예제 #1
0
    def test_resource_groups_for_any_perm_just_group_perms_limited_empty_group(
            self, db_session):
        self.maxDiff = 99999
        self.set_up_user_group_and_perms(db_session)
        user6 = add_user(db_session, 6, "user 6")
        user7 = add_user(db_session, 7, "user 7")
        perm2 = GroupResourcePermission(perm_name="group_perm2",
                                        resource_id=self.resource.resource_id)
        self.group.resource_permissions.append(perm2)
        self.group.users.append(user6)
        self.group.users.append(user7)

        group3 = add_group(db_session, "Empty group")
        perm3 = GroupResourcePermission(perm_name="group_permx",
                                        resource_id=self.resource.resource_id)
        group3.resource_permissions.append(perm3)
        perms = ResourceService.groups_for_perm(
            self.resource,
            "__any_permission__",
            limit_group_permissions=True,
            db_session=db_session,
        )

        second = [
            PermissionTuple(None, "group_perm", "group", self.group,
                            self.resource, False, True),
            PermissionTuple(None, "group_perm2", "group", self.group,
                            self.resource, False, True),
            PermissionTuple(None, "group_perm", "group", self.group2,
                            self.resource, False, True),
            PermissionTuple(None, "group_permx", "group", group3,
                            self.resource, False, True),
        ]

        check_one_in_other(perms, second)
예제 #2
0
    def test_resource_groups_for_any_perm_just_group_perms_limited_empty_group(
            self, db_session):
        self.maxDiff = 99999
        self.set_up_user_group_and_perms(db_session)
        user6 = add_user(db_session, 6, 'user 6')
        user7 = add_user(db_session, 7, 'user 7')
        perm2 = GroupResourcePermission(perm_name='group_perm2',
                                        resource_id=self.resource.resource_id)
        self.group.resource_permissions.append(perm2)
        self.group.users.append(user6)
        self.group.users.append(user7)

        group3 = add_group(db_session, 'Empty group')
        perm3 = GroupResourcePermission(perm_name='group_permx',
                                        resource_id=self.resource.resource_id)
        group3.resource_permissions.append(perm3)
        perms = self.resource.groups_for_perm('__any_permission__',
                                              limit_group_permissions=True,
                                              db_session=db_session)

        second = [
            PermissionTuple(None, 'group_perm', 'group', self.group,
                            self.resource, False, True),
            PermissionTuple(None, 'group_perm2', 'group', self.group,
                            self.resource, False, True),
            PermissionTuple(None, 'group_perm', 'group', self.group2,
                            self.resource, False, True),
            PermissionTuple(None, 'group_permx', 'group', group3,
                            self.resource, False, True)
        ]

        check_one_in_other(perms, second)
예제 #3
0
    def test_resource_users_limited_group_ownage(self, db_session):
        self.maxDiff = 9999
        self.set_up_user_group_and_perms(db_session)
        resource = TestResourceB(resource_id=99,
                                 resource_name='other',
                                 owner_user_id=self.user2.id)
        group3 = add_group(db_session, 'group 3')
        user2_permission = UserResourcePermission(
            perm_name='foo_perm',
            user_id=self.user2.id,
        )
        group3_permission = GroupResourcePermission(perm_name='group_perm',
                                                    group_id=group3.id)
        resource.group_permissions.append(group3_permission)
        resource.user_permissions.append(user2_permission)
        group3.users.append(self.user3)
        self.user.resources.append(resource)
        self.group2.resources.append(resource)
        db_session.flush()
        perms = resource.users_for_perm('__any_permission__',
                                        db_session=db_session)
        second = [
            PermissionTuple(self.user2, 'foo_perm', 'user', None, resource,
                            False, True),
            PermissionTuple(self.user, ALL_PERMISSIONS, 'user', None, resource,
                            True, True),
            PermissionTuple(self.user4, ALL_PERMISSIONS, 'group', self.group2,
                            resource, True, True),
            PermissionTuple(self.user3, 'group_perm', 'group', group3,
                            resource, False, True)
        ]

