def test_compile_role_definition_with_date(self):
     """firerole - compiling date based role definitions"""
     self.failUnless(serialize(compile_role_definition("allow from '2010-11-11'")))
     self.failUnless(serialize(compile_role_definition("allow until '2010-11-11'")))
     self.assertRaises(
         InvenioWebAccessFireroleError, compile_role_definition, "allow from '2010-11-11','2010-11-23'"
     )
     self.assertRaises(InvenioWebAccessFireroleError, compile_role_definition, "allow from '2010-11'")
 def test_compile_role_definition_with_date(self):
     """firerole - compiling date based role definitions"""
     self.failUnless(
         serialize(compile_role_definition("allow from '2010-11-11'")))
     self.failUnless(
         serialize(compile_role_definition("allow until '2010-11-11'")))
     self.assertRaises(InvenioWebAccessFireroleError,
                       compile_role_definition,
                       "allow from '2010-11-11','2010-11-23'")
     self.assertRaises(InvenioWebAccessFireroleError,
                       compile_role_definition, "allow from '2010-11'")
 def test_compile_role_definition_literal_list(self):
     """firerole - compiling literal list role definitions"""
     self.failUnless(
         serialize(
             compile_role_definition(
                 "allow email '*****@*****.**', '*****@*****.**'"
             )))
 def test_compile_role_definition_more_rows(self):
     """firerole - compiling more rows role definitions"""
     self.failUnless(
         serialize(
             compile_role_definition(
                 "allow email /.*@cern.ch/\nallow groups 'patata' "
                 "# a comment\ndeny any")))
 def test_compile_role_definition_complex(self):
     """firerole - compiling complex role definitions"""
     self.failUnless(
         serialize(
             compile_role_definition(
                 "allow email /.*@cern.ch/\nallow groups 'patata' "
                 "# a comment\ndeny remote_ip '127.0.0.0/24'\ndeny any")))
 def test_compile_role_definition_more_rows(self):
     """firerole - compiling more rows role definitions"""
     self.failUnless(
         serialize(
             compile_role_definition("allow email /.*@cern.ch/\nallow groups 'patata' " "# a comment\ndeny any")
         )
     )
Ejemplo n.º 7
0
 def setUp(self):
     """Create a fake role."""
     self.role_name = 'test'
     self.role_description = 'test role'
     self.role_definition = 'allow email /.*@cern.ch/'
     self.role_id, dummy, dummy, dummy = acc_add_role(
         self.role_name, self.role_description,
         serialize(compile_role_definition(self.role_definition)),
         self.role_definition)
 def setUp(self):
     """Create a fake role."""
     self.role_name = 'test'
     self.role_description = 'test role'
     self.role_definition = 'allow email /.*@cern.ch/'
     self.role_id, dummy, dummy, dummy = acc_add_role(self.role_name,
         self.role_description,
         serialize(compile_role_definition(self.role_definition)),
         self.role_definition)
 def test_compile_role_definition_complex(self):
     """firerole - compiling complex role definitions"""
     self.failUnless(
         serialize(
             compile_role_definition(
                 "allow email /.*@cern.ch/\nallow groups 'patata' "
                 "# a comment\ndeny remote_ip '127.0.0.0/24'\ndeny any"
             )
         )
     )
 def setUp(self):
     """Create a fake role."""
     from invenio.access_control_admin import acc_add_role
     from invenio.access_control_firerole import compile_role_definition, \
         serialize
     self.role_name = 'test'
     self.role_description = 'test role'
     self.role_definition = 'allow email /.*@cern.ch/'
     self.role_id, dummy, dummy, dummy = acc_add_role(
         self.role_name, self.role_description,
         serialize(compile_role_definition(self.role_definition)),
         self.role_definition)
def create_needed_roles(restrictions, apache_group):
    """Create a role for the corresponding apache_group."""

