コード例 #1
0
ファイル: namespace.py プロジェクト: xanixon/fluiddb
        def run():
            namespaces = SecureNamespaceAPI(session.auth.user)
            try:
                result = namespaces.get([path],
                                        withDescriptions=returnDescription,
                                        withNamespaces=returnNamespaces,
                                        withTags=returnTags)
            except UnknownPathError as error:
                unknownPath = error.paths.pop()
                raise TNonexistentNamespace(unknownPath.encode('utf-8'))
            except PermissionDeniedError as error:
                session.log.exception(error)
                path_, operation = error.pathsAndOperations[0]
                category, action = getCategoryAndAction(operation)
                raise TPathPermissionDenied(path_, category, action)

            if not result:
                raise TNonexistentNamespace(path.encode('utf-8'))
            else:
                namespace = TNamespace()
                namespace.objectId = str(result[path]['id'])
                namespace.path = path
                if returnDescription:
                    namespace.description = result[path]['description']
                if returnNamespaces:
                    namespace.namespaces = result[path]['namespaceNames']
                if returnTags:
                    namespace.tags = result[path]['tagNames']
                return namespace
コード例 #2
0
ファイル: namespace.py プロジェクト: fluidinfo/fluiddb
        def run():
            namespaces = SecureNamespaceAPI(session.auth.user)
            try:
                result = namespaces.get([path],
                                        withDescriptions=returnDescription,
                                        withNamespaces=returnNamespaces,
                                        withTags=returnTags)
            except UnknownPathError as error:
                unknownPath = error.paths.pop()
                raise TNonexistentNamespace(unknownPath.encode('utf-8'))
            except PermissionDeniedError as error:
                session.log.exception(error)
                path_, operation = error.pathsAndOperations[0]
                category, action = getCategoryAndAction(operation)
                raise TPathPermissionDenied(path_, category, action)

            if not result:
                raise TNonexistentNamespace(path.encode('utf-8'))
            else:
                namespace = TNamespace()
                namespace.objectId = str(result[path]['id'])
                namespace.path = path
                if returnDescription:
                    namespace.description = result[path]['description']
                if returnNamespaces:
                    namespace.namespaces = result[path]['namespaceNames']
                if returnTags:
                    namespace.tags = result[path]['tagNames']
                return namespace
コード例 #3
0
ファイル: test_namespace.py プロジェクト: xanixon/fluiddb
class SecureNamespaceAPIWithSuperuserTest(FluidinfoTestCase):

    resources = [('cache', CacheResource()), ('config', ConfigResource()),
                 ('store', DatabaseResource())]

    def setUp(self):
        super(SecureNamespaceAPIWithSuperuserTest, self).setUp()
        system = createSystemData()
        user = system.users[u'fluiddb']
        self.namespaces = SecureNamespaceAPI(user)
        self.permissions = CachingPermissionAPI(user)

    def testCreateIsAllowed(self):
        """
        Creating a new L{Namespace} should be allowed if we're a user with a
        L{Role.SUPERUSER} no matter what permissions we have.
        """
        values = [(u'fluiddb', Operation.CREATE_NAMESPACE, Policy.CLOSED, [])]
        self.permissions.set(values)
        result = self.namespaces.create([(u'fluiddb/test', u'description')])
        self.assertEqual(1, len(result))

    def testDeleteIsAllowed(self):
        """
        Deleting a L{Namespace} should be allowed if we're a user with a
        L{Role.SUPERUSER} no matter what permissions we have.
        """
        result1 = self.namespaces.create([(u'fluiddb/test', u'description')])
        values = [(u'fluiddb/test', Operation.DELETE_NAMESPACE, Policy.CLOSED,
                   [])]
        self.permissions.set(values)
        result2 = self.namespaces.delete([u'fluiddb/test'])
        self.assertEqual(result1, result2)

    def testSetIsAllowed(self):
        """
        Updating a L{Namespace} should be allowed if we're a user with a
        L{Role.SUPERUSER} no matter what permissions we have.
        """
        self.namespaces.create([(u'fluiddb/test', u'description')])
        values = [(u'fluiddb/test', Operation.UPDATE_NAMESPACE, Policy.CLOSED,
                   [])]
        self.permissions.set(values)
        self.namespaces.set({u'fluiddb/test': u'new description'})

