def test_permission_edit(request, product_features, action):
"""
Ensures that changes in permissions are enforced on next login
"""
product_features = version.pick(product_features)
request.addfinalizer(login.login_admin)
role_name = fauxfactory.gen_alphanumeric()
role = ac.Role(
name=role_name,
vm_restriction=None,
product_features=[(['Everything'], False)] + # role_features
[(k, True) for k in product_features])
role.create()
group = new_group(role=role.name)
group.create()
user = new_user(group=group)
user.create()
with user:
try:
action()
except Exception:
pytest.fail('Incorrect permissions set')
login.login_admin()
role.update({
'product_features':
[(['Everything'], True)] + [(k, False) for k in product_features]
})
with user:
try:
with error.expected(Exception):
action()
except error.UnexpectedSuccessException:
pytest.Fails('Permissions have not been updated')
def role_user_or_group_owned(appliance):
appliance.server.login_admin()
role = ac.Role(name='role_user_or_group_owned_' + fauxfactory.gen_alphanumeric(),
vm_restriction='Only User or Group Owned')
role.create()
yield role
appliance.server.login_admin()
role.delete()
def role_only_user_owned():
login.login_admin()
role = ac.Role(name='role_only_user_owned_' + fauxfactory.gen_alphanumeric(),
vm_restriction='Only User Owned')
role.create()
yield role
login.login_admin()
role.delete()
def _mk_role(name=None, vm_restriction=None, product_features=None):
"""Create a thunk that returns a Role object to be used for perm
testing. name=None will generate a random name
"""
name = name or fauxfactory.gen_alphanumeric()
return lambda: ac.Role(name=name,
vm_restriction=vm_restriction,
product_features=product_features)
def _mk_role(name=None, vm_restriction=None, product_features=None):
'''Create a thunk that returns a Role object to be used for perm
testing. name=None will generate a random name
'''
name = name or random.generate_random_string()
return lambda: ac.Role(name=name,
vm_restriction=vm_restriction,
product_features=product_features)
def test_delete_default_roles():
flash_msg = version.pick({
'5.6': ("Role \"{}\": Error during delete: Cannot delete record "
"because of dependent entitlements"),
'5.5': ("Role \"{}\": Error during \'destroy\': Cannot delete record "
"because of dependent miq_groups")
})
role = ac.Role(name='EvmRole-approver')
with error.expected(flash_msg.format(role.name)):
role.delete()
def new_role():
return ac.Role(name='rol' + fauxfactory.gen_alphanumeric(),
vm_restriction='None')
def test_edit_default_roles():
role = ac.Role(name='EvmRole-auditor')
sel.force_navigate("cfg_accesscontrol_role_edit", context={"role": role})
flash.assert_message_match(
"Read Only Role \"{}\" can not be edited".format(role.name))
def test_rolename_required_error_validation():
role = ac.Role(name=None, vm_restriction='Only User Owned')
with error.expected("Name can't be blank"):
role.create()
def new_role():
role = ac.Role(name='tag_vis_role_' + fauxfactory.gen_alphanumeric())
role.create()
yield role
role.delete()
def test_delete_default_roles():
flash_msg = \
'Role "{}": Error during \'destroy\': Cannot delete record because of dependent miq_groups'
role = ac.Role(name='EvmRole-approver')
with error.expected(flash_msg.format(role.name)):
role.delete()
def new_role():
return ac.Role(name='rol' + random.generate_random_string(),
vm_restriction='None')
