def test_permission_edit(request, product_features, action): """ Ensures that changes in permissions are enforced on next login """ product_features = version.pick(product_features) request.addfinalizer(login.login_admin) role_name = fauxfactory.gen_alphanumeric() role = ac.Role( name=role_name, vm_restriction=None, product_features=[(['Everything'], False)] + # role_features [(k, True) for k in product_features]) role.create() group = new_group(role=role.name) group.create() user = new_user(group=group) user.create() with user: try: action() except Exception: pytest.fail('Incorrect permissions set') login.login_admin() role.update({ 'product_features': [(['Everything'], True)] + [(k, False) for k in product_features] }) with user: try: with error.expected(Exception): action() except error.UnexpectedSuccessException: pytest.Fails('Permissions have not been updated')
def role_user_or_group_owned(appliance): appliance.server.login_admin() role = ac.Role(name='role_user_or_group_owned_' + fauxfactory.gen_alphanumeric(), vm_restriction='Only User or Group Owned') role.create() yield role appliance.server.login_admin() role.delete()
def role_only_user_owned(): login.login_admin() role = ac.Role(name='role_only_user_owned_' + fauxfactory.gen_alphanumeric(), vm_restriction='Only User Owned') role.create() yield role login.login_admin() role.delete()
def _mk_role(name=None, vm_restriction=None, product_features=None): """Create a thunk that returns a Role object to be used for perm testing. name=None will generate a random name """ name = name or fauxfactory.gen_alphanumeric() return lambda: ac.Role(name=name, vm_restriction=vm_restriction, product_features=product_features)
def _mk_role(name=None, vm_restriction=None, product_features=None): '''Create a thunk that returns a Role object to be used for perm testing. name=None will generate a random name ''' name = name or random.generate_random_string() return lambda: ac.Role(name=name, vm_restriction=vm_restriction, product_features=product_features)
def test_delete_default_roles(): flash_msg = version.pick({ '5.6': ("Role \"{}\": Error during delete: Cannot delete record " "because of dependent entitlements"), '5.5': ("Role \"{}\": Error during \'destroy\': Cannot delete record " "because of dependent miq_groups") }) role = ac.Role(name='EvmRole-approver') with error.expected(flash_msg.format(role.name)): role.delete()
def new_role(): return ac.Role(name='rol' + fauxfactory.gen_alphanumeric(), vm_restriction='None')
def test_edit_default_roles(): role = ac.Role(name='EvmRole-auditor') sel.force_navigate("cfg_accesscontrol_role_edit", context={"role": role}) flash.assert_message_match( "Read Only Role \"{}\" can not be edited".format(role.name))
def test_rolename_required_error_validation(): role = ac.Role(name=None, vm_restriction='Only User Owned') with error.expected("Name can't be blank"): role.create()
def new_role(): role = ac.Role(name='tag_vis_role_' + fauxfactory.gen_alphanumeric()) role.create() yield role role.delete()
def test_delete_default_roles(): flash_msg = \ 'Role "{}": Error during \'destroy\': Cannot delete record because of dependent miq_groups' role = ac.Role(name='EvmRole-approver') with error.expected(flash_msg.format(role.name)): role.delete()
def new_role(): return ac.Role(name='rol' + random.generate_random_string(), vm_restriction='None')