示例#1
0
    def test_example(self):
        """Tests the example set in the acl module."""
        # Set a dict of roles with an 'admin' role that has full access and assign
        # users to it. Each role maps to a list of rules. Each rule, a tuple
        # (topic, name, flag), where flag, as bool to allow or disallow access.
        # Wildcard '*' can be used to match all topics and/or names.
        Acl.roles_map = {
            'admin': [
                ('*', '*', True),
            ],
        }

        # Assign users 'user_1' and 'user_2' to the 'admin' role.
        AclRules.insert_or_update(area='my_area', user='******', roles=['admin'])
        AclRules.insert_or_update(area='my_area', user='******', roles=['admin'])

        # Restrict 'user_2' from accessing a specific resource, adding a new rule
        # with flag set to False. Now this user has access to everything except this
        # resource.
        user_acl = AclRules.get_by_area_and_user('my_area', 'user_2')
        user_acl.rules.append(('UserAdmin', '*', False))
        user_acl.put()

        # Check 'user_2' permission.
        acl = Acl(area='my_area', user='******')
        self.assertEqual(acl.has_access(topic='UserAdmin', name='save'), False)
        self.assertEqual(acl.has_access(topic='UserAdmin', name='get'), False)
        self.assertEqual(acl.has_access(topic='AnythingElse', name='put'), True)
示例#2
0
    def test_example(self):
        """Tests the example set in the acl module."""
        # Set a dict of roles with an 'admin' role that has full access and assign
        # users to it. Each role maps to a list of rules. Each rule, a tuple
        # (topic, name, flag), where flag, as bool to allow or disallow access.
        # Wildcard '*' can be used to match all topics and/or names.
        Acl.roles_map = {
            'admin': [
                ('*', '*', True),
            ],
        }

        # Assign users 'user_1' and 'user_2' to the 'admin' role.
        AclRules.insert_or_update(area='my_area',
                                  user='******',
                                  roles=['admin'])
        AclRules.insert_or_update(area='my_area',
                                  user='******',
                                  roles=['admin'])

        # Restrict 'user_2' from accessing a specific resource, adding a new rule
        # with flag set to False. Now this user has access to everything except this
        # resource.
        user_acl = AclRules.get_by_area_and_user('my_area', 'user_2')
        user_acl.rules.append(('UserAdmin', '*', False))
        user_acl.put()

        # Check 'user_2' permission.
        acl = Acl(area='my_area', user='******')
        self.assertEqual(acl.has_access(topic='UserAdmin', name='save'), False)
        self.assertEqual(acl.has_access(topic='UserAdmin', name='get'), False)
        self.assertEqual(acl.has_access(topic='AnythingElse', name='put'),
                         True)
示例#3
0
    def test_is_any(self):
        AclRules.insert_or_update(area='my_area', user='******', roles=['editor', 'designer'])

        acl = Acl(area='my_area', user='******')
        self.assertEqual(acl.is_any(['editor', 'admin']), True)
        self.assertEqual(acl.is_any(['admin', 'designer']), True)
        self.assertEqual(acl.is_any(['admin', 'user']), False)
示例#4
0
    def test_is_any(self):
        AclRules.insert_or_update(area='my_area',
                                  user='******',
                                  roles=['editor', 'designer'])

        acl = Acl(area='my_area', user='******')
        self.assertEqual(acl.is_any(['editor', 'admin']), True)
        self.assertEqual(acl.is_any(['admin', 'designer']), True)
        self.assertEqual(acl.is_any(['admin', 'user']), False)
示例#5
0
    def test_delete_rules(self):
        rules = [
            ('topic_1', 'name_1', True),
            ('topic_1', 'name_2', True),
            ('topic_2', 'name_1', False),
        ]
        user_acl = AclRules.insert_or_update(area='test',
                                             user='******',
                                             rules=rules)

        # Fetch the record again, and compare.
        user_acl = AclRules.get_by_area_and_user('test', 'test')
        self.assertEqual(user_acl.rules, rules)

        key_name = AclRules.get_key_name('test', 'test')
        acl = Acl('test', 'test')

        cached = memcache.get(key_name, namespace=AclRules.__name__)
        self.assertEqual(key_name in _rules_map, True)
        self.assertEqual(cached, _rules_map[key_name])

        user_acl.delete()
        user_acl2 = AclRules.get_by_area_and_user('test', 'test')

        cached = memcache.get(key_name, namespace=AclRules.__name__)
        self.assertEqual(user_acl2, None)
        self.assertEqual(key_name not in _rules_map, True)
        self.assertEqual(cached, None)
示例#6
0
    def test_has_access_invalid_parameters(self):
        AclRules.insert_or_update(area='my_area',
                                  user='******',
                                  rules=[('*', '*', True)])

