def _validate_acl_update(self, req):
"""
Validate the request has the necessary headers for a
storlet ACL update
:params req: swob.Request instance
:return: the resulting acl string that hould be added
:raises HTTPBadRequest: If a header is missing or mulformed
"""
# Make sure we are not meddling with the storlet containers
if self.container in self.storlet_containers:
msg = b'storlet ACL update cannot be a storlet container'
raise HTTPBadRequest(msg)
# Make sure the expected headers are supplied
user_name = req.headers.get("X-Storlet-Container-Read", None)
storlet_name = req.headers.get("X-Storlet-Name", None)
if not user_name or not storlet_name:
msg = b'storlet ACL update request is missing a mandatory header'
raise HTTPBadRequest(msg)
# Make sure the resulting acl is valid
acl_string = '.r:%s' % self._build_acl_string(user_name, storlet_name)
try:
clean_acl('X-Container-Read', acl_string)
except ValueError as e:
msg = ('storlet ACL update request has invalid values %s'
% e.message)
raise HTTPBadRequest(msg.encode('utf8'))
# Make sure the resulting acl permits a single entity
if ',' in acl_string:
msg = 'storlet ACL update request has ' \
'mulformed storlet or user name'
raise HTTPBadRequest(msg.encode('utf8'))
# The request is valid. Keep the ACL string
return acl_string
def _validate_acl_update(self, req):
"""
Validate the request has the necessary headers for a
storlet ACL update
:params req: swob.Request instance
:return: the resulting acl string that hould be added
:raises HTTPBadRequest: If a header is missing or mulformed
"""
# Make sure we are not meddling with the storlet containers
if self.container in self.storlet_containers:
msg = "storlet ACL update cannot be a storlet container"
raise HTTPBadRequest(msg)
# Make sure the expected headers are supplied
user_name = req.headers.get("X-Storlet-Container-Read", None)
storlet_name = req.headers.get("X-Storlet-Name", None)
if not user_name or not storlet_name:
msg = "storlet ACL update request is missing a mandatory header"
raise HTTPBadRequest(msg)
# Make sure the resulting acl is valid
acl_string = ".r:%s" % self._build_acl_string(user_name, storlet_name)
try:
clean_acl("X-Container-Read", acl_string)
except ValueError as e:
msg = "storlet ACL update request has invalid values %s" % e.message
raise HTTPBadRequest(msg)
# Make sure the resulting acl permits a single entity
if "," in acl_string:
msg = "storlet ACL update request has " "mulformed storlet or user name"
raise HTTPBadRequest(msg)
# The request is valid. Keep the ACL string
return acl_string
def test_clean_acl(self):
value = acl.clean_acl('header', '.r:*')
self.assertEquals(value, '.r:*')
value = acl.clean_acl('header', '.r:specific.host')
self.assertEquals(value, '.r:specific.host')
value = acl.clean_acl('header', '.r:.ending.with')
self.assertEquals(value, '.r:.ending.with')
value = acl.clean_acl('header', '.r:*.ending.with')
self.assertEquals(value, '.r:.ending.with')
value = acl.clean_acl('header', '.r:-*.ending.with')
self.assertEquals(value, '.r:-.ending.with')
value = acl.clean_acl('header', '.r:one,.r:two')
self.assertEquals(value, '.r:one,.r:two')
value = acl.clean_acl('header', '.r:*,.r:-specific.host')
self.assertEquals(value, '.r:*,.r:-specific.host')
value = acl.clean_acl('header', '.r:*,.r:-.ending.with')
self.assertEquals(value, '.r:*,.r:-.ending.with')
value = acl.clean_acl('header', '.r:one,.r:-two')
self.assertEquals(value, '.r:one,.r:-two')
value = acl.clean_acl('header', '.r:one,.r:-two,account,account:user')
self.assertEquals(value, '.r:one,.r:-two,account,account:user')
value = acl.clean_acl('header', 'TEST_account')
self.assertEquals(value, 'TEST_account')
value = acl.clean_acl('header', '.ref:*')
self.assertEquals(value, '.r:*')
value = acl.clean_acl('header', '.referer:*')
self.assertEquals(value, '.r:*')
value = acl.clean_acl('header', '.referrer:*')
self.assertEquals(value, '.r:*')
value = acl.clean_acl('header',
' .r : one , ,, .r:two , .r : - three ')
self.assertEquals(value, '.r:one,.r:two,.r:-three')
self.assertRaises(ValueError, acl.clean_acl, 'header', '.unknown:test')
self.assertRaises(ValueError, acl.clean_acl, 'header', '.r:')
self.assertRaises(ValueError, acl.clean_acl, 'header', '.r:*.')
