def test_create_accprov_with_roles(self):
providerName = "provider_with_roles"
issuerName = "issuer_%s" % (self._randStr())
fullUri = "https: //$%s.auth0.com" % (self._randStr(4))
roleOneName = "role_one_%s" % (self._randStr(4))
roleTwoName = "role_two_%s" % (self._randStr(4))
self.admin_client.query(
query.create_role({
"name":
roleOneName,
"privileges": [
{
"resource": query.databases(),
"actions": {
"read": True
},
},
],
}))
self.admin_client.query(
query.create_role({
"name":
roleTwoName,
"privileges": [
{
"resource": query.databases(),
"actions": {
"read": True
},
},
],
}))
provider = self.admin_client.query(
query.create_access_provider({
"name":
providerName,
"issuer":
issuerName,
"jwks_uri":
fullUri,
"roles": [
query.role(roleOneName),
{
"role": query.role(roleTwoName),
"predicate": query.query(query.lambda_("x", True)),
},
],
}))
self.assertEqual(provider["name"], providerName)
self.assertEqual(provider["issuer"], issuerName)
self.assertEqual(provider["jwks_uri"], fullUri)
self.assertTrue(isinstance(provider["roles"], list))
def test_create_role(self):
self.admin_client.query(query.create_role({
"name": "a_role",
"privileges": {
"resource": query.collections(),
"actions": {"read": True}
}
}))
self.assertTrue(self.admin_client.query(query.exists(query.role("a_role"))))
def create_or_update_role(client, payload={}):
try:
response = client.query(q.create_role(payload))
except BadRequest as err:
if str(err) == 'Role already exists.':
role_name = payload.pop("name")
response = client.query(q.update(q.role(role_name), payload))
else:
raise err
return response
def test_create_role(self):
self.assertJson(
query.create_role({
"name": "a_role",
"privileges": {
"resource": query.collections(),
"actions": {
"read": True
}
}
}),
'{"create_role":{"object":{"name":"a_role","privileges":{"object":{"actions":{"object":{"read":true}},"resource":{"collections":null}}}}}}'
)
def test_nested_references(self):
client1 = self.create_new_database(self.admin_client,
"parent-database")
client2 = self.create_new_database(client1, "child-database")
client2.query(query.create_collection({"name": "a_collection"}))
client2.query(
query.create_role({
"name": "a_role",
"privileges": {
"resource": query.collections(),
"actions": {
"read": True
}
}
}))
nested_database_ref = query.database("child-database",
query.database("parent-database"))
nested_collection_ref = query.collection("a_collection",
nested_database_ref)
nested_role_ref = query.role("a_role", nested_database_ref)
self.assertEqual(
self.admin_client.query(query.exists(nested_collection_ref)), True)
self.assertEqual(
self.admin_client.query(query.exists(nested_role_ref)), True)
parent_db_ref = Ref("parent-database", Native.DATABASES)
child_db_ref = Ref("child-database", Native.DATABASES, parent_db_ref)
self.assertEqual(
self.admin_client.query(
query.paginate(
query.collections(nested_database_ref)))["data"],
[Ref("a_collection", Native.COLLECTIONS, child_db_ref)])
self.assertEqual(
self.admin_client.query(
query.paginate(query.roles(nested_database_ref)))["data"],
[Ref("a_role", Native.ROLES, child_db_ref)])
def test_typecheckfns(self):
coll = query.collection("typecheck_coll")
db = query.database("typecheck_db")
fn = query.function("typecheck_fn")
index = query.index("typecheck_index")
self.admin_client.query(query.create_collection({"name": "typecheck_coll"}))
self.admin_client.query(query.create_index(
{"name": "typecheck_index", "source": coll, "active": True}))
doc = self.admin_client.query(query.create(
coll, {"data": {}, "credentials": {"password": "******"}}))
self.admin_client.query(query.create_database({"name": "typecheck_db"}))
function = self._q(query.create_function(
{"name": "typecheck_fn", "body": query.query(query.lambda_("x", query.now()))}))