        acl1 = Acl(area='my_area', user='******')

        self.assertRaises(ValueError, acl1.has_access, 'content', '*')
        self.assertRaises(ValueError, acl1.has_access, '*', 'content')
示例#7
0
    def test_has_any_access(self):
        AclRules.insert_or_update(area='my_area',
                                  user='******',
                                  roles=['editor', 'designer'])
        AclRules.insert_or_update(area='my_area',
                                  user='******',
                                  rules=[('*', '*', True)])
        AclRules.insert_or_update(area='my_area', user='******')

        acl = Acl(area='my_area', user='******')
        self.assertEqual(acl.has_any_access(), True)

        acl = Acl(area='my_area', user='******')
        self.assertEqual(acl.has_any_access(), True)

        acl = Acl(area='my_area', user='******')
        self.assertEqual(acl.has_any_access(), False)
        self.assertEqual(acl._rules, [])
        self.assertEqual(acl._roles, [])
示例#8
0
    def test_has_access(self):
        AclRules.insert_or_update(area='my_area', user='******', rules=[('*', '*', True)])
        AclRules.insert_or_update(area='my_area', user='******', rules=[('content', '*', True), ('content', 'delete', False)])
        AclRules.insert_or_update(area='my_area', user='******', rules=[('content', 'read', True)])

        acl1 = Acl(area='my_area', user='******')
        acl2 = Acl(area='my_area', user='******')
        acl3 = Acl(area='my_area', user='******')

        self.assertEqual(acl1.has_access('content', 'read'), True)
        self.assertEqual(acl1.has_access('content', 'update'), True)
        self.assertEqual(acl1.has_access('content', 'delete'), True)

        self.assertEqual(acl2.has_access('content', 'read'), True)
        self.assertEqual(acl2.has_access('content', 'update'), True)
        self.assertEqual(acl2.has_access('content', 'delete'), False)

        self.assertEqual(acl3.has_access('content', 'read'), True)
        self.assertEqual(acl3.has_access('content', 'update'), False)
        self.assertEqual(acl3.has_access('content', 'delete'), False)
示例#9
0
    def test_has_any_access(self):
        AclRules.insert_or_update(area='my_area', user='******', roles=['editor', 'designer'])
        AclRules.insert_or_update(area='my_area', user='******', rules=[('*', '*', True)])
        AclRules.insert_or_update(area='my_area', user='******')

        acl = Acl(area='my_area', user='******')
        self.assertEqual(acl.has_any_access(), True)

        acl = Acl(area='my_area', user='******')
        self.assertEqual(acl.has_any_access(), True)

        acl = Acl(area='my_area', user='******')
        self.assertEqual(acl.has_any_access(), False)
        self.assertEqual(acl._rules, [])
        self.assertEqual(acl._roles, [])
示例#10
0
    def test_has_access(self):
        AclRules.insert_or_update(area='my_area',
                                  user='******',
                                  rules=[('*', '*', True)])
        AclRules.insert_or_update(area='my_area',
                                  user='******',
                                  rules=[('content', '*', True),
                                         ('content', 'delete', False)])
        AclRules.insert_or_update(area='my_area',
                                  user='******',
                                  rules=[('content', 'read', True)])

        acl1 = Acl(area='my_area', user='******')
        acl2 = Acl(area='my_area', user='******')
        acl3 = Acl(area='my_area', user='******')

        self.assertEqual(acl1.has_access('content', 'read'), True)
        self.assertEqual(acl1.has_access('content', 'update'), True)
        self.assertEqual(acl1.has_access('content', 'delete'), True)

        self.assertEqual(acl2.has_access('content', 'read'), True)
        self.assertEqual(acl2.has_access('content', 'update'), True)
        self.assertEqual(acl2.has_access('content', 'delete'), False)

        self.assertEqual(acl3.has_access('content', 'read'), True)
        self.assertEqual(acl3.has_access('content', 'update'), False)
        self.assertEqual(acl3.has_access('content', 'delete'), False)
示例#11
0
    def test_default_roles_lock(self):
        Acl.roles_lock = None
        acl2 = Acl('foo', 'foo')

        self.assertEqual(acl2.roles_lock, CURRENT_VERSION_ID)
示例#12
0
 def test_non_existent_user(self):
     acl = Acl(area='my_area', user='******')
     self.assertEqual(acl.has_any_access(), False)
示例#13
0
 def test_non_existent_user(self):
     acl = Acl(area='my_area', user='******')
     self.assertEqual(acl.has_any_access(), False)
示例#14
0
    def test_no_area_or_no_user(self):
        acl1 = Acl('foo', None)
        acl2 = Acl(None, 'foo')

        self.assertEqual(acl1.has_any_access(), False)
        self.assertEqual(acl2.has_any_access(), False)
示例#15
0
    def test_roles_lock_changed(self):
        roles_map1 = {
            'editor': [
                ('content', '*', True),
            ],
            'contributor': [('content', '*', True),
                            ('content', 'delete', False)],
        }
        Acl.roles_map = roles_map1
        Acl.roles_lock = 'initial'

