def test_ownership(self):
artifact_id = self.my_create_appliance("owned")
artifact2_id = self.my_create_appliance("unowned")
owner_id = s.create_user("users", "*****@*****.**", "foo foo", "foo")
s.touch_to_add_ownership(artifact_id, owner_id)
# Test that the user really owns the server.
self.assertTrue(s.check_ownership(artifact_id, owner_id))
# Test that the user does not own the second server.
self.assertFalse(s.check_ownership(artifact2_id, owner_id))
def _resolve_vm(request):
"""Function given a request works out the VM we are talking about and whether
the current user actually has permission to do stuff to it.
Also returns the internal ID for the user, as well as the VM.
"""
actor_id = None
vm_id = None
try:
actor_id = server.get_user_id_from_name(request.authenticated_userid)
except:
#OK, it must be an agent or an internal call.
pass
try:
vm_id = (request.matchdict['id'] if 'id' in request.matchdict else
server.get_server_id_from_name(request.matchdict['name']))
except:
#Presumably because there is no such VM
raise HTTPNotFound()
if (request.has_permission('act')
or server.check_ownership(vm_id, actor_id)):
return vm_id, actor_id
else:
raise HTTPUnauthorized()
def _resolve_vm(request):
"""Function given a request works out the VM we are talking about and whether
the current user actually has permission to do stuff to it.
Also returns the internal ID for the user, as well as the VM.
"""
actor_id = None
vm_id = None
try:
actor_id = server.get_user_id_from_name(request.authenticated_userid)
except:
# OK, it must be an agent or an internal call.
pass
try:
vm_id = (
request.matchdict["id"]
if "id" in request.matchdict
else server.get_server_id_from_name(request.matchdict["name"])
)
except:
# Presumably because there is no such VM
raise HTTPNotFound()
if request.has_permission("act") or server.check_ownership(vm_id, actor_id):
return vm_id, actor_id
else:
raise HTTPUnauthorized()
def test_ownership_2(self):
"""I had a version of the portal that passed the above test but when you
added a VM to any user all the users started to see it. Not good!
"""
owners = []
artifacts = []
for idx in (0,1,2):
owners.append(s.create_user("users", "*****@*****.**" % idx , "foo %s" % idx, "foo%s" % idx))
artifacts.append(self.my_create_appliance("box%s" % idx))
s.touch_to_add_ownership(artifacts[idx], owners[0])
s.touch_to_add_ownership(artifacts[idx], owners[idx])
#All VMs owned by last owner set
self.assertTrue( s.check_ownership(artifacts[0], owners[0]) and
s.check_ownership(artifacts[1], owners[1]) and
s.check_ownership(artifacts[2], owners[2]) )
#All VMs also owned by 0
self.assertTrue( s.check_ownership(artifacts[1], owners[0]) and
s.check_ownership(artifacts[2], owners[0]) )
#VMs not owned by other owners
self.assertFalse(s.check_ownership(artifacts[0], owners[1]) or
s.check_ownership(artifacts[2], owners[1]) or
s.check_ownership(artifacts[0], owners[2]) or
s.check_ownership(artifacts[1], owners[2]) )
#This is reflected in list_artifacts_for_user?
self.assertEqual(len(s.list_artifacts_for_user(owners[0])), 3)
self.assertEqual(len(s.list_artifacts_for_user(owners[1])), 1)
self.assertEqual(len(s.list_artifacts_for_user(owners[2])), 1)
#Likewise requesting an artifact I don't own should give an error,
#but that has to be tested via webtest.
# Finally, adding a new box2 should Nix the old box2
self.my_create_appliance("box2")
self.assertEqual(len(s.list_artifacts_for_user(owners[0])), 2)
self.assertEqual(len(s.list_artifacts_for_user(owners[1])), 1)
self.assertEqual(len(s.list_artifacts_for_user(owners[2])), 0)