    def testGetIsAllowed(self):
        """
        Getting information about a L{Namespace} should be allowed if we're a
        user with a L{Role.SUPERUSER} no matter what permissions we have.
        """
        self.namespaces.create([(u'fluiddb/test', u'description')])
        values = [(u'fluiddb/test', Operation.LIST_NAMESPACE, Policy.CLOSED,
                   [])]
        self.permissions.set(values)
        result = self.namespaces.get([u'fluiddb'],
                                     withDescriptions=False,
                                     withTags=True,
                                     withNamespaces=True)
        self.assertEqual(1, len(result))
コード例 #4
0
ファイル: test_namespace.py プロジェクト: fluidinfo/fluiddb
class SecureNamespaceAPIWithSuperuserTest(FluidinfoTestCase):

    resources = [('cache', CacheResource()),
                 ('config', ConfigResource()),
                 ('store', DatabaseResource())]

    def setUp(self):
        super(SecureNamespaceAPIWithSuperuserTest, self).setUp()
        system = createSystemData()
        user = system.users[u'fluiddb']
        self.namespaces = SecureNamespaceAPI(user)
        self.permissions = CachingPermissionAPI(user)

    def testCreateIsAllowed(self):
        """
        Creating a new L{Namespace} should be allowed if we're a user with a
        L{Role.SUPERUSER} no matter what permissions we have.
        """
        values = [(u'fluiddb', Operation.CREATE_NAMESPACE, Policy.CLOSED, [])]
        self.permissions.set(values)
        result = self.namespaces.create([(u'fluiddb/test', u'description')])
        self.assertEqual(1, len(result))

    def testDeleteIsAllowed(self):
        """
        Deleting a L{Namespace} should be allowed if we're a user with a
        L{Role.SUPERUSER} no matter what permissions we have.
        """
        result1 = self.namespaces.create([(u'fluiddb/test', u'description')])
        values = [(u'fluiddb/test', Operation.DELETE_NAMESPACE,
                   Policy.CLOSED, [])]
        self.permissions.set(values)
        result2 = self.namespaces.delete([u'fluiddb/test'])
        self.assertEqual(result1, result2)

    def testSetIsAllowed(self):
        """
        Updating a L{Namespace} should be allowed if we're a user with a
        L{Role.SUPERUSER} no matter what permissions we have.
        """
        self.namespaces.create([(u'fluiddb/test', u'description')])
        values = [(u'fluiddb/test', Operation.UPDATE_NAMESPACE,
                   Policy.CLOSED, [])]
        self.permissions.set(values)
        self.namespaces.set({u'fluiddb/test': u'new description'})

    def testGetIsAllowed(self):
        """
        Getting information about a L{Namespace} should be allowed if we're a
        user with a L{Role.SUPERUSER} no matter what permissions we have.
        """
        self.namespaces.create([(u'fluiddb/test', u'description')])
        values = [(u'fluiddb/test', Operation.LIST_NAMESPACE,
                   Policy.CLOSED, [])]
        self.permissions.set(values)
        result = self.namespaces.get([u'fluiddb'], withDescriptions=False,
                                     withTags=True, withNamespaces=True)
        self.assertEqual(1, len(result))
コード例 #5
0
ファイル: test_namespace.py プロジェクト: xanixon/fluiddb
    def setUp(self):
        super(SecureNamespaceAPIWithNormalUserTest, self).setUp()
        createSystemData()

        UserAPI().create([(u'user', u'password', u'User', u'*****@*****.**')
                          ])
        self.user = getUser(u'user')
        self.permissions = CachingPermissionAPI(self.user)
        self.namespaces = SecureNamespaceAPI(self.user)
コード例 #6
0
ファイル: test_user.py プロジェクト: fluidinfo/fluiddb
 def testDeleteIsAllowed(self):
     """
     L{SecureUserAPI.delete} can always be invoked by a L{User} with the
     L{Role.SUPERUSER}.
     """
     UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
     namespaces = SecureNamespaceAPI(self.system.users['fluiddb'])
     namespaces.delete([u'user/private'])
     self.users.delete([u'user'])
     self.assertIdentical(None, getUser(u'user'))
コード例 #7
0
 def testDeleteIsAllowed(self):
     """
     L{SecureUserAPI.delete} can always be invoked by a L{User} with the
     L{Role.SUPERUSER}.
     """
     UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
     namespaces = SecureNamespaceAPI(self.system.users['fluiddb'])
     namespaces.delete([u'user/private'])
     self.users.delete([u'user'])
     self.assertIdentical(None, getUser(u'user'))
コード例 #8
0
ファイル: namespace.py プロジェクト: fluidinfo/fluiddb
 def run():
     namespaces = SecureNamespaceAPI(session.auth.user)
     try:
         namespaces.set({path: description})
     except UnknownPathError as error:
         session.log.exception(error)
         unknownPath = error.paths[0]
         raise TNonexistentNamespace(unknownPath.encode('utf-8'))
     except PermissionDeniedError as error:
         session.log.exception(error)
         path_, operation = error.pathsAndOperations[0]
         category, action = getCategoryAndAction(operation)
         path_ = path_.encode('utf-8')
         raise TPathPermissionDenied(path_, category, action)
コード例 #9
0
ファイル: namespace.py プロジェクト: xanixon/fluiddb
 def run():
     namespaces = SecureNamespaceAPI(session.auth.user)
     try:
         namespaces.set({path: description})
     except UnknownPathError as error:
         session.log.exception(error)
         unknownPath = error.paths[0]
         raise TNonexistentNamespace(unknownPath.encode('utf-8'))
     except PermissionDeniedError as error:
         session.log.exception(error)
         path_, operation = error.pathsAndOperations[0]
         category, action = getCategoryAndAction(operation)
         path_ = path_.encode('utf-8')
         raise TPathPermissionDenied(path_, category, action)
コード例 #10
0
ファイル: test_namespace.py プロジェクト: fluidinfo/fluiddb
    def setUp(self):
        super(SecureNamespaceAPIWithNormalUserTest, self).setUp()
        createSystemData()

