def MetaspacePrivilegeChecker_tests(): super_user = User() super_user.user_id = -1 super_user.metaspace_privileges = MetaspacePrivilegeSet.create_from_list_of_strings([MetaspacePrivilegeSet.SUPER]) user_creator_user = User() user_creator_user.user_id = -2 user_creator_user.metaspace_privileges = MetaspacePrivilegeSet.create_from_list_of_strings( [MetaspacePrivilegeSet.CREATE_USER] ) space_creator_user = User() space_creator_user.user_id = -3 space_creator_user.metaspace_privileges = MetaspacePrivilegeSet.create_from_list_of_strings( [MetaspacePrivilegeSet.CREATE_SPACE] ) target_user = User() target_user.user_id = -4 target_user.metaspace_privileges = MetaspacePrivilegeSet() for temp_user in [super_user, user_creator_user, space_creator_user, target_user]: setattr(temp_user, "email_addr", "*****@*****.**" % temp_user.user_id) assert MetaspacePrivilegeChecker.is_allowed_to_do( DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.CREATE_USER_ACTION, None, super_user ) assert MetaspacePrivilegeChecker.is_allowed_to_do( DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.CREATE_USER_ACTION, None, user_creator_user ) assert MetaspacePrivilegeChecker.is_allowed_to_do( DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.ALTER_USER_INFO_ACTION, target_user, super_user ) assert MetaspacePrivilegeChecker.is_allowed_to_do( DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.ALTER_USER_INFO_ACTION, target_user, target_user ) assert not MetaspacePrivilegeChecker.is_allowed_to_do( DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.ALTER_USER_INFO_ACTION, target_user, user_creator_user, False ) assert not MetaspacePrivilegeChecker.is_allowed_to_do( DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.ALTER_USER_ACCESS_ACTION, target_user, user_creator_user, False ) assert not MetaspacePrivilegeChecker.is_allowed_to_do( DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.CREATE_USER_ACTION, None, space_creator_user, False ) with AssertExceptionThrown(PrivilegeChecker.InsufficientPrivilegesException): MetaspacePrivilegeChecker.is_allowed_to_do( DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.CREATE_USER_ACTION, None, space_creator_user ) assert MetaspacePrivilegeChecker.is_allowed_to_do( DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.CREATE_SPACE_ACTION, None, space_creator_user )
def PrivilegeChecker_tests(): with AssertExceptionThrown(PrivilegeChecker.UnrecognizedActionException): MetaspacePrivilegeChecker.is_allowed_to_do(DB_TUPLE_PT_NM, "MOVE_IMMOVABLE_OBJ", None, User()) with AssertExceptionThrown(PrivilegeChecker.UnrecognizedActionException): NodespacePrivilegeChecker.is_allowed_to_do(DB_TUPLE_PT_NM, "MOVE_IMMOVABLE_OBJ", None, User())