def test_coordinator_workflow_access_permissions(self):
oozie_api.OozieApi = MockOozieCoordinatorApi
oozie_api._api_cache = None
self.wf.is_shared = True
self.wf.save()
# Login as someone else not superuser
client_another_me = make_logged_in_client(username='******', is_superuser=False, groupname='test')
grant_access("another_me", "test", "oozie")
coord = create_coordinator(self.wf, client_another_me)
response = client_another_me.get(reverse('oozie:edit_coordinator', args=[coord.id]))
assert_true('Editor' in response.content, response.content)
assert_true('value="Save"' in response.content, response.content)
# Check can schedule a non personal/shared workflow
workflow_select = '%s</option>' % self.wf
response = client_another_me.get(reverse('oozie:edit_coordinator', args=[coord.id]))
assert_true(workflow_select in response.content, response.content)
self.wf.is_shared = False
self.wf.save()
response = client_another_me.get(reverse('oozie:edit_coordinator', args=[coord.id]))
assert_false(workflow_select in response.content, response.content)
self.wf.is_shared = True
self.wf.save()
# Edit
finish = SHARE_JOBS.set_for_testing(True)
try:
response = client_another_me.post(reverse('oozie:edit_coordinator', args=[coord.id]))
assert_true(workflow_select in response.content, response.content)
assert_true('value="Save"' in response.content, response.content)
finally:
finish()
finish = SHARE_JOBS.set_for_testing(False)
try:
response = client_another_me.post(reverse('oozie:edit_coordinator', args=[coord.id]))
assert_true('This field is required' in response.content, response.content)
assert_false(workflow_select in response.content, response.content)
assert_true('value="Save"' in response.content, response.content)
finally:
finish()
def test_edit_workflow(self):
response = self.c.get(reverse('oozie:edit_workflow', args=[self.wf.id]))
assert_true('Editor' in response.content, response.content)
assert_true('Workflow wf-name-1' in response.content, response.content)
# Edit
finish = SHARE_JOBS.set_for_testing(True)
try:
response = self.c.post(reverse('oozie:edit_workflow', args=[self.wf.id]), {})
assert_true('jHueNotify.error' in response.content, response.content)
finally:
finish()
# Build POST dict from the forms and test this
raise SkipTest
finish = SHARE_JOBS.set_for_testing(True)
try:
response = self.c.post(reverse('oozie:edit_workflow', args=[self.wf.id]), WORKFLOW_DICT)
assert_false('jHueNotify.error' in response.content, response.content)
finally:
finish()
def list_trashed_workflows(request):
data = Workflow.objects.trashed().filter(managed=True)
if not SHARE_JOBS.get() and not request.user.is_superuser:
data = data.filter(owner=request.user)
else:
data = data.filter(Q(is_shared=True) | Q(owner=request.user))
data = data.order_by('-last_modified')
return render('editor/list_trashed_workflows.mako', request, {
'jobs': list(data),
'json_jobs': json.dumps(list(data.values_list('id', flat=True))),
})
def list_bundles(request):
data = Bundle.objects.available()
if not SHARE_JOBS.get() and not request.user.is_superuser:
data = data.filter(owner=request.user)
else:
data = data.filter(Q(is_shared=True) | Q(owner=request.user))
data = data.order_by('-last_modified')
return render('editor/list_bundles.mako', request, {
'jobs': list(data),
'json_jobs': json.dumps(list(data.values_list('id', flat=True))),
})
def test_workflow_action_permissions(self):
# Login as someone else
client_not_me = make_logged_in_client(username='******', is_superuser=False, groupname='test')
grant_access("not_me", "test", "oozie")
action1 = Node.objects.get(name='action-name-1')
# Edit
finish = SHARE_JOBS.set_for_testing(True)
try:
response = client_not_me.get(reverse('oozie:edit_action', args=[action1.id]))
assert_true('Permission denied' in response.content, response.content)
finally:
finish()
# Edit
finish = SHARE_JOBS.set_for_testing(True)
try:
response = client_not_me.post(reverse('oozie:edit_action', args=[action1.id]))
assert_true('Permission denied' in response.content, response.content)
finally:
finish()
# Delete
finish = SHARE_JOBS.set_for_testing(True)
try:
response = client_not_me.post(reverse('oozie:delete_action', args=[action1.id]))
assert_true('Permission denied' in response.content, response.content)
finally:
finish()
action1.workflow.is_shared = True
action1.workflow.save()
# Edit
finish = SHARE_JOBS.set_for_testing(True)
try:
response = client_not_me.get(reverse('oozie:edit_action', args=[action1.id]))
assert_false('Permission denied' in response.content, response.content)
finally:
finish()
# Edit
finish = SHARE_JOBS.set_for_testing(True)
try:
response = client_not_me.post(reverse('oozie:edit_action', args=[action1.id]))
