def run():
namespaces = SecureNamespaceAPI(session.auth.user)
try:
result = namespaces.get([path],
withDescriptions=returnDescription,
withNamespaces=returnNamespaces,
withTags=returnTags)
except UnknownPathError as error:
unknownPath = error.paths.pop()
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(path_, category, action)
if not result:
raise TNonexistentNamespace(path.encode('utf-8'))
else:
namespace = TNamespace()
namespace.objectId = str(result[path]['id'])
namespace.path = path
if returnDescription:
namespace.description = result[path]['description']
if returnNamespaces:
namespace.namespaces = result[path]['namespaceNames']
if returnTags:
namespace.tags = result[path]['tagNames']
return namespace
def run():
namespaces = SecureNamespaceAPI(session.auth.user)
try:
result = namespaces.get([path],
withDescriptions=returnDescription,
withNamespaces=returnNamespaces,
withTags=returnTags)
except UnknownPathError as error:
unknownPath = error.paths.pop()
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(path_, category, action)
if not result:
raise TNonexistentNamespace(path.encode('utf-8'))
else:
namespace = TNamespace()
namespace.objectId = str(result[path]['id'])
namespace.path = path
if returnDescription:
namespace.description = result[path]['description']
if returnNamespaces:
namespace.namespaces = result[path]['namespaceNames']
if returnTags:
namespace.tags = result[path]['tagNames']
return namespace
class SecureNamespaceAPIWithSuperuserTest(FluidinfoTestCase):
resources = [('cache', CacheResource()), ('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureNamespaceAPIWithSuperuserTest, self).setUp()
system = createSystemData()
user = system.users[u'fluiddb']
self.namespaces = SecureNamespaceAPI(user)
self.permissions = CachingPermissionAPI(user)
def testCreateIsAllowed(self):
"""
Creating a new L{Namespace} should be allowed if we're a user with a
L{Role.SUPERUSER} no matter what permissions we have.
"""
values = [(u'fluiddb', Operation.CREATE_NAMESPACE, Policy.CLOSED, [])]
self.permissions.set(values)
result = self.namespaces.create([(u'fluiddb/test', u'description')])
self.assertEqual(1, len(result))
def testDeleteIsAllowed(self):
"""
Deleting a L{Namespace} should be allowed if we're a user with a
L{Role.SUPERUSER} no matter what permissions we have.
"""
result1 = self.namespaces.create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb/test', Operation.DELETE_NAMESPACE, Policy.CLOSED,
[])]
self.permissions.set(values)
result2 = self.namespaces.delete([u'fluiddb/test'])
self.assertEqual(result1, result2)
def testSetIsAllowed(self):
"""
Updating a L{Namespace} should be allowed if we're a user with a
L{Role.SUPERUSER} no matter what permissions we have.
"""
self.namespaces.create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb/test', Operation.UPDATE_NAMESPACE, Policy.CLOSED,
[])]
self.permissions.set(values)
self.namespaces.set({u'fluiddb/test': u'new description'})
def testGetIsAllowed(self):
"""
Getting information about a L{Namespace} should be allowed if we're a
user with a L{Role.SUPERUSER} no matter what permissions we have.
"""
self.namespaces.create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb/test', Operation.LIST_NAMESPACE, Policy.CLOSED,
[])]
self.permissions.set(values)
result = self.namespaces.get([u'fluiddb'],
withDescriptions=False,
withTags=True,
withNamespaces=True)
self.assertEqual(1, len(result))
class SecureNamespaceAPIWithSuperuserTest(FluidinfoTestCase):
resources = [('cache', CacheResource()),
('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureNamespaceAPIWithSuperuserTest, self).setUp()
system = createSystemData()
user = system.users[u'fluiddb']
self.namespaces = SecureNamespaceAPI(user)
self.permissions = CachingPermissionAPI(user)
def testCreateIsAllowed(self):
"""
Creating a new L{Namespace} should be allowed if we're a user with a
L{Role.SUPERUSER} no matter what permissions we have.
