summaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
diff options
context:
space:
mode:
authorasteroide <thomas.duval@orange.com>2015-07-06 17:19:47 +0200
committerasteroide <thomas.duval@orange.com>2015-07-06 17:36:28 +0200
commit35641a3050f91e149cc1388340fbb3fdfc43310f (patch)
tree5bb867250b7a1d08c14c7707100ecc7e9ae1d4a5 /keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
parentfddda06efce86d6f7c56812cd86141485521d03c (diff)
Add tests for Authz exceptions.
Change-Id: Ib7d438148a4c45c79f541a370c0eee9a4519fecd Add the MetaRule Exceptions. Change-Id: I1d34246da04b0cdd53b8e85fb8ca112a23dc7ed8
Diffstat (limited to 'keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py')
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py1549
1 files changed, 1544 insertions, 5 deletions
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
index 29ebe7a2..6426bf84 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
@@ -19,7 +19,7 @@ from keystone.contrib.moon.core import LogManager, TenantManager
CONF = cfg.CONF
-USER_ADMIN = {
+USER = {
'name': 'admin',
'domain_id': "default",
'password': 'admin'
@@ -31,11 +31,11 @@ IE = {
"description": "a simple description."
}
-class TestIntraExtensionAdminManager(tests.TestCase):
+class TestIntraExtensionAdminManagerOK(tests.TestCase):
def setUp(self):
self.useFixture(database.Database())
- super(TestIntraExtensionAdminManager, self).setUp()
+ super(TestIntraExtensionAdminManagerOK, self).setUp()
self.load_backends()
self.load_fixtures(default_fixtures)
self.manager = IntraExtensionAdminManager()
@@ -51,7 +51,7 @@ class TestIntraExtensionAdminManager(tests.TestCase):
}
def config_overrides(self):
- super(TestIntraExtensionAdminManager, self).config_overrides()
+ super(TestIntraExtensionAdminManagerOK, self).config_overrides()
self.policy_directory = 'examples/moon/policies'
self.config_fixture.config(
group='moon',
@@ -62,7 +62,7 @@ class TestIntraExtensionAdminManager(tests.TestCase):
def create_intra_extension(self, policy_model="policy_rbac_admin"):
# Create the admin user because IntraExtension needs it
- self.admin = self.identity_api.create_user(USER_ADMIN)
+ self.admin = self.identity_api.create_user(USER)
IE["policymodel"] = policy_model
self.ref = self.manager.load_intra_extension(IE)
self.assertIsInstance(self.ref, dict)
@@ -1225,5 +1225,1544 @@ class TestIntraExtensionAdminManager(tests.TestCase):
self.assertIn(a_scope, scope[func_name][cat_value])
+class TestIntraExtensionAdminManagerKO(tests.TestCase):
+ def setUp(self):
+ self.useFixture(database.Database())
+ super(TestIntraExtensionAdminManagerKO, self).setUp()
+ self.load_backends()
+ self.load_fixtures(default_fixtures)
+ self.manager = IntraExtensionAuthzManager()
+ self.admin_manager = IntraExtensionAdminManager()
+
+ def __get_key_from_value(self, value, values_dict):
+ return filter(lambda v: v[1] == value, values_dict.iteritems())[0][0]
+
+ def load_extra_backends(self):
+ return {
+ "moonlog_api": LogManager(),
+ "tenant_api": TenantManager(),
+ "resource_api": resource.Manager(),
+ }
+
+ def config_overrides(self):
+ super(TestIntraExtensionAdminManagerKO, self).config_overrides()
+ self.policy_directory = 'examples/moon/policies'
+ self.config_fixture.config(
+ group='moon',
+ intraextension_driver='keystone.contrib.moon.backends.sql.IntraExtensionConnector')
+ self.config_fixture.config(
+ group='moon',
+ policy_directory=self.policy_directory)
+
+ def create_tenant(self):
+ tenant = {
+ "id": uuid.uuid4().hex,
+ "name": "TestIntraExtensionAuthzManager",
+ "enabled": True,
+ "description": "",
+ "domain_id": "default"
+ }
+ return self.resource_api.create_project(tenant["id"], tenant)
+
+ def create_mapping(self, tenant, authz_uuid=None, admin_uuid=None):
+
+ mapping = self.tenant_api.set_tenant_dict(tenant["id"], tenant["name"], authz_uuid, admin_uuid)
+ self.assertIsInstance(mapping, dict)
+ self.assertIn("authz", mapping)
+ self.assertEqual(mapping["authz"], authz_uuid)
+ return mapping
+
+ def create_user(self, username="admin"):
+
+ _USER = dict(USER)
+ _USER["name"] = username
+ return self.identity_api.create_user(_USER)
+
+ def create_intra_extension(self, policy_model="policy_rbac_authz"):
+
+ IE["policymodel"] = policy_model
+ ref = self.admin_manager.load_intra_extension(IE)
+ self.assertIsInstance(self.ref, dict)
+ return ref
+
+ def test_subjects(self):
+ admin_user = self.create_user("admin")
+ ref = self.create_intra_extension()
+ demo_user = self.create_user("demo")
+
+ self.assertRaises(
+ SubjectReadNotAuthorized,
+ self.manager.get_subject_dict,
+ demo_user["id"], ref["id"])
+
+ subjects = self.manager.get_subject_dict(admin_user["id"], ref["id"])
+ self.assertIsInstance(subjects, dict)
+ self.assertIn("subjects", subjects)
+ self.assertIn("id", subjects)
+ self.assertIn("intra_extension_uuid", subjects)
+ self.assertEqual(ref["id"], subjects["intra_extension_uuid"])
+ self.assertIsInstance(subjects["subjects"], dict)
+
+ new_subject = self.create_user("new_user")
+ new_subjects = dict()
+ new_subjects[new_subject["id"]] = new_subject["name"]
+
+ self.assertRaises(
+ SubjectAddNotAuthorized,
+ self.manager.set_subject_dict,
+ demo_user["id"], ref["id"], new_subjects)
+
+ subjects = self.manager.set_subject_dict(admin_user["id"], ref["id"], new_subjects)
+ self.assertIsInstance(subjects, dict)
+ self.assertIn("subjects", subjects)
+ self.assertIn("id", subjects)
+ self.assertIn("intra_extension_uuid", subjects)
+ self.assertEqual(ref["id"], subjects["intra_extension_uuid"])
+ self.assertEqual(subjects["subjects"], new_subjects)
+ self.assertIn(new_subject["id"], subjects["subjects"])
+
+ # Delete the new subject
+ self.assertRaises(
+ SubjectDelNotAuthorized,
+ self.manager.del_subject_dict,
+ demo_user["id"], ref["id"], new_subject["id"])
+
+ self.manager.del_subject(admin_user["id"], ref["id"], new_subject["id"])
+ subjects = self.manager.get_subject_dict(admin_user["id"], ref["id"])
+ self.assertIsInstance(subjects, dict)
+ self.assertIn("subjects", subjects)
+ self.assertIn("id", subjects)
+ self.assertIn("intra_extension_uuid", subjects)
+ self.assertEqual(ref["id"], subjects["intra_extension_uuid"])
+ self.assertNotIn(new_subject["id"], subjects["subjects"])
+
+ # Add a particular subject
+ self.assertRaises(
+ SubjectAddNotAuthorized,
+ self.manager.add_subject_dict,
+ demo_user["id"], ref["id"], new_subject["id"])
+
+ subjects = self.manager.add_subject_dict(admin_user["id"], ref["id"], new_subject["id"])
+ self.assertIsInstance(subjects, dict)
+ self.assertIn("subject", subjects)
+ self.assertIn("uuid", subjects["subject"])
+ self.assertEqual(new_subject["name"], subjects["subject"]["name"])
+ subjects = self.manager.get_subject_dict(admin_user["id"], ref["id"])
+ self.assertIsInstance(subjects, dict)
+ self.assertIn("subjects", subjects)
+ self.assertIn("id", subjects)
+ self.assertIn("intra_extension_uuid", subjects)
+ self.assertEqual(ref["id"], subjects["intra_extension_uuid"])
+ self.assertIn(new_subject["id"], subjects["subjects"])
+
+ def test_objects(self):
+ admin_user = self.create_user("admin")
+ ref = self.create_intra_extension()
+ demo_user = self.create_user("demo")
+
+ self.assertRaises(
+ ObjectReadNotAuthorized,
+ self.manager.get_object_dict,
+ demo_user["id"], ref["id"])
+
+ objects = self.manager.get_object_dict(admin_user["id"], ref["id"])
+ self.assertIsInstance(objects, dict)
+ self.assertIn("objects", objects)
+ self.assertIn("id", objects)
+ self.assertIn("intra_extension_uuid", objects)
+ self.assertEqual(ref["id"], objects["intra_extension_uuid"])
+ self.assertIsInstance(objects["objects"], dict)
+
+ new_object = {"id": uuid.uuid4().hex, "name": "my_object"}
+ new_objects = dict()
+ new_objects[new_object["id"]] = new_object["name"]
+
+ self.assertRaises(
+ ObjectAddNotAuthorized,
+ self.manager.set_object_dict,
+ demo_user["id"], ref["id"], new_objects)
+
+ objects = self.manager.set_object_dict(admin_user["id"], ref["id"], new_objects)
+ self.assertIsInstance(objects, dict)
+ self.assertIn("objects", objects)
+ self.assertIn("id", objects)
+ self.assertIn("intra_extension_uuid", objects)