assert_true('Not allowed' in response.content, response.content)
finally:
finish()
# Delete
finish = SHARE_JOBS.set_for_testing(True)
try:
response = client_not_me.post(reverse('oozie:delete_action', args=[action1.id]))
assert_true('Not allowed' in response.content, response.content)
finally:
finish()
def list_bundles(request):
data = Bundle.objects
if not SHARE_JOBS.get() and not request.user.is_superuser:
data = data.filter(owner=request.user)
else:
data = data.filter(Q(is_shared=True) | Q(owner=request.user))
data = data.order_by('-last_modified')
return render(
'editor/list_bundles.mako', request, {
'jobs': list(data),
'json_jobs': json.dumps(list(data.values_list('id', flat=True))),
})
def list_coordinators(request, workflow_id=None):
data = Coordinator.objects
if workflow_id is not None:
data = data.filter(workflow__id=workflow_id)
if not SHARE_JOBS.get() and not request.user.is_superuser:
data = data.filter(owner=request.user)
else:
data = data.filter(Q(is_shared=True) | Q(owner=request.user))
data = data.order_by('-last_modified')
return render('editor/list_coordinators.mako', request, {
'jobs': list(data),
'json_jobs': json.dumps(list(data.values_list('id', flat=True))),
})
def list_workflows(request):
show_setup_app = True
data = Workflow.objects
if not SHARE_JOBS.get() and not request.user.is_superuser:
data = data.filter(owner=request.user)
else:
data = data.filter(Q(is_shared=True) | Q(owner=request.user))
data = data.order_by('-last_modified')
return render('editor/list_workflows.mako', request, {
'jobs': list(data),
'currentuser': request.user,
'show_setup_app': show_setup_app,
})
def list_workflows(request):
show_setup_app = True
data = Workflow.objects
if not SHARE_JOBS.get() and not request.user.is_superuser:
data = data.filter(owner=request.user)
else:
data = data.filter(Q(is_shared=True) | Q(owner=request.user))
data = data.order_by("-last_modified")
return render(
"editor/list_workflows.mako",
request,
{"jobs": list(data), "currentuser": request.user, "show_setup_app": show_setup_app},
)
def list_coordinators(request, workflow_id=None):
data = Coordinator.objects
if workflow_id is not None:
data = data.filter(workflow__id=workflow_id)
if not SHARE_JOBS.get() and not request.user.is_superuser:
data = data.filter(owner=request.user)
else:
data = data.filter(Q(is_shared=True) | Q(owner=request.user))
data = data.order_by('-last_modified')
return render(
'editor/list_coordinators.mako', request, {
'jobs': list(data),
'json_jobs': json.dumps(list(data.values_list('id', flat=True))),
})
def list_workflows(request):
show_setup_app = True
data = Workflow.objects.filter(managed=True)
if not SHARE_JOBS.get() and not request.user.is_superuser:
data = data.filter(owner=request.user)
else:
data = data.filter(Q(is_shared=True) | Q(owner=request.user))
data = data.order_by('-last_modified')
return render(
'editor/list_workflows.mako', request, {
'jobs': list(data),
'json_jobs': json.dumps(list(data.values_list('id', flat=True))),
'show_setup_app': show_setup_app,
})
def list_workflows(request):
show_setup_app = True
data = Workflow.objects
if not SHARE_JOBS.get() and not request.user.is_superuser:
data = data.filter(owner=request.user)
else:
data = data.filter(Q(is_shared=True) | Q(owner=request.user))
data = data.order_by('-last_modified')
return render(
'editor/list_workflows.mako', request, {
'jobs': list(data),
'currentuser': request.user,
'show_setup_app': show_setup_app,
})
def test_coordinator_permissions(self):
coord = create_coordinator(self.wf)
response = self.c.get(reverse('oozie:edit_coordinator', args=[coord.id]))
assert_true('Editor' in response.content, response.content)
assert_true('value="Save"' in response.content, response.content)
# Login as someone else
client_not_me = make_logged_in_client(username='******', is_superuser=False, groupname='test')
grant_access("not_me", "test", "oozie")
# List
finish = SHARE_JOBS.set_for_testing(True)
try:
response = client_not_me.get(reverse('oozie:list_coordinators'))
assert_false('MyCoord' in response.content, response.content)
finally:
finish()
finish = SHARE_JOBS.set_for_testing(False)
try:
response = client_not_me.get(reverse('oozie:list_coordinators'))
assert_false('MyCoord' in response.content, response.content)
finally:
finish()
# View
finish = SHARE_JOBS.set_for_testing(True)
try:
response = client_not_me.get(reverse('oozie:edit_coordinator', args=[coord.id]))
assert_true('Permission denied' in response.content, response.content)
finally:
finish()
finish = SHARE_JOBS.set_for_testing(False)
try:
response = client_not_me.get(reverse('oozie:edit_coordinator', args=[coord.id]))
assert_false('MyCoord' in response.content, response.content)
finally:
finish()