        AclRules.insert_or_update(area='my_area',
                                  user='******',
                                  roles=['editor'])
        acl1 = Acl(area='my_area', user='******')

        AclRules.insert_or_update(area='my_area',
                                  user='******',
                                  roles=['contributor'])
        acl2 = Acl(area='my_area', user='******')

        self.assertEqual(acl1.has_access('content', 'add'), True)
        self.assertEqual(acl1.has_access('content', 'edit'), True)
        self.assertEqual(acl1.has_access('content', 'delete'), True)

        self.assertEqual(acl2.has_access('content', 'add'), True)
        self.assertEqual(acl2.has_access('content', 'edit'), True)
        self.assertEqual(acl2.has_access('content', 'delete'), False)

        roles_map2 = {
            'editor': [
                ('content', '*', True),
            ],
            'contributor': [('content', '*', True),
                            ('content', 'delete', False),
                            ('content', 'add', False)],
        }
        Acl.roles_map = roles_map2
        Acl.roles_lock = 'changed'

        acl1 = Acl(area='my_area', user='******')
        acl2 = Acl(area='my_area', user='******')

        self.assertEqual(acl1.has_access('content', 'add'), True)
        self.assertEqual(acl1.has_access('content', 'edit'), True)
        self.assertEqual(acl1.has_access('content', 'delete'), True)

        self.assertEqual(acl2.has_access('content', 'add'), False)
        self.assertEqual(acl2.has_access('content', 'edit'), True)
        self.assertEqual(acl2.has_access('content', 'delete'), False)
示例#16
0
    def test_no_area_or_no_user(self):
        acl1 = Acl('foo', None)
        acl2 = Acl(None, 'foo')

        self.assertEqual(acl1.has_any_access(), False)
        self.assertEqual(acl2.has_any_access(), False)
示例#17
0
    def test_has_access_with_roles(self):
        Acl.roles_map = {
            'admin':       [('*', '*', True),],
            'editor':      [('content', '*', True),],
            'contributor': [('content', '*', True), ('content', 'delete', False)],
            'designer':    [('design', '*', True),],
        }

        AclRules.insert_or_update(area='my_area', user='******', roles=['admin'])
        acl1 = Acl(area='my_area', user='******')

        AclRules.insert_or_update(area='my_area', user='******', roles=['admin'], rules=[('ManageUsers', '*', False)])
        acl2 = Acl(area='my_area', user='******')

        AclRules.insert_or_update(area='my_area', user='******', roles=['editor'])
        acl3 = Acl(area='my_area', user='******')

        AclRules.insert_or_update(area='my_area', user='******', roles=['contributor'], rules=[('design', '*', True),])
        acl4 = Acl(area='my_area', user='******')

        self.assertEqual(acl1.has_access('ApproveUsers', 'save'), True)
        self.assertEqual(acl1.has_access('ManageUsers', 'edit'), True)
        self.assertEqual(acl1.has_access('ManageUsers', 'delete'), True)

        self.assertEqual(acl1.has_access('ApproveUsers', 'save'), True)
        self.assertEqual(acl2.has_access('ManageUsers', 'edit'), False)
        self.assertEqual(acl2.has_access('ManageUsers', 'delete'), False)

        self.assertEqual(acl3.has_access('ApproveUsers', 'save'), False)
        self.assertEqual(acl3.has_access('ManageUsers', 'edit'), False)
        self.assertEqual(acl3.has_access('ManageUsers', 'delete'), False)
        self.assertEqual(acl3.has_access('content', 'edit'), True)
        self.assertEqual(acl3.has_access('content', 'delete'), True)
        self.assertEqual(acl3.has_access('content', 'save'), True)
        self.assertEqual(acl3.has_access('design', 'edit'), False)
        self.assertEqual(acl3.has_access('design', 'delete'), False)

        self.assertEqual(acl4.has_access('ApproveUsers', 'save'), False)
        self.assertEqual(acl4.has_access('ManageUsers', 'edit'), False)
        self.assertEqual(acl4.has_access('ManageUsers', 'delete'), False)
        self.assertEqual(acl4.has_access('content', 'edit'), True)
        self.assertEqual(acl4.has_access('content', 'delete'), False)
        self.assertEqual(acl4.has_access('content', 'save'), True)
        self.assertEqual(acl4.has_access('design', 'edit'), True)
        self.assertEqual(acl4.has_access('design', 'delete'), True)
示例#18
0
    def test_roles_lock_changed(self):
        roles_map1 = {
            'editor':      [('content', '*', True),],
            'contributor': [('content', '*', True), ('content', 'delete', False)],
        }
        Acl.roles_map = roles_map1
        Acl.roles_lock = 'initial'

