def remove_user_from_role(role_id, login):
"""
Remove a user from a role. This has the side-effect of revoking all the
permissions granted to the role from the user, unless the permissions are
also granted by another role.
:param role_id: role identifier
:type role_id: str
:param login: name of user
:type login: str
:raise MissingResource: if the given role or user does not exist
"""
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise MissingResource(role_id)
user = model.User.objects.get_or_404(login=login)
if role_id == SUPER_USER_ROLE and user_controller.is_last_super_user(login):
raise PulpDataException(
_('%(role)s cannot be empty, and %(login)s is the last member') %
{'role': SUPER_USER_ROLE, 'login': login})
if role_id not in user.roles:
return
user.roles.remove(role_id)
user.save()
for item in role['permissions']:
other_roles = factory.role_query_manager().get_other_roles(role, user.roles)
user_ops = _operations_not_granted_by_roles(item['resource'],
item['permission'],
other_roles)
factory.permission_manager().revoke(item['resource'], login, user_ops)
def test_user_is_last_su(self, mock_model, mock_find_users_w_role):
"""
Should return True if there is one super user, the one requested.
"""
m_user = mock_model.objects.get_or_404.return_value
mock_find_users_w_role.return_value = [m_user]
self.assertTrue(user_controller.is_last_super_user("test"))
def test_user_not_su(self, mock_model, mock_find_users_w_role):
"""
Should return False if the user is not a super user.
"""
m_user = mock_model.objects.get_or_404.return_value
m_user.is_superuser.return_value = False
self.assertFalse(user_controller.is_last_super_user("test"))
def test_user_is_last_su(self, mock_model, mock_find_users_w_role):
"""
Should return True if there is one super user, the one requested.
"""
m_user = mock_model.objects.get_or_404.return_value
mock_find_users_w_role.return_value = [m_user]
self.assertTrue(user_controller.is_last_super_user('test'))
def test_user_not_su(self, mock_model, mock_find_users_w_role):
"""
Should return False if the user is not a super user.
"""
m_user = mock_model.objects.get_or_404.return_value
m_user.is_superuser.return_value = False
self.assertFalse(user_controller.is_last_super_user('test'))
def remove_user_from_role(role_id, login):
"""
Remove a user from a role. This has the side-effect of revoking all the
permissions granted to the role from the user, unless the permissions are
also granted by another role.
:param role_id: role identifier
:type role_id: str
:param login: name of user
:type login: str
:raise MissingResource: if the given role or user does not exist
"""
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise MissingResource(role_id)
user = model.User.objects.get_or_404(login=login)
if role_id == SUPER_USER_ROLE and user_controller.is_last_super_user(
login):
raise PulpDataException(
_('%(role)s cannot be empty, and %(login)s is the last member')
% {
'role': SUPER_USER_ROLE,
'login': login
})
if role_id not in user.roles:
return
user.roles.remove(role_id)
user.save()
for item in role['permissions']:
other_roles = factory.role_query_manager().get_other_roles(
role, user.roles)
user_ops = _operations_not_granted_by_roles(
item['resource'], item['permission'], other_roles)
factory.permission_manager().revoke(item['resource'], login,
user_ops)
def test_multiple_sus(self, mock_model, mock_find_users_w_role):
"""
Should return False if there are more than one super user.
"""
mock_find_users_w_role.return_value = ["su1", "su2"]
self.assertFalse(user_controller.is_last_super_user("test"))
def test_multiple_sus(self, mock_model, mock_find_users_w_role):
"""
Should return False if there are more than one super user.
"""
mock_find_users_w_role.return_value = ['su1', 'su2']
self.assertFalse(user_controller.is_last_super_user('test'))