"""
values = [(u'fluiddb', Operation.CREATE_NAMESPACE, Policy.CLOSED, [])]
self.permissions.set(values)
result = self.namespaces.create([(u'fluiddb/test', u'description')])
self.assertEqual(1, len(result))
def testDeleteIsAllowed(self):
"""
Deleting a L{Namespace} should be allowed if we're a user with a
L{Role.SUPERUSER} no matter what permissions we have.
"""
result1 = self.namespaces.create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb/test', Operation.DELETE_NAMESPACE,
Policy.CLOSED, [])]
self.permissions.set(values)
result2 = self.namespaces.delete([u'fluiddb/test'])
self.assertEqual(result1, result2)
def testSetIsAllowed(self):
"""
Updating a L{Namespace} should be allowed if we're a user with a
L{Role.SUPERUSER} no matter what permissions we have.
"""
self.namespaces.create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb/test', Operation.UPDATE_NAMESPACE,
Policy.CLOSED, [])]
self.permissions.set(values)
self.namespaces.set({u'fluiddb/test': u'new description'})
def testGetIsAllowed(self):
"""
Getting information about a L{Namespace} should be allowed if we're a
user with a L{Role.SUPERUSER} no matter what permissions we have.
"""
self.namespaces.create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb/test', Operation.LIST_NAMESPACE,
Policy.CLOSED, [])]
self.permissions.set(values)
result = self.namespaces.get([u'fluiddb'], withDescriptions=False,
withTags=True, withNamespaces=True)
self.assertEqual(1, len(result))
def setUp(self):
super(SecureNamespaceAPIWithNormalUserTest, self).setUp()
createSystemData()
UserAPI().create([(u'user', u'password', u'User', u'*****@*****.**')
])
self.user = getUser(u'user')
self.permissions = CachingPermissionAPI(self.user)
self.namespaces = SecureNamespaceAPI(self.user)
def testDeleteIsAllowed(self):
"""
L{SecureUserAPI.delete} can always be invoked by a L{User} with the
L{Role.SUPERUSER}.
"""
UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
namespaces = SecureNamespaceAPI(self.system.users['fluiddb'])
namespaces.delete([u'user/private'])
self.users.delete([u'user'])
self.assertIdentical(None, getUser(u'user'))
def testDeleteIsAllowed(self):
"""
L{SecureUserAPI.delete} can always be invoked by a L{User} with the
L{Role.SUPERUSER}.
"""
UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
namespaces = SecureNamespaceAPI(self.system.users['fluiddb'])
namespaces.delete([u'user/private'])
self.users.delete([u'user'])
self.assertIdentical(None, getUser(u'user'))
def run():
namespaces = SecureNamespaceAPI(session.auth.user)
try:
namespaces.set({path: description})
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
path_ = path_.encode('utf-8')
raise TPathPermissionDenied(path_, category, action)
def run():
namespaces = SecureNamespaceAPI(session.auth.user)
try:
namespaces.set({path: description})
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
path_ = path_.encode('utf-8')
raise TPathPermissionDenied(path_, category, action)
def setUp(self):
super(SecureNamespaceAPIWithNormalUserTest, self).setUp()
createSystemData()
UserAPI().create([(u'user', u'password', u'User',
u'*****@*****.**')])
self.user = getUser(u'user')
self.permissions = CachingPermissionAPI(self.user)
self.namespaces = SecureNamespaceAPI(self.user)
def testGetChildNamespacesIsAllowed(self):
"""
L{SecureNamespaceAPI.get} should allow getting a list of child
namespaces if the I{anon} user has permissions.
"""
admin = self.system.users[u'fluiddb']
SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb', Operation.LIST_NAMESPACE, Policy.OPEN, [])]
CachingPermissionAPI(admin).set(values)
result = self.namespaces.get([u'fluiddb'], withNamespaces=True)
self.assertEqual(1, len(result))
def testGetChildNamespacesIsDenied(self):
"""
L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
I{anon} user doesn't have LIST permissions when trying to get the child
namespaces.