        check_one_in_other(perms, second)
예제 #4
0
    def test_resource_groups_for_any_perm_additional_users(self, db_session):
        self.maxDiff = 99999
        self.set_up_user_group_and_perms(db_session)
        user6 = add_user(db_session, 6, 'user 6')
        user7 = add_user(db_session, 7, 'user 7')
        perm2 = GroupResourcePermission(perm_name='group_perm2',
                                        resource_id=self.resource.resource_id)
        self.group.resource_permissions.append(perm2)
        self.group.users.append(user6)
        self.group.users.append(user7)
        perms = self.resource.groups_for_perm('__any_permission__',
                                              db_session=db_session)
        second = [
            PermissionTuple(self.user, 'group_perm', 'group', self.group,
                            self.resource, False, True),
            PermissionTuple(user6, 'group_perm', 'group', self.group,
                            self.resource, False, True),
            PermissionTuple(user7, 'group_perm', 'group', self.group,
                            self.resource, False, True),
            PermissionTuple(self.user, 'group_perm2', 'group', self.group,
                            self.resource, False, True),
            PermissionTuple(user6, 'group_perm2', 'group', self.group,
                            self.resource, False, True),
            PermissionTuple(user7, 'group_perm2', 'group', self.group,
                            self.resource, False, True),
            PermissionTuple(self.user4, 'group_perm', 'group', self.group2,
                            self.resource, False, True),
        ]

        check_one_in_other(perms, second)
예제 #5
0
    def test_resource_users_for_any_perm_excluding_group_perms(
            self, db_session):
        self.maxDiff = 99999
        self.set_up_user_group_and_perms(db_session)
        user6 = add_user(db_session, 6, "user 6")
        user7 = add_user(db_session, 7, "user 7")
        perm2 = GroupResourcePermission(perm_name="group_perm2",
                                        resource_id=self.resource.resource_id)
        self.group.resource_permissions.append(perm2)
        self.group.users.append(user6)
        self.group.users.append(user7)
        perms = ResourceService.users_for_perm(
            self.resource,
            "__any_permission__",
            limit_group_permissions=True,
            skip_group_perms=True,
            db_session=db_session,
        )
        second = [
            PermissionTuple(self.user, "test_perm2", "user", None,
                            self.resource, False, True),
            PermissionTuple(self.user, "foo_perm", "user", None, self.resource,
                            False, True),
        ]

        check_one_in_other(perms, second)
예제 #6
0
    def test_resource_users_limited_group_ownage(self, db_session):
        self.maxDiff = 9999
        self.set_up_user_group_and_perms(db_session)
        resource = ResourceTestobjB(resource_id=99,
                                    resource_name="other",
                                    owner_user_id=self.user2.id)
        group3 = add_group(db_session, "group 3")
        user2_permission = UserResourcePermission(perm_name="foo_perm",
                                                  user_id=self.user2.id)
        group3_permission = GroupResourcePermission(perm_name="group_perm",
                                                    group_id=group3.id)
        resource.group_permissions.append(group3_permission)
        resource.user_permissions.append(user2_permission)
        group3.users.append(self.user3)
        self.user.resources.append(resource)
        self.group2.resources.append(resource)
        db_session.flush()
        perms = ResourceService.users_for_perm(resource,
                                               "__any_permission__",
                                               db_session=db_session)
        second = [
            PermissionTuple(self.user2, "foo_perm", "user", None, resource,
                            False, True),
            PermissionTuple(self.user, ALL_PERMISSIONS, "user", None, resource,
                            True, True),
            PermissionTuple(self.user4, ALL_PERMISSIONS, "group", self.group2,
                            resource, True, True),
            PermissionTuple(self.user3, "group_perm", "group", group3,
                            resource, False, True),
        ]

