def test_root_permissions(self): u = self._create_user() r = self._create_resource() o = authorization.READ n = authorization.operation_to_name(o) authorization.grant_permission_to_user('/', u['login'], [n]) self.assertTrue(authorization.is_authorized(r, u, o))
def test_user_update_success(self): u = self._create_user() r = self._create_resource() o = authorization.UPDATE n = authorization.operation_to_name(o) authorization.grant_permission_to_user(r, u['login'], [n]) self.assertTrue(authorization.is_authorized(r, u, o))
def test_parent_permissions(self): u = self._create_user() r = self._create_resource() p = r.rsplit('/', 2)[0] + '/' o = authorization.READ n = authorization.operation_to_name(o) authorization.grant_permission_to_user(p, u['login'], [n]) self.assertTrue(authorization.is_authorized(r, u, o))
def test_user_permission_revoke(self): u = self._create_user() r = self._create_resource() o = authorization.READ n = authorization.operation_to_name(o) authorization.grant_permission_to_user(r, u['login'], [n]) self.assertTrue(authorization.is_authorized(r, u, o)) authorization.revoke_permission_from_user(r, u['login'], [n]) self.assertFalse(authorization.is_authorized(r, u, o))
def test_role_permission_delete(self): u = self._create_user() r = self._create_role() s = self._create_resource() o = authorization.READ n = authorization.operation_to_name(o) authorization.add_user_to_role(r['name'], u['login']) authorization.grant_permission_to_role(s, r['name'], [n]) self.assertTrue(authorization.is_authorized(s, u, o)) authorization.delete_role(r['name']) self.assertFalse(authorization.is_authorized(s, u, o))
def test_role_execute(self): u1 = self._create_user() u2 = self._create_user() r = self._create_role() s = self._create_resource() o = authorization.EXECUTE n = authorization.operation_to_name(o) authorization.add_user_to_role(r['name'], u1['login']) authorization.grant_permission_to_role(s, r['name'], [n]) self.assertTrue(authorization.is_authorized(s, u1, o)) self.assertFalse(authorization.is_authorized(s, u2, o))
def test_non_unique_permission_remove(self): u = self._create_user() r1 = self._create_role() r2 = self._create_role() s = self._create_resource() o = authorization.READ n = authorization.operation_to_name(o) authorization.add_user_to_role(r1['name'], u['login']) authorization.add_user_to_role(r2['name'], u['login']) authorization.grant_permission_to_role(s, r1['name'], [n]) authorization.grant_permission_to_role(s, r2['name'], [n]) self.assertTrue(authorization.is_authorized(s, u, o)) authorization.remove_user_from_role(r1['name'], u['login']) self.assertTrue(authorization.is_authorized(s, u, o))
def test_non_unique_permission_delete(self): u = self._create_user() r1 = self._create_role() r2 = self._create_role() s = self._create_resource() o = authorization.READ n = authorization.operation_to_name(o) self.role_manager.add_user_to_role(r1['id'], u['login']) self.role_manager.add_user_to_role(r2['id'], u['login']) self.role_manager.add_permissions_to_role(r1['id'], s, [o]) self.role_manager.add_permissions_to_role(r2['id'], s, [o]) self.assertTrue(self.user_query_manager.is_authorized(s, u['login'], o)) self.role_manager.delete_role(r1['id']) self.assertTrue(self.user_query_manager.is_authorized(s, u['login'], o))
def GET(self): role_query_manager = managers.role_query_manager() roles = role_query_manager.find_all() for role in roles: role['users'] = [u['login'] for u in managers.user_query_manager().find_users_belonging_to_role(role['id'])] for resource, operations in role['permissions'].items(): role['permissions'][resource] = [operation_to_name(o) for o in operations] for role in roles: role.update(serialization.link.child_link_obj(role['id'])) return self.ok(roles)
def test_role_order_of_permission_grant(self): u1 = self._create_user() u2 = self._create_user() r1 = self._create_role() r2 = self._create_role() s = self._create_resource() o = authorization.READ n = authorization.operation_to_name(o) # add first, grant second authorization.add_user_to_role(r1['name'], u1['name']) authorization.grant_permission_to_role(s, r1['name'], [n]) self.assertTrue(authorization.is_authorized(s, u1, o)) # grant first, add second authorization.grant_permission_to_role(s, r2['name'], [n]) authorization.add_user_to_role(r2['name'], u2['name']) self.assertTrue(authorization.is_authorized(s, u2, o))
def GET(self, role_id): manager = managers.role_query_manager() role = manager.find_by_id(role_id) if role is None: raise exceptions.MissingResource(role_id) role['users'] = [u['login'] for u in managers.user_query_manager().find_users_belonging_to_role(role['id'])] for resource, operations in role['permissions'].items(): role['permissions'][resource] = [operation_to_name(o) for o in operations] role.update(serialization.link.current_link_obj()) return self.ok(role)
def GET(self): query_params = web.input() resource = query_params.get('resource', None) permissions = [] if resource is None: permissions = managers.permission_query_manager().find_all() else: permission = managers.permission_query_manager().find_by_resource(resource) if permission is not None: permissions = [permission] for permission in permissions: users = permission['users'] for user, ops in users.items(): users[user] = [operation_to_name(o) for o in ops] return self.ok(permissions)
def GET(self): role_query_manager = managers.role_query_manager() roles = role_query_manager.find_all() for role in roles: role['users'] = [ u['login'] for u in managers.user_query_manager(). find_users_belonging_to_role(role['id']) ] for resource, operations in role['permissions'].items(): role['permissions'][resource] = [ operation_to_name(o) for o in operations ] for role in roles: role.update(serialization.link.child_link_obj(role['id'])) return self.ok(roles)
def GET(self): query_params = web.input() resource = query_params.get('resource', None) permissions = [] if resource is None: permissions = managers.permission_query_manager().find_all() else: permission = managers.permission_query_manager().find_by_resource( resource) if permission is not None: permissions = [permission] for permission in permissions: users = permission['users'] for user, ops in users.items(): users[user] = [operation_to_name(o) for o in ops] return self.ok(permissions)
def GET(self, role_id): manager = managers.role_query_manager() role = manager.find_by_id(role_id) if role is None: raise exceptions.MissingResource(role_id) role['users'] = [ u['login'] for u in managers.user_query_manager(). find_users_belonging_to_role(role['id']) ] for resource, operations in role['permissions'].items(): role['permissions'][resource] = [ operation_to_name(o) for o in operations ] role.update(serialization.link.current_link_obj()) return self.ok(role)
def test_consumer_users_revoke(self): s = self._create_resource() n = authorization.operation_to_name(authorization.READ) self.assertRaises(authorization.PulpAuthorizationError, authorization.revoke_permission_from_role, s, authorization.consumer_users_role, [n])
def test_super_users_grant(self): s = self._create_resource() n = authorization.operation_to_name(authorization.READ) self.assertRaises(authorization.PulpAuthorizationError, authorization.grant_permission_to_role, s, authorization.super_user_role, [n])