"""
admin = self.system.users[u'fluiddb']
SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb', Operation.LIST_NAMESPACE, Policy.CLOSED, [])]
CachingPermissionAPI(admin).set(values)
error = self.assertRaises(PermissionDeniedError,
self.namespaces.get, [(u'fluiddb')],
withNamespaces=True)
self.assertEqual([(u'fluiddb', Operation.LIST_NAMESPACE)],
sorted(error.pathsAndOperations))
def run():
namespaces = SecureNamespaceAPI(session.auth.user)
path = u'/'.join([parentNamespace, name])
try:
result = namespaces.create([(path, description)])
[objectID
] = [objectID for objectID, path_ in result if path_ == path]
except DuplicatePathError as error:
session.log.exception(error)
raise TNamespaceAlreadyExists(path.encode('utf-8'))
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
path = path.encode('utf-8')
raise TPathPermissionDenied(path, category, action)
except MalformedPathError as error:
session.log.exception(error)
raise TInvalidPath(path.encode('utf-8'))
return str(objectID)
def run():
namespaces = SecureNamespaceAPI(session.auth.user)
path = u'/'.join([parentNamespace, name])
try:
result = namespaces.create([(path, description)])
[objectID] = [objectID for objectID, path_ in result
if path_ == path]
except DuplicatePathError as error:
session.log.exception(error)
raise TNamespaceAlreadyExists(path.encode('utf-8'))
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
path = path.encode('utf-8')
raise TPathPermissionDenied(path, category, action)
except MalformedPathError as error:
session.log.exception(error)
raise TInvalidPath(path.encode('utf-8'))
return str(objectID)
def setUp(self):
super(SecureNamespaceAPIWithAnonymousRoleTest, self).setUp()
self.system = createSystemData()
self.user = self.system.users[u'anon']
self.namespaces = SecureNamespaceAPI(self.user)
class SecureNamespaceAPIWithAnonymousRoleTest(FluidinfoTestCase):
resources = [('cache', CacheResource()), ('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureNamespaceAPIWithAnonymousRoleTest, self).setUp()
self.system = createSystemData()
self.user = self.system.users[u'anon']
self.namespaces = SecureNamespaceAPI(self.user)
def testCreateIsDenied(self):
"""
L{SecureNamespaceAPI.create} raises a L{PermissionDeniedError} if its
invoked by a L{User} with the L{Role.ANONYMOUS}.
"""
error = self.assertRaises(PermissionDeniedError,
self.namespaces.create,
[(u'anon/test', u'description')])
self.assertEqual(self.user.username, error.username)
self.assertEqual([(u'anon', Operation.CREATE_NAMESPACE)],
sorted(error.pathsAndOperations))
def testDeleteIsDenied(self):
"""
L{SecureNamespaceAPI.delete} raises a L{PermissionDeniedError} if its
invoked by a L{User} with the L{Role.ANONYMOUS}.
"""
error = self.assertRaises(PermissionDeniedError,
self.namespaces.delete, [u'anon'])
self.assertEqual(self.user.username, error.username)
self.assertEqual([(u'anon', Operation.DELETE_NAMESPACE)],
sorted(error.pathsAndOperations))
def testSetIsDenied(self):
"""
L{SecureNamespaceAPI.set} raises a L{PermissionDeniedError} if its
invoked by a L{User} with the L{Role.ANONYMOUS}.
"""
error = self.assertRaises(PermissionDeniedError, self.namespaces.set,
{u'anon': u'new description'})
self.assertEqual(self.user.username, error.username)
self.assertEqual([(u'anon', Operation.UPDATE_NAMESPACE)],
sorted(error.pathsAndOperations))
def testGetChildNamespacesIsAllowed(self):
"""
L{SecureNamespaceAPI.get} should allow getting a list of child
namespaces if the I{anon} user has permissions.
"""
admin = self.system.users[u'fluiddb']
SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb', Operation.LIST_NAMESPACE, Policy.OPEN, [])]
CachingPermissionAPI(admin).set(values)
result = self.namespaces.get([u'fluiddb'], withNamespaces=True)
self.assertEqual(1, len(result))
def testGetChildNamespacesIsDenied(self):
"""
L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
I{anon} user doesn't have LIST permissions when trying to get the child
namespaces.