+ self.assertEqual(ref["id"], objects["intra_extension_uuid"])
+ self.assertEqual(objects["objects"], new_objects)
+ self.assertIn(new_object["id"], objects["objects"])
+
+ # Delete the new object
+ self.assertRaises(
+ ObjectDelNotAuthorized,
+ self.manager.del_object_dict,
+ demo_user["id"], ref["id"], new_object["id"])
+
+ self.manager.del_object(admin_user["id"], ref["id"], new_object["id"])
+ objects = self.manager.get_object_dict(admin_user["id"], ref["id"])
+ self.assertIsInstance(objects, dict)
+ self.assertIn("objects", objects)
+ self.assertIn("id", objects)
+ self.assertIn("intra_extension_uuid", objects)
+ self.assertEqual(ref["id"], objects["intra_extension_uuid"])
+ self.assertNotIn(new_object["id"], objects["objects"])
+
+ # Add a particular object
+ self.assertRaises(
+ ObjectAddNotAuthorized,
+ self.manager.add_object_dict,
+ demo_user["id"], ref["id"], new_object["name"])
+
+ objects = self.manager.add_object_dict(admin_user["id"], ref["id"], new_object["name"])
+ self.assertIsInstance(objects, dict)
+ self.assertIn("object", objects)
+ self.assertIn("uuid", objects["object"])
+ self.assertEqual(new_object["name"], objects["object"]["name"])
+ new_object["id"] = objects["object"]["uuid"]
+ objects = self.manager.get_object_dict(admin_user["id"], ref["id"])
+ self.assertIsInstance(objects, dict)
+ self.assertIn("objects", objects)
+ self.assertIn("id", objects)
+ self.assertIn("intra_extension_uuid", objects)
+ self.assertEqual(ref["id"], objects["intra_extension_uuid"])
+ self.assertIn(new_object["id"], objects["objects"])
+
+ def test_actions(self):
+ admin_user = self.create_user("admin")
+ ref = self.create_intra_extension()
+ demo_user = self.create_user("demo")
+
+ self.assertRaises(
+ ActionReadNotAuthorized,
+ self.manager.get_action_dict,
+ demo_user["id"], ref["id"])
+
+ actions = self.manager.get_action_dict(admin_user["id"], ref["id"])
+ self.assertIsInstance(actions, dict)
+ self.assertIn("actions", actions)
+ self.assertIn("id", actions)
+ self.assertIn("intra_extension_uuid", actions)
+ self.assertEqual(ref["id"], actions["intra_extension_uuid"])
+ self.assertIsInstance(actions["actions"], dict)
+
+ new_action = {"id": uuid.uuid4().hex, "name": "my_action"}
+ new_actions = dict()
+ new_actions[new_action["id"]] = new_action["name"]
+
+ self.assertRaises(
+ ActionAddNotAuthorized,
+ self.manager.set_action_dict,
+ demo_user["id"], ref["id"], new_actions)
+
+ actions = self.manager.set_action_dict(admin_user["id"], ref["id"], new_actions)
+ self.assertIsInstance(actions, dict)
+ self.assertIn("actions", actions)
+ self.assertIn("id", actions)
+ self.assertIn("intra_extension_uuid", actions)
+ self.assertEqual(ref["id"], actions["intra_extension_uuid"])
+ self.assertEqual(actions["actions"], new_actions)
+ self.assertIn(new_action["id"], actions["actions"])
+
+ # Delete the new action
+ self.assertRaises(
+ ActionDelNotAuthorized,
+ self.manager.del_action_dict,
+ demo_user["id"], ref["id"], new_action["id"])
+
+ self.manager.del_action(admin_user["id"], ref["id"], new_action["id"])
+ actions = self.manager.get_action_dict(admin_user["id"], ref["id"])
+ self.assertIsInstance(actions, dict)
+ self.assertIn("actions", actions)
+ self.assertIn("id", actions)
+ self.assertIn("intra_extension_uuid", actions)
+ self.assertEqual(ref["id"], actions["intra_extension_uuid"])
+ self.assertNotIn(new_action["id"], actions["actions"])
+
+ # Add a particular action
+ self.assertRaises(
+ ActionAddNotAuthorized,
+ self.manager.add_action_dict,
+ demo_user["id"], ref["id"], new_action["name"])
+
+ actions = self.manager.add_action_dict(admin_user["id"], ref["id"], new_action["name"])
+ self.assertIsInstance(actions, dict)
+ self.assertIn("action", actions)
+ self.assertIn("uuid", actions["action"])
+ self.assertEqual(new_action["name"], actions["action"]["name"])
+ new_action["id"] = actions["action"]["uuid"]
+ actions = self.manager.get_action_dict(admin_user["id"], ref["id"])
+ self.assertIsInstance(actions, dict)
+ self.assertIn("actions", actions)
+ self.assertIn("id", actions)
+ self.assertIn("intra_extension_uuid", actions)
+ self.assertEqual(ref["id"], actions["intra_extension_uuid"])
+ self.assertIn(new_action["id"], actions["actions"])
+
+ def test_subject_categories(self):
+ admin_user = self.create_user("admin")
+ ref = self.create_intra_extension()
+ demo_user = self.create_user("demo")
+
+ self.assertRaises(
+ SubjectCategoryReadNotAuthorized,
+ self.manager.get_subject_category_dict,
+ demo_user["id"], ref["id"])
+
+ subject_categories = self.manager.get_subject_category_dict(admin_user["id"], ref["id"])
+ self.assertIsInstance(subject_categories, dict)
+ self.assertIn("subject_categories", subject_categories)
+ self.assertIn("id", subject_categories)
+ self.assertIn("intra_extension_uuid", subject_categories)
+ self.assertEqual(ref["id"], subject_categories["intra_extension_uuid"])
+ self.assertIsInstance(subject_categories["subject_categories"], dict)
+
+ new_subject_category = {"id": uuid.uuid4().hex, "name": "subject_category_test"}
+ new_subject_categories = dict()
+ new_subject_categories[new_subject_category["id"]] = new_subject_category["name"]
+
+ self.assertRaises(
+ SubjectCategoryAddNotAuthorized,
+ self.manager.set_subject_category_dict,
+ demo_user["id"], ref["id"], new_subject_categories)
+
+ subject_categories = self.manager.set_subject_category_dict(admin_user["id"], ref["id"], new_subject_categories)
+ self.assertIsInstance(subject_categories, dict)
+ self.assertIn("subject_categories", subject_categories)
+ self.assertIn("id", subject_categories)
+ self.assertIn("intra_extension_uuid", subject_categories)
+ self.assertEqual(ref["id"], subject_categories["intra_extension_uuid"])
+ self.assertEqual(subject_categories["subject_categories"], new_subject_categories)
+ self.assertIn(new_subject_category["id"], subject_categories["subject_categories"])
+
+ # Delete the new subject_category
+ self.assertRaises(
+ SubjectCategoryDelNotAuthorized,
+ self.manager.del_subject_category_dict,
+ demo_user["id"], ref["id"], new_subject_category["id"])
+
+ self.manager.del_subject_category(admin_user["id"], ref["id"], new_subject_category["id"])
+ subject_categories = self.manager.get_subject_category_dict(admin_user["id"], ref["id"])
+ self.assertIsInstance(subject_categories, dict)
+ self.assertIn("subject_categories", subject_categories)
+ self.assertIn("id", subject_categories)
+ self.assertIn("intra_extension_uuid", subject_categories)
+ self.assertEqual(ref["id"], subject_categories["intra_extension_uuid"])
+ self.assertNotIn(new_subject_category["id"], subject_categories["subject_categories"])
+
+ # Add a particular subject_category
+ self.assertRaises(
+ SubjectCategoryAddNotAuthorized,
+ self.manager.add_subject_category_dict,
+ demo_user["id"], ref["id"], new_subject_category["name"])
+
+ subject_categories = self.manager.add_subject_category_dict(
+ admin_user["id"],
+ ref["id"],
+ new_subject_category["name"])
+ self.assertIsInstance(subject_categories, dict)
+ self.assertIn("subject_category", subject_categories)
+ self.assertIn("uuid", subject_categories["subject_category"])
+ self.assertEqual(new_subject_category["name"], subject_categories["subject_category"]["name"])
+ new_subject_category["id"] = subject_categories["subject_category"]["uuid"]
+ subject_categories = self.manager.get_subject_category_dict(
+ admin_user["id"],
+ ref["id"])
+ self.assertIsInstance(subject_categories, dict)
+ self.assertIn("subject_categories", subject_categories)
+ self.assertIn("id", subject_categories)
+ self.assertIn("intra_extension_uuid", subject_categories)
+ self.assertEqual(ref["id"], subject_categories["intra_extension_uuid"])
+ self.assertIn(new_subject_category["id"], subject_categories["subject_categories"])
+
+ def test_object_categories(self):
+ admin_user = self.create_user("admin")
+ ref = self.create_intra_extension()
+ demo_user = self.create_user("demo")
+
+ self.assertRaises(
+ ObjectCategoryReadNotAuthorized,
+ self.manager.get_object_category_dict,
+ demo_user["id"], ref["id"])
+
+ object_categories = self.manager.get_object_category_dict(admin_user["id"], ref["id"])
