def test_create_update_user(self):
"""Test the creation and update of a user in the redis database
"""
user = ActiniaUser(self.user_id)
if user.exists():
print("Delete existing user")
user.delete()
# Create a new user
user = ActiniaUser.create_user(self.user_id,
self.user_group,
self.password,
user_role="admin",
accessible_datasets={"nc_spm_08": ["PERMANENT", "user1"]},
accessible_modules=["g.region", "g.mapset", "r.slope.aspect"],
cell_limit=1000,
process_num_limit=3,
process_time_limit=30)
print(user)
self.assertEqual(user.get_role(), "admin")
self.assertEqual(user.get_id(), self.user_id)
self.assertEqual(user.get_group(), self.user_group)
self.assertEqual(user.get_cell_limit(), 1000)
self.assertEqual(user.get_process_num_limit(), 3)
self.assertEqual(user.get_process_time_limit(), 30)
datasets = user.get_accessible_datasets()
self.assertTrue("nc_spm_08" in datasets)
self.assertTrue("PERMANENT" in datasets["nc_spm_08"])
user = ActiniaUser(user_id=self.user_id)
user.read_from_db()
user.set_role("user")
user.set_cell_limit(1000000)
user.set_process_num_limit(10)
user.set_process_time_limit(50)
user.update()
print(user)
self.assertEqual(user.get_role(), "user")
self.assertEqual(user.get_cell_limit(), 1000000)
self.assertEqual(user.get_process_num_limit(), 10)
self.assertEqual(user.get_process_time_limit(), 50)
user = ActiniaUser(user_id=self.user_id)
user.read_from_db()
user.add_accessible_dataset("utm32n", ["PERMANENT"])
user.add_accessible_modules(["i.vi", ])
user.update()
print(user)
datasets = user.get_accessible_datasets()
modules = user.get_accessible_modules()
self.assertTrue("nc_spm_08" in datasets)
self.assertTrue("PERMANENT" in datasets["nc_spm_08"])
self.assertTrue("g.region" in modules)
self.assertTrue("utm32n" in datasets)
self.assertTrue("PERMANENT" in datasets["utm32n"])
self.assertTrue("i.vi" in modules)
user = ActiniaUser(user_id=self.user_id)
user.read_from_db()
user.remove_location("utm32n")
user.remove_mapsets_from_location("nc_spm_08", ["user1", ])
user.remove_accessible_modules(["i.vi", ])
user.update()
print(user)
datasets = user.get_accessible_datasets()
modules = user.get_accessible_modules()
self.assertTrue("nc_spm_08" in datasets)
self.assertTrue("PERMANENT" in datasets["nc_spm_08"])
self.assertFalse("user1" in datasets["nc_spm_08"])
self.assertTrue("g.region" in modules)
self.assertFalse("utm32n" in datasets)
self.assertFalse("i.vi" in modules)
def test_create_delete_user(self):
# Make sure the user database is empty
user = ActiniaUser(self.user_id)
if user.exists():
print("Delete existing user")
user.delete()
# Create a new user
user = ActiniaUser.create_user(self.user_id,
self.user_group,
self.password,
user_role="admin",
accessible_datasets={"nc_spm_08": ["PERMANENT", "user1"]},
accessible_modules=["g.region", "g.mapset", "r.slope.aspect"],
cell_limit=1000,
process_num_limit=3,
process_time_limit=30)
print(user)
self.assertEqual(user.get_role(), "admin")
self.assertEqual(user.get_id(), self.user_id)
self.assertEqual(user.get_group(), self.user_group)
self.assertEqual(user.get_cell_limit(), 1000)
self.assertEqual(user.get_process_num_limit(), 3)
self.assertEqual(user.get_process_time_limit(), 30)
datasets = user.get_accessible_datasets()
modules = user.get_accessible_modules()
self.assertTrue("nc_spm_08" in datasets)
self.assertTrue("PERMANENT" in datasets["nc_spm_08"])
self.assertTrue("g.region" in modules)
token = user.generate_auth_token()
user_2 = ActiniaUser.verify_auth_token(token)
print(user_2)
self.assertTrue(user_2.exists())
self.assertEqual(user_2.get_role(), "admin")
self.assertEqual(user_2.get_id(), self.user_id)
self.assertEqual(user.get_group(), self.user_group)
self.assertEqual(user_2.get_cell_limit(), 1000)
self.assertEqual(user_2.get_process_num_limit(), 3)
self.assertEqual(user_2.get_process_time_limit(), 30)
datasets = user_2.get_accessible_datasets()
modules = user_2.get_accessible_modules()
self.assertTrue("nc_spm_08" in datasets)
self.assertTrue("PERMANENT" in datasets["nc_spm_08"])
self.assertTrue("g.region" in modules)
api_key = user.generate_api_key()
user_3 = ActiniaUser.verify_api_key(api_key)
print(user_3)
self.assertTrue(user_3.exists())
self.assertEqual(user_3.get_role(), "admin")
self.assertEqual(user_3.get_id(), self.user_id)
self.assertEqual(user.get_group(), self.user_group)
self.assertEqual(user_3.get_cell_limit(), 1000)
self.assertEqual(user_3.get_process_num_limit(), 3)
self.assertEqual(user_3.get_process_time_limit(), 30)
datasets = user_3.get_accessible_datasets()
modules = user_3.get_accessible_modules()
self.assertTrue("nc_spm_08" in datasets)
self.assertTrue("PERMANENT" in datasets["nc_spm_08"])
self.assertTrue("g.region" in modules)
self.assertTrue(user.delete())
self.assertFalse(user_2.delete())
self.assertFalse(user_3.delete())
def check_permissions(self, user_id):
"""Check the access rights of the user that calls this API call
Permission:
- guest and user roles can only access resources of the same user id
- admin role are allowed to access resources of users with the same
user group, except for superusers
- superdamins role can access all resources
Args:
user_id:
Returns:
None if permissions granted, a error response if permissions are
not fulfilled
"""
# Superuser are allowed to do everything
if self.user.has_superadmin_role() is True:
return None
# Check permissions for users and guests
if self.user_role == "guest" or self.user_role == "user":
if self.user_id != user_id:
return make_response(
jsonify(
SimpleResponseModel(
status="error",
message=
"You do not have the permission to access this resource. "
"Wrong user.")), 401)
new_user = ActiniaUser(user_id=user_id)
# Check if the user exists
if new_user.exists() != 1:
return make_response(
jsonify(
SimpleResponseModel(
status="error",
message="The user <%s> does not exist" % user_id)),
400)
# Check admin permissions
if self.user_role == "admin":
# Resources of superusers are not allowed to be accessed
if new_user.has_superadmin_role() is True:
return make_response(
jsonify(
SimpleResponseModel(
status="error",
message=
"You do not have the permission to access this resource. "
"Wrong user role.")), 401)
# Only resources of the same user group are allowed to be accessed
if new_user.get_group() != self.user_group:
return make_response(
jsonify(
SimpleResponseModel(
status="error",
message=
"You do not have the permission to access this resource. "
"Wrong user group.")), 401)
return None
