def _validate_acl_update(self, req): """ Validate the request has the necessary headers for a storlet ACL update :params req: swob.Request instance :return: the resulting acl string that hould be added :raises HTTPBadRequest: If a header is missing or mulformed """ # Make sure we are not meddling with the storlet containers if self.container in self.storlet_containers: msg = b'storlet ACL update cannot be a storlet container' raise HTTPBadRequest(msg) # Make sure the expected headers are supplied user_name = req.headers.get("X-Storlet-Container-Read", None) storlet_name = req.headers.get("X-Storlet-Name", None) if not user_name or not storlet_name: msg = b'storlet ACL update request is missing a mandatory header' raise HTTPBadRequest(msg) # Make sure the resulting acl is valid acl_string = '.r:%s' % self._build_acl_string(user_name, storlet_name) try: clean_acl('X-Container-Read', acl_string) except ValueError as e: msg = ('storlet ACL update request has invalid values %s' % e.message) raise HTTPBadRequest(msg.encode('utf8')) # Make sure the resulting acl permits a single entity if ',' in acl_string: msg = 'storlet ACL update request has ' \ 'mulformed storlet or user name' raise HTTPBadRequest(msg.encode('utf8')) # The request is valid. Keep the ACL string return acl_string
def _validate_acl_update(self, req): """ Validate the request has the necessary headers for a storlet ACL update :params req: swob.Request instance :return: the resulting acl string that hould be added :raises HTTPBadRequest: If a header is missing or mulformed """ # Make sure we are not meddling with the storlet containers if self.container in self.storlet_containers: msg = "storlet ACL update cannot be a storlet container" raise HTTPBadRequest(msg) # Make sure the expected headers are supplied user_name = req.headers.get("X-Storlet-Container-Read", None) storlet_name = req.headers.get("X-Storlet-Name", None) if not user_name or not storlet_name: msg = "storlet ACL update request is missing a mandatory header" raise HTTPBadRequest(msg) # Make sure the resulting acl is valid acl_string = ".r:%s" % self._build_acl_string(user_name, storlet_name) try: clean_acl("X-Container-Read", acl_string) except ValueError as e: msg = "storlet ACL update request has invalid values %s" % e.message raise HTTPBadRequest(msg) # Make sure the resulting acl permits a single entity if "," in acl_string: msg = "storlet ACL update request has " "mulformed storlet or user name" raise HTTPBadRequest(msg) # The request is valid. Keep the ACL string return acl_string
def test_clean_acl(self): value = acl.clean_acl('header', '.r:*') self.assertEquals(value, '.r:*') value = acl.clean_acl('header', '.r:specific.host') self.assertEquals(value, '.r:specific.host') value = acl.clean_acl('header', '.r:.ending.with') self.assertEquals(value, '.r:.ending.with') value = acl.clean_acl('header', '.r:*.ending.with') self.assertEquals(value, '.r:.ending.with') value = acl.clean_acl('header', '.r:-*.ending.with') self.assertEquals(value, '.r:-.ending.with') value = acl.clean_acl('header', '.r:one,.r:two') self.assertEquals(value, '.r:one,.r:two') value = acl.clean_acl('header', '.r:*,.r:-specific.host') self.assertEquals(value, '.r:*,.r:-specific.host') value = acl.clean_acl('header', '.r:*,.r:-.ending.with') self.assertEquals(value, '.r:*,.r:-.ending.with') value = acl.clean_acl('header', '.r:one,.r:-two') self.assertEquals(value, '.r:one,.r:-two') value = acl.clean_acl('header', '.r:one,.r:-two,account,account:user') self.assertEquals(value, '.r:one,.r:-two,account,account:user') value = acl.clean_acl('header', 'TEST_account') self.assertEquals(value, 'TEST_account') value = acl.clean_acl('header', '.ref:*') self.assertEquals(value, '.r:*') value = acl.clean_acl('header', '.referer:*') self.assertEquals(value, '.r:*') value = acl.clean_acl('header', '.referrer:*') self.assertEquals(value, '.r:*') value = acl.clean_acl('header', ' .r : one , ,, .r:two , .r : - three ') self.assertEquals(value, '.r:one,.r:two,.r:-three') self.assertRaises(ValueError, acl.clean_acl, 'header', '.unknown:test') self.assertRaises(ValueError, acl.clean_acl, 'header', '.r:') self.assertRaises(ValueError, acl.clean_acl, 'header', '.r:*.') self.assertRaises(ValueError, acl.clean_acl, 'header', '.r : * . ') self.assertRaises(ValueError, acl.clean_acl, 'header', '.r:-*.') self.assertRaises(ValueError, acl.clean_acl, 'header', '.r : - * . ') self.assertRaises(ValueError, acl.clean_acl, 'header', ' .r : ') self.assertRaises(ValueError, acl.clean_acl, 'header', 'user , .r : ') self.assertRaises(ValueError, acl.clean_acl, 'header', '.r:-') self.assertRaises(ValueError, acl.clean_acl, 'header', ' .r : - ') self.assertRaises(ValueError, acl.clean_acl, 'header', 'user , .r : - ') self.assertRaises(ValueError, acl.clean_acl, 'write-header', '.r:r')