def test_fetch_acl_ok(self):
acl.modify_roles(
changes=[
acl.RoleChange(
package_path='a',
revoke=False,
role='OWNER',
user=auth.Identity.from_bytes('user:[email protected]'),
group=None),
acl.RoleChange(package_path='a/b/c',
revoke=False,
role='READER',
user=None,
group='reader-group'),
],
caller=auth.Identity.from_bytes('user:[email protected]'),
now=datetime.datetime(2014, 1, 1))
resp = self.call_api('fetch_acl', {'package_path': 'a/b/c/d'})
self.assertEqual(200, resp.status_code)
self.assertEqual(
{
'status': 'SUCCESS',
'acls': {
'acls': [
{
'modified_by': 'user:[email protected]',
'modified_ts': '1388534400000000',
'package_path': 'a',
'principals': ['user:[email protected]'],
'role': 'OWNER',
},
{
'modified_by': 'user:[email protected]',
'modified_ts': '1388534400000000',
'package_path': 'a/b/c',
'principals': ['group:reader-group'],
'role': 'READER',
},
],
},
}, resp.json_body)
def should_fail(package_path='a',
revoke=False,
role='OWNER',
user=None,
group='group'):
with self.assertRaises(ValueError):
acl.modify_roles(
changes=[
acl.RoleChange(package_path=package_path,
revoke=revoke,
role=role,
user=user,
group=group),
],
caller=auth.Identity.from_bytes('user:[email protected]'),
now=datetime.datetime(2014, 1, 1))
def test_modify_roles(self):
ident_a = auth.Identity.from_bytes('user:[email protected]')
ident_b = auth.Identity.from_bytes('user:[email protected]')
# Modify a bunch of packages. Include some redundant and self-canceling
# changes to test all code paths.
acl.modify_roles(changes=[
acl.RoleChange(package_path='a',
revoke=False,
role='OWNER',
user=ident_a,
group=None),
acl.RoleChange(package_path='a',
revoke=False,
role='OWNER',
user=ident_a,
group=None),
acl.RoleChange(package_path='a',
revoke=False,
role='OWNER',
user=ident_b,
group=None),
acl.RoleChange(package_path='a/b',
revoke=False,
role='OWNER',
user=None,
group='some-group'),
acl.RoleChange(package_path='a/b',
revoke=False,
role='OWNER',
user=None,
group='some-group'),
acl.RoleChange(package_path='a/b/c',
revoke=False,
role='OWNER',
user=ident_a,
group=None),
acl.RoleChange(package_path='a/b/c',
revoke=True,
role='OWNER',
user=ident_a,
group=None),
],
caller=ident_a,
now=datetime.datetime(2014, 1, 1))
# Ensure modification have been applied correctly.
self.assertEqual(
{
'groups': [],
'modified_by': ident_a,
'modified_ts': datetime.datetime(2014, 1, 1, 0, 0),
'rev': 1,
'users': [ident_a, ident_b],
},
acl.package_acl_key('a', 'OWNER').get().to_dict())
self.assertEqual(
{
'groups': ['some-group'],
'modified_by': ident_a,
'modified_ts': datetime.datetime(2014, 1, 1, 0, 0),
'rev': 1,
'users': [],
},
acl.package_acl_key('a/b', 'OWNER').get().to_dict())
self.assertEqual(None, acl.package_acl_key('a/b/c', 'OWNER').get())
# Modify same ACLs again.
acl.modify_roles(changes=[
acl.RoleChange(package_path='a',
revoke=True,
role='OWNER',
user=ident_a,
group=None),
acl.RoleChange(package_path='a',
revoke=False,
role='OWNER',
user=None,
group='some-group'),
acl.RoleChange(package_path='a/b',
revoke=True,
role='OWNER',
user=None,
group='some-group'),
],
caller=ident_b,
now=datetime.datetime(2015, 1, 1))
# Ensure modification have been applied correctly.
self.assertEqual(
{
'groups': ['some-group'],
'modified_by': ident_b,
'modified_ts': datetime.datetime(2015, 1, 1, 0, 0),
'rev': 2,
'users': [ident_b],
},
acl.package_acl_key('a', 'OWNER').get().to_dict())
# Ensure previous version has been saved in the revision log.
rev_key = ndb.Key(acl.PackageACLRevision,
1,
parent=acl.package_acl_key('a', 'OWNER'))
self.assertEqual(
{
'groups': [],
'modified_by': ident_a,
'modified_ts': datetime.datetime(2014, 1, 1, 0, 0),
'users': [ident_a, ident_b],
},
rev_key.get().to_dict())