class BasicGroupTest(TestCase): """ Tests for group permissions on models with no inheritance. """ def setUp(self): self.fido = BasicAnimal(name="fido") self.fido.save() self.user1 = User.objects.create_user('testme', '*****@*****.**', 'testingpw') self.user1.save() self.user2 = User.objects.create_user('testme2', '*****@*****.**', 'testingpw') self.user2.save() self.group = Group(name='testgroup') self.group.save() def test_basic_group_permissions(self): self.assertFalse(self.user1.has_perm('pet', self.fido)) self.group.set_perm('pet', self.fido) self.assertFalse(self.user1.has_perm('pet', self.fido)) self.user1.groups.add(self.group) self.assertTrue(self.user1.has_perm('pet', self.fido)) self.assertFalse(self.user2.has_perm('pet', self.fido)) self.user2.groups.add(self.group) self.assertTrue(self.user2.has_perm('pet', self.fido)) self.assertTrue(self.group.has_perm('pet', self.fido)) def test_group_class_permissions(self): self.assertFalse(self.user1.has_perm('pet', self.fido)) self.assertFalse(self.user2.has_perm('pet', self.fido)) self.group.set_perm('pet', self.fido.__class__) self.assertFalse(self.user1.has_perm('pet', self.fido)) self.assertFalse(self.user1.has_perm('pet', self.fido.__class__)) self.user1.groups.add(self.group) self.assertTrue(self.user1.has_perm('pet', self.fido)) self.assertTrue(self.user1.has_perm('pet', self.fido.__class__)) self.assertFalse(self.user2.has_perm('pet', self.fido)) self.assertFalse(self.user2.has_perm('pet', self.fido.__class__)) # test behavior of perm only defined on class self.assertFalse(self.user1.has_perm('eat', self.fido)) self.assertFalse(self.user1.has_perm('eat', self.fido.__class__)) self.assertFalse(self.user2.has_perm('eat', self.fido)) self.assertFalse(self.user2.has_perm('eat', self.fido.__class__)) self.group.set_perm('eat', self.fido.__class__) self.assertTrue(self.user1.has_perm('eat', self.fido)) self.assertTrue(self.user1.has_perm('eat', self.fido.__class__)) self.assertFalse(self.user2.has_perm('eat', self.fido)) self.assertFalse(self.user2.has_perm('eat', self.fido.__class__))
class GroupInheritanceTest(TestCase): def setUp(self): self.fido = BasicDog(name="fido", breed="Golden Lab") self.fido.save() self.user1 = User.objects.create_user('testme1', '*****@*****.**', 'testingpw') self.user1.save() self.user2 = User.objects.create_user('testme2', '*****@*****.**', 'testingpw') self.user2.save() self.group = Group(name='testgroup') self.group.save() def test_group_inheritance(self): self.assertFalse(self.user1.has_perm('pet', self.fido)) self.assertFalse(self.group.has_perm('pet', self.fido))
def test_view_create_data(self): url = '/vm/add/%s' group1 = Group(id=81, name='testing_group2') group1.save() cluster1 = Cluster(hostname='test2.example.bak', slug='OSL_TEST2') cluster1.save() data = self.data # Login and grant user. self.assertTrue(self.c.login(username=self.user.username, password='******')) self.user.grant('create_vm', self.cluster) self.cluster.set_quota(self.user.get_profile(), dict(ram=1000, disk=2000, virtual_cpus=10)) # POST - user authorized for cluster (create_vm) self.user.grant('create_vm', self.cluster) data_ = data.copy() self.assertFalse(VirtualMachine.objects.filter(hostname='new.vm.hostname').exists()) response = self.c.post(url % '', data_, follow=True) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html') new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname') self.assertEqual(new_vm, response.context['instance']) self.assertTrue(self.user.has_perm('admin', new_vm)) self.user.revoke_all(self.cluster) self.user.revoke_all(new_vm) VirtualMachine.objects.all().delete() # POST - user authorized for cluster (admin) self.user.grant('admin', self.cluster) response = self.c.post(url % '', data, follow=True) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html') new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname') self.assertEqual(new_vm, response.context['instance']) self.assertTrue(self.user.has_perm('admin', new_vm)) VirtualMachine.objects.all().delete() self.user.revoke_all(self.cluster) self.user.revoke_all(new_vm) # POST - User attempting to be other user self.user.grant('admin', self.cluster) data_ = data.copy() data_['owner'] = self.user1.get_profile().id response = self.c.post(url % '', data_) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create.html') self.assertFalse(VirtualMachine.objects.filter(hostname='new.vm.hostname').exists()) self.user.revoke_all(self.cluster) # POST - user authorized for cluster (superuser) self.user.is_superuser = True self.user.save() response = self.c.post(url % '', data, follow=True) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html') new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname') self.assertEqual(new_vm, response.context['instance']) self.assertTrue(self.user.has_perm('admin', new_vm)) self.user.revoke_all(new_vm) VirtualMachine.objects.all().delete() # POST - ganeti error self.cluster.rapi.CreateInstance.error = client.GanetiApiError('Testing Error') response = self.c.post(url % '', data) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create.html') self.assertFalse(VirtualMachine.objects.filter(hostname='new.vm.hostname').exists()) self.cluster.rapi.CreateInstance.error = None # POST - User attempting to be other user (superuser) data_ = data.copy() data_['owner'] = self.user1.get_profile().id response = self.c.post(url % '', data_, follow=True) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html') new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname') self.assertEqual(new_vm, response.context['instance']) self.assertTrue(self.user1.has_perm('admin', new_vm)) self.assertEqual([], self.user.get_perms(new_vm)) self.user.revoke_all(new_vm) self.user1.revoke_all(new_vm) VirtualMachine.objects.all().delete() # reset for group owner self.user.is_superuser = False self.user.save() data['owner'] = self.group.organization.id # POST - user is not member of group self.user.grant('admin', self.cluster) self.group.grant('create_vm', self.cluster) self.assertFalse(self.group in self.user.groups.all()) response = self.c.post(url % '', data) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create.html') self.assertFalse(VirtualMachine.objects.filter(hostname='new.vm.hostname').exists()) self.user.revoke_all(self.cluster) self.group.revoke_all(self.cluster) VirtualMachine.objects.all().delete() # add user to group self.group.user_set.add(self.user) # POST - group authorized for cluster (create_vm) self.group.grant('create_vm', self.cluster) response = self.c.post(url % '', data, follow=True) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html') new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname') self.assertEqual(new_vm, response.context['instance']) self.assertTrue(self.group.has_perm('admin', new_vm)) self.group.revoke_all(self.cluster) self.group.revoke_all(new_vm) VirtualMachine.objects.all().delete() # POST - group authorized for cluster (admin) self.group.grant('admin', self.cluster) response = self.c.post(url % '', data, follow=True) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html') new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname') self.assertEqual(new_vm, response.context['instance']) self.assertTrue(self.group.has_perm('admin', new_vm)) self.group.revoke_all(self.cluster) self.group.revoke_all(new_vm) VirtualMachine.objects.all().delete() # POST - group authorized for cluster (superuser) self.user.is_superuser = True self.user.save() response = self.c.post(url % '', data, follow=True) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html') new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname') self.assertEqual(new_vm, response.context['instance']) self.assertTrue(self.group.has_perm('admin', new_vm)) self.group.revoke_all(new_vm) VirtualMachine.objects.all().delete() # POST - not a group member (superuser) data_ = data.copy() data_['owner'] = group1.organization.id response = self.c.post(url % '', data_, follow=True) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html') new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname') self.assertEqual(new_vm, response.context['instance']) self.assertTrue(group1.has_perm('admin', new_vm)) self.assertFalse(self.group.has_perm('admin', new_vm))
def test_view_create_data(self): url = '/vm/add/%s' group1 = Group(id=81, name='testing_group2') group1.save() cluster1 = Cluster(hostname='test2.example.bak', slug='OSL_TEST2') cluster1.save() data = self.data # Login and grant user. self.assertTrue( self.c.login(username=self.user.username, password='******')) self.user.grant('create_vm', self.cluster) self.cluster.set_quota(self.user.get_profile(), dict(ram=1000, disk=2000, virtual_cpus=10)) # POST - user authorized for cluster (create_vm) self.user.grant('create_vm', self.cluster) data_ = data.copy() self.assertFalse( VirtualMachine.objects.filter(hostname='new.vm.hostname').exists()) response = self.c.post(url % '', data_, follow=True) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html') new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname') self.assertEqual(new_vm, response.context['instance']) self.assertTrue(self.user.has_perm('admin', new_vm)) self.user.revoke_all(self.cluster) self.user.revoke_all(new_vm) VirtualMachine.objects.all().delete() # POST - user authorized for cluster (admin) self.user.grant('admin', self.cluster) response = self.c.post(url % '', data, follow=True) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html') new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname') self.assertEqual(new_vm, response.context['instance']) self.assertTrue(self.user.has_perm('admin', new_vm)) VirtualMachine.objects.all().delete() self.user.revoke_all(self.cluster) self.user.revoke_all(new_vm) # POST - User attempting to be other user self.user.grant('admin', self.cluster) data_ = data.copy() data_['owner'] = self.user1.get_profile().id response = self.c.post(url % '', data_) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create.html') self.assertFalse( VirtualMachine.objects.filter(hostname='new.vm.hostname').exists()) self.user.revoke_all(self.cluster) # POST - user authorized for cluster (superuser) self.user.is_superuser = True self.user.save() response = self.c.post(url % '', data, follow=True) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html') new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname') self.assertEqual(new_vm, response.context['instance']) self.assertTrue(self.user.has_perm('admin', new_vm)) self.user.revoke_all(new_vm) VirtualMachine.objects.all().delete() # POST - ganeti error self.cluster.rapi.CreateInstance.error = client.GanetiApiError( 'Testing Error') response = self.c.post(url % '', data) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create.html') self.assertFalse( VirtualMachine.objects.filter(hostname='new.vm.hostname').exists()) self.cluster.rapi.CreateInstance.error = None # POST - User attempting to be other user (superuser) data_ = data.copy() data_['owner'] = self.user1.get_profile().id response = self.c.post(url % '', data_, follow=True) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html') new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname') self.assertEqual(new_vm, response.context['instance']) self.assertTrue(self.user1.has_perm('admin', new_vm)) self.assertEqual([], self.user.get_perms(new_vm)) self.user.revoke_all(new_vm) self.user1.revoke_all(new_vm) VirtualMachine.objects.all().delete() # reset for group owner self.user.is_superuser = False self.user.save() data['owner'] = self.group.organization.id # POST - user is not member of group self.user.grant('admin', self.cluster) self.group.grant('create_vm', self.cluster) self.assertFalse(self.group in self.user.groups.all()) response = self.c.post(url % '', data) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create.html') self.assertFalse( VirtualMachine.objects.filter(hostname='new.vm.hostname').exists()) self.user.revoke_all(self.cluster) self.group.revoke_all(self.cluster) VirtualMachine.objects.all().delete() # add user to group self.group.user_set.add(self.user) # POST - group authorized for cluster (create_vm) self.group.grant('create_vm', self.cluster) response = self.c.post(url % '', data, follow=True) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html') new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname') self.assertEqual(new_vm, response.context['instance']) self.assertTrue(self.group.has_perm('admin', new_vm)) self.group.revoke_all(self.cluster) self.group.revoke_all(new_vm) VirtualMachine.objects.all().delete() # POST - group authorized for cluster (admin) self.group.grant('admin', self.cluster) response = self.c.post(url % '', data, follow=True) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html') new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname') self.assertEqual(new_vm, response.context['instance']) self.assertTrue(self.group.has_perm('admin', new_vm)) self.group.revoke_all(self.cluster) self.group.revoke_all(new_vm) VirtualMachine.objects.all().delete() # POST - group authorized for cluster (superuser) self.user.is_superuser = True self.user.save() response = self.c.post(url % '', data, follow=True) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html') new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname') self.assertEqual(new_vm, response.context['instance']) self.assertTrue(self.group.has_perm('admin', new_vm)) self.group.revoke_all(new_vm) VirtualMachine.objects.all().delete() # POST - not a group member (superuser) data_ = data.copy() data_['owner'] = group1.organization.id response = self.c.post(url % '', data_, follow=True) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/create_status.html') new_vm = VirtualMachine.objects.get(hostname='new.vm.hostname') self.assertEqual(new_vm, response.context['instance']) self.assertTrue(group1.has_perm('admin', new_vm)) self.assertFalse(self.group.has_perm('admin', new_vm))