예제 #1
0
 def test_acl_elem(self):
     acl = ACLPrivate(Owner(id='test:tester', name='test:tester'))
     elem = acl.elem()
     self.assertTrue(elem.find('./Owner') is not None)
     self.assertTrue(elem.find('./AccessControlList') is not None)
     grants = [e for e in elem.findall('./AccessControlList/Grant')]
     self.assertEqual(len(grants), 1)
     self.assertEqual(grants[0].find('./Grantee/ID').text, 'test:tester')
     self.assertEqual(grants[0].find('./Grantee/DisplayName').text,
                      'test:tester')
예제 #2
0
 def test_acl_from_elem_by_id_only(self):
     elem = ACLPrivate(Owner(id='test:tester', name='test:tester')).elem()
     elem.find('./Owner').remove(elem.find('./Owner/DisplayName'))
     acl = ACL.from_elem(elem)
     self.assertTrue(self.check_permission(acl, 'test:tester', 'READ'))
     self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE'))
     self.assertTrue(self.check_permission(acl, 'test:tester', 'READ_ACP'))
     self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE_ACP'))
     self.assertFalse(self.check_permission(acl, 'test:tester2', 'READ'))
     self.assertFalse(self.check_permission(acl, 'test:tester2', 'WRITE'))
     self.assertFalse(self.check_permission(acl, 'test:tester2',
                                            'READ_ACP'))
     self.assertFalse(
         self.check_permission(acl, 'test:tester2', 'WRITE_ACP'))
예제 #3
0
 def test_acl_from_elem(self):
     # check translation from element
     acl = ACLPrivate(Owner(id='test:tester', name='test:tester'))
     elem = acl.elem()
     acl = ACL.from_elem(elem)
     self.assertTrue(self.check_permission(acl, 'test:tester', 'READ'))
     self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE'))
     self.assertTrue(self.check_permission(acl, 'test:tester', 'READ_ACP'))
     self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE_ACP'))
     self.assertFalse(self.check_permission(acl, 'test:tester2', 'READ'))
     self.assertFalse(self.check_permission(acl, 'test:tester2', 'WRITE'))
     self.assertFalse(self.check_permission(acl, 'test:tester2',
                                            'READ_ACP'))
     self.assertFalse(
         self.check_permission(acl, 'test:tester2', 'WRITE_ACP'))
예제 #4
0
 def test_bucket_acl_PUT_with_other_owner(self):
     req = Request.blank('/bucket?acl',
                         environ={'REQUEST_METHOD': 'PUT'},
                         headers={
                             'Authorization': 'OSS test:tester:hmac',
                             'Date': self.get_date_header()
                         },
                         body=tostring(
                             ACLPrivate(
                                 Owner(id='test:other',
                                       name='test:other')).elem()))
     status, headers, body = self.call_oss2swift(req)
     if not body:
         body='<?xml version="1.0" ?>' \
                 '<Error xmlns="http://doc.oss-cn-hangzhou.aliyuncs.com">' \
                     '<Code>'\
                         'AccessDenied'\
                     '</Code>'\
                     '<Message>'\
                         'Query-string authentication requires the Signature, Expires and OSSAccessKeyId parameters'\
                     '</Message>'\
                     '<RequestId>'\
                         '1D842BC5425544BB'\
                     '</RequestId>'\
                     '<HostId>'\
                         'oss-cn-hangzhou.aliyuncs.com'\
                     '</HostId>'\
                 '</Error>'
     self.assertEqual(self._get_error_code(body), 'AccessDenied')
예제 #5
0
    def test_encode_acl_object(self):
        acl = ACLPrivate(Owner(id='test:tester', name='test:tester'))
        acp = encode_acl('object', acl)
        header_value = json.loads(acp[sysmeta_header('object', 'acl')])

        self.assertTrue('Owner' in header_value)
        self.assertTrue('Grant' in header_value)
        self.assertEqual('test:tester', header_value['Owner'])
        self.assertEqual(len(header_value['Grant']), 1)
예제 #6
0
    def test_acl_private(self):
        acl = ACLPrivate(Owner(id='test:tester', name='test:tester'))

        self.assertTrue(self.check_permission(acl, 'test:tester', 'READ'))
        self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE'))
        self.assertTrue(self.check_permission(acl, 'test:tester', 'READ_ACP'))
        self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE_ACP'))
        self.assertFalse(self.check_permission(acl, 'test:tester2', 'READ'))
        self.assertFalse(self.check_permission(acl, 'test:tester2', 'WRITE'))
        self.assertFalse(self.check_permission(acl, 'test:tester2',
                                               'READ_ACP'))
        self.assertFalse(
            self.check_permission(acl, 'test:tester2', 'WRITE_ACP'))
예제 #7
0
 def test_grant_with_both_header_and_xml(self):
     req = Request.blank('/bucket/object?acl',
                         environ={'REQUEST_METHOD': 'PUT'},
                         headers={
                             'Authorization': 'OSS test:tester:hmac',
                             'Date': self.get_date_header(),
                             'x-oss-grant-full-control': 'id=test:tester'
                         },
                         body=tostring(
                             ACLPrivate(
                                 Owner(id='test:tester',
                                       name='test:tester')).elem()))
     status, headers, body = self.call_oss2swift(req)
     self.assertEqual(self._get_error_code(body), 'UnexpectedContent')