+ self.assertIsInstance(object_categories, dict)
+ self.assertIn("object_categories", object_categories)
+ self.assertIn("id", object_categories)
+ self.assertIn("intra_extension_uuid", object_categories)
+ self.assertEqual(ref["id"], object_categories["intra_extension_uuid"])
+ self.assertIsInstance(object_categories["object_categories"], dict)
+
+ new_object_category = {"id": uuid.uuid4().hex, "name": "object_category_test"}
+ new_object_categories = dict()
+ new_object_categories[new_object_category["id"]] = new_object_category["name"]
+
+ self.assertRaises(
+ ObjectCategoryAddNotAuthorized,
+ self.manager.set_object_category_dict,
+ demo_user["id"], ref["id"], new_object_categories)
+
+ object_categories = self.manager.set_object_category_dict(admin_user["id"], ref["id"], new_object_categories)
+ self.assertIsInstance(object_categories, dict)
+ self.assertIn("object_categories", object_categories)
+ self.assertIn("id", object_categories)
+ self.assertIn("intra_extension_uuid", object_categories)
+ self.assertEqual(ref["id"], object_categories["intra_extension_uuid"])
+ self.assertEqual(object_categories["object_categories"], new_object_categories)
+ self.assertIn(new_object_category["id"], object_categories["object_categories"])
+
+ # Delete the new object_category
+ self.assertRaises(
+ ObjectCategoryDelNotAuthorized,
+ self.manager.del_object_category,
+ demo_user["id"], ref["id"], new_object_category["id"])
+
+ self.manager.del_object_category(admin_user["id"], ref["id"], new_object_category["id"])
+ object_categories = self.manager.get_object_category_dict(admin_user["id"], ref["id"])
+ self.assertIsInstance(object_categories, dict)
+ self.assertIn("object_categories", object_categories)
+ self.assertIn("id", object_categories)
+ self.assertIn("intra_extension_uuid", object_categories)
+ self.assertEqual(ref["id"], object_categories["intra_extension_uuid"])
+ self.assertNotIn(new_object_category["id"], object_categories["object_categories"])
+
+ # Add a particular object_category
+ self.assertRaises(
+ ObjectCategoryAddNotAuthorized,
+ self.manager.add_object_category,
+ demo_user["id"], ref["id"], new_object_category["name"])
+
+ object_categories = self.manager.add_object_category_dict(
+ admin_user["id"],
+ ref["id"],
+ new_object_category["name"])
+ self.assertIsInstance(object_categories, dict)
+ self.assertIn("object_category", object_categories)
+ self.assertIn("uuid", object_categories["object_category"])
+ self.assertEqual(new_object_category["name"], object_categories["object_category"]["name"])
+ new_object_category["id"] = object_categories["object_category"]["uuid"]
+ object_categories = self.manager.get_object_category_dict(
+ admin_user["id"],
+ ref["id"])
+ self.assertIsInstance(object_categories, dict)
+ self.assertIn("object_categories", object_categories)
+ self.assertIn("id", object_categories)
+ self.assertIn("intra_extension_uuid", object_categories)
+ self.assertEqual(ref["id"], object_categories["intra_extension_uuid"])
+ self.assertIn(new_object_category["id"], object_categories["object_categories"])
+
+ def test_action_categories(self):
+ admin_user = self.create_user("admin")
+ ref = self.create_intra_extension()
+ demo_user = self.create_user("demo")
+
+ self.assertRaises(
+ ActionCategoryReadNotAuthorized,
+ self.manager.get_action_category_dict,
+ demo_user["id"], ref["id"])
+
+ action_categories = self.manager.get_action_category_dict(admin_user["id"], ref["id"])
+ self.assertIsInstance(action_categories, dict)
+ self.assertIn("action_categories", action_categories)
+ self.assertIn("id", action_categories)
+ self.assertIn("intra_extension_uuid", action_categories)
+ self.assertEqual(ref["id"], action_categories["intra_extension_uuid"])
+ self.assertIsInstance(action_categories["action_categories"], dict)
+
+ new_action_category = {"id": uuid.uuid4().hex, "name": "action_category_test"}
+ new_action_categories = dict()
+ new_action_categories[new_action_category["id"]] = new_action_category["name"]
+ self.assertRaises(
+ ActionCategoryAddNotAuthorized,
+ self.manager.set_action_category_dict,
+ demo_user["id"], ref["id"], new_action_categories)
+
+ action_categories = self.manager.set_action_category_dict(admin_user["id"], ref["id"], new_action_categories)
+ self.assertIsInstance(action_categories, dict)
+ self.assertIn("action_categories", action_categories)
+ self.assertIn("id", action_categories)
+ self.assertIn("intra_extension_uuid", action_categories)
+ self.assertEqual(ref["id"], action_categories["intra_extension_uuid"])
+ self.assertEqual(action_categories["action_categories"], new_action_categories)
+ self.assertIn(new_action_category["id"], action_categories["action_categories"])
+
+ # Delete the new action_category
+ self.assertRaises(
+ ActionCategoryDelNotAuthorized,
+ self.manager.del_action_category_dict,
+ demo_user["id"], ref["id"], new_action_category["id"])
+
+ self.manager.del_action_category(admin_user["id"], ref["id"], new_action_category["id"])
+ action_categories = self.manager.get_action_category_dict(admin_user["id"], ref["id"])
+ self.assertIsInstance(action_categories, dict)
+ self.assertIn("action_categories", action_categories)
+ self.assertIn("id", action_categories)
+ self.assertIn("intra_extension_uuid", action_categories)
+ self.assertEqual(ref["id"], action_categories["intra_extension_uuid"])
+ self.assertNotIn(new_action_category["id"], action_categories["action_categories"])
+
+ # Add a particular action_category
+ self.assertRaises(
+ ActionCategoryAddNotAuthorized,
+ self.manager.add_action_category_dict,
+ demo_user["id"], ref["id"], new_action_category["name"])
+
+ action_categories = self.manager.add_action_category_dict(
+ admin_user["id"],
+ ref["id"],
+ new_action_category["name"])
+ self.assertIsInstance(action_categories, dict)
+ self.assertIn("action_category", action_categories)
+ self.assertIn("uuid", action_categories["action_category"])
+ self.assertEqual(new_action_category["name"], action_categories["action_category"]["name"])
+ new_action_category["id"] = action_categories["action_category"]["uuid"]
+ action_categories = self.manager.get_action_category_dict(
+ admin_user["id"],
+ ref["id"])
+ self.assertIsInstance(action_categories, dict)
+ self.assertIn("action_categories", action_categories)
+ self.assertIn("id", action_categories)
+ self.assertIn("intra_extension_uuid", action_categories)
+ self.assertEqual(ref["id"], action_categories["intra_extension_uuid"])
+ self.assertIn(new_action_category["id"], action_categories["action_categories"])
+
+ def test_subject_category_scope(self):
+ admin_user = self.create_user("admin")
+ ref = self.create_intra_extension()
+ demo_user = self.create_user("demo")
+
+ subject_categories = self.manager.set_subject_category_dict(
+ admin_user["id"],
+ ref["id"],
+ {
+ uuid.uuid4().hex: admin_user["id"],
+ uuid.uuid4().hex: "dev",
+ }
+ )
+
+ for subject_category in subject_categories["subject_categories"]:
+ self.assertRaises(
+ SubjectCategoryScopeReadNotAuthorized,
+ self.manager.get_subject_category_scope_dict,
+ demo_user["id"], ref["id"], subject_category)
+
+ subject_category_scope = self.manager.get_subject_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ subject_category)
+ self.assertIsInstance(subject_category_scope, dict)
+ self.assertIn("subject_category_scope", subject_category_scope)
+ self.assertIn("id", subject_category_scope)
+ self.assertIn("intra_extension_uuid", subject_category_scope)
+ self.assertEqual(ref["id"], subject_category_scope["intra_extension_uuid"])
+ self.assertIsInstance(subject_category_scope["subject_category_scope"], dict)
+
+ new_subject_category_scope = dict()
+ new_subject_category_scope_uuid = uuid.uuid4().hex
+ new_subject_category_scope[new_subject_category_scope_uuid] = "new_subject_category_scope"
+
+ self.assertRaises(
+ SubjectCategoryScopeAddNotAuthorized,
+ self.manager.set_subject_category_scope_dict,
+ demo_user["id"], ref["id"], subject_category, new_subject_category_scope)
+
+ subject_category_scope = self.manager.set_subject_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ subject_category,
