예제 #1
0
 def testGroupOverObjPermissions(self, gatewaywrapper):
     """ Object accesss must be dependent only of group permissions """
     # Author
     gatewaywrapper.loginAsAuthor()
     # create group with rw----
     # create project and annotation in that group
     p = dbhelpers.ProjectEntry(
         'testAnnotationPermissions', None,
         create_group='testAnnotationPermissions', group_perms='rw----')
     try:
         p = p.create(gatewaywrapper.gateway)
     except dbhelpers.BadGroupPermissionsException:
         gatewaywrapper.loginAsAdmin()
         admin = gatewaywrapper.gateway.getAdminService()
         group = admin.lookupGroup('testAnnotationPermissions')
         group_as_target = {'ExperimenterGroup': [group.id.val]}
         chmod = omero.cmd.Chmod2(targetObjects=group_as_target,
                                  permissions='rw----')
         gatewaywrapper.gateway.c.submit(chmod)
         gatewaywrapper.loginAsAuthor()
         p = p.create(gatewaywrapper.gateway)
     pid = p.getId()
     g = p.getDetails().getGroup()._obj
     try:
         # Admin
         # add User to group
         gatewaywrapper.loginAsUser()
         uid = gatewaywrapper.gateway.getUserId()
         gatewaywrapper.loginAsAdmin()
         admin = gatewaywrapper.gateway.getAdminService()
         admin.addGroups(omero.model.ExperimenterI(uid, False), [g])
         # User
         # try to read project and annotation, which fails
         gatewaywrapper.loginAsUser()
         gatewaywrapper.gateway.SERVICE_OPTS.setOmeroGroup('-1')
         assert gatewaywrapper.gateway.getObject('project', pid) is None
         # Admin
         # Chmod project to rwrw--
         gatewaywrapper.loginAsAdmin()
         group_as_target = {'ExperimenterGroup': [g.id.val]}
         chmod = omero.cmd.Chmod2(targetObjects=group_as_target,
                                  permissions='rwrw--')
         gatewaywrapper.gateway.c.submit(chmod)
         # Author
         # check project has proper permissions
         gatewaywrapper.loginAsAuthor()
         gatewaywrapper.gateway.SERVICE_OPTS.setOmeroGroup('-1')
         pa = gatewaywrapper.gateway.getObject('project', pid)
         assert pa is not None
         # User
         # read project and annotation
         gatewaywrapper.loginAsUser()
         gatewaywrapper.gateway.SERVICE_OPTS.setOmeroGroup('-1')
         assert gatewaywrapper.gateway.getObject(
             'project', pid) is not None
     finally:
         gatewaywrapper.loginAsAuthor()
         handle = gatewaywrapper.gateway.deleteObjects(
             'Project', [p.getId()], deleteAnns=True, deleteChildren=True)
         gatewaywrapper.waitOnCmd(gatewaywrapper.gateway.c, handle)
예제 #2
0
 def testGroupOverObjPermissions(self):
     """ Object accesss must be dependent only of group permissions """
     ns = 'omero.test.ns'
     # Author
     self.loginAsAuthor()
     # create group with rw----
     # create project and annotation in that group
     p = dbhelpers.ProjectEntry('testAnnotationPermissions',
                                None,
                                create_group='testAnnotationPermissions',
                                group_perms='rw----')
     try:
         p = p.create(self.gateway)
     except dbhelpers.BadGroupPermissionsException:
         self.loginAsAdmin()
         admin = self.gateway.getAdminService()
         admin.changePermissions(
             admin.lookupGroup('testAnnotationPermissions'),
             omero.model.PermissionsI('rw----'))
         self.loginAsAuthor()
         p = p.create(self.gateway)
     pid = p.getId()
     g = p.getDetails().getGroup()._obj
     try:
         # Admin
         # add User to group
         self.loginAsUser()
         uid = self.gateway.getUserId()
         self.loginAsAdmin()
         admin = self.gateway.getAdminService()
         admin.addGroups(omero.model.ExperimenterI(uid, False), [g])
         # User
         # try to read project and annotation, which fails
         self.loginAsUser()
         self.gateway.SERVICE_OPTS.setOmeroGroup('-1')
         self.assertEqual(self.gateway.getObject('project', pid), None)
         # Admin
         # Chmod project to rwrw--
         self.loginAsAdmin()
         admin = self.gateway.getAdminService()
         admin.changePermissions(g, omero.model.PermissionsI('rwrw--'))
         # Author
         # check project has proper permissions
         self.loginAsAuthor()
         self.gateway.SERVICE_OPTS.setOmeroGroup('-1')
         pa = self.gateway.getObject('project', pid)
         self.assertNotEqual(pa, None)
         # User
         # read project and annotation
         self.loginAsUser()
         self.gateway.SERVICE_OPTS.setOmeroGroup('-1')
         self.assertNotEqual(self.gateway.getObject('project', pid), None)
     finally:
         self.loginAsAuthor()
         handle = self.gateway.deleteObjects('Project', [p.getId()],
                                             deleteAnns=True,
                                             deleteChildren=True)
         self.waitOnCmd(self.gateway.c, handle)
예제 #3
0
"""

