Exemplo n.º 1
0
    def _check_permissions(self, msg):
        allowed = permissions.get(config.controller['permissions_path'])
        perms = permissions.check(allowed, self.sender, msg['collection'],
                                  msg['id'])

        if self.body['action'] not in perms:
            raise ValueError("You don't have permission to do that.")
Exemplo n.º 2
0
    def _check_permissions(self, msg):
        allowed = permissions.get(config.controller['permissions_path'])
        perms = permissions.check(allowed,
                                  self.sender,
                                  msg['collection'],
                                  msg['id'])

        if self.body['action'] not in perms:
            raise ValueError("You don't have permission to do that.")
Exemplo n.º 3
0
    def test_wrong_user(self):
        perm = permissions.process(self.line)

        user = '******'
        collection = 'packages'
        res_id = '/etc/httpd/httpd.conf'
        action = 'read'
        perms = permissions.check([perm], user, collection, res_id)

        self.assertFalse(action in perms)
Exemplo n.º 4
0
    def test_wrong_permission(self):
        perm = permissions.process(self.line)

        user = '******'
        collection = 'files'
        res_id = '/etc/httpd/httpd.conf'
        action = 'update'
        perms = permissions.check([perm], user, collection, res_id)

        self.assertFalse(action in perms)
Exemplo n.º 5
0
    def test_wrong_permission(self):
        perm = permissions.process(self.line)

        user = '******'
        collection = 'files'
        res_id = '/etc/httpd/httpd.conf'
        action = 'update'
        perms = permissions.check([perm], user, collection, res_id)

        self.assertFalse(action in perms)
Exemplo n.º 6
0
    def test_deny_wrong_res_id(self):
        perm = permissions.process(self.line)

        user = '******'
        collection = 'files'
        res_id = '/etc/hosts'
        action = 'read'
        perms = permissions.check([perm], user, collection, res_id)

        self.assertFalse(action in perms)
Exemplo n.º 7
0
    def test_allow_wildcard_res_id(self):
        perm = permissions.process(self.line)

        user = '******'
        collection = 'files'
        res_id = '/etc/httpd/httpd.conf'
        action = 'read'
        perms = permissions.check([perm], user, collection, res_id)

        self.assertTrue(action in perms)
Exemplo n.º 8
0
    def test_allow_wildcard_res_id(self):
        perm = permissions.process(self.line)

        user = '******'
        collection = 'files'
        res_id = '/etc/httpd/httpd.conf'
        action = 'read'
        perms = permissions.check([perm], user, collection, res_id)

        self.assertTrue(action in perms)
Exemplo n.º 9
0
    def test_wrong_user(self):
        perm = permissions.process(self.line)

        user = '******'
        collection = 'packages'
        res_id = '/etc/httpd/httpd.conf'
        action = 'read'
        perms = permissions.check([perm], user, collection, res_id)

        self.assertFalse(action in perms)
Exemplo n.º 10
0
    def test_deny_wrong_res_id(self):
        perm = permissions.process(self.line)

        user = '******'
        collection = 'files'
        res_id = '/etc/hosts'
        action = 'read'
        perms = permissions.check([perm], user, collection, res_id)

        self.assertFalse(action in perms)
Exemplo n.º 11
0
    def test_allow_space_in_res_id(self):
        self.line = """cortex files "/home/user/My Images/*" CRD"""
        perm = permissions.process(self.line)

        user = '******'
        collection = 'files'
        res_id = '/home/user/My Images/test.png'
        action = 'read'
        perms = permissions.check([perm], user, collection, res_id)

        self.assertTrue(action in perms)
Exemplo n.º 12
0
    def test_nothing_allowed(self):
        self.line = "* * * -"
        perm = permissions.process(self.line)

        user = '******'
        collection = 'files'
        res_id = '/etc/hosts'
        action = 'read'
        perms = permissions.check([perm], user, collection, res_id)

        self.assertFalse(action in perms)
Exemplo n.º 13
0
    def test_lines_order_matter_success(self):
        fp = self._get_fp('permissions.conf')
        perm_list = permissions.get(fp)

        user = '******'
        collection = 'files'
        res_id = '/etc/hosts'
        action = 'update'
        perms = permissions.check(perm_list, user, collection, res_id)

        self.assertTrue(action in perms)
Exemplo n.º 14
0
    def test_lines_order_matter_fail(self):
        fp = self._get_fp('permissions.conf')
        perm_list = permissions.get(fp)

        user = '******'
        collection = 'executables'
        res_id = 'rm -rf /'
        action = 'update'
        perms = permissions.check(perm_list, user, collection, res_id)

        self.assertFalse(action in perms)
Exemplo n.º 15
0
    def test_if_cannot_read_then_cannot_ping(self):
        self.line = "* files * -"
        perm = permissions.process(self.line)

        user = '******'
        collection = 'files'
        res_id = ''
        action = 'ping'
        perms = permissions.check([perm], user, collection, res_id)

        self.assertFalse(action in perms)
Exemplo n.º 16
0
    def test_allow_wildcard_collection(self):
        self.line = "cortex * * CRD"
        perm = permissions.process(self.line)