+ new_subject_category_scope)
+ self.assertIsInstance(subject_category_scope, dict)
+ self.assertIn("subject_category_scope", subject_category_scope)
+ self.assertIn("id", subject_category_scope)
+ self.assertIn("intra_extension_uuid", subject_category_scope)
+ self.assertEqual(ref["id"], subject_category_scope["intra_extension_uuid"])
+ self.assertIn(new_subject_category_scope[new_subject_category_scope_uuid],
+ subject_category_scope["subject_category_scope"][subject_category].values())
+
+ # Delete the new subject_category_scope
+ self.assertRaises(
+ SubjectCategoryScopeDelNotAuthorized,
+ self.manager.del_subject_category_scope_dict,
+ demo_user["id"], ref["id"], subject_category, new_subject_category_scope_uuid)
+
+ self.manager.del_subject_category_scope(
+ admin_user["id"],
+ ref["id"],
+ subject_category,
+ new_subject_category_scope_uuid)
+ subject_category_scope = self.manager.get_subject_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ subject_category)
+ self.assertIsInstance(subject_category_scope, dict)
+ self.assertIn("subject_category_scope", subject_category_scope)
+ self.assertIn("id", subject_category_scope)
+ self.assertIn("intra_extension_uuid", subject_category_scope)
+ self.assertEqual(ref["id"], subject_category_scope["intra_extension_uuid"])
+ self.assertNotIn(new_subject_category_scope_uuid, subject_category_scope["subject_category_scope"])
+
+ # Add a particular subject_category_scope
+ self.assertRaises(
+ SubjectCategoryScopeAddNotAuthorized,
+ self.manager.add_subject_category_scope_dict,
+ demo_user["id"], ref["id"], subject_category,
+ new_subject_category_scope[new_subject_category_scope_uuid])
+
+ subject_category_scope = self.manager.add_subject_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ subject_category,
+ new_subject_category_scope[new_subject_category_scope_uuid])
+ self.assertIsInstance(subject_category_scope, dict)
+ self.assertIn("subject_category_scope", subject_category_scope)
+ self.assertIn("uuid", subject_category_scope["subject_category_scope"])
+ self.assertEqual(new_subject_category_scope[new_subject_category_scope_uuid],
+ subject_category_scope["subject_category_scope"]["name"])
+ subject_category_scope = self.manager.get_subject_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ subject_category)
+ self.assertIsInstance(subject_category_scope, dict)
+ self.assertIn("subject_category_scope", subject_category_scope)
+ self.assertIn("id", subject_category_scope)
+ self.assertIn("intra_extension_uuid", subject_category_scope)
+ self.assertEqual(ref["id"], subject_category_scope["intra_extension_uuid"])
+ self.assertNotIn(new_subject_category_scope_uuid, subject_category_scope["subject_category_scope"])
+
+ def test_object_category_scope(self):
+ admin_user = self.create_user("admin")
+ ref = self.create_intra_extension()
+ demo_user = self.create_user("demo")
+
+ object_categories = self.manager.set_object_category_dict(
+ admin_user["id"],
+ ref["id"],
+ {
+ uuid.uuid4().hex: "id",
+ uuid.uuid4().hex: "domain",
+ }
+ )
+
+ for object_category in object_categories["object_categories"]:
+ self.assertRaises(
+ ObjectCategoryScopeReadNotAuthorized,
+ self.manager.get_object_category_scope_dict,
+ demo_user["id"], ref["id"], object_category)
+
+ object_category_scope = self.manager.get_object_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ object_category)
+ self.assertIsInstance(object_category_scope, dict)
+ self.assertIn("object_category_scope", object_category_scope)
+ self.assertIn("id", object_category_scope)
+ self.assertIn("intra_extension_uuid", object_category_scope)
+ self.assertEqual(ref["id"], object_category_scope["intra_extension_uuid"])
+ self.assertIsInstance(object_category_scope["object_category_scope"], dict)
+
+ new_object_category_scope = dict()
+ new_object_category_scope_uuid = uuid.uuid4().hex
+ new_object_category_scope[new_object_category_scope_uuid] = "new_object_category_scope"
+
+ self.assertRaises(
+ ObjectCategoryScopeAddNotAuthorized,
+ self.manager.set_object_category_scope_dict,
+ demo_user["id"], ref["id"], object_category, new_object_category_scope)
+
+ object_category_scope = self.manager.set_object_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ object_category,
+ new_object_category_scope)
+ self.assertIsInstance(object_category_scope, dict)
+ self.assertIn("object_category_scope", object_category_scope)
+ self.assertIn("id", object_category_scope)
+ self.assertIn("intra_extension_uuid", object_category_scope)
+ self.assertEqual(ref["id"], object_category_scope["intra_extension_uuid"])
+ self.assertIn(new_object_category_scope[new_object_category_scope_uuid],
+ object_category_scope["object_category_scope"][object_category].values())
+
+ # Delete the new object_category_scope
+ self.assertRaises(
+ ObjectCategoryScopeDelNotAuthorized,
+ self.manager.del_object_category_scope_dict,
+ demo_user["id"], ref["id"], object_category, new_object_category_scope)
+
+ self.manager.del_object_category_scope(
+ admin_user["id"],
+ ref["id"],
+ object_category,
+ new_object_category_scope_uuid)
+ object_category_scope = self.manager.get_object_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ object_category)
+ self.assertIsInstance(object_category_scope, dict)
+ self.assertIn("object_category_scope", object_category_scope)
+ self.assertIn("id", object_category_scope)
+ self.assertIn("intra_extension_uuid", object_category_scope)
+ self.assertEqual(ref["id"], object_category_scope["intra_extension_uuid"])
+ self.assertNotIn(new_object_category_scope_uuid, object_category_scope["object_category_scope"])
+
+ # Add a particular object_category_scope
+ self.assertRaises(
+ ObjectCategoryScopeAddNotAuthorized,
+ self.manager.add_object_category_scope_dict,
+ demo_user["id"], ref["id"], object_category,
+ new_object_category_scope[new_object_category_scope_uuid]
+ )
+
+ object_category_scope = self.manager.add_object_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ object_category,
+ new_object_category_scope[new_object_category_scope_uuid])
+ self.assertIsInstance(object_category_scope, dict)
+ self.assertIn("object_category_scope", object_category_scope)
+ self.assertIn("uuid", object_category_scope["object_category_scope"])
+ self.assertEqual(new_object_category_scope[new_object_category_scope_uuid],
+ object_category_scope["object_category_scope"]["name"])
+ object_category_scope = self.manager.get_object_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ object_category)
+ self.assertIsInstance(object_category_scope, dict)
+ self.assertIn("object_category_scope", object_category_scope)
+ self.assertIn("id", object_category_scope)
+ self.assertIn("intra_extension_uuid", object_category_scope)
+ self.assertEqual(ref["id"], object_category_scope["intra_extension_uuid"])
+ self.assertNotIn(new_object_category_scope_uuid, object_category_scope["object_category_scope"])
+
+ def test_action_category_scope(self):
+ admin_user = self.create_user("admin")
+ ref = self.create_intra_extension()
+ demo_user = self.create_user("demo")
+
+ action_categories = self.manager.set_action_category_dict(
+ admin_user["id"],
+ ref["id"],
+ {
+ uuid.uuid4().hex: "compute",
+ uuid.uuid4().hex: "identity",
+ }
+ )
+
+ for action_category in action_categories["action_categories"]:
+ self.assertRaises(
+ ActionCategoryScopeReadNotAuthorized,
+ self.manager.get_object_category_scope_dict,
+ demo_user["id"], ref["id"], action_category)
+
+ action_category_scope = self.manager.get_action_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ action_category)
+ self.assertIsInstance(action_category_scope, dict)
+ self.assertIn("action_category_scope", action_category_scope)
+ self.assertIn("id", action_category_scope)
+ self.assertIn("intra_extension_uuid", action_category_scope)
+ self.assertEqual(ref["id"], action_category_scope["intra_extension_uuid"])
+ self.assertIsInstance(action_category_scope["action_category_scope"], dict)
+
+ new_action_category_scope = dict()
+ new_action_category_scope_uuid = uuid.uuid4().hex
+ new_action_category_scope[new_action_category_scope_uuid] = "new_action_category_scope"
+