    role_name = CFG_PROPOSED_ROLE_NAME % apache_group
    role_description = CFG_PROPOSED_ROLE_DESCRIPTION % ', '.join(get_collections_for_group(restrictions, apache_group))
    role_definition_src = 'allow apache_group "%s"' % apache_group
    print "Creating role '%s' ('%s') with firerole '%s'..." % (role_name, role_description, role_definition_src),
    res = acc_add_role(role_name, role_description, serialize(compile_role_definition(role_definition_src)), role_definition_src)
    if res == 0:
        print "Already existed!"
    else:
        print "OK!"
    return role_name
Ejemplo n.º 12
0
def create_needed_roles(restrictions, apache_group):
    """Create a role for the corresponding apache_group."""

    role_name = CFG_PROPOSED_ROLE_NAME % apache_group
    role_description = CFG_PROPOSED_ROLE_DESCRIPTION % ', '.join(
        get_collections_for_group(restrictions, apache_group))
    role_definition_src = 'allow apache_group "%s"' % apache_group
    print "Creating role '%s' ('%s') with firerole '%s'..." % (
        role_name, role_description, role_definition_src),
    res = acc_add_role(role_name, role_description,
                       serialize(compile_role_definition(role_definition_src)),
                       role_definition_src)
    if res == 0:
        print "Already existed!"
    else:
        print "OK!"
    return role_name
 def test_compile_role_definition_guest_field(self):
     """firerole - compiling guest field role definitions"""
     self.failUnless(serialize(compile_role_definition(
         "allow guest '1'")))
 def test_compile_role_definition_literal_list(self):
     """firerole - compiling literal list role definitions"""
     self.failUnless(serialize(compile_role_definition(
         "allow email '*****@*****.**', '*****@*****.**'")))
 def test_compile_role_definition_regexp_field(self):
     """firerole - compiling regexp field role definitions"""
     self.failUnless(serialize(compile_role_definition(
         "allow email /.*@cern.ch/")))
 def test_compile_role_definition_group_field(self):
     """firerole - compiling group field role definitions"""
     self.failUnless(serialize(compile_role_definition(
         "allow groups 'patata'")))
 def test_compile_role_definition_not(self):
     """firerole - compiling not role definitions"""
     self.failUnless(serialize(compile_role_definition(
         "allow not email '*****@*****.**'")))
 def test_compile_role_definition_literal_field(self):
     """firerole - compiling literal field role definitions"""
     self.failUnless(serialize(compile_role_definition(
         "allow email '*****@*****.**'")))
 def test_compile_role_definition_not(self):
     """firerole - compiling not role definitions"""
     self.failUnless(
         serialize(
             compile_role_definition(
                 "allow not email '*****@*****.**'")))
 def test_compile_role_definition_allow_any(self):
     """firerole - compiling allow any role definitions"""
     self.failUnless(serialize(compile_role_definition("allow any")))
 def test_compile_role_definition_guest_field(self):
     """firerole - compiling guest field role definitions"""
     self.failUnless(serialize(compile_role_definition("allow guest '1'")))
 def test_compile_role_definition_not(self):
     """firerole - compiling not role definitions"""
     self.failUnless(serialize(compile_role_definition(
         "allow not email '*****@*****.**'")))
 def test_compile_role_definition_literal_list(self):
     """firerole - compiling literal list role definitions"""
     self.failUnless(serialize(compile_role_definition(
         "allow email '*****@*****.**', '*****@*****.**'")))
 def test_compile_role_definition_allow_any(self):
     """firerole - compiling allow any role definitions"""
     self.failUnless(serialize(compile_role_definition("allow any")))
 def test_compile_role_definition_deny_any(self):
     """firerole - compiling deny any role definitions"""
     self.failIf(serialize(compile_role_definition("deny any")))
 def test_compile_role_definition_group_field(self):
     """firerole - compiling group field role definitions"""
     self.failUnless(
         serialize(compile_role_definition("allow groups 'patata'")))
 def test_compile_role_definition_deny_any(self):
     """firerole - compiling deny any role definitions"""
     self.failIf(serialize(compile_role_definition("deny any")))
 def test_compile_role_definition_regexp_field(self):
     """firerole - compiling regexp field role definitions"""
     self.failUnless(
         serialize(compile_role_definition("allow email /.*@cern.ch/")))
 def test_compile_role_definition_literal_field(self):
     """firerole - compiling literal field role definitions"""
     self.failUnless(
         serialize(
             compile_role_definition(
                 "allow email '*****@*****.**'")))