# Share it !
coord.is_shared = True
coord.save()
coord.workflow.is_shared = True
coord.workflow.save()
# List
finish = SHARE_JOBS.set_for_testing(True)
try:
response = client_not_me.get(reverse('oozie:list_coordinators'))
assert_equal(200, response.status_code)
assert_true('MyCoord' in response.content, response.content)
finally:
finish()
# View
finish = SHARE_JOBS.set_for_testing(True)
try:
response = client_not_me.get(reverse('oozie:edit_coordinator', args=[coord.id]))
assert_false('Permission denied' in response.content, response.content)
assert_false('value="Save"' in response.content, response.content)
finally:
finish()
finish = SHARE_JOBS.set_for_testing(False)
try:
response = client_not_me.get(reverse('oozie:edit_coordinator', args=[coord.id]))
assert_true('Permission denied' in response.content, response.content)
finally:
finish()
# Edit
finish = SHARE_JOBS.set_for_testing(True)
try:
response = client_not_me.post(reverse('oozie:edit_coordinator', args=[coord.id]))
assert_false('MyCoord' in response.content, response.content)
assert_true('Not allowed' in response.content, response.content)
finally:
finish()
# Submit
# finish = SHARE_JOBS.set_for_testing(False)
# finish_deployement = REMOTE_DEPLOYMENT_DIR.set_for_testing('/tmp')
# try:
# response = client_not_me.post(reverse('oozie:submit_coordinator', args=[coord.id]))
# assert_true('Permission denied' in response.content, response.content)
# finally:
# finish()
# finish_deployement()
# finish = SHARE_JOBS.set_for_testing(True)
# finish_deployement = REMOTE_DEPLOYMENT_DIR.set_for_testing('/tmp')
# try:
# response = client_not_me.post(reverse('oozie:submit_coordinator', args=[coord.id]))
# assert_false('Permission denied' in response.content, response.content)
# finally:
# finish()
# finish_deployement()
#
# # Resubmit
# # Monkey patch Lib Oozie with Mock API
# finish = SHARE_JOBS.set_for_testing(False)
# finish_deployement = REMOTE_DEPLOYMENT_DIR.set_for_testing('/tmp')
# try:
# oozie_job_id = History.objects.get(job=coord).oozie_job_id
# response = client_not_me.post(reverse('oozie:resubmit_coordinator', args=[oozie_job_id]))
# assert_true('Permission denied' in response.content, response.content)
# finally:
# finish()
# finish_deployement()
# finish = SHARE_JOBS.set_for_testing(True)
# finish_deployement = REMOTE_DEPLOYMENT_DIR.set_for_testing('/tmp')
# try:
# oozie_job_id = History.objects.get(job=coord).oozie_job_id
# response = client_not_me.post(reverse('oozie:resubmit_coordinator', args=[oozie_job_id]))
# assert_false('Permission denied' in response.content, response.content)
# finally:
# finish()
# finish_deployement()
# Delete
finish = SHARE_JOBS.set_for_testing(False)
try:
response = client_not_me.post(reverse('oozie:delete_coordinator', args=[coord.id]))
assert_true('Permission denied' in response.content, response.content)
finally:
finish()
response = self.c.post(reverse('oozie:delete_coordinator', args=[coord.id]), follow=True)
assert_equal(200, response.status_code)
def test_workflow_permissions(self):
# Monkey patch Lib Oozie with Mock API
oozie_api.OozieApi = MockOozieApi
oozie_api._api_cache = None
response = self.c.get(reverse('oozie:edit_workflow', args=[self.wf.id]))
assert_true('Editor' in response.content, response.content)
assert_true('Workflow wf-name-1' in response.content, response.content)
assert_false(self.wf.is_shared)
# Login as someone else
client_not_me = make_logged_in_client(username='******', is_superuser=False, groupname='test')
grant_access("not_me", "test", "oozie")
# List
finish = SHARE_JOBS.set_for_testing(True)
try:
response = client_not_me.get(reverse('oozie:list_workflows'))
assert_false('wf-name-1' in response.content, response.content)
finally:
finish()
finish = SHARE_JOBS.set_for_testing(False)
try:
response = client_not_me.get(reverse('oozie:list_workflows'))
assert_false('wf-name-1' in response.content, response.content)
finally:
finish()
# View
finish = SHARE_JOBS.set_for_testing(True)
try:
response = client_not_me.get(reverse('oozie:edit_workflow', args=[self.wf.id]))
assert_true('Permission denied' in response.content, response.content)
finally:
finish()
finish = SHARE_JOBS.set_for_testing(False)
try:
response = client_not_me.get(reverse('oozie:edit_workflow', args=[self.wf.id]))
assert_true('Permission denied' in response.content, response.content)
finally:
finish()
