def test_coordinator_workflow_access_permissions(self): oozie_api.OozieApi = MockOozieCoordinatorApi oozie_api._api_cache = None self.wf.is_shared = True self.wf.save() # Login as someone else not superuser client_another_me = make_logged_in_client(username='******', is_superuser=False, groupname='test') grant_access("another_me", "test", "oozie") coord = create_coordinator(self.wf, client_another_me) response = client_another_me.get(reverse('oozie:edit_coordinator', args=[coord.id])) assert_true('Editor' in response.content, response.content) assert_true('value="Save"' in response.content, response.content) # Check can schedule a non personal/shared workflow workflow_select = '%s</option>' % self.wf response = client_another_me.get(reverse('oozie:edit_coordinator', args=[coord.id])) assert_true(workflow_select in response.content, response.content) self.wf.is_shared = False self.wf.save() response = client_another_me.get(reverse('oozie:edit_coordinator', args=[coord.id])) assert_false(workflow_select in response.content, response.content) self.wf.is_shared = True self.wf.save() # Edit finish = SHARE_JOBS.set_for_testing(True) try: response = client_another_me.post(reverse('oozie:edit_coordinator', args=[coord.id])) assert_true(workflow_select in response.content, response.content) assert_true('value="Save"' in response.content, response.content) finally: finish() finish = SHARE_JOBS.set_for_testing(False) try: response = client_another_me.post(reverse('oozie:edit_coordinator', args=[coord.id])) assert_true('This field is required' in response.content, response.content) assert_false(workflow_select in response.content, response.content) assert_true('value="Save"' in response.content, response.content) finally: finish()
def test_edit_workflow(self): response = self.c.get(reverse('oozie:edit_workflow', args=[self.wf.id])) assert_true('Editor' in response.content, response.content) assert_true('Workflow wf-name-1' in response.content, response.content) # Edit finish = SHARE_JOBS.set_for_testing(True) try: response = self.c.post(reverse('oozie:edit_workflow', args=[self.wf.id]), {}) assert_true('jHueNotify.error' in response.content, response.content) finally: finish() # Build POST dict from the forms and test this raise SkipTest finish = SHARE_JOBS.set_for_testing(True) try: response = self.c.post(reverse('oozie:edit_workflow', args=[self.wf.id]), WORKFLOW_DICT) assert_false('jHueNotify.error' in response.content, response.content) finally: finish()
def list_trashed_workflows(request): data = Workflow.objects.trashed().filter(managed=True) if not SHARE_JOBS.get() and not request.user.is_superuser: data = data.filter(owner=request.user) else: data = data.filter(Q(is_shared=True) | Q(owner=request.user)) data = data.order_by('-last_modified') return render('editor/list_trashed_workflows.mako', request, { 'jobs': list(data), 'json_jobs': json.dumps(list(data.values_list('id', flat=True))), })
def list_bundles(request): data = Bundle.objects.available() if not SHARE_JOBS.get() and not request.user.is_superuser: data = data.filter(owner=request.user) else: data = data.filter(Q(is_shared=True) | Q(owner=request.user)) data = data.order_by('-last_modified') return render('editor/list_bundles.mako', request, { 'jobs': list(data), 'json_jobs': json.dumps(list(data.values_list('id', flat=True))), })
def test_workflow_action_permissions(self): # Login as someone else client_not_me = make_logged_in_client(username='******', is_superuser=False, groupname='test') grant_access("not_me", "test", "oozie") action1 = Node.objects.get(name='action-name-1') # Edit finish = SHARE_JOBS.set_for_testing(True) try: response = client_not_me.get(reverse('oozie:edit_action', args=[action1.id])) assert_true('Permission denied' in response.content, response.content) finally: finish() # Edit finish = SHARE_JOBS.set_for_testing(True) try: response = client_not_me.post(reverse('oozie:edit_action', args=[action1.id])) assert_true('Permission denied' in response.content, response.content) finally: finish() # Delete finish = SHARE_JOBS.set_for_testing(True) try: response = client_not_me.post(reverse('oozie:delete_action', args=[action1.id])) assert_true('Permission denied' in response.content, response.content) finally: finish() action1.workflow.is_shared = True action1.workflow.save() # Edit finish = SHARE_JOBS.set_for_testing(True) try: response = client_not_me.get(reverse('oozie:edit_action', args=[action1.id])) assert_false('Permission denied' in response.content, response.content) finally: finish() # Edit finish = SHARE_JOBS.set_for_testing(True) try: response = client_not_me.post(reverse('oozie:edit_action', args=[action1.id])) assert_true('Not allowed' in response.content, response.content) finally: finish() # Delete finish = SHARE_JOBS.set_for_testing(True) try: response = client_not_me.post(reverse('oozie:delete_action', args=[action1.id])) assert_true('Not allowed' in response.content, response.content) finally: finish()
def list_bundles(request): data = Bundle.objects if not SHARE_JOBS.get() and not request.user.is_superuser: data = data.filter(owner=request.user) else: data = data.filter(Q(is_shared=True) | Q(owner=request.user)) data = data.order_by('-last_modified') return render( 'editor/list_bundles.mako', request, { 'jobs': list(data), 'json_jobs': json.dumps(list(data.values_list('id', flat=True))), })
def list_coordinators(request, workflow_id=None): data = Coordinator.objects if workflow_id is not None: data = data.filter(workflow__id=workflow_id) if not SHARE_JOBS.get() and not request.user.is_superuser: data = data.filter(owner=request.user) else: data = data.filter(Q(is_shared=True) | Q(owner=request.user)) data = data.order_by('-last_modified') return render('editor/list_coordinators.mako', request, { 'jobs': list(data), 'json_jobs': json.dumps(list(data.values_list('id', flat=True))), })
def list_workflows(request): show_setup_app = True data = Workflow.objects if not SHARE_JOBS.get() and not request.user.is_superuser: data = data.filter(owner=request.user) else: data = data.filter(Q(is_shared=True) | Q(owner=request.user)) data = data.order_by('-last_modified') return render('editor/list_workflows.mako', request, { 'jobs': list(data), 'currentuser': request.user, 'show_setup_app': show_setup_app, })
def list_workflows(request): show_setup_app = True data = Workflow.objects if not SHARE_JOBS.get() and not request.user.is_superuser: data = data.filter(owner=request.user) else: data = data.filter(Q(is_shared=True) | Q(owner=request.user)) data = data.order_by("-last_modified") return render( "editor/list_workflows.mako", request, {"jobs": list(data), "currentuser": request.user, "show_setup_app": show_setup_app}, )
def list_coordinators(request, workflow_id=None): data = Coordinator.objects if workflow_id is not None: data = data.filter(workflow__id=workflow_id) if not SHARE_JOBS.get() and not request.user.is_superuser: data = data.filter(owner=request.user) else: data = data.filter(Q(is_shared=True) | Q(owner=request.user)) data = data.order_by('-last_modified') return render( 'editor/list_coordinators.mako', request, { 'jobs': list(data), 'json_jobs': json.dumps(list(data.values_list('id', flat=True))), })
def list_workflows(request): show_setup_app = True data = Workflow.objects.filter(managed=True) if not SHARE_JOBS.get() and not request.user.is_superuser: data = data.filter(owner=request.user) else: data = data.filter(Q(is_shared=True) | Q(owner=request.user)) data = data.order_by('-last_modified') return render( 'editor/list_workflows.mako', request, { 'jobs': list(data), 'json_jobs': json.dumps(list(data.values_list('id', flat=True))), 'show_setup_app': show_setup_app, })
def list_workflows(request): show_setup_app = True data = Workflow.objects if not SHARE_JOBS.get() and not request.user.is_superuser: data = data.filter(owner=request.user) else: data = data.filter(Q(is_shared=True) | Q(owner=request.user)) data = data.order_by('-last_modified') return render( 'editor/list_workflows.mako', request, { 'jobs': list(data), 'currentuser': request.user, 'show_setup_app': show_setup_app, })
