예제 #1
0
 def test_remove_user(self):
     u = self._create_user()
     r = self._create_role()
     authorization.add_user_to_role(r['name'], u['login'])
     authorization.remove_user_from_role(r['name'], u['login'])
     user_names = [u['login'] for u in authorization.list_users_in_role(r['name'])]
     self.assertFalse(u['login'] in user_names)
예제 #2
0
 def test_consumer_user_permissions(self):
     u = self._create_user()
     s = '/consumers/'
     r = authorization.consumer_users_role
     authorization.add_user_to_role(r, u['name'])
     self.assertTrue(authorization.is_authorized(s, u, authorization.CREATE))
     self.assertTrue(authorization.is_authorized(s, u, authorization.READ))
     self.assertFalse(authorization.is_authorized(s, u, authorization.UPDATE))
     self.assertFalse(authorization.is_authorized(s, u, authorization.DELETE))
     self.assertFalse(authorization.is_authorized(s, u, authorization.EXECUTE))
예제 #3
0
 def test_super_user_permissions(self):
     u = self._create_user()
     s = self._create_resource()
     r = authorization.super_user_role
     authorization.add_user_to_role(r, u['name'])
     self.assertTrue(authorization.is_authorized(s, u, authorization.CREATE))
     self.assertTrue(authorization.is_authorized(s, u, authorization.READ))
     self.assertTrue(authorization.is_authorized(s, u, authorization.UPDATE))
     self.assertTrue(authorization.is_authorized(s, u, authorization.DELETE))
     self.assertTrue(authorization.is_authorized(s, u, authorization.EXECUTE))
예제 #4
0
 def test_role_permission_delete(self):
     u = self._create_user()
     r = self._create_role()
     s = self._create_resource()
     o = authorization.READ
     n = authorization.operation_to_name(o)
     authorization.add_user_to_role(r['name'], u['login'])
     authorization.grant_permission_to_role(s, r['name'], [n])
     self.assertTrue(authorization.is_authorized(s, u, o))
     authorization.delete_role(r['name'])
     self.assertFalse(authorization.is_authorized(s, u, o))
예제 #5
0
 def test_role_execute(self):
     u1 = self._create_user()
     u2 = self._create_user()
     r = self._create_role()
     s = self._create_resource()
     o = authorization.EXECUTE
     n = authorization.operation_to_name(o)
     authorization.add_user_to_role(r['name'], u1['login'])
     authorization.grant_permission_to_role(s, r['name'], [n])
     self.assertTrue(authorization.is_authorized(s, u1, o))
     self.assertFalse(authorization.is_authorized(s, u2, o))
예제 #6
0
 def test_non_unique_permission_remove(self):
     u = self._create_user()
     r1 = self._create_role()
     r2 = self._create_role()
     s = self._create_resource()
     o = authorization.READ
     n = authorization.operation_to_name(o)
     authorization.add_user_to_role(r1['name'], u['login'])
     authorization.add_user_to_role(r2['name'], u['login'])
     authorization.grant_permission_to_role(s, r1['name'], [n])
     authorization.grant_permission_to_role(s, r2['name'], [n])
     self.assertTrue(authorization.is_authorized(s, u, o))
     authorization.remove_user_from_role(r1['name'], u['login'])
     self.assertTrue(authorization.is_authorized(s, u, o))
예제 #7
0
 def test_role_order_of_permission_grant(self):
     u1 = self._create_user()
     u2 = self._create_user()
     r1 = self._create_role()
     r2 = self._create_role()
     s = self._create_resource()
     o = authorization.READ
     n = authorization.operation_to_name(o)
     # add first, grant second
     authorization.add_user_to_role(r1['name'], u1['name'])
     authorization.grant_permission_to_role(s, r1['name'], [n])
     self.assertTrue(authorization.is_authorized(s, u1, o))
     # grant first, add second
     authorization.grant_permission_to_role(s, r2['name'], [n])
     authorization.add_user_to_role(r2['name'], u2['name'])
     self.assertTrue(authorization.is_authorized(s, u2, o))
예제 #8
0
파일: admin.py 프로젝트: stpierre/pulp
def ensure_admin():
    """
    This function ensures that there is at least one super user for the system.
    If no super users are found, the default admin user (from the pulp config)
    is looked up or created and added to the super users role.
    """
    super_users = authorization._get_users_belonging_to_role(
        authorization._get_role(authorization.super_user_role))
    if super_users:
        return
    default_login = config.config.get('server', 'default_login')
    user_manager = UserManager()
    admin = user_manager.find_by_login(default_login)
    if admin is None:
        default_password = config.config.get('server', 'default_password')
        admin = user_manager.create_user(login=default_login, password=default_password)
    authorization.add_user_to_role(authorization.super_user_role, default_login)
예제 #9
0
    def _add_from_ldap(self, username, userdata):
        """
        @param username:  Username to be added
        @param user: tuple of user data as returned by lookup_user

        Adds a user to the pulp user database with no password and
        returns a pulp.server.db.model.User object
        """
        user = _user_manager.find_by_login(username)
        if user is None:
            attrs = userdata[1]
            try:
                name = attrs['gecos']
            except KeyError:
                name = username
            user =  _user_manager.create_user(login=username, name=name)
            if config.has_option('ldap', 'default_role'):
                role = config.get('ldap', 'default_role')
                rv = authorization.add_user_to_role(role, username)
                if not rv:
                    log.error("Could not add user [%s] to role [%s]" %
                              (username, role))
                              
        return user