def testNoACLs(self): """All checking is skipped if no API.HandlerACLFile is defined.""" with test_lib.ConfigOverrider({"API.HandlerACLFile": ""}): auth_mgr = api_auth_manager.SimpleAPIAuthorizationManager() auth_mgr.CheckAccess(self.mock_handler, "u1") bad_handler = mock.MagicMock() bad_handler.enabled_by_default = True bad_handler.__class__.__name__ = "BadHandler" auth_mgr.CheckAccess(bad_handler, "u2")
def testRaiseIfGroupsDefined(self): """We have no way to expand groups, so raise if defined.""" acls = """ handler: "ApiCallHandler" groups: ["g1"] """ with mock.patch.object(__builtin__, "open", mock.mock_open(read_data=acls)): with self.assertRaises(NotImplementedError): api_auth_manager.SimpleAPIAuthorizationManager()
def testDenyAll(self): acls = """ handler: "ApiCallHandler" """ with mock.patch.object(__builtin__, "open", mock.mock_open(read_data=acls)): auth_mgr = api_auth_manager.SimpleAPIAuthorizationManager() with self.assertRaises(access_control.UnauthorizedAccess): auth_mgr.CheckAccess(self.mock_handler, "u1")
def testHandleApiCallNotEnabled(self): """Raises if no matching ACL and enabled_by_default=False.""" with test_lib.ConfigOverrider({"API.HandlerACLFile": ""}): auth_mgr = api_auth_manager.SimpleAPIAuthorizationManager() self.mock_handler.enabled_by_default = False with mock.patch.object(api_call_handlers, "API_AUTH_MGR", auth_mgr): with self.assertRaises(access_control.UnauthorizedAccess): api_call_handlers.HandleApiCall(self.mock_handler, "", token=self.token)
def testSimpleAPIAuthorizationManager(self): acls = """ handler: "DummyAuthManagerTestApiHandler" users: - "u1" - "u2" """ with mock.patch.object(__builtin__, "open", mock.mock_open(read_data=acls)): auth_mgr = api_auth_manager.SimpleAPIAuthorizationManager() auth_mgr.CheckAccess(self.mock_handler, "u1") auth_mgr.CheckAccess(self.mock_handler, "u2") with self.assertRaises(access_control.UnauthorizedAccess): auth_mgr.CheckAccess(self.mock_handler, "u4")
def testHandleApiCallNotEnabledWithACL(self): """Matching ACL and enabled_by_default=False is allowed.""" acls = """ handler: "ApiCallHandler" users: - "test" """ with mock.patch.object(__builtin__, "open", mock.mock_open(read_data=acls)): auth_mgr = api_auth_manager.SimpleAPIAuthorizationManager() self.mock_handler.enabled_by_default = False with mock.patch.object(api_call_handlers, "API_AUTH_MGR", auth_mgr): api_call_handlers.HandleApiCall(self.mock_handler, "", token=self.token) self.mock_handler.Render.assert_called_once_with("", token=self.token)