def setUp(self):
self.test_user = User.objects.get_or_create(username='******', password='******')[0]
self.setup_request()
# Superuser.
self.superuser = User.objects.get(username='******')
# Cyder admin.
self.cyder_admin = User.objects.get_or_create(username='******', password='******')[0]
self.ctnr_global = Ctnr.objects.get(id=1)
self.ctnr_user_cyder_admin_global = CtnrUser(id=None, ctnr=self.ctnr_global, user=self.cyder_admin, level=2)
self.ctnr_user_cyder_admin_global.save()
# Admin.
self.ctnr_admin = Ctnr(id=None, name="admin")
self.ctnr_admin.save()
self.ctnr_user_admin = CtnrUser(id=None, ctnr=self.ctnr_admin, user=self.test_user, level=2)
self.ctnr_user_admin.save()
self.ctnr_user_cyder_admin = CtnrUser(id=None, ctnr=self.ctnr_admin, user=self.cyder_admin, level=2)
self.ctnr_user_cyder_admin.save()
# User.
self.ctnr_user = Ctnr(id=None, name="user")
self.ctnr_user.save()
self.ctnr_user_user = CtnrUser(id=None, ctnr=self.ctnr_user, user=self.test_user, level=1)
self.ctnr_user_user.save()
# Guest.
self.ctnr_guest = Ctnr(id=None, name="guest")
self.ctnr_guest.save()
self.ctnr_user_guest = CtnrUser(id=None, ctnr=self.ctnr_guest, user=self.test_user, level=0)
self.ctnr_user_guest.save()
# Pleb.
self.pleb_user = User.objects.get_or_create(username='******', password='******')[0]
def setUp(self):
self.test_user = User.objects.get_or_create(username='******',
password='******')[0]
self.setup_request()
# Superuser.
self.superuser = User.objects.get(username='******')
# Cyder admin.
self.cyder_admin = User.objects.get_or_create(
username='******', password='******')[0]
self.ctnr_global = Ctnr.objects.get(id=1)
self.ctnr_user_cyder_admin_global = CtnrUser(id=None,
ctnr=self.ctnr_global,
user=self.cyder_admin,
level=2)
self.ctnr_user_cyder_admin_global.save()
# Admin.
self.ctnr_admin = Ctnr(id=None, name="admin")
self.ctnr_admin.save()
self.ctnr_user_admin = CtnrUser(id=None,
ctnr=self.ctnr_admin,
user=self.test_user,
level=2)
self.ctnr_user_admin.save()
self.ctnr_user_cyder_admin = CtnrUser(id=None,
ctnr=self.ctnr_admin,
user=self.cyder_admin,
level=2)
self.ctnr_user_cyder_admin.save()
# User.
self.ctnr_user = Ctnr(id=None, name="user")
self.ctnr_user.save()
self.ctnr_user_user = CtnrUser(id=None,
ctnr=self.ctnr_user,
user=self.test_user,
level=1)
self.ctnr_user_user.save()
# Guest.
self.ctnr_guest = Ctnr(id=None, name="guest")
self.ctnr_guest.save()
self.ctnr_user_guest = CtnrUser(id=None,
ctnr=self.ctnr_guest,
user=self.test_user,
level=0)
self.ctnr_user_guest.save()
# Pleb.
self.pleb_user = User.objects.get_or_create(username='******',
password='******')[0]
def clone_perms(request, user_id):
if not request.POST:
return redirect(request.META.get('HTTP_REFERER', ''))
acting_user = request.user.get_profile()
if not acting_user.has_perm(request, 2, obj_class='User'):
return HttpResponse(
json.dumps({
'errors': {
'__all__':
'You do not have permissions to perform ' + 'this action'
}
}))
profile = UserProfile.objects.get(user__id=user_id)
perms_qs = CtnrUser.objects.filter(user__id=user_id)
if not perms_qs.exists():
perms_qs = []
users = request.POST.get('users', None)
if not users:
return HttpResponse(
json.dumps({'errors': {
'__all__': 'No users provided'
}}))
users = users.split(',')
for user in users:
user_qs = User.objects.filter(username=user)
if not user_qs.exists():
user = User(username=user)
user.save()
else:
user = user_qs.get()
CtnrUser.objects.filter(user=user).delete()
for perm in perms_qs:
ctnr_user_qs = CtnrUser.objects.filter(user=user, ctnr=perm.ctnr)
if not ctnr_user_qs.exists():
ctnr_user = CtnrUser(user=user,
ctnr=perm.ctnr,
level=perm.level)
else:
ctnr_user = ctnr_user_qs.get()
ctnr_user.level = perm.level
ctnr_user.save()
return HttpResponse(json.dumps({'success': True}))
def add_user(request, ctnr, name):
confirmation = request.POST.get('confirmation', '')
level = request.POST.get('level', '')
if not name:
return HttpResponse(json.dumps({'error': 'Please enter a user name'}))
if not level:
return HttpResponse(
json.dumps({'error': 'Please select an administrative level'}))
if (confirmation == 'false'
and not User.objects.filter(username=name).exists()):
return HttpResponse(
json.dumps({
'acknowledge':
'This user is not in any other container. '
'Are you sure you want to create this user?'
