def __init__(self,
user_id=None,
tenant_id=None,
is_admin=None,
timestamp=None,
tenant_name=None,
user_name=None,
is_advsvc=None,
**kwargs):
# NOTE(jamielennox): We maintain this argument in order for tests that
# pass arguments positionally.
kwargs.setdefault('project_id', tenant_id)
# prefer project_name, as that's what's going to be set by
# keystone. Fall back to tenant_name if for some reason it's blank.
kwargs.setdefault('project_name', tenant_name)
super(ContextBase, self).__init__(is_admin=is_admin,
user_id=user_id,
**kwargs)
self.user_name = user_name
if not timestamp:
timestamp = datetime.datetime.utcnow()
self.timestamp = timestamp
self.is_advsvc = is_advsvc
if self.is_advsvc is None:
self.is_advsvc = (self.is_admin
or policy_engine.check_is_advsvc(self))
if self.is_admin is None:
self.is_admin = policy_engine.check_is_admin(self)
def test_check_is_not_advsvc_admin(self):
ctx = context.Context('me', 'my_project').elevated()
self.assertTrue(policy_engine.check_is_admin(ctx))
self.assertFalse(policy_engine.check_is_advsvc(ctx))
def test_check_user_elevated_is_admin_with_default_policy(self):
policy_engine.init(policy_file='no_policy.json')
ctx = context.Context('me', 'my_project', roles=['user']).elevated()
self.assertTrue(policy_engine.check_is_admin(ctx))
def test_check_is_admin_no_roles_no_admin(self):
policy_engine.init(policy_file='dummy_policy.json')
ctx = context.Context('me', 'my_project', roles=['user']).elevated()
# With no admin role, elevated() should not work.
self.assertFalse(policy_engine.check_is_admin(ctx))
def test_check_user_elevated_is_admin(self):
ctx = context.Context('me', 'my_project', roles=['user']).elevated()
self.assertTrue(policy_engine.check_is_admin(ctx))
def test_check_user_is_not_admin(self):
ctx = context.Context('me', 'my_project')
self.assertFalse(policy_engine.check_is_admin(ctx))
