class BasicGroupTest(TestCase):
"""
Tests for group permissions on models
with no inheritance.
"""
def setUp(self):
self.fido = BasicAnimal(name="fido")
self.fido.save()
self.user1 = User.objects.create_user('testme', '*****@*****.**', 'testingpw')
self.user1.save()
self.user2 = User.objects.create_user('testme2', '*****@*****.**', 'testingpw')
self.user2.save()
self.group = Group(name='testgroup')
self.group.save()
def test_basic_group_permissions(self):
self.assertFalse(self.user1.has_perm('pet', self.fido))
self.group.set_perm('pet', self.fido)
self.assertFalse(self.user1.has_perm('pet', self.fido))
self.user1.groups.add(self.group)
self.assertTrue(self.user1.has_perm('pet', self.fido))
self.assertFalse(self.user2.has_perm('pet', self.fido))
self.user2.groups.add(self.group)
self.assertTrue(self.user2.has_perm('pet', self.fido))
self.assertTrue(self.group.has_perm('pet', self.fido))
def test_group_class_permissions(self):
self.assertFalse(self.user1.has_perm('pet', self.fido))
self.assertFalse(self.user2.has_perm('pet', self.fido))
self.group.set_perm('pet', self.fido.__class__)
self.assertFalse(self.user1.has_perm('pet', self.fido))
self.assertFalse(self.user1.has_perm('pet', self.fido.__class__))
self.user1.groups.add(self.group)
self.assertTrue(self.user1.has_perm('pet', self.fido))
self.assertTrue(self.user1.has_perm('pet', self.fido.__class__))
self.assertFalse(self.user2.has_perm('pet', self.fido))
self.assertFalse(self.user2.has_perm('pet', self.fido.__class__))
# test behavior of perm only defined on class
self.assertFalse(self.user1.has_perm('eat', self.fido))
self.assertFalse(self.user1.has_perm('eat', self.fido.__class__))
self.assertFalse(self.user2.has_perm('eat', self.fido))
self.assertFalse(self.user2.has_perm('eat', self.fido.__class__))
self.group.set_perm('eat', self.fido.__class__)
self.assertTrue(self.user1.has_perm('eat', self.fido))
self.assertTrue(self.user1.has_perm('eat', self.fido.__class__))
self.assertFalse(self.user2.has_perm('eat', self.fido))
self.assertFalse(self.user2.has_perm('eat', self.fido.__class__))
class GroupInheritanceTest(TestCase):
def setUp(self):
self.fido = BasicDog(name="fido", breed="Golden Lab")
self.fido.save()
self.user1 = User.objects.create_user('testme1',
'*****@*****.**', 'testingpw')
self.user1.save()
self.user2 = User.objects.create_user('testme2',
'*****@*****.**', 'testingpw')
self.user2.save()
self.group = Group(name='testgroup')
self.group.save()
def test_group_inheritance(self):
self.assertFalse(self.user1.has_perm('pet', self.fido))
self.assertFalse(self.group.has_perm('pet', self.fido))
def test_view_create_data(self):
url = '/vm/add/%s'
group1 = Group(id=81, name='testing_group2')
group1.save()
cluster1 = Cluster(hostname='test2.example.bak', slug='OSL_TEST2')
cluster1.save()
