def setup_class(self):
model.repo.init_db()
self.authorizer = authz.Authorizer()
self.admin_role = model.Role.ADMIN
self.editor_role = model.Role.EDITOR
self.reader_role = model.Role.READER
model.repo.new_revision()
anna = model.Package(name=u'annakarenina')
war = model.Package(name=u'warandpeace')
mradmin = model.User(name=u'mradmin')
mreditor = model.User(name=u'mreditor')
mrreader = model.User(name=u'mrreader')
tester = model.User(name=u'tester')
anauthzgroup = model.AuthorizationGroup(name=u'anauthzgroup')
for obj in [
anna, war, mradmin, mreditor, mrreader, tester, anauthzgroup
]:
model.Session.add(obj)
model.repo.commit_and_remove()
anna = model.Package.by_name(u'annakarenina')
tester = model.User.by_name(u'tester')
model.add_user_to_role(tester, self.admin_role, anna)
self.context = unicode(model.Package.__name__)
ra1 = model.RoleAction(
role=self.admin_role,
context=self.context,
action=model.Action.EDIT,
)
ra2 = model.RoleAction(
role=self.editor_role,
context=self.context,
action=model.Action.EDIT,
)
ra3 = model.RoleAction(
role=self.reader_role,
context=self.context,
action=model.Action.READ,
)
for obj in [ra1, ra2, ra3]:
model.Session.add(obj)
model.repo.commit_and_remove()
mradmin = model.User.by_name(u'mradmin')
mreditor = model.User.by_name(u'mreditor')
mrreader = model.User.by_name(u'mrreader')
model.add_user_to_role(mradmin, self.admin_role, anna)
model.add_user_to_role(mreditor, self.editor_role, anna)
model.add_user_to_role(mrreader, self.reader_role, anna)
model.repo.commit_and_remove()
self.mradmin = model.User.by_name(u'mradmin')
self.mreditor = model.User.by_name(u'mreditor')
self.mrreader = model.User.by_name(u'mrreader')
self.war = model.Package.by_name(u'warandpeace')
self.anna = model.Package.by_name(u'annakarenina')
def _create_test_data(cls):
CreateTestData.create()
# Remove visitor and logged in roles
roles = []
q = model.Session.query(model.UserObjectRole).\
filter(model.UserObjectRole.user==model.User.by_name(u"visitor"))
roles.extend(q.all())
q = model.Session.query(model.UserObjectRole).\
filter(model.UserObjectRole.user==model.User.by_name(u"logged_in"))
roles.extend(q.all())
for role in roles:
model.Session.delete(role)
rev = model.repo.new_revision()
model.Session.add_all([
model.User(name=u'pkggroupadmin'),
model.User(name=u'site_reader'),
model.User(name=u'outcast'),
model.Package(name=cls.ENTITY_NAME),
model.Package(name=u'deleted'),
model.Group(name=cls.ENTITY_NAME),
model.Group(name=u'deleted'),
model.Tag(name=cls.ENTITY_NAME),
model.RoleAction(role=cls.TRUSTED_ROLE,
context=u'',
action=model.Action.SITE_READ),
model.RoleAction(role=cls.TRUSTED_ROLE,
context=u'',
action=model.Action.READ),
])
model.repo.commit_and_remove()
# testsysadmin is sysadmin
# annafan is package admin for annakarenina
rev = model.repo.new_revision()
site_reader = model.User.by_name(u'site_reader')
pkggroupadmin = model.User.by_name(u'pkggroupadmin')
pkg = model.Package.by_name(cls.ENTITY_NAME)
group = model.Group.by_name(cls.ENTITY_NAME)
tag = model.Tag.by_name(cls.ENTITY_NAME)
pkg.add_tag(tag)
model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, model.System())
model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, pkg)
model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, group)
model.add_user_to_role(pkggroupadmin, model.Role.ADMIN, pkg)
model.add_user_to_role(pkggroupadmin, model.Role.ADMIN, group)
model.Package.by_name(u'deleted').delete()
model.Group.by_name(u'deleted').delete()
model.repo.commit_and_remove()
cls.testsysadmin = model.User.by_name(u'testsysadmin')
cls.pkggroupadmin = model.User.by_name(u'pkggroupadmin')
cls.site_reader = model.User.by_name(u'site_reader')
cls.outcast = model.User.by_name(u'outcast')
def command(self):
from ckan import model
self._load_config()
cmd = self.args[0] if len(self.args) else 'list'
if cmd == 'list':
role_actions = model.Session.query(model.RoleAction)
roles = {}
for role_action in role_actions:
roles[role_action.role] = \
roles.get(role_action.role, []) + [role_action.action]
for role, actions in roles.items():
print "%-20s%s" % (role, ", ".join(actions))
return
assert len(self.args) == 3, "Not enough paramters!" + ROLES_HELP
cmd, role, action = self.args
q = model.Session.query(model.RoleAction)
q = q.filter(model.RoleAction.role == role)
q = q.filter(model.RoleAction.action == action)
role_action = q.first()
if cmd == 'allow':
assert not role_action, "%s can already %s." % (role, action)
role_action = model.RoleAction(role=role,
action=action,
context=u'')
model.Session.add(role_action)
elif cmd == 'deny':
assert role_action, "%s can't %s." % (role, action)
model.Session.delete(role_action)
print 'Successful: %s %s %s' % (cmd, role, action)
model.repo.commit_and_remove()
def test_2_role_action_basic(self):
admin_role = model.Role.ADMIN
action = model.Action.EDIT
context = unicode(model.Package.__name__)
ra = model.RoleAction(
role=admin_role,
context=context,
action=action,
)
model.Session.add(ra)
model.repo.commit_and_remove()
ra = model.Session.query(model.RoleAction).filter_by(role=admin_role,
context=context,
action=action)
assert len(ra.all()) == 1, ra.all()