        UserAPI().create([(u'user', u'password', u'User',
                           u'*****@*****.**')])
        self.user = getUser(u'user')
        self.permissions = CachingPermissionAPI(self.user)
        self.namespaces = SecureNamespaceAPI(self.user)
コード例 #11
0
ファイル: test_namespace.py プロジェクト: xanixon/fluiddb
 def testGetChildNamespacesIsAllowed(self):
     """
     L{SecureNamespaceAPI.get} should allow getting a list of child
     namespaces if the I{anon} user has permissions.
     """
     admin = self.system.users[u'fluiddb']
     SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
     values = [(u'fluiddb', Operation.LIST_NAMESPACE, Policy.OPEN, [])]
     CachingPermissionAPI(admin).set(values)
     result = self.namespaces.get([u'fluiddb'], withNamespaces=True)
     self.assertEqual(1, len(result))
コード例 #12
0
ファイル: test_namespace.py プロジェクト: xanixon/fluiddb
 def testGetChildNamespacesIsDenied(self):
     """
     L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
     I{anon} user doesn't have LIST permissions when trying to get the child
     namespaces.
     """
     admin = self.system.users[u'fluiddb']
     SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
     values = [(u'fluiddb', Operation.LIST_NAMESPACE, Policy.CLOSED, [])]
     CachingPermissionAPI(admin).set(values)
     error = self.assertRaises(PermissionDeniedError,
                               self.namespaces.get, [(u'fluiddb')],
                               withNamespaces=True)
     self.assertEqual([(u'fluiddb', Operation.LIST_NAMESPACE)],
                      sorted(error.pathsAndOperations))
コード例 #13
0
ファイル: namespace.py プロジェクト: xanixon/fluiddb
 def run():
     namespaces = SecureNamespaceAPI(session.auth.user)
     path = u'/'.join([parentNamespace, name])
     try:
         result = namespaces.create([(path, description)])
         [objectID
          ] = [objectID for objectID, path_ in result if path_ == path]
     except DuplicatePathError as error:
         session.log.exception(error)
         raise TNamespaceAlreadyExists(path.encode('utf-8'))
     except UnknownPathError as error:
         session.log.exception(error)
         unknownPath = error.paths[0]
         raise TNonexistentNamespace(unknownPath.encode('utf-8'))
     except PermissionDeniedError as error:
         session.log.exception(error)
         path, operation = error.pathsAndOperations[0]
         category, action = getCategoryAndAction(operation)
         path = path.encode('utf-8')
         raise TPathPermissionDenied(path, category, action)
     except MalformedPathError as error:
         session.log.exception(error)
         raise TInvalidPath(path.encode('utf-8'))
     return str(objectID)
コード例 #14
0
ファイル: namespace.py プロジェクト: fluidinfo/fluiddb
 def run():
     namespaces = SecureNamespaceAPI(session.auth.user)
     path = u'/'.join([parentNamespace, name])
     try:
         result = namespaces.create([(path, description)])
         [objectID] = [objectID for objectID, path_ in result
                       if path_ == path]
     except DuplicatePathError as error:
         session.log.exception(error)
         raise TNamespaceAlreadyExists(path.encode('utf-8'))
     except UnknownPathError as error:
         session.log.exception(error)
         unknownPath = error.paths[0]
         raise TNonexistentNamespace(unknownPath.encode('utf-8'))
     except PermissionDeniedError as error:
         session.log.exception(error)
         path, operation = error.pathsAndOperations[0]
         category, action = getCategoryAndAction(operation)
         path = path.encode('utf-8')
         raise TPathPermissionDenied(path, category, action)
     except MalformedPathError as error:
         session.log.exception(error)
         raise TInvalidPath(path.encode('utf-8'))
     return str(objectID)
コード例 #15
0
ファイル: test_namespace.py プロジェクト: xanixon/fluiddb
 def setUp(self):
     super(SecureNamespaceAPIWithAnonymousRoleTest, self).setUp()
     self.system = createSystemData()
     self.user = self.system.users[u'anon']
     self.namespaces = SecureNamespaceAPI(self.user)
コード例 #16
0
ファイル: test_namespace.py プロジェクト: xanixon/fluiddb
class SecureNamespaceAPIWithAnonymousRoleTest(FluidinfoTestCase):