"""
admin = self.system.users[u'fluiddb']
SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb', Operation.LIST_NAMESPACE, Policy.CLOSED, [])]
CachingPermissionAPI(admin).set(values)
error = self.assertRaises(PermissionDeniedError,
self.namespaces.get, [(u'fluiddb')],
withNamespaces=True)
self.assertEqual([(u'fluiddb', Operation.LIST_NAMESPACE)],
sorted(error.pathsAndOperations))
def testGetChildTagsIsAllowed(self):
"""
L{SecureNamespaceAPI.get} should allow getting a list of child tags if
the I{anon} user has permissions.
"""
admin = self.system.users[u'fluiddb']
SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb', Operation.LIST_NAMESPACE, Policy.CLOSED,
[u'anon'])]
CachingPermissionAPI(admin).set(values)
result = self.namespaces.get([u'fluiddb'], withTags=True)
self.assertEqual(1, len(result))
def testGetChildTagsIsDenied(self):
"""
L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
L{anon} user doesn't have LIST permissions when trying to get the
child tags.
"""
admin = self.system.users[u'fluiddb']
SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb', Operation.LIST_NAMESPACE, Policy.OPEN,
[u'anon'])]
CachingPermissionAPI(admin).set(values)
error = self.assertRaises(PermissionDeniedError,
self.namespaces.get, [(u'fluiddb')],
withTags=True)
self.assertEqual([(u'fluiddb', Operation.LIST_NAMESPACE)],
sorted(error.pathsAndOperations))
def setUp(self):
super(SecureNamespaceAPIWithSuperuserTest, self).setUp()
system = createSystemData()
user = system.users[u'fluiddb']
self.namespaces = SecureNamespaceAPI(user)
self.permissions = CachingPermissionAPI(user)
class SecureNamespaceAPIWithNormalUserTest(FluidinfoTestCase):
resources = [('cache', CacheResource()),
('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureNamespaceAPIWithNormalUserTest, self).setUp()
createSystemData()
UserAPI().create([(u'user', u'password', u'User',
u'*****@*****.**')])
self.user = getUser(u'user')
self.permissions = CachingPermissionAPI(self.user)
self.namespaces = SecureNamespaceAPI(self.user)
def testCreateIsAllowed(self):
"""
L{SecureNamespaceAPI.create} should allow the creation of namespaces
whose parent has open CREATE permissions.
"""
values = [(u'user', Operation.CREATE_NAMESPACE, Policy.OPEN, [])]
self.permissions.set(values)
result = self.namespaces.create([(u'user/test', u'description')])
self.assertEqual(1, len(result))
def testCreateIsDenied(self):
"""
L{SecureNamespaceAPI.create} should raise L{PermissonDeniedError} if
the user doesn't have CREATE permissions on the parent namespace.
"""
values = [(u'user', Operation.CREATE_NAMESPACE, Policy.CLOSED, [])]
self.permissions.set(values)
error = self.assertRaises(PermissionDeniedError,
self.namespaces.create,
[(u'user/test', u'description')])
self.assertEqual([(u'user', Operation.CREATE_NAMESPACE)],
sorted(error.pathsAndOperations))
def testDeleteIsAllowed(self):
"""
{SecureNamespaceAPI.delete} should allow the deletion of a namespace
if the user has DELETE permissions.
"""
result1 = self.namespaces.create([(u'user/test', u'description')])
values = [(u'user/test', Operation.DELETE_NAMESPACE, Policy.OPEN, [])]
self.permissions.set(values)
result2 = self.namespaces.delete([u'user/test'])
self.assertEqual(result1, result2)
def testDeleteIsDenied(self):
"""
L{SecureNamespaceAPI.delete} should raise L{PermissonDeniedError} if
the user doesn't have DELETE permissions.
"""
self.namespaces.create([(u'user/test', u'description')])
values = [(u'user/test', Operation.DELETE_NAMESPACE,
Policy.OPEN, [u'user'])]
self.permissions.set(values)
error = self.assertRaises(PermissionDeniedError,
self.namespaces.delete, [(u'user/test')])
self.assertEqual([(u'user/test', Operation.DELETE_NAMESPACE)],
sorted(error.pathsAndOperations))
def testGetChildNamespacesIsAllowed(self):
"""
L{SecureNamespaceAPI.get} should allow getting a list of child
namespaces if the user has permissions.
