def test_has_role_admin(self): auth_testing.mock_is_admin(self, False) self.assertFalse( acl.has_role('package', 'OWNER', auth_testing.DEFAULT_MOCKED_IDENTITY)) auth_testing.mock_is_admin(self, True) self.assertTrue( acl.has_role('package', 'OWNER', auth_testing.DEFAULT_MOCKED_IDENTITY))
def test_has_role(self): acl.PackageACL( key=acl.package_acl_key('a', 'OWNER'), users=[auth.Identity.from_bytes('user:[email protected]')]).put() acl.PackageACL( key=acl.package_acl_key('a/b/c', 'OWNER'), groups=['mid-group']).put() acl.PackageACL( key=acl.package_acl_key('a/b/c/d/e', 'OWNER'), groups=['leaf-group']).put() # Verify get_package_acls works. self.assertEqual( [('a', 'OWNER'), ('a/b/c', 'OWNER'), ('a/b/c/d/e', 'OWNER')], [ (e.package_path, e.role) for e in acl.get_package_acls('a/b/c/d/e/f', 'OWNER') ]) # Mock groups. def mocked_is_group_member(group, ident): if group == 'mid-group' and ident.name == '*****@*****.**': return True if group == 'leaf-group' and ident.name == '*****@*****.**': return True return False self.mock(acl.auth, 'is_group_member', mocked_is_group_member) # Verify has_role works. check = lambda p, i: acl.has_role(p, 'OWNER', auth.Identity.from_bytes(i)) self.assertTrue(check('a', 'user:[email protected]')) self.assertFalse(check('b', 'user:[email protected]')) self.assertTrue(check('a/b/c/d/e/f', 'user:[email protected]')) self.assertFalse(check('a', 'user:[email protected]')) self.assertTrue(check('a/b/c/d/e/f', 'user:[email protected]')) self.assertFalse(check('a/b/c/d', 'user:[email protected]')) self.assertTrue(check('a/b/c/d/e/f', 'user:[email protected]'))
def test_has_role(self): acl.PackageACL( key=acl.package_acl_key('a', 'OWNER'), users=[auth.Identity.from_bytes('user:[email protected]') ]).put() acl.PackageACL(key=acl.package_acl_key('a/b/c', 'OWNER'), groups=['mid-group']).put() acl.PackageACL(key=acl.package_acl_key('a/b/c/d/e', 'OWNER'), groups=['leaf-group']).put() # Verify get_package_acls works. self.assertEqual( [('a', 'OWNER'), ('a/b/c', 'OWNER'), ('a/b/c/d/e', 'OWNER')], [(e.package_path, e.role) for e in acl.get_package_acls('a/b/c/d/e/f', 'OWNER')]) # Mock groups. def mocked_is_group_member(group, ident): if group == 'mid-group' and ident.name == '*****@*****.**': return True if group == 'leaf-group' and ident.name == '*****@*****.**': return True return False self.mock(acl.auth, 'is_group_member', mocked_is_group_member) # Verify has_role works. check = lambda p, i: acl.has_role(p, 'OWNER', auth.Identity.from_bytes(i)) self.assertTrue(check('a', 'user:[email protected]')) self.assertFalse(check('b', 'user:[email protected]')) self.assertTrue(check('a/b/c/d/e/f', 'user:[email protected]')) self.assertFalse(check('a', 'user:[email protected]')) self.assertTrue(check('a/b/c/d/e/f', 'user:[email protected]')) self.assertFalse(check('a/b/c/d', 'user:[email protected]')) self.assertTrue(check('a/b/c/d/e/f', 'user:[email protected]'))