def test_success(self): permissions = [("read", "id", "test-id"), ("write", "id", "another-id"), ("deny", "id", "last-id"), ("read", "xpath", "any string"), ("write", "xpath", "maybe xpath"), ("deny", "xpath", "xpath")] lib.validate_permissions(self.tree, permissions)
def test_success(self): permissions = [ ("read", "id", "test-id"), ("write", "id", "another-id"), ("deny", "id", "last-id"), ("read", "xpath", "any string"), ("write", "xpath", "maybe xpath"), ("deny", "xpath", "xpath") ] lib.validate_permissions(self.tree, permissions)
def add_permission(lib_env, role_id, permission_info_list): """ Add permissions do role with id role_id. If role doesn't exist it will be created. Raises LibraryError on any failure. lib_env -- LibraryEnvirnoment role_id -- id of role permission_info_list -- list of permissons, items of list should be tuples: (<read|write|deny>, <xpath|id>, <any string>) """ with cib_acl_section(lib_env) as acl_section: acl.validate_permissions(acl_section, permission_info_list) acl.add_permissions_to_role(acl.provide_role(acl_section, role_id), permission_info_list)
def test_unknown_permission(self): permissions = [ ("read", "id", "test-id"), ("unknown", "id", "another-id"), ("write", "xpath", "my xpath"), ("allow", "xpath", "xpath") ] assert_raise_library_error( lambda: lib.validate_permissions(self.tree, permissions), ( severities.ERROR, report_codes.INVALID_OPTION_VALUE, { "option_value": "unknown", "option_name": "permission", "allowed_values": self.allowed_permissions, }, None ), ( severities.ERROR, report_codes.INVALID_OPTION_VALUE, { "option_value": "allow", "option_name": "permission", "allowed_values": self.allowed_permissions, }, None ) )
def test_not_existing_id(self): permissions = [ ("read", "id", "test-id"), ("write", "id", "id"), ("deny", "id", "last"), ("write", "xpath", "maybe xpath") ] assert_raise_library_error( lambda: lib.validate_permissions(self.tree, permissions), ( severities.ERROR, report_codes.ID_NOT_FOUND, { "id": "id", "id_description": "id", } ), ( severities.ERROR, report_codes.ID_NOT_FOUND, { "id": "last", "id_description": "id", } ) )
def test_not_existing_id(self): permissions = [ ("read", "id", "test-id"), ("write", "id", "id"), ("deny", "id", "last"), ("write", "xpath", "maybe xpath") ] assert_raise_library_error( lambda: lib.validate_permissions(self.tree, permissions), ( severities.ERROR, report_codes.ID_NOT_FOUND, { "id": "id", "expected_types": ["id"], "context_type": "", "context_id": "", }, None ), ( severities.ERROR, report_codes.ID_NOT_FOUND, { "id": "last", "expected_types": ["id"], "context_type": "", "context_id": "", }, None ) )
def test_unknown_scope(self): permissions = [ ("read", "id", "test-id"), ("write", "not_id", "test-id"), ("deny", "not_xpath", "some xpath"), ("read", "xpath", "xpath") ] assert_raise_library_error( lambda: lib.validate_permissions(self.tree, permissions), ( severities.ERROR, report_codes.INVALID_OPTION_VALUE, { "option_value": "not_id", "option_name": "scope type", "allowed_values": self.allowed_scopes, }, None ), ( severities.ERROR, report_codes.INVALID_OPTION_VALUE, { "option_value": "not_xpath", "option_name": "scope type", "allowed_values": self.allowed_scopes, }, None ) )
def add_permission(lib_env, role_id, permission_info_list): """ Add permissions do role with id role_id. If role doesn't exist it will be created. Raises LibraryError on any failure. lib_env -- LibraryEnvirnoment role_id -- id of role permission_info_list -- list of permissons, items of list should be tuples: (<read|write|deny>, <xpath|id>, <any string>) """ cib = lib_env.get_cib(REQUIRED_CIB_VERSION) acl.validate_permissions(cib, permission_info_list) acl.add_permissions_to_role(acl.provide_role(cib, role_id), permission_info_list) lib_env.push_cib(cib)
def create_role(lib_env, role_id, permission_info_list, description): """ Create new acl role. Raises LibraryError on any failure. lib_env -- LibraryEnvirnoment role_id -- id of new role which should be created permission_info_list -- list of permissons, items of list should be tuples: (<read|write|deny>, <xpath|id>, <any string>) description -- text description for role """ with cib_acl_section(lib_env) as acl_section: if permission_info_list: acl.validate_permissions(acl_section, permission_info_list) role_el = acl.create_role(acl_section, role_id, description) if permission_info_list: acl.add_permissions_to_role(role_el, permission_info_list)
def add_permission(lib_env, role_id, permission_info_list): """ Add permissions do role with id role_id. If role doesn't exist it will be created. Raises LibraryError on any failure. lib_env -- LibraryEnvirnoment role_id -- id of role permission_info_list -- list of permissons, items of list should be tuples: (<read|write|deny>, <xpath|id>, <any string>) """ cib = lib_env.get_cib(REQUIRED_CIB_VERSION) acl.validate_permissions(cib, permission_info_list) acl.add_permissions_to_role( acl.provide_role(cib, role_id), permission_info_list ) lib_env.push_cib(cib)
def add_permission(lib_env, role_id, permission_info_list): """ Add permissions do role with id role_id. If role doesn't exist it will be created. Raises LibraryError on any failure. lib_env -- LibraryEnvirnoment role_id -- id of role permission_info_list -- list of permissons, items of list should be tuples: (<read|write|deny>, <xpath|id>, <any string>) """ with cib_acl_section(lib_env) as acl_section: acl.validate_permissions(acl_section, permission_info_list) acl.add_permissions_to_role( acl.provide_role(acl_section, role_id), permission_info_list )
def create_role(lib_env, role_id, permission_info_list, description): """ Create new acl role. Raises LibraryError on any failure. lib_env -- LibraryEnvirnoment role_id -- id of new role which should be created permission_info_list -- list of permissons, items of list should be tuples: (<read|write|deny>, <xpath|id>, <any string>) description -- text description for role """ cib = lib_env.get_cib(REQUIRED_CIB_VERSION) if permission_info_list: acl.validate_permissions(cib, permission_info_list) role_el = acl.create_role(cib, role_id, description) if permission_info_list: acl.add_permissions_to_role(role_el, permission_info_list) lib_env.push_cib(cib)