コード例 #1
0
    def test_get_success(self):
        """正确
        """
        role_name = "my-role"
        role = Role(name=role_name)
        self.db.add(role)

        permission_total = 12
        permission_basename = "my-permission"
        for i in range(permission_total):
            perm = Permission(name=permission_basename + str(i))
            self.db.add(perm)
            role.permissions.append(perm)

        self.db.commit()

        resp = self.api_get(f"/role/{role.uuid}/permission")
        body = get_body_json(resp)
        self.assertEqual(resp.code, 200)
        self.validate_default_success(body)

        spec = self.rs.get_role_id_permission.op_spec["responses"]["200"]["schema"]
        api.validate_object(spec, body)

        self.assertEqual(len(body["data"]), permission_total)
コード例 #2
0
    def test_post_success(self):
        """删除权限成功
        """
        role_name = "my-role"
        role = Role(name=role_name)
        self.db.add(role)

        remove_permission_total = 3
        remove_permission_list = []
        permission_total = 12
        permission_basename = "my-permission"
        for i in range(permission_total):
            perm = Permission(name=permission_basename + str(i))
            self.db.add(perm)
            role.permissions.append(perm)
            self.db.commit()
            if i < remove_permission_total:
                remove_permission_list.append(perm.name)

        resp = self.api_post("/role/permission/remove", body={
            "role": role.name,
            "permissions": remove_permission_list,
        })
        body = get_body_json(resp)
        self.assertEqual(resp.code, 200)
        self.validate_default_success(body)

        role = self.db.query(Role).filter_by(name=role_name).one()
        self.assertEqual(
            len(role.permissions),
            permission_total - remove_permission_total
        )
コード例 #3
0
ファイル: test_permission.py プロジェクト: ooclab/ga.authz
    def test_delete_success(self):
        """删除成功
        """
        role_name = "my-role"
        role = Role(name=role_name)
        self.db.add(role)

        perm_name = "my-permission"
        perm = Permission(name=perm_name)
        perm.roles.append(role)
        self.db.add(perm)

        self.db.commit()

        resp = self.api_delete(f"/permission/{perm.uuid}")
        body = get_body_json(resp)
        self.assertEqual(resp.code, 200)
        self.validate_default_success(body)

        del perm
        perm = self.db.query(Permission).filter_by(name=perm_name).first()
        self.assertIs(perm, None)

        role = self.db.query(Role).filter_by(name=role_name).one()
        self.assertNotIn(perm_name, [p.name for p in role.permissions])
コード例 #4
0
    def test_delete_success(self):
        """删除成功
        """
        user_id = self.current_user.id

        role_name = "my-role"
        role = Role(name=role_name)
        role.users.append(self.current_user)
        perm = Permission(name="my-permission")
        self.db.add(perm)
        role.permissions.append(perm)
        self.db.add(role)
        self.db.commit()

        role_id = str(role.uuid)
        resp = self.api_delete(f"/role/{role_id}")
        body = get_body_json(resp)
        self.assertEqual(resp.code, 200)
        self.validate_default_success(body)

        del role
        role = self.db.query(Role).filter_by(uuid=role_id).first()
        self.assertIs(role, None)

        user = self.db.query(User).get(user_id)
        self.assertNotIn(role_name, [r.name for r in user.roles])
コード例 #5
0
ファイル: test_permission.py プロジェクト: ooclab/ga.authz
    def test_update_success(self):
        """更新成功
        """
        name = "my-permission"
        summary = "my summary"
        description = "my description"

        perm = Permission(name=name, summary=summary, description=description)
        self.db.add(perm)
        self.db.commit()
        old_updated = perm.updated
        perm_id = str(perm.uuid)
        del perm

        resp = self.api_post(f"/permission/{perm_id}",
                             body={
                                 "summary": summary + ":new",
                                 "description": description + ":new"
                             })
        body = get_body_json(resp)
        self.assertEqual(resp.code, 200)
        self.validate_default_success(body)

        perm = self.db.query(Permission).filter_by(uuid=perm_id).one()
        self.assertEqual(perm.summary, summary + ":new")
        self.assertEqual(perm.description, description + ":new")
        self.assertNotEqual(perm.updated, old_updated)
コード例 #6
0
ファイル: test_permission.py プロジェクト: ooclab/ga.authz
    def test_success(self):
        """返回正确
        """
        role_numbers = 10
        perm_numbers = 20
        role_basename = "myrole"
        permission_basename = "myperm"
        for i in range(role_numbers):
            role = Role(name=role_basename + str(i))
            for j in range(perm_numbers):
                perm = Permission(name=permission_basename + str(i) + str(j))
                self.db.add(perm)
                role.permissions.append(perm)
            self.db.add(role)
            self.current_user.roles.append(role)
        self.db.commit()

        resp = self.api_get("/my/permission")
        body = get_body_json(resp)
        self.assertEqual(resp.code, 200)
        self.validate_default_success(body)

        spec = self.rs.get_my_permission.op_spec["responses"]["200"]["schema"]
        api.validate_object(spec, body)

        self.assertEqual(len(body["data"]), role_numbers)
        for role_data in body["data"]:
            self.assertEqual(len(role_data["permissions"]), perm_numbers)

        role_names = [role_data["name"] for role_data in body["data"]]
        self.assertEqual([role_basename + str(i) for i in range(role_numbers)],
                         sorted(role_names))
コード例 #7
0
        def test_no(self):
            """检查权限不存在
            """
            perm = Permission(name="new-permission")
            self.db.add(perm)
            self.db.commit()