}))
user, _ = User.objects.get_or_create(username=name)
user.save()
if CtnrUser.objects.filter(user_id=user.id, ctnr_id=ctnr.id).exists():
return HttpResponse(
json.dumps({'error':
'This user already exists in this container'}))
CtnrUser(user_id=user.id, ctnr_id=ctnr.id, level=level).save()
return HttpResponse(json.dumps({'success': True}))
def login_session(request, username):
"""Logs in a user and sets up the session."""
try:
# Authenticate / login.
user = User.objects.get(username=username)
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
except User.DoesNotExist:
messages.error(request, "User %s does not exist" % (username))
return request
try:
# Create user profile if needed.
request.user.get_profile()
except UserProfile.DoesNotExist:
profile = UserProfile(user=user)
profile.save()
try:
# Assign user to default ctnr if needed.
CtnrUser.objects.get(user=request.user,
ctnr_id=request.user.get_profile().default_ctnr)
except CtnrUser.DoesNotExist:
new_default_ctnr = Ctnr.objects.get(id=2)
CtnrUser(user=request.user, ctnr=new_default_ctnr, level=0).save()
# Set session ctnr.
default_ctnr = request.user.get_profile().default_ctnr
if default_ctnr:
request.session['ctnr'] = Ctnr.objects.get(id=default_ctnr.id)
else:
request.session['ctnr'] = Ctnr.objects.get(id=2)
# Set session ctnr level.
request.session['level'] = CtnrUser.objects.get(user=request.user,
ctnr=default_ctnr).level
try:
# Set ctnr list (to switch between).
global_ctnr = CtnrUser.objects.get(user=request.user, ctnr=1)
if global_ctnr:
request.session['ctnrs'] = (
list(Ctnr.objects.filter(Q(id=1)
| Q(id=2))) +
list(Ctnr.objects.exclude(Q(id=1)
| Q(id=2)).order_by("name")))
except CtnrUser.DoesNotExist:
# Set ctnr list (to switch between).
ctnrs_user = CtnrUser.objects.filter(user=request.user)
ctnrs = [
Ctnr.objects.get(id=ctnr_pk)
for ctnr_pk in ctnrs_user.values_list('ctnr', flat=True)
]
request.session['ctnrs'] = ctnrs
return request
def clone_perms(request, user_id):
if not request.POST:
return redirect(request.META.get('HTTP_REFERER', ''))
acting_user = request.user.get_profile()
if not acting_user.has_perm(request, 2, obj_class='User'):
return HttpResponse(json.dumps(
{'errors': {'__all__': 'You do not have permissions to perform '
+ 'this action'}}))
user = UserProfile.objects.get(id=user_id)
perms_qs = CtnrUser.objects.filter(user__id=user_id)
if not perms_qs.exists():
perms_qs = []
users = request.POST.get('users', None)
if not users:
return HttpResponse(json.dumps(
{'errors': {'__all__': 'No users provided'}}))
users = users.split(',')
for user in users:
user_qs = User.objects.filter(username=user)
if not user_qs.exists():
user = User(username=user)
user.save()
else:
user = user_qs.get()
CtnrUser.objects.filter(user=user).delete()
for perm in perms_qs:
ctnr_user_qs = CtnrUser.objects.filter(user=user, ctnr=perm.ctnr)
if not ctnr_user_qs.exists():
ctnr_user = CtnrUser(
user=user, ctnr=perm.ctnr, level=perm.level)
else:
ctnr_user = ctnr_user_qs.get()
ctnr_user.level = perm.level
ctnr_user.save()
return HttpResponse(json.dumps({'success': True}))
def setUp(self):
# test user is for tests only
self.test_user = User.objects.get_or_create(username='******', password='******')[0]
# development user exists as fixture, has admin to all ctnrs
self.dev_user = User.objects.get(username='******')
# create container where user has no admin
self.ctnr = Ctnr(id=None, name="no_admin")
self.ctnr.save()
self.ctnr_user = CtnrUser(id=None, ctnr=self.ctnr, user=self.test_user, level=0)
self.ctnr_user.save()
# create container where user has admin
self.ctnr_admin = Ctnr(id=None, name="has_admin")
self.ctnr_admin.save()
self.ctnr_user_admin = CtnrUser(id=None, ctnr=self.ctnr_admin, user=self.test_user, level=1)
self.ctnr_user_admin.save()
# create container that is meant to stay empty
self.ctnr_empty = Ctnr(id=None, name="empty")
self.ctnr_empty.save()
self.ctnr_user_empty = CtnrUser(id=None, ctnr=self.ctnr_empty, user=self.test_user, level=1)
self.ctnr_user_empty.save()
class PermissionsTest(TestCase):
fixtures = ['initial_data.json']
def setUp(self):
self.test_user = User.objects.get_or_create(username='******', password='******')[0]
self.setup_request()
# Superuser.
self.superuser = User.objects.get(username='******')
