def test_filter(self):
directive = 'to filter=(objectClass=person) by self write'
tos, acls = ldap_parser.parse_directive(directive)
self.assertEqual(len(tos), 1)
self.assertEqual(tos[0]['target'], 'filter')
self.assertEqual(tos[0]['filter'], '(objectClass=person)')
self.assertEqual(len(acls), 1)
self.assertEqual(acls[0]['by'], 'self')
self.assertEqual(acls[0]['operation'], 'write')
def test_attribute_value(self):
directive = 'to dn.base="dc=test" by * read'
tos, acls = ldap_parser.parse_directive(directive)
self.assertEqual(len(tos), 1)
self.assertEqual(tos[0]['target'], 'dn')
self.assertEqual(tos[0]['dn'], 'dc=test')
self.assertEqual(tos[0]['style'], 'base')
self.assertEqual(len(acls), 1)
self.assertEqual(acls[0]['by'], 'all')
self.assertEqual(acls[0]['operation'], 'read')
def test_attribute_value(self):
directive = 'to attrs=userName val.regex="^$" by users write'
tos, acls = ldap_parser.parse_directive(directive)
self.assertEqual(len(tos), 1)
self.assertEqual(tos[0]['target'], 'attribute')
self.assertEqual(tos[0]['attribute'], 'userName')
self.assertEqual(tos[0]['value'], '^$')
self.assertEqual(tos[0]['style'], 'regex')
self.assertEqual(len(acls), 1)
self.assertEqual(acls[0]['by'], 'users')
self.assertEqual(acls[0]['operation'], 'write')
def test_filter2(self):
directive = 'to filter=(objectClass=person) attrs=userPassword by self write'
tos, acls = ldap_parser.parse_directive(directive)
self.assertEqual(len(tos), 2)
self.assertEqual(tos[0]['target'], 'filter')
self.assertEqual(tos[0]['filter'], '(objectClass=person)')
self.assertEqual(tos[1]['target'], 'attributes')
self.assertEqual(tos[1]['attributes'], ['userPassword'])
self.assertEqual(len(acls), 1)
self.assertEqual(acls[0]['by'], 'self')
self.assertEqual(acls[0]['operation'], 'write')
def test_all(self):
directive = 'to * by users read by anonymous auth by self write'
tos, acls = ldap_parser.parse_directive(directive)
self.assertEqual(len(tos), 1)
self.assertEqual(tos[0]['target'], 'all')
self.assertEqual(len(acls), 3)
self.assertEqual(acls[0]['by'], 'users')
self.assertEqual(acls[0]['operation'], 'read')
self.assertEqual(acls[1]['by'], 'anonymous')
self.assertEqual(acls[1]['operation'], 'auth')
self.assertEqual(acls[2]['by'], 'self')
self.assertEqual(acls[2]['operation'], 'write')
def test_dn_style3(self):
directive = 'to dn.regex=".+,dc=([^,]+),dc=([^,]+)$" by dn.regex="^[^,],ou=Admin,dc=$1,dc=$2$$" write'
tos, acls = ldap_parser.parse_directive(directive)
self.assertEqual(len(tos), 1)
self.assertEqual(tos[0]['target'], 'dn')
self.assertEqual(tos[0]['dn'], '.+,dc=([^,]+),dc=([^,]+)$')
self.assertEqual(tos[0]['style'], 'regex')
self.assertEqual(len(acls), 1)
self.assertEqual(acls[0]['by'], 'dn')
self.assertEqual(acls[0]['dn'], '^[^,],ou=Admin,dc=$1,dc=$2$$')
self.assertEqual(acls[0]['style'], 'regex')
self.assertEqual(acls[0]['operation'], 'write')
def test_dn_style2(self):
directive = 'to dn.regex="(.+,)?ou=People,(dc=[^,]+,dc=[^,]+)$" attrs=userName,userPassword by users write'
tos, acls = ldap_parser.parse_directive(directive)
self.assertEqual(len(tos), 2)
self.assertEqual(tos[0]['target'], 'dn')
self.assertEqual(tos[0]['dn'], '(.+,)?ou=People,(dc=[^,]+,dc=[^,]+)$')
self.assertEqual(tos[0]['style'], 'regex')
self.assertEqual(tos[1]['target'], 'attributes')
self.assertEqual(tos[1]['attributes'], ['userName', 'userPassword'])
self.assertEqual(len(acls), 1)
self.assertEqual(acls[0]['by'], 'users')
self.assertEqual(acls[0]['operation'], 'write')
def test_attributes(self):
directive = 'to attrs=userPassword by self write by anonymous none by users none'
tos, acls = ldap_parser.parse_directive(directive)
self.assertEqual(len(tos), 1)
self.assertEqual(tos[0]['target'], 'attributes')
self.assertEqual(tos[0]['attributes'], ['userPassword'])
self.assertEqual(len(acls), 3)
self.assertEqual(acls[0]['by'], 'self')
self.assertEqual(acls[0]['operation'], 'write')
self.assertEqual(acls[1]['by'], 'anonymous')
self.assertEqual(acls[1]['operation'], 'none')
self.assertEqual(acls[2]['by'], 'users')
self.assertEqual(acls[2]['operation'], 'none')
def test_dn_style1(self):
directive = 'to dn.regex="^(.+,)?uid=([^,]+),ou=addressbook,associatedDomain=([^,]+),ou=domains,o=<basedn>$" by dn.exact="uid=$2,ou=users,associatedDomain=$3,ou=domains,o=<basedn>" write by * none'
tos, acls = ldap_parser.parse_directive(directive)
self.assertEqual(len(tos), 1)
self.assertEqual(tos[0]['target'], 'dn')
self.assertEqual(tos[0]['dn'], '^(.+,)?uid=([^,]+),ou=addressbook,associatedDomain=([^,]+),ou=domains,o=<basedn>$')
self.assertEqual(tos[0]['style'], 'regex')
self.assertEqual(len(acls), 2)
self.assertEqual(acls[0]['by'], 'dn')
self.assertEqual(acls[0]['dn'], 'uid=$2,ou=users,associatedDomain=$3,ou=domains,o=<basedn>')
self.assertEqual(acls[0]['style'], 'exact')
self.assertEqual(acls[0]['operation'], 'write')
self.assertEqual(acls[1]['by'], 'all')
self.assertEqual(acls[1]['operation'], 'none')
def test_dn_style2(self):
directive = 'to dn.subtree="dc=com" by self write by dn.children="dc=example,dc=com" search by anonymous auth'
tos, acls = ldap_parser.parse_directive(directive)
self.assertEqual(len(tos), 1)
self.assertEqual(tos[0]['target'], 'dn')
self.assertEqual(tos[0]['dn'], 'dc=com')
self.assertEqual(tos[0]['style'], 'subtree')
self.assertEqual(len(acls), 3)
self.assertEqual(acls[0]['by'], 'self')
self.assertEqual(acls[0]['operation'], 'write')
self.assertEqual(acls[1]['by'], 'dn')
self.assertEqual(acls[1]['dn'], 'dc=example,dc=com')
self.assertEqual(acls[1]['style'], 'children')
self.assertEqual(acls[1]['operation'], 'search')
self.assertEqual(acls[2]['by'], 'anonymous')
self.assertEqual(acls[2]['operation'], 'auth')
