertFalse(check('b', 'user:[email protected]'))
self.assertTrue(check('a/b/c/d/e/f', 'user:[email protected]'))
self.assertFalse(check('a', 'user:[email protected]'))
self.assertTrue(check('a/b/c/d/e/f', 'user:[email protected]'))
self.assertFalse(check('a/b/c/d', 'user:[email protected]'))
self.assertTrue(check('a/b/c/d/e/f', 'user:[email protected]'))