# Cyder admin.
self.cyder_admin = User.objects.get_or_create(username='******', password='******')[0]
self.ctnr_global = Ctnr.objects.get(id=1)
self.ctnr_user_cyder_admin_global = CtnrUser(id=None, ctnr=self.ctnr_global, user=self.cyder_admin, level=2)
self.ctnr_user_cyder_admin_global.save()
# Admin.
self.ctnr_admin = Ctnr(id=None, name="admin")
self.ctnr_admin.save()
self.ctnr_user_admin = CtnrUser(id=None, ctnr=self.ctnr_admin, user=self.test_user, level=2)
self.ctnr_user_admin.save()
self.ctnr_user_cyder_admin = CtnrUser(id=None, ctnr=self.ctnr_admin, user=self.cyder_admin, level=2)
self.ctnr_user_cyder_admin.save()
# User.
self.ctnr_user = Ctnr(id=None, name="user")
self.ctnr_user.save()
self.ctnr_user_user = CtnrUser(id=None, ctnr=self.ctnr_user, user=self.test_user, level=1)
self.ctnr_user_user.save()
# Guest.
self.ctnr_guest = Ctnr(id=None, name="guest")
self.ctnr_guest.save()
self.ctnr_user_guest = CtnrUser(id=None, ctnr=self.ctnr_guest, user=self.test_user, level=0)
self.ctnr_user_guest.save()
# Pleb.
self.pleb_user = User.objects.get_or_create(username='******', password='******')[0]
def test_soa_perms(self):
"""
Test SOA perms
"""
self.setup_request()
perm_table = {
'cyder_admin': ['all'],
'admin': ['view'],
'user': ['view'],
'guest': ['view'],
}
# initialize obj into ctnrs
obj = SOA()
obj.primary = '192.168.1.1'
obj.contact = '192.168.1.1'
obj.save()
domain = Domain(id=None, name='foo')
domain.soa = obj
domain.save()
self.ctnr_admin.domains.add(domain)
self.ctnr_user.domains.add(domain)
self.ctnr_guest.domains.add(domain)
self.save_all_ctnrs()
self.check_perms_each_user(obj, perm_table)
def test_domain_perms(self):
"""
Test domain perms
"""
self.setup_request()
perm_table = {
'cyder_admin': ['view', 'update'],
'admin': ['view', 'update'],
'user': ['view', 'update'],
'guest': ['view'],
}
# Initialize obj into ctnrs.
obj = Domain(id=None, name='foo')
obj.save()
self.ctnr_admin.domains.add(obj)
self.ctnr_user.domains.add(obj)
self.ctnr_guest.domains.add(obj)
self.save_all_ctnrs()
self.check_perms_each_user(obj, perm_table)
def test_domain_records_perms(self):
"""
Test common domain record perms (cname, mx, txt, srv, ns)
"""
self.setup_request()
perm_table = {
'cyder_admin': ['all'],
'admin': ['all'],
'user': ['all'],
'guest': ['view'],
}
# Initialize objs into ctnrs.
domain = Domain(id=None, name='foo')
domain.save()
self.ctnr_admin.domains.add(domain)
self.ctnr_user.domains.add(domain)
self.ctnr_guest.domains.add(domain)
self.save_all_ctnrs()
domain_records = []
domain_records.append(AddressRecord(domain=domain))
domain_records.append(CNAME(domain=domain))
domain_records.append(MX(domain=domain))
domain_records.append(SRV(domain=domain))
domain_records.append(TXT(domain=domain))
domain_records.append(Nameserver(domain=domain))
for obj in domain_records:
self.check_perms_each_user(obj, perm_table)
def setup_request(self):
"""
Utility function for flushing and setting up request object for testing
"""
self.request = HttpRequest()
self.request.user = self.test_user
self.request.session = SessionStore()
def save_all_ctnrs(self):
"""
Utility function that simply saves all of the defined ctnrs
Called after adding an object to each one
"""
self.ctnr_admin.save()
self.ctnr_user.save()
self.ctnr_guest.save()
def check_perms_each_user(self, obj, perm_table):
"""
Utility function for checking permissions
"""
# Superuser.
self.request.user = self.superuser
self.request.session['ctnr'] = self.ctnr_guest
self.assert_perms(obj, perm_table, 'superuser')
# Cyder admin.
self.request.user = self.cyder_admin
self.request.session['ctnr'] = self.ctnr_admin
self.assert_perms(obj, perm_table, 'cyder_admin')
# Admin.
self.request.user = self.test_user
self.request.session['ctnr'] = self.ctnr_admin
self.assert_perms(obj, perm_table, 'admin')
# User.
self.request.session['ctnr'] = self.ctnr_user
self.assert_perms(obj, perm_table, 'user')
# Guest.
self.request.session['ctnr'] = self.ctnr_guest
self.assert_perms(obj, perm_table, 'guest')
# Pleb.
self.request.user = self.pleb_user
self.assert_perms(obj, perm_table, 'pleb')
def assert_perms(self, obj, perm_table, user_level):
"""
Utility function that gets each type of permissions for an object and
asserts against perm table.
