Esempio n. 1
0
    def test_is_role_allowed_parent_hierarchy(self):

        role_id1, role_id2 = 1, 2
        role_name1, role_name2 = 'role_name1', 'role_name2'

        res_name1, res_name2 = 'res_name1', 'res_name2'

        perm_id1 = 11
        perm_name1 = 'perm_name1'

        rbac = RBAC()

        rbac.create_role(role_id1, role_name1, None)
        rbac.create_role(role_id2, role_name2, role_id1)

        rbac.create_resource(res_name1)
        rbac.create_resource(res_name2)

        rbac.create_permission(perm_id1, perm_name1)

        rbac.create_role_permission_allow(role_id2, perm_id1, res_name1)
        rbac.create_role_permission_deny(role_id2, perm_id1, res_name2)

        self.assertTrue(rbac.is_role_allowed(role_id2, perm_id1, res_name1))
        self.assertFalse(rbac.is_role_allowed(role_id2, perm_id1, res_name2))

        # Denied implicitly because there is no explicit 'allow'
        self.assertFalse(rbac.is_role_allowed(role_id1, perm_id1, res_name1))
        self.assertFalse(rbac.is_role_allowed(role_id1, perm_id1, res_name2))
Esempio n. 2
0
    def test_edit_permission_does_not_exist(self):

        id, name = 1, 'name'

        rbac = RBAC()
        rbac.create_permission(id, name)
        self.assertRaises(ValueError, rbac.edit_permission, 1234, 'new_name')
Esempio n. 3
0
    def test_create_role_permission_deny(self):

        role_id1, role_id2 = 1, 2
        role_name1, role_name2 = 'role_name1', 'role_name2'

        res_name1, res_name2 = 'res_name1', 'res_name2'

        perm_id1, perm_id2 = 11, 22
        perm_name1, perm_name2 = 'perm_name1', 'perm_name2'

        rbac = RBAC()

        rbac.create_role(role_id1, role_name1, None)
        rbac.create_role(role_id2, role_name2, None)

        rbac.create_resource(res_name1)
        rbac.create_resource(res_name2)

        rbac.create_permission(perm_id1, perm_name1)
        rbac.create_permission(perm_id2, perm_name2)

        rbac.create_role_permission_deny(role_id1, perm_id1, res_name1)
        rbac.create_role_permission_deny(role_id1, perm_id2, res_name1)

        rbac.create_role_permission_deny(role_id2, perm_id1, res_name2)
        rbac.create_role_permission_deny(role_id2, perm_id2, res_name2)

        self.assertIn((role_id1, perm_id1, res_name1), rbac.registry._denied)
        self.assertIn((role_id1, perm_id2, res_name1), rbac.registry._denied)

        self.assertIn((role_id2, perm_id1, res_name2), rbac.registry._denied)
        self.assertIn((role_id2, perm_id2, res_name2), rbac.registry._denied)
Esempio n. 4
0
    def test_create_role_permission_deny(self):

        role_id1, role_id2 = 1, 2
        role_name1, role_name2 = 'role_name1', 'role_name2'

        res_name1, res_name2 = 'res_name1', 'res_name2'

        perm_id1, perm_id2 = 11, 22
        perm_name1, perm_name2 = 'perm_name1', 'perm_name2'

        rbac = RBAC()

        rbac.create_role(role_id1, role_name1, None)
        rbac.create_role(role_id2, role_name2, None)

        rbac.create_resource(res_name1)
        rbac.create_resource(res_name2)

        rbac.create_permission(perm_id1, perm_name1)
        rbac.create_permission(perm_id2, perm_name2)

        rbac.create_role_permission_deny(role_id1, perm_id1, res_name1)
        rbac.create_role_permission_deny(role_id1, perm_id2, res_name1)

        rbac.create_role_permission_deny(role_id2, perm_id1, res_name2)
        rbac.create_role_permission_deny(role_id2, perm_id2, res_name2)