        user = '******'
        collection = 'packages'
        res_id = 'httpd'
        action = 'read'
        perms = permissions.check([perm], user, collection, res_id)

        self.assertTrue(action in perms)
Exemplo n.º 17
0
    def test_allow_wildcard_collection(self):
        self.line = "cortex * * CRD"
        perm = permissions.process(self.line)

        user = '******'
        collection = 'packages'
        res_id = 'httpd'
        action = 'read'
        perms = permissions.check([perm], user, collection, res_id)

        self.assertTrue(action in perms)
Exemplo n.º 18
0
    def test_if_cannot_read_then_cannot_ping(self):
        self.line = "* files * -"
        perm = permissions.process(self.line)

        user = '******'
        collection = 'files'
        res_id = ''
        action = 'ping'
        perms = permissions.check([perm], user, collection, res_id)

        self.assertFalse(action in perms)
Exemplo n.º 19
0
    def test_nothing_allowed(self):
        self.line = "* * * -"
        perm = permissions.process(self.line)

        user = '******'
        collection = 'files'
        res_id = '/etc/hosts'
        action = 'read'
        perms = permissions.check([perm], user, collection, res_id)

        self.assertFalse(action in perms)
Exemplo n.º 20
0
    def test_lines_order_matter_success(self):
        fp = self._get_fp('permissions.conf')
        perm_list = permissions.get(fp)

        user = '******'
        collection = 'files'
        res_id = '/etc/hosts'
        action = 'update'
        perms = permissions.check(perm_list, user, collection, res_id)

        self.assertTrue(action in perms)
Exemplo n.º 21
0
    def test_lines_order_matter_fail(self):
        fp = self._get_fp('permissions.conf')
        perm_list = permissions.get(fp)

        user = '******'
        collection = 'executables'
        res_id = 'rm -rf /'
        action = 'update'
        perms = permissions.check(perm_list, user, collection, res_id)

        self.assertFalse(action in perms)
Exemplo n.º 22
0
    def test_allow_space_in_res_id(self):
        self.line = """cortex files "/home/user/My Images/*" CRD"""
        perm = permissions.process(self.line)

        user = '******'
        collection = 'files'
        res_id = '/home/user/My Images/test.png'
        action = 'read'
        perms = permissions.check([perm], user, collection, res_id)

        self.assertTrue(action in perms)
Exemplo n.º 23
0
    def call_method(self, user_id, body, check_perm=True):
        """Reads the collection the message needs to reach and then calls the
        process method of that collection. It returns the response built by the
        collection.
        """
        response = {}
        # Check if collection is specified and that the resource actually
        # exists.
        if not isinstance(body, dict):
            raise ResourceException("Bad message formatting")

        # Check if the message body contains filters.
        filters = body.get('filters')
        res_id = body.get('id') or ''

        if check_perm:
            perms = permissions.check(self.permissions,
                                      user_id,
                                      body.get('collection'),
                                      res_id)

            if body.get('action') not in perms:
                raise ResourceException("You don't have permission to do "
                                        "that.")

        if filters:
            if not self._check_filters(filters):
                raise ResourceException("Filters did not match")

        collection = body.get('collection')

        # Get a reference to the corresponding resource object.
        # Check if the object isn't already instantiated.
        try:
            instance = self.locator.get_instance(collection)

            # Call the resource's generic process method
            response = instance.process(body)

            # Check if it can be dumped in JSON format
            try:
                json.dumps(response)
            except UnicodeDecodeError, err:
                raise ResourceException("Problem when decoding payload.")

        except ResourceException, err:
            self.logger.debug("Resource exception: %s" % err)
            if response.get('status'):
                del response['status']
            response['error'] = '%s' % err
            response['uuid'] = self.uuid
Exemplo n.º 24
0
    def call_method(self, user_id, body, check_perm=True):
        """Reads the collection the message needs to reach and then calls the
        process method of that collection. It returns the response built by the
        collection.
        """
        response = {}
        # Check if collection is specified and that the resource actually
        # exists.
        if not isinstance(body, dict):
            raise ResourceException("Bad message formatting")

        # Check if the message body contains filters.
        filters = body.get('filters')

        if check_perm:
            perms = permissions.check(self.permissions, user_id,
                                      body.get('collection'), body.get('id'))

            if body.get('action') not in perms:
                raise ResourceException("You don't have permission to do "
                                        "that.")

        if filters:
            if not self._check_filters(filters):
                raise ResourceException("Filters did not match")

        collection = body.get('collection')

        # Get a reference to the corresponding resource object.
        # Check if the object isn't already instantiated.
        try:
            instance = self.locator.get_instance(collection)

            # Call the resource's generic process method
            response = instance.process(body)

            # Check if it can be dumped in JSON format
            try:
                json.dumps(response)
            except UnicodeDecodeError, err:
                raise ResourceException("Problem when decoding payload.")

        except ResourceException, err:
            self.logger.debug("Resource exception: %s" % err)
            if response.get('status'):
                del response['status']
            response['error'] = '%s' % err
            response['uuid'] = self.uuid