import omero
from omero.rtypes import rstring

from omero.gateway.scripts import dbhelpers

dbhelpers.USERS = {
    'user':
    dbhelpers.UserEntry('weblitz_test_user', 'foobar', 'User', 'Weblitz'),
    'author':
    dbhelpers.UserEntry('weblitz_test_author', 'foobar', 'Author', 'Weblitz'),
}

dbhelpers.PROJECTS = {
    'testpr1': dbhelpers.ProjectEntry('weblitz_test_priv_project', 'author'),
    'testpr2': dbhelpers.ProjectEntry('weblitz_test_priv_project2', 'author'),
}

dbhelpers.DATASETS = {
    'testds1': dbhelpers.DatasetEntry('weblitz_test_priv_dataset', 'testpr1'),
    'testds2': dbhelpers.DatasetEntry('weblitz_test_priv_dataset2', 'testpr1'),
    'testds3': dbhelpers.DatasetEntry('weblitz_test_priv_dataset3', 'testpr2'),
}

dbhelpers.IMAGES = {
    'testimg1':
    dbhelpers.ImageEntry('weblitz_test_priv_image', 'CHOBI_d3d.dv', 'testds1'),
    'testimg2':
    dbhelpers.ImageEntry('weblitz_test_priv_image2', 'CHOBI_d3d.dv',
                         'testds1'),
예제 #4
0
    def setUp(self):
        # read-only users & data
        def ReadOnly(key, admin=False, groupowner=False):
            dbhelpers.USERS['read_only_%s' % key] = dbhelpers.UserEntry(
                "r-_%s" % key,
                'ome',
                firstname='chmod',
                lastname='test',
                groupname="ReadOnly_chmod_test",
                groupperms=READONLY,
                groupowner=groupowner,
                admin=admin)

        ReadOnly('owner')
        ReadOnly('user')
        ReadOnly('admin', admin=True)
        ReadOnly('leader', groupowner=True)
        dbhelpers.PROJECTS['read_only_proj'] = dbhelpers.ProjectEntry(
            'read_only_proj', 'read_only_owner')
        dbhelpers.PROJECTS['read_only_proj_2'] = dbhelpers.ProjectEntry(
            'read_only_proj_2', 'read_only_owner')

        # read-annotate users & data
        def ReadAnn(key, admin=False, groupowner=False):
            dbhelpers.USERS['read_ann_%s' % key] = dbhelpers.UserEntry(
                "ra_%s" % key,
                'ome',
                firstname='chmod',
                lastname='test',
                groupname="ReadAnn_chmod_test",
                groupperms=READANN,
                groupowner=groupowner,
                admin=admin)

        ReadAnn('owner')
        ReadAnn('user')
        ReadAnn('admin', admin=True)
        ReadAnn('leader', groupowner=True)
        dbhelpers.PROJECTS['read_ann_proj'] = dbhelpers.ProjectEntry(
            'read_ann_proj', 'read_ann_owner')

        # read-write users & data
        def ReadWrite(key, admin=False, groupowner=False):
            dbhelpers.USERS['read_write_%s' % key] = dbhelpers.UserEntry(
                "rw_%s" % key,
                'ome',
                firstname='chmod',
                lastname='test',
                groupname="ReadWrite_chmod_test",
                groupperms=READWRITE,
                groupowner=groupowner,
                admin=admin)

        ReadWrite('owner')
        ReadWrite('user')
        ReadWrite('admin', admin=True)
        ReadWrite('leader', groupowner=True)
        dbhelpers.PROJECTS['read_write_proj'] = dbhelpers.ProjectEntry(
            'read_write_proj', 'read_write_owner')

        # Calling the superclass setUp processes the dbhelpers.USERS and dbhelpers.PROJECTS etc to populate DB
        super(CustomUsersTest, self).setUp()