def testGroupOverObjPermissions(self, gatewaywrapper):
""" Object accesss must be dependent only of group permissions """
# Author
gatewaywrapper.loginAsAuthor()
# create group with rw----
# create project and annotation in that group
p = dbhelpers.ProjectEntry(
'testAnnotationPermissions', None,
create_group='testAnnotationPermissions', group_perms='rw----')
try:
p = p.create(gatewaywrapper.gateway)
except dbhelpers.BadGroupPermissionsException:
gatewaywrapper.loginAsAdmin()
admin = gatewaywrapper.gateway.getAdminService()
group = admin.lookupGroup('testAnnotationPermissions')
group_as_target = {'ExperimenterGroup': [group.id.val]}
chmod = omero.cmd.Chmod2(targetObjects=group_as_target,
permissions='rw----')
gatewaywrapper.gateway.c.submit(chmod)
gatewaywrapper.loginAsAuthor()
p = p.create(gatewaywrapper.gateway)
pid = p.getId()
g = p.getDetails().getGroup()._obj
try:
# Admin
# add User to group
gatewaywrapper.loginAsUser()
uid = gatewaywrapper.gateway.getUserId()
gatewaywrapper.loginAsAdmin()
admin = gatewaywrapper.gateway.getAdminService()
admin.addGroups(omero.model.ExperimenterI(uid, False), [g])
# User
# try to read project and annotation, which fails
gatewaywrapper.loginAsUser()
gatewaywrapper.gateway.SERVICE_OPTS.setOmeroGroup('-1')
assert gatewaywrapper.gateway.getObject('project', pid) is None
# Admin
# Chmod project to rwrw--
gatewaywrapper.loginAsAdmin()
group_as_target = {'ExperimenterGroup': [g.id.val]}
chmod = omero.cmd.Chmod2(targetObjects=group_as_target,
permissions='rwrw--')
gatewaywrapper.gateway.c.submit(chmod)
# Author
# check project has proper permissions
gatewaywrapper.loginAsAuthor()
gatewaywrapper.gateway.SERVICE_OPTS.setOmeroGroup('-1')
pa = gatewaywrapper.gateway.getObject('project', pid)
assert pa is not None
# User
# read project and annotation
gatewaywrapper.loginAsUser()
gatewaywrapper.gateway.SERVICE_OPTS.setOmeroGroup('-1')
assert gatewaywrapper.gateway.getObject(
'project', pid) is not None
finally:
gatewaywrapper.loginAsAuthor()
handle = gatewaywrapper.gateway.deleteObjects(
'Project', [p.getId()], deleteAnns=True, deleteChildren=True)
gatewaywrapper.waitOnCmd(gatewaywrapper.gateway.c, handle)
def testGroupOverObjPermissions(self):
""" Object accesss must be dependent only of group permissions """
ns = 'omero.test.ns'
# Author
self.loginAsAuthor()
# create group with rw----
# create project and annotation in that group
p = dbhelpers.ProjectEntry('testAnnotationPermissions',
None,
create_group='testAnnotationPermissions',
group_perms='rw----')
try:
p = p.create(self.gateway)
except dbhelpers.BadGroupPermissionsException:
self.loginAsAdmin()
admin = self.gateway.getAdminService()
admin.changePermissions(
admin.lookupGroup('testAnnotationPermissions'),
omero.model.PermissionsI('rw----'))
self.loginAsAuthor()
p = p.create(self.gateway)
pid = p.getId()
g = p.getDetails().getGroup()._obj
try:
# Admin
# add User to group
self.loginAsUser()
uid = self.gateway.getUserId()
self.loginAsAdmin()
admin = self.gateway.getAdminService()
admin.addGroups(omero.model.ExperimenterI(uid, False), [g])
# User
# try to read project and annotation, which fails
self.loginAsUser()
self.gateway.SERVICE_OPTS.setOmeroGroup('-1')
self.assertEqual(self.gateway.getObject('project', pid), None)
