def _ValidateOauthUser():
"""Validates the oauth user and raises an exception if not authorized.
Returns:
A tuple (user_email, is_admin).
user_email (str): The email address of the oauth user.
is_admin (bool): True if the oauth user is an Admin.
Raises:
endpoints.UnauthorizedException if the user has no permission.
"""
try:
return acl.ValidateOauthUserForNewAnalysis()
except exceptions.UnauthorizedException as e:
raise endpoints.UnauthorizedException('Unauthorized: %s' % e.message)
def testValidateOauthUserForAuthorizedUser(self, *_):
user_email, is_admin = acl.ValidateOauthUserForNewAnalysis()
self.assertEqual('email', user_email)
self.assertTrue(is_admin)
def testValidateOauthUserForUnauthorizedServiceAccount(self, *_):
with self.assertRaises(exceptions.UnauthorizedException):
acl.ValidateOauthUserForNewAnalysis()
def testValidateOauthUserForUnauthorizedClientId(self, *_):
with self.assertRaises(exceptions.UnauthorizedException):
acl.ValidateOauthUserForNewAnalysis()
def testValidateOauthUserForAuthorizedServiceAccount(self, *_):
user_email, is_admin = acl.ValidateOauthUserForNewAnalysis()
self.assertEqual('*****@*****.**', user_email)
self.assertFalse(is_admin)