def testCheckACL(self): access_manager = access_control.FullAccessControlManager() # Supervisor can do anything token = access_control.ACLToken(username="******", supervisor=True) self.assertTrue(access_manager.CheckACL(token, "aff4:/C.0000000000000001")) # No target should raise token = access_control.ACLToken(username="******") with self.assertRaises(access_control.UnauthorizedAccess): access_manager.CheckACL(token, "") # Unless it is a system user token = access_control.ACLToken(username="******", reason="bcause") self.assertTrue(access_manager.CheckACL(token, None)) # No reason should raise token = access_control.ACLToken(username="******") with self.assertRaises(access_control.UnauthorizedAccess): access_manager.CheckACL(token, "aff4:/C.0000000000000001")
def setUp(self): super(ClientApprovalByLabelTests, self).setUp() # Set up clients and labels before we turn on the FullACM. We need to create # the client because to check labels the client needs to exist. client_ids = self.SetupClients(3) self.client_nolabel = rdf_client.ClientURN(client_ids[0]) self.client_legal = rdf_client.ClientURN(client_ids[1]) self.client_prod = rdf_client.ClientURN(client_ids[2]) with aff4.FACTORY.Open(self.client_legal, aff4_type="VFSGRRClient", mode="rw", token=self.token) as client_obj: client_obj.AddLabels("legal_approval") with aff4.FACTORY.Open(self.client_prod, aff4_type="VFSGRRClient", mode="rw", token=self.token) as client_obj: client_obj.AddLabels("legal_approval", "prod_admin_approval") self.db_manager_stubber = utils.Stubber( data_store.DB, "security_manager", access_control.FullAccessControlManager()) self.db_manager_stubber.Start() self.approver = test_lib.ConfigOverrider({ "ACL.approvers_config_file": os.path.join(self.base_path, "approvers.yaml") }) self.approver.Start() # Get a fresh approval manager object and reload with test approvers. self.approval_manager_stubber = utils.Stubber( client_approval_auth, "CLIENT_APPROVAL_AUTH_MGR", client_approval_auth.ClientApprovalAuthorizationManager()) self.approval_manager_stubber.Start()
def setUp(self): super(FullAccessControlManagerIntegrationTest, self).setUp() data_store.DB.security_manager = access_control.FullAccessControlManager( )
def setUp(self): super(AccessControlTest, self).setUp() # We want to test the FullAccessControlManager data_store.DB.security_manager = access_control.FullAccessControlManager( )