def test_is_current_user_admin_delegates_to_gae_users_service(self): actions.login(self.email, is_admin=True) users_result = users.is_current_user_admin() gae_users_result = users.is_current_user_admin() self.assertTrue(users_result) self.assertTrue(gae_users_result)
def ui_access_wrapper(self, *args, **kwargs): content_is_static = ( self.request.path.startswith('/mapreduce/ui/') and (self.request.path.endswith('.css') or self.request.path.endswith('.js'))) xsrf_token = self.request.get('xsrf_token') user_is_course_admin = utils.XsrfTokenManager.is_xsrf_token_valid( xsrf_token, XSRF_ACTION_NAME) ui_enabled = GCB_ENABLE_MAPREDUCE_DETAIL_ACCESS.value if ui_enabled and (content_is_static or user_is_course_admin or users.is_current_user_admin()): namespace = self.request.get('namespace') with Namespace(namespace): self.real_dispatch(*args, **kwargs) # Some places in the pipeline UI are good about passing the # URL's search string along to RPC calls back to Ajax RPCs, # which automatically picks up our extra namespace and xsrf # tokens. However, some do not, and so we patch it # here, rather than trying to keep up-to-date with the library. params = {} if namespace: params['namespace'] = namespace if xsrf_token: params['xsrf_token'] = xsrf_token extra_url_params = urllib.urlencode(params) if self.request.path == '/mapreduce/ui/pipeline/status.js': self.response.body = self.response.body.replace( 'rpc/tree?', 'rpc/tree\' + window.location.search + \'&') elif self.request.path == '/mapreduce/ui/pipeline/rpc/tree': self.response.body = self.response.body.replace( '/mapreduce/worker/detail?', '/mapreduce/ui/detail?' + extra_url_params + '&') elif self.request.path == '/mapreduce/ui/detail': self.response.body = self.response.body.replace( 'src="status.js"', 'src="status.js?%s"' % extra_url_params) elif self.request.path == '/mapreduce/ui/status.js': replacement = ( '\'namespace\': \'%s\', ' '\'xsrf_token\': \'%s\', ' '\'mapreduce_id\':' % ( namespace if namespace else '', xsrf_token if xsrf_token else '')) self.response.charset = 'utf8' self.response.text = self.response.body.replace( '\'mapreduce_id\':', replacement) else: self.response.out.write('Forbidden') self.response.set_status(403)
def test_is_current_user_admin_returns_true_if_user_in_list(self): actions.login(self.email) self.runtime_config.enabled = True self.runtime_config.admins = [self.email] gitkit.Runtime.set_current_runtime_config(self.runtime_config) gitkit.Runtime.set_current_token('token') service = self._get_gitkit_service(self.gitkit_user) self.swap(gitkit, '_make_gitkit_service', lambda *args, **kwargs: service) self.assertTrue(users.is_current_user_admin())
def test_is_current_user_admin_returns_true_if_user_in_list(self): actions.login(self.email) self.runtime_config.enabled = True self.runtime_config.admins = [self.email] gitkit.Runtime.set_current_runtime_config(self.runtime_config) gitkit.Runtime.set_current_token('token') service = self._get_gitkit_service(self.gitkit_user) self.swap( gitkit, '_make_gitkit_service', lambda *args, **kwargs: service) self.assertTrue(users.is_current_user_admin())
def __init__(self, request, response): # pylint: disable=super-init-not-called self.initialize(request, response) # Check to see if the current user is admin self.is_admin = users.is_current_user_admin() # Store the original namespace, before setting the course specific one. self.old_namespace = namespace_manager.get_namespace() # Set the active namespace to the course domain namespace try: sites.set_path_info(self.request.path, self.request.server_name) except AttributeError as e: logging.error(e) namespace = namespace_manager.get_namespace() if namespace: self.app_context = sites.get_course_for_current_request() self.is_admin = roles.Roles.is_course_admin(self.app_context) is_public = self.app_context.now_available if self.is_admin is False and is_public is False: # if course is private, and user has not logged in, redirect to login # else if user is logged in and not admin, 404 if not users.get_current_user(): self.redirect(users.create_login_url(self.request.path)) else: self.abort(404) # Set the current user with their preferences self.student = StudentSvc.get_current_student() if self.student: self.student.prefs = StudentSvc.get_current_user_preferences() if self.current_user: self._xsrf_token = xsrf.GenerateToken(_GetXsrfKey(), self.current_user.email()) self.response.set_cookie('XSRF-TOKEN', self._xsrf_token, httponly=False) else: self._xsrf_token = None self._RawWrite = self.response.out.write # Get a session store for this request. self.session_store = sessions.get_store(request=self.request) # Set the active locale self.locale_key = LocaleSvc.get_locale_key('en_GB')
def is_direct_super_admin(cls): """Checks if current user is a super admin, without delegation.""" return users.get_current_user() and users.is_current_user_admin()
def test_is_current_user_admin_falls_back_to_gae_if_not_enabled(self): actions.login('*****@*****.**', is_admin=True) self.runtime_config.enabled = False gitkit.Runtime.set_current_runtime_config(self.runtime_config) self.assertTrue(users.is_current_user_admin())
def test_is_current_user_admin_falls_back_to_gae_if_no_runtime_config( self): actions.login('*****@*****.**', is_admin=True) self.assertTrue(users.is_current_user_admin())
def test_is_current_user_admin_falls_back_to_gae_if_no_runtime_config(self): actions.login('*****@*****.**', is_admin=True) self.assertTrue(users.is_current_user_admin())