"""
self.namespaces.create([(u'user/test', u'description')])
values = [(u'user', Operation.LIST_NAMESPACE, Policy.OPEN, [])]
self.permissions.set(values)
result = self.namespaces.get([u'user'], withNamespaces=True)
self.assertEqual(1, len(result))
def testGetChildNamespacesIsDenied(self):
"""
L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
user doesn't have LIST permissions when trying to get the child
namespaces.
"""
self.namespaces.create([(u'user/test', u'description')])
values = [(u'user', Operation.LIST_NAMESPACE, Policy.CLOSED, [])]
self.permissions.set(values)
error = self.assertRaises(PermissionDeniedError,
self.namespaces.get,
[(u'user')], withNamespaces=True)
self.assertEqual([(u'user', Operation.LIST_NAMESPACE)],
sorted(error.pathsAndOperations))
def testGetChildTagsIsAllowed(self):
"""
L{SecureNamespaceAPI.get} should allow getting a list of child tags if
the user has permissions.
"""
self.namespaces.create([(u'user/test', u'description')])
values = [(u'user', Operation.LIST_NAMESPACE,
Policy.CLOSED, [u'user'])]
self.permissions.set(values)
result = self.namespaces.get([u'user'], withTags=True)
self.assertEqual(1, len(result))
def testGetChildTagsIsDenied(self):
"""
L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
user doesn't have LIST permissions when trying to get the child
tags.
"""
self.namespaces.create([(u'user/test', u'description')])
values = [(u'user', Operation.LIST_NAMESPACE, Policy.OPEN, [u'user'])]
self.permissions.set(values)
error = self.assertRaises(PermissionDeniedError,
self.namespaces.get,
[(u'user')], withTags=True)
self.assertEqual([(u'user', Operation.LIST_NAMESPACE)],
sorted(error.pathsAndOperations))
def testSetIsAllowed(self):
"""
L{SecureNamespaceAPI.get} should allow updating the description of a
namespace if the user has permissions.
"""
self.namespaces.create([(u'user/test', u'description')])
values = [(u'user/test', Operation.UPDATE_NAMESPACE, Policy.OPEN, [])]
self.permissions.set(values)
self.namespaces.set({u'user/test': u'description'})
def testSetIsDenied(self):
"""
L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
user doesn't have UPDATE permissions when trying to update a
namespace's description.
"""
self.namespaces.create([(u'user/test', u'description')])
values = [(u'user/test', Operation.UPDATE_NAMESPACE,
Policy.CLOSED, [])]
self.permissions.set(values)
error = self.assertRaises(PermissionDeniedError,
self.namespaces.set,
{u'user/test': u'description'})
self.assertEqual([(u'user/test', Operation.UPDATE_NAMESPACE)],
sorted(error.pathsAndOperations))
class SecureNamespaceAPIWithNormalUserTest(FluidinfoTestCase):
resources = [('cache', CacheResource()), ('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureNamespaceAPIWithNormalUserTest, self).setUp()
createSystemData()
UserAPI().create([(u'user', u'password', u'User', u'*****@*****.**')
])
self.user = getUser(u'user')
self.permissions = CachingPermissionAPI(self.user)
self.namespaces = SecureNamespaceAPI(self.user)
def testCreateIsAllowed(self):
"""
L{SecureNamespaceAPI.create} should allow the creation of namespaces
whose parent has open CREATE permissions.
"""
values = [(u'user', Operation.CREATE_NAMESPACE, Policy.OPEN, [])]
self.permissions.set(values)
result = self.namespaces.create([(u'user/test', u'description')])
self.assertEqual(1, len(result))
def testCreateIsDenied(self):
"""
L{SecureNamespaceAPI.create} should raise L{PermissonDeniedError} if
the user doesn't have CREATE permissions on the parent namespace.
"""
values = [(u'user', Operation.CREATE_NAMESPACE, Policy.CLOSED, [])]
self.permissions.set(values)
error = self.assertRaises(PermissionDeniedError,
self.namespaces.create,
[(u'user/test', u'description')])
self.assertEqual([(u'user', Operation.CREATE_NAMESPACE)],
sorted(error.pathsAndOperations))
def testDeleteIsAllowed(self):
"""
{SecureNamespaceAPI.delete} should allow the deletion of a namespace
if the user has DELETE permissions.
