class SecureTagAPIWithSuperuserTest(FluidinfoTestCase):
resources = [('cache', CacheResource()), ('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureTagAPIWithSuperuserTest, self).setUp()
system = createSystemData()
user = system.users[u'fluiddb']
self.tags = SecureTagAPI(user)
self.permissions = CachingPermissionAPI(user)
def testCreateIsAllowed(self):
"""
Creating a new L{Tag} should be allowed if we're a user with a
L{Role.SUPERUSER} no matter what permissions we have.
"""
values = [(u'fluiddb', Operation.CREATE_NAMESPACE, Policy.CLOSED, [])]
self.permissions.set(values)
result = self.tags.create([(u'fluiddb/test', u'description')])
self.assertEqual(1, len(result))
def testDeleteIsAllowed(self):
"""
Deleting a L{Tag} should be allowed if we're a user with a
L{Role.SUPERUSER} no matter what permissions we have.
"""
result1 = self.tags.create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb/test', Operation.DELETE_TAG, Policy.CLOSED, [])]
self.permissions.set(values)
result2 = self.tags.delete([u'fluiddb/test'])
self.assertEqual(result1, result2)
def testSetIsAllowed(self):
"""
Updating a L{Tag} should be allowed if we're a user with a
L{Role.SUPERUSER} no matter what permissions we have.
"""
result = self.tags.create([(u'fluiddb/test', u'A description')])
[(objectID, _)] = result
values = [(u'fluiddb/test', Operation.UPDATE_TAG, Policy.CLOSED, [])]
self.permissions.set(values)
self.tags.set({u'fluiddb/test': u'A new description'})
result = self.tags.get([u'fluiddb/test'], withDescriptions=True)
expected = {
u'fluiddb/test': {
'id': objectID,
'description': u'A new description'
}
}
self.assertEqual(expected, result)
class SecureTagAPIWithSuperuserTest(FluidinfoTestCase):
resources = [('cache', CacheResource()),
('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureTagAPIWithSuperuserTest, self).setUp()
system = createSystemData()
user = system.users[u'fluiddb']
self.tags = SecureTagAPI(user)
self.permissions = CachingPermissionAPI(user)
def testCreateIsAllowed(self):
"""
Creating a new L{Tag} should be allowed if we're a user with a
L{Role.SUPERUSER} no matter what permissions we have.
"""
values = [(u'fluiddb', Operation.CREATE_NAMESPACE, Policy.CLOSED, [])]
self.permissions.set(values)
result = self.tags.create([(u'fluiddb/test', u'description')])
self.assertEqual(1, len(result))
def testDeleteIsAllowed(self):
"""
Deleting a L{Tag} should be allowed if we're a user with a
L{Role.SUPERUSER} no matter what permissions we have.
"""
result1 = self.tags.create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb/test', Operation.DELETE_TAG, Policy.CLOSED, [])]
self.permissions.set(values)
result2 = self.tags.delete([u'fluiddb/test'])
self.assertEqual(result1, result2)
def testSetIsAllowed(self):
"""
Updating a L{Tag} should be allowed if we're a user with a
L{Role.SUPERUSER} no matter what permissions we have.
"""
result = self.tags.create([(u'fluiddb/test', u'A description')])
[(objectID, _)] = result
values = [(u'fluiddb/test', Operation.UPDATE_TAG, Policy.CLOSED, [])]
self.permissions.set(values)
self.tags.set({u'fluiddb/test': u'A new description'})
result = self.tags.get([u'fluiddb/test'], withDescriptions=True)
expected = {u'fluiddb/test': {'id': objectID,
'description': u'A new description'}}
self.assertEqual(expected, result)
def run():
tags = SecureTagAPI(session.auth.user)
path = u'/'.join([parentNamespace, name])
try:
[(objectID, _)] = tags.create([(path, description)])
except DuplicatePathError as error:
session.log.exception(error)
raise TTagAlreadyExists(path.encode('utf-8'))
except UnknownPathError as error:
session.log.exception(error)
path = error.paths[0]
raise TNonexistentTag(path.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, operation = error.pathsAndOperations[0]
deniedPath = deniedPath.encode('utf-8')
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, deniedPath)
except MalformedPathError as error:
session.log.exception(error)
raise TInvalidPath(path.encode('utf-8'))
return str(objectID)
def run():
tags = SecureTagAPI(session.auth.user)
path = u'/'.join([parentNamespace, name])
try:
[(objectID, _)] = tags.create([(path, description)])
except DuplicatePathError as error:
session.log.exception(error)
raise TTagAlreadyExists(path.encode('utf-8'))
except UnknownPathError as error:
session.log.exception(error)
path = error.paths[0]
raise TNonexistentTag(path.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, operation = error.pathsAndOperations[0]
deniedPath = deniedPath.encode('utf-8')
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, deniedPath)
except MalformedPathError as error:
session.log.exception(error)
raise TInvalidPath(path.encode('utf-8'))
return str(objectID)
class SecureTagAPIWithNormalUserTest(FluidinfoTestCase):
resources = [('cache', CacheResource()), ('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureTagAPIWithNormalUserTest, self).setUp()
createSystemData()
UserAPI().create([(u'user', u'password', u'User', u'*****@*****.**')
])
self.user = getUser(u'user')
self.permissions = CachingPermissionAPI(self.user)
self.tags = SecureTagAPI(self.user)
def testCreateIsAllowed(self):
"""
L{SecureTagAPI.create} should allow the creation of tags whose parent
namespace has open C{Operation.CREATE_NAMESPACE} permissions.
"""
result = self.tags.create([(u'user/test', u'description')])
self.assertEqual(1, len(result))
def testCreateIsDenied(self):
"""
L{SecureTagAPI.create} should raise L{PermissonDeniedError} if
the user doesn't have C{Operation.CREATE_NAMESPACE} permissions on the
parent namespace.
