def load_usergroups(self, usersgroupsauthorisor):
dbusers = self._storage_engine.session.query(AuthoriseUser)
for dbuser in dbusers:
user = User(dbuser.name)
dbuserroles = self._storage_engine.session.query(UserRole).filter(
UserRole.user == dbuser.name)
for dbuserrole in dbuserroles:
user.add_role(dbuserrole.role)
dbusergroups = self._storage_engine.session.query(
UserGroup).filter(UserGroup.user == dbuser.name)
for dbusergroup in dbusergroups:
user.add_group(dbusergroup.group)
usersgroupsauthorisor.users[user.userid] = user
groups = self._storage_engine.session.query(AuthoriseGroup)
for dbgroup in groups:
group = Group(dbgroup.name)
groupusers = self._storage_engine.session.query(GroupUser).filter(
GroupUser.group == dbgroup.name)
for dbgroupuser in groupusers:
group.add_user(dbgroupuser.user)
groupgroups = self._storage_engine.session.query(
GroupGroup).filter(GroupGroup.group == dbgroup.name)
for dbgroupgroup in groupgroups:
group.add_group(dbgroupgroup.subgroup)
grouproles = self._storage_engine.session.query(GroupRole).filter(
GroupRole.group == dbgroup.name)
for dbgrouprole in grouproles:
group.add_role(dbgrouprole.role)
usersgroupsauthorisor.groups[group.groupid] = group
self._combine_users_and_groups(usersgroupsauthorisor)
def test_users_and_groups(self):
user1 = User("keith")
user1.roles.append("admin1")
self.assertTrue(user1.has_role("admin1"))
self.assertFalse(user1.has_role("adminx"))
group1 = Group("sysadmin")
group1.roles.append("admin2")
self.assertTrue(group1.has_role("admin2"))
group2 = Group("operations")
group2.roles.append("audit")
group1.groups.append(group2)
user2 = User("fred")
user2.groups.append(group1)
user2.roles.append("admin3")
self.assertTrue(user2.has_group("sysadmin"))
self.assertTrue(user2.has_role("admin2"))
self.assertTrue(user2.has_role("admin3"))
self.assertFalse(user2.has_role("adminx"))
def test_load_groups_group_groups_duplicates(self):
group = Group("sysadmin")
store = UserGroupsStore()
yaml_data = yaml.load("""
groups:
su, su
""", Loader=yaml.FullLoader)
store._load_groups_group_groups(yaml_data, group, "sysadmin")
self.assertTrue("su" in group.groups)
def test_load_groups_group_users_duplicates(self):
group = Group("sysadmin")
store = UserGroupsStore()
yaml_data = yaml.load("""
users:
user1, user2, user1
""", Loader=yaml.FullLoader)
store._load_groups_group_users(yaml_data, group, "sysadmin")
self.assertTrue("user1" in group.users)
self.assertTrue("user2" in group.users)
def _load_groups_group(self, yaml_data, group_name, usergroups):
group = Group(group_name)
yaml_obj = yaml_data['groups'][group_name]
if 'roles' in yaml_obj:
self._load_groups_group_roles(yaml_obj, group, group_name)
if 'groups' in yaml_obj:
self._load_groups_group_groups(yaml_obj, group, group_name)
if 'users' in yaml_obj:
self._load_groups_group_users(yaml_obj, group, group_name)
usergroups.groups[group.groupid] = group
def test_load_groups_group_roles_duplicates(self):
group = Group("sysadmin")
store = UserGroupsStore()
yaml_data = yaml.load("""
roles:
role1, role2, role3, role1, role3
""", Loader=yaml.FullLoader)
store._load_groups_group_roles(yaml_data, group, "sysadmin")
self.assertTrue("role1" in group.roles)
self.assertTrue("role2" in group.roles)
self.assertTrue("role3" in group.roles)
def test_authorisable(self):
authorisable = Authorisable("testid")
self.assertEqual("testid", authorisable._id)
self.assertEqual([], authorisable.roles)
self.assertEqual([], authorisable.groups)
self.assertEqual([], authorisable.available_roles())
self.assertFalse(authorisable.has_role("user"))
self.assertFalse(authorisable.has_role("admin"))
self.assertFalse(authorisable.has_group("sysadmin"))
self.assertEqual([], authorisable.roles)
authorisable.add_role("user")
self.assertEqual(['user'], authorisable.roles)
authorisable.add_role("user")
self.assertEqual(['user'], authorisable.roles)
self.assertTrue(authorisable.has_role("user"))
group = Group("sysadmin")
group.roles.append("admin")
