def testGroupOverObjPermissions(self, gatewaywrapper): """ Object accesss must be dependent only of group permissions """ # Author gatewaywrapper.loginAsAuthor() # create group with rw---- # create project and annotation in that group p = dbhelpers.ProjectEntry( 'testAnnotationPermissions', None, create_group='testAnnotationPermissions', group_perms='rw----') try: p = p.create(gatewaywrapper.gateway) except dbhelpers.BadGroupPermissionsException: gatewaywrapper.loginAsAdmin() admin = gatewaywrapper.gateway.getAdminService() group = admin.lookupGroup('testAnnotationPermissions') group_as_target = {'ExperimenterGroup': [group.id.val]} chmod = omero.cmd.Chmod2(targetObjects=group_as_target, permissions='rw----') gatewaywrapper.gateway.c.submit(chmod) gatewaywrapper.loginAsAuthor() p = p.create(gatewaywrapper.gateway) pid = p.getId() g = p.getDetails().getGroup()._obj try: # Admin # add User to group gatewaywrapper.loginAsUser() uid = gatewaywrapper.gateway.getUserId() gatewaywrapper.loginAsAdmin() admin = gatewaywrapper.gateway.getAdminService() admin.addGroups(omero.model.ExperimenterI(uid, False), [g]) # User # try to read project and annotation, which fails gatewaywrapper.loginAsUser() gatewaywrapper.gateway.SERVICE_OPTS.setOmeroGroup('-1') assert gatewaywrapper.gateway.getObject('project', pid) is None # Admin # Chmod project to rwrw-- gatewaywrapper.loginAsAdmin() group_as_target = {'ExperimenterGroup': [g.id.val]} chmod = omero.cmd.Chmod2(targetObjects=group_as_target, permissions='rwrw--') gatewaywrapper.gateway.c.submit(chmod) # Author # check project has proper permissions gatewaywrapper.loginAsAuthor() gatewaywrapper.gateway.SERVICE_OPTS.setOmeroGroup('-1') pa = gatewaywrapper.gateway.getObject('project', pid) assert pa is not None # User # read project and annotation gatewaywrapper.loginAsUser() gatewaywrapper.gateway.SERVICE_OPTS.setOmeroGroup('-1') assert gatewaywrapper.gateway.getObject( 'project', pid) is not None finally: gatewaywrapper.loginAsAuthor() handle = gatewaywrapper.gateway.deleteObjects( 'Project', [p.getId()], deleteAnns=True, deleteChildren=True) gatewaywrapper.waitOnCmd(gatewaywrapper.gateway.c, handle)
def testGroupOverObjPermissions(self): """ Object accesss must be dependent only of group permissions """ ns = 'omero.test.ns' # Author self.loginAsAuthor() # create group with rw---- # create project and annotation in that group p = dbhelpers.ProjectEntry('testAnnotationPermissions', None, create_group='testAnnotationPermissions', group_perms='rw----') try: p = p.create(self.gateway) except dbhelpers.BadGroupPermissionsException: self.loginAsAdmin() admin = self.gateway.getAdminService() admin.changePermissions( admin.lookupGroup('testAnnotationPermissions'), omero.model.PermissionsI('rw----')) self.loginAsAuthor() p = p.create(self.gateway) pid = p.getId() g = p.getDetails().getGroup()._obj try: # Admin # add User to group self.loginAsUser() uid = self.gateway.getUserId() self.loginAsAdmin() admin = self.gateway.getAdminService() admin.addGroups(omero.model.ExperimenterI(uid, False), [g]) # User # try to read project and annotation, which fails self.loginAsUser() self.gateway.SERVICE_OPTS.setOmeroGroup('-1') self.assertEqual(self.gateway.getObject('project', pid), None) # Admin # Chmod project