def test_get_one_no_permissions(self):
user_db = self.users['no_permissions']
self.use_user(user_db)
trigger_db = self.models['triggers']['cron1.yaml']
trigger_id = trigger_db.id
timer_uid = TimerDB(name=trigger_db.name, pack=trigger_db.pack).get_uid()
resp = self.app.get('/v1/timers/%s' % (trigger_id), expect_errors=True)
expected_msg = ('User "no_permissions" doesn\'t have required permission "timer_view"'
' on resource "%s"' % (timer_uid))
self.assertEqual(resp.status_code, http_client.FORBIDDEN)
self.assertEqual(resp.json['faultstring'], expected_msg)
def get_one(self, ref_or_id, requester_user):
try:
trigger_db = self._get_by_ref_or_id(ref_or_id=ref_or_id)
except Exception as e:
LOG.exception(e.message)
abort(http_client.NOT_FOUND, e.message)
return
permission_type = PermissionType.TIMER_VIEW
resource_db = TimerDB(pack=trigger_db.pack, name=trigger_db.name)
rbac_utils.assert_user_has_resource_db_permission(user_db=requester_user,
resource_db=resource_db,
permission_type=permission_type)
result = self.model.from_model(trigger_db)
return result
def test_get_all_permission_success_get_one_no_permission_failure(self):
user_db = self.users['timer_list']
self.use_user(user_db)
# timer_list permission, but no timer_view permission
resp = self.app.get('/v1/timers')
self.assertEqual(resp.status_code, httplib.OK)
self.assertEqual(len(resp.json), 5)
trigger_db = self.models['triggers']['cron1.yaml']
trigger_id = trigger_db.id
timer_uid = TimerDB(name=trigger_db.name,
pack=trigger_db.pack).get_uid()
resp = self.app.get('/v1/timers/%s' % (trigger_id), expect_errors=True)
expected_msg = (
'User "timer_list" doesn\'t have required permission "timer_view"'
' on resource "%s"' % (timer_uid))
self.assertEqual(resp.status_code, httplib.FORBIDDEN)
self.assertEqual(resp.json['faultstring'], expected_msg)
def setUp(self):
super(TimerControllerRBACTestCase, self).setUp()
self.models = self.fixtures_loader.save_fixtures_to_db(
fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES)
file_name = 'cron1.yaml'
TimerControllerRBACTestCase.TRIGGER_1 = self.fixtures_loader.load_fixtures(
fixtures_pack=FIXTURES_PACK,
fixtures_dict={'triggers': [file_name]})['triggers'][file_name]
file_name = 'date1.yaml'
TimerControllerRBACTestCase.TRIGGER_2 = self.fixtures_loader.load_fixtures(
fixtures_pack=FIXTURES_PACK,
fixtures_dict={'triggers': [file_name]})['triggers'][file_name]
file_name = 'interval1.yaml'
TimerControllerRBACTestCase.TRIGGER_3 = self.fixtures_loader.load_fixtures(
fixtures_pack=FIXTURES_PACK,
fixtures_dict={'triggers': [file_name]})['triggers'][file_name]
# Insert mock users, roles and assignments
# Users
user_1_db = UserDB(name='timer_list')
user_1_db = User.add_or_update(user_1_db)
self.users['timer_list'] = user_1_db
user_2_db = UserDB(name='timer_view')
user_2_db = User.add_or_update(user_2_db)
self.users['timer_view'] = user_2_db
# Roles
# timer_list
grant_db = PermissionGrantDB(
resource_uid=None,
resource_type=ResourceType.TIMER,
permission_types=[PermissionType.TIMER_LIST])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_1_db = RoleDB(name='timer_list',
permission_grants=permission_grants)
role_1_db = Role.add_or_update(role_1_db)
self.roles['timer_list'] = role_1_db
# timer_View on timer 1
trigger_db = self.models['triggers']['cron1.yaml']
timer_uid = TimerDB(name=trigger_db.name,
pack=trigger_db.pack).get_uid()
grant_db = PermissionGrantDB(
resource_uid=timer_uid,
resource_type=ResourceType.TIMER,
permission_types=[PermissionType.TIMER_VIEW])
grant_db = PermissionGrant.add_or_update(grant_db)
permission_grants = [str(grant_db.id)]
role_1_db = RoleDB(name='timer_view',
permission_grants=permission_grants)
role_1_db = Role.add_or_update(role_1_db)
self.roles['timer_view'] = role_1_db
# Role assignments
role_assignment_db = UserRoleAssignmentDB(
user=self.users['timer_list'].name,
role=self.roles['timer_list'].name)
UserRoleAssignment.add_or_update(role_assignment_db)
role_assignment_db = UserRoleAssignmentDB(
user=self.users['timer_view'].name,
role=self.roles['timer_view'].name)
UserRoleAssignment.add_or_update(role_assignment_db)