    resources = [('cache', CacheResource()), ('config', ConfigResource()),
                 ('store', DatabaseResource())]

    def setUp(self):
        super(SecureNamespaceAPIWithAnonymousRoleTest, self).setUp()
        self.system = createSystemData()
        self.user = self.system.users[u'anon']
        self.namespaces = SecureNamespaceAPI(self.user)

    def testCreateIsDenied(self):
        """
        L{SecureNamespaceAPI.create} raises a L{PermissionDeniedError} if its
        invoked by a L{User} with the L{Role.ANONYMOUS}.
        """
        error = self.assertRaises(PermissionDeniedError,
                                  self.namespaces.create,
                                  [(u'anon/test', u'description')])
        self.assertEqual(self.user.username, error.username)
        self.assertEqual([(u'anon', Operation.CREATE_NAMESPACE)],
                         sorted(error.pathsAndOperations))

    def testDeleteIsDenied(self):
        """
        L{SecureNamespaceAPI.delete} raises a L{PermissionDeniedError} if its
        invoked by a L{User} with the L{Role.ANONYMOUS}.
        """
        error = self.assertRaises(PermissionDeniedError,
                                  self.namespaces.delete, [u'anon'])
        self.assertEqual(self.user.username, error.username)
        self.assertEqual([(u'anon', Operation.DELETE_NAMESPACE)],
                         sorted(error.pathsAndOperations))

    def testSetIsDenied(self):
        """
        L{SecureNamespaceAPI.set} raises a L{PermissionDeniedError} if its
        invoked by a L{User} with the L{Role.ANONYMOUS}.
        """
        error = self.assertRaises(PermissionDeniedError, self.namespaces.set,
                                  {u'anon': u'new description'})
        self.assertEqual(self.user.username, error.username)
        self.assertEqual([(u'anon', Operation.UPDATE_NAMESPACE)],
                         sorted(error.pathsAndOperations))

    def testGetChildNamespacesIsAllowed(self):
        """
        L{SecureNamespaceAPI.get} should allow getting a list of child
        namespaces if the I{anon} user has permissions.
        """
        admin = self.system.users[u'fluiddb']
        SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
        values = [(u'fluiddb', Operation.LIST_NAMESPACE, Policy.OPEN, [])]
        CachingPermissionAPI(admin).set(values)
        result = self.namespaces.get([u'fluiddb'], withNamespaces=True)
        self.assertEqual(1, len(result))

    def testGetChildNamespacesIsDenied(self):
        """
        L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
        I{anon} user doesn't have LIST permissions when trying to get the child
        namespaces.
        """
        admin = self.system.users[u'fluiddb']
        SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
        values = [(u'fluiddb', Operation.LIST_NAMESPACE, Policy.CLOSED, [])]
        CachingPermissionAPI(admin).set(values)
        error = self.assertRaises(PermissionDeniedError,
                                  self.namespaces.get, [(u'fluiddb')],
                                  withNamespaces=True)
        self.assertEqual([(u'fluiddb', Operation.LIST_NAMESPACE)],
                         sorted(error.pathsAndOperations))

    def testGetChildTagsIsAllowed(self):
        """
        L{SecureNamespaceAPI.get} should allow getting a list of child tags if
        the I{anon} user has permissions.
        """
        admin = self.system.users[u'fluiddb']
        SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
        values = [(u'fluiddb', Operation.LIST_NAMESPACE, Policy.CLOSED,
                   [u'anon'])]
        CachingPermissionAPI(admin).set(values)
        result = self.namespaces.get([u'fluiddb'], withTags=True)
        self.assertEqual(1, len(result))

