def get_public_key_permissions(session, public_key):
# type: (Session, PublicKey) -> List[Permission]
"""Returns the permissions that this public key has. Namely, this the set of permissions
that the public key's owner has, intersected with the permissions allowed by this key's
tags
Returns:
a list of all permissions this public key has
"""
# TODO: Fix circular dependency
from grouper.permissions import permission_intersection
my_perms = user_permissions(session, public_key.user)
for tag in get_public_key_tags(session, public_key):
my_perms = permission_intersection(
my_perms, get_public_key_tag_permissions(session, tag))
return list(my_perms)
def get_public_key_permissions(session, public_key):
# type: (Session, PublicKey) -> List[Permission]
"""Returns the permissions that this public key has. Namely, this the set of permissions
that the public key's owner has, intersected with the permissions allowed by this key's
tags
Returns:
a list of all permissions this public key has
"""
# TODO: Fix circular dependency
from grouper.permissions import permission_intersection
my_perms = user_permissions(session, public_key.user)
for tag in get_public_key_tags(session, public_key):
my_perms = permission_intersection(my_perms,
get_public_key_tag_permissions(session, tag))
return list(my_perms)
def test_permission_intersection(standard_graph, session, users, groups, permissions):
p = namedtuple("Permission", ["name", "argument"])
astar = p("a", "*")
ar = p("a", "r")
at = p("a", "t")
aundef = p("a", "")
bstar = p("b", "*")
br = p("b", "r")
cstar = p("c", "*")
cr = p("c", "r")
assert permission_intersection([astar], [astar]) == set([astar]), "The intersection of two identical lists should be the set of the contents of the list"
assert permission_intersection([ar], [ar]) == set([ar]), "The intersection of two identical lists should be the set of the contents of the list"
assert permission_intersection([astar], [ar]) == set([ar]), "The intersection of perm, * with perm, blah should be perm, blah"
assert permission_intersection([ar], [astar]) == set([ar]), "The intersection of perm, blah with perm, * should be perm, blah"
assert permission_intersection([astar], [bstar]) == set(), "The intersection of two disjoint lists should be the empty set"
assert permission_intersection([ar], [br]) == set(), "The intersection of two disjoint lists should be the empty set"
assert permission_intersection([ar], [at]) == set(), "The intersection of two disjoint lists should be the empty set"
assert permission_intersection([astar], [ar, at]) == set([ar, at]), "Wildcards should result in all applicable permissions being in the result"
assert permission_intersection([aundef], [ar, at]) == set([aundef]), "Unargumented permissions are always granted by argumented permissions"
assert permission_intersection([ar, at], [aundef]) == set([aundef]), "Unargumented permissions are always granted by argumented permissions"
assert permission_intersection([astar, ar, br, cr], [at, bstar, cr]) == set([at, br, cr]), "This should work"
def test_permission_intersection(
standard_graph, session, users, groups, permissions # noqa: F811
):
p = namedtuple("Permission", ["name", "argument"])
astar = p("a", "*")
ar = p("a", "r")
at = p("a", "t")
aundef = p("a", "")
bstar = p("b", "*")
br = p("b", "r")
cr = p("c", "r")
assert permission_intersection([astar], [astar]) == set(
[astar]
), "The intersection of two identical lists should be the set of the contents of the list"
assert permission_intersection([ar], [ar]) == set(
[ar]
), "The intersection of two identical lists should be the set of the contents of the list"
assert permission_intersection([astar], [ar]) == set(
[ar]
), "The intersection of perm, * with perm, blah should be perm, blah"
assert permission_intersection([ar], [astar]) == set(
[ar]
), "The intersection of perm, blah with perm, * should be perm, blah"
assert (
permission_intersection([astar], [bstar]) == set()
), "The intersection of two disjoint lists should be the empty set"
assert (
permission_intersection([ar], [br]) == set()
), "The intersection of two disjoint lists should be the empty set"
assert (
permission_intersection([ar], [at]) == set()
), "The intersection of two disjoint lists should be the empty set"
assert permission_intersection([astar], [ar, at]) == set(
[ar, at]
), "Wildcards should result in all applicable permissions being in the result"
assert permission_intersection([aundef], [ar, at]) == set(
[aundef]
), "Unargumented permissions are always granted by argumented permissions"
assert permission_intersection([ar, at], [aundef]) == set(
[aundef]
), "Unargumented permissions are always granted by argumented permissions"
assert permission_intersection([astar, ar, br, cr], [at, bstar, cr]) == set(
[at, br, cr]
), "This should work"