self.assertRaises(ValueError, acl.clean_acl, 'header', '.r : * . ')
self.assertRaises(ValueError, acl.clean_acl, 'header', '.r:-*.')
self.assertRaises(ValueError, acl.clean_acl, 'header', '.r : - * . ')
self.assertRaises(ValueError, acl.clean_acl, 'header', ' .r : ')
self.assertRaises(ValueError, acl.clean_acl, 'header', 'user , .r : ')
self.assertRaises(ValueError, acl.clean_acl, 'header', '.r:-')
self.assertRaises(ValueError, acl.clean_acl, 'header', ' .r : - ')
self.assertRaises(ValueError, acl.clean_acl, 'header',
'user , .r : - ')
self.assertRaises(ValueError, acl.clean_acl, 'write-header', '.r:r')
def test_clean_acl(self):
value = acl.clean_acl('header', '.r:*')
self.assertEquals(value, '.r:*')
value = acl.clean_acl('header', '.r:specific.host')
self.assertEquals(value, '.r:specific.host')
value = acl.clean_acl('header', '.r:.ending.with')
self.assertEquals(value, '.r:.ending.with')
value = acl.clean_acl('header', '.r:*.ending.with')
self.assertEquals(value, '.r:.ending.with')
value = acl.clean_acl('header', '.r:-*.ending.with')
self.assertEquals(value, '.r:-.ending.with')
value = acl.clean_acl('header', '.r:one,.r:two')
self.assertEquals(value, '.r:one,.r:two')
value = acl.clean_acl('header', '.r:*,.r:-specific.host')
self.assertEquals(value, '.r:*,.r:-specific.host')
value = acl.clean_acl('header', '.r:*,.r:-.ending.with')
self.assertEquals(value, '.r:*,.r:-.ending.with')
value = acl.clean_acl('header', '.r:one,.r:-two')
self.assertEquals(value, '.r:one,.r:-two')
value = acl.clean_acl('header', '.r:one,.r:-two,account,account:user')
self.assertEquals(value, '.r:one,.r:-two,account,account:user')
value = acl.clean_acl('header', 'TEST_account')
self.assertEquals(value, 'TEST_account')
value = acl.clean_acl('header', '.ref:*')
self.assertEquals(value, '.r:*')
value = acl.clean_acl('header', '.referer:*')
self.assertEquals(value, '.r:*')
value = acl.clean_acl('header', '.referrer:*')
self.assertEquals(value, '.r:*')
value = acl.clean_acl('header',
' .r : one , ,, .r:two , .r : - three ')
self.assertEquals(value, '.r:one,.r:two,.r:-three')
self.assertRaises(ValueError, acl.clean_acl, 'header', '.unknown:test')
self.assertRaises(ValueError, acl.clean_acl, 'header', '.r:')
self.assertRaises(ValueError, acl.clean_acl, 'header', '.r:*.')
self.assertRaises(ValueError, acl.clean_acl, 'header', '.r : * . ')
self.assertRaises(ValueError, acl.clean_acl, 'header', '.r:-*.')
self.assertRaises(ValueError, acl.clean_acl, 'header', '.r : - * . ')
self.assertRaises(ValueError, acl.clean_acl, 'header', ' .r : ')
self.assertRaises(ValueError, acl.clean_acl, 'header', 'user , .r : ')
self.assertRaises(ValueError, acl.clean_acl, 'header', '.r:-')
self.assertRaises(ValueError, acl.clean_acl, 'header', ' .r : - ')
self.assertRaises(ValueError, acl.clean_acl, 'header',
'user , .r : - ')
self.assertRaises(ValueError, acl.clean_acl, 'write-header', '.r:r')