"""
create_perm = self.request.user.get_profile().has_perm(self.request, obj, 'create')
view_perm = self.request.user.get_profile().has_perm(self.request, obj, 'view')
update_perm = self.request.user.get_profile().has_perm(self.request, obj, 'update')
delete_perm = self.request.user.get_profile().has_perm(self.request, obj, 'delete')
actual_perms = {
'all': create_perm and view_perm and update_perm and delete_perm,
'create': create_perm,
'view': view_perm,
'update': update_perm,
'delete': delete_perm,
}
# Superuser.
actual_perms_list = [create_perm, view_perm, update_perm, delete_perm]
if user_level == 'superuser':
for perm in actual_perms_list:
self.assertTrue(perm,
"Superuser should automatically have all permissions"
)
return
# Pleb.
if not user_level in perm_table:
for actual_perm in actual_perms_list:
self.assertTrue(not actual_perm,
"%s should not have any permissions to %s"
% (user_level, obj.__class__.__name__)
)
return
# Get what permissions should be from permissions table.
test_perm_list = perm_table[user_level]
# Generically compare actual perms to what they should be (test_perm_list).
for perm_type, actual_perm in actual_perms.iteritems():
# If should have perm.
if perm_type in test_perm_list:
self.assertTrue(actual_perm,
"%s should have %s perms to %s"
% (user_level, perm_type, obj.__class__.__name__)
)
# If should not have perm.
elif 'all' not in test_perm_list:
self.assertTrue(not actual_perm,
"%s should not have %s perms to %s"
% (user_level, perm_type, obj.__class__.__name__)
)
from django.contrib.auth.models import User
from cyder.core.ctnr.models import Ctnr, CtnrUser
from cyder.cydns.domain.models import Domain
ctnr = Ctnr.objects.get(id=1)
domains = Domain.objects.filter(id__lte=3)
for domain in domains:
ctnr.domains.add(domain)
user = User.objects.get(username='******')
ctnr_user = CtnrUser(id=None, ctnr=ctnr, user=user, level=2)
ctnr_user.save()
ctnr.save()
def edit_user(request, username, action):
acting_user = User.objects.get(id=request.session['_auth_user_id'])
if acting_user.is_superuser is False:
return HttpResponse(json.dumps(
{'errors': {'__all__': 'You do not have superuser permissions'}}))
if acting_user.username == username:
return HttpResponse(json.dumps(
{'errors': {'__all__': 'You do not have permission to perform ' +
'this action'}}))
if action == 'Create':
user, _ = User.objects.get_or_create(username=username)
if _ is False:
return HttpResponse(json.dumps(
{'errors': {'__all__': 'A user with that username already ' +
'exists'}}))
user.save()
else:
try:
user = User.objects.get(username=username)
if action == 'Promote':
user.is_superuser = True
user.save()
try:
ctnruser = CtnrUser.objects.get(
user_id=user.id,
ctnr_id=Ctnr.objects.get(name='global').id)
ctnruser.level = 0
ctnruser.full_clean()
ctnruser.save()
except CtnrUser.DoesNotExist:
ctnruser = CtnrUser(
user_id=user.id,
ctnr_id=Ctnr.objects.get(name='global').id,
level=0)
ctnruser.full_clean()
ctnruser.save()
elif action == 'Demote':
user.is_superuser = False
user.save()
elif action == 'Delete':
ctnrs = CtnrUser.objects.filter(user_id=user.id)
for ctnr in ctnrs:
ctnr.delete()
user.delete()
else:
return HttpResponse(json.dumps(
{'errors': {'__all__': 'Unknown action'}}))
except:
return HttpResponse(json.dumps(
{'errors': {'__all__': 'An error occurred'}}))
return HttpResponse(json.dumps({'success': True}))
def login_session(request, username):
"""Logs in a user and sets up the session."""
try:
# Authenticate / login.
user = User.objects.get(username=username)
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
except User.DoesNotExist:
if not settings.TESTING:
messages.error(request, "User %s does not exist" % (username))
return request
try:
# Create user profile if needed.
request.user.get_profile()
except UserProfile.DoesNotExist:
profile = UserProfile(user=user)
profile.save()
try:
# Assign user to default ctnr if needed.
CtnrUser.objects.get(user=request.user,
ctnr_id=request.user.get_profile().default_ctnr)
except CtnrUser.DoesNotExist:
new_default_ctnr = Ctnr.objects.get(id=2)
if not CtnrUser.objects.filter(
user=request.user, ctnr=new_default_ctnr).exists():
CtnrUser(user=request.user, ctnr=new_default_ctnr, level=0).save()
# Set session ctnr.
default_ctnr = request.user.get_profile().default_ctnr
if default_ctnr:
request.session['ctnr'] = Ctnr.objects.get(id=default_ctnr.id)
else:
request.session['ctnr'] = Ctnr.objects.get(id=2)
if request.session['ctnr'].name == "default":
default_ctnr = Ctnr.objects.get(name="global")
