def add_capability(domain, action, simplified=True):
try:
if simplified:
domain = Capability.simToReg(domain)
return Capability.create(domain=domain, action=action)
except IntegrityError:
raise ConflictException("a capability with the same attributes already exists")
def add_capability(domain, action, simplified=True):
try:
if simplified:
domain = Capability.simToReg(domain)
return Capability.create(domain=domain, action=action)
except IntegrityError:
raise ConflictException("a capability with the same attributes already exists")
def test_remove_capabilities(self):
usr, caps = self.populate()
Capability.delete().where(Capability.domain == caps[0].domain,
Capability.action == caps[0].action).execute()
eq_(usr.capabilities.count(), 1)
eq_(usr.capabilities.get(), caps[1])
eq_(GroupToCapability.select().count(), 1)
def test_domain_matching_false(self):
res = Capability.simToReg('volumes/*/attachments/*')
cap = Capability.create(domain=res, action='21')
self.assertFalse(cap.match_domain('volumes//attachments/z7s71kj23'))
self.assertFalse(cap.match_domain('volumes/123123'))
self.assertFalse(cap.match_domain('volumes/123123/attachments'))
self.assertFalse(cap.match_domain('volumes/attachments/z7s71kj23'))
self.assertFalse(cap.match_domain('volumes/j12j3213j/attachments'))
self.assertFalse(cap.match_domain('volumes/j12j3213j/attachments/123123/name'))
self.assertFalse(cap.match_domain('nothere/volumes/j12j3213j/attachments/123123/name'))
def populate(self):
with self.udb.atomic():
cap1 = Capability.create(domain='res1', action=Action.READ)
cap2 = Capability.create(domain='res2', action=Action.UPDATE)
grp1 = Group.create(name='grp2')
grp2 = Group.create(name='grp1')
usr = User.create(name='usr')
grp1.capabilities.add(cap1)
grp2.capabilities.add(cap2)
usr.groups.add([grp1, grp2])
return usr, [cap1, cap2]
def test_group_can(self):
cap1 = Capability.create(domain=Capability.simToReg('volumes/*'),
action=Action.CREATE | Action.READ)
cap2 = Capability.create(domain=Capability.simToReg('users/123'),
action=Action.CREATE | Action.DELETE)
grp = Group.create(name='grp2')
grp.capabilities.add([cap1, cap2])
self.assertTrue(grp.can('volumes/123', Action.CREATE | Action.READ))
self.assertFalse(grp.can('volumes/82828', Action.DELETE))
self.assertTrue(grp.can('users/123', Action.DELETE))
self.assertFalse(grp.can('users/123', Action.UPDATE))
def test_user_can(self):
cap1 = Capability.create(domain=Capability.simToReg('volumes/*'),
action=Action.CREATE | Action.READ)
cap2 = Capability.create(domain=Capability.simToReg('volumes/123'),
action=Action.UPDATE)
grp1 = Group.create(name='grp2')
grp2 = Group.create(name='grp1')
usr = User.create(name='usr')
grp1.capabilities.add(cap1)
grp2.capabilities.add(cap2)
usr.groups.add([grp1, grp2])
self.assertTrue(usr.can('volumes/61273', action=Action.CREATE))
self.assertTrue(usr.can('volumes/123', Action.CREATE | Action.READ))
self.assertFalse(usr.can('volumes/82828', Action.DELETE))
self.assertFalse(usr.can('volumes/123', Action.DELETE))
def test_assign_capability_to_group(self):
cap = Capability.create(domain='res', action=Action.DELETE)
anons = Group.create(name='anons')
anons.capabilities.add(cap)
anons.save()
eq_(anons.capabilities.count(), 1)
eq_(anons.capabilities.get(), cap)
def update_capability(id, updates):
with db.atomic():
cap = get_capability(id)
if 'domain' in updates:
cap.domain = Capability.simToReg(updates['domain'])
if 'action' in updates:
cap.action = updates['action']
cap.save()
def test_action_matching(self):
cap = Capability.create(domain='s',