    def testGetChildTagsIsDenied(self):
        """
        L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
        L{anon} user doesn't have LIST permissions when trying to get the
        child tags.
        """
        admin = self.system.users[u'fluiddb']
        SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
        values = [(u'fluiddb', Operation.LIST_NAMESPACE, Policy.OPEN,
                   [u'anon'])]
        CachingPermissionAPI(admin).set(values)
        error = self.assertRaises(PermissionDeniedError,
                                  self.namespaces.get, [(u'fluiddb')],
                                  withTags=True)
        self.assertEqual([(u'fluiddb', Operation.LIST_NAMESPACE)],
                         sorted(error.pathsAndOperations))
コード例 #17
0
ファイル: test_namespace.py プロジェクト: xanixon/fluiddb
 def setUp(self):
     super(SecureNamespaceAPIWithSuperuserTest, self).setUp()
     system = createSystemData()
     user = system.users[u'fluiddb']
     self.namespaces = SecureNamespaceAPI(user)
     self.permissions = CachingPermissionAPI(user)
コード例 #18
0
ファイル: test_namespace.py プロジェクト: fluidinfo/fluiddb
class SecureNamespaceAPIWithNormalUserTest(FluidinfoTestCase):

    resources = [('cache', CacheResource()),
                 ('config', ConfigResource()),
                 ('store', DatabaseResource())]

    def setUp(self):
        super(SecureNamespaceAPIWithNormalUserTest, self).setUp()
        createSystemData()

        UserAPI().create([(u'user', u'password', u'User',
                           u'*****@*****.**')])
        self.user = getUser(u'user')
        self.permissions = CachingPermissionAPI(self.user)
        self.namespaces = SecureNamespaceAPI(self.user)

    def testCreateIsAllowed(self):
        """
        L{SecureNamespaceAPI.create} should allow the creation of namespaces
        whose parent has open CREATE permissions.
        """
        values = [(u'user', Operation.CREATE_NAMESPACE, Policy.OPEN, [])]
        self.permissions.set(values)
        result = self.namespaces.create([(u'user/test', u'description')])
        self.assertEqual(1, len(result))

    def testCreateIsDenied(self):
        """
        L{SecureNamespaceAPI.create} should raise L{PermissonDeniedError} if
        the user doesn't have CREATE permissions on the parent namespace.
        """
        values = [(u'user', Operation.CREATE_NAMESPACE, Policy.CLOSED, [])]
        self.permissions.set(values)
        error = self.assertRaises(PermissionDeniedError,
                                  self.namespaces.create,
                                  [(u'user/test', u'description')])
        self.assertEqual([(u'user', Operation.CREATE_NAMESPACE)],
                         sorted(error.pathsAndOperations))

    def testDeleteIsAllowed(self):
        """
        {SecureNamespaceAPI.delete} should allow the deletion of a namespace
        if the user has DELETE permissions.
        """
        result1 = self.namespaces.create([(u'user/test', u'description')])
        values = [(u'user/test', Operation.DELETE_NAMESPACE, Policy.OPEN, [])]
        self.permissions.set(values)
        result2 = self.namespaces.delete([u'user/test'])
        self.assertEqual(result1, result2)

    def testDeleteIsDenied(self):
        """
        L{SecureNamespaceAPI.delete} should raise L{PermissonDeniedError} if
        the user doesn't have DELETE permissions.
        """
        self.namespaces.create([(u'user/test', u'description')])
        values = [(u'user/test', Operation.DELETE_NAMESPACE,
                   Policy.OPEN, [u'user'])]
        self.permissions.set(values)
        error = self.assertRaises(PermissionDeniedError,
                                  self.namespaces.delete, [(u'user/test')])
        self.assertEqual([(u'user/test', Operation.DELETE_NAMESPACE)],
                         sorted(error.pathsAndOperations))

    def testGetChildNamespacesIsAllowed(self):
        """
        L{SecureNamespaceAPI.get} should allow getting a list of child
        namespaces if the user has permissions.
        """
        self.namespaces.create([(u'user/test', u'description')])
        values = [(u'user', Operation.LIST_NAMESPACE, Policy.OPEN, [])]
        self.permissions.set(values)
        result = self.namespaces.get([u'user'], withNamespaces=True)
        self.assertEqual(1, len(result))