+ self.assertRaises(
+ ActionCategoryScopeAddNotAuthorized,
+ self.manager.set_action_category_scope_dict,
+ demo_user["id"], ref["id"], action_category, new_action_category_scope)
+
+ action_category_scope = self.manager.set_action_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ action_category,
+ new_action_category_scope)
+ self.assertIsInstance(action_category_scope, dict)
+ self.assertIn("action_category_scope", action_category_scope)
+ self.assertIn("id", action_category_scope)
+ self.assertIn("intra_extension_uuid", action_category_scope)
+ self.assertEqual(ref["id"], action_category_scope["intra_extension_uuid"])
+ self.assertIn(new_action_category_scope[new_action_category_scope_uuid],
+ action_category_scope["action_category_scope"][action_category].values())
+
+ # Delete the new action_category_scope
+ self.assertRaises(
+ ActionCategoryScopeDelNotAuthorized,
+ self.manager.del_action_category_scope_dict,
+ demo_user["id"], ref["id"], action_category,
+ new_action_category_scope_uuid
+ )
+
+ self.manager.del_action_category_scope(
+ admin_user["id"],
+ ref["id"],
+ action_category,
+ new_action_category_scope_uuid)
+ action_category_scope = self.manager.get_action_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ action_category)
+ self.assertIsInstance(action_category_scope, dict)
+ self.assertIn("action_category_scope", action_category_scope)
+ self.assertIn("id", action_category_scope)
+ self.assertIn("intra_extension_uuid", action_category_scope)
+ self.assertEqual(ref["id"], action_category_scope["intra_extension_uuid"])
+ self.assertNotIn(new_action_category_scope_uuid, action_category_scope["action_category_scope"])
+
+ # Add a particular action_category_scope
+ self.assertRaises(
+ ActionCategoryScopeAddNotAuthorized,
+ self.manager.add_action_category_scope_dict,
+ demo_user["id"], ref["id"], action_category,
+ new_action_category_scope[new_action_category_scope_uuid]
+ )
+
+ action_category_scope = self.manager.add_action_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ action_category,
+ new_action_category_scope[new_action_category_scope_uuid])
+ self.assertIsInstance(action_category_scope, dict)
+ self.assertIn("action_category_scope", action_category_scope)
+ self.assertIn("uuid", action_category_scope["action_category_scope"])
+ self.assertEqual(new_action_category_scope[new_action_category_scope_uuid],
+ action_category_scope["action_category_scope"]["name"])
+ action_category_scope = self.manager.get_action_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ action_category)
+ self.assertIsInstance(action_category_scope, dict)
+ self.assertIn("action_category_scope", action_category_scope)
+ self.assertIn("id", action_category_scope)
+ self.assertIn("intra_extension_uuid", action_category_scope)
+ self.assertEqual(ref["id"], action_category_scope["intra_extension_uuid"])
+ self.assertNotIn(new_action_category_scope_uuid, action_category_scope["action_category_scope"])
+
+ def test_subject_category_assignment(self):
+ admin_user = self.create_user("admin")
+ ref = self.create_intra_extension()
+ demo_user = self.create_user("demo")
+
+ new_subject = self.create_user()
+ new_subjects = dict()
+ new_subjects[new_subject["id"]] = new_subject["name"]
+ subjects = self.manager.set_subject_dict(admin_user["id"], ref["id"], new_subjects)
+
+ new_subject_category_uuid = uuid.uuid4().hex
+ new_subject_category_value = "role"
+ subject_categories = self.manager.set_subject_category_dict(
+ admin_user["id"],
+ ref["id"],
+ {
+ new_subject_category_uuid: new_subject_category_value
+ }
+ )
+
+ for subject_category in subject_categories["subject_categories"]:
+ subject_category_scope = self.manager.get_subject_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ subject_category)
+ self.assertIsInstance(subject_category_scope, dict)
+ self.assertIn("subject_category_scope", subject_category_scope)
+ self.assertIn("id", subject_category_scope)
+ self.assertIn("intra_extension_uuid", subject_category_scope)
+ self.assertEqual(ref["id"], subject_category_scope["intra_extension_uuid"])
+ self.assertIsInstance(subject_category_scope["subject_category_scope"], dict)
+
+ new_subject_category_scope = dict()
+ new_subject_category_scope_uuid = uuid.uuid4().hex
+ new_subject_category_scope[new_subject_category_scope_uuid] = admin_user["id"]
+ subject_category_scope = self.manager.set_subject_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ subject_category,
+ new_subject_category_scope)
+ self.assertIsInstance(subject_category_scope, dict)
+ self.assertIn("subject_category_scope", subject_category_scope)
+ self.assertIn("id", subject_category_scope)
+ self.assertIn("intra_extension_uuid", subject_category_scope)
+ self.assertEqual(ref["id"], subject_category_scope["intra_extension_uuid"])
+ self.assertIn(new_subject_category_scope[new_subject_category_scope_uuid],
+ subject_category_scope["subject_category_scope"][subject_category].values())
+
+ new_subject_category_scope2 = dict()
+ new_subject_category_scope2_uuid = uuid.uuid4().hex
+ new_subject_category_scope2[new_subject_category_scope2_uuid] = "dev"
+ subject_category_scope = self.manager.set_subject_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ subject_category,
+ new_subject_category_scope2)
+ self.assertIsInstance(subject_category_scope, dict)
+ self.assertIn("subject_category_scope", subject_category_scope)
+ self.assertIn("id", subject_category_scope)
+ self.assertIn("intra_extension_uuid", subject_category_scope)
+ self.assertEqual(ref["id"], subject_category_scope["intra_extension_uuid"])
+ self.assertIn(new_subject_category_scope2[new_subject_category_scope2_uuid],
+ subject_category_scope["subject_category_scope"][subject_category].values())
+
+ self.assertRaises(
+ SubjectCategoryAssignmentReadNotAuthorized,
+ self.manager.get_subject_category_assignment_dict,
+ demo_user["id"], ref["id"], new_subject["id"])
+
+ subject_category_assignments = self.manager.get_subject_category_assignment_dict(
+ admin_user["id"],
+ ref["id"],
+ new_subject["id"]
+ )
+ self.assertIsInstance(subject_category_assignments, dict)
+ self.assertIn("subject_category_assignments", subject_category_assignments)
+ self.assertIn("id", subject_category_assignments)
+ self.assertIn("intra_extension_uuid", subject_category_assignments)
+ self.assertEqual(ref["id"], subject_category_assignments["intra_extension_uuid"])
+ self.assertEqual({}, subject_category_assignments["subject_category_assignments"][new_subject["id"]])
+
+ self.assertRaises(
+ SubjectCategoryAssignmentAddNotAuthorized,
+ self.manager.set_subject_category_assignment_dict,
+ demo_user["id"], ref["id"], new_subject["id"],
+ {
+ new_subject_category_uuid: [new_subject_category_scope_uuid, new_subject_category_scope2_uuid],
+ }
+ )
+
+ subject_category_assignments = self.manager.set_subject_category_assignment_dict(
+ admin_user["id"],
+ ref["id"],
+ new_subject["id"],
+ {
+ new_subject_category_uuid: [new_subject_category_scope_uuid, new_subject_category_scope2_uuid],
+ }
+ )
+ self.assertIsInstance(subject_category_assignments, dict)
+ self.assertIn("subject_category_assignments", subject_category_assignments)
+ self.assertIn("id", subject_category_assignments)
+ self.assertIn("intra_extension_uuid", subject_category_assignments)
+ self.assertEqual(ref["id"], subject_category_assignments["intra_extension_uuid"])
+ self.assertEqual(
+ {new_subject_category_uuid: [new_subject_category_scope_uuid, new_subject_category_scope2_uuid]},
+ subject_category_assignments["subject_category_assignments"][new_subject["id"]])
+ subject_category_assignments = self.manager.get_subject_category_assignment_dict(
+ admin_user["id"],
+ ref["id"],
+ new_subject["id"]
+ )
+ self.assertIsInstance(subject_category_assignments, dict)
+ self.assertIn("subject_category_assignments", subject_category_assignments)
+ self.assertIn("id", subject_category_assignments)
+ self.assertIn("intra_extension_uuid", subject_category_assignments)
+ self.assertEqual(ref["id"], subject_category_assignments["intra_extension_uuid"])
+ self.assertEqual(
+ {new_subject_category_uuid: [new_subject_category_scope_uuid, new_subject_category_scope2_uuid]},