action=(Action.CREATE | Action.READ | Action.UPDATE))
self.assertTrue(cap.match_action(Action.UPDATE))
self.assertTrue(cap.match_action(Action.READ | Action.READ))
self.assertFalse(cap.match_action(Action.DELETE))
self.assertFalse(cap.match_action(Action.READ | Action.DELETE))
self.assertFalse(cap.match_action(123123))
def update_capability(id, updates):
with db.atomic():
cap = get_capability(id)
if 'domain' in updates:
cap.domain = Capability.simToReg(updates['domain'])
if 'action' in updates:
cap.action = updates['action']
cap.save()
def test_assign_same_capability_to_group(self):
cap = Capability.create(domain='res', action=Action.DELETE)
anons = Group.create(name='anons')
anons.capabilities.add(cap)
anons.save()
with self.assertRaises(IntegrityError):
anons.capabilities.add(cap)
anons.save()
eq_(anons.capabilities.count(), 1)
eq_(anons.capabilities.get(), cap)
def test_capability_matching(self):
res = Capability.simToReg('/volumes/*/attachemnts/*')
cap = Capability.create(domain=res, action=Action.READ)
cap.match('volumes/1/attachments/3', Action.READ)
def delete_capability(capID):
if not Capability.delete().where(Capability.id == capID).execute():
raise NotFoundException('no capability could be found with this id')
def test_domain_matching_true(self):
res = Capability.simToReg('volumes/*/attachments/*')
cap = Capability.create(domain=res, action='21')
self.assertTrue(cap.match_domain('volumes/j12j3213j/attachments/z7s71kj23'))
self.assertTrue(cap.match_domain('/volumes/123nj12j3k/attachments/kj321k'))
self.assertTrue(cap.match_domain('volumes/123nj12j3k/attachments/kj321k/'))
def delete_capability(capID):
if not Capability.delete().where(Capability.id == capID).execute():
raise NotFoundException('no capability could be found with this id')
def get_capability(capID):
try:
return Capability.get(Capability.id == capID)
except Capability.DoesNotExist:
raise NotFoundException("no capability could be found with these attributes")
def test_simplified_to_reg_conversion(self):
self.assertEqual(Capability.regToSim(Capability.simToReg('/volumes/*/attachments')), 'volumes/*/attachments')
self.assertEqual(Capability.regToSim(Capability.simToReg('volumes/*/attachments/')), 'volumes/*/attachments')
self.assertEqual(Capability.regToSim(Capability.simToReg('/*/')), '*')
try:
groups = [{'id': g.id} for g in users.api.get_groups_of_user(userID)]
except users.api.NotFoundException, e:
raise ApiError("Not found", 404, details=str(e))
return jsonify({'data': groups})
@route('/capabilities/<int:capID>', methods=['GET'])
def get_capability(capID):
try:
cap = users.api.get_capability(capID)
except users.api.NotFoundException, e:
raise ApiError("Not found", 404, details=str(e))
return jsonify({'data':
{'id': cap.id,
'domain': Capability.regToSim(cap.domain),
'actions': cap.action.to_list()}})
@route('/capabilities/<int:capID>', methods=['DELETE'])
def delete_capability(capID):
try:
users.api.delete_capability(capID)
except users.api.NotFoundException, e:
raise ApiError("Not found", 404, details=str(e))
return make_success_response("capability has been successfully deleted")
@route('/capabilities/', methods=['POST'])
def add_capability():
request.on_json_loading_failed = on_json_load_error
def get_capability(capID):
try:
return Capability.get(Capability.id == capID)
except Capability.DoesNotExist:
raise NotFoundException("no capability could be found with these attributes")
def test_capability_creation(self):
Capability.create(domain='res', action=Action.CREATE)
eq_(Capability.select().count(), 1)
def get_capabilities():
return Capability.select()