def test_coordinator_permissions(self): coord = create_coordinator(self.wf) response = self.c.get(reverse('oozie:edit_coordinator', args=[coord.id])) assert_true('Editor' in response.content, response.content) assert_true('value="Save"' in response.content, response.content) # Login as someone else client_not_me = make_logged_in_client(username='******', is_superuser=False, groupname='test') grant_access("not_me", "test", "oozie") # List finish = SHARE_JOBS.set_for_testing(True) try: response = client_not_me.get(reverse('oozie:list_coordinators')) assert_false('MyCoord' in response.content, response.content) finally: finish() finish = SHARE_JOBS.set_for_testing(False) try: response = client_not_me.get(reverse('oozie:list_coordinators')) assert_false('MyCoord' in response.content, response.content) finally: finish() # View finish = SHARE_JOBS.set_for_testing(True) try: response = client_not_me.get(reverse('oozie:edit_coordinator', args=[coord.id])) assert_true('Permission denied' in response.content, response.content) finally: finish() finish = SHARE_JOBS.set_for_testing(False) try: response = client_not_me.get(reverse('oozie:edit_coordinator', args=[coord.id])) assert_false('MyCoord' in response.content, response.content) finally: finish() # Share it ! coord.is_shared = True coord.save() coord.workflow.is_shared = True coord.workflow.save() # List finish = SHARE_JOBS.set_for_testing(True) try: response = client_not_me.get(reverse('oozie:list_coordinators')) assert_equal(200, response.status_code) assert_true('MyCoord' in response.content, response.content) finally: finish() # View finish = SHARE_JOBS.set_for_testing(True) try: response = client_not_me.get(reverse('oozie:edit_coordinator', args=[coord.id])) assert_false('Permission denied' in response.content, response.content) assert_false('value="Save"' in response.content, response.content) finally: finish() finish = SHARE_JOBS.set_for_testing(False) try: response = client_not_me.get(reverse('oozie:edit_coordinator', args=[coord.id])) assert_true('Permission denied' in response.content, response.content) finally: finish() # Edit finish = SHARE_JOBS.set_for_testing(True) try: response = client_not_me.post(reverse('oozie:edit_coordinator', args=[coord.id])) assert_false('MyCoord' in response.content, response.content) assert_true('Not allowed' in response.content, response.content) finally: finish() # Submit # finish = SHARE_JOBS.set_for_testing(False) # finish_deployement = REMOTE_DEPLOYMENT_DIR.set_for_testing('/tmp') # try: # response = client_not_me.post(reverse('oozie:submit_coordinator', args=[coord.id])) # assert_true('Permission denied' in response.content, response.content) # finally: # finish() # finish_deployement() # finish = SHARE_JOBS.set_for_testing(True) # finish_deployement = REMOTE_DEPLOYMENT_DIR.set_for_testing('/tmp') # try: # response = client_not_me.post(reverse('oozie:submit_coordinator', args=[coord.id])) # assert_false('Permission denied' in response.content, response.content) # finally: # finish() # finish_deployement() # # # Resubmit # # Monkey patch Lib Oozie with Mock API # finish = SHARE_JOBS.set_for_testing(False) # finish_deployement = REMOTE_DEPLOYMENT_DIR.set_for_testing('/tmp') # try: # oozie_job_id = History.objects.get(job=coord).oozie_job_id # response = client_not_me.post(reverse('oozie:resubmit_coordinator', args=[oozie_job_id])) # assert_true('Permission denied' in response.content, response.content) # finally: # finish() # finish_deployement() # finish = SHARE_JOBS.set_for_testing(True) # finish_deployement = REMOTE_DEPLOYMENT_DIR.set_for_testing('/tmp') # try: # oozie_job_id = History.objects.get(job=coord).oozie_job_id # response = client_not_me.post(reverse('oozie:resubmit_coordinator', args=[oozie_job_id])) # assert_false('Permission denied' in response.content, response.content) # finally: # finish() # finish_deployement() # Delete finish = SHARE_JOBS.set_for_testing(False) try: response = client_not_me.post(reverse('oozie:delete_coordinator', args=[coord.id])) assert_true('Permission denied' in response.content, response.content) finally: finish() response = self.c.post(reverse('oozie:delete_coordinator', args=[coord.id]), follow=True) assert_equal(200, response.status_code)
