def test_expand_defacl(): from ldap2pg.privilege import DefAcl, Acl, Grant, UserError priv = DefAcl('select', grant='ALTER FOR GRANT SELECT') item0 = Grant('select', Grant.ALL_DATABASES, schema=Grant.ALL_SCHEMAS) item1 = Grant('select', ['postgres'], schema=['information_schema']) assert repr(item0.schema) set_ = Acl([item0, item1]) items = sorted( set_.expandgrants( aliases=dict(select=['select']), privileges={priv.name: priv}, databases=dict( postgres=dict(information_schema=['postgres'], ), template1=dict(information_schema=['postgres'], ), ), ), key=lambda x: x.dbname, ) assert 3 == len(items) assert 'postgres' == items[0].dbname assert 'template1' == items[2].dbname with pytest.raises(UserError): list( set_.expandgrants( aliases=dict(select=['select']), privileges={priv.name: priv}, databases=dict(), ))
def test_postprocess_grants(): from ldap2pg.manager import SyncManager, Grant, Acl from ldap2pg.privilege import DefAcl manager = SyncManager( privileges=dict(ro=DefAcl(name='ro')), privilege_aliases=dict(ro=['ro']), ) # No owners acl = manager.postprocess_acl(Acl(), schemas=dict()) assert 0 == len(acl) acl = Acl([Grant(privilege='ro', dbname=['db'], schema=None)]) acl = manager.postprocess_acl( acl, schemas=dict(db=dict( public=['postgres', 'owner'], ns=['owner'], )), ) # One grant per schema, per owner assert 3 == len(acl)