def test_build():
a = SampleACL(u('foo'), dt(30))
assert a.owner == u('foo')
assert a.lastupdate == dt(30)
assert a.admin == ()
assert a.write == ()
assert a.read == ()
assert a.public_read is False
a = SampleACL(
u('foo'),
dt(-56),
[u('baz'), u('bat'), u('baz')],
read=[u('wheee'), u('wheee')],
write=[u('wugga'), u('a'), u('b'), u('wugga')],
public_read=True)
assert a.owner == u('foo')
assert a.lastupdate == dt(-56)
assert a.admin == (u('bat'), u('baz'))
assert a.write == (u('a'), u('b'), u('wugga'))
assert a.read == (u('wheee'),)
assert a.public_read is True
a = SampleACL(u('foo'), dt(30), public_read=None)
assert a.owner == u('foo')
assert a.lastupdate == dt(30)
assert a.admin == ()
assert a.write == ()
assert a.read == ()
assert a.public_read is False
def test_build():
a = SampleACL(u('foo'))
assert a.owner == u('foo')
assert a.admin == ()
assert a.write == ()
assert a.read == ()
a = SampleACL(u('foo'), [u('baz'), u('bat'), u('baz')],
read=[u('wheee'), u('wheee')],
write=[u('wugga'), u('a'),
u('b'), u('wugga')])
assert a.owner == u('foo')
assert a.admin == (u('baz'), u('bat'))
assert a.write == (u('wugga'), u('a'), u('b'))
assert a.read == (u('wheee'), )
def test_acls_to_dict_minimal():
assert acls_to_dict(SampleACL(UserID('user'))) == {
'owner': 'user',
'admin': (),
'write': (),
'read': ()
}
def replace_sample_acls(self,
id_: UUID,
user: UserID,
new_acls: SampleACLOwnerless,
as_admin: bool = False) -> None:
'''
Completely replace a sample's ACLs. The owner cannot be changed.
:param id_: the sample's ID.
:param user: the user changing the ACLs.
:param new_acls: the new ACLs.
:param as_admin: Skip ACL checks.
:raises NoSuchUserError: if any of the users in the ACLs do not exist.
:raises NoSuchSampleError: if the sample does not exist.
:raises UnauthorizedError: if the user does not have admin permission for the sample or
the request attempts to change the owner.
:raises SampleStorageError: if the sample could not be retrieved.
'''
_not_falsy(id_, 'id_')
_not_falsy(user, 'user')
_not_falsy(new_acls, 'new_acls')
try:
bad_users = self._user_lookup.invalid_users(
_cast(List[UserID], []) + list(new_acls.admin) +
list(new_acls.write) + list(new_acls.read))
# let authentication errors propagate, not much to do
# could add retries to the client
except _user_lookup_mod.InvalidUserError as e:
raise _NoSuchUserError(e.args[0]) from e
except _user_lookup_mod.InvalidTokenError:
raise ValueError(
'user lookup token for KBase auth server is invalid, cannot continue'
)
if bad_users:
raise _NoSuchUserError(', '.join([u.id for u in bad_users[:5]]))
count = 0
while count >= 0:
if count >= 5:
raise ValueError(
f'Failed setting ACLs after 5 attempts for sample {id_}')
acls = self._storage.get_sample_acls(id_)
self._check_perms(id_,
user,
_SampleAccessType.ADMIN,
acls,
as_admin=as_admin)
new_acls = SampleACL(acls.owner, new_acls.admin, new_acls.write,
new_acls.read)
try:
self._storage.replace_sample_acls(id_, new_acls)
count = -1
except _OwnerChangedError:
count += 1
def test_acls_to_dict_maximal():
assert acls_to_dict(
SampleACL(
UserID('user'),
[UserID('foo'), UserID('bar')],
[UserID('baz')],
[UserID('hello'), UserID("I'm"), UserID('a'), UserID('robot')])) == {
'owner': 'user',
'admin': ('foo', 'bar'),
'write': ('baz',),
'read': ('hello', "I'm", 'a', 'robot')
}
def replace_sample_acls(self,
id_: UUID,
user: UserID,
new_acls: SampleACLOwnerless,
as_admin: bool = False) -> None:
'''
Completely replace a sample's ACLs. The owner cannot be changed.
:param id_: the sample's ID.
:param user: the user changing the ACLs.
:param new_acls: the new ACLs.
:param as_admin: Skip ACL checks.
:raises NoSuchUserError: if any of the users in the ACLs do not exist.
:raises NoSuchSampleError: if the sample does not exist.