key = self.admin_client.query(
query.create_key({"database": db, "role": "admin"}))
token = self._q(query.login(doc["ref"], {"password": "******"}))
credentials = self._q(query.select(['data', 0], query.paginate(query.credentials())))
role = self.admin_client.query(query.create_role(
{"name": "typecheck_role", "membership": [], "privileges": []}))
values = [
None,
bytearray([12,3,4,5]),
credentials,
90,
3.14,
True,
query.to_date(query.now()),
query.date("1970-01-01"),
query.now(),
query.epoch(1, "second"),
query.time("1970-01-01T00:00:00Z"),
{"x": 10},
query.get(doc["ref"]),
query.paginate(query.collections()),
[1, 2, 3],
"a string",
coll,
query.collections(),
query.match(index),
query.union(query.match(index)),
doc["ref"],
query.get(doc["ref"]),
index,
db,
coll,
token["ref"],
role["ref"],
key["ref"],
function["ref"],
query.get(function["ref"]),
query.query(query.lambda_("x", query.var("x"))),
]
pairs = [
["array", query.is_array],
["object", query.is_object],
["string", query.is_string],
["null", query.is_null],
["number", query.is_number],
["bytes", query.is_bytes],
["date", query.is_date],
["timestamp", query.is_timestamp],
["set", query.is_set],
["ref", query.is_ref],
["boolean", query.is_boolean],
["double", query.is_double],
["integer", query.is_integer],
["database", query.is_database],
["index", query.is_index],
["collection", query.is_collection],
["token", query.is_token],
["function", query.is_function],
["collection", query.is_collection],
["role", query.is_role],
["credentials", query.is_credentials],
["key", query.is_key],
]
expected = {
"array": 1,
"boolean": 1,
"bytes": 1,
"collection": 3,
"credentials": 1,
"database": 1,
"date": 2,
"double": 1,
"function": 2,
"integer": 1,
"index": 1,
"key": 1,
"null": 1,
"number": 2,
"object": 5,
"ref": 11,
"role": 1,
"set": 3,
"string": 1,
"timestamp": 3,
"token": 1,
}
q = []
for p in pairs:
d = dict()
d[p[0]] = query.count(query.filter_(query.lambda_("v", p[1](query.var("v"))), query.var("vals")))
q.append(d)
actual = self._q(query.let({"vals": values}, query.merge({}, q)))
self.assertEqual(actual, expected)
def create_roles(client):
roles = [{
"name":
"admin",
"membership": [{
"resource":
q.collection("users"),
"predicate":
q.query(lambda ref: q.equals(
q.select(["data", "type"], q.get(ref)), "admin"))
}],
"privileges": [{
"resource": q.collection("categories"),
"actions": {
"read": True,
"create": True,
"write": True
}
}, {
"resource": q.collection("products"),
"actions": {
"read": True,
"write": True,
"create": True
}
}, {
"resource": q.collection("users"),
"actions": {
"read": True,
"create": True,
"write": True
}
}, {
"resource": q.collection("orders"),
"actions": {
"read": True,
"write": True,
"create": True
}
}, {
"resource":
objects.Ref("check_if_categories_exists",
objects.Ref("functions")),
"actions": {
"call": True
}
}]
}, {
"name":
"customer",
"membership": [{
"resource":
q.collection("users"),
"predicate":
q.query(lambda ref: q.equals(
q.select(["data", "type"], q.get(ref)), "customer"))
}],
"privileges": [{
"resource":
objects.Ref("purchase", objects.Ref("functions")),
"actions": {
"call": True
}
}, {
"resource":
objects.Ref("get_order_status_history", objects.Ref("functions")),
"actions": {
"call":
q.query(lambda ref: q.equals(
q.current_identity(),
q.select(["data", "customer"], q.get(ref)))),
}
}, {
"resource": q.collection("users"),
"actions": {
"read":
q.query(lambda ref: q.equals(q.current_identity(), ref)),
"write":
q.query(lambda ref: q.equals(q.current_identity(), ref)),
}
}, {
"resource": q.collection("orders"),
"actions": {
"read":
q.query(lambda ref: q.equals(
q.current_identity(),
q.select(["data", "customer"], q.get(ref)))),
}
}]
}]
client.query(q.map_(lambda role: q.create_role(role), roles))