data = self.data
# Login and grant user.
self.assertTrue(self.c.login(username=self.user.username,
password='******'))
self.user.grant('create_vm', self.cluster)
self.cluster.set_quota(self.user.get_profile(), dict(ram=1000,
disk=2000,
virtual_cpus=10))
# POST - user authorized for cluster (create_vm)
self.user.grant('create_vm', self.cluster)
data_ = data.copy()
self.assertFalse(VirtualMachine.objects.filter(hostname='new.vm.hostname').exists())
response = self.c.post(url % '', data_, follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html')
new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname')
self.assertEqual(new_vm, response.context['instance'])
self.assertTrue(self.user.has_perm('admin', new_vm))
self.user.revoke_all(self.cluster)
self.user.revoke_all(new_vm)
VirtualMachine.objects.all().delete()
# POST - user authorized for cluster (admin)
self.user.grant('admin', self.cluster)
response = self.c.post(url % '', data, follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html')
new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname')
self.assertEqual(new_vm, response.context['instance'])
self.assertTrue(self.user.has_perm('admin', new_vm))
VirtualMachine.objects.all().delete()
self.user.revoke_all(self.cluster)
self.user.revoke_all(new_vm)
# POST - User attempting to be other user
self.user.grant('admin', self.cluster)
data_ = data.copy()
data_['owner'] = self.user1.get_profile().id
response = self.c.post(url % '', data_)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/virtual_machine/create.html')
self.assertFalse(VirtualMachine.objects.filter(hostname='new.vm.hostname').exists())
self.user.revoke_all(self.cluster)
# POST - user authorized for cluster (superuser)
self.user.is_superuser = True
self.user.save()
response = self.c.post(url % '', data, follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html')
new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname')
self.assertEqual(new_vm, response.context['instance'])
self.assertTrue(self.user.has_perm('admin', new_vm))
self.user.revoke_all(new_vm)
VirtualMachine.objects.all().delete()
# POST - ganeti error
self.cluster.rapi.CreateInstance.error = client.GanetiApiError('Testing Error')
response = self.c.post(url % '', data)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/virtual_machine/create.html')
self.assertFalse(VirtualMachine.objects.filter(hostname='new.vm.hostname').exists())
self.cluster.rapi.CreateInstance.error = None
# POST - User attempting to be other user (superuser)
data_ = data.copy()
data_['owner'] = self.user1.get_profile().id
response = self.c.post(url % '', data_, follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html')
new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname')
self.assertEqual(new_vm, response.context['instance'])
self.assertTrue(self.user1.has_perm('admin', new_vm))
self.assertEqual([], self.user.get_perms(new_vm))
self.user.revoke_all(new_vm)
self.user1.revoke_all(new_vm)
VirtualMachine.objects.all().delete()
# reset for group owner
self.user.is_superuser = False
self.user.save()
data['owner'] = self.group.organization.id
# POST - user is not member of group
self.user.grant('admin', self.cluster)
self.group.grant('create_vm', self.cluster)
self.assertFalse(self.group in self.user.groups.all())
response = self.c.post(url % '', data)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/virtual_machine/create.html')
self.assertFalse(VirtualMachine.objects.filter(hostname='new.vm.hostname').exists())
self.user.revoke_all(self.cluster)
self.group.revoke_all(self.cluster)
VirtualMachine.objects.all().delete()
# add user to group
self.group.user_set.add(self.user)
# POST - group authorized for cluster (create_vm)
self.group.grant('create_vm', self.cluster)
response = self.c.post(url % '', data, follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html')
new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname')
self.assertEqual(new_vm, response.context['instance'])
self.assertTrue(self.group.has_perm('admin', new_vm))
self.group.revoke_all(self.cluster)
self.group.revoke_all(new_vm)
VirtualMachine.objects.all().delete()
# POST - group authorized for cluster (admin)
self.group.grant('admin', self.cluster)
response = self.c.post(url % '', data, follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html')
new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname')
self.assertEqual(new_vm, response.context['instance'])
self.assertTrue(self.group.has_perm('admin', new_vm))
self.group.revoke_all(self.cluster)
self.group.revoke_all(new_vm)
VirtualMachine.objects.all().delete()
# POST - group authorized for cluster (superuser)
self.user.is_superuser = True
self.user.save()
response = self.c.post(url % '', data, follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html')
new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname')
self.assertEqual(new_vm, response.context['instance'])
self.assertTrue(self.group.has_perm('admin', new_vm))
self.group.revoke_all(new_vm)
VirtualMachine.objects.all().delete()
# POST - not a group member (superuser)
data_ = data.copy()
data_['owner'] = group1.organization.id
response = self.c.post(url % '', data_, follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html')
new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname')
self.assertEqual(new_vm, response.context['instance'])
self.assertTrue(group1.has_perm('admin', new_vm))
self.assertFalse(self.group.has_perm('admin', new_vm))
def test_view_create_data(self):
url = '/vm/add/%s'
group1 = Group(id=81, name='testing_group2')
group1.save()
cluster1 = Cluster(hostname='test2.example.bak', slug='OSL_TEST2')
cluster1.save()