    def testGetChildNamespacesIsDenied(self):
        """
        L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
        user doesn't have LIST permissions when trying to get the child
        namespaces.
        """
        self.namespaces.create([(u'user/test', u'description')])
        values = [(u'user', Operation.LIST_NAMESPACE, Policy.CLOSED, [])]
        self.permissions.set(values)
        error = self.assertRaises(PermissionDeniedError,
                                  self.namespaces.get,
                                  [(u'user')], withNamespaces=True)
        self.assertEqual([(u'user', Operation.LIST_NAMESPACE)],
                         sorted(error.pathsAndOperations))

    def testGetChildTagsIsAllowed(self):
        """
        L{SecureNamespaceAPI.get} should allow getting a list of child tags if
        the user has permissions.
        """
        self.namespaces.create([(u'user/test', u'description')])
        values = [(u'user', Operation.LIST_NAMESPACE,
                   Policy.CLOSED, [u'user'])]
        self.permissions.set(values)
        result = self.namespaces.get([u'user'], withTags=True)
        self.assertEqual(1, len(result))

    def testGetChildTagsIsDenied(self):
        """
        L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
        user doesn't have LIST permissions when trying to get the child
        tags.
        """
        self.namespaces.create([(u'user/test', u'description')])
        values = [(u'user', Operation.LIST_NAMESPACE, Policy.OPEN, [u'user'])]
        self.permissions.set(values)
        error = self.assertRaises(PermissionDeniedError,
                                  self.namespaces.get,
                                  [(u'user')], withTags=True)
        self.assertEqual([(u'user', Operation.LIST_NAMESPACE)],
                         sorted(error.pathsAndOperations))

    def testSetIsAllowed(self):
        """
        L{SecureNamespaceAPI.get} should allow updating the description of a
        namespace if the user has permissions.
        """
        self.namespaces.create([(u'user/test', u'description')])
        values = [(u'user/test', Operation.UPDATE_NAMESPACE, Policy.OPEN, [])]
        self.permissions.set(values)
        self.namespaces.set({u'user/test': u'description'})

    def testSetIsDenied(self):
        """
        L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
        user doesn't have UPDATE permissions when trying to update a
        namespace's description.
        """
        self.namespaces.create([(u'user/test', u'description')])
        values = [(u'user/test', Operation.UPDATE_NAMESPACE,
                   Policy.CLOSED, [])]
        self.permissions.set(values)
        error = self.assertRaises(PermissionDeniedError,
                                  self.namespaces.set,
                                  {u'user/test': u'description'})
        self.assertEqual([(u'user/test', Operation.UPDATE_NAMESPACE)],
                         sorted(error.pathsAndOperations))
コード例 #19
0
ファイル: test_namespace.py プロジェクト: xanixon/fluiddb
class SecureNamespaceAPIWithNormalUserTest(FluidinfoTestCase):

    resources = [('cache', CacheResource()), ('config', ConfigResource()),
                 ('store', DatabaseResource())]

    def setUp(self):
        super(SecureNamespaceAPIWithNormalUserTest, self).setUp()
        createSystemData()

        UserAPI().create([(u'user', u'password', u'User', u'*****@*****.**')
                          ])
        self.user = getUser(u'user')
        self.permissions = CachingPermissionAPI(self.user)
        self.namespaces = SecureNamespaceAPI(self.user)

    def testCreateIsAllowed(self):
        """
        L{SecureNamespaceAPI.create} should allow the creation of namespaces
        whose parent has open CREATE permissions.
        """
        values = [(u'user', Operation.CREATE_NAMESPACE, Policy.OPEN, [])]
        self.permissions.set(values)
        result = self.namespaces.create([(u'user/test', u'description')])
        self.assertEqual(1, len(result))

    def testCreateIsDenied(self):
        """
        L{SecureNamespaceAPI.create} should raise L{PermissonDeniedError} if
        the user doesn't have CREATE permissions on the parent namespace.
        """
        values = [(u'user', Operation.CREATE_NAMESPACE, Policy.CLOSED, [])]
        self.permissions.set(values)
        error = self.assertRaises(PermissionDeniedError,
                                  self.namespaces.create,
                                  [(u'user/test', u'description')])
        self.assertEqual([(u'user', Operation.CREATE_NAMESPACE)],
                         sorted(error.pathsAndOperations))

    def testDeleteIsAllowed(self):
        """
        {SecureNamespaceAPI.delete} should allow the deletion of a namespace
        if the user has DELETE permissions.
        """
        result1 = self.namespaces.create([(u'user/test', u'description')])
        values = [(u'user/test', Operation.DELETE_NAMESPACE, Policy.OPEN, [])]
        self.permissions.set(values)
        result2 = self.namespaces.delete([u'user/test'])
        self.assertEqual(result1, result2)

