def load_auths(self):
"""Load up all the authorizations this user has"""
from botoweb.resources.authorization import Authorization
self.authorizations = {
"*": {"*": {"*": False} },
"": {"": {"": False} }
}
query = Authorization.find(auth_group=self.auth_groups)
for auth in query:
if not self.authorizations.has_key(auth.method):
self.authorizations[auth.method] = {}
if not self.authorizations[auth.method].has_key(auth.obj_name):
self.authorizations[auth.method][auth.obj_name] = {}
self.authorizations[auth.method][auth.obj_name][auth.prop_name] = True
# Weird indexing to say "Yes, they have a value here somewhere"
if not self.authorizations[auth.method].has_key(""):
self.authorizations[auth.method][""] = {}
if not self.authorizations[""].has_key(auth.obj_name):
self.authorizations[""][auth.obj_name] = {"": True}
self.authorizations[""][""][""] = True
self.authorizations[""][""][auth.prop_name] = True
self.authorizations[""][auth.obj_name][""] = True
self.authorizations[""][auth.obj_name][auth.prop_name] = True
self.authorizations[auth.method][auth.obj_name][""] = True
self.authorizations[auth.method][""][auth.prop_name] = True
self.authorizations[auth.method][""][""] = True
return self.authorizations
def load_auths(self):
"""Load up all the authorizations this user has"""
from botoweb.resources.authorization import Authorization
self.authorizations = {"*": {"*": {"*": False}}, "": {"": {"": False}}}
if self.auth_groups:
query = Authorization.find(auth_group=self.auth_groups)
for auth in query:
if not self.authorizations.has_key(auth.method):
self.authorizations[auth.method] = {}
if not self.authorizations[auth.method].has_key(auth.obj_name):
self.authorizations[auth.method][auth.obj_name] = {}
self.authorizations[auth.method][auth.obj_name][
auth.prop_name] = True
# Weird indexing to say "Yes, they have a value here somewhere"
if not self.authorizations[auth.method].has_key(""):
self.authorizations[auth.method][""] = {}
if not self.authorizations[""].has_key(auth.obj_name):
self.authorizations[""][auth.obj_name] = {"": True}
self.authorizations[""][""][""] = True
self.authorizations[""][""][auth.prop_name] = True
self.authorizations[""][auth.obj_name][""] = True
self.authorizations[""][auth.obj_name][auth.prop_name] = True
self.authorizations[auth.method][auth.obj_name][""] = True
self.authorizations[auth.method][""][auth.prop_name] = True
self.authorizations[auth.method][""][""] = True
return self.authorizations
def test_get_only_single_object_auth(self):
"""Test someone that has only all permissions on a specific object"""
auth = Authorization()
auth.auth_group = "test_auth_group"
auth.method = "GET"
auth.obj_name = "Foo"
auth.prop_name = "*"
auth.put()
time.sleep(5)
self.authorizations.append(auth)
self.user.load_auths()
assert (self.user.has_auth("GET") == False)
assert (self.user.has_auth("GET", "Bar") == False)
assert (self.user.has_auth("GET", "Bar", "bizzle") == False)
assert (self.user.has_auth("GET", "Foo"))
assert (self.user.has_auth("GET", "Foo", "bar"))
auth.delete()
def test_get_only_overall_object(self):
"""Test only allowing them to know about the object, not get any specific parameters"""
auth = Authorization()
auth.auth_group = "test_auth_group"
auth.method = "GET"
auth.obj_name = "Foo"
auth.put()
time.sleep(5)
self.authorizations.append(auth)
self.user.load_auths()
assert (self.user.has_auth("GET") == False)
assert (self.user.has_auth("GET", "Bar") == False)
assert (self.user.has_auth("GET", "*") == False)
assert (self.user.has_auth("GET", "Foo"))
assert (self.user.has_auth("GET", "Foo", "bar") == False)
auth.delete()
def test_all_auth(self):
"""Test someone that should have every authorization to everything"""
auth = Authorization()
auth.auth_group = "test_auth_group"
auth.method = "*"
auth.obj_name = "*"
auth.prop_name = "*"