data = self.data
# Login and grant user.
self.assertTrue(
self.c.login(username=self.user.username, password='******'))
self.user.grant('create_vm', self.cluster)
self.cluster.set_quota(self.user.get_profile(),
dict(ram=1000, disk=2000, virtual_cpus=10))
# POST - user authorized for cluster (create_vm)
self.user.grant('create_vm', self.cluster)
data_ = data.copy()
self.assertFalse(
VirtualMachine.objects.filter(hostname='new.vm.hostname').exists())
response = self.c.post(url % '', data_, follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response,
'ganeti/virtual_machine/create_status.html')
new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname')
self.assertEqual(new_vm, response.context['instance'])
self.assertTrue(self.user.has_perm('admin', new_vm))
self.user.revoke_all(self.cluster)
self.user.revoke_all(new_vm)
VirtualMachine.objects.all().delete()
# POST - user authorized for cluster (admin)
self.user.grant('admin', self.cluster)
response = self.c.post(url % '', data, follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response,
'ganeti/virtual_machine/create_status.html')
new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname')
self.assertEqual(new_vm, response.context['instance'])
self.assertTrue(self.user.has_perm('admin', new_vm))
VirtualMachine.objects.all().delete()
self.user.revoke_all(self.cluster)
self.user.revoke_all(new_vm)
# POST - User attempting to be other user
self.user.grant('admin', self.cluster)
data_ = data.copy()
data_['owner'] = self.user1.get_profile().id
response = self.c.post(url % '', data_)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/virtual_machine/create.html')
self.assertFalse(
VirtualMachine.objects.filter(hostname='new.vm.hostname').exists())
self.user.revoke_all(self.cluster)
# POST - user authorized for cluster (superuser)
self.user.is_superuser = True
self.user.save()
response = self.c.post(url % '', data, follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response,
'ganeti/virtual_machine/create_status.html')
new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname')
self.assertEqual(new_vm, response.context['instance'])
self.assertTrue(self.user.has_perm('admin', new_vm))
self.user.revoke_all(new_vm)
VirtualMachine.objects.all().delete()
# POST - ganeti error
self.cluster.rapi.CreateInstance.error = client.GanetiApiError(
'Testing Error')
response = self.c.post(url % '', data)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/virtual_machine/create.html')
self.assertFalse(
VirtualMachine.objects.filter(hostname='new.vm.hostname').exists())
self.cluster.rapi.CreateInstance.error = None
# POST - User attempting to be other user (superuser)
data_ = data.copy()
data_['owner'] = self.user1.get_profile().id
response = self.c.post(url % '', data_, follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response,
'ganeti/virtual_machine/create_status.html')
new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname')
self.assertEqual(new_vm, response.context['instance'])
self.assertTrue(self.user1.has_perm('admin', new_vm))
self.assertEqual([], self.user.get_perms(new_vm))
self.user.revoke_all(new_vm)
self.user1.revoke_all(new_vm)
VirtualMachine.objects.all().delete()
# reset for group owner
self.user.is_superuser = False
self.user.save()
data['owner'] = self.group.organization.id
# POST - user is not member of group
self.user.grant('admin', self.cluster)
self.group.grant('create_vm', self.cluster)
self.assertFalse(self.group in self.user.groups.all())
response = self.c.post(url % '', data)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/virtual_machine/create.html')
self.assertFalse(
VirtualMachine.objects.filter(hostname='new.vm.hostname').exists())
self.user.revoke_all(self.cluster)
self.group.revoke_all(self.cluster)
VirtualMachine.objects.all().delete()
# add user to group
self.group.user_set.add(self.user)
# POST - group authorized for cluster (create_vm)
self.group.grant('create_vm', self.cluster)
response = self.c.post(url % '', data, follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response,
'ganeti/virtual_machine/create_status.html')
new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname')
self.assertEqual(new_vm, response.context['instance'])
self.assertTrue(self.group.has_perm('admin', new_vm))
self.group.revoke_all(self.cluster)
self.group.revoke_all(new_vm)
VirtualMachine.objects.all().delete()
# POST - group authorized for cluster (admin)
self.group.grant('admin', self.cluster)
response = self.c.post(url % '', data, follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response,
'ganeti/virtual_machine/create_status.html')
new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname')
self.assertEqual(new_vm, response.context['instance'])
self.assertTrue(self.group.has_perm('admin', new_vm))
self.group.revoke_all(self.cluster)
self.group.revoke_all(new_vm)
VirtualMachine.objects.all().delete()
# POST - group authorized for cluster (superuser)
self.user.is_superuser = True
self.user.save()
response = self.c.post(url % '', data, follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response,
'ganeti/virtual_machine/create_status.html')
new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname')
self.assertEqual(new_vm, response.context['instance'])
self.assertTrue(self.group.has_perm('admin', new_vm))
self.group.revoke_all(new_vm)
VirtualMachine.objects.all().delete()
# POST - not a group member (superuser)
data_ = data.copy()
data_['owner'] = group1.organization.id
response = self.c.post(url % '', data_, follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response,
'ganeti/virtual_machine/create_status.html')
new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname')
self.assertEqual(new_vm, response.context['instance'])
self.assertTrue(group1.has_perm('admin', new_vm))
self.assertFalse(self.group.has_perm('admin', new_vm))