    def testDeleteIsDenied(self):
        """
        L{SecureNamespaceAPI.delete} should raise L{PermissonDeniedError} if
        the user doesn't have DELETE permissions.
        """
        self.namespaces.create([(u'user/test', u'description')])
        values = [(u'user/test', Operation.DELETE_NAMESPACE, Policy.OPEN,
                   [u'user'])]
        self.permissions.set(values)
        error = self.assertRaises(PermissionDeniedError,
                                  self.namespaces.delete, [(u'user/test')])
        self.assertEqual([(u'user/test', Operation.DELETE_NAMESPACE)],
                         sorted(error.pathsAndOperations))

    def testGetChildNamespacesIsAllowed(self):
        """
        L{SecureNamespaceAPI.get} should allow getting a list of child
        namespaces if the user has permissions.
        """
        self.namespaces.create([(u'user/test', u'description')])
        values = [(u'user', Operation.LIST_NAMESPACE, Policy.OPEN, [])]
        self.permissions.set(values)
        result = self.namespaces.get([u'user'], withNamespaces=True)
        self.assertEqual(1, len(result))

    def testGetChildNamespacesIsDenied(self):
        """
        L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
        user doesn't have LIST permissions when trying to get the child
        namespaces.
        """
        self.namespaces.create([(u'user/test', u'description')])
        values = [(u'user', Operation.LIST_NAMESPACE, Policy.CLOSED, [])]
        self.permissions.set(values)
        error = self.assertRaises(PermissionDeniedError,
                                  self.namespaces.get, [(u'user')],
                                  withNamespaces=True)
        self.assertEqual([(u'user', Operation.LIST_NAMESPACE)],
                         sorted(error.pathsAndOperations))

    def testGetChildTagsIsAllowed(self):
        """
        L{SecureNamespaceAPI.get} should allow getting a list of child tags if
        the user has permissions.
        """
        self.namespaces.create([(u'user/test', u'description')])
        values = [(u'user', Operation.LIST_NAMESPACE, Policy.CLOSED, [u'user'])
                  ]
        self.permissions.set(values)
        result = self.namespaces.get([u'user'], withTags=True)
        self.assertEqual(1, len(result))

    def testGetChildTagsIsDenied(self):
        """
        L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
        user doesn't have LIST permissions when trying to get the child
        tags.
        """
        self.namespaces.create([(u'user/test', u'description')])
        values = [(u'user', Operation.LIST_NAMESPACE, Policy.OPEN, [u'user'])]
        self.permissions.set(values)
        error = self.assertRaises(PermissionDeniedError,
                                  self.namespaces.get, [(u'user')],
                                  withTags=True)
        self.assertEqual([(u'user', Operation.LIST_NAMESPACE)],
                         sorted(error.pathsAndOperations))

    def testSetIsAllowed(self):
        """
        L{SecureNamespaceAPI.get} should allow updating the description of a
        namespace if the user has permissions.
        """
        self.namespaces.create([(u'user/test', u'description')])
        values = [(u'user/test', Operation.UPDATE_NAMESPACE, Policy.OPEN, [])]
        self.permissions.set(values)
        self.namespaces.set({u'user/test': u'description'})

    def testSetIsDenied(self):
        """
        L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
        user doesn't have UPDATE permissions when trying to update a
        namespace's description.
        """
        self.namespaces.create([(u'user/test', u'description')])
        values = [(u'user/test', Operation.UPDATE_NAMESPACE, Policy.CLOSED, [])
                  ]
        self.permissions.set(values)
        error = self.assertRaises(PermissionDeniedError, self.namespaces.set,
                                  {u'user/test': u'description'})
        self.assertEqual([(u'user/test', Operation.UPDATE_NAMESPACE)],
                         sorted(error.pathsAndOperations))
コード例 #20
0
ファイル: test_namespace.py プロジェクト: fluidinfo/fluiddb
 def setUp(self):
     super(SecureNamespaceAPIWithSuperuserTest, self).setUp()
     system = createSystemData()
     user = system.users[u'fluiddb']
     self.namespaces = SecureNamespaceAPI(user)
     self.permissions = CachingPermissionAPI(user)
コード例 #21
0
ファイル: test_namespace.py プロジェクト: fluidinfo/fluiddb
class SecureNamespaceAPIWithAnonymousRoleTest(FluidinfoTestCase):

    resources = [('cache', CacheResource()),
                 ('config', ConfigResource()),
                 ('store', DatabaseResource())]