        check_one_in_other(perms, second)
예제 #7
0
 def test_resources_with_wrong_group_permission(self, db_session):
     created_user = add_user(db_session)
     resource = add_resource(db_session, 1, 'test_resource')
     group = add_group(db_session, )
     group.users.append(created_user)
     group_permission = GroupResourcePermission(
         perm_name='test_perm_bad',
         group_id=group.id,
         resource_id=resource.resource_id)
     with pytest.raises(AssertionError):
         resource.group_permissions.append(group_permission)
예제 #8
0
 def test_resources_with_group_permission(self, db_session):
     created_user = add_user(db_session)
     resource = add_resource(db_session, 1, "test_resource")
     resource2 = add_resource(db_session, 2, "test_resource2")
     add_resource(db_session, 3, "test_resource3")
     group = add_group(db_session)
     group.users.append(created_user)
     group_permission = GroupResourcePermission(
         perm_name="test_perm",
         group_id=1,
         resource_id=resource.resource_id)
     group_permission2 = GroupResourcePermission(
         perm_name="foo_perm",
         group_id=1,
         resource_id=resource2.resource_id)
     resource.group_permissions.append(group_permission)
     resource2.group_permissions.append(group_permission2)
     db_session.flush()
     resources = UserService.resources_with_perms(
         created_user, ["foo_perm"], db_session=db_session).all()
     assert resources[0] == resource2
예제 #9
0
 def test_resources_with_group_permission(self, db_session):
     created_user = add_user(db_session)
     resource = add_resource(db_session, 1, 'test_resource')
     resource2 = add_resource(db_session, 2, 'test_resource2')
     add_resource(db_session, 3, 'test_resource3')
     group = add_group(db_session, )
     group.users.append(created_user)
     group_permission = GroupResourcePermission(
         perm_name='test_perm',
         group_id=1,
         resource_id=resource.resource_id)
     group_permission2 = GroupResourcePermission(
         perm_name='foo_perm',
         group_id=1,
         resource_id=resource2.resource_id)
     resource.group_permissions.append(group_permission)
     resource2.group_permissions.append(group_permission2)
     db_session.flush()
     resources = created_user.resources_with_perms(
         ['foo_perm'], db_session=db_session).all()
     assert resources[0] == resource2
예제 #10
0
    def test_resource_groups_for_any_perm_additional_users(self, db_session):
        self.maxDiff = 99999
        self.set_up_user_group_and_perms(db_session)
        user6 = add_user(db_session, 6, "user 6")
        user7 = add_user(db_session, 7, "user 7")
        perm2 = GroupResourcePermission(perm_name="group_perm2",
                                        resource_id=self.resource.resource_id)
        self.group.resource_permissions.append(perm2)
        self.group.users.append(user6)
        self.group.users.append(user7)
        perms = ResourceService.groups_for_perm(self.resource,
                                                "__any_permission__",
                                                db_session=db_session)
        second = [
            PermissionTuple(self.user, "group_perm", "group", self.group,
                            self.resource, False, True),
            PermissionTuple(user6, "group_perm", "group", self.group,
                            self.resource, False, True),
            PermissionTuple(user7, "group_perm", "group", self.group,
                            self.resource, False, True),
            PermissionTuple(
                self.user,
                "group_perm2",
                "group",
                self.group,
                self.resource,
                False,
                True,
            ),
            PermissionTuple(user6, "group_perm2", "group", self.group,
                            self.resource, False, True),
            PermissionTuple(user7, "group_perm2", "group", self.group,
                            self.resource, False, True),
            PermissionTuple(
                self.user4,
                "group_perm",
                "group",
                self.group2,
                self.resource,
                False,
                True,
            ),
        ]

        check_one_in_other(perms, second)
예제 #11
0
    def test_resources_with_possible_perms_group2(self, db_session):
        self.set_up_user_group_and_perms(db_session)
        resource3 = add_resource_b(db_session, 3, "other resource")
        self.group2.resources.append(resource3)
        group_permission2 = GroupResourcePermission(perm_name="group_perm2",
                                                    group_id=self.group2.id)
        self.resource2.group_permissions.append(group_permission2)

