def load_auths(self): """Load up all the authorizations this user has""" from botoweb.resources.authorization import Authorization self.authorizations = { "*": {"*": {"*": False} }, "": {"": {"": False} } } query = Authorization.find(auth_group=self.auth_groups) for auth in query: if not self.authorizations.has_key(auth.method): self.authorizations[auth.method] = {} if not self.authorizations[auth.method].has_key(auth.obj_name): self.authorizations[auth.method][auth.obj_name] = {} self.authorizations[auth.method][auth.obj_name][auth.prop_name] = True # Weird indexing to say "Yes, they have a value here somewhere" if not self.authorizations[auth.method].has_key(""): self.authorizations[auth.method][""] = {} if not self.authorizations[""].has_key(auth.obj_name): self.authorizations[""][auth.obj_name] = {"": True} self.authorizations[""][""][""] = True self.authorizations[""][""][auth.prop_name] = True self.authorizations[""][auth.obj_name][""] = True self.authorizations[""][auth.obj_name][auth.prop_name] = True self.authorizations[auth.method][auth.obj_name][""] = True self.authorizations[auth.method][""][auth.prop_name] = True self.authorizations[auth.method][""][""] = True return self.authorizations
def load_auths(self): """Load up all the authorizations this user has""" from botoweb.resources.authorization import Authorization self.authorizations = {"*": {"*": {"*": False}}, "": {"": {"": False}}} if self.auth_groups: query = Authorization.find(auth_group=self.auth_groups) for auth in query: if not self.authorizations.has_key(auth.method): self.authorizations[auth.method] = {} if not self.authorizations[auth.method].has_key(auth.obj_name): self.authorizations[auth.method][auth.obj_name] = {} self.authorizations[auth.method][auth.obj_name][ auth.prop_name] = True # Weird indexing to say "Yes, they have a value here somewhere" if not self.authorizations[auth.method].has_key(""): self.authorizations[auth.method][""] = {} if not self.authorizations[""].has_key(auth.obj_name): self.authorizations[""][auth.obj_name] = {"": True} self.authorizations[""][""][""] = True self.authorizations[""][""][auth.prop_name] = True self.authorizations[""][auth.obj_name][""] = True self.authorizations[""][auth.obj_name][auth.prop_name] = True self.authorizations[auth.method][auth.obj_name][""] = True self.authorizations[auth.method][""][auth.prop_name] = True self.authorizations[auth.method][""][""] = True return self.authorizations
def test_get_only_single_object_auth(self): """Test someone that has only all permissions on a specific object""" auth = Authorization() auth.auth_group = "test_auth_group" auth.method = "GET" auth.obj_name = "Foo" auth.prop_name = "*" auth.put() time.sleep(5) self.authorizations.append(auth) self.user.load_auths() assert (self.user.has_auth("GET") == False) assert (self.user.has_auth("GET", "Bar") == False) assert (self.user.has_auth("GET", "Bar", "bizzle") == False) assert (self.user.has_auth("GET", "Foo")) assert (self.user.has_auth("GET", "Foo", "bar")) auth.delete()
def test_get_only_overall_object(self): """Test only allowing them to know about the object, not get any specific parameters""" auth = Authorization() auth.auth_group = "test_auth_group" auth.method = "GET" auth.obj_name = "Foo" auth.put() time.sleep(5) self.authorizations.append(auth) self.user.load_auths() assert (self.user.has_auth("GET") == False) assert (self.user.has_auth("GET", "Bar") == False) assert (self.user.has_auth("GET", "*") == False) assert (self.user.has_auth("GET", "Foo")) assert (self.user.has_auth("GET", "Foo", "bar") == False) auth.delete()