            self.validate_response_200(
                str(self.user.uuid), str(perm.uuid), "no")
コード例 #8
0
        def test_admin_yes(self):
            """检查超级用户权限存在
            """
            perm = Permission(name="new-permission")
            self.db.add(perm)
            role = self.db.query(Role).filter_by(
                name=settings.ADMIN_ROLE_NAME).first()
            self.user.roles.append(role)
            self.db.commit()

            self.validate_response_200(
                str(self.user.uuid), str(perm.uuid), "yes")
コード例 #9
0
ファイル: test_permission.py プロジェクト: ooclab/ga.authz
    def test_name_exist(self):
        """名字已经存在
        """
        name = "my-permission"
        perm = Permission(name=name)
        self.db.add(perm)
        self.db.commit()

        resp = self.api_post("/permission", body={"name": name})
        body = get_body_json(resp)
        self.assertEqual(resp.code, 400)
        validate_default_error(body)
        self.assertEqual(body["status"], "name-exist")
コード例 #10
0
ファイル: role.py プロジェクト: ooclab/ga.authz
    async def post(self):
        """增加指定角色的权限
        """
        body = self.get_body_json()
        role = self.db.query(Role).filter_by(name=body["role"]).first()
        if not role:
            role = Role(name=body["role"])
            self.db.add(role)
            self.db.commit()

        perms = []
        for perm_name in body["permissions"]:
            perm = self.db.query(Permission).filter_by(name=perm_name).first()
            if not perm:
                perm = Permission(name=perm_name)
                self.db.add(perm)
                self.db.commit()
            perms.append(perm)

        if not perms:
            self.fail("no-permissions")
            return

        # sync to etcd
        if settings.SYCN_ETCD:

            # create etcd client
            for endpoint in settings.ETCD_ENDPOINTS.split(";"):
                host, port = endpoint.split(":")
                client = Client(host, int(port))
                break  # FIXME: try when failed

            key = get_permission_role_key(perm.name)
            new_roles = []

            r = client.range(key)
            if r.count == 1:
                new_roles.extend(json.loads(r.kvs[0].value))
            if role.name not in new_roles:
                new_roles.append(role.name)
            client.put(key, json.dumps(new_roles))

        # append permissions
        role.permissions.extend(perms)
        self.db.commit()
        self.success()
コード例 #11
0
    def setUp(self):
        super().setUp()

        user = User(uuid=str(uuid.uuid4()))
        self.db.add(user)

        role = Role(name="test-role")
        self.db.add(role)
        user.roles.append(role)

        perm = Permission(name="test-permission")
        self.db.add(perm)
        role.permissions.append(perm)
        self.db.commit()

        self.user = user
        self.permission = perm
コード例 #12
0
ファイル: permission.py プロジェクト: ooclab/ga.authz
    def post(self):
        """创建权限
        """
        body = self.get_body_json()

        perm = self.db.query(Permission).filter_by(name=body["name"]).first()
        if perm:
            self.fail("name-exist")
            return

        perm = Permission(
            name=body["name"],
            summary=body.get("summary"),
            description=body.get("description"),
        )
        self.db.add(perm)
        self.db.commit()
        self.success(id=str(perm.uuid))
コード例 #13
0
ファイル: test_permission.py プロジェクト: ooclab/ga.authz
    def test_get_success(self):
        """success
        """
        name = "my-permission"
        summary = "my summary"
        perm = Permission(name=name, summary=summary)
        self.db.add(perm)
        self.db.commit()

        resp = self.api_get(f"/permission/id?name={perm.name}")
        body = get_body_json(resp)
        self.assertEqual(resp.code, 200)
        self.validate_default_success(body)

        spec = self.rs.get_permission_id.op_spec["responses"]["200"]["schema"]
        api.validate_object(spec, body)

        self.assertEqual(body["id"], str(perm.uuid))
コード例 #14
0
ファイル: test_permission.py プロジェクト: ooclab/ga.authz
    def test_get_success(self):
        """获取详情正确
        """
        name = "my-permission"
        summary = "my summary"
        perm = Permission(name=name, summary=summary)
        self.db.add(perm)
        self.db.commit()

        resp = self.api_get(f"/permission/{perm.uuid}")
        body = get_body_json(resp)
        self.assertEqual(resp.code, 200)
        self.validate_default_success(body)

        spec = self.rs.get_permission_id.op_spec["responses"]["200"]["schema"]
        api.validate_object(spec, body)

        data = body["data"]
        self.assertEqual(data["summary"], summary)
        self.assertEqual(data["created"], utc_rfc3339_string(perm.created))
        self.assertEqual(data["updated"], utc_rfc3339_string(perm.updated))
コード例 #15
0
ファイル: test_permission.py プロジェクト: ooclab/ga.authz
    def setUp(self):
        super().setUp()
        total = 3
        basename = "fortest"
        for _ in range(total):
            user = User(uuid=str(uuid.uuid4()))
            self.db.add(user)
            self.db.commit()

            for i in range(total):
                role = Role(name=str(user.id) + basename + str(i))
                self.db.add(role)
                user.roles.append(role)
                self.db.commit()

                for j in range(total):
                    perm = Permission(name=str(user.id) + basename + str(i) +
                                      str(j))
                    self.db.add(perm)
                    role.permissions.append(perm)
                self.db.commit()
        self.total = total * total * total