        self.assertIn((role_id1, perm_id1, res_name1), rbac.registry._denied)
        self.assertIn((role_id1, perm_id2, res_name1), rbac.registry._denied)

        self.assertIn((role_id2, perm_id1, res_name2), rbac.registry._denied)
        self.assertIn((role_id2, perm_id2, res_name2), rbac.registry._denied)
Esempio n. 5
0
    def test_is_role_allowed_parent_hierarchy(self):

        role_id1, role_id2 = 1, 2
        role_name1, role_name2 = 'role_name1', 'role_name2'

        res_name1, res_name2 = 'res_name1', 'res_name2'

        perm_id1 = 11
        perm_name1 = 'perm_name1'

        rbac = RBAC()

        rbac.create_role(role_id1, role_name1, None)
        rbac.create_role(role_id2, role_name2, role_id1)

        rbac.create_resource(res_name1)
        rbac.create_resource(res_name2)

        rbac.create_permission(perm_id1, perm_name1)

        rbac.create_role_permission_allow(role_id2, perm_id1, res_name1)
        rbac.create_role_permission_deny(role_id2, perm_id1, res_name2)

        self.assertTrue(rbac.is_role_allowed(role_id2, perm_id1, res_name1))
        self.assertFalse(rbac.is_role_allowed(role_id2, perm_id1, res_name2))

        # Denied implicitly because there is no explicit 'allow'
        self.assertFalse(rbac.is_role_allowed(role_id1, perm_id1, res_name1))
        self.assertFalse(rbac.is_role_allowed(role_id1, perm_id1, res_name2))
Esempio n. 6
0
    def test_edit_permission_does_not_exist(self):

        id, name = 1, 'name'

        rbac = RBAC()
        rbac.create_permission(id, name)
        self.assertRaises(ValueError, rbac.edit_permission, 1234, 'new_name')
Esempio n. 7
0
    def test_delete_permission_no_client_permission(self):

        id, name = 1, 'name'

        rbac = RBAC()
        rbac.create_permission(id, name)
        rbac.delete_permission(id)

        self.assertTrue(id not in rbac.permissions)
Esempio n. 8
0
    def test_delete_permission_no_client_permission(self):

        id, name = 1, 'name'

        rbac = RBAC()
        rbac.create_permission(id, name)
        rbac.delete_permission(id)

        self.assertTrue(id not in rbac.permissions)
Esempio n. 9
0
    def test_create_permission(self):

        id1, name1 = 1, 'name1'
        id2, name2 = 2, 'name2'

        rbac = RBAC()
        rbac.create_permission(id1, name1)
        rbac.create_permission(id2, name2)

        self.assertEquals(rbac.permissions[id1], name1)
        self.assertEquals(rbac.permissions[id2], name2)
Esempio n. 10
0
    def test_create_permission(self):

        id1, name1 = 1, 'name1'
        id2, name2 = 2, 'name2'

        rbac = RBAC()
        rbac.create_permission(id1, name1)
        rbac.create_permission(id2, name2)

        self.assertEquals(rbac.permissions[id1], name1)
        self.assertEquals(rbac.permissions[id2], name2)
Esempio n. 11
0
    def test_edit_permission_exists(self):

        id1, name1 = 1, 'name1'
        id2, name2 = 2, 'name2'

        new_name1 = 'new_name1'

        rbac = RBAC()
        rbac.create_permission(id1, name1)
        rbac.create_permission(id2, name2)
        rbac.edit_permission(id1, new_name1)

        self.assertEquals(rbac.permissions[id1], new_name1)
        self.assertEquals(rbac.permissions[id2], name2)
Esempio n. 12
0
    def test_edit_permission_exists(self):

        id1, name1 = 1, 'name1'
        id2, name2 = 2, 'name2'

        new_name1 = 'new_name1'

