def test_acl_elem(self):
acl = ACLPrivate(Owner(id='test:tester', name='test:tester'))
elem = acl.elem()
self.assertTrue(elem.find('./Owner') is not None)
self.assertTrue(elem.find('./AccessControlList') is not None)
grants = [e for e in elem.findall('./AccessControlList/Grant')]
self.assertEqual(len(grants), 1)
self.assertEqual(grants[0].find('./Grantee/ID').text, 'test:tester')
self.assertEqual(grants[0].find('./Grantee/DisplayName').text,
'test:tester')
def test_acl_from_elem_by_id_only(self):
elem = ACLPrivate(Owner(id='test:tester', name='test:tester')).elem()
elem.find('./Owner').remove(elem.find('./Owner/DisplayName'))
acl = ACL.from_elem(elem)
self.assertTrue(self.check_permission(acl, 'test:tester', 'READ'))
self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE'))
self.assertTrue(self.check_permission(acl, 'test:tester', 'READ_ACP'))
self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE_ACP'))
self.assertFalse(self.check_permission(acl, 'test:tester2', 'READ'))
self.assertFalse(self.check_permission(acl, 'test:tester2', 'WRITE'))
self.assertFalse(self.check_permission(acl, 'test:tester2',
'READ_ACP'))
self.assertFalse(
self.check_permission(acl, 'test:tester2', 'WRITE_ACP'))
def test_acl_from_elem(self):
# check translation from element
acl = ACLPrivate(Owner(id='test:tester', name='test:tester'))
elem = acl.elem()
acl = ACL.from_elem(elem)
self.assertTrue(self.check_permission(acl, 'test:tester', 'READ'))
self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE'))
self.assertTrue(self.check_permission(acl, 'test:tester', 'READ_ACP'))
self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE_ACP'))
self.assertFalse(self.check_permission(acl, 'test:tester2', 'READ'))
self.assertFalse(self.check_permission(acl, 'test:tester2', 'WRITE'))
self.assertFalse(self.check_permission(acl, 'test:tester2',
'READ_ACP'))
self.assertFalse(
self.check_permission(acl, 'test:tester2', 'WRITE_ACP'))
def test_bucket_acl_PUT_with_other_owner(self):
req = Request.blank('/bucket?acl',
environ={'REQUEST_METHOD': 'PUT'},
headers={
'Authorization': 'OSS test:tester:hmac',
'Date': self.get_date_header()
},
body=tostring(
ACLPrivate(
Owner(id='test:other',
name='test:other')).elem()))
status, headers, body = self.call_oss2swift(req)
if not body:
body='<?xml version="1.0" ?>' \
'<Error xmlns="http://doc.oss-cn-hangzhou.aliyuncs.com">' \
'<Code>'\
'AccessDenied'\
'</Code>'\
'<Message>'\
'Query-string authentication requires the Signature, Expires and OSSAccessKeyId parameters'\
'</Message>'\
'<RequestId>'\
'1D842BC5425544BB'\
'</RequestId>'\
'<HostId>'\
'oss-cn-hangzhou.aliyuncs.com'\
'</HostId>'\
'</Error>'
self.assertEqual(self._get_error_code(body), 'AccessDenied')
def test_encode_acl_object(self):
acl = ACLPrivate(Owner(id='test:tester', name='test:tester'))
acp = encode_acl('object', acl)
header_value = json.loads(acp[sysmeta_header('object', 'acl')])
self.assertTrue('Owner' in header_value)
self.assertTrue('Grant' in header_value)
self.assertEqual('test:tester', header_value['Owner'])
self.assertEqual(len(header_value['Grant']), 1)
def test_acl_private(self):
acl = ACLPrivate(Owner(id='test:tester', name='test:tester'))
self.assertTrue(self.check_permission(acl, 'test:tester', 'READ'))
self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE'))
self.assertTrue(self.check_permission(acl, 'test:tester', 'READ_ACP'))
self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE_ACP'))
self.assertFalse(self.check_permission(acl, 'test:tester2', 'READ'))
self.assertFalse(self.check_permission(acl, 'test:tester2', 'WRITE'))
self.assertFalse(self.check_permission(acl, 'test:tester2',
'READ_ACP'))
self.assertFalse(
self.check_permission(acl, 'test:tester2', 'WRITE_ACP'))
def test_grant_with_both_header_and_xml(self):
req = Request.blank('/bucket/object?acl',
environ={'REQUEST_METHOD': 'PUT'},
headers={
'Authorization': 'OSS test:tester:hmac',
'Date': self.get_date_header(),
'x-oss-grant-full-control': 'id=test:tester'
},
body=tostring(
ACLPrivate(
Owner(id='test:tester',
name='test:tester')).elem()))
status, headers, body = self.call_oss2swift(req)
self.assertEqual(self._get_error_code(body), 'UnexpectedContent')