예제 #1
0
    def test_user_has_permission(self):
        resolver = ExecutionPermissionsResolver()

        # Admin user, should always return true
        user_db = self.users['admin']
        self.assertTrue(resolver.user_has_permission(user_db=user_db,
                                                     permission_type=PermissionType.EXECUTION_LIST))

        # Observer, should always return true for VIEW permissions
        user_db = self.users['observer']
        self.assertTrue(resolver.user_has_permission(user_db=user_db,
                                                     permission_type=PermissionType.EXECUTION_LIST))

        # No roles, should return false for everything
        user_db = self.users['no_roles']
        self.assertFalse(resolver.user_has_permission(user_db=user_db,
            permission_type=PermissionType.EXECUTION_LIST))

        # Custom role with no permission grants, should return false for everything
        user_db = self.users['1_custom_role_no_permissions']
        self.assertFalse(resolver.user_has_permission(user_db=user_db,
            permission_type=PermissionType.EXECUTION_LIST))

        # Custom role with "execution_list" grant
        user_db = self.users['custom_role_execution_list_grant']
        self.assertTrue(resolver.user_has_permission(user_db=user_db,
                                                     permission_type=PermissionType.EXECUTION_LIST))
예제 #2
0
    def test_user_has_permission(self):
        resolver = ExecutionPermissionsResolver()

        # Admin user, should always return true
        user_db = self.users['admin']
        self.assertUserHasPermission(
            resolver=resolver,
            user_db=user_db,
            permission_type=PermissionType.EXECUTION_LIST)

        # Observer, should always return true for VIEW permissions
        user_db = self.users['observer']
        self.assertUserHasPermission(
            resolver=resolver,
            user_db=user_db,
            permission_type=PermissionType.EXECUTION_LIST)

        # No roles, should return false for everything
        user_db = self.users['no_roles']
        self.assertUserDoesntHavePermission(
            resolver=resolver,
            user_db=user_db,
            permission_type=PermissionType.EXECUTION_LIST)

        # Custom role with no permission grants, should return false for everything
        user_db = self.users['1_custom_role_no_permissions']
        self.assertUserDoesntHavePermission(
            resolver=resolver,
            user_db=user_db,
            permission_type=PermissionType.EXECUTION_LIST)

        # Custom role with "execution_list" grant
        user_db = self.users['custom_role_execution_list_grant']
        self.assertUserHasPermission(
            resolver=resolver,
            user_db=user_db,
            permission_type=PermissionType.EXECUTION_LIST)
예제 #3
0
    def test_user_has_resource_db_permission(self):
        resolver = ExecutionPermissionsResolver()
        all_permission_types = PermissionType.get_valid_permissions_for_resource_type(
            ResourceType.EXECUTION)
        all_permission_types.remove(PermissionType.EXECUTION_LIST)

        # Admin user, should always return true
        resource_db = self.resources['exec_1']
        user_db = self.users['admin']
        self.assertUserHasResourceDbPermissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=all_permission_types)

        # Observer, should always return true for VIEW permission
        user_db = self.users['observer']
        self.assertUserHasResourceDbPermission(
            resolver=resolver,
            user_db=user_db,
            resource_db=self.resources['exec_1'],
            permission_type=PermissionType.EXECUTION_VIEW)

        self.assertUserDoesntHaveResourceDbPermission(
            resolver=resolver,
            user_db=user_db,
            resource_db=self.resources['exec_1'],
            permission_type=PermissionType.EXECUTION_STOP)
        self.assertUserDoesntHaveResourceDbPermission(
            resolver=resolver,
            user_db=user_db,
            resource_db=self.resources['exec_1'],
            permission_type=PermissionType.EXECUTION_ALL)

        # No roles, should return false for everything
        user_db = self.users['no_roles']
        self.assertUserDoesntHaveResourceDbPermissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=all_permission_types)

        # Custom role with no permission grants, should return false for everything
        user_db = self.users['1_custom_role_no_permissions']
        self.assertUserDoesntHaveResourceDbPermissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=all_permission_types)

        # Custom role with an action_view grant on unrelated pack, should return false for
        # everything
        user_db = self.users['custom_role_unrelated_pack_action_grant']
        self.assertUserDoesntHaveResourceDbPermissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=all_permission_types)

        # Custom role with unrelated permission grant to parent pack, should return false for
        # everything
        user_db = self.users[
            'custom_role_pack_action_grant_unrelated_permission']
        self.assertUserDoesntHaveResourceDbPermissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=all_permission_types)

        # Custom role with "action_view" grant on the pack of the action resource belongs to
        user_db = self.users['custom_role_pack_action_view_grant']
        self.assertUserHasResourceDbPermission(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_type=PermissionType.EXECUTION_VIEW)

        self.assertUserDoesntHaveResourceDbPermission(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_type=PermissionType.EXECUTION_RE_RUN)

        # Custom role with "action_view" grant on the action the resource belongs to
        user_db = self.users['custom_role_action_view_grant']
        self.assertUserHasResourceDbPermission(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_type=PermissionType.EXECUTION_VIEW)

        self.assertUserDoesntHaveResourceDbPermission(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_type=PermissionType.EXECUTION_RE_RUN)

        # Custom role with "action_execute" grant on the pack of the action resource belongs to
        user_db = self.users['custom_role_pack_action_execute_grant']
        permission_types = [
            PermissionType.EXECUTION_RE_RUN, PermissionType.EXECUTION_STOP
        ]
        self.assertUserHasResourceDbPermissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=permission_types)

        permission_types = [
            PermissionType.EXECUTION_VIEW, PermissionType.EXECUTION_ALL
        ]
        self.assertUserDoesntHaveResourceDbPermissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=permission_types)

