def testNoACLs(self): """All checking is skipped if no API.RendererACLFile is defined.""" config_lib.CONFIG.Set("API.RendererACLFile", "") auth_mgr = api_call_renderers.SimpleAPIAuthorizationManager() auth_mgr.CheckAccess(self.mock_renderer, "u1") bad_renderer = mock.MagicMock() bad_renderer.enabled_by_default = True bad_renderer.__class__.__name__ = "BadRenderer" auth_mgr.CheckAccess(bad_renderer, "u2")
def testRaiseIfGroupsDefined(self): """We have no way to expand groups, so raise if defined.""" acls = """ renderer: "ApiCallRenderer" groups: ["g1"] """ with mock.patch.object(__builtin__, "open", mock.mock_open(read_data=acls)): with self.assertRaises(NotImplementedError): api_call_renderers.SimpleAPIAuthorizationManager()
def testHandleApiCallNotEnabled(self): """Raises if no matching ACL and enabled_by_default=False.""" config_lib.CONFIG.Set("API.RendererACLFile", "") auth_mgr = api_call_renderers.SimpleAPIAuthorizationManager() self.mock_renderer.enabled_by_default = False with mock.patch.object(api_call_renderers, "API_AUTH_MGR", auth_mgr): with self.assertRaises(access_control.UnauthorizedAccess): api_call_renderers.HandleApiCall(self.mock_renderer, "", token=self.token)
def testDenyAll(self): acls = """ renderer: "ApiCallRenderer" """ with mock.patch.object(__builtin__, "open", mock.mock_open(read_data=acls)): auth_mgr = api_call_renderers.SimpleAPIAuthorizationManager() with self.assertRaises(access_control.UnauthorizedAccess): auth_mgr.CheckAccess(self.mock_renderer, "u1")
def testHandleApiCallNotEnabledWithACL(self): """Matching ACL and enabled_by_default=False is allowed.""" acls = """ renderer: "ApiCallRenderer" users: - "test" """ with mock.patch.object(__builtin__, "open", mock.mock_open(read_data=acls)): auth_mgr = api_call_renderers.SimpleAPIAuthorizationManager() self.mock_renderer.enabled_by_default = False with mock.patch.object(api_call_renderers, "API_AUTH_MGR", auth_mgr): api_call_renderers.HandleApiCall(self.mock_renderer, "", token=self.token) self.mock_renderer.Render.assert_called_once_with("", token=self.token)