def test_workflow_permissions(self): # Monkey patch Lib Oozie with Mock API oozie_api.OozieApi = MockOozieApi oozie_api._api_cache = None response = self.c.get(reverse('oozie:edit_workflow', args=[self.wf.id])) assert_true('Editor' in response.content, response.content) assert_true('Workflow wf-name-1' in response.content, response.content) assert_false(self.wf.is_shared) # Login as someone else client_not_me = make_logged_in_client(username='******', is_superuser=False, groupname='test') grant_access("not_me", "test", "oozie") # List finish = SHARE_JOBS.set_for_testing(True) try: response = client_not_me.get(reverse('oozie:list_workflows')) assert_false('wf-name-1' in response.content, response.content) finally: finish() finish = SHARE_JOBS.set_for_testing(False) try: response = client_not_me.get(reverse('oozie:list_workflows')) assert_false('wf-name-1' in response.content, response.content) finally: finish() # View finish = SHARE_JOBS.set_for_testing(True) try: response = client_not_me.get(reverse('oozie:edit_workflow', args=[self.wf.id])) assert_true('Permission denied' in response.content, response.content) finally: finish() finish = SHARE_JOBS.set_for_testing(False) try: response = client_not_me.get(reverse('oozie:edit_workflow', args=[self.wf.id])) assert_true('Permission denied' in response.content, response.content) finally: finish() # Share it ! self.wf.is_shared = True self.wf.save() # List finish = SHARE_JOBS.set_for_testing(True) try: response = client_not_me.get(reverse('oozie:list_workflows')) assert_equal(200, response.status_code) assert_true('wf-name-1' in response.content, response.content) finally: finish() # View finish = SHARE_JOBS.set_for_testing(True) try: response = client_not_me.get(reverse('oozie:edit_workflow', args=[self.wf.id])) assert_false('Permission denied' in response.content, response.content) assert_false('Save' in response.content, response.content) finally: finish() finish = SHARE_JOBS.set_for_testing(False) try: response = client_not_me.get(reverse('oozie:edit_workflow', args=[self.wf.id])) assert_true('Permission denied' in response.content, response.content) finally: finish() # Edit finish = SHARE_JOBS.set_for_testing(True) try: response = client_not_me.post(reverse('oozie:edit_workflow', args=[self.wf.id])) assert_true('Not allowed' in response.content, response.content) finally: finish() # Submit # finish = SHARE_JOBS.set_for_testing(False) # finish_deployement = REMOTE_DEPLOYMENT_DIR.set_for_testing('/tmp') # try: # response = client_not_me.post(reverse('oozie:submit_workflow', args=[self.wf.id])) # assert_true('Permission denied' in response.content, response.content) # finally: # finish() # finish_deployement() # finish = SHARE_JOBS.set_for_testing(True) # finish_deployement = REMOTE_DEPLOYMENT_DIR.set_for_testing('/tmp') # try: # response = client_not_me.post(reverse('oozie:submit_workflow', args=[self.wf.id])) # assert_false('Permission denied' in response.content, response.content) # finally: # finish() # finish_deployement() # # # Resubmit # finish = SHARE_JOBS.set_for_testing(False) # finish_deployement = REMOTE_DEPLOYMENT_DIR.set_for_testing('/tmp') # try: # job_id = History.objects.get(job=self.wf).oozie_job_id # response = client_not_me.post(reverse('oozie:resubmit_workflow', args=[job_id])) # assert_true('Permission denied' in response.content, response.content) # finally: # finish() # finish_deployement() # finish = SHARE_JOBS.set_for_testing(True) # finish_deployement = REMOTE_DEPLOYMENT_DIR.set_for_testing('/tmp') # try: # job_id = History.objects.get(job=self.wf).oozie_job_id # response = client_not_me.post(reverse('oozie:resubmit_workflow', args=[job_id])) # assert_false('Permission denied' in response.content, response.content) # finally: # finish() # finish_deployement() # Delete finish = SHARE_JOBS.set_for_testing(False) try: response = client_not_me.post(reverse('oozie:delete_workflow', args=[self.wf.id])) assert_true('Permission denied' in response.content, response.content) finally: finish() response = self.c.post(reverse('oozie:delete_workflow', args=[self.wf.id]), follow=True) assert_equal(200, response.status_code)