"""
result1 = self.namespaces.create([(u'user/test', u'description')])
values = [(u'user/test', Operation.DELETE_NAMESPACE, Policy.OPEN, [])]
self.permissions.set(values)
result2 = self.namespaces.delete([u'user/test'])
self.assertEqual(result1, result2)
def testDeleteIsDenied(self):
"""
L{SecureNamespaceAPI.delete} should raise L{PermissonDeniedError} if
the user doesn't have DELETE permissions.
"""
self.namespaces.create([(u'user/test', u'description')])
values = [(u'user/test', Operation.DELETE_NAMESPACE, Policy.OPEN,
[u'user'])]
self.permissions.set(values)
error = self.assertRaises(PermissionDeniedError,
self.namespaces.delete, [(u'user/test')])
self.assertEqual([(u'user/test', Operation.DELETE_NAMESPACE)],
sorted(error.pathsAndOperations))
def testGetChildNamespacesIsAllowed(self):
"""
L{SecureNamespaceAPI.get} should allow getting a list of child
namespaces if the user has permissions.
"""
self.namespaces.create([(u'user/test', u'description')])
values = [(u'user', Operation.LIST_NAMESPACE, Policy.OPEN, [])]
self.permissions.set(values)
result = self.namespaces.get([u'user'], withNamespaces=True)
self.assertEqual(1, len(result))
def testGetChildNamespacesIsDenied(self):
"""
L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
user doesn't have LIST permissions when trying to get the child
namespaces.
"""
self.namespaces.create([(u'user/test', u'description')])
values = [(u'user', Operation.LIST_NAMESPACE, Policy.CLOSED, [])]
self.permissions.set(values)
error = self.assertRaises(PermissionDeniedError,
self.namespaces.get, [(u'user')],
withNamespaces=True)
self.assertEqual([(u'user', Operation.LIST_NAMESPACE)],
sorted(error.pathsAndOperations))
def testGetChildTagsIsAllowed(self):
"""
L{SecureNamespaceAPI.get} should allow getting a list of child tags if
the user has permissions.
"""
self.namespaces.create([(u'user/test', u'description')])
values = [(u'user', Operation.LIST_NAMESPACE, Policy.CLOSED, [u'user'])
]
self.permissions.set(values)
result = self.namespaces.get([u'user'], withTags=True)
self.assertEqual(1, len(result))
def testGetChildTagsIsDenied(self):
"""
L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
user doesn't have LIST permissions when trying to get the child
tags.
"""
self.namespaces.create([(u'user/test', u'description')])
values = [(u'user', Operation.LIST_NAMESPACE, Policy.OPEN, [u'user'])]
self.permissions.set(values)
error = self.assertRaises(PermissionDeniedError,
self.namespaces.get, [(u'user')],
withTags=True)
self.assertEqual([(u'user', Operation.LIST_NAMESPACE)],
sorted(error.pathsAndOperations))
def testSetIsAllowed(self):
"""
L{SecureNamespaceAPI.get} should allow updating the description of a
namespace if the user has permissions.
"""
self.namespaces.create([(u'user/test', u'description')])
values = [(u'user/test', Operation.UPDATE_NAMESPACE, Policy.OPEN, [])]
self.permissions.set(values)
self.namespaces.set({u'user/test': u'description'})
def testSetIsDenied(self):
"""
L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
user doesn't have UPDATE permissions when trying to update a
namespace's description.
"""
self.namespaces.create([(u'user/test', u'description')])
values = [(u'user/test', Operation.UPDATE_NAMESPACE, Policy.CLOSED, [])
]
self.permissions.set(values)
error = self.assertRaises(PermissionDeniedError, self.namespaces.set,
{u'user/test': u'description'})
self.assertEqual([(u'user/test', Operation.UPDATE_NAMESPACE)],
sorted(error.pathsAndOperations))
def setUp(self):
super(SecureNamespaceAPIWithSuperuserTest, self).setUp()
system = createSystemData()
user = system.users[u'fluiddb']
self.namespaces = SecureNamespaceAPI(user)
self.permissions = CachingPermissionAPI(user)
class SecureNamespaceAPIWithAnonymousRoleTest(FluidinfoTestCase):
resources = [('cache', CacheResource()),
('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureNamespaceAPIWithAnonymousRoleTest, self).setUp()
self.system = createSystemData()
self.user = self.system.users[u'anon']
self.namespaces = SecureNamespaceAPI(self.user)
def testCreateIsDenied(self):
"""
L{SecureNamespaceAPI.create} raises a L{PermissionDeniedError} if its
invoked by a L{User} with the L{Role.ANONYMOUS}.