+ subject_category_assignments["subject_category_assignments"][new_subject["id"]])
+
+ self.assertRaises(
+ SubjectCategoryAssignmentDelNotAuthorized,
+ self.manager.del_subject_category_assignment_dict,
+ demo_user["id"], ref["id"], new_subject["id"],
+ new_subject_category_uuid,
+ new_subject_category_scope_uuid
+ )
+
+ self.manager.del_subject_category_assignment(
+ admin_user["id"],
+ ref["id"],
+ new_subject["id"],
+ new_subject_category_uuid,
+ new_subject_category_scope_uuid
+ )
+ subject_category_assignments = self.manager.get_subject_category_assignment_dict(
+ admin_user["id"],
+ ref["id"],
+ new_subject["id"]
+ )
+ self.assertIsInstance(subject_category_assignments, dict)
+ self.assertIn("subject_category_assignments", subject_category_assignments)
+ self.assertIn("id", subject_category_assignments)
+ self.assertIn("intra_extension_uuid", subject_category_assignments)
+ self.assertEqual(ref["id"], subject_category_assignments["intra_extension_uuid"])
+ self.assertEqual(
+ {new_subject_category_uuid: [new_subject_category_scope2_uuid, ]},
+ subject_category_assignments["subject_category_assignments"][new_subject["id"]])
+
+ self.assertRaises(
+ SubjectCategoryAssignmentAddNotAuthorized,
+ self.manager.add_subject_category_assignment_dict,
+ demo_user["id"], ref["id"], new_subject["id"],
+ new_subject_category_uuid,
+ new_subject_category_scope_uuid
+ )
+
+ data = self.manager.add_subject_category_assignment_dict(
+ admin_user["id"],
+ ref["id"],
+ new_subject["id"],
+ new_subject_category_uuid,
+ new_subject_category_scope_uuid
+ )
+
+ subject_category_assignments = self.manager.get_subject_category_assignment_dict(
+ admin_user["id"],
+ ref["id"],
+ new_subject["id"]
+ )
+ self.assertIsInstance(subject_category_assignments, dict)
+ self.assertIn("subject_category_assignments", subject_category_assignments)
+ self.assertIn("id", subject_category_assignments)
+ self.assertIn("intra_extension_uuid", subject_category_assignments)
+ self.assertEqual(ref["id"], subject_category_assignments["intra_extension_uuid"])
+ self.assertEqual(
+ {new_subject_category_uuid: [new_subject_category_scope2_uuid, new_subject_category_scope_uuid]},
+ subject_category_assignments["subject_category_assignments"][new_subject["id"]])
+
+ def test_object_category_assignment(self):
+ admin_user = self.create_user("admin")
+ ref = self.create_intra_extension()
+ demo_user = self.create_user("demo")
+
+ new_object = self.create_user()
+ new_objects = dict()
+ new_objects[new_object["id"]] = new_object["name"]
+ objects = self.manager.set_object_dict(admin_user["id"], ref["id"], new_objects)
+
+ new_object_category_uuid = uuid.uuid4().hex
+ new_object_category_value = "role"
+ object_categories = self.manager.set_object_category_dict(
+ admin_user["id"],
+ ref["id"],
+ {
+ new_object_category_uuid: new_object_category_value
+ }
+ )
+
+ for object_category in object_categories["object_categories"]:
+ object_category_scope = self.manager.get_object_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ object_category)
+ self.assertIsInstance(object_category_scope, dict)
+ self.assertIn("object_category_scope", object_category_scope)
+ self.assertIn("id", object_category_scope)
+ self.assertIn("intra_extension_uuid", object_category_scope)
+ self.assertEqual(ref["id"], object_category_scope["intra_extension_uuid"])
+ self.assertIsInstance(object_category_scope["object_category_scope"], dict)
+
+ new_object_category_scope = dict()
+ new_object_category_scope_uuid = uuid.uuid4().hex
+ new_object_category_scope[new_object_category_scope_uuid] = admin_user["id"]
+ object_category_scope = self.manager.set_object_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ object_category,
+ new_object_category_scope)
+ self.assertIsInstance(object_category_scope, dict)
+ self.assertIn("object_category_scope", object_category_scope)
+ self.assertIn("id", object_category_scope)
+ self.assertIn("intra_extension_uuid", object_category_scope)
+ self.assertEqual(ref["id"], object_category_scope["intra_extension_uuid"])
+ self.assertIn(new_object_category_scope[new_object_category_scope_uuid],
+ object_category_scope["object_category_scope"][object_category].values())
+
+ new_object_category_scope2 = dict()
+ new_object_category_scope2_uuid = uuid.uuid4().hex
+ new_object_category_scope2[new_object_category_scope2_uuid] = "dev"
+ object_category_scope = self.manager.set_object_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ object_category,
+ new_object_category_scope2)
+ self.assertIsInstance(object_category_scope, dict)
+ self.assertIn("object_category_scope", object_category_scope)
+ self.assertIn("id", object_category_scope)
+ self.assertIn("intra_extension_uuid", object_category_scope)
+ self.assertEqual(ref["id"], object_category_scope["intra_extension_uuid"])
+ self.assertIn(new_object_category_scope2[new_object_category_scope2_uuid],
+ object_category_scope["object_category_scope"][object_category].values())
+
+ self.assertRaises(
+ ObjectCategoryAssignmentReadNotAuthorized,
+ self.manager.get_object_category_assignment_dict,
+ demo_user["id"], ref["id"], new_object["id"]
+ )
+
+ object_category_assignments = self.manager.get_object_category_assignment_dict(
+ admin_user["id"],
+ ref["id"],
+ new_object["id"]
+ )
+ self.assertIsInstance(object_category_assignments, dict)
+ self.assertIn("object_category_assignments", object_category_assignments)
+ self.assertIn("id", object_category_assignments)
+ self.assertIn("intra_extension_uuid", object_category_assignments)
+ self.assertEqual(ref["id"], object_category_assignments["intra_extension_uuid"])
+ self.assertEqual({}, object_category_assignments["object_category_assignments"][new_object["id"]])
+
+ self.assertRaises(
+ ObjectCategoryAssignmentAddNotAuthorized,
+ self.manager.set_object_category_assignment_dict,
+ demo_user["id"], ref["id"], new_object["id"],
+ {
+ new_object_category_uuid: [new_object_category_scope_uuid, new_object_category_scope2_uuid],
+ }
+ )
+
+ object_category_assignments = self.manager.set_object_category_assignment_dict(
+ admin_user["id"],
+ ref["id"],
+ new_object["id"],
+ {
+ new_object_category_uuid: [new_object_category_scope_uuid, new_object_category_scope2_uuid],
+ }
+ )
+ self.assertIsInstance(object_category_assignments, dict)
+ self.assertIn("object_category_assignments", object_category_assignments)
+ self.assertIn("id", object_category_assignments)
+ self.assertIn("intra_extension_uuid", object_category_assignments)
+ self.assertEqual(ref["id"], object_category_assignments["intra_extension_uuid"])
+ self.assertEqual(
+ {new_object_category_uuid: [new_object_category_scope_uuid, new_object_category_scope2_uuid]},
+ object_category_assignments["object_category_assignments"][new_object["id"]])
+ object_category_assignments = self.manager.get_object_category_assignment_dict(
+ admin_user["id"],
+ ref["id"],
+ new_object["id"]
+ )
+ self.assertIsInstance(object_category_assignments, dict)
+ self.assertIn("object_category_assignments", object_category_assignments)
+ self.assertIn("id", object_category_assignments)
+ self.assertIn("intra_extension_uuid", object_category_assignments)
+ self.assertEqual(ref["id"], object_category_assignments["intra_extension_uuid"])
+ self.assertEqual(
+ {new_object_category_uuid: [new_object_category_scope_uuid, new_object_category_scope2_uuid]},
+ object_category_assignments["object_category_assignments"][new_object["id"]])
+
+ self.assertRaises(
+ ObjectCategoryAssignmentDelNotAuthorized,
+ self.manager.del_object_category_assignment_dict,
+ demo_user["id"], ref["id"], new_object["id"],
+ new_object_category_uuid,
+ new_object_category_scope_uuid
+ )
+
+ self.manager.del_object_category_assignment(
+ admin_user["id"],
+ ref["id"],
+ new_object["id"],
+ new_object_category_uuid,
+ new_object_category_scope_uuid
+ )
+ object_category_assignments = self.manager.get_object_category_assignment_dict(
+ admin_user["id"],
+ ref["id"],
+ new_object["id"]
+ )
+ self.assertIsInstance(object_category_assignments, dict)
+ self.assertIn("object_category_assignments", object_category_assignments)