# Admin
# Chmod project to rwrw--
self.loginAsAdmin()
admin = self.gateway.getAdminService()
admin.changePermissions(g, omero.model.PermissionsI('rwrw--'))
# Author
# check project has proper permissions
self.loginAsAuthor()
self.gateway.SERVICE_OPTS.setOmeroGroup('-1')
pa = self.gateway.getObject('project', pid)
self.assertNotEqual(pa, None)
# User
# read project and annotation
self.loginAsUser()
self.gateway.SERVICE_OPTS.setOmeroGroup('-1')
self.assertNotEqual(self.gateway.getObject('project', pid), None)
finally:
self.loginAsAuthor()
handle = self.gateway.deleteObjects('Project', [p.getId()],
deleteAnns=True,
deleteChildren=True)
self.waitOnCmd(self.gateway.c, handle)
"""
import omero
from omero.rtypes import rstring
from omero.gateway.scripts import dbhelpers
dbhelpers.USERS = {
'user':
dbhelpers.UserEntry('weblitz_test_user', 'foobar', 'User', 'Weblitz'),
'author':
dbhelpers.UserEntry('weblitz_test_author', 'foobar', 'Author', 'Weblitz'),
}
dbhelpers.PROJECTS = {
'testpr1': dbhelpers.ProjectEntry('weblitz_test_priv_project', 'author'),
'testpr2': dbhelpers.ProjectEntry('weblitz_test_priv_project2', 'author'),
}
dbhelpers.DATASETS = {
'testds1': dbhelpers.DatasetEntry('weblitz_test_priv_dataset', 'testpr1'),
'testds2': dbhelpers.DatasetEntry('weblitz_test_priv_dataset2', 'testpr1'),
'testds3': dbhelpers.DatasetEntry('weblitz_test_priv_dataset3', 'testpr2'),
}
dbhelpers.IMAGES = {
'testimg1':
dbhelpers.ImageEntry('weblitz_test_priv_image', 'CHOBI_d3d.dv', 'testds1'),
'testimg2':
dbhelpers.ImageEntry('weblitz_test_priv_image2', 'CHOBI_d3d.dv',
'testds1'),
def setUp(self):
# read-only users & data
def ReadOnly(key, admin=False, groupowner=False):
dbhelpers.USERS['read_only_%s' % key] = dbhelpers.UserEntry(
"r-_%s" % key,
'ome',
firstname='chmod',
lastname='test',
groupname="ReadOnly_chmod_test",
groupperms=READONLY,
groupowner=groupowner,
admin=admin)
ReadOnly('owner')
ReadOnly('user')
ReadOnly('admin', admin=True)
ReadOnly('leader', groupowner=True)
dbhelpers.PROJECTS['read_only_proj'] = dbhelpers.ProjectEntry(
'read_only_proj', 'read_only_owner')
dbhelpers.PROJECTS['read_only_proj_2'] = dbhelpers.ProjectEntry(
'read_only_proj_2', 'read_only_owner')
# read-annotate users & data
def ReadAnn(key, admin=False, groupowner=False):
dbhelpers.USERS['read_ann_%s' % key] = dbhelpers.UserEntry(
"ra_%s" % key,
'ome',
firstname='chmod',
lastname='test',
groupname="ReadAnn_chmod_test",
groupperms=READANN,
groupowner=groupowner,
admin=admin)
ReadAnn('owner')
ReadAnn('user')
ReadAnn('admin', admin=True)
ReadAnn('leader', groupowner=True)
dbhelpers.PROJECTS['read_ann_proj'] = dbhelpers.ProjectEntry(
'read_ann_proj', 'read_ann_owner')
# read-write users & data
def ReadWrite(key, admin=False, groupowner=False):
dbhelpers.USERS['read_write_%s' % key] = dbhelpers.UserEntry(
"rw_%s" % key,
'ome',
firstname='chmod',
lastname='test',
groupname="ReadWrite_chmod_test",
groupperms=READWRITE,
groupowner=groupowner,
admin=admin)
ReadWrite('owner')
ReadWrite('user')
ReadWrite('admin', admin=True)
ReadWrite('leader', groupowner=True)
dbhelpers.PROJECTS['read_write_proj'] = dbhelpers.ProjectEntry(
'read_write_proj', 'read_write_owner')
# Calling the superclass setUp processes the dbhelpers.USERS and dbhelpers.PROJECTS etc to populate DB
super(CustomUsersTest, self).setUp()