def test_user_has_permission(self):
resolver = ExecutionPermissionsResolver()
# Admin user, should always return true
user_db = self.users['admin']
self.assertTrue(resolver.user_has_permission(user_db=user_db,
permission_type=PermissionType.EXECUTION_LIST))
# Observer, should always return true for VIEW permissions
user_db = self.users['observer']
self.assertTrue(resolver.user_has_permission(user_db=user_db,
permission_type=PermissionType.EXECUTION_LIST))
# No roles, should return false for everything
user_db = self.users['no_roles']
self.assertFalse(resolver.user_has_permission(user_db=user_db,
permission_type=PermissionType.EXECUTION_LIST))
# Custom role with no permission grants, should return false for everything
user_db = self.users['1_custom_role_no_permissions']
self.assertFalse(resolver.user_has_permission(user_db=user_db,
permission_type=PermissionType.EXECUTION_LIST))
# Custom role with "execution_list" grant
user_db = self.users['custom_role_execution_list_grant']
self.assertTrue(resolver.user_has_permission(user_db=user_db,
permission_type=PermissionType.EXECUTION_LIST))
def test_user_has_permission(self):
resolver = ExecutionPermissionsResolver()
# Admin user, should always return true
user_db = self.users['admin']
self.assertUserHasPermission(
resolver=resolver,
user_db=user_db,
permission_type=PermissionType.EXECUTION_LIST)
# Observer, should always return true for VIEW permissions
user_db = self.users['observer']
self.assertUserHasPermission(
resolver=resolver,
user_db=user_db,
permission_type=PermissionType.EXECUTION_LIST)
# No roles, should return false for everything
user_db = self.users['no_roles']
self.assertUserDoesntHavePermission(
resolver=resolver,
user_db=user_db,
permission_type=PermissionType.EXECUTION_LIST)
# Custom role with no permission grants, should return false for everything
user_db = self.users['1_custom_role_no_permissions']
self.assertUserDoesntHavePermission(
resolver=resolver,
user_db=user_db,
permission_type=PermissionType.EXECUTION_LIST)
# Custom role with "execution_list" grant
user_db = self.users['custom_role_execution_list_grant']
self.assertUserHasPermission(
resolver=resolver,
user_db=user_db,
permission_type=PermissionType.EXECUTION_LIST)
def test_user_has_resource_db_permission(self):
resolver = ExecutionPermissionsResolver()
all_permission_types = PermissionType.get_valid_permissions_for_resource_type(
ResourceType.EXECUTION)
all_permission_types.remove(PermissionType.EXECUTION_LIST)
# Admin user, should always return true
resource_db = self.resources['exec_1']
user_db = self.users['admin']
self.assertUserHasResourceDbPermissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=all_permission_types)
# Observer, should always return true for VIEW permission
user_db = self.users['observer']
self.assertUserHasResourceDbPermission(
resolver=resolver,
user_db=user_db,
resource_db=self.resources['exec_1'],
permission_type=PermissionType.EXECUTION_VIEW)
self.assertUserDoesntHaveResourceDbPermission(
resolver=resolver,
user_db=user_db,
resource_db=self.resources['exec_1'],
permission_type=PermissionType.EXECUTION_STOP)
self.assertUserDoesntHaveResourceDbPermission(
resolver=resolver,
user_db=user_db,
resource_db=self.resources['exec_1'],
permission_type=PermissionType.EXECUTION_ALL)
# No roles, should return false for everything
user_db = self.users['no_roles']
self.assertUserDoesntHaveResourceDbPermissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=all_permission_types)
# Custom role with no permission grants, should return false for everything
user_db = self.users['1_custom_role_no_permissions']
self.assertUserDoesntHaveResourceDbPermissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=all_permission_types)
# Custom role with an action_view grant on unrelated pack, should return false for
# everything
user_db = self.users['custom_role_unrelated_pack_action_grant']
self.assertUserDoesntHaveResourceDbPermissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=all_permission_types)
# Custom role with unrelated permission grant to parent pack, should return false for
# everything
user_db = self.users[
'custom_role_pack_action_grant_unrelated_permission']
self.assertUserDoesntHaveResourceDbPermissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=all_permission_types)
# Custom role with "action_view" grant on the pack of the action resource belongs to
user_db = self.users['custom_role_pack_action_view_grant']
self.assertUserHasResourceDbPermission(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_type=PermissionType.EXECUTION_VIEW)
self.assertUserDoesntHaveResourceDbPermission(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_type=PermissionType.EXECUTION_RE_RUN)
# Custom role with "action_view" grant on the action the resource belongs to
user_db = self.users['custom_role_action_view_grant']
self.assertUserHasResourceDbPermission(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_type=PermissionType.EXECUTION_VIEW)
self.assertUserDoesntHaveResourceDbPermission(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_type=PermissionType.EXECUTION_RE_RUN)
# Custom role with "action_execute" grant on the pack of the action resource belongs to
user_db = self.users['custom_role_pack_action_execute_grant']
permission_types = [
PermissionType.EXECUTION_RE_RUN, PermissionType.EXECUTION_STOP
]
self.assertUserHasResourceDbPermissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=permission_types)
permission_types = [
PermissionType.EXECUTION_VIEW, PermissionType.EXECUTION_ALL
]
self.assertUserDoesntHaveResourceDbPermissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=permission_types)