        # Custom role with "action_execute" grant on the action resource belongs to
        user_db = self.users['custom_role_action_execute_grant']
        permission_types = [
            PermissionType.EXECUTION_RE_RUN, PermissionType.EXECUTION_STOP
        ]
        self.assertUserHasResourceDbPermissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=permission_types)

        permission_types = [
            PermissionType.EXECUTION_VIEW, PermissionType.EXECUTION_ALL
        ]
        self.assertUserDoesntHaveResourceDbPermissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=permission_types)

        # Custom role - "action_all" grant on the action parent pack the execution belongs to
        user_db = self.users['custom_role_pack_action_all_grant']
        resource_db = self.resources['exec_1']
        self.assertUserHasResourceDbPermissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=all_permission_types)

        # Custom role - "action_all" grant on the action the execution belongs to
        user_db = self.users['custom_role_action_all_grant']
        resource_db = self.resources['exec_1']
        self.assertUserHasResourceDbPermissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=all_permission_types)
예제 #4
0
    def test_user_has_resource_permissions(self):
        resolver = ExecutionPermissionsResolver()
        all_permission_types = PermissionType.get_valid_permissions_for_resource_type(
            ResourceType.EXECUTION)

        # Admin user, should always return true
        resource_db = self.resources['exec_1']
        user_db = self.users['admin']
        self.assertTrue(self._user_has_resource_permissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=all_permission_types))

        # Observer, should always return true for VIEW permission
        user_db = self.users['observer']
        self.assertTrue(resolver.user_has_resource_permission(
            user_db=user_db,
            resource_db=self.resources['exec_1'],
            permission_type=PermissionType.EXECUTION_VIEW))

        self.assertFalse(resolver.user_has_resource_permission(
            user_db=user_db,
            resource_db=self.resources['exec_1'],
            permission_type=PermissionType.EXECUTION_STOP))
        self.assertFalse(resolver.user_has_resource_permission(
            user_db=user_db,
            resource_db=self.resources['exec_1'],
            permission_type=PermissionType.EXECUTION_ALL))

        # No roles, should return false for everything
        user_db = self.users['no_roles']
        self.assertFalse(self._user_has_resource_permissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=all_permission_types))

        # Custom role with no permission grants, should return false for everything
        user_db = self.users['1_custom_role_no_permissions']
        self.assertFalse(self._user_has_resource_permissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=all_permission_types))

        # Custom role with an action_view grant on unrelated pack, should return false for
        # everything
        user_db = self.users['custom_role_unrelated_pack_action_grant']
        self.assertFalse(self._user_has_resource_permissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=all_permission_types))

        # Custom role with unrelated permission grant to parent pack, should return false for
        # everything
        user_db = self.users['custom_role_pack_action_grant_unrelated_permission']
        self.assertFalse(self._user_has_resource_permissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=all_permission_types))

        # Custom role with "action_view" grant on the pack of the action resource belongs to
        user_db = self.users['custom_role_pack_action_view_grant']
        self.assertTrue(resolver.user_has_resource_permission(
            user_db=user_db,
            resource_db=resource_db,
            permission_type=PermissionType.EXECUTION_VIEW
        ))

        self.assertFalse(resolver.user_has_resource_permission(
            user_db=user_db,
            resource_db=resource_db,
            permission_type=PermissionType.EXECUTION_RE_RUN
        ))

        # Custom role with "action_view" grant on the action the resource belongs to
        user_db = self.users['custom_role_action_view_grant']
        self.assertTrue(resolver.user_has_resource_permission(
            user_db=user_db,
            resource_db=resource_db,
            permission_type=PermissionType.EXECUTION_VIEW
        ))

        self.assertFalse(resolver.user_has_resource_permission(
            user_db=user_db,
            resource_db=resource_db,
            permission_type=PermissionType.EXECUTION_RE_RUN
        ))

        # Custom role with "action_execute" grant on the pack of the action resource belongs to
        user_db = self.users['custom_role_pack_action_execute_grant']
        permission_types = [PermissionType.EXECUTION_RE_RUN, PermissionType.EXECUTION_STOP]
        self.assertTrue(self._user_has_resource_permissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=permission_types))

        permission_types = [PermissionType.EXECUTION_VIEW, PermissionType.EXECUTION_ALL]
        self.assertFalse(self._user_has_resource_permissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=permission_types))

        # Custom role with "action_execute" grant on the action resource belongs to
        user_db = self.users['custom_role_action_execute_grant']
        permission_types = [PermissionType.EXECUTION_RE_RUN, PermissionType.EXECUTION_STOP]
        self.assertTrue(self._user_has_resource_permissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=permission_types))

        permission_types = [PermissionType.EXECUTION_VIEW, PermissionType.EXECUTION_ALL]
        self.assertFalse(self._user_has_resource_permissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=permission_types))

        # Custom role - "action_all" grant on the action parent pack the execution belongs to
        user_db = self.users['custom_role_pack_action_all_grant']
        resource_db = self.resources['exec_1']
        self.assertTrue(self._user_has_resource_permissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=all_permission_types))

        # Custom role - "action_all" grant on the action the execution belongs to
        user_db = self.users['custom_role_action_all_grant']
        resource_db = self.resources['exec_1']
        self.assertTrue(self._user_has_resource_permissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=all_permission_types))