Example #1
0
def test_custom_role_check():
    rest_api = Role('rest_api')
    rest_api.lockdown(Bicycle) \
        .writeable_by((Bicycle.group == ContextParam('group')) &
                      (ContextParam('custom_role') == 'admin'))

    with test_database(test_db, [Group, Bicycle]):
        g = Group.create(name='test')
        b = Bicycle.create(group=g)

        lockdown_context.role = rest_api

        try:
            b.serial = '1'
            assert False, 'should have failed'
        except LockdownException:
            pass

        lockdown_context.group = g.id

        try:
            b.serial = '1'
            assert False, 'should have failed'
        except LockdownException:
            pass

        lockdown_context.custom_role = 'user'
        try:
            b.serial = '1'
            assert False, 'should have failed'
        except LockdownException:
            pass

        lockdown_context.custom_role = 'admin'
        b.serial = '1'
Example #2
0
def test_lockdown_user():
    lockdown_context.role = None
    lockdown_context.user = None
    lockdown_context.group = None

    rest_api = Role('rest_api')
    rest_api.lockdown(Bicycle) \
        .field_writeable_by(Bicycle.owner, Bicycle.owner == ContextParam('user'))

    with test_database(test_db, [User, Group, Bicycle]):
        u = User.create(username='******')
        u2 = User.create(username='******')
        g = Group.create(name='test')
        b = Bicycle.create(owner=u, group=g)

        lockdown_context.role = rest_api

        assert b.is_field_writeable(Bicycle.owner) is False

        lockdown_context.user = 10

        assert b.is_field_writeable(Bicycle.owner) is False
        try:
            b.owner = u2
            assert False, 'should have thrown'
        except:
            pass

        lockdown_context.user = u.id
        assert b.is_field_writeable(Bicycle.owner) is True
Example #3
0
def test_combined_roles():
    server_api = Role('server_api')
    server_api.lockdown(Bicycle) \
        .writeable_by((Bicycle.group == ContextParam('group')) &
                      (ContextParam('custom_role') == 'admin'))

    rest_api = server_api.extend('rest_api')
    rest_api.lockdown(BaseModel)\
        .field_writeable_by(BaseModel.created, NO_ONE)\
        .field_writeable_by(BaseModel.modified, NO_ONE)

    with test_database(test_db, [Group, Bicycle]):
        g1 = Group.create(name='test1')
        g2 = Group.create(name='test2')
        b = Bicycle.create(group=g1)

        lockdown_context.role = rest_api
        lockdown_context.group = g1.id
        lockdown_context.custom_role = 'admin'

        b.serial = '1'

        # make sure the group rule was inherited from server_api
        lockdown_context.group = g2.id
        try:
            b.serial = '1'
            assert False, 'should have failed'
        except:
            pass

        # set group to the correct group, but shouldn't be able to set created
        # since this is still the rest_api role
        lockdown_context.group = g1.id
        try:
            b.created = datetime.utcnow()
            assert False, 'should have failed'
        except:
            pass

        # server_api can set created
        lockdown_context.role = server_api
        b.created = datetime.utcnow()
Example #4
0
def test_insert():
    lockdown_context.role = None
    lockdown_context.user = None
    lockdown_context.group = None

    rest_api = Role('rest_api')

    rest_api.lockdown(BigWheel) \
        .writeable_by(BigWheel.owner == ContextParam('user'))\
        .validate(BigWheel.owner, BigWheel.owner == ContextParam('user')) \
        .field_writeable_by(BigWheel.serial, BigWheel.owner == ContextParam('user'))

    with test_database(test_db, [User, Group, BigWheel]):
        u1 = User.create(username='******')
        u2 = User.create(username='******')
        g = Group.create(name='test')

        # set the role/user before inserting
        lockdown_context.role = rest_api
        lockdown_context.user = u1.id

        try:
            bwheel = BigWheel()
            bwheel.owner = u2
            bwheel.group = g
            bwheel.serial = '1'
            assert False, 'should have failed'
        except LockdownException:
            pass

        # insert should work fine since object validates
        bwheel = BigWheel()
        bwheel.owner = u1
        bwheel.group = g
        bwheel.serial = '1'
        bwheel.save()

        b = BigWheel.get()
        assert b.modified is not None
        assert b.created is not None
        assert b.serial == '1'
        assert b.owner == u1
        assert b.group == g
Example #5
0
def test_is_readable_writable_field():
    lockdown_context.role = None
    lockdown_context.user = None
    lockdown_context.group = None

    rest_api = Role('rest_api')

    rest_api.lockdown(BaseModel)\
        .field_writeable_by(BaseModel.created, NO_ONE)\
        .field_writeable_by(BaseModel.modified, NO_ONE)

    rest_api.lockdown(Bicycle) \
        .field_readable_by(Bicycle.serial, Bicycle.group == ContextParam('group')) \
        .field_writeable_by(Bicycle.serial, Bicycle.owner == ContextParam('user'))

    with test_database(test_db, [User, Group, Bicycle]):
        u = User.create(username='******')
        g = Group.create(name='test')
        b = Bicycle.create(owner=u, group=g)

        lockdown_context.role = rest_api

        assert b.is_field_readable(Bicycle.serial) is False
        assert b.is_field_writeable(Bicycle.serial) is False
        assert b.is_field_writeable(Bicycle.modified) is False
        assert b.is_field_writeable(Bicycle.created) is False

        lockdown_context.group = 10
        lockdown_context.user = 10

        assert b.is_field_readable(Bicycle.serial) is False
        assert b.is_field_writeable(Bicycle.serial) is False