        rbac = RBAC()
        rbac.create_permission(id1, name1)
        rbac.create_permission(id2, name2)
        rbac.edit_permission(id1, new_name1)

        self.assertEquals(rbac.permissions[id1], new_name1)
        self.assertEquals(rbac.permissions[id2], name2)
Esempio n. 13
0
    def test_delete_permission_has_role_permission(self):

        role_id1, role_name1 = 1, 'role_name1'
        role_id2, role_name2 = 2, 'role_name2'

        perm_id1, perm_name1 = 11, 'perm_name1'
        perm_id2, perm_name2 = 22, 'perm_name2'

        res_name1, res_name2 = 'res_name1', 'res_name2'

        rbac = RBAC()

        rbac.create_role(role_id1, role_name1, None)
        rbac.create_role(role_id2, role_name2, None)

        rbac.create_permission(perm_id1, perm_name1)
        rbac.create_permission(perm_id2, perm_name2)

        rbac.create_resource(res_name1)
        rbac.create_resource(res_name2)

        rbac.create_role_permission_allow(role_id1, perm_id1, res_name1)
        rbac.create_role_permission_allow(role_id1, perm_id2, res_name1)

        rbac.create_role_permission_allow(role_id2, perm_id1, res_name2)
        rbac.create_role_permission_allow(role_id2, perm_id2, res_name2)

        self.assertIn((role_id1, perm_id1, res_name1), rbac.registry._allowed)
        self.assertIn((role_id1, perm_id2, res_name1), rbac.registry._allowed)

        self.assertIn((role_id2, perm_id1, res_name2), rbac.registry._allowed)
        self.assertIn((role_id2, perm_id2, res_name2), rbac.registry._allowed)

        rbac.delete_permission(perm_id1)

        self.assertNotIn((role_id1, perm_id1, res_name1),
                         rbac.registry._allowed)
        self.assertIn((role_id1, perm_id2, res_name1), rbac.registry._allowed)

        self.assertNotIn((role_id2, perm_id1, res_name2),
                         rbac.registry._allowed)
        self.assertIn((role_id2, perm_id2, res_name2), rbac.registry._allowed)
Esempio n. 14
0
    def test_delete_permission_has_role_permission(self):

        role_id1, role_name1 = 1, 'role_name1'
        role_id2, role_name2 = 2, 'role_name2'

        perm_id1, perm_name1 = 11, 'perm_name1'
        perm_id2, perm_name2 = 22, 'perm_name2'

        res_name1, res_name2 = 'res_name1', 'res_name2'

        rbac = RBAC()

        rbac.create_role(role_id1, role_name1, None)
        rbac.create_role(role_id2, role_name2, None)

        rbac.create_permission(perm_id1, perm_name1)
        rbac.create_permission(perm_id2, perm_name2)

        rbac.create_resource(res_name1)
        rbac.create_resource(res_name2)

        rbac.create_role_permission_allow(role_id1, perm_id1, res_name1)
        rbac.create_role_permission_allow(role_id1, perm_id2, res_name1)

        rbac.create_role_permission_allow(role_id2, perm_id1, res_name2)
        rbac.create_role_permission_allow(role_id2, perm_id2, res_name2)

        self.assertIn((role_id1, perm_id1, res_name1), rbac.registry._allowed)
        self.assertIn((role_id1, perm_id2, res_name1), rbac.registry._allowed)

        self.assertIn((role_id2, perm_id1, res_name2), rbac.registry._allowed)
        self.assertIn((role_id2, perm_id2, res_name2), rbac.registry._allowed)

        rbac.delete_permission(perm_id1)

        self.assertNotIn((role_id1, perm_id1, res_name1), rbac.registry._allowed)
        self.assertIn((role_id1, perm_id2, res_name1), rbac.registry._allowed)

        self.assertNotIn((role_id2, perm_id1, res_name2), rbac.registry._allowed)
        self.assertIn((role_id2, perm_id2, res_name2), rbac.registry._allowed)