        perms = GroupService.resources_with_possible_perms(self.group2)
        second = [
            PermissionTuple(None, "group_perm", "group", self.group2,
                            self.resource, False, True),
            PermissionTuple(None, "group_perm2", "group", self.group2,
                            self.resource2, False, True),
            PermissionTuple(None, ALL_PERMISSIONS, "group", self.group2,
                            resource3, True, True),
        ]

        check_one_in_other(perms, second)
예제 #12
0
 def test_group_resource_permission(self, db_session):
     self.set_up_user_group_and_perms(db_session)
     resource3 = add_resource_b(db_session, 3, 'other resource')
     db_session.flush()
     group_permission2 = GroupResourcePermission(
         perm_name='group_perm2',
         group_id=self.group2.id,
     )
     row = GroupResourcePermissionService.get(
         group_id=self.group2.id,
         resource_id=self.resource2.resource_id,
         perm_name='group_perm2',
         db_session=db_session)
     assert row is None
     self.resource2.group_permissions.append(group_permission2)
     row = GroupResourcePermissionService.get(
         group_id=self.group2.id,
         resource_id=self.resource2.resource_id,
         perm_name='group_perm2',
         db_session=db_session)
     assert row is not None
예제 #13
0
    def test_resources_with_possible_perms_group2(self, db_session):
        self.set_up_user_group_and_perms(db_session)
        resource3 = add_resource_b(db_session, 3, 'other resource')
        self.group2.resources.append(resource3)
        group_permission2 = GroupResourcePermission(
            perm_name='group_perm2',
            group_id=self.group2.id,
        )
        self.resource2.group_permissions.append(group_permission2)

        perms = self.group2.resources_with_possible_perms()
        second = [
            PermissionTuple(None, 'group_perm', 'group', self.group2,
                            self.resource, False, True),
            PermissionTuple(None, 'group_perm2', 'group', self.group2,
                            self.resource2, False, True),
            PermissionTuple(None, ALL_PERMISSIONS, 'group', self.group2,
                            resource3, True, True),
        ]

        check_one_in_other(perms, second)
예제 #14
0
    def test_resource_users_for_any_perm_excluding_group_perms(
            self, db_session):
        self.maxDiff = 99999
        self.set_up_user_group_and_perms(db_session)
        user6 = add_user(db_session, 6, 'user 6')
        user7 = add_user(db_session, 7, 'user 7')
        perm2 = GroupResourcePermission(perm_name='group_perm2',
                                        resource_id=self.resource.resource_id)
        self.group.resource_permissions.append(perm2)
        self.group.users.append(user6)
        self.group.users.append(user7)
        perms = self.resource.users_for_perm('__any_permission__',
                                             limit_group_permissions=True,
                                             skip_group_perms=True,
                                             db_session=db_session)
        second = [
            PermissionTuple(self.user, 'test_perm2', 'user', None,
                            self.resource, False, True),
            PermissionTuple(self.user, 'foo_perm', 'user', None, self.resource,
                            False, True)
        ]

        check_one_in_other(perms, second)
예제 #15
0
    def set_up_user_group_and_perms(self, db_session):
        """
        perm map:

        username:
            first_user : root, alter_users
            res_perms: r1:g1:foo_perm, r1:g1:test_perm2

        foouser:
            user_perms : custom
            res_perms: r2:foo_perm

        baruser:
            user_perms : root, alter_users
            res_perms: r2:test_perm

        bazuser:
            user_perms : root, alter_users
            res_perms: r1:g2:group_perm

