def _validate_security_rules(self) -> None:
"""Checks if the security rules defined in the plugin configuration are valid boolean expressions or raises
a ConfigurationError exception otherwise."""
def _get_error_msg_for(rule_name: str) -> str:
return f"Invalid boolean expression for '{rule_name}' in {self.label} file source plugin configuration."
if self.requires_roles and not BooleanExpressionEvaluator.is_valid_expression(self.requires_roles):
raise ConfigurationError(_get_error_msg_for("requires_roles"))
if self.requires_groups and not BooleanExpressionEvaluator.is_valid_expression(self.requires_groups):
raise ConfigurationError(_get_error_msg_for("requires_groups"))
def contained_evaluator() -> BooleanExpressionEvaluator:
"""Boolean expression evaluator using the TokenContainedEvaluator.
All the tokens in TOKENS_THAT_ARE_TRUE will be evaluated to True and
any other token to False."""
token_evaluator = TokenContainedEvaluator(TOKENS_THAT_ARE_TRUE)
evaluator = BooleanExpressionEvaluator(token_evaluator, TOKEN_FORMAT)
return evaluator
def _evaluate_security_rules(self, rule_expression: str, user_credentials: Set[str]) -> bool:
token_evaluator = TokenContainedEvaluator(user_credentials)
evaluator = BooleanExpressionEvaluator(token_evaluator)
return evaluator.evaluate_expression(rule_expression)
def test_is_valid_expression_return_false_when_invalid(expr: str):
result = BooleanExpressionEvaluator.is_valid_expression(expr)
assert result is False
def test_is_valid_expression_return_true_when_valid(expr: str, _: bool):
result = BooleanExpressionEvaluator.is_valid_expression(expr)
assert result is True
def test_invalid_expression_raises_exception(
expr: str, contained_evaluator: BooleanExpressionEvaluator):
with pytest.raises(Exception):
contained_evaluator.evaluate_expression(expr)
def test_expression_evaluates_as_expected(
expr: str, expected: bool,
contained_evaluator: BooleanExpressionEvaluator):
actual = contained_evaluator.evaluate_expression(expr)
assert actual == expected