def permissions_test(self):
"""Check that permissions logic is ok"""
# Only lasote can read it but other conans can be readed
read_perms = [(str(self.openssl_ref), "lasote"), ("*/*@*/*", "*")]
# Only pepe (and lasote because its owner) can write it and no more users can write
write_perms = [(str(self.openssl_ref), "pepe")]
authorizer = BasicAuthorizer(read_perms, write_perms)
# READ PERMISSIONS
# Pepe can't read conans
self.assertRaises(ForbiddenException,
authorizer.check_read_conan, "pepe", self.openssl_ref)
# Owner can read conans
authorizer.check_read_conan("lasote", self.openssl_ref)
# Pepe can read other conans
authorizer.check_read_conan("pepe", self.openssl_ref2)
# Pepe can't read package
self.assertRaises(ForbiddenException,
authorizer.check_read_package, "pepe", self.package_reference)
# Owner can read package
authorizer.check_read_package("lasote", self.package_reference)
# Pepe can read other package
authorizer.check_read_package("pepe", self.package_reference2)
# WRITE PERMISSIONS
# Pepe can write conans
authorizer.check_write_conan("pepe", self.openssl_ref)
# Juan can't write conans
self.assertRaises(ForbiddenException,
authorizer.check_write_conan, "juan", self.openssl_ref)
# Owner can write conans
authorizer.check_write_conan("lasote", self.openssl_ref)
# Pepe can't write other conans
self.assertRaises(ForbiddenException,
authorizer.check_write_conan, "pepe", self.openssl_ref2)
# Owner can write package
authorizer.check_write_package("lasote", self.package_reference)
# Pepe can write package
authorizer.check_write_package("pepe", self.package_reference)
# Pepe can't write other package
self.assertRaises(ForbiddenException,
authorizer.check_write_package, "pepe", self.package_reference2)
def permissions_test(self):
"""Check that permissions logic is ok"""
# Only lasote can read it but other conans can be readed
read_perms = [(str(self.openssl_ref), "lasote"), ("*/*@*/*", "*")]
# Only pepe (and lasote because its owner) can write it and no more users can write
write_perms = [(str(self.openssl_ref), "pepe")]
authorizer = BasicAuthorizer(read_perms, write_perms)
# READ PERMISSIONS
# Pepe can't read conans
self.assertRaises(ForbiddenException, authorizer.check_read_conan,
"pepe", self.openssl_ref)
# Owner can read conans
authorizer.check_read_conan("lasote", self.openssl_ref)
# Pepe can read other conans
authorizer.check_read_conan("pepe", self.openssl_ref2)
# Pepe can't read package
self.assertRaises(ForbiddenException, authorizer.check_read_package,
"pepe", self.package_reference)
# Owner can read package
authorizer.check_read_package("lasote", self.package_reference)
# Pepe can read other package
authorizer.check_read_package("pepe", self.package_reference2)
# WRITE PERMISSIONS
# Pepe can write conans
authorizer.check_write_conan("pepe", self.openssl_ref)
# Juan can't write conans
self.assertRaises(ForbiddenException, authorizer.check_write_conan,
"juan", self.openssl_ref)
# Owner can write conans
authorizer.check_write_conan("lasote", self.openssl_ref)
# Pepe can't write other conans
self.assertRaises(ForbiddenException, authorizer.check_write_conan,
"pepe", self.openssl_ref2)
# Owner can write package
authorizer.check_write_package("lasote", self.package_reference)
# Pepe can write package
authorizer.check_write_package("pepe", self.package_reference)
# Pepe can't write other package
self.assertRaises(ForbiddenException, authorizer.check_write_package,
"pepe", self.package_reference2)
def test_authenticated_user_wildcard_permissions(self):
"""Check that authenciated user wildcard permissions logic is ok"""
# Only authenticated users can read openssl
read_perms = [(str(self.openssl_ref), "?"), ("*/*@*/*", "*")]
# Authenticated users can write any
write_perms = [("*/*@*/*", "?")]
authorizer = BasicAuthorizer(read_perms, write_perms)
# READ PERMISSIONS
# Authenticated user can read conan
authorizer.check_read_conan("pepe", self.openssl_ref)
# Authenticated user can read package
authorizer.check_read_package("pepe", self.openssl_pref)
# Anonymous user can not read conan, they must authenticate
self.assertRaises(AuthenticationException, authorizer.check_read_conan,
None, self.openssl_ref)
# Anonymous user can not read package, they must authenticate
self.assertRaises(AuthenticationException,
authorizer.check_read_package, None,
self.openssl_pref)
# WRITE PERMISSIONS
# Authenticated user can write conan
authorizer.check_write_conan("pepe", self.openssl_ref)
# Authenticated user can write package
authorizer.check_write_package("pepe", self.openssl_pref)
# Anonymous user can not write conan, they must authenticate
self.assertRaises(AuthenticationException,
authorizer.check_write_conan, None, self.openssl_ref)
# Anonymous user can not write package, they must authenticate
self.assertRaises(AuthenticationException,
authorizer.check_write_package, None,
self.openssl_pref)
def authenticated_user_wildcard_permissions_test(self):
"""Check that authenciated user wildcard permissions logic is ok"""
# Only authenticated users can read openssl
read_perms = [(str(self.openssl_ref), "?"), ("*/*@*/*", "*")]
# Authenticated users can write any
write_perms = [("*/*@*/*", "?")]
authorizer = BasicAuthorizer(read_perms, write_perms)
# READ PERMISSIONS
# Authenticated user can read conan
authorizer.check_read_conan("pepe", self.openssl_ref)
# Authenticated user can read package
authorizer.check_read_package("pepe", self.package_reference)
# Anonymous user can not read conan, they must authenticate
self.assertRaises(AuthenticationException,
authorizer.check_read_conan, None, self.openssl_ref)
# Anonymous user can not read package, they must authenticate
self.assertRaises(AuthenticationException,
authorizer.check_read_package, None, self.package_reference)
# WRITE PERMISSIONS
# Authenticated user can write conan
authorizer.check_write_conan("pepe", self.openssl_ref)
# Authenticated user can write package
authorizer.check_write_package("pepe", self.package_reference)
# Anonymous user can not write conan, they must authenticate
self.assertRaises(AuthenticationException,
authorizer.check_write_conan, None, self.openssl_ref)
# Anonymous user can not write package, they must authenticate
self.assertRaises(AuthenticationException,
authorizer.check_write_package, None, self.package_reference)