    def setUp(self):
        super(SecureNamespaceAPIWithAnonymousRoleTest, self).setUp()
        self.system = createSystemData()
        self.user = self.system.users[u'anon']
        self.namespaces = SecureNamespaceAPI(self.user)

    def testCreateIsDenied(self):
        """
        L{SecureNamespaceAPI.create} raises a L{PermissionDeniedError} if its
        invoked by a L{User} with the L{Role.ANONYMOUS}.
        """
        error = self.assertRaises(PermissionDeniedError,
                                  self.namespaces.create,
                                  [(u'anon/test', u'description')])
        self.assertEqual(self.user.username, error.username)
        self.assertEqual([(u'anon', Operation.CREATE_NAMESPACE)],
                         sorted(error.pathsAndOperations))

    def testDeleteIsDenied(self):
        """
        L{SecureNamespaceAPI.delete} raises a L{PermissionDeniedError} if its
        invoked by a L{User} with the L{Role.ANONYMOUS}.
        """
        error = self.assertRaises(PermissionDeniedError,
                                  self.namespaces.delete,
                                  [u'anon'])
        self.assertEqual(self.user.username, error.username)
        self.assertEqual([(u'anon', Operation.DELETE_NAMESPACE)],
                         sorted(error.pathsAndOperations))

    def testSetIsDenied(self):
        """
        L{SecureNamespaceAPI.set} raises a L{PermissionDeniedError} if its
        invoked by a L{User} with the L{Role.ANONYMOUS}.
        """
        error = self.assertRaises(PermissionDeniedError,
                                  self.namespaces.set,
                                  {u'anon': u'new description'})
        self.assertEqual(self.user.username, error.username)
        self.assertEqual([(u'anon', Operation.UPDATE_NAMESPACE)],
                         sorted(error.pathsAndOperations))

    def testGetChildNamespacesIsAllowed(self):
        """
        L{SecureNamespaceAPI.get} should allow getting a list of child
        namespaces if the I{anon} user has permissions.
        """
        admin = self.system.users[u'fluiddb']
        SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
        values = [(u'fluiddb', Operation.LIST_NAMESPACE, Policy.OPEN, [])]
        CachingPermissionAPI(admin).set(values)
        result = self.namespaces.get([u'fluiddb'], withNamespaces=True)
        self.assertEqual(1, len(result))

    def testGetChildNamespacesIsDenied(self):
        """
        L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
        I{anon} user doesn't have LIST permissions when trying to get the child
        namespaces.
        """
        admin = self.system.users[u'fluiddb']
        SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
        values = [(u'fluiddb', Operation.LIST_NAMESPACE, Policy.CLOSED, [])]
        CachingPermissionAPI(admin).set(values)
        error = self.assertRaises(PermissionDeniedError,
                                  self.namespaces.get,
                                  [(u'fluiddb')], withNamespaces=True)
        self.assertEqual([(u'fluiddb', Operation.LIST_NAMESPACE)],
                         sorted(error.pathsAndOperations))

    def testGetChildTagsIsAllowed(self):
        """
        L{SecureNamespaceAPI.get} should allow getting a list of child tags if
        the I{anon} user has permissions.
        """
        admin = self.system.users[u'fluiddb']
        SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
        values = [(u'fluiddb', Operation.LIST_NAMESPACE,
                   Policy.CLOSED, [u'anon'])]
        CachingPermissionAPI(admin).set(values)
        result = self.namespaces.get([u'fluiddb'], withTags=True)
        self.assertEqual(1, len(result))

    def testGetChildTagsIsDenied(self):
        """
        L{SecureNamespaceAPI.get} should raise L{PermissonDeniedError} if the
        L{anon} user doesn't have LIST permissions when trying to get the
        child tags.
        """
        admin = self.system.users[u'fluiddb']
        SecureNamespaceAPI(admin).create([(u'fluiddb/test', u'description')])
        values = [(u'fluiddb', Operation.LIST_NAMESPACE,
                   Policy.OPEN, [u'anon'])]
        CachingPermissionAPI(admin).set(values)
        error = self.assertRaises(PermissionDeniedError,
                                  self.namespaces.get,
                                  [(u'fluiddb')], withTags=True)
        self.assertEqual([(u'fluiddb', Operation.LIST_NAMESPACE)],
                         sorted(error.pathsAndOperations))
コード例 #22
0
ファイル: test_namespace.py プロジェクト: fluidinfo/fluiddb
 def setUp(self):
     super(SecureNamespaceAPIWithAnonymousRoleTest, self).setUp()
     self.system = createSystemData()
     self.user = self.system.users[u'anon']
     self.namespaces = SecureNamespaceAPI(self.user)