:raises UnauthorizedError: if the user does not have admin permission for the sample or
the request attempts to change the owner.
:raises SampleStorageError: if the sample could not be retrieved.
'''
_not_falsy(id_, 'id_')
_not_falsy(user, 'user')
_not_falsy(new_acls, 'new_acls')
self._check_for_bad_users(
_cast(List[UserID], []) + list(new_acls.admin) +
list(new_acls.write) + list(new_acls.read))
count = 0
while count >= 0:
if count >= 5:
raise ValueError(
f'Failed setting ACLs after 5 attempts for sample {id_}')
acls = self._storage.get_sample_acls(id_)
self._check_perms(id_,
user,
_SampleAccessType.ADMIN,
acls,
as_admin=as_admin)
new_acls = SampleACL(acls.owner, self._now(), new_acls.admin,
new_acls.write, new_acls.read,
new_acls.public_read)
try:
self._storage.replace_sample_acls(id_, new_acls)
count = -1
except _OwnerChangedError:
count += 1
if self._kafka:
self._kafka.notify_sample_acl_change(id_)
def test_is_update_fail():
s = SampleACL(u('u'), dt(1))
_is_update_fail(s, None, ValueError('update cannot be a value that evaluates to false'))
_is_update_fail(
s, SampleACLDelta([u('a'), u('u')], [u('v')]),
UnauthorizedError('ACLs for the sample owner u may not be modified by a delta update.'))
_is_update_fail(
s, SampleACLDelta([u('a')], write=[u('v'), u('u')]),
UnauthorizedError('ACLs for the sample owner u may not be modified by a delta update.'))
_is_update_fail(
s, SampleACLDelta([u('a')], read=[u('v'), u('u')]),
UnauthorizedError('ACLs for the sample owner u may not be modified by a delta update.'))
_is_update_fail(
s, SampleACLDelta([u('a')], remove=[u('v'), u('u')]),
UnauthorizedError('ACLs for the sample owner u may not be modified by a delta update.'))
_is_update_fail(
s, SampleACLDelta([u('a')], remove=[u('v'), u('u')], at_least=True),
UnauthorizedError('ACLs for the sample owner u may not be modified by a delta update.'))
def test_hash():
# hashes will change from instance to instance of the python interpreter, and therefore
# tests can't be written that directly test the hash value. See
# https://docs.python.org/3/reference/datamodel.html#object.__hash__
t = dt(56)
assert hash(SampleACL(u('foo'), t)) == hash(SampleACL(u('foo'), t))
assert hash(SampleACL(u('bar'), dt(5))) == hash(SampleACL(u('bar'), dt(5)))
assert hash(SampleACL(u('foo'), t)) != hash(SampleACL(u('bar'), t))
assert hash(SampleACL(u('foo'), t)) != hash(SampleACL(u('foo'), dt(55)))
assert hash(SampleACL(u('foo'), t, [u('bar')])) == hash(SampleACL(u('foo'), t, [u('bar')]))
assert hash(SampleACL(u('foo'), t, [u('bar')])) != hash(SampleACL(u('foo'), t, [u('baz')]))
assert hash(SampleACL(u('foo'), t, write=[u('bar')])) == hash(
SampleACL(u('foo'), t, write=[u('bar')]))
assert hash(SampleACL(u('foo'), t, write=[u('bar')])) != hash(
SampleACL(u('foo'), t, write=[u('baz')]))
assert hash(SampleACL(u('foo'), t, read=[u('bar')])) == hash(
SampleACL(u('foo'), t, read=[u('bar')]))
assert hash(SampleACL(u('foo'), t, read=[u('bar')])) != hash(
SampleACL(u('foo'), t, read=[u('baz')]))
assert hash(SampleACL(u('foo'), t, public_read=True)) == hash(
SampleACL(u('foo'), t, public_read=True))
assert hash(SampleACL(u('foo'), t, public_read=True)) != hash(
SampleACL(u('foo'), t, public_read=False))
def test_eq():
t = dt(3)
assert SampleACL(u('foo'), t) == SampleACL(u('foo'), t)
assert SampleACL(u('foo'), t) != SampleACL(u('bar'), t)
assert SampleACL(u('foo'), t) != SampleACL(u('foo'), dt(7))
assert SampleACL(u('foo'), t, [u('bar')]) == SampleACL(u('foo'), t, [u('bar')])
assert SampleACL(u('foo'), t, [u('bar')]) != SampleACL(u('foo'), t, [u('baz')])