request.session['ctnr'] = default_ctnr
# Set session ctnr level.
try:
level = CtnrUser.objects.get(user=request.user,
ctnr=default_ctnr).level
except CtnrUser.DoesNotExist:
level = LEVEL_GUEST
request.session['level'] = level
try:
CtnrUser.objects.get(user=request.user, ctnr=1)
ctnrs = Ctnr.objects.order_by("name")
except CtnrUser.DoesNotExist:
# Set ctnr list (to switch between).
ctnrs_user = CtnrUser.objects.filter(user=request.user)
ctnrs = ctnrs_user.values_list('ctnr', flat=True)
ctnrs = Ctnr.objects.filter(id__in=ctnrs).order_by('name')
global_ctnr = Ctnr.objects.get(id=1)
ctnrs = ctnrs.exclude(Q(id=2) | Q(id=1))
ctnrs = [global_ctnr] + list(ctnrs)
request.session['ctnrs'] = ctnrs
return request
class PermissionsTest(TestCase):
fixtures = ['core/users.json']
def setUp(self):
self.test_user = User.objects.create(username='******')
self.setup_request()
# Superuser.
self.superuser = User.objects.get(username='******')
# Cyder admin.
self.cyder_admin = User.objects.create(username='******')
self.ctnr_global = Ctnr.objects.get(id=1)
self.ctnr_user_cyder_admin_global = CtnrUser(id=None,
ctnr=self.ctnr_global,
user=self.cyder_admin,
level=2)
self.ctnr_user_cyder_admin_global.save()
# Admin.
self.ctnr_admin = Ctnr(id=None, name="admin")
self.ctnr_admin.save()
self.ctnr_user_admin = CtnrUser(id=None,
ctnr=self.ctnr_admin,
user=self.test_user,
level=2)
self.ctnr_user_admin.save()
self.ctnr_user_cyder_admin = CtnrUser(id=None,
ctnr=self.ctnr_admin,
user=self.cyder_admin,
level=2)
self.ctnr_user_cyder_admin.save()
# User.
self.ctnr_user = Ctnr(id=None, name="user")
self.ctnr_user.save()
self.ctnr_user_user = CtnrUser(id=None,
ctnr=self.ctnr_user,
user=self.test_user,
level=1)
self.ctnr_user_user.save()
# Guest.
self.ctnr_guest = Ctnr(id=None, name="guest")
self.ctnr_guest.save()
self.ctnr_user_guest = CtnrUser(id=None,
ctnr=self.ctnr_guest,
user=self.test_user,
level=0)
self.ctnr_user_guest.save()
# Pleb.
self.pleb_user = User.objects.create(username='******')
def test_soa_perms(self):
"""
Test SOA perms
"""
self.setup_request()
perm_table = {
'cyder_admin': ['all'],
'admin': [cy.ACTION_VIEW],
'user': [cy.ACTION_VIEW],
'guest': [cy.ACTION_VIEW],
}
# initialize obj into ctnrs
obj = SOA()
obj.primary = '192.168.1.1'
obj.contact = '192.168.1.1'
obj.save()
domain = Domain(id=None, name='foo')
domain.soa = obj
domain.save()
self.ctnr_admin.domains.add(domain)
self.ctnr_user.domains.add(domain)
self.ctnr_guest.domains.add(domain)
self.save_all_ctnrs()
self.check_perms_each_user(obj, perm_table)
def test_domain_perms(self):
"""
Test domain perms
"""
self.setup_request()
perm_table = {
'cyder_admin': [cy.ACTION_VIEW, cy.ACTION_UPDATE],
'admin': [cy.ACTION_VIEW, cy.ACTION_UPDATE],
'user': [cy.ACTION_VIEW, cy.ACTION_UPDATE],
'guest': [cy.ACTION_VIEW],
}
# Initialize obj into ctnrs.
obj = Domain(id=None, name='foo')
obj.save()
self.ctnr_admin.domains.add(obj)
self.ctnr_user.domains.add(obj)
self.ctnr_guest.domains.add(obj)
self.save_all_ctnrs()
self.check_perms_each_user(obj, perm_table)
def test_domain_records_perms(self):
"""
Test common domain record perms (cname, mx, txt, srv, ns)
"""
self.setup_request()
perm_table = {
'cyder_admin': ['all'],
'admin': ['all'],
'user': ['all'],
'guest': [cy.ACTION_VIEW],
}
# Initialize objs into ctnrs.
domain = Domain(id=None, name='foo')
domain.save()
self.ctnr_admin.domains.add(domain)
self.ctnr_user.domains.add(domain)
self.ctnr_guest.domains.add(domain)
self.save_all_ctnrs()
domain_records = []
domain_records.append(AddressRecord(domain=domain))
domain_records.append(CNAME(domain=domain))
domain_records.append(MX(domain=domain))
domain_records.append(SRV(domain=domain))
domain_records.append(TXT(domain=domain))
domain_records.append(Nameserver(domain=domain))
for obj in domain_records:
self.check_perms_each_user(obj, perm_table)
def setup_request(self):
"""
Utility function for flushing and setting up request object for testing
"""
self.request = HttpRequest()
self.request.user = self.test_user
self.request.session = SessionStore()
def save_all_ctnrs(self):
"""
Utility function that simply saves all of the defined ctnrs
Called after adding an object to each one
"""
self.ctnr_admin.save()
self.ctnr_user.save()
self.ctnr_guest.save()
def check_perms_each_user(self, obj, perm_table):
"""
Utility function for checking permissions
"""