self.assertEqual([], authorisable.groups)
authorisable.add_group(group)
self.assertEqual([group], authorisable.groups)
authorisable.add_group(group)
self.assertEqual([group], authorisable.groups)
self.assertTrue(authorisable.has_group("sysadmin"))
self.assertTrue(authorisable.has_role("admin"))
self.assertEqual(['user', 'admin'], authorisable.available_roles())
group2 = Group("root")
self.assertFalse(authorisable.has_group("root"))
group.add_group(group2)
self.assertTrue(authorisable.has_group("root"))
def load_groups(self, yaml_data):
groups = {}
if 'groups' in yaml_data:
for group_name in yaml_data['groups'].keys():
group = Group(group_name)
yaml_obj = yaml_data['groups'][group_name]
if 'roles' in yaml_obj:
roles_list = yaml_obj['roles']
splits = roles_list.split(",")
for role_name in splits:
role_name = role_name.strip()
if role_name not in group.roles:
group.roles.append(role_name)
else:
if logging.getLogger().isEnabledFor(logging.DEBUG):
logging.debug(
"Role [%s] already exists in group [%s]",
role_name, group_name)
if 'groups' in yaml_obj:
groups_list = yaml_obj['groups']
splits = groups_list.split(",")
for element in splits:
inner_group_name = element.strip()
if inner_group_name not in group.groups:
group.groups.append(inner_group_name)
else:
if logging.getLogger().isEnabledFor(logging.DEBUG):
logging.debug(
"Group [%s] already exists in group [%s]",
inner_group_name, group_name)
if 'users' in yaml_obj:
users_list = yaml_obj['groups']
splits = users_list.split(",")
for user_name in splits:
user_name = user_name.strip()
if user_name not in group.users:
group.users.append(user_name)
else:
if logging.getLogger().isEnabledFor(logging.DEBUG):
logging.debug(
"User [%s] already exists in group [%s]",
user_name, group_name)
groups[group.groupid] = group
return groups
def test_users(self):
user = User("keith")
self.assertEqual("keith", user.userid)
user.roles.append("admin1")
self.assertTrue(user.has_role("admin1"))
self.assertFalse(user.has_role("adminx"))
group = Group("sysadmin")
self.assertFalse(group.has_user("keith"))
self.assertEqual([], user.groups)
user.add_to_group(group)
self.assertTrue(group.has_user("keith"))
self.assertEqual([group], user.groups)
user.add_to_group(group)
self.assertTrue(group.has_user("keith"))
self.assertEqual([group], user.groups)
def load_groups(self, yaml_data, usergroups):
if 'groups' in yaml_data:
for group_name in yaml_data['groups'].keys():
group = Group(group_name)
yaml_obj = yaml_data['groups'][group_name]
if 'roles' in yaml_obj:
roles_list = yaml_obj['roles']
splits = roles_list.split(",")
for role_name in splits:
role_name = role_name.strip()
if role_name not in group.roles:
group.roles.append(role_name)
else:
YLogger.debug(
self, "Role [%s] already exists in group [%s]",
role_name, group_name)
if 'groups' in yaml_obj:
groups_list = yaml_obj['groups']
splits = groups_list.split(",")
for element in splits:
inner_group_name = element.strip()
if inner_group_name not in group.groups:
group.groups.append(inner_group_name)
else:
YLogger.debug(
self,
"Group [%s] already exists in group [%s]",
inner_group_name, group_name)
if 'users' in yaml_obj:
users_list = yaml_obj['groups']
splits = users_list.split(",")
for user_name in splits:
user_name = user_name.strip()
if user_name not in group.users:
group.users.append(user_name)
else:
YLogger.debug(
self, "User [%s] already exists in group [%s]",
user_name, group_name)
usergroups.groups[group.groupid] = group
def test_groups(self):
group = Group("sysadmin")
self.assertEqual("sysadmin", group.groupid)
self.assertFalse(group.has_role("admin2"))
group.roles.append("admin2")
self.assertTrue(group.has_role("admin2"))
self.assertEqual([], group.users)
self.assertFalse(group.has_user("keith"))
self.assertFalse(group.has_user("fred"))
user = User("keith")
group.add_user(user)
self.assertEqual([user], group.users)
self.assertTrue(group.has_user("keith"))
self.assertFalse(group.has_user("fred"))
group.add_user(user)
self.assertEqual([user], group.users)