Esempio n. 1
0
 def testSetWithInvalidPolicy(self):
     """
     L{FacadePermissionMixin.updatePermission} raises a L{TInvalidPolicy}
     error if the given C{policy} is invalid.
     """
     policyAndExceptions = TPolicyAndExceptions(u'invalid', [])
     with login(u'username', uuid4(), self.transact) as session:
         deferred = self.facade.updatePermission(session, u'namespaces',
                                                 u'create', u'username',
                                                 policyAndExceptions)
         yield self.assertFailure(deferred, TInvalidPolicy)
Esempio n. 2
0
 def testSetWithSuperuser(self):
     """
     L{FacadePermissionMixin.updatePermission} raises a L{TInvalidUsername}
     error if a superuser is specified in the exceptions list.
     """
     policyAndExceptions = TPolicyAndExceptions(u'closed', [u'fluiddb'])
     with login(u'username', uuid4(), self.transact) as session:
         deferred = self.facade.updatePermission(
             session, u'tags', u'update', u'username/tag',
             policyAndExceptions)
         yield self.assertFailure(deferred, TInvalidUsername)
Esempio n. 3
0
 def testSetWithUnknownTag(self):
     """
     L{FacadePermissionMixin.updatePermission} raises a L{TNonexistentTag}
     error if the given L{Tag} path does not exist.
     """
     policyAndExceptions = TPolicyAndExceptions(u'closed', [])
     with login(u'username', uuid4(), self.transact) as session:
         deferred = self.facade.updatePermission(
             session, u'tags', u'update', u'username/unknown',
             policyAndExceptions)
         yield self.assertFailure(deferred, TNonexistentTag)
Esempio n. 4
0
 def testSetWithInvalidCategory(self):
     """
     L{FacadePermissionMixin.updatePermission} raises a L{TBadRequest} error
     if the given C{category} is invalid.
     """
     policyAndExceptions = TPolicyAndExceptions(u'closed', [])
     with login(u'username', uuid4(), self.transact) as session:
         deferred = self.facade.updatePermission(session, u'invalid',
                                                 u'update', u'username',
                                                 policyAndExceptions)
         yield self.assertFailure(deferred, TBadRequest)
Esempio n. 5
0
 def testSetWithAnonymous(self):
     """
     L{FacadePermissionMixin.updatePermission} raises a L{TInvalidUsername}
     error if the anonymous user is specified in the exceptions list for
     non-allowed operations.
     """
     policyAndExceptions = TPolicyAndExceptions(u'closed', [u'anon'])
     with login(u'username', uuid4(), self.transact) as session:
         deferred = self.facade.updatePermission(
             session, u'tags', u'update', u'username/tag',
             policyAndExceptions)
         yield self.assertFailure(deferred, TInvalidUsername)
Esempio n. 6
0
 def testSetWithUnknownUser(self):
     """
     L{FacadePermissionMixin.updatePermission} raises a L{TNoSuchUser}
     error if a L{User} in the exceptions list doesn't exist.
     """
     policyAndExceptions = TPolicyAndExceptions(u'closed', [u'unknown'])
     with login(u'username', uuid4(), self.transact) as session:
         deferred = self.facade.updatePermission(
             session, u'tags', u'update', u'username/tag',
             policyAndExceptions)
         error = yield self.assertFailure(deferred, TNoSuchUser)
         self.assertEqual('unknown', error.name)
Esempio n. 7
0
 def testSetTagValuePermissions(self):
     """
     L{FacadePermissionMixin.updatePermission} updates the permissions for a
     given L{TagValue} path.
     """
     policyAndExceptions = TPolicyAndExceptions(u'closed', [u'username'])
     with login(u'username', uuid4(), self.transact) as session:
         yield self.facade.updatePermission(session, u'tag-values',
                                            u'write', u'username/tag',
                                            policyAndExceptions)
     pathAndAction = (u'username/tag', Operation.WRITE_TAG_VALUE)
     result = self.permissions.get([pathAndAction])
     self.assertEqual((Policy.CLOSED, [u'username']), result[pathAndAction])
Esempio n. 8
0
 def testSetTagPermissions(self):
     """
     L{FacadePermissionMixin.updatePermission} updates the permissions for a
     given L{Tag} path.
