def test_success(self):
permissions = [("read", "id", "test-id"),
("write", "id", "another-id"),
("deny", "id", "last-id"),
("read", "xpath", "any string"),
("write", "xpath", "maybe xpath"),
("deny", "xpath", "xpath")]
lib.validate_permissions(self.tree, permissions)
def test_success(self):
permissions = [
("read", "id", "test-id"),
("write", "id", "another-id"),
("deny", "id", "last-id"),
("read", "xpath", "any string"),
("write", "xpath", "maybe xpath"),
("deny", "xpath", "xpath")
]
lib.validate_permissions(self.tree, permissions)
def add_permission(lib_env, role_id, permission_info_list):
"""
Add permissions do role with id role_id. If role doesn't exist it will be
created.
Raises LibraryError on any failure.
lib_env -- LibraryEnvirnoment
role_id -- id of role
permission_info_list -- list of permissons, items of list should be tuples:
(<read|write|deny>, <xpath|id>, <any string>)
"""
with cib_acl_section(lib_env) as acl_section:
acl.validate_permissions(acl_section, permission_info_list)
acl.add_permissions_to_role(acl.provide_role(acl_section, role_id),
permission_info_list)
def test_unknown_permission(self):
permissions = [
("read", "id", "test-id"),
("unknown", "id", "another-id"),
("write", "xpath", "my xpath"),
("allow", "xpath", "xpath")
]
assert_raise_library_error(
lambda: lib.validate_permissions(self.tree, permissions),
(
severities.ERROR,
report_codes.INVALID_OPTION_VALUE,
{
"option_value": "unknown",
"option_name": "permission",
"allowed_values": self.allowed_permissions,
},
None
),
(
severities.ERROR,
report_codes.INVALID_OPTION_VALUE,
{
"option_value": "allow",
"option_name": "permission",
"allowed_values": self.allowed_permissions,
},
None
)
)
def test_not_existing_id(self):
permissions = [
("read", "id", "test-id"),
("write", "id", "id"),
("deny", "id", "last"),
("write", "xpath", "maybe xpath")
]
assert_raise_library_error(
lambda: lib.validate_permissions(self.tree, permissions),
(
severities.ERROR,
report_codes.ID_NOT_FOUND,
{
"id": "id",
"id_description": "id",
}
),
(
severities.ERROR,
report_codes.ID_NOT_FOUND,
{
"id": "last",
"id_description": "id",
}
)
)
def test_not_existing_id(self):
permissions = [
("read", "id", "test-id"),
("write", "id", "id"),
("deny", "id", "last"),
("write", "xpath", "maybe xpath")
]
assert_raise_library_error(
lambda: lib.validate_permissions(self.tree, permissions),
(
severities.ERROR,
report_codes.ID_NOT_FOUND,
{
"id": "id",
"expected_types": ["id"],
"context_type": "",
"context_id": "",
},
None
),
(
severities.ERROR,
report_codes.ID_NOT_FOUND,
{
"id": "last",
"expected_types": ["id"],
"context_type": "",
"context_id": "",
},
None
)
)
def test_unknown_scope(self):
permissions = [
("read", "id", "test-id"),
("write", "not_id", "test-id"),
("deny", "not_xpath", "some xpath"),
("read", "xpath", "xpath")
]
assert_raise_library_error(
lambda: lib.validate_permissions(self.tree, permissions),
(
severities.ERROR,
report_codes.INVALID_OPTION_VALUE,
{
"option_value": "not_id",
"option_name": "scope type",
"allowed_values": self.allowed_scopes,
},
None
),
(
severities.ERROR,
report_codes.INVALID_OPTION_VALUE,
{
"option_value": "not_xpath",
"option_name": "scope type",
"allowed_values": self.allowed_scopes,
},
None
)
)
def add_permission(lib_env, role_id, permission_info_list):
"""
Add permissions do role with id role_id. If role doesn't exist it will be
created.
