def permissions(self, _request):
"""Returns the caller's permissions."""
return swarming_rpcs.ClientPermissions(
delete_bot=acl.can_delete_bot(),
terminate_bot=acl.can_edit_bot(),
get_configs=acl.can_view_config(),
put_configs=acl.can_edit_config(),
cancel_task=acl._is_user() or acl.is_ip_whitelisted_machine(),
cancel_tasks=acl.can_edit_all_tasks(),
get_bootstrap_token=acl.can_create_bot())
def test_ip_whitelisted(self):
self.mock(auth, 'is_in_ip_whitelist', lambda _name, _ip, _warn: True)
self.assertTrue(acl.is_ip_whitelisted_machine())
self.assertTrue(acl.can_access())
self.assertFalse(acl.can_view_config())
self.assertFalse(acl.can_edit_config())
self.assertFalse(acl.can_create_bot())
self.assertTrue(acl.can_edit_bot())
self.assertTrue(acl.can_delete_bot())
self.assertTrue(acl.can_view_bot())
self.assertTrue(acl.can_create_task())
self.assertFalse(acl.can_schedule_high_priority_tasks())
self.assertTrue(acl.can_edit_task(self._task_owned))
self.assertTrue(acl.can_edit_task(self._task_other))
self.assertFalse(acl.can_edit_all_tasks())
self.assertTrue(acl.can_view_task(self._task_owned))
self.assertTrue(acl.can_view_task(self._task_other))
self.assertFalse(acl.can_view_all_tasks())
def test_instance_admin(self):
auth_testing.mock_is_admin(self, True)
self.assertFalse(acl.is_ip_whitelisted_machine())
self.assertTrue(acl.can_access())
self.assertTrue(acl.can_view_config())
self.assertTrue(acl.can_edit_config())
self.assertTrue(acl.can_create_bot())
self.assertTrue(acl.can_edit_bot())
self.assertTrue(acl.can_delete_bot())
self.assertTrue(acl.can_view_bot())
self.assertTrue(acl.can_create_task())
self.assertTrue(acl.can_schedule_high_priority_tasks())
self.assertTrue(acl.can_edit_task(self._task_owned))
self.assertTrue(acl.can_edit_task(self._task_other))
self.assertTrue(acl.can_edit_all_tasks())
self.assertTrue(acl.can_view_task(self._task_owned))
self.assertTrue(acl.can_view_task(self._task_other))
self.assertTrue(acl.can_view_all_tasks())
def test_nobody(self):
auth_testing.mock_get_current_identity(self, auth.Anonymous)
self.assertFalse(acl.is_ip_whitelisted_machine())
self.assertFalse(acl.can_access())
self.assertFalse(acl.can_view_config())
self.assertFalse(acl.can_edit_config())
self.assertFalse(acl.can_create_bot())
self.assertFalse(acl.can_edit_bot())
self.assertFalse(acl.can_delete_bot())
self.assertFalse(acl.can_view_bot())
self.assertFalse(acl.can_create_task())
self.assertFalse(acl.can_schedule_high_priority_tasks())
self.assertFalse(acl.can_edit_task(self._task_owned))
self.assertFalse(acl.can_edit_task(self._task_other))
self.assertFalse(acl.can_edit_all_tasks())
self.assertFalse(acl.can_view_task(self._task_owned))
self.assertFalse(acl.can_view_task(self._task_other))
self.assertFalse(acl.can_view_all_tasks())
def test_view_all_tasks(self):
self._add_to_group('view_all_tasks')
self.assertFalse(acl.is_ip_whitelisted_machine())
self.assertTrue(acl.can_access())
self.assertFalse(acl.can_view_config())
self.assertFalse(acl.can_edit_config())
self.assertFalse(acl.can_create_bot())
self.assertFalse(acl.can_edit_bot())
self.assertFalse(acl.can_delete_bot())
self.assertFalse(acl.can_view_bot())
self.assertFalse(acl.can_create_task())
self.assertFalse(acl.can_schedule_high_priority_tasks())
self.assertTrue(acl.can_edit_task(self._task_owned))
self.assertFalse(acl.can_edit_task(self._task_other))
self.assertFalse(acl.can_edit_all_tasks())
self.assertTrue(acl.can_view_task(self._task_owned))
self.assertTrue(acl.can_view_task(self._task_other))
self.assertTrue(acl.can_view_all_tasks())
def test_nobody(self):
self.mock(auth, 'get_current_identity',
lambda: auth.IDENTITY_ANONYMOUS)
self.assertFalse(acl.is_ip_whitelisted_machine())
self.assertFalse(acl.can_access())
self.assertFalse(acl.can_view_config())
self.assertFalse(acl.can_edit_config())
self.assertFalse(acl.can_create_bot())
self.assertFalse(acl.can_edit_bot())
self.assertFalse(acl.can_delete_bot())
self.assertFalse(acl.can_view_bot())
self.assertFalse(acl.can_create_task())
self.assertFalse(acl.can_schedule_high_priority_tasks())
self.assertFalse(acl.can_edit_task(self._task_owned))
self.assertFalse(acl.can_edit_task(self._task_other))
self.assertFalse(acl.can_edit_all_tasks())
self.assertFalse(acl.can_view_task(self._task_owned))
self.assertFalse(acl.can_view_task(self._task_other))
self.assertFalse(acl.can_view_all_tasks())