"""
values = [(u'user', Operation.CREATE_NAMESPACE, Policy.CLOSED, [])]
self.permissions.set(values)
error = self.assertRaises(PermissionDeniedError, self.tags.create,
[(u'user/test', u'description')])
self.assertEqual([(u'user', Operation.CREATE_NAMESPACE)],
sorted(error.pathsAndOperations))
def testDeleteIsAllowed(self):
"""
L{SecureTagAPI.delete} should allow the deletion of a tag if the user
has C{Operation.DELETE_TAG} permissions.
"""
result1 = self.tags.create([(u'user/test', u'description')])
result2 = self.tags.delete([u'user/test'])
self.assertEqual(result1, result2)
def testDeleteIsDenied(self):
"""
L{SecureTagAPI.delete} should raise L{PermissonDeniedError} if the
user doesn't have C{Operation.DELETE_TAG} permissions.
"""
self.tags.create([(u'user/test', u'description')])
values = [(u'user/test', Operation.DELETE_TAG, Policy.OPEN, [u'user'])]
self.permissions.set(values)
error = self.assertRaises(PermissionDeniedError, self.tags.delete,
[(u'user/test')])
self.assertEqual([(u'user/test', Operation.DELETE_TAG)],
sorted(error.pathsAndOperations))
def testSetIsAllowed(self):
"""
L{SecureTagAPI.get} should allow updating the description of a tag if
the user has permissions.
"""
[(objectID, _)] = self.tags.create([(u'user/test', u'A description')])
self.tags.set({u'user/test': u'A new description'})
result = self.tags.get([u'user/test'], withDescriptions=True)
expected = {
u'user/test': {
'id': objectID,
'description': u'A new description'
}
}
self.assertEqual(expected, result)
def testSetIsDenied(self):
"""
L{SecureTagAPI.get} should raise L{PermissonDeniedError} if the user
doesn't have C{Operation.UPDATE_TAG} permissions when trying to update
a tag's description.
"""
self.tags.create([(u'user/test', u'description')])
values = [(u'user/test', Operation.UPDATE_TAG, Policy.CLOSED, [])]
self.permissions.set(values)
error = self.assertRaises(PermissionDeniedError, self.tags.set,
{u'user/test': u'description'})
self.assertEqual([(u'user/test', Operation.UPDATE_TAG)],
sorted(error.pathsAndOperations))
class SecureTagAPIWithNormalUserTest(FluidinfoTestCase):
resources = [('cache', CacheResource()),
('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureTagAPIWithNormalUserTest, self).setUp()
createSystemData()
UserAPI().create([(u'user', u'password', u'User',
u'*****@*****.**')])
self.user = getUser(u'user')
self.permissions = CachingPermissionAPI(self.user)
self.tags = SecureTagAPI(self.user)
def testCreateIsAllowed(self):
"""
L{SecureTagAPI.create} should allow the creation of tags whose parent
namespace has open C{Operation.CREATE_NAMESPACE} permissions.
"""
result = self.tags.create([(u'user/test', u'description')])
self.assertEqual(1, len(result))
def testCreateIsDenied(self):
"""
L{SecureTagAPI.create} should raise L{PermissonDeniedError} if
the user doesn't have C{Operation.CREATE_NAMESPACE} permissions on the
parent namespace.
"""
values = [(u'user', Operation.CREATE_NAMESPACE, Policy.CLOSED, [])]
self.permissions.set(values)
error = self.assertRaises(PermissionDeniedError,
self.tags.create,
[(u'user/test', u'description')])
self.assertEqual([(u'user', Operation.CREATE_NAMESPACE)],
sorted(error.pathsAndOperations))
def testDeleteIsAllowed(self):
"""
L{SecureTagAPI.delete} should allow the deletion of a tag if the user
has C{Operation.DELETE_TAG} permissions.
"""
result1 = self.tags.create([(u'user/test', u'description')])
result2 = self.tags.delete([u'user/test'])
self.assertEqual(result1, result2)
def testDeleteIsDenied(self):
"""
L{SecureTagAPI.delete} should raise L{PermissonDeniedError} if the
user doesn't have C{Operation.DELETE_TAG} permissions.
"""
self.tags.create([(u'user/test', u'description')])
values = [(u'user/test', Operation.DELETE_TAG, Policy.OPEN, [u'user'])]
self.permissions.set(values)
error = self.assertRaises(PermissionDeniedError,
self.tags.delete, [(u'user/test')])
self.assertEqual([(u'user/test', Operation.DELETE_TAG)],
sorted(error.pathsAndOperations))
def testSetIsAllowed(self):
"""
L{SecureTagAPI.get} should allow updating the description of a tag if
the user has permissions.
"""
[(objectID, _)] = self.tags.create([(u'user/test', u'A description')])
self.tags.set({u'user/test': u'A new description'})
result = self.tags.get([u'user/test'], withDescriptions=True)
expected = {u'user/test': {'id': objectID,
'description': u'A new description'}}
self.assertEqual(expected, result)
def testSetIsDenied(self):
"""
L{SecureTagAPI.get} should raise L{PermissonDeniedError} if the user
doesn't have C{Operation.UPDATE_TAG} permissions when trying to update
a tag's description.
"""
self.tags.create([(u'user/test', u'description')])
values = [(u'user/test', Operation.UPDATE_TAG, Policy.CLOSED, [])]
self.permissions.set(values)
error = self.assertRaises(PermissionDeniedError,
self.tags.set,
{u'user/test': u'description'})
self.assertEqual([(u'user/test', Operation.UPDATE_TAG)],
sorted(error.pathsAndOperations))