# Share it !
self.wf.is_shared = True
self.wf.save()
# List
finish = SHARE_JOBS.set_for_testing(True)
try:
response = client_not_me.get(reverse('oozie:list_workflows'))
assert_equal(200, response.status_code)
assert_true('wf-name-1' in response.content, response.content)
finally:
finish()
# View
finish = SHARE_JOBS.set_for_testing(True)
try:
response = client_not_me.get(reverse('oozie:edit_workflow', args=[self.wf.id]))
assert_false('Permission denied' in response.content, response.content)
assert_false('Save' in response.content, response.content)
finally:
finish()
finish = SHARE_JOBS.set_for_testing(False)
try:
response = client_not_me.get(reverse('oozie:edit_workflow', args=[self.wf.id]))
assert_true('Permission denied' in response.content, response.content)
finally:
finish()
# Edit
finish = SHARE_JOBS.set_for_testing(True)
try:
response = client_not_me.post(reverse('oozie:edit_workflow', args=[self.wf.id]))
assert_true('Not allowed' in response.content, response.content)
finally:
finish()
# Submit
# finish = SHARE_JOBS.set_for_testing(False)
# finish_deployement = REMOTE_DEPLOYMENT_DIR.set_for_testing('/tmp')
# try:
# response = client_not_me.post(reverse('oozie:submit_workflow', args=[self.wf.id]))
# assert_true('Permission denied' in response.content, response.content)
# finally:
# finish()
# finish_deployement()
# finish = SHARE_JOBS.set_for_testing(True)
# finish_deployement = REMOTE_DEPLOYMENT_DIR.set_for_testing('/tmp')
# try:
# response = client_not_me.post(reverse('oozie:submit_workflow', args=[self.wf.id]))
# assert_false('Permission denied' in response.content, response.content)
# finally:
# finish()
# finish_deployement()
#
# # Resubmit
# finish = SHARE_JOBS.set_for_testing(False)
# finish_deployement = REMOTE_DEPLOYMENT_DIR.set_for_testing('/tmp')
# try:
# job_id = History.objects.get(job=self.wf).oozie_job_id
# response = client_not_me.post(reverse('oozie:resubmit_workflow', args=[job_id]))
# assert_true('Permission denied' in response.content, response.content)
# finally:
# finish()
# finish_deployement()
# finish = SHARE_JOBS.set_for_testing(True)
# finish_deployement = REMOTE_DEPLOYMENT_DIR.set_for_testing('/tmp')
# try:
# job_id = History.objects.get(job=self.wf).oozie_job_id
# response = client_not_me.post(reverse('oozie:resubmit_workflow', args=[job_id]))
# assert_false('Permission denied' in response.content, response.content)
# finally:
# finish()
# finish_deployement()
# Delete
finish = SHARE_JOBS.set_for_testing(False)
try:
response = client_not_me.post(reverse('oozie:delete_workflow', args=[self.wf.id]))
assert_true('Permission denied' in response.content, response.content)
finally:
finish()
response = self.c.post(reverse('oozie:delete_workflow', args=[self.wf.id]), follow=True)
assert_equal(200, response.status_code)
