def remove_user_from_role(role_id, login): """ Remove a user from a role. This has the side-effect of revoking all the permissions granted to the role from the user, unless the permissions are also granted by another role. :param role_id: role identifier :type role_id: str :param login: name of user :type login: str :raise MissingResource: if the given role or user does not exist """ role = Role.get_collection().find_one({'id': role_id}) if role is None: raise MissingResource(role_id) user = model.User.objects.get_or_404(login=login) if role_id == SUPER_USER_ROLE and user_controller.is_last_super_user(login): raise PulpDataException( _('%(role)s cannot be empty, and %(login)s is the last member') % {'role': SUPER_USER_ROLE, 'login': login}) if role_id not in user.roles: return user.roles.remove(role_id) user.save() for item in role['permissions']: other_roles = factory.role_query_manager().get_other_roles(role, user.roles) user_ops = _operations_not_granted_by_roles(item['resource'], item['permission'], other_roles) factory.permission_manager().revoke(item['resource'], login, user_ops)
def test_user_is_last_su(self, mock_model, mock_find_users_w_role): """ Should return True if there is one super user, the one requested. """ m_user = mock_model.objects.get_or_404.return_value mock_find_users_w_role.return_value = [m_user] self.assertTrue(user_controller.is_last_super_user("test"))
def test_user_not_su(self, mock_model, mock_find_users_w_role): """ Should return False if the user is not a super user. """ m_user = mock_model.objects.get_or_404.return_value m_user.is_superuser.return_value = False self.assertFalse(user_controller.is_last_super_user("test"))
def test_user_is_last_su(self, mock_model, mock_find_users_w_role): """ Should return True if there is one super user, the one requested. """ m_user = mock_model.objects.get_or_404.return_value mock_find_users_w_role.return_value = [m_user] self.assertTrue(user_controller.is_last_super_user('test'))
def test_user_not_su(self, mock_model, mock_find_users_w_role): """ Should return False if the user is not a super user. """ m_user = mock_model.objects.get_or_404.return_value m_user.is_superuser.return_value = False self.assertFalse(user_controller.is_last_super_user('test'))
def remove_user_from_role(role_id, login): """ Remove a user from a role. This has the side-effect of revoking all the permissions granted to the role from the user, unless the permissions are also granted by another role. :param role_id: role identifier :type role_id: str :param login: name of user :type login: str :raise MissingResource: if the given role or user does not exist """ role = Role.get_collection().find_one({'id': role_id}) if role is None: raise MissingResource(role_id) user = model.User.objects.get_or_404(login=login) if role_id == SUPER_USER_ROLE and user_controller.is_last_super_user( login): raise PulpDataException( _('%(role)s cannot be empty, and %(login)s is the last member') % { 'role': SUPER_USER_ROLE, 'login': login }) if role_id not in user.roles: return user.roles.remove(role_id) user.save() for item in role['permissions']: other_roles = factory.role_query_manager().get_other_roles( role, user.roles) user_ops = _operations_not_granted_by_roles( item['resource'], item['permission'], other_roles) factory.permission_manager().revoke(item['resource'], login, user_ops)
def test_multiple_sus(self, mock_model, mock_find_users_w_role): """ Should return False if there are more than one super user. """ mock_find_users_w_role.return_value = ["su1", "su2"] self.assertFalse(user_controller.is_last_super_user("test"))
def test_multiple_sus(self, mock_model, mock_find_users_w_role): """ Should return False if there are more than one super user. """ mock_find_users_w_role.return_value = ['su1', 'su2'] self.assertFalse(user_controller.is_last_super_user('test'))