assert SampleACL(u('foo'), t, write=[u('bar')]) == SampleACL(u('foo'), t, write=[u('bar')])
assert SampleACL(u('foo'), t, write=[u('bar')]) != SampleACL(u('foo'), t, write=[u('baz')])
assert SampleACL(u('foo'), t, read=[u('bar')]) == SampleACL(u('foo'), t, read=[u('bar')])
assert SampleACL(u('foo'), t, read=[u('bar')]) != SampleACL(u('foo'), t, read=[u('baz')])
assert SampleACL(u('foo'), t, public_read=True) == SampleACL(u('foo'), t, public_read=True)
assert SampleACL(u('foo'), t, public_read=True) != SampleACL(u('foo'), t, public_read=False)
assert SampleACL(u('foo'), t) != 1
assert u('foo') != SampleACL(u('foo'), t)
def test_is_update():
s = SampleACL(
u('o'),
dt(1),
[u('a1'), u('a2')],
[u('w1'), u('w2')],
[u('r1'), u('r2')],
True)
assert s.is_update(SampleACLDelta()) is False
assert s.is_update(SampleACLDelta([u('a1')])) is False
assert s.is_update(SampleACLDelta([u('a1')], at_least=True)) is False
assert s.is_update(SampleACLDelta([u('o')], at_least=True)) is False
assert s.is_update(SampleACLDelta([u('a3')])) is True
assert s.is_update(SampleACLDelta(write=[u('w2')])) is False
assert s.is_update(SampleACLDelta(write=[u('w2')], at_least=True)) is False
assert s.is_update(SampleACLDelta(write=[u('o')], at_least=True)) is False
assert s.is_update(SampleACLDelta(write=[u('a1')])) is True
assert s.is_update(SampleACLDelta(write=[u('a1')], at_least=True)) is False
assert s.is_update(SampleACLDelta(write=[u('w4')])) is True
assert s.is_update(SampleACLDelta(read=[u('r1')])) is False
assert s.is_update(SampleACLDelta(read=[u('r1')], at_least=True)) is False
assert s.is_update(SampleACLDelta(read=[u('o')], at_least=True)) is False
assert s.is_update(SampleACLDelta(read=[u('a1')])) is True
assert s.is_update(SampleACLDelta(read=[u('a1')], at_least=True)) is False
assert s.is_update(SampleACLDelta(read=[u('w1')])) is True
assert s.is_update(SampleACLDelta(read=[u('w1')], at_least=True)) is False
assert s.is_update(SampleACLDelta(read=[u('r3')])) is True
assert s.is_update(SampleACLDelta(remove=[u('a1')])) is True
assert s.is_update(SampleACLDelta(remove=[u('a1')], at_least=True)) is True
assert s.is_update(SampleACLDelta(remove=[u('a3')])) is False
assert s.is_update(SampleACLDelta(remove=[u('w2')])) is True
assert s.is_update(SampleACLDelta(remove=[u('w2')], at_least=True)) is True
assert s.is_update(SampleACLDelta(remove=[u('w4')])) is False
assert s.is_update(SampleACLDelta(remove=[u('r1')])) is True
assert s.is_update(SampleACLDelta(remove=[u('r1')], at_least=True)) is True
assert s.is_update(SampleACLDelta(remove=[u('r3')])) is False
assert s.is_update(SampleACLDelta(public_read=False)) is True
assert s.is_update(SampleACLDelta(public_read=None)) is False
assert s.is_update(SampleACLDelta(public_read=True)) is False
def _build_fail(owner, lastchanged, admin, write, read, expected):
with raises(Exception) as got:
SampleACL(owner, lastchanged, admin, write, read)
assert_exception_correct(got.value, expected)
def test_eq():
assert SampleACL(u('foo')) == SampleACL(u('foo'))
assert SampleACL(u('foo')) != SampleACL(u('bar'))
assert SampleACL(u('foo'), [u('bar')]) == SampleACL(u('foo'), [u('bar')])
assert SampleACL(u('foo'), [u('bar')]) != SampleACL(u('foo'), [u('baz')])
assert SampleACL(u('foo'), write=[u('bar')]) == SampleACL(u('foo'),
write=[u('bar')])
assert SampleACL(u('foo'), write=[u('bar')]) != SampleACL(u('foo'),
write=[u('baz')])
assert SampleACL(u('foo'), read=[u('bar')]) == SampleACL(u('foo'),
read=[u('bar')])
assert SampleACL(u('foo'), read=[u('bar')]) != SampleACL(u('foo'),
read=[u('baz')])
assert SampleACL(u('foo')) != 1
assert u('foo') != SampleACL(u('foo'))