        """
        created_user = add_user(db_session, user_name="first_user")
        created_user2 = add_user(db_session,
                                 user_name="foouser",
                                 email="new_email",
                                 perms=["custom"])
        created_user3 = add_user(db_session,
                                 user_name="baruser",
                                 email="new_email2")
        created_user4 = add_user(db_session,
                                 user_name="bazuser",
                                 email="new_email3")
        resource = add_resource(db_session, 1, "test_resource")
        resource2 = add_resource_b(db_session, 2, "other_resource")
        group = add_group(db_session)
        group2 = add_group(db_session, group_name="group2")
        group.users.append(created_user)
        group2.users.append(created_user4)
        group_permission = GroupResourcePermission(perm_name="group_perm",
                                                   group_id=group.id)
        group_permission2 = GroupResourcePermission(perm_name="group_perm",
                                                    group_id=group2.id)
        user_permission = UserResourcePermission(perm_name="test_perm2",
                                                 user_id=created_user.id)
        user_permission2 = UserResourcePermission(perm_name="foo_perm",
                                                  user_id=created_user.id)
        user2_permission = UserResourcePermission(perm_name="foo_perm",
                                                  user_id=created_user2.id)
        user3_permission = UserResourcePermission(perm_name="test_perm",
                                                  user_id=created_user3.id)
        resource.group_permissions.append(group_permission)
        resource.group_permissions.append(group_permission2)
        resource.user_permissions.append(user_permission)
        resource.user_permissions.append(user_permission2)
        resource2.user_permissions.append(user2_permission)
        resource2.user_permissions.append(user3_permission)
        db_session.flush()
        self.resource = resource
        self.resource2 = resource2
        self.user = created_user
        self.user2 = created_user2
        self.user3 = created_user3
        self.user4 = created_user4
        self.group = group
        self.group2 = group2
예제 #16
0
 def test_repr(self, db_session):
     group_resource_perm = GroupResourcePermission(group_id=1,
                                                   resource_id=1,
                                                   perm_name="perm")
     assert repr(
         group_resource_perm) == "<GroupResourcePermission: g:1, perm, r:1>"
예제 #17
0
    def set_up_user_group_and_perms(self, db_session):
        """
        perm map:

        username:
            first_user : root, alter_users
            res_perms: r1:g1:foo_perm, r1:g1:test_perm2

        foouser:
            user_perms : custom
            res_perms: r2:foo_perm

        baruser:
            user_perms : root, alter_users
            res_perms: r2:test_perm

        bazuser:
            user_perms : root, alter_users
            res_perms: r1:g2:group_perm

        """
        created_user = add_user(db_session, user_name="first_user")
        created_user2 = add_user(db_session,
                                 user_name='foouser',
                                 email='new_email',
                                 perms=['custom'])
        created_user3 = add_user(db_session,
                                 user_name='baruser',
                                 email='new_email2')
        created_user4 = add_user(db_session,
                                 user_name='bazuser',
                                 email='new_email3')
        resource = add_resource(db_session, 1, 'test_resource')
        resource2 = add_resource_b(db_session, 2, 'other_resource')
        group = add_group(db_session, )
        group2 = add_group(db_session, group_name='group2')
        group.users.append(created_user)
        group2.users.append(created_user4)
        group_permission = GroupResourcePermission(
            perm_name='group_perm',
            group_id=group.id,
        )
        group_permission2 = GroupResourcePermission(
            perm_name='group_perm',
            group_id=group2.id,
        )
        user_permission = UserResourcePermission(
            perm_name='test_perm2',
            user_id=created_user.id,
        )
        user_permission2 = UserResourcePermission(
            perm_name='foo_perm',
            user_id=created_user.id,
        )
        user2_permission = UserResourcePermission(
            perm_name='foo_perm',
            user_id=created_user2.id,
        )
        user3_permission = UserResourcePermission(
            perm_name='test_perm',
            user_id=created_user3.id,
        )
        resource.group_permissions.append(group_permission)
        resource.group_permissions.append(group_permission2)
        resource.user_permissions.append(user_permission)
        resource.user_permissions.append(user_permission2)
        resource2.user_permissions.append(user2_permission)
        resource2.user_permissions.append(user3_permission)
        db_session.flush()
        self.resource = resource
        self.resource2 = resource2
        self.user = created_user
        self.user2 = created_user2
        self.user3 = created_user3
        self.user4 = created_user4
        self.group = group
        self.group2 = group2