def permissions_test(self): """Check that permissions logic is ok""" # Only lasote can read it but other conans can be readed read_perms = [(str(self.openssl_ref), "lasote"), ("*/*@*/*", "*")] # Only pepe (and lasote because its owner) can write it and no more users can write write_perms = [(str(self.openssl_ref), "pepe")] authorizer = BasicAuthorizer(read_perms, write_perms) # READ PERMISSIONS # Pepe can't read conans self.assertRaises(ForbiddenException, authorizer.check_read_conan, "pepe", self.openssl_ref) # Owner can read conans authorizer.check_read_conan("lasote", self.openssl_ref) # Pepe can read other conans authorizer.check_read_conan("pepe", self.openssl_ref2) # Pepe can't read package self.assertRaises(ForbiddenException, authorizer.check_read_package, "pepe", self.package_reference) # Owner can read package authorizer.check_read_package("lasote", self.package_reference) # Pepe can read other package authorizer.check_read_package("pepe", self.package_reference2) # WRITE PERMISSIONS # Pepe can write conans authorizer.check_write_conan("pepe", self.openssl_ref) # Juan can't write conans self.assertRaises(ForbiddenException, authorizer.check_write_conan, "juan", self.openssl_ref) # Owner can write conans authorizer.check_write_conan("lasote", self.openssl_ref) # Pepe can't write other conans self.assertRaises(ForbiddenException, authorizer.check_write_conan, "pepe", self.openssl_ref2) # Owner can write package authorizer.check_write_package("lasote", self.package_reference) # Pepe can write package authorizer.check_write_package("pepe", self.package_reference) # Pepe can't write other package self.assertRaises(ForbiddenException, authorizer.check_write_package, "pepe", self.package_reference2)
def test_authenticated_user_wildcard_permissions(self): """Check that authenciated user wildcard permissions logic is ok""" # Only authenticated users can read openssl read_perms = [(str(self.openssl_ref), "?"), ("*/*@*/*", "*")] # Authenticated users can write any write_perms = [("*/*@*/*", "?")] authorizer = BasicAuthorizer(read_perms, write_perms) # READ PERMISSIONS # Authenticated user can read conan authorizer.check_read_conan("pepe", self.openssl_ref) # Authenticated user can read package authorizer.check_read_package("pepe", self.openssl_pref) # Anonymous user can not read conan, they must authenticate self.assertRaises(AuthenticationException, authorizer.check_read_conan, None, self.openssl_ref) # Anonymous user can not read package, they must authenticate self.assertRaises(AuthenticationException, authorizer.check_read_package, None, self.openssl_pref) # WRITE PERMISSIONS # Authenticated user can write conan authorizer.check_write_conan("pepe", self.openssl_ref) # Authenticated user can write package authorizer.check_write_package("pepe", self.openssl_pref) # Anonymous user can not write conan, they must authenticate self.assertRaises(AuthenticationException, authorizer.check_write_conan, None, self.openssl_ref) # Anonymous user can not write package, they must authenticate self.assertRaises(AuthenticationException, authorizer.check_write_package, None, self.openssl_pref)
def authenticated_user_wildcard_permissions_test(self): """Check that authenciated user wildcard permissions logic is ok""" # Only authenticated users can read openssl read_perms = [(str(self.openssl_ref), "?"), ("*/*@*/*", "*")] # Authenticated users can write any write_perms = [("*/*@*/*", "?")] authorizer = BasicAuthorizer(read_perms, write_perms) # READ PERMISSIONS # Authenticated user can read conan authorizer.check_read_conan("pepe", self.openssl_ref) # Authenticated user can read package authorizer.check_read_package("pepe", self.package_reference) # Anonymous user can not read conan, they must authenticate self.assertRaises(AuthenticationException, authorizer.check_read_conan, None, self.openssl_ref) # Anonymous user can not read package, they must authenticate self.assertRaises(AuthenticationException, authorizer.check_read_package, None, self.package_reference) # WRITE PERMISSIONS # Authenticated user can write conan authorizer.check_write_conan("pepe", self.openssl_ref) # Authenticated user can write package authorizer.check_write_package("pepe", self.package_reference) # Anonymous user can not write conan, they must authenticate self.assertRaises(AuthenticationException, authorizer.check_write_conan, None, self.openssl_ref) # Anonymous user can not write package, they must authenticate self.assertRaises(AuthenticationException, authorizer.check_write_package, None, self.package_reference)