"""
error = self.assertRaises(PermissionDeniedError,
self.namespaces.create,
[(u'anon/test', u'description')])
self.assertEqual(self.user.username, error.username)
self.assertEqual([(u'anon', Operation.CREATE_NAMESPACE)],
sorted(error.pathsAndOperations))
def testDeleteIsDenied(self):
"""
L{SecureNamespaceAPI.delete} raises a L{PermissionDeniedError} if its
invoked by a L{User} with the L{Role.ANONYMOUS}.
"""
error = self.assertRaises(PermissionDeniedError,
self.namespaces.delete,
[u'anon'])
self.assertEqual(self.user.username, error.username)
self.assertEqual([(u'anon', Operation.DELETE_NAMESPACE)],
sorted(error.pathsAndOperations))
def testSetIsDenied(self):
"""
L{SecureNamespaceAPI.set} raises a L{PermissionDeniedError} if its
invoked by a L{User} with the L{Role.ANONYMOUS}.
"""
error = self.assertRaises(PermissionDeniedError,
self.namespaces.set,
{u'anon': u'new description'})
self.assertEqual(self.user.username, error.username)
self.assertEqual([(u'anon', Operation.UPDATE_NAMESPACE)],
sorted(error.pathsAndOperations))
def testGetChildNamespacesIsAllowed(self):
"""
L{SecureNamespaceAPI.get} should allow getting a list of child
namespaces if the I{anon} user has permissions.
"""
admin = self.system.users[u'fluiddb']
SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb', Operation.LIST_NAMESPACE, Policy.OPEN, [])]
CachingPermissionAPI(admin).set(values)
result = self.namespaces.get([u'fluiddb'], withNamespaces=True)
self.assertEqual(1, len(result))
def testGetChildNamespacesIsDenied(self):
"""
L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
I{anon} user doesn't have LIST permissions when trying to get the child
namespaces.
"""
admin = self.system.users[u'fluiddb']
SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb', Operation.LIST_NAMESPACE, Policy.CLOSED, [])]
CachingPermissionAPI(admin).set(values)
error = self.assertRaises(PermissionDeniedError,
self.namespaces.get,
[(u'fluiddb')], withNamespaces=True)
self.assertEqual([(u'fluiddb', Operation.LIST_NAMESPACE)],
sorted(error.pathsAndOperations))
def testGetChildTagsIsAllowed(self):
"""
L{SecureNamespaceAPI.get} should allow getting a list of child tags if
the I{anon} user has permissions.
"""
admin = self.system.users[u'fluiddb']
SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb', Operation.LIST_NAMESPACE,
Policy.CLOSED, [u'anon'])]
CachingPermissionAPI(admin).set(values)
result = self.namespaces.get([u'fluiddb'], withTags=True)
self.assertEqual(1, len(result))
def testGetChildTagsIsDenied(self):
"""
L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
L{anon} user doesn't have LIST permissions when trying to get the
child tags.
"""
admin = self.system.users[u'fluiddb']
SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb', Operation.LIST_NAMESPACE,
Policy.OPEN, [u'anon'])]
CachingPermissionAPI(admin).set(values)
error = self.assertRaises(PermissionDeniedError,
self.namespaces.get,
[(u'fluiddb')], withTags=True)
self.assertEqual([(u'fluiddb', Operation.LIST_NAMESPACE)],
sorted(error.pathsAndOperations))
def setUp(self):
super(SecureNamespaceAPIWithAnonymousRoleTest, self).setUp()
self.system = createSystemData()
self.user = self.system.users[u'anon']
self.namespaces = SecureNamespaceAPI(self.user)