Example #1
0
    def test_acl_get_default(self):
        for us, ano in [(False, False), (True, False), (True, True)]:
            settings.MQTT_ACL_ALLOW = us
            settings.MQTT_ACL_ALLOW_ANONIMOUS = ano
            allow = ACL.get_default(PROTO_MQTT_ACC_SUS)
            self.assertEqual(allow, ano)
            allow = ACL.get_default(PROTO_MQTT_ACC_SUS, self.user_login)
            self.assertEqual(allow, us)
        settings.MQTT_ACL_ALLOW = False
        settings.MQTT_ACL_ALLOW_ANONIMOUS = False
        topic = Topic.objects.create(name=WILDCARD_MULTI_LEVEL)
        allow = ACL.get_default(PROTO_MQTT_ACC_SUS)
        self.assertEqual(allow, False)

        acl = ACL.objects.create(topic=topic,
                                 acc=PROTO_MQTT_ACC_SUS,
                                 allow=True)
        allow = ACL.get_default(PROTO_MQTT_ACC_SUS)
        self.assertEqual(allow, False)
        allow = ACL.get_default(PROTO_MQTT_ACC_SUS, self.user_login)
        self.assertEqual(allow, True)
        acl.users.add(self.user_login)
        allow = ACL.get_default(PROTO_MQTT_ACC_SUS)
        self.assertEqual(allow, False)
        allow = ACL.get_default(PROTO_MQTT_ACC_SUS, self.user_login)
        self.assertEqual(allow, True)
        acl.set_password('1234')
        acl.save()
        allow = ACL.get_default(PROTO_MQTT_ACC_SUS)
        self.assertEqual(allow, False)
        allow = ACL.get_default(PROTO_MQTT_ACC_SUS, self.user_login)
        self.assertEqual(allow, True)
        allow = ACL.get_default(PROTO_MQTT_ACC_SUS, password='******')
        self.assertEqual(allow, True)
 def test_get_acl(self):
     topic = Topic.objects.create(name=WILDCARD_MULTI_LEVEL)
     acl = ACL.objects.create(topic=topic, acc=PROTO_MQTT_ACC_SUS, allow=True)
     topic = Topic.objects.create(name='/+')
     acl_plus = ACL.objects.create(topic=topic, acc=PROTO_MQTT_ACC_SUS, allow=True)
     self.assertEqual(ACL.get_acl('/test', PROTO_MQTT_ACC_SUS), acl_plus)
     self.assertEqual(ACL.get_acl('/test/test', PROTO_MQTT_ACC_SUS), acl)
     self.assertRaises(ValueError, ACL.get_acl, object)
     self.assertEqual(acl > acl_plus, True)
     self.assertEqual(acl_plus < acl, True)
Example #3
0
def has_permission(user, topic, acc=None, clientid=None):
    """
    :param user: Active user
    :type user: django.contrib.auth.models.User
    :param topic:
    :type topic: str
    :param acc:
    :type acc: int
    :param clientid:
    :type clientid: django_mqtt.models.ClientId
    :return: If user have permission to access to topic
    :rtype: bool
    """

    allow = False

    if hasattr(settings, 'MQTT_ACL_ALLOW'):
        allow = settings.MQTT_ACL_ALLOW

    if hasattr(settings, 'MQTT_ACL_ALLOW_ANONIMOUS'):

        if user is None or user.is_anonymous:
            allow = settings.MQTT_ACL_ALLOW_ANONIMOUS & allow
            if not allow:
                return allow

    if user and not user.is_active:
        return allow

    acls = ACL.objects.filter(topic__name=topic)

    if acc is not None and acc > 0:

        if acc & PROTO_MQTT_ACC_READ == PROTO_MQTT_ACC_READ:
            acls = acls.filter(readable=PROTO_MQTT_ACC_READ)

        if acc & PROTO_MQTT_ACC_WRITE == PROTO_MQTT_ACC_WRITE:
            acls = acls.filter(writeable=PROTO_MQTT_ACC_WRITE)

        if acc & PROTO_MQTT_ACC_SUBSCRIBE == PROTO_MQTT_ACC_SUBSCRIBE:
            acls = acls.filter(subscribable=PROTO_MQTT_ACC_SUBSCRIBE)

        if acls.count() > 0:
            acl = acls.get()
            return acl.has_permission(user=user)

    # TODO search best candidate
    return ACL.get_default(acc, user=user)
Example #4
0
def has_permission(user, topic, acc=None, clientid=None):
    """
    :param user: Active user
    :type user: django.contrib.auth.models.User
    :param topic:
    :type topic: str
    :param acc:
    :type acc: int
    :param clientid:
    :type clientid: django_mqtt.models.ClientId
    :return: If user have permission to access to topic
    :rtype: bool
    """

    allow = False
    if hasattr(settings, 'MQTT_ACL_ALLOW'):
        allow = settings.MQTT_ACL_ALLOW
    if hasattr(settings, 'MQTT_ACL_ALLOW_ANONIMOUS'):
        if user is None or user.is_anonymous():
            allow = settings.MQTT_ACL_ALLOW_ANONIMOUS & allow
            if not allow:
                return allow

    if user and not user.is_active:
        return allow

    acls = ACL.objects.filter(topic__name=topic)
    if acc not in dict(PROTO_MQTT_ACC).keys():
        acc = None

    if acc and acls.filter(acc=acc).exists():
        acl = acls.filter(acc=acc).get()
        allow = acl.has_permission(user=user)
    else:
        allow = ACL.get_default(acc, user=user)

        # TODO search best candidate

    return allow
Example #5
0
 def test_get_acl_no_candidate(self):
     Topic.objects.create(name='/test')
     self.assertIsNone(ACL.get_acl('/test', PROTO_MQTT_ACC_SUS))
     self.assertIsNone(ACL.get_acl('/test', PROTO_MQTT_ACC_PUB))