# Superuser.
self.request.user = self.superuser
self.request.session['ctnr'] = self.ctnr_guest
self.assert_perms(obj, perm_table, 'superuser')
# Cyder admin.
self.request.user = self.cyder_admin
self.request.session['ctnr'] = self.ctnr_admin
self.assert_perms(obj, perm_table, 'cyder_admin')
# Admin.
self.request.user = self.test_user
self.request.session['ctnr'] = self.ctnr_admin
self.assert_perms(obj, perm_table, 'admin')
# User.
self.request.session['ctnr'] = self.ctnr_user
self.assert_perms(obj, perm_table, 'user')
# Guest.
self.request.session['ctnr'] = self.ctnr_guest
self.assert_perms(obj, perm_table, 'guest')
# Pleb.
self.request.user = self.pleb_user
self.assert_perms(obj, perm_table, 'pleb')
def assert_perms(self, obj, perm_table, user_level):
"""
Utility function that gets each type of permissions for an object and
asserts against perm table.
"""
create_perm = self.request.user.get_profile().has_perm(
self.request, cy.ACTION_CREATE, obj=obj)
view_perm = self.request.user.get_profile().has_perm(self.request,
cy.ACTION_VIEW,
obj=obj)
update_perm = self.request.user.get_profile().has_perm(
self.request, cy.ACTION_UPDATE, obj=obj)
delete_perm = self.request.user.get_profile().has_perm(
self.request, cy.ACTION_DELETE, obj=obj)
actual_perms = {
'all': create_perm and view_perm and update_perm and delete_perm,
cy.ACTION_CREATE: create_perm,
cy.ACTION_VIEW: view_perm,
cy.ACTION_UPDATE: update_perm,
cy.ACTION_DELETE: delete_perm,
}
# Superuser.
actual_perms_list = [create_perm, view_perm, update_perm, delete_perm]
if user_level == 'superuser':
for perm in actual_perms_list:
self.assertTrue(perm, "Superuser should have all permissions")
return
# Pleb.
if not user_level in perm_table:
for actual_perm in actual_perms_list:
self.assertTrue(
not actual_perm,
"%s should not have any permissions to %s" %
(user_level, obj.__class__.__name__))
return
# Get what permissions should be from permissions table.
test_perm_list = perm_table[user_level]
# Generically compare actual perms to what they should be
# (test_perm_list).
for perm_type, actual_perm in actual_perms.iteritems():
# If should have perm.
if perm_type in test_perm_list:
self.assertTrue(
actual_perm, "%s should have %s perms to %s" %
(user_level, perm_type, obj.__class__.__name__))
# If should not have perm.
elif 'all' not in test_perm_list:
self.assertTrue(
not actual_perm, "%s should not have %s perms to %s" %
(user_level, perm_type, obj.__class__.__name__))
class CtnrPermissionsTest(TestCase):
fixtures = ['initial_data.json']
def setUp(self):
# test user is for tests only
self.test_user = User.objects.get_or_create(username='******', password='******')[0]
# development user exists as fixture, has admin to all ctnrs
self.dev_user = User.objects.get(username='******')
# create container where user has no admin
self.ctnr = Ctnr(id=None, name="no_admin")
self.ctnr.save()
self.ctnr_user = CtnrUser(id=None, ctnr=self.ctnr, user=self.test_user, level=0)
self.ctnr_user.save()
# create container where user has admin
self.ctnr_admin = Ctnr(id=None, name="has_admin")
self.ctnr_admin.save()
self.ctnr_user_admin = CtnrUser(id=None, ctnr=self.ctnr_admin, user=self.test_user, level=1)
self.ctnr_user_admin.save()
# create container that is meant to stay empty
self.ctnr_empty = Ctnr(id=None, name="empty")
self.ctnr_empty.save()
self.ctnr_user_empty = CtnrUser(id=None, ctnr=self.ctnr_empty, user=self.test_user, level=1)
self.ctnr_user_empty.save()
def test_session_has_ctnr_dev(self):
"""
Test middleware sets session ctnr on log in
Precondition: no session container
Postcondition: session container
"""
request = HttpRequest()
request.user = AnonymousUser()
request.session = SessionStore()
dev_middleware = DevAuthenticationMiddleware()
dev_middleware.process_request(request)
self.assertTrue('ctnr' in request.session)
def test_ctnr_domain(self):
"""
Test being in ctnr /w domain gives appropriate perms
Precondition: domain in ctnr
Postcondition: has full perm to domain if admin, read only if not
"""
request = HttpRequest()
request.user = self.test_user
request.session = SessionStore()
request.session['ctnr'] = self.ctnr
# create domain, add domain to ctnr
domain = Domain(id=None, name='foo')
domain.save()
self.ctnr.domains.add(domain)
self.ctnr.save()
self.ctnr_admin.domains.add(domain)
self.ctnr_admin.save()
# checks where user is not admin
has_perm = self.test_user.get_profile().has_perm(request, domain, write=False)
self.assertTrue(has_perm, 'user should have read access')
has_perm = self.test_user.get_profile().has_perm(request, domain, write=True)
self.assertFalse(has_perm, 'user should not have write access')
# checks where user is admin
request.session['ctnr'] = self.ctnr_admin
