def setup_class(self): model.repo.init_db() self.authorizer = authz.Authorizer() self.admin_role = model.Role.ADMIN self.editor_role = model.Role.EDITOR self.reader_role = model.Role.READER model.repo.new_revision() anna = model.Package(name=u'annakarenina') war = model.Package(name=u'warandpeace') mradmin = model.User(name=u'mradmin') mreditor = model.User(name=u'mreditor') mrreader = model.User(name=u'mrreader') tester = model.User(name=u'tester') anauthzgroup = model.AuthorizationGroup(name=u'anauthzgroup') for obj in [ anna, war, mradmin, mreditor, mrreader, tester, anauthzgroup ]: model.Session.add(obj) model.repo.commit_and_remove() anna = model.Package.by_name(u'annakarenina') tester = model.User.by_name(u'tester') model.add_user_to_role(tester, self.admin_role, anna) self.context = unicode(model.Package.__name__) ra1 = model.RoleAction( role=self.admin_role, context=self.context, action=model.Action.EDIT, ) ra2 = model.RoleAction( role=self.editor_role, context=self.context, action=model.Action.EDIT, ) ra3 = model.RoleAction( role=self.reader_role, context=self.context, action=model.Action.READ, ) for obj in [ra1, ra2, ra3]: model.Session.add(obj) model.repo.commit_and_remove() mradmin = model.User.by_name(u'mradmin') mreditor = model.User.by_name(u'mreditor') mrreader = model.User.by_name(u'mrreader') model.add_user_to_role(mradmin, self.admin_role, anna) model.add_user_to_role(mreditor, self.editor_role, anna) model.add_user_to_role(mrreader, self.reader_role, anna) model.repo.commit_and_remove() self.mradmin = model.User.by_name(u'mradmin') self.mreditor = model.User.by_name(u'mreditor') self.mrreader = model.User.by_name(u'mrreader') self.war = model.Package.by_name(u'warandpeace') self.anna = model.Package.by_name(u'annakarenina')
def _create_test_data(cls): CreateTestData.create() # Remove visitor and logged in roles roles = [] q = model.Session.query(model.UserObjectRole).\ filter(model.UserObjectRole.user==model.User.by_name(u"visitor")) roles.extend(q.all()) q = model.Session.query(model.UserObjectRole).\ filter(model.UserObjectRole.user==model.User.by_name(u"logged_in")) roles.extend(q.all()) for role in roles: model.Session.delete(role) rev = model.repo.new_revision() model.Session.add_all([ model.User(name=u'pkggroupadmin'), model.User(name=u'site_reader'), model.User(name=u'outcast'), model.Package(name=cls.ENTITY_NAME), model.Package(name=u'deleted'), model.Group(name=cls.ENTITY_NAME), model.Group(name=u'deleted'), model.Tag(name=cls.ENTITY_NAME), model.RoleAction(role=cls.TRUSTED_ROLE, context=u'', action=model.Action.SITE_READ), model.RoleAction(role=cls.TRUSTED_ROLE, context=u'', action=model.Action.READ), ]) model.repo.commit_and_remove() # testsysadmin is sysadmin # annafan is package admin for annakarenina rev = model.repo.new_revision() site_reader = model.User.by_name(u'site_reader') pkggroupadmin = model.User.by_name(u'pkggroupadmin') pkg = model.Package.by_name(cls.ENTITY_NAME) group = model.Group.by_name(cls.ENTITY_NAME) tag = model.Tag.by_name(cls.ENTITY_NAME) pkg.add_tag(tag) model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, model.System()) model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, pkg) model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, group) model.add_user_to_role(pkggroupadmin, model.Role.ADMIN, pkg) model.add_user_to_role(pkggroupadmin, model.Role.ADMIN, group) model.Package.by_name(u'deleted').delete() model.Group.by_name(u'deleted').delete() model.repo.commit_and_remove() cls.testsysadmin = model.User.by_name(u'testsysadmin') cls.pkggroupadmin = model.User.by_name(u'pkggroupadmin') cls.site_reader = model.User.by_name(u'site_reader') cls.outcast = model.User.by_name(u'outcast')
def command(self): from ckan import model self._load_config() cmd = self.args[0] if len(self.args) else 'list' if cmd == 'list': role_actions = model.Session.query(model.RoleAction) roles = {} for role_action in role_actions: roles[role_action.role] = \ roles.get(role_action.role, []) + [role_action.action] for role, actions in roles.items(): print "%-20s%s" % (role, ", ".join(actions)) return assert len(self.args) == 3, "Not enough paramters!" + ROLES_HELP cmd, role, action = self.args q = model.Session.query(model.RoleAction) q = q.filter(model.RoleAction.role == role) q = q.filter(model.RoleAction.action == action) role_action = q.first() if cmd == 'allow': assert not role_action, "%s can already %s." % (role, action) role_action = model.RoleAction(role=role, action=action, context=u'') model.Session.add(role_action) elif cmd == 'deny': assert role_action, "%s can't %s." % (role, action) model.Session.delete(role_action) print 'Successful: %s %s %s' % (cmd, role, action) model.repo.commit_and_remove()
def test_2_role_action_basic(self): admin_role = model.Role.ADMIN action = model.Action.EDIT context = unicode(model.Package.__name__) ra = model.RoleAction( role=admin_role, context=context, action=action, ) model.Session.add(ra) model.repo.commit_and_remove() ra = model.Session.query(model.RoleAction).filter_by(role=admin_role, context=context, action=action) assert len(ra.all()) == 1, ra.all()