Raises LibraryError on any failure.
lib_env -- LibraryEnvirnoment
role_id -- id of role
permission_info_list -- list of permissons, items of list should be tuples:
(<read|write|deny>, <xpath|id>, <any string>)
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
acl.validate_permissions(cib, permission_info_list)
acl.add_permissions_to_role(acl.provide_role(cib, role_id),
permission_info_list)
lib_env.push_cib(cib)
def test_not_existing_id(self):
permissions = [
("read", "id", "test-id"),
("write", "id", "id"),
("deny", "id", "last"),
("write", "xpath", "maybe xpath")
]
assert_raise_library_error(
lambda: lib.validate_permissions(self.tree, permissions),
(
severities.ERROR,
report_codes.ID_NOT_FOUND,
{
"id": "id",
"expected_types": ["id"],
"context_type": "",
"context_id": "",
},
None
),
(
severities.ERROR,
report_codes.ID_NOT_FOUND,
{
"id": "last",
"expected_types": ["id"],
"context_type": "",
"context_id": "",
},
None
)
)
def create_role(lib_env, role_id, permission_info_list, description):
"""
Create new acl role.
Raises LibraryError on any failure.
lib_env -- LibraryEnvirnoment
role_id -- id of new role which should be created
permission_info_list -- list of permissons, items of list should be tuples:
(<read|write|deny>, <xpath|id>, <any string>)
description -- text description for role
"""
with cib_acl_section(lib_env) as acl_section:
if permission_info_list:
acl.validate_permissions(acl_section, permission_info_list)
role_el = acl.create_role(acl_section, role_id, description)
if permission_info_list:
acl.add_permissions_to_role(role_el, permission_info_list)
def add_permission(lib_env, role_id, permission_info_list):
"""
Add permissions do role with id role_id. If role doesn't exist it will be
created.
Raises LibraryError on any failure.
lib_env -- LibraryEnvirnoment
role_id -- id of role
permission_info_list -- list of permissons, items of list should be tuples:
(<read|write|deny>, <xpath|id>, <any string>)
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
acl.validate_permissions(cib, permission_info_list)
acl.add_permissions_to_role(
acl.provide_role(cib, role_id), permission_info_list
)
lib_env.push_cib(cib)
def add_permission(lib_env, role_id, permission_info_list):
"""
Add permissions do role with id role_id. If role doesn't exist it will be
created.
Raises LibraryError on any failure.
lib_env -- LibraryEnvirnoment
role_id -- id of role
permission_info_list -- list of permissons, items of list should be tuples:
(<read|write|deny>, <xpath|id>, <any string>)
"""
with cib_acl_section(lib_env) as acl_section:
acl.validate_permissions(acl_section, permission_info_list)
acl.add_permissions_to_role(
acl.provide_role(acl_section, role_id),
permission_info_list
)
def create_role(lib_env, role_id, permission_info_list, description):
"""
Create new acl role.
Raises LibraryError on any failure.
lib_env -- LibraryEnvirnoment
role_id -- id of new role which should be created
permission_info_list -- list of permissons, items of list should be tuples:
(<read|write|deny>, <xpath|id>, <any string>)
description -- text description for role
"""
with cib_acl_section(lib_env) as acl_section:
if permission_info_list:
acl.validate_permissions(acl_section, permission_info_list)
role_el = acl.create_role(acl_section, role_id, description)
if permission_info_list:
acl.add_permissions_to_role(role_el, permission_info_list)
def create_role(lib_env, role_id, permission_info_list, description):
"""
Create new acl role.
Raises LibraryError on any failure.
lib_env -- LibraryEnvirnoment
role_id -- id of new role which should be created
permission_info_list -- list of permissons, items of list should be tuples:
(<read|write|deny>, <xpath|id>, <any string>)
description -- text description for role
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
if permission_info_list:
acl.validate_permissions(cib, permission_info_list)
role_el = acl.create_role(cib, role_id, description)
if permission_info_list:
acl.add_permissions_to_role(role_el, permission_info_list)
lib_env.push_cib(cib)
def create_role(lib_env, role_id, permission_info_list, description):
"""
Create new acl role.
Raises LibraryError on any failure.
lib_env -- LibraryEnvirnoment
role_id -- id of new role which should be created
permission_info_list -- list of permissons, items of list should be tuples:
(<read|write|deny>, <xpath|id>, <any string>)
description -- text description for role
"""
cib = lib_env.get_cib(REQUIRED_CIB_VERSION)
if permission_info_list:
acl.validate_permissions(cib, permission_info_list)
role_el = acl.create_role(cib, role_id, description)
if permission_info_list:
acl.add_permissions_to_role(role_el, permission_info_list)
lib_env.push_cib(cib)