has_perm = self.test_user.get_profile().has_perm(request, domain, write=False)
self.assertTrue(has_perm, 'user should have read access')
has_perm = self.test_user.get_profile().has_perm(request, domain, write=True)
self.assertTrue(has_perm, 'user should have write access')
# checks where obj not in ctnr
request.session['ctnr'] = self.ctnr_empty
has_perm = self.test_user.get_profile().has_perm(request, domain, write=False)
self.assertFalse(has_perm, 'user should not have read access')
has_perm = self.test_user.get_profile().has_perm(request, domain, write=True)
self.assertFalse(has_perm, 'user should not have write access')
def test_ctnr_reverse_domain(self):
"""
Test being in ctnr /w rdomain gives appropriate perms
Precondition: rdomain in ctnr
Postcondition: full perm if admin, read only if not
"""
request = HttpRequest()
request.user = self.test_user
request.session = SessionStore()
request.session['ctnr'] = self.ctnr
# create reverse domain, add reverse domain to ctnr
rdomain = ReverseDomain(id=None, name='128')
rdomain.save()
self.ctnr.reverse_domains.add(rdomain)
self.ctnr.save()
self.ctnr_admin.reverse_domains.add(rdomain)
self.ctnr_admin.save()
# checks where user is not admin
has_perm = self.test_user.get_profile().has_perm(request, rdomain, write=False)
self.assertTrue(has_perm, 'user should have read access')
has_perm = self.test_user.get_profile().has_perm(request, rdomain, write=True)
self.assertFalse(has_perm, 'user should not have write access')
# checks where user is admin
request.session = {'ctnr': self.ctnr_admin}
has_perm = self.test_user.get_profile().has_perm(request, rdomain, write=False)
self.assertTrue(has_perm, 'user should have read access')
has_perm = self.test_user.get_profile().has_perm(request, rdomain, write=True)
self.assertTrue(has_perm, 'user should have write access')
# checks where obj not in ctnr
request.session = {'ctnr': self.ctnr_empty}
has_perm = self.test_user.get_profile().has_perm(request, rdomain, write=False)
self.assertFalse(has_perm, 'user should not have read access')
has_perm = self.test_user.get_profile().has_perm(request, rdomain, write=True)
self.assertFalse(has_perm, 'user should not have write access')
def test_ctnr_domain_records(self):
"""
Test being in ctnr /w common domain records gives appropriate perms
common domain records: cname, mx, txt, srv
"""
request = HttpRequest()
request.user = self.test_user
request.session = SessionStore()
request.session['ctnr'] = self.ctnr
# create domain, add domain to ctnr
domain = Domain(id=None, name='foo')
domain.save()
self.ctnr.domains.add(domain)
self.ctnr.save()
self.ctnr_admin.domains.add(domain)
self.ctnr_admin.save()
domain_records = []
domain_records.append(AddressRecord(domain=domain))
domain_records.append(CNAME(domain=domain))
domain_records.append(MX(domain=domain))
domain_records.append(Nameserver(domain=domain))
domain_records.append(SRV(domain=domain))
domain_records.append(TXT(domain=domain))
for record in domain_records:
# checks where user is not admin
request.session = {'ctnr': self.ctnr}
has_perm = self.test_user.get_profile().has_perm(request, record, write=False)
self.assertTrue(has_perm, 'user should have read access')
has_perm = self.test_user.get_profile().has_perm(request, record, write=True)
self.assertFalse(has_perm, 'user should not have write access')
# checks where user is admin
request.session = {'ctnr': self.ctnr_admin}
has_perm = self.test_user.get_profile().has_perm(request, record, write=False)
self.assertTrue(has_perm, 'user should have read access')
has_perm = self.test_user.get_profile().has_perm(request, record, write=True)
self.assertTrue(has_perm, 'user should have write access')
# checks where obj not in ctnr
request.session = {'ctnr': self.ctnr_empty}
has_perm = self.test_user.get_profile().has_perm(request, record, write=False)
self.assertFalse(has_perm, 'user should not have read access')
has_perm = self.test_user.get_profile().has_perm(request, record, write=True)
self.assertFalse(has_perm, 'user should not have write access')
def test_ctnr_rdomain_records(self):
"""
Test being in ctnr /w common domain records gives appropriate perms
common domain records: cname, mx, txt, srv
"""
request = HttpRequest()
request.user = self.test_user
request.session = SessionStore()
request.session['ctnr'] = self.ctnr
# create domain, add domain to ctnr
rdomain = ReverseDomain(id=None, name='128')
rdomain.save()
self.ctnr.reverse_domains.add(rdomain)
self.ctnr.save()
self.ctnr_admin.reverse_domains.add(rdomain)
self.ctnr_admin.save()
rdomain_records = []
rdomain_records.append(PTR(reverse_domain=rdomain))
rdomain_records.append(ReverseNameserver(reverse_domain=rdomain))
for record in rdomain_records:
