def test_has_role_admin(self):
auth_testing.mock_is_admin(self, False)
self.assertFalse(
acl.has_role('package', 'OWNER', auth_testing.DEFAULT_MOCKED_IDENTITY))
auth_testing.mock_is_admin(self, True)
self.assertTrue(
acl.has_role('package', 'OWNER', auth_testing.DEFAULT_MOCKED_IDENTITY))
def test_has_role_admin(self):
auth_testing.mock_is_admin(self, False)
self.assertFalse(
acl.has_role('package', 'OWNER',
auth_testing.DEFAULT_MOCKED_IDENTITY))
auth_testing.mock_is_admin(self, True)
self.assertTrue(
acl.has_role('package', 'OWNER',
auth_testing.DEFAULT_MOCKED_IDENTITY))
def test_has_role(self):
acl.PackageACL(
key=acl.package_acl_key('a', 'OWNER'),
users=[auth.Identity.from_bytes('user:[email protected]')]).put()
acl.PackageACL(
key=acl.package_acl_key('a/b/c', 'OWNER'),
groups=['mid-group']).put()
acl.PackageACL(
key=acl.package_acl_key('a/b/c/d/e', 'OWNER'),
groups=['leaf-group']).put()
# Verify get_package_acls works.
self.assertEqual(
[('a', 'OWNER'), ('a/b/c', 'OWNER'), ('a/b/c/d/e', 'OWNER')],
[
(e.package_path, e.role)
for e in acl.get_package_acls('a/b/c/d/e/f', 'OWNER')
])
# Mock groups.
def mocked_is_group_member(group, ident):
if group == 'mid-group' and ident.name == '*****@*****.**':
return True
if group == 'leaf-group' and ident.name == '*****@*****.**':
return True
return False
self.mock(acl.auth, 'is_group_member', mocked_is_group_member)
# Verify has_role works.
check = lambda p, i: acl.has_role(p, 'OWNER', auth.Identity.from_bytes(i))
self.assertTrue(check('a', 'user:[email protected]'))
self.assertFalse(check('b', 'user:[email protected]'))
self.assertTrue(check('a/b/c/d/e/f', 'user:[email protected]'))
self.assertFalse(check('a', 'user:[email protected]'))
self.assertTrue(check('a/b/c/d/e/f', 'user:[email protected]'))
self.assertFalse(check('a/b/c/d', 'user:[email protected]'))
self.assertTrue(check('a/b/c/d/e/f', 'user:[email protected]'))
def test_has_role(self):
acl.PackageACL(
key=acl.package_acl_key('a', 'OWNER'),
users=[auth.Identity.from_bytes('user:[email protected]')
]).put()
acl.PackageACL(key=acl.package_acl_key('a/b/c', 'OWNER'),
groups=['mid-group']).put()
acl.PackageACL(key=acl.package_acl_key('a/b/c/d/e', 'OWNER'),
groups=['leaf-group']).put()
# Verify get_package_acls works.
self.assertEqual(
[('a', 'OWNER'), ('a/b/c', 'OWNER'), ('a/b/c/d/e', 'OWNER')],
[(e.package_path, e.role)
for e in acl.get_package_acls('a/b/c/d/e/f', 'OWNER')])
# Mock groups.
def mocked_is_group_member(group, ident):
if group == 'mid-group' and ident.name == '*****@*****.**':
return True
if group == 'leaf-group' and ident.name == '*****@*****.**':
return True
return False
self.mock(acl.auth, 'is_group_member', mocked_is_group_member)
# Verify has_role works.
check = lambda p, i: acl.has_role(p, 'OWNER',
auth.Identity.from_bytes(i))
self.assertTrue(check('a', 'user:[email protected]'))
self.assertFalse(check('b', 'user:[email protected]'))
self.assertTrue(check('a/b/c/d/e/f', 'user:[email protected]'))
self.assertFalse(check('a', 'user:[email protected]'))
self.assertTrue(check('a/b/c/d/e/f', 'user:[email protected]'))
self.assertFalse(check('a/b/c/d', 'user:[email protected]'))
self.assertTrue(check('a/b/c/d/e/f', 'user:[email protected]'))
