def wrapper(*args, **kwargs):
if self.must_fail:
with raises(DimError):
getattr(rpc.TRPC(self.user), attr)(*args, **kwargs)
ret = getattr(rpc.TRPC('admin'), attr)(*args, **kwargs)
else:
ret = getattr(rpc.TRPC(self.user), attr)(*args, **kwargs)
return ret
def setUp(self):
DatabaseTest.setUp(self)
db.session.add_all([User('net'), User('user')])
db.session.commit()
self.admin = rpc.TRPC('admin')
self.net = rpc.TRPC('net')
self.user = rpc.TRPC('user')
self.admin.group_create('networkgroup')
self.admin.group_grant_access('networkgroup', 'network_admin')
self.admin.group_add_user('networkgroup', 'net')
def setUp(self):
DatabaseTest.setUp(self)
group = Group(name='group')
group.users.add(User('test_user'))
group.rights.add(AccessRight(access='network_admin', object_class='all', object_id=0))
group.rights.add(AccessRight(access='dns_admin', object_class='all', object_id=0))
db.session.add(group)
db.session.commit()
self.r = rpc.TRPC('test_user')
def test_create_rr_everywhere(self):
'''create/delete rr in every zone (fwd and rev)'''
self.admin.ipblock_create('1.0.0.0/8', status='Container')
self.admin.zone_create('test.com')
self.admin.ippool_create('pool')
self.admin.ippool_add_subnet('pool', '1.0.0.0/24')
rpc.TRPC('dns').rr_create(name='a.test.com.', type='A', ip='1.0.0.1')
for u in self.user_proxies(('dns', 'net')):
self.who(u).rr_create(name='a.test.com.', type='A', ip='1.0.0.1')
u.rr_delete(name='a.test.com.',
type='A',
ip='1.0.0.1',
free_ips=True)
self.who(u).rr_create(name='b.test.com.',
type='NS',
nsdname='c.test.com.')
u.rr_delete(name='b.test.com.', type='NS', nsdname='c.test.com.')
def test_rr_list_ptr_rights(self):
self.admin.ipblock_create('1.0.0.0/8', status='Container')
self.admin.ippool_create('p')
self.admin.ippool_add_subnet('p', '1.1.1.0/24')
self.admin.rr_create(ip='1.1.1.1', type='PTR', ptrdname='a.de.')
self.admin.rr_create(name='gigi.1.1.1.in-addr.arpa.',
type='TXT',
strings=['s'])
self.user = rpc.TRPC('user')
rr = self.user.rr_list(zone='1.1.1.in-addr.arpa',
type='PTR',
fields=True)[0]
assert rr['can_create_rr']
assert rr['can_delete_rr']
rr = self.user.rr_list(zone='1.1.1.in-addr.arpa',
type='TXT',
fields=True)[0]
assert not rr['can_create_rr']
assert not rr['can_delete_rr']
def test_proxied_user(self):
self.net = rpc.TRPC('net', 'smth')
with raises(PermissionDeniedError):
self.net.zone_create('a.de')
def test_dual_admin(self):
'''user with both dns_admin and network_admin can grant ip rights'''
self.admin.ippool_create('pool')
self.admin.group_create('group')
netdns = rpc.TRPC('netdns')
netdns.group_grant_access('group', 'allocate', 'pool')