+ self.assertIn("id", object_category_assignments)
+ self.assertIn("intra_extension_uuid", object_category_assignments)
+ self.assertEqual(ref["id"], object_category_assignments["intra_extension_uuid"])
+ self.assertEqual(
+ {new_object_category_uuid: [new_object_category_scope2_uuid, ]},
+ object_category_assignments["object_category_assignments"][new_object["id"]])
+
+ self.assertRaises(
+ ObjectCategoryAssignmentAddNotAuthorized,
+ self.manager.add_object_category_assignment_dict,
+ demo_user["id"], ref["id"], new_object["id"],
+ new_object_category_uuid,
+ new_object_category_scope_uuid
+ )
+
+ self.manager.add_object_category_assignment_dict(
+ admin_user["id"],
+ ref["id"],
+ new_object["id"],
+ new_object_category_uuid,
+ new_object_category_scope_uuid
+ )
+
+ object_category_assignments = self.manager.get_object_category_assignment_dict(
+ admin_user["id"],
+ ref["id"],
+ new_object["id"]
+ )
+ self.assertIsInstance(object_category_assignments, dict)
+ self.assertIn("object_category_assignments", object_category_assignments)
+ self.assertIn("id", object_category_assignments)
+ self.assertIn("intra_extension_uuid", object_category_assignments)
+ self.assertEqual(ref["id"], object_category_assignments["intra_extension_uuid"])
+ self.assertEqual(
+ {new_object_category_uuid: [new_object_category_scope2_uuid, new_object_category_scope_uuid]},
+ object_category_assignments["object_category_assignments"][new_object["id"]])
+
+ def test_action_category_assignment(self):
+ admin_user = self.create_user("admin")
+ ref = self.create_intra_extension()
+ demo_user = self.create_user("demo")
+
+ new_action = self.create_user()
+ new_actions = dict()
+ new_actions[new_action["id"]] = new_action["name"]
+ actions = self.manager.set_action_dict(admin_user["id"], ref["id"], new_actions)
+
+ new_action_category_uuid = uuid.uuid4().hex
+ new_action_category_value = "role"
+ action_categories = self.manager.set_action_category_dict(
+ admin_user["id"],
+ ref["id"],
+ {
+ new_action_category_uuid: new_action_category_value
+ }
+ )
+
+ for action_category in action_categories["action_categories"]:
+ action_category_scope = self.manager.get_action_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ action_category)
+ self.assertIsInstance(action_category_scope, dict)
+ self.assertIn("action_category_scope", action_category_scope)
+ self.assertIn("id", action_category_scope)
+ self.assertIn("intra_extension_uuid", action_category_scope)
+ self.assertEqual(ref["id"], action_category_scope["intra_extension_uuid"])
+ self.assertIsInstance(action_category_scope["action_category_scope"], dict)
+
+ new_action_category_scope = dict()
+ new_action_category_scope_uuid = uuid.uuid4().hex
+ new_action_category_scope[new_action_category_scope_uuid] = admin_user["id"]
+ action_category_scope = self.manager.set_action_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ action_category,
+ new_action_category_scope)
+ self.assertIsInstance(action_category_scope, dict)
+ self.assertIn("action_category_scope", action_category_scope)
+ self.assertIn("id", action_category_scope)
+ self.assertIn("intra_extension_uuid", action_category_scope)
+ self.assertEqual(ref["id"], action_category_scope["intra_extension_uuid"])
+ self.assertIn(new_action_category_scope[new_action_category_scope_uuid],
+ action_category_scope["action_category_scope"][action_category].values())
+
+ new_action_category_scope2 = dict()
+ new_action_category_scope2_uuid = uuid.uuid4().hex
+ new_action_category_scope2[new_action_category_scope2_uuid] = "dev"
+ action_category_scope = self.manager.set_action_category_scope_dict(
+ admin_user["id"],
+ ref["id"],
+ action_category,
+ new_action_category_scope2)
+ self.assertIsInstance(action_category_scope, dict)
+ self.assertIn("action_category_scope", action_category_scope)
+ self.assertIn("id", action_category_scope)
+ self.assertIn("intra_extension_uuid", action_category_scope)
+ self.assertEqual(ref["id"], action_category_scope["intra_extension_uuid"])
+ self.assertIn(new_action_category_scope2[new_action_category_scope2_uuid],
+ action_category_scope["action_category_scope"][action_category].values())
+
+ self.assertRaises(
+ ActionCategoryAssignmentReadNotAuthorized,
+ self.manager.get_action_category_assignment_dict,
+ demo_user["id"], ref["id"], new_action["id"]
+ )
+
+ action_category_assignments = self.manager.get_action_category_assignment_dict(
+ admin_user["id"],
+ ref["id"],
+ new_action["id"]
+ )
+ self.assertIsInstance(action_category_assignments, dict)
+ self.assertIn("action_category_assignments", action_category_assignments)
+ self.assertIn("id", action_category_assignments)
+ self.assertIn("intra_extension_uuid", action_category_assignments)
+ self.assertEqual(ref["id"], action_category_assignments["intra_extension_uuid"])
+ self.assertEqual({}, action_category_assignments["action_category_assignments"][new_action["id"]])
+
+ self.assertRaises(
+ ActionCategoryAssignmentAddNotAuthorized,
+ self.manager.set_action_category_assignment_dict,
+ demo_user["id"], ref["id"], new_action["id"],
+ {
+ new_action_category_uuid: [new_action_category_scope_uuid, new_action_category_scope2_uuid],
+ }
+ )
+
+ action_category_assignments = self.manager.set_action_category_assignment_dict(
+ admin_user["id"],
+ ref["id"],
+ new_action["id"],
+ {
+ new_action_category_uuid: [new_action_category_scope_uuid, new_action_category_scope2_uuid],
+ }
+ )
+ self.assertIsInstance(action_category_assignments, dict)
+ self.assertIn("action_category_assignments", action_category_assignments)
+ self.assertIn("id", action_category_assignments)
+ self.assertIn("intra_extension_uuid", action_category_assignments)
+ self.assertEqual(ref["id"], action_category_assignments["intra_extension_uuid"])
+ self.assertEqual(
+ {new_action_category_uuid: [new_action_category_scope_uuid, new_action_category_scope2_uuid]},
+ action_category_assignments["action_category_assignments"][new_action["id"]])
+ action_category_assignments = self.manager.get_action_category_assignment_dict(
+ admin_user["id"],
+ ref["id"],
+ new_action["id"]
+ )
+ self.assertIsInstance(action_category_assignments, dict)
+ self.assertIn("action_category_assignments", action_category_assignments)
+ self.assertIn("id", action_category_assignments)
+ self.assertIn("intra_extension_uuid", action_category_assignments)
+ self.assertEqual(ref["id"], action_category_assignments["intra_extension_uuid"])
+ self.assertEqual(
+ {new_action_category_uuid: [new_action_category_scope_uuid, new_action_category_scope2_uuid]},
+ action_category_assignments["action_category_assignments"][new_action["id"]])
+
+ self.assertRaises(
+ ActionCategoryAssignmentDelNotAuthorized,
+ self.manager.del_action_category_assignment_dict,
+ demo_user["id"], ref["id"], new_action["id"],
+ new_action_category_uuid,
+ new_action_category_scope_uuid
+ )
+
+ self.manager.del_action_category_assignment(
+ admin_user["id"],
+ ref["id"],
+ new_action["id"],
+ new_action_category_uuid,
+ new_action_category_scope_uuid
+ )
+ action_category_assignments = self.manager.get_action_category_assignment_dict(
+ admin_user["id"],
+ ref["id"],
+ new_action["id"]
+ )
+ self.assertIsInstance(action_category_assignments, dict)
+ self.assertIn("action_category_assignments", action_category_assignments)
+ self.assertIn("id", action_category_assignments)
+ self.assertIn("intra_extension_uuid", action_category_assignments)
+ self.assertEqual(ref["id"], action_category_assignments["intra_extension_uuid"])
+ self.assertEqual(
+ {new_action_category_uuid: [new_action_category_scope2_uuid, ]},
+ action_category_assignments["action_category_assignments"][new_action["id"]])
+
+ self.assertRaises(
+ ActionCategoryAssignmentAddNotAuthorized,
+ self.manager.add_action_category_assignment_dict,
+ demo_user["id"], ref["id"], new_action["id"],
+ new_action_category_uuid,
+ new_action_category_scope_uuid
+ )
+
+ self.manager.add_action_category_assignment_dict(
+ admin_user["id"],
+ ref["id"],
+ new_action["id"],
+ new_action_category_uuid,
+ new_action_category_scope_uuid
+ )
+
