def test_owned_status(self):
# A non-admin user can access nodes he owns.
backend = MAASAuthorizationBackend()
node = make_allocated_node()
self.assertTrue(
backend.has_perm(
node.owner, NODE_PERMISSION.VIEW, node))
def test_user_has_no_admin_permission_on_node(self):
# NODE_PERMISSION.ADMIN permission on nodes is granted to super users
# only.
backend = MAASAuthorizationBackend()
user = factory.make_user()
self.assertFalse(
backend.has_perm(
user, NODE_PERMISSION.ADMIN, factory.make_node()))
def test_invalid_check_permission(self):
backend = MAASAuthorizationBackend()
self.assertRaises(NotImplementedError, backend.has_perm,
factory.make_admin(), 'not-access',
factory.make_Node())
def test_invalid_check_object(self):
backend = MAASAuthorizationBackend()
exc = factory.make_exception()
self.assertRaises(NotImplementedError, backend.has_perm,
factory.make_admin(), NODE_PERMISSION.VIEW, exc)
def test_admin_is_admin(self):
backend = MAASAuthorizationBackend()
admin = factory.make_admin()
self.assertTrue(
backend.has_perm(admin, NODE_PERMISSION.ADMIN, self.factory()))
def test_user_can_view_unowned_node(self):
backend = MAASAuthorizationBackend()
self.assertTrue(backend.has_perm(
factory.make_User(), NODE_PERMISSION.VIEW,
factory.make_Node()))
def test_node_init_user_cannot_access(self):
backend = MAASAuthorizationBackend()
self.assertFalse(backend.has_perm(
get_node_init_user(), NODE_PERMISSION.VIEW,
make_unallocated_node()))
def test_user_can_edit_his_own_nodes(self):
backend = MAASAuthorizationBackend()
user = factory.make_user()
self.assertTrue(backend.has_perm(
user, NODE_PERMISSION.EDIT, make_allocated_node(owner=user)))
def test_user_can_view_BlockDevice_when_no_node_owner(self):
backend = MAASAuthorizationBackend()
user = factory.make_User()
node = factory.make_Node()
device = factory.make_BlockDevice(node=node)
self.assertTrue(backend.has_perm(user, NODE_PERMISSION.VIEW, device))
def test_user_can_edit_his_own_nodes(self):
backend = MAASAuthorizationBackend()
user = factory.make_User()
self.assertTrue(
backend.has_perm(user, NODE_PERMISSION.EDIT,
make_allocated_node(owner=user)))
def test_user_cannot_edit_unowned_node(self):
backend = MAASAuthorizationBackend()
self.assertFalse(
backend.has_perm(factory.make_User(), NODE_PERMISSION.EDIT,
factory.make_Node()))
def test_user_cannot_edit_nodes_owned_by_others(self):
backend = MAASAuthorizationBackend()
self.assertFalse(
backend.has_perm(factory.make_User(), NODE_PERMISSION.EDIT,
make_allocated_node()))
def test_owned_status(self):
# A non-admin user can access nodes he owns.
backend = MAASAuthorizationBackend()
node = make_allocated_node()
self.assertTrue(
backend.has_perm(node.owner, NODE_PERMISSION.VIEW, node))
def test_user_can_view_nodes_owned_by_others(self):
backend = MAASAuthorizationBackend()
self.assertTrue(backend.has_perm(
factory.make_User(), NODE_PERMISSION.VIEW, make_allocated_node()))
def test_node_init_user_cannot_access(self):
backend = MAASAuthorizationBackend()
self.assertFalse(
backend.has_perm(get_node_init_user(), NODE_PERMISSION.VIEW,
factory.make_Node()))
def test_user_cannot_access_nodes_owned_by_others(self):
backend = MAASAuthorizationBackend()
self.assertFalse(backend.has_perm(
factory.make_user(), NODE_PERMISSION.VIEW, make_allocated_node()))
def test_user_can_edit_VirtualBlockDevice_when_node_owner(self):
backend = MAASAuthorizationBackend()
user = factory.make_User()
node = factory.make_Node(owner=user)
device = factory.make_VirtualBlockDevice(node=node)
self.assertTrue(backend.has_perm(user, NODE_PERMISSION.EDIT, device))
def test_user_cannot_edit_unowned_node(self):
backend = MAASAuthorizationBackend()
self.assertFalse(backend.has_perm(
factory.make_user(), NODE_PERMISSION.EDIT,
make_unallocated_node()))
def test_user_can_view(self):
backend = MAASAuthorizationBackend()
user = factory.make_User()
self.assertTrue(
backend.has_perm(user, NODE_PERMISSION.VIEW, self.factory()))
def test_user_cannot_edit(self):
backend = MAASAuthorizationBackend()
user = factory.make_User()
self.assertFalse(
backend.has_perm(user, NODE_PERMISSION.EDIT, self.factory()))
def test_user_not_admin(self):
backend = MAASAuthorizationBackend()
user = factory.make_User()
self.assertFalse(
backend.has_perm(user, NODE_PERMISSION.ADMIN, self.factory()))
def test_user_can_access_unowned_node(self):
backend = MAASAuthorizationBackend()
self.assertTrue(backend.has_perm(
factory.make_user(), NODE_PERMISSION.VIEW,
make_unallocated_node()))
def test_user_can_lock_locked_node(self):
backend = MAASAuthorizationBackend()
owner = factory.make_User()
node = factory.make_Node(
owner=owner, status=NODE_STATUS.DEPLOYED, locked=True)
self.assertTrue(backend.has_perm(owner, NODE_PERMISSION.LOCK, node))