def test_all_auth(self): """Test someone that should have every authorization to everything""" auth = Authorization() auth.auth_group = "test_auth_group" auth.method = "*" auth.obj_name = "*" auth.prop_name = "*" auth.put() time.sleep(5) self.authorizations.append(auth) self.user.load_auths() assert (self.user.has_auth()) assert (self.user.has_auth("GET")) assert (self.user.has_auth("POST")) assert (self.user.has_auth("PUT")) assert (self.user.has_auth("DELETE")) assert (self.user.has_auth("GET", "Foo")) assert (self.user.has_auth("GET", "Foo", "bar")) assert (self.user.has_auth("GET", "*", "bar")) auth.delete()
def test_get_only_single_object_auth(self): """Test someone that has only all permissions on a specific object""" auth = Authorization() auth.auth_group = "test_auth_group" auth.method = "GET" auth.obj_name = "Foo" auth.prop_name = "*" auth.put() time.sleep(5) self.authorizations.append(auth) self.user.load_auths() assert(self.user.has_auth("GET") == False) assert(self.user.has_auth("GET", "Bar") == False) assert(self.user.has_auth("GET", "Bar", "bizzle") == False) assert(self.user.has_auth("GET", "Foo")) assert(self.user.has_auth("GET", "Foo", "bar")) auth.delete()
def test_get_only_auth(self): """Test someone that has only GET permissions on all objects""" auth = Authorization() auth.auth_group = "test_auth_group" auth.method = "GET" auth.obj_name = "*" auth.prop_name = "*" auth.put() time.sleep(5) self.authorizations.append(auth) self.user.load_auths() assert (self.user.has_auth("GET")) assert (self.user.has_auth("GET", "*", "*")) assert (self.user.has_auth("POST") == False) assert (self.user.has_auth("PUT") == False) assert (self.user.has_auth("DELETE") == False) assert (self.user.has_auth("DELETE", "Foo") == False) assert (self.user.has_auth("DELETE", "Foo", "bar") == False) assert (self.user.has_auth("DELETE", "*", "bar") == False) assert (self.user.has_auth("GET", "Foo")) assert (self.user.has_auth("GET", "Foo", "bar")) assert (self.user.has_auth("GET", "*", "bar")) auth.delete()
def test_get_only_overall_object(self): """Test only allowing them to know about the object, not get any specific parameters""" auth = Authorization() auth.auth_group = "test_auth_group" auth.method = "GET" auth.obj_name = "Foo" auth.put() time.sleep(5) self.authorizations.append(auth) self.user.load_auths() assert(self.user.has_auth("GET") == False) assert(self.user.has_auth("GET", "Bar") == False) assert(self.user.has_auth("GET", "*") == False) assert(self.user.has_auth("GET", "Foo")) assert(self.user.has_auth("GET", "Foo", "bar") == False) auth.delete()
def test_all_auth(self): """Test someone that should have every authorization to everything""" auth = Authorization() auth.auth_group = "test_auth_group" auth.method = "*" auth.obj_name = "*" auth.prop_name = "*" auth.put() time.sleep(5) self.authorizations.append(auth) self.user.load_auths() assert(self.user.has_auth()) assert(self.user.has_auth("GET")) assert(self.user.has_auth("POST")) assert(self.user.has_auth("PUT")) assert(self.user.has_auth("DELETE")) assert(self.user.has_auth("GET", "Foo")) assert(self.user.has_auth("GET", "Foo", "bar")) assert(self.user.has_auth("GET", "*", "bar")) auth.delete()
def test_get_only_auth(self): """Test someone that has only GET permissions on all objects""" auth = Authorization() auth.auth_group = "test_auth_group" auth.method = "GET" auth.obj_name = "*" auth.prop_name = "*" auth.put() time.sleep(5) self.authorizations.append(auth) self.user.load_auths() assert(self.user.has_auth("GET")) assert(self.user.has_auth("GET", "*", "*")) assert(self.user.has_auth("POST") == False) assert(self.user.has_auth("PUT") == False) assert(self.user.has_auth("DELETE") == False) assert(self.user.has_auth("DELETE", "Foo") == False) assert(self.user.has_auth("DELETE", "Foo", "bar") == False) assert(self.user.has_auth("DELETE", "*", "bar") == False) assert(self.user.has_auth("GET", "Foo")) assert(self.user.has_auth("GET", "Foo", "bar")) assert(self.user.has_auth("GET", "*", "bar")) auth.delete()