# Custom role with "action_execute" grant on the action resource belongs to
user_db = self.users['custom_role_action_execute_grant']
permission_types = [
PermissionType.EXECUTION_RE_RUN, PermissionType.EXECUTION_STOP
]
self.assertUserHasResourceDbPermissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=permission_types)
permission_types = [
PermissionType.EXECUTION_VIEW, PermissionType.EXECUTION_ALL
]
self.assertUserDoesntHaveResourceDbPermissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=permission_types)
# Custom role - "action_all" grant on the action parent pack the execution belongs to
user_db = self.users['custom_role_pack_action_all_grant']
resource_db = self.resources['exec_1']
self.assertUserHasResourceDbPermissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=all_permission_types)
# Custom role - "action_all" grant on the action the execution belongs to
user_db = self.users['custom_role_action_all_grant']
resource_db = self.resources['exec_1']
self.assertUserHasResourceDbPermissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=all_permission_types)
def test_user_has_resource_permissions(self):
resolver = ExecutionPermissionsResolver()
all_permission_types = PermissionType.get_valid_permissions_for_resource_type(
ResourceType.EXECUTION)
# Admin user, should always return true
resource_db = self.resources['exec_1']
user_db = self.users['admin']
self.assertTrue(self._user_has_resource_permissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=all_permission_types))
# Observer, should always return true for VIEW permission
user_db = self.users['observer']
self.assertTrue(resolver.user_has_resource_permission(
user_db=user_db,
resource_db=self.resources['exec_1'],
permission_type=PermissionType.EXECUTION_VIEW))
self.assertFalse(resolver.user_has_resource_permission(
user_db=user_db,
resource_db=self.resources['exec_1'],
permission_type=PermissionType.EXECUTION_STOP))
self.assertFalse(resolver.user_has_resource_permission(
user_db=user_db,
resource_db=self.resources['exec_1'],
permission_type=PermissionType.EXECUTION_ALL))
# No roles, should return false for everything
user_db = self.users['no_roles']
self.assertFalse(self._user_has_resource_permissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=all_permission_types))
# Custom role with no permission grants, should return false for everything
user_db = self.users['1_custom_role_no_permissions']
self.assertFalse(self._user_has_resource_permissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=all_permission_types))
# Custom role with an action_view grant on unrelated pack, should return false for
# everything
user_db = self.users['custom_role_unrelated_pack_action_grant']
self.assertFalse(self._user_has_resource_permissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=all_permission_types))
# Custom role with unrelated permission grant to parent pack, should return false for
# everything
user_db = self.users['custom_role_pack_action_grant_unrelated_permission']
self.assertFalse(self._user_has_resource_permissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=all_permission_types))
# Custom role with "action_view" grant on the pack of the action resource belongs to
user_db = self.users['custom_role_pack_action_view_grant']
self.assertTrue(resolver.user_has_resource_permission(
user_db=user_db,
resource_db=resource_db,
permission_type=PermissionType.EXECUTION_VIEW
))
self.assertFalse(resolver.user_has_resource_permission(
user_db=user_db,
resource_db=resource_db,
permission_type=PermissionType.EXECUTION_RE_RUN
))
# Custom role with "action_view" grant on the action the resource belongs to
user_db = self.users['custom_role_action_view_grant']
self.assertTrue(resolver.user_has_resource_permission(
user_db=user_db,
resource_db=resource_db,
permission_type=PermissionType.EXECUTION_VIEW
))
self.assertFalse(resolver.user_has_resource_permission(
user_db=user_db,
resource_db=resource_db,
permission_type=PermissionType.EXECUTION_RE_RUN
))
# Custom role with "action_execute" grant on the pack of the action resource belongs to
user_db = self.users['custom_role_pack_action_execute_grant']
permission_types = [PermissionType.EXECUTION_RE_RUN, PermissionType.EXECUTION_STOP]
self.assertTrue(self._user_has_resource_permissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=permission_types))
permission_types = [PermissionType.EXECUTION_VIEW, PermissionType.EXECUTION_ALL]
self.assertFalse(self._user_has_resource_permissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=permission_types))
# Custom role with "action_execute" grant on the action resource belongs to
user_db = self.users['custom_role_action_execute_grant']
permission_types = [PermissionType.EXECUTION_RE_RUN, PermissionType.EXECUTION_STOP]
self.assertTrue(self._user_has_resource_permissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=permission_types))
permission_types = [PermissionType.EXECUTION_VIEW, PermissionType.EXECUTION_ALL]
self.assertFalse(self._user_has_resource_permissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=permission_types))
# Custom role - "action_all" grant on the action parent pack the execution belongs to
user_db = self.users['custom_role_pack_action_all_grant']
resource_db = self.resources['exec_1']
self.assertTrue(self._user_has_resource_permissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=all_permission_types))
# Custom role - "action_all" grant on the action the execution belongs to
user_db = self.users['custom_role_action_all_grant']
resource_db = self.resources['exec_1']
self.assertTrue(self._user_has_resource_permissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=all_permission_types))
