def run():
namespaces = SecureNamespaceAPI(session.auth.user)
try:
result = namespaces.get([path],
withDescriptions=returnDescription,
withNamespaces=returnNamespaces,
withTags=returnTags)
except UnknownPathError as error:
unknownPath = error.paths.pop()
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(path_, category, action)
if not result:
raise TNonexistentNamespace(path.encode('utf-8'))
else:
namespace = TNamespace()
namespace.objectId = str(result[path]['id'])
namespace.path = path
if returnDescription:
namespace.description = result[path]['description']
if returnNamespaces:
namespace.namespaces = result[path]['namespaceNames']
if returnTags:
namespace.tags = result[path]['tagNames']
return namespace
def setUp(self):
super(SecureNamespaceAPIWithBrokenCacheTest, self).setUp()
self.system = createSystemData()
UserAPI().create([(u'username', u'password', u'User',
u'*****@*****.**')])
self.user = getUser(u'username')
self.namespaces = SecureNamespaceAPI(self.user)
self.permissions = CachingPermissionAPI(self.user)
def testDeleteIsAllowed(self):
"""
L{SecureUserAPI.delete} can always be invoked by a L{User} with the
L{Role.SUPERUSER}.
"""
UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
namespaces = SecureNamespaceAPI(self.system.users['fluiddb'])
namespaces.delete([u'user/private'])
self.users.delete([u'user'])
self.assertIdentical(None, getUser(u'user'))
def testGetChildNamespacesIsAllowed(self):
"""
L{SecureNamespaceAPI.get} should allow getting a list of child
namespaces if the I{anon} user has permissions.
"""
admin = self.system.users[u'fluiddb']
SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb', Operation.LIST_NAMESPACE, Policy.OPEN, [])]
CachingPermissionAPI(admin).set(values)
result = self.namespaces.get([u'fluiddb'], withNamespaces=True)
self.assertEqual(1, len(result))
def run():
namespaces = SecureNamespaceAPI(session.auth.user)
try:
namespaces.set({path: description})
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
path_ = path_.encode('utf-8')
raise TPathPermissionDenied(path_, category, action)
def testGetChildNamespacesIsDenied(self):
"""
L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
I{anon} user doesn't have LIST permissions when trying to get the child
namespaces.
"""
admin = self.system.users[u'fluiddb']
SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb', Operation.LIST_NAMESPACE, Policy.CLOSED, [])]
CachingPermissionAPI(admin).set(values)
error = self.assertRaises(PermissionDeniedError,
self.namespaces.get, [(u'fluiddb')],
withNamespaces=True)
self.assertEqual([(u'fluiddb', Operation.LIST_NAMESPACE)],
sorted(error.pathsAndOperations))
def run():
namespaces = SecureNamespaceAPI(session.auth.user)
path = u'/'.join([parentNamespace, name])
try:
result = namespaces.create([(path, description)])
[objectID
] = [objectID for objectID, path_ in result if path_ == path]
except DuplicatePathError as error:
session.log.exception(error)
raise TNamespaceAlreadyExists(path.encode('utf-8'))
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
path = path.encode('utf-8')
raise TPathPermissionDenied(path, category, action)
except MalformedPathError as error:
session.log.exception(error)
raise TInvalidPath(path.encode('utf-8'))
return str(objectID)
def setUp(self):
super(SecureNamespaceAPIWithAnonymousRoleTest, self).setUp()
self.system = createSystemData()
self.user = self.system.users[u'anon']
self.namespaces = SecureNamespaceAPI(self.user)
def setUp(self):
super(SecureNamespaceAPIWithSuperuserTest, self).setUp()
system = createSystemData()
user = system.users[u'fluiddb']
self.namespaces = SecureNamespaceAPI(user)
self.permissions = CachingPermissionAPI(user)