def test_edit_user_roles_modified_settings_add(self):
"""
Tests that the role mappings do come from settings and a new role
added there will be allowed.
"""
project = mock.Mock()
project.id = 'test_project_id'
project.name = 'test_project'
project.domain = 'default'
project.roles = {'user_id': ['project_mod']}
user = mock.Mock()
user.id = 'user_id'
user.name = "*****@*****.**"
user.email = "*****@*****.**"
user.domain = 'default'
setup_temp_cache({'test_project': project}, {user.id: user})
tests.temp_cache['roles']['new_role'] = 'new_role'
task = Task.objects.create(ip_address="0.0.0.0",
keystone_user={
'roles': ['project_mod'],
'project_id': 'test_project_id',
'project_domain_id': 'default',
})
data = {
'domain_id': 'default',
'user_id': 'user_id',
'project_id': 'test_project_id',
'roles': ['new_role'],
'remove': False
}
action = EditUserRolesAction(data, task=task, order=1)
action.pre_approve()
self.assertEquals(action.valid, True)
action.post_approve()
self.assertEquals(action.valid, True)
token_data = {}
action.submit(token_data)
self.assertEquals(action.valid, True)
self.assertEquals(len(project.roles[user.id]), 2)
self.assertEquals(set(project.roles[user.id]),
set(['project_mod', 'new_role']))
def test_edit_user_roles_add_complete(self):
"""
Add roles to existing user.
"""
user = mock.Mock()
user.id = 'user_id'
user.name = "*****@*****.**"
user.email = "*****@*****.**"
user.domain = 'default'
project = mock.Mock()
project.id = 'test_project_id'
project.name = 'test_project'
project.domain = 'default'
project.roles = {user.id: ['_member_', 'project_mod']}
setup_temp_cache({'test_project': project}, {user.id: user})
task = Task.objects.create(ip_address="0.0.0.0",
keystone_user={
'roles': ['admin', 'project_mod'],
'project_id': 'test_project_id',
'project_domain_id': 'default',
})
data = {
'domain_id': 'default',
'user_id': 'user_id',
'project_id': 'test_project_id',
'roles': ['_member_', 'project_mod'],
'remove': False
}
action = EditUserRolesAction(data, task=task, order=1)
action.pre_approve()
self.assertEquals(action.valid, True)
self.assertEquals(action.action.state, "complete")
action.post_approve()
self.assertEquals(action.valid, True)
token_data = {}
action.submit(token_data)
self.assertEquals(action.valid, True)
self.assertEquals(len(project.roles[user.id]), 2)
self.assertEquals(set(project.roles[user.id]),
set(['_member_', 'project_mod']))
def test_edit_user_roles_can_manage_all(self):
"""
Confirm that you cannot edit a user unless all their roles
can be managed by you.
"""
user = mock.Mock()
user.id = 'user_id'
user.name = "*****@*****.**"
user.email = "*****@*****.**"
user.domain = 'default'
project = mock.Mock()
project.id = 'test_project_id'
project.name = 'test_project'
project.domain = 'default'
project.roles = {user.id: ['_member_', 'project_admin']}
setup_temp_cache({'test_project': project}, {user.id: user})
task = Task.objects.create(ip_address="0.0.0.0",
keystone_user={
'roles': ['project_mod'],
'project_id': 'test_project_id',
'project_domain_id': 'default',
})
data = {
'domain_id': 'default',
'user_id': 'user_id',
'project_id': 'test_project_id',
'roles': ['project_mod'],
'remove': False
}
action = EditUserRolesAction(data, task=task, order=1)
action.pre_approve()
self.assertEquals(action.valid, False)
self.assertEquals(project.roles[user.id],
['_member_', 'project_admin'])
def test_edit_user_roles_modified_settings(self):
"""
Tests that the role mappings do come from settings and that they
are enforced.
"""
project = mock.Mock()
project.id = 'test_project_id'
project.name = 'test_project'
project.domain = 'default'
project.roles = {'user_id': ['project_mod']}
user = mock.Mock()
user.id = 'user_id'
user.name = "*****@*****.**"
user.email = "*****@*****.**"
user.domain = 'default'
setup_temp_cache({'test_project': project}, {user.id: user})
task = Task.objects.create(ip_address="0.0.0.0",
keystone_user={
'roles': ['project_mod'],
'project_id': 'test_project_id',
'project_domain_id': 'default',
})
data = {
'domain_id': 'default',
'user_id': 'user_id',
'project_id': 'test_project_id',
'roles': ['heat_stack_owner'],
'remove': False
}
action = EditUserRolesAction(data, task=task, order=1)
action.pre_approve()
self.assertEquals(action.valid, True)
# Change settings
with self.modify_dict_settings(
ROLES_MAPPING={
'key_list': ['project_mod'],
'operation': "remove",
'value': 'heat_stack_owner'
}):
action.post_approve()
self.assertEquals(action.valid, False)
token_data = {}
action.submit(token_data)
self.assertEquals(action.valid, False)
# After Settings Reset
action.post_approve()
self.assertEquals(action.valid, True)
token_data = {}
action.submit(token_data)
self.assertEquals(action.valid, True)
self.assertEquals(len(project.roles[user.id]), 2)
self.assertEquals(set(project.roles[user.id]),
set(['project_mod', 'heat_stack_owner']))