        lockdown_context.group = g.id

        assert b.is_field_readable(Bicycle.serial) is True
        assert b.is_field_writeable(Bicycle.serial) is False

        lockdown_context.user = u.id

        assert b.is_field_readable(Bicycle.serial) is True
        assert b.is_field_writeable(Bicycle.serial) is True
Example #6
0
def test_readable_writable():
    lockdown_context.role = None
    lockdown_context.user = None
    lockdown_context.group = None

    rest_api = Role('rest_api')
    ldown = rest_api.lockdown(Bicycle) \
        .readable_by(Bicycle.group == ContextParam('group')) \
        .writeable_by(Bicycle.owner == ContextParam('user'))

    with test_database(test_db, [User, Group, Bicycle]):
        u = User.create(username='******')
        g = Group.create(name='test')
        b = Bicycle.create(owner=u, group=g)

        assert b.is_readable() is True
        assert b.is_writable() is True

        lockdown_context.role = rest_api

        assert b.is_readable() is False
        assert b.is_writable() is False

        lockdown_context.group = 10
        lockdown_context.user = 10

        assert b.is_readable() is False
        assert b.is_writable() is False

        lockdown_context.group = g.id

        assert b.is_readable() is True
        assert b.is_writable() is False

        lockdown_context.user = u.id

        assert b.is_readable() is True
        assert b.is_writable() is True
Example #7
0
def test_save():
    lockdown_context.role = None
    lockdown_context.user = None
    lockdown_context.group = None

    rest_api = Role('rest_api')
    rest_api.lockdown(Bicycle) \
        .field_readable_by(Bicycle.serial, Bicycle.group == ContextParam('group')) \
        .field_writeable_by(Bicycle.serial, Bicycle.owner == ContextParam('user'))

    with test_database(test_db, [User, Group, Bicycle]):
        u = User.create(username='******')
        g = Group.create(name='test')
        b = Bicycle.create(owner=u, group=g, serial='1')

        lockdown_context.role = rest_api

        try:
            b.serial = '10'
            assert False, 'should have thrown'
        except:
            pass

        assert b.serial == '1'
        b = Bicycle.get()
        assert b.serial is None, 'cant read this field, no group'

        lockdown_context.group = g.id

        b = Bicycle.get()
        assert b.serial == '1', 'now this field can be read, should be 1 still'

        lockdown_context.user = u.id

        b.serial = '10'
        b.save()
        b = Bicycle.get()
        assert b.serial == '10'
Example #8
0
def test_no_one():
    lockdown_context.role = None
    lockdown_context.user = None
    lockdown_context.group = None

    rest_api = Role('rest_api')
    rest_api.lockdown(Bicycle).readable_by(NO_ONE).writeable_by(NO_ONE)

    with test_database(test_db, [User, Group, Bicycle]):
        u = User.create(username='******')
        g = Group.create(name='test')
        b = Bicycle.create(owner=u, group=g)

        lockdown_context.role = rest_api

        assert b.is_readable() is False
        assert b.is_writable() is False

        lockdown_context.group = g.id
        lockdown_context.user = u.id

        assert b.is_readable() is False
        assert b.is_writable() is False
Example #9
0
 param(
     [{
         "user": "******"
     }, {
         "user": Group
     }],
     {"user": Group},
     id="merge_into_missing_node",
 ),
 param(
     [{
         "admin": {
             "name": "joe",
             "age": 42
         }
     }, Group(admin=None)],
     {"admin": None},
     id="merge_none_into_existing_node",
 ),
 param(
     [{
         "user": User()
     }, {
         "user": {
             "foo": "bar"
         }
     }],
     raises(ConfigKeyError),
     id="merge_unknown_key_into_structured_node",
 ),
 # DictConfig with element_type of Structured Config
Example #10
0
            }],
        ),
        # ListConfig
        (
            lambda value, is_optional, key=None: ListConfig(
                is_optional=is_optional, content=value, key=key),
            [[], [1, 2, 3]],
        ),
        # dataclass
        (
            lambda value, is_optional, key=None: DictConfig(ref_type=Group,
                                                            is_optional=
                                                            is_optional,
                                                            content=value,
                                                            key=key),
            [Group, Group()],
        ),
    ],
    ids=(
        "BooleanNode",
        "BytesNode",
        "FloatNode",
        "IntegerNode",
        "StringNode",
        "EnumNode",
        "DictConfig",
        "ListConfig",
        "dataclass",
    ),
)
class TestNodeTypesMatrix:
Example #11
0
 ),
 pytest.param(
     [{"user": User}, {"user": Group}],
     pytest.raises(ValidationError),
     id="merge_group_onto_user_error",
 ),
 pytest.param(
     [Plugin, ConcretePlugin], ConcretePlugin, id="merge_subclass_on_superclass"
 ),
 pytest.param(
     [{"user": "******"}, {"user": Group}],
     {"user": Group},
     id="merge_into_missing_node",
 ),
 pytest.param(
     [{"admin": {"name": "joe", "age": 42}}, Group(admin=None)],
     {"admin": None},
     id="merge_none_into_existing_node",
 ),
 pytest.param(
     [{"user": User()}, {"user": {"foo": "bar"}}],
     pytest.raises(ConfigKeyError),
     id="merge_unknown_key_into_structured_node",
 ),
 # DictConfig with element_type of Structured Config
 pytest.param(
     (
         DictConfig({}, element_type=User),
         {"user007": {"age": 99}},
     ),
     {"user007": {"name": "???", "age": 99}},