     """
     policyAndExceptions = TPolicyAndExceptions(u'open', [u'username'])
     with login(u'username', uuid4(), self.transact) as session:
         yield self.facade.updatePermission(session, u'tags', u'update',
                                            u'username/tag',
                                            policyAndExceptions)
     pathAndAction = (u'username/tag', Operation.UPDATE_TAG)
     result = self.permissions.get([pathAndAction])
     self.assertEqual((Policy.OPEN, [u'username']), result[pathAndAction])
Esempio n. 9
0
 def testSetNamespacePermissions(self):
     """
     L{FacadePermissionMixin.updatePermission} updates the permissions for a
     given L{Namespace} path.
     """
     policyAndExceptions = TPolicyAndExceptions(u'closed', [])
     with login(u'username', uuid4(), self.transact) as session:
         yield self.facade.updatePermission(session, u'namespaces',
                                            u'create', u'username',
                                            policyAndExceptions)
     pathAndAction = (u'username', Operation.CREATE_NAMESPACE)
     result = self.permissions.get([pathAndAction])
     self.assertEqual((Policy.CLOSED, []), result[pathAndAction])
Esempio n. 10
0
 def testSetTagValuePermissionsIsDenied(self):
     """
     L{FacadePermissionMixin.updatePermission} raises a
     L{TPathPermissionDenied} error if the user doesn't have
     C{Operation.CONTROL_TAG_VALUE} permissions on the given L{Tag}.
     """
     self.permissions.set([(u'username/tag', Operation.CONTROL_TAG_VALUE,
                            Policy.CLOSED, [])])
     policyAndExceptions = TPolicyAndExceptions(u'open', [])
     with login(u'username', uuid4(), self.transact) as session:
         deferred = self.facade.updatePermission(
             session, u'tag-values', u'control', u'username/tag',
             policyAndExceptions)
         yield self.assertFailure(deferred, TPathPermissionDenied)
Esempio n. 11
0
 def deferred_render_PUT(self, request):
     # TODO: usages should be cached locally; lookup is expensive.
     usage = registry.findUsage(httpPermissionCategoryName, 'PUT',
                                self.__class__)
     dictionary = registry.checkRequest(usage, request)
     action = request.args[actionArg][0].lower()
     policyAndExceptions = TPolicyAndExceptions(
         policy=dictionary['policy'],
         exceptions=set(dictionary['exceptions']))
     yield self.facadeClient.updatePermission(self.session, self.category,
                                              action,
                                              sep.join(request.postpath),
                                              policyAndExceptions)
     request.setResponseCode(usage.successCode)
Esempio n. 12
0
 def testSetWithUnknownUserUTF8EncodesUsername(self):
     """
     L{FacadePermissionMixin.updatePermission} raises a L{TNoSuchUser}
     error if a L{User} in the exceptions list doesn't exist.  The username
     passed to L{TNoSuchUser} is UTF-8 encoded.
     """
     policyAndExceptions = TPolicyAndExceptions(u'closed',
                                                [u'\N{HIRAGANA LETTER A}'])
     with login(u'username', uuid4(), self.transact) as session:
         deferred = self.facade.updatePermission(
             session, u'tags', u'update', u'username/tag',
             policyAndExceptions)
         error = yield self.assertFailure(deferred, TNoSuchUser)
         self.assertEqual(u'\N{HIRAGANA LETTER A}'.encode('utf-8'),
                          error.name)
Esempio n. 13
0
        def run():
            permissions = SecurePermissionAPI(session.auth.user)
            try:
                result = permissions.get([(path, operation)])
            except UnknownPathError as error:
                session.log.exception(error)
                unknownPath = error.paths[0]
                if operation in Operation.TAG_OPERATIONS:
                    raise TNonexistentTag(unknownPath.encode('utf-8'))
                if operation in Operation.NAMESPACE_OPERATIONS:
                    raise TNonexistentNamespace(unknownPath.encode('utf-8'))
                raise
            except PermissionDeniedError as error:
                session.log.exception(error)
                deniedPath, deniedOperation = error.pathsAndOperations[0]
                deniedCategory, deniedAction = getCategoryAndAction(
                    deniedOperation)
                raise TPathPermissionDenied(deniedPath, deniedCategory,
                                            deniedAction)

            policy, exceptions = result[(path, operation)]
            policy = str(policy).lower()
            return TPolicyAndExceptions(policy=policy, exceptions=exceptions)