# checks where user is not admin
request.session = {'ctnr': self.ctnr}
has_perm = self.test_user.get_profile().has_perm(request, record, write=False)
self.assertTrue(has_perm, 'user should have read access')
has_perm = self.test_user.get_profile().has_perm(request, record, write=True)
self.assertFalse(has_perm, 'user should not have write access')
# checks where user is admin
request.session = {'ctnr': self.ctnr_admin}
has_perm = self.test_user.get_profile().has_perm(request, record, write=False)
self.assertTrue(has_perm, 'user should have read access')
has_perm = self.test_user.get_profile().has_perm(request, record, write=True)
self.assertTrue(has_perm, 'user should have write access')
# checks where obj not in ctnr
request.session = {'ctnr': self.ctnr_empty}
has_perm = self.test_user.get_profile().has_perm(request, record, write=False)
self.assertFalse(has_perm, 'user should not have read access')
has_perm = self.test_user.get_profile().has_perm(request, record, write=True)
self.assertFalse(has_perm, 'user should not have write access')
def test_ctnr_rdomain_records(self):
"""
Test being in ctnr /w common domain records gives appropriate perms
common domain records: cname, mx, txt, srv
"""
request = HttpRequest()
request.user = self.test_user
request.session = SessionStore()
request.session['ctnr'] = self.ctnr
# create domain, add domain to ctnr
rdomain = ReverseDomain(id=None, name='128')
rdomain.save()
self.ctnr.reverse_domains.add(rdomain)
self.ctnr.save()
self.ctnr_admin.reverse_domains.add(rdomain)
self.ctnr_admin.save()
rdomain_records = []
rdomain_records.append(PTR(reverse_domain=rdomain))
rdomain_records.append(ReverseNameserver(reverse_domain=rdomain))
for record in rdomain_records:
# checks where user is not admin
request.session = {'ctnr': self.ctnr}
has_perm = self.test_user.get_profile().has_perm(request, record, write=False)
self.assertTrue(has_perm, 'user should have read access')
has_perm = self.test_user.get_profile().has_perm(request, record, write=True)
self.assertFalse(has_perm, 'user should not have write access')
# checks where user is admin
request.session = {'ctnr': self.ctnr_admin}
has_perm = self.test_user.get_profile().has_perm(request, record, write=False)
self.assertTrue(has_perm, 'user should have read access')
has_perm = self.test_user.get_profile().has_perm(request, record, write=True)
self.assertTrue(has_perm, 'user should have write access')
# checks where obj not in ctnr
request.session = {'ctnr': self.ctnr_empty}
has_perm = self.test_user.get_profile().has_perm(request, record, write=False)
self.assertFalse(has_perm, 'user should not have read access')
has_perm = self.test_user.get_profile().has_perm(request, record, write=True)
self.assertFalse(has_perm, 'user should not have write access')
def test_ctnr_soa(self):
"""
Test being in ctnr /w soa record gives appropriate perms
"""
request = HttpRequest()
request.user = self.test_user
request.session = SessionStore()
request.session['ctnr'] = self.ctnr
# create domain with soa, add domain to ctnr
soa = SOA()
soa.primary = '192.168.1.1'
soa.contact = '192.168.1.1'
soa.save()
domain = Domain(id=None, name='foo')
domain.soa = soa
domain.save()
self.ctnr.domains.add(domain)
self.ctnr.save()
self.ctnr_admin.domains.add(domain)
self.ctnr_admin.save()
# checks where user is not admin
has_perm = self.test_user.get_profile().has_perm(request, soa, write=False)
self.assertTrue(has_perm, 'user should have read access')
has_perm = self.test_user.get_profile().has_perm(request, soa, write=True)
self.assertFalse(has_perm, 'user should not have write access')
# checks where user is admin
request.session = {'ctnr': self.ctnr_admin}
has_perm = self.test_user.get_profile().has_perm(request, soa, write=False)
self.assertTrue(has_perm, 'user should have read access')
has_perm = self.test_user.get_profile().has_perm(request, soa, write=True)
self.assertTrue(has_perm, 'user should have write access')
# checks where obj not in ctnr
request.session = {'ctnr': self.ctnr_empty}
has_perm = self.test_user.get_profile().has_perm(request, soa, write=False)
self.assertFalse(has_perm, 'user should not have read access')
has_perm = self.test_user.get_profile().has_perm(request, soa, write=True)
self.assertFalse(has_perm, 'user should not have write access')
from django.contrib.auth.models import User
from cyder.core.ctnr.models import Ctnr, CtnrUser
from cyder.cydns.domain.models import Domain
ctnr = Ctnr.objects.get(id=1)
domains = Domain.objects.filter(id__lte=3)
for domain in domains:
ctnr.domains.add(domain)
user = User.objects.get(username='******')
ctnr_user = CtnrUser(id=None, ctnr=ctnr, user=user, level=2)
ctnr_user.save()
ctnr.save()