+ action_category_assignments = self.manager.get_action_category_assignment_dict(
+ admin_user["id"],
+ ref["id"],
+ new_action["id"]
+ )
+ self.assertIsInstance(action_category_assignments, dict)
+ self.assertIn("action_category_assignments", action_category_assignments)
+ self.assertIn("id", action_category_assignments)
+ self.assertIn("intra_extension_uuid", action_category_assignments)
+ self.assertEqual(ref["id"], action_category_assignments["intra_extension_uuid"])
+ self.assertEqual(
+ {new_action_category_uuid: [new_action_category_scope2_uuid, new_action_category_scope_uuid]},
+ action_category_assignments["action_category_assignments"][new_action["id"]])
+
+ def test_sub_meta_rules(self):
+ admin_user = self.create_user("admin")
+ ref = self.create_intra_extension()
+ demo_user = self.create_user("demo")
+
+ aggregation_algorithms = self.manager.get_aggregation_algorithms(admin_user["id"], ref["id"])
+ self.assertIsInstance(aggregation_algorithms, dict)
+ self.assertIsInstance(aggregation_algorithms["aggregation_algorithms"], list)
+ self.assertIn("and_true_aggregation", aggregation_algorithms["aggregation_algorithms"])
+ self.assertIn("test_aggregation", aggregation_algorithms["aggregation_algorithms"])
+
+ self.assertRaises(
+ MetaRuleReadNotAuthorized,
+ self.manager.get_aggregation_algorithm,
+ demo_user["id"], ref["id"]
+ )
+
+ aggregation_algorithm = self.manager.get_aggregation_algorithm(admin_user["id"], ref["id"])
+ self.assertIsInstance(aggregation_algorithm, dict)
+ self.assertIn("aggregation", aggregation_algorithm)
+ self.assertIn(aggregation_algorithm["aggregation"], aggregation_algorithms["aggregation_algorithms"])
+
+ _aggregation_algorithm = list(aggregation_algorithms["aggregation_algorithms"])
+ _aggregation_algorithm.remove(aggregation_algorithm["aggregation"])
+
+ self.assertRaises(
+ MetaRuleAddNotAuthorized,
+ self.manager.set_aggregation_algorithms,
+ demo_user["id"], ref["id"], _aggregation_algorithm[0]
+ )
+
+ aggregation_algorithm = self.manager.set_aggregation_algorithm(admin_user["id"], ref["id"], _aggregation_algorithm[0])
+ self.assertIsInstance(aggregation_algorithm, dict)
+ self.assertIn("aggregation", aggregation_algorithm)
+ self.assertIn(aggregation_algorithm["aggregation"], aggregation_algorithms["aggregation_algorithms"])
+
+ self.assertRaises(
+ MetaRuleReadNotAuthorized,
+ self.manager.get_sub_meta_rule,
+ demo_user["id"], ref["id"]
+ )
+
+ sub_meta_rules = self.manager.get_sub_meta_rule(admin_user["id"], ref["id"])
+ self.assertIsInstance(sub_meta_rules, dict)
+ self.assertIn("sub_meta_rules", sub_meta_rules)
+ sub_meta_rules_conf = json.load(open(os.path.join(self.policy_directory, ref["model"], "metarule.json")))
+ metarule = dict()
+ categories = {
+ "subject_categories": self.manager.get_subject_category_dict(admin_user["id"], ref["id"]),
+ "object_categories": self.manager.get_object_category_dict(admin_user["id"], ref["id"]),
+ "action_categories": self.manager.get_action_category_dict(admin_user["id"], ref["id"])
+ }
+ for relation in sub_meta_rules_conf["sub_meta_rules"]:
+ metarule[relation] = dict()
+ for item in ("subject_categories", "object_categories", "action_categories"):
+ metarule[relation][item] = list()
+ for element in sub_meta_rules_conf["sub_meta_rules"][relation][item]:
+ metarule[relation][item].append(self.__get_key_from_value(
+ element,
+ categories[item][item]
+ ))
+
+ for relation in sub_meta_rules["sub_meta_rules"]:
+ self.assertIn(relation, metarule)
+ for item in ("subject_categories", "object_categories", "action_categories"):
+ self.assertEqual(
+ sub_meta_rules["sub_meta_rules"][relation][item],
+ metarule[relation][item]
+ )
+
+ new_subject_category = {"id": uuid.uuid4().hex, "name": "subject_category_test"}
+ # Add a particular subject_category
+ data = self.manager.add_subject_category_dict(
+ admin_user["id"],
+ ref["id"],
+ new_subject_category["name"])
+ new_subject_category["id"] = data["subject_category"]["uuid"]
+ subject_categories = self.manager.get_subject_category_dict(
+ admin_user["id"],
+ ref["id"])
+ self.assertIsInstance(subject_categories, dict)
+ self.assertIn("subject_categories", subject_categories)
+ self.assertIn("id", subject_categories)
+ self.assertIn("intra_extension_uuid", subject_categories)
+ self.assertEqual(ref["id"], subject_categories["intra_extension_uuid"])
+ self.assertIn(new_subject_category["id"], subject_categories["subject_categories"])
+ metarule[relation]["subject_categories"].append(new_subject_category["id"])
+
+ self.assertRaises(
+ MetaRuleAddNotAuthorized,
+ self.manager.set_sub_meta_rule,
+ demo_user["id"], ref["id"], metarule
+ )
+
+ _sub_meta_rules = self.manager.set_sub_meta_rule(admin_user["id"], ref["id"], metarule)
+ self.assertIn(relation, metarule)
+ for item in ("subject_categories", "object_categories", "action_categories"):
+ self.assertEqual(
+ _sub_meta_rules["sub_meta_rules"][relation][item],
+ metarule[relation][item]
+ )
+
+ def test_sub_rules(self):
+ admin_user = self.create_user("admin")
+ ref = self.create_intra_extension()
+ demo_user = self.create_user("demo")
+
+ sub_meta_rules = self.manager.get_sub_meta_rule(admin_user["id"], ref["id"])
+ self.assertIsInstance(sub_meta_rules, dict)
+ self.assertIn("sub_meta_rules", sub_meta_rules)
+
+ self.assertRaises(
+ RuleReadNotAuthorized,
+ self.manager.get_sub_rules,
+ demo_user["id"], ref["id"]
+ )
+
+ sub_rules = self.manager.get_sub_rules(admin_user["id"], ref["id"])
+ self.assertIsInstance(sub_rules, dict)
+ self.assertIn("rules", sub_rules)
+ rules = dict()
+ for relation in sub_rules["rules"]:
+ self.assertIn(relation, self.manager.get_sub_meta_rule_relations(admin_user["id"], ref["id"])["sub_meta_rule_relations"])
+ rules[relation] = list()
+ for rule in sub_rules["rules"][relation]:
+ print(rule)
+ for cat, cat_func, func_name in (
+ ("subject_categories", self.manager.get_subject_category_scope_dict, "subject_category_scope"),
+ ("action_categories", self.manager.get_action_category_scope_dict, "action_category_scope"),
+ ("object_categories", self.manager.get_object_category_scope_dict, "object_category_scope"),
+ ):
+ for cat_value in sub_meta_rules["sub_meta_rules"][relation][cat]:
+ scope = cat_func(
+ admin_user["id"],
+ ref["id"],
+ cat_value
+ )
+ a_scope = rule.pop(0)
+ print(a_scope)
+ if type(a_scope) is not bool:
+ self.assertIn(a_scope, scope[func_name][cat_value])
+
+ # add a new subrule
+
+ relation = sub_rules["rules"].keys()[0]
+ sub_rule = []
+ for cat, cat_func, func_name in (
+ ("subject_categories", self.manager.get_subject_category_scope_dict, "subject_category_scope"),
+ ("action_categories", self.manager.get_action_category_scope_dict, "action_category_scope"),
+ ("object_categories", self.manager.get_object_category_scope_dict, "object_category_scope"),
+ ):
+ for cat_value in sub_meta_rules["sub_meta_rules"][relation][cat]:
+ scope = cat_func(
+ admin_user["id"],
+ ref["id"],
+ cat_value
+ )
+ sub_rule.append(scope[func_name][cat_value].keys()[0])
+
+ sub_rule.append(True)
+ self.assertRaises(
+ RuleAddNotAuthorized,
+ self.manager.set_sub_rules,
+ demo_user["id"], ref["id"], relation, sub_rule
+ )
+
+ sub_rules = self.manager.set_sub_rule(admin_user["id"], ref["id"], relation, sub_rule)
+ self.assertIsInstance(sub_rules, dict)
+ self.assertIn("rules", sub_rules)
+ rules = dict()
+ self.assertIn(sub_rule, sub_rules["rules"][relation])
+ for relation in sub_rules["rules"]:
+ self.assertIn(relation, self.manager.get_sub_meta_rule_relations(admin_user["id"], ref["id"])["sub_meta_rule_relations"])
+ rules[relation] = list()
+ for rule in sub_rules["rules"][relation]:
+ for cat, cat_func, func_name in (
+ ("subject_categories", self.manager.get_subject_category_scope_dict, "subject_category_scope"),
+ ("action_categories", self.manager.get_action_category_scope_dict, "action_category_scope"),
+ ("object_categories", self.manager.get_object_category_scope_dict, "object_category_scope"),
+ ):
+ for cat_value in sub_meta_rules["sub_meta_rules"][relation][cat]:
+ scope = cat_func(
+ admin_user["id"],
+ ref["id"],
+ cat_value
+ )
+ a_scope = rule.pop(0)
+ self.assertIn(a_scope, scope[func_name][cat_value])