to rwrw-- self.loginAsAdmin() admin = self.gateway.getAdminService() admin.changePermissions(g, omero.model.PermissionsI('rwrw--')) # Author # check project has proper permissions self.loginAsAuthor() self.gateway.SERVICE_OPTS.setOmeroGroup('-1') pa = self.gateway.getObject('project', pid) self.assertNotEqual(pa, None) # User # read project and annotation self.loginAsUser() self.gateway.SERVICE_OPTS.setOmeroGroup('-1') self.assertNotEqual(self.gateway.getObject('project', pid), None) finally: self.loginAsAuthor() handle = self.gateway.deleteObjects('Project', [p.getId()], deleteAnns=True, deleteChildren=True) self.waitOnCmd(self.gateway.c, handle)
""" import omero from omero.rtypes import rstring from omero.gateway.scripts import dbhelpers dbhelpers.USERS = { 'user': dbhelpers.UserEntry('weblitz_test_user', 'foobar', 'User', 'Weblitz'), 'author': dbhelpers.UserEntry('weblitz_test_author', 'foobar', 'Author', 'Weblitz'), } dbhelpers.PROJECTS = { 'testpr1': dbhelpers.ProjectEntry('weblitz_test_priv_project', 'author'), 'testpr2': dbhelpers.ProjectEntry('weblitz_test_priv_project2', 'author'), } dbhelpers.DATASETS = { 'testds1': dbhelpers.DatasetEntry('weblitz_test_priv_dataset', 'testpr1'), 'testds2': dbhelpers.DatasetEntry('weblitz_test_priv_dataset2', 'testpr1'), 'testds3': dbhelpers.DatasetEntry('weblitz_test_priv_dataset3', 'testpr2'), } dbhelpers.IMAGES = { 'testimg1': dbhelpers.ImageEntry('weblitz_test_priv_image', 'CHOBI_d3d.dv', 'testds1'), 'testimg2': dbhelpers.ImageEntry('weblitz_test_priv_image2', 'CHOBI_d3d.dv', 'testds1'),
def setUp(self): # read-only users & data def ReadOnly(key, admin=False, groupowner=False): dbhelpers.USERS['read_only_%s' % key] = dbhelpers.UserEntry( "r-_%s" % key, 'ome', firstname='chmod', lastname='test', groupname="ReadOnly_chmod_test", groupperms=READONLY, groupowner=groupowner, admin=admin) ReadOnly('owner') ReadOnly('user') ReadOnly('admin', admin=True) ReadOnly('leader', groupowner=True) dbhelpers.PROJECTS['read_only_proj'] = dbhelpers.ProjectEntry( 'read_only_proj', 'read_only_owner') dbhelpers.PROJECTS['read_only_proj_2'] = dbhelpers.ProjectEntry( 'read_only_proj_2', 'read_only_owner') # read-annotate users & data def ReadAnn(key, admin=False, groupowner=False): dbhelpers.USERS['read_ann_%s' % key] = dbhelpers.UserEntry( "ra_%s" % key, 'ome', firstname='chmod', lastname='test', groupname="ReadAnn_chmod_test", groupperms=READANN, groupowner=groupowner, admin=admin) ReadAnn('owner') ReadAnn('user') ReadAnn('admin', admin=True) ReadAnn('leader', groupowner=True) dbhelpers.PROJECTS['read_ann_proj'] = dbhelpers.ProjectEntry( 'read_ann_proj', 'read_ann_owner') # read-write users & data def ReadWrite(key, admin=False, groupowner=False): dbhelpers.USERS['read_write_%s' % key] = dbhelpers.UserEntry( "rw_%s" % key, 'ome', firstname='chmod', lastname='test', groupname="ReadWrite_chmod_test", groupperms=READWRITE, groupowner=groupowner, admin=admin) ReadWrite('owner') ReadWrite('user') ReadWrite('admin', admin=True) ReadWrite('leader', groupowner=True) dbhelpers.PROJECTS['read_write_proj'] = dbhelpers.ProjectEntry( 'read_write_proj', 'read_write_owner') # Calling the superclass setUp processes the dbhelpers.USERS and dbhelpers.PROJECTS etc to populate DB super(CustomUsersTest, self).setUp()