        AclRules.insert_or_update(area='my_area', user='******', roles=['editor'])
        acl1 = Acl(area='my_area', user='******')

        AclRules.insert_or_update(area='my_area', user='******', roles=['contributor'])
        acl2 = Acl(area='my_area', user='******')

        self.assertEqual(acl1.has_access('content', 'add'), True)
        self.assertEqual(acl1.has_access('content', 'edit'), True)
        self.assertEqual(acl1.has_access('content', 'delete'), True)

        self.assertEqual(acl2.has_access('content', 'add'), True)
        self.assertEqual(acl2.has_access('content', 'edit'), True)
        self.assertEqual(acl2.has_access('content', 'delete'), False)

        roles_map2 = {
            'editor':      [('content', '*', True),],
            'contributor': [('content', '*', True), ('content', 'delete', False), ('content', 'add', False)],
        }
        Acl.roles_map = roles_map2
        Acl.roles_lock = 'changed'

        acl1 = Acl(area='my_area', user='******')
        acl2 = Acl(area='my_area', user='******')

        self.assertEqual(acl1.has_access('content', 'add'), True)
        self.assertEqual(acl1.has_access('content', 'edit'), True)
        self.assertEqual(acl1.has_access('content', 'delete'), True)

        self.assertEqual(acl2.has_access('content', 'add'), False)
        self.assertEqual(acl2.has_access('content', 'edit'), True)
        self.assertEqual(acl2.has_access('content', 'delete'), False)
示例#19
0
    def test_has_access_with_roles(self):
        Acl.roles_map = {
            'admin': [
                ('*', '*', True),
            ],
            'editor': [
                ('content', '*', True),
            ],
            'contributor': [('content', '*', True),
                            ('content', 'delete', False)],
            'designer': [
                ('design', '*', True),
            ],
        }

        AclRules.insert_or_update(area='my_area',
                                  user='******',
                                  roles=['admin'])
        acl1 = Acl(area='my_area', user='******')

        AclRules.insert_or_update(area='my_area',
                                  user='******',
                                  roles=['admin'],
                                  rules=[('ManageUsers', '*', False)])
        acl2 = Acl(area='my_area', user='******')

        AclRules.insert_or_update(area='my_area',
                                  user='******',
                                  roles=['editor'])
        acl3 = Acl(area='my_area', user='******')

        AclRules.insert_or_update(area='my_area',
                                  user='******',
                                  roles=['contributor'],
                                  rules=[
                                      ('design', '*', True),
                                  ])
        acl4 = Acl(area='my_area', user='******')

        self.assertEqual(acl1.has_access('ApproveUsers', 'save'), True)
        self.assertEqual(acl1.has_access('ManageUsers', 'edit'), True)
        self.assertEqual(acl1.has_access('ManageUsers', 'delete'), True)

        self.assertEqual(acl1.has_access('ApproveUsers', 'save'), True)
        self.assertEqual(acl2.has_access('ManageUsers', 'edit'), False)
        self.assertEqual(acl2.has_access('ManageUsers', 'delete'), False)

        self.assertEqual(acl3.has_access('ApproveUsers', 'save'), False)
        self.assertEqual(acl3.has_access('ManageUsers', 'edit'), False)
        self.assertEqual(acl3.has_access('ManageUsers', 'delete'), False)
        self.assertEqual(acl3.has_access('content', 'edit'), True)
        self.assertEqual(acl3.has_access('content', 'delete'), True)
        self.assertEqual(acl3.has_access('content', 'save'), True)
        self.assertEqual(acl3.has_access('design', 'edit'), False)
        self.assertEqual(acl3.has_access('design', 'delete'), False)

        self.assertEqual(acl4.has_access('ApproveUsers', 'save'), False)
        self.assertEqual(acl4.has_access('ManageUsers', 'edit'), False)
        self.assertEqual(acl4.has_access('ManageUsers', 'delete'), False)
        self.assertEqual(acl4.has_access('content', 'edit'), True)
        self.assertEqual(acl4.has_access('content', 'delete'), False)
        self.assertEqual(acl4.has_access('content', 'save'), True)
        self.assertEqual(acl4.has_access('design', 'edit'), True)
        self.assertEqual(acl4.has_access('design', 'delete'), True)