auth.put()
time.sleep(5)
self.authorizations.append(auth)
self.user.load_auths()
assert (self.user.has_auth())
assert (self.user.has_auth("GET"))
assert (self.user.has_auth("POST"))
assert (self.user.has_auth("PUT"))
assert (self.user.has_auth("DELETE"))
assert (self.user.has_auth("GET", "Foo"))
assert (self.user.has_auth("GET", "Foo", "bar"))
assert (self.user.has_auth("GET", "*", "bar"))
auth.delete()
def test_get_only_single_object_auth(self):
"""Test someone that has only all permissions on a specific object"""
auth = Authorization()
auth.auth_group = "test_auth_group"
auth.method = "GET"
auth.obj_name = "Foo"
auth.prop_name = "*"
auth.put()
time.sleep(5)
self.authorizations.append(auth)
self.user.load_auths()
assert(self.user.has_auth("GET") == False)
assert(self.user.has_auth("GET", "Bar") == False)
assert(self.user.has_auth("GET", "Bar", "bizzle") == False)
assert(self.user.has_auth("GET", "Foo"))
assert(self.user.has_auth("GET", "Foo", "bar"))
auth.delete()
def test_get_only_auth(self):
"""Test someone that has only GET permissions on all objects"""
auth = Authorization()
auth.auth_group = "test_auth_group"
auth.method = "GET"
auth.obj_name = "*"
auth.prop_name = "*"
auth.put()
time.sleep(5)
self.authorizations.append(auth)
self.user.load_auths()
assert (self.user.has_auth("GET"))
assert (self.user.has_auth("GET", "*", "*"))
assert (self.user.has_auth("POST") == False)
assert (self.user.has_auth("PUT") == False)
assert (self.user.has_auth("DELETE") == False)
assert (self.user.has_auth("DELETE", "Foo") == False)
assert (self.user.has_auth("DELETE", "Foo", "bar") == False)
assert (self.user.has_auth("DELETE", "*", "bar") == False)
assert (self.user.has_auth("GET", "Foo"))
assert (self.user.has_auth("GET", "Foo", "bar"))
assert (self.user.has_auth("GET", "*", "bar"))
auth.delete()
def test_get_only_overall_object(self):
"""Test only allowing them to know about the object, not get any specific parameters"""
auth = Authorization()
auth.auth_group = "test_auth_group"
auth.method = "GET"
auth.obj_name = "Foo"
auth.put()
time.sleep(5)
self.authorizations.append(auth)
self.user.load_auths()
assert(self.user.has_auth("GET") == False)
assert(self.user.has_auth("GET", "Bar") == False)
assert(self.user.has_auth("GET", "*") == False)
assert(self.user.has_auth("GET", "Foo"))
assert(self.user.has_auth("GET", "Foo", "bar") == False)
auth.delete()
def test_all_auth(self):
"""Test someone that should have every authorization to everything"""
auth = Authorization()
auth.auth_group = "test_auth_group"
auth.method = "*"
auth.obj_name = "*"
auth.prop_name = "*"
auth.put()
time.sleep(5)
self.authorizations.append(auth)
self.user.load_auths()
assert(self.user.has_auth())
assert(self.user.has_auth("GET"))
assert(self.user.has_auth("POST"))
assert(self.user.has_auth("PUT"))
assert(self.user.has_auth("DELETE"))
assert(self.user.has_auth("GET", "Foo"))
assert(self.user.has_auth("GET", "Foo", "bar"))
assert(self.user.has_auth("GET", "*", "bar"))
auth.delete()
def test_get_only_auth(self):
"""Test someone that has only GET permissions on all objects"""
auth = Authorization()
auth.auth_group = "test_auth_group"
auth.method = "GET"
auth.obj_name = "*"
auth.prop_name = "*"
auth.put()
time.sleep(5)
self.authorizations.append(auth)
self.user.load_auths()
assert(self.user.has_auth("GET"))
assert(self.user.has_auth("GET", "*", "*"))
assert(self.user.has_auth("POST") == False)
assert(self.user.has_auth("PUT") == False)
assert(self.user.has_auth("DELETE") == False)
assert(self.user.has_auth("DELETE", "Foo") == False)
assert(self.user.has_auth("DELETE", "Foo", "bar") == False)
assert(self.user.has_auth("DELETE", "*", "bar") == False)
assert(self.user.has_auth("GET", "Foo"))
assert(self.user.has_auth("GET", "Foo", "bar"))
assert(self.user.has_auth("GET", "*", "bar"))
auth.delete()
