diff options
Diffstat (limited to 'keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py')
-rw-r--r-- | keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py | 1549 |
1 files changed, 1544 insertions, 5 deletions
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py index 29ebe7a2..6426bf84 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py @@ -19,7 +19,7 @@ from keystone.contrib.moon.core import LogManager, TenantManager CONF = cfg.CONF -USER_ADMIN = { +USER = { 'name': 'admin', 'domain_id': "default", 'password': 'admin' @@ -31,11 +31,11 @@ IE = { "description": "a simple description." } -class TestIntraExtensionAdminManager(tests.TestCase): +class TestIntraExtensionAdminManagerOK(tests.TestCase): def setUp(self): self.useFixture(database.Database()) - super(TestIntraExtensionAdminManager, self).setUp() + super(TestIntraExtensionAdminManagerOK, self).setUp() self.load_backends() self.load_fixtures(default_fixtures) self.manager = IntraExtensionAdminManager() @@ -51,7 +51,7 @@ class TestIntraExtensionAdminManager(tests.TestCase): } def config_overrides(self): - super(TestIntraExtensionAdminManager, self).config_overrides() + super(TestIntraExtensionAdminManagerOK, self).config_overrides() self.policy_directory = 'examples/moon/policies' self.config_fixture.config( group='moon', @@ -62,7 +62,7 @@ class TestIntraExtensionAdminManager(tests.TestCase): def create_intra_extension(self, policy_model="policy_rbac_admin"): # Create the admin user because IntraExtension needs it - self.admin = self.identity_api.create_user(USER_ADMIN) + self.admin = self.identity_api.create_user(USER) IE["policymodel"] = policy_model self.ref = self.manager.load_intra_extension(IE) self.assertIsInstance(self.ref, dict) @@ -1225,5 +1225,1544 @@ class TestIntraExtensionAdminManager(tests.TestCase): self.assertIn(a_scope, scope[func_name][cat_value]) +class TestIntraExtensionAdminManagerKO(tests.TestCase): + def setUp(self): + self.useFixture(database.Database()) + super(TestIntraExtensionAdminManagerKO, self).setUp() + self.load_backends() + self.load_fixtures(default_fixtures) + self.manager = IntraExtensionAuthzManager() + self.admin_manager = IntraExtensionAdminManager() + + def __get_key_from_value(self, value, values_dict): + return filter(lambda v: v[1] == value, values_dict.iteritems())[0][0] + + def load_extra_backends(self): + return { + "moonlog_api": LogManager(), + "tenant_api": TenantManager(), + "resource_api": resource.Manager(), + } + + def config_overrides(self): + super(TestIntraExtensionAdminManagerKO, self).config_overrides() + self.policy_directory = 'examples/moon/policies' + self.config_fixture.config( + group='moon', + intraextension_driver='keystone.contrib.moon.backends.sql.IntraExtensionConnector') + self.config_fixture.config( + group='moon', + policy_directory=self.policy_directory) + + def create_tenant(self): + tenant = { + "id": uuid.uuid4().hex, + "name": "TestIntraExtensionAuthzManager", + "enabled": True, + "description": "", + "domain_id": "default" + } + return self.resource_api.create_project(tenant["id"], tenant) + + def create_mapping(self, tenant, authz_uuid=None, admin_uuid=None): + + mapping = self.tenant_api.set_tenant_dict(tenant["id"], tenant["name"], authz_uuid, admin_uuid) + self.assertIsInstance(mapping, dict) + self.assertIn("authz", mapping) + self.assertEqual(mapping["authz"], authz_uuid) + return mapping + + def create_user(self, username="admin"): + + _USER = dict(USER) + _USER["name"] = username + return self.identity_api.create_user(_USER) + + def create_intra_extension(self, policy_model="policy_rbac_authz"): + + IE["policymodel"] = policy_model + ref = self.admin_manager.load_intra_extension(IE) + self.assertIsInstance(self.ref, dict) + return ref + + def test_subjects(self): + admin_user = self.create_user("admin") + ref = self.create_intra_extension() + demo_user = self.create_user("demo") + + self.assertRaises( + SubjectReadNotAuthorized, + self.manager.get_subject_dict, + demo_user["id"], ref["id"]) + + subjects = self.manager.get_subject_dict(admin_user["id"], ref["id"]) + self.assertIsInstance(subjects, dict) + self.assertIn("subjects", subjects) + self.assertIn("id", subjects) + self.assertIn("intra_extension_uuid", subjects) + self.assertEqual(ref["id"], subjects["intra_extension_uuid"]) + self.assertIsInstance(subjects["subjects"], dict) + + new_subject = self.create_user("new_user") + new_subjects = dict() + new_subjects[new_subject["id"]] = new_subject["name"] + + self.assertRaises( + SubjectAddNotAuthorized, + self.manager.set_subject_dict, + demo_user["id"], ref["id"], new_subjects) + + subjects = self.manager.set_subject_dict(admin_user["id"], ref["id"], new_subjects) + self.assertIsInstance(subjects, dict) + self.assertIn("subjects", subjects) + self.assertIn("id", subjects) + self.assertIn("intra_extension_uuid", subjects) + self.assertEqual(ref["id"], subjects["intra_extension_uuid"]) + self.assertEqual(subjects["subjects"], new_subjects) + self.assertIn(new_subject["id"], subjects["subjects"]) + + # Delete the new subject + self.assertRaises( + SubjectDelNotAuthorized, + self.manager.del_subject_dict, + demo_user["id"], ref["id"], new_subject["id"]) + + self.manager.del_subject(admin_user["id"], ref["id"], new_subject["id"]) + subjects = self.manager.get_subject_dict(admin_user["id"], ref["id"]) + self.assertIsInstance(subjects, dict) + self.assertIn("subjects", subjects) + self.assertIn("id", subjects) + self.assertIn("intra_extension_uuid", subjects) + self.assertEqual(ref["id"], subjects["intra_extension_uuid"]) + self.assertNotIn(new_subject["id"], subjects["subjects"]) + + # Add a particular subject + self.assertRaises( + SubjectAddNotAuthorized, + self.manager.add_subject_dict, + demo_user["id"], ref["id"], new_subject["id"]) + + subjects = self.manager.add_subject_dict(admin_user["id"], ref["id"], new_subject["id"]) + self.assertIsInstance(subjects, dict) + self.assertIn("subject", subjects) + self.assertIn("uuid", subjects["subject"]) + self.assertEqual(new_subject["name"], subjects["subject"]["name"]) + subjects = self.manager.get_subject_dict(admin_user["id"], ref["id"]) + self.assertIsInstance(subjects, dict) + self.assertIn("subjects", subjects) + self.assertIn("id", subjects) + self.assertIn("intra_extension_uuid", subjects) + self.assertEqual(ref["id"], subjects["intra_extension_uuid"]) + self.assertIn(new_subject["id"], subjects["subjects"]) + + def test_objects(self): + admin_user = self.create_user("admin") + ref = self.create_intra_extension() + demo_user = self.create_user("demo") + + self.assertRaises( + ObjectReadNotAuthorized, + self.manager.get_object_dict, + demo_user["id"], ref["id"]) + + objects = self.manager.get_object_dict(admin_user["id"], ref["id"]) + self.assertIsInstance(objects, dict) + self.assertIn("objects", objects) + self.assertIn("id", objects) + self.assertIn("intra_extension_uuid", objects) + self.assertEqual(ref["id"], objects["intra_extension_uuid"]) + self.assertIsInstance(objects["objects"], dict) + + new_object = {"id": uuid.uuid4().hex, "name": "my_object"} + new_objects = dict() + new_objects[new_object["id"]] = new_object["name"] + + self.assertRaises( + ObjectAddNotAuthorized, + self.manager.set_object_dict, + demo_user["id"], ref["id"], new_objects) + + objects = self.manager.set_object_dict(admin_user["id"], ref["id"], new_objects) + self.assertIsInstance(objects, dict) + self.assertIn("objects", objects) + self.assertIn("id", objects) + self.assertIn("intra_extension_uuid", objects) + self.assertEqual(ref["id"], objects["intra_extension_uuid"]) + self.assertEqual(objects["objects"], new_objects) + self.assertIn(new_object["id"], objects["objects"]) + + # Delete the new object + self.assertRaises( + ObjectDelNotAuthorized, + self.manager.del_object_dict, + demo_user["id"], ref["id"], new_object["id"]) + + self.manager.del_object(admin_user["id"], ref["id"], new_object["id"]) + objects = self.manager.get_object_dict(admin_user["id"], ref["id"]) + self.assertIsInstance(objects, dict) + self.assertIn("objects", objects) + self.assertIn("id", objects) + self.assertIn("intra_extension_uuid", objects) + self.assertEqual(ref["id"], objects["intra_extension_uuid"]) + self.assertNotIn(new_object["id"], objects["objects"]) + + # Add a particular object + self.assertRaises( + ObjectAddNotAuthorized, + self.manager.add_object_dict, + demo_user["id"], ref["id"], new_object["name"]) + + objects = self.manager.add_object_dict(admin_user["id"], ref["id"], new_object["name"]) + self.assertIsInstance(objects, dict) + self.assertIn("object", objects) + self.assertIn("uuid", objects["object"]) + self.assertEqual(new_object["name"], objects["object"]["name"]) + new_object["id"] = objects["object"]["uuid"] + objects = self.manager.get_object_dict(admin_user["id"], ref["id"]) + self.assertIsInstance(objects, dict) + self.assertIn("objects", objects) + self.assertIn("id", objects) + self.assertIn("intra_extension_uuid", objects) + self.assertEqual(ref["id"], objects["intra_extension_uuid"]) + self.assertIn(new_object["id"], objects["objects"]) + + def test_actions(self): + admin_user = self.create_user("admin") + ref = self.create_intra_extension() + demo_user = self.create_user("demo") + + self.assertRaises( + ActionReadNotAuthorized, + self.manager.get_action_dict, + demo_user["id"], ref["id"]) + + actions = self.manager.get_action_dict(admin_user["id"], ref["id"]) + self.assertIsInstance(actions, dict) + self.assertIn("actions", actions) + self.assertIn("id", actions) + self.assertIn("intra_extension_uuid", actions) + self.assertEqual(ref["id"], actions["intra_extension_uuid"]) + self.assertIsInstance(actions["actions"], dict) + + new_action = {"id": uuid.uuid4().hex, "name": "my_action"} + new_actions = dict() + new_actions[new_action["id"]] = new_action["name"] + + self.assertRaises( + ActionAddNotAuthorized, + self.manager.set_action_dict, + demo_user["id"], ref["id"], new_actions) + + actions = self.manager.set_action_dict(admin_user["id"], ref["id"], new_actions) + self.assertIsInstance(actions, dict) + self.assertIn("actions", actions) + self.assertIn("id", actions) + self.assertIn("intra_extension_uuid", actions) + self.assertEqual(ref["id"], actions["intra_extension_uuid"]) + self.assertEqual(actions["actions"], new_actions) + self.assertIn(new_action["id"], actions["actions"]) + + # Delete the new action + self.assertRaises( + ActionDelNotAuthorized, + self.manager.del_action_dict, + demo_user["id"], ref["id"], new_action["id"]) + + self.manager.del_action(admin_user["id"], ref["id"], new_action["id"]) + actions = self.manager.get_action_dict(admin_user["id"], ref["id"]) + self.assertIsInstance(actions, dict) + self.assertIn("actions", actions) + self.assertIn("id", actions) + self.assertIn("intra_extension_uuid", actions) + self.assertEqual(ref["id"], actions["intra_extension_uuid"]) + self.assertNotIn(new_action["id"], actions["actions"]) + + # Add a particular action + self.assertRaises( + ActionAddNotAuthorized, + self.manager.add_action_dict, + demo_user["id"], ref["id"], new_action["name"]) + + actions = self.manager.add_action_dict(admin_user["id"], ref["id"], new_action["name"]) + self.assertIsInstance(actions, dict) + self.assertIn("action", actions) + self.assertIn("uuid", actions["action"]) + self.assertEqual(new_action["name"], actions["action"]["name"]) + new_action["id"] = actions["action"]["uuid"] + actions = self.manager.get_action_dict(admin_user["id"], ref["id"]) + self.assertIsInstance(actions, dict) + self.assertIn("actions", actions) + self.assertIn("id", actions) + self.assertIn("intra_extension_uuid", actions) + self.assertEqual(ref["id"], actions["intra_extension_uuid"]) + self.assertIn(new_action["id"], actions["actions"]) + + def test_subject_categories(self): + admin_user = self.create_user("admin") + ref = self.create_intra_extension() + demo_user = self.create_user("demo") + + self.assertRaises( + SubjectCategoryReadNotAuthorized, + self.manager.get_subject_category_dict, + demo_user["id"], ref["id"]) + + subject_categories = self.manager.get_subject_category_dict(admin_user["id"], ref["id"]) + self.assertIsInstance(subject_categories, dict) + self.assertIn("subject_categories", subject_categories) + self.assertIn("id", subject_categories) + self.assertIn("intra_extension_uuid", subject_categories) + self.assertEqual(ref["id"], subject_categories["intra_extension_uuid"]) + self.assertIsInstance(subject_categories["subject_categories"], dict) + + new_subject_category = {"id": uuid.uuid4().hex, "name": "subject_category_test"} + new_subject_categories = dict() + new_subject_categories[new_subject_category["id"]] = new_subject_category["name"] + + self.assertRaises( + SubjectCategoryAddNotAuthorized, + self.manager.set_subject_category_dict, + demo_user["id"], ref["id"], new_subject_categories) + + subject_categories = self.manager.set_subject_category_dict(admin_user["id"], ref["id"], new_subject_categories) + self.assertIsInstance(subject_categories, dict) + self.assertIn("subject_categories", subject_categories) + self.assertIn("id", subject_categories) + self.assertIn("intra_extension_uuid", subject_categories) + self.assertEqual(ref["id"], subject_categories["intra_extension_uuid"]) + self.assertEqual(subject_categories["subject_categories"], new_subject_categories) + self.assertIn(new_subject_category["id"], subject_categories["subject_categories"]) + + # Delete the new subject_category + self.assertRaises( + SubjectCategoryDelNotAuthorized, + self.manager.del_subject_category_dict, + demo_user["id"], ref["id"], new_subject_category["id"]) + + self.manager.del_subject_category(admin_user["id"], ref["id"], new_subject_category["id"]) + subject_categories = self.manager.get_subject_category_dict(admin_user["id"], ref["id"]) + self.assertIsInstance(subject_categories, dict) + self.assertIn("subject_categories", subject_categories) + self.assertIn("id", subject_categories) + self.assertIn("intra_extension_uuid", subject_categories) + self.assertEqual(ref["id"], subject_categories["intra_extension_uuid"]) + self.assertNotIn(new_subject_category["id"], subject_categories["subject_categories"]) + + # Add a particular subject_category + self.assertRaises( + SubjectCategoryAddNotAuthorized, + self.manager.add_subject_category_dict, + demo_user["id"], ref["id"], new_subject_category["name"]) + + subject_categories = self.manager.add_subject_category_dict( + admin_user["id"], + ref["id"], + new_subject_category["name"]) + self.assertIsInstance(subject_categories, dict) + self.assertIn("subject_category", subject_categories) + self.assertIn("uuid", subject_categories["subject_category"]) + self.assertEqual(new_subject_category["name"], subject_categories["subject_category"]["name"]) + new_subject_category["id"] = subject_categories["subject_category"]["uuid"] + subject_categories = self.manager.get_subject_category_dict( + admin_user["id"], + ref["id"]) + self.assertIsInstance(subject_categories, dict) + self.assertIn("subject_categories", subject_categories) + self.assertIn("id", subject_categories) + self.assertIn("intra_extension_uuid", subject_categories) + self.assertEqual(ref["id"], subject_categories["intra_extension_uuid"]) + self.assertIn(new_subject_category["id"], subject_categories["subject_categories"]) + + def test_object_categories(self): + admin_user = self.create_user("admin") + ref = self.create_intra_extension() + demo_user = self.create_user("demo") + + self.assertRaises( + ObjectCategoryReadNotAuthorized, + self.manager.get_object_category_dict, + demo_user["id"], ref["id"]) + + object_categories = self.manager.get_object_category_dict(admin_user["id"], ref["id"]) + self.assertIsInstance(object_categories, dict) + self.assertIn("object_categories", object_categories) + self.assertIn("id", object_categories) + self.assertIn("intra_extension_uuid", object_categories) + self.assertEqual(ref["id"], object_categories["intra_extension_uuid"]) + self.assertIsInstance(object_categories["object_categories"], dict) + + new_object_category = {"id": uuid.uuid4().hex, "name": "object_category_test"} + new_object_categories = dict() + new_object_categories[new_object_category["id"]] = new_object_category["name"] + + self.assertRaises( + ObjectCategoryAddNotAuthorized, + self.manager.set_object_category_dict, + demo_user["id"], ref["id"], new_object_categories) + + object_categories = self.manager.set_object_category_dict(admin_user["id"], ref["id"], new_object_categories) + self.assertIsInstance(object_categories, dict) + self.assertIn("object_categories", object_categories) + self.assertIn("id", object_categories) + self.assertIn("intra_extension_uuid", object_categories) + self.assertEqual(ref["id"], object_categories["intra_extension_uuid"]) + self.assertEqual(object_categories["object_categories"], new_object_categories) + self.assertIn(new_object_category["id"], object_categories["object_categories"]) + + # Delete the new object_category + self.assertRaises( + ObjectCategoryDelNotAuthorized, + self.manager.del_object_category, + demo_user["id"], ref["id"], new_object_category["id"]) + + self.manager.del_object_category(admin_user["id"], ref["id"], new_object_category["id"]) + object_categories = self.manager.get_object_category_dict(admin_user["id"], ref["id"]) + self.assertIsInstance(object_categories, dict) + self.assertIn("object_categories", object_categories) + self.assertIn("id", object_categories) + self.assertIn("intra_extension_uuid", object_categories) + self.assertEqual(ref["id"], object_categories["intra_extension_uuid"]) + self.assertNotIn(new_object_category["id"], object_categories["object_categories"]) + + # Add a particular object_category + self.assertRaises( + ObjectCategoryAddNotAuthorized, + self.manager.add_object_category, + demo_user["id"], ref["id"], new_object_category["name"]) + + object_categories = self.manager.add_object_category_dict( + admin_user["id"], + ref["id"], + new_object_category["name"]) + self.assertIsInstance(object_categories, dict) + self.assertIn("object_category", object_categories) + self.assertIn("uuid", object_categories["object_category"]) + self.assertEqual(new_object_category["name"], object_categories["object_category"]["name"]) + new_object_category["id"] = object_categories["object_category"]["uuid"] + object_categories = self.manager.get_object_category_dict( + admin_user["id"], + ref["id"]) + self.assertIsInstance(object_categories, dict) + self.assertIn("object_categories", object_categories) + self.assertIn("id", object_categories) + self.assertIn("intra_extension_uuid", object_categories) + self.assertEqual(ref["id"], object_categories["intra_extension_uuid"]) + self.assertIn(new_object_category["id"], object_categories["object_categories"]) + + def test_action_categories(self): + admin_user = self.create_user("admin") + ref = self.create_intra_extension() + demo_user = self.create_user("demo") + + self.assertRaises( + ActionCategoryReadNotAuthorized, + self.manager.get_action_category_dict, + demo_user["id"], ref["id"]) + + action_categories = self.manager.get_action_category_dict(admin_user["id"], ref["id"]) + self.assertIsInstance(action_categories, dict) + self.assertIn("action_categories", action_categories) + self.assertIn("id", action_categories) + self.assertIn("intra_extension_uuid", action_categories) + self.assertEqual(ref["id"], action_categories["intra_extension_uuid"]) + self.assertIsInstance(action_categories["action_categories"], dict) + + new_action_category = {"id": uuid.uuid4().hex, "name": "action_category_test"} + new_action_categories = dict() + new_action_categories[new_action_category["id"]] = new_action_category["name"] + self.assertRaises( + ActionCategoryAddNotAuthorized, + self.manager.set_action_category_dict, + demo_user["id"], ref["id"], new_action_categories) + + action_categories = self.manager.set_action_category_dict(admin_user["id"], ref["id"], new_action_categories) + self.assertIsInstance(action_categories, dict) + self.assertIn("action_categories", action_categories) + self.assertIn("id", action_categories) + self.assertIn("intra_extension_uuid", action_categories) + self.assertEqual(ref["id"], action_categories["intra_extension_uuid"]) + self.assertEqual(action_categories["action_categories"], new_action_categories) + self.assertIn(new_action_category["id"], action_categories["action_categories"]) + + # Delete the new action_category + self.assertRaises( + ActionCategoryDelNotAuthorized, + self.manager.del_action_category_dict, + demo_user["id"], ref["id"], new_action_category["id"]) + + self.manager.del_action_category(admin_user["id"], ref["id"], new_action_category["id"]) + action_categories = self.manager.get_action_category_dict(admin_user["id"], ref["id"]) + self.assertIsInstance(action_categories, dict) + self.assertIn("action_categories", action_categories) + self.assertIn("id", action_categories) + self.assertIn("intra_extension_uuid", action_categories) + self.assertEqual(ref["id"], action_categories["intra_extension_uuid"]) + self.assertNotIn(new_action_category["id"], action_categories["action_categories"]) + + # Add a particular action_category + self.assertRaises( + ActionCategoryAddNotAuthorized, + self.manager.add_action_category_dict, + demo_user["id"], ref["id"], new_action_category["name"]) + + action_categories = self.manager.add_action_category_dict( + admin_user["id"], + ref["id"], + new_action_category["name"]) + self.assertIsInstance(action_categories, dict) + self.assertIn("action_category", action_categories) + self.assertIn("uuid", action_categories["action_category"]) + self.assertEqual(new_action_category["name"], action_categories["action_category"]["name"]) + new_action_category["id"] = action_categories["action_category"]["uuid"] + action_categories = self.manager.get_action_category_dict( + admin_user["id"], + ref["id"]) + self.assertIsInstance(action_categories, dict) + self.assertIn("action_categories", action_categories) + self.assertIn("id", action_categories) + self.assertIn("intra_extension_uuid", action_categories) + self.assertEqual(ref["id"], action_categories["intra_extension_uuid"]) + self.assertIn(new_action_category["id"], action_categories["action_categories"]) + + def test_subject_category_scope(self): + admin_user = self.create_user("admin") + ref = self.create_intra_extension() + demo_user = self.create_user("demo") + + subject_categories = self.manager.set_subject_category_dict( + admin_user["id"], + ref["id"], + { + uuid.uuid4().hex: admin_user["id"], + uuid.uuid4().hex: "dev", + } + ) + + for subject_category in subject_categories["subject_categories"]: + self.assertRaises( + SubjectCategoryScopeReadNotAuthorized, + self.manager.get_subject_category_scope_dict, + demo_user["id"], ref["id"], subject_category) + + subject_category_scope = self.manager.get_subject_category_scope_dict( + admin_user["id"], + ref["id"], + subject_category) + self.assertIsInstance(subject_category_scope, dict) + self.assertIn("subject_category_scope", subject_category_scope) + self.assertIn("id", subject_category_scope) + self.assertIn("intra_extension_uuid", subject_category_scope) + self.assertEqual(ref["id"], subject_category_scope["intra_extension_uuid"]) + self.assertIsInstance(subject_category_scope["subject_category_scope"], dict) + + new_subject_category_scope = dict() + new_subject_category_scope_uuid = uuid.uuid4().hex + new_subject_category_scope[new_subject_category_scope_uuid] = "new_subject_category_scope" + + self.assertRaises( + SubjectCategoryScopeAddNotAuthorized, + self.manager.set_subject_category_scope_dict, + demo_user["id"], ref["id"], subject_category, new_subject_category_scope) + + subject_category_scope = self.manager.set_subject_category_scope_dict( + admin_user["id"], + ref["id"], + subject_category, + new_subject_category_scope) + self.assertIsInstance(subject_category_scope, dict) + self.assertIn("subject_category_scope", subject_category_scope) + self.assertIn("id", subject_category_scope) + self.assertIn("intra_extension_uuid", subject_category_scope) + self.assertEqual(ref["id"], subject_category_scope["intra_extension_uuid"]) + self.assertIn(new_subject_category_scope[new_subject_category_scope_uuid], + subject_category_scope["subject_category_scope"][subject_category].values()) + + # Delete the new subject_category_scope + self.assertRaises( + SubjectCategoryScopeDelNotAuthorized, + self.manager.del_subject_category_scope_dict, + demo_user["id"], ref["id"], subject_category, new_subject_category_scope_uuid) + + self.manager.del_subject_category_scope( + admin_user["id"], + ref["id"], + subject_category, + new_subject_category_scope_uuid) + subject_category_scope = self.manager.get_subject_category_scope_dict( + admin_user["id"], + ref["id"], + subject_category) + self.assertIsInstance(subject_category_scope, dict) + self.assertIn("subject_category_scope", subject_category_scope) + self.assertIn("id", subject_category_scope) + self.assertIn("intra_extension_uuid", subject_category_scope) + self.assertEqual(ref["id"], subject_category_scope["intra_extension_uuid"]) + self.assertNotIn(new_subject_category_scope_uuid, subject_category_scope["subject_category_scope"]) + + # Add a particular subject_category_scope + self.assertRaises( + SubjectCategoryScopeAddNotAuthorized, + self.manager.add_subject_category_scope_dict, + demo_user["id"], ref["id"], subject_category, + new_subject_category_scope[new_subject_category_scope_uuid]) + + subject_category_scope = self.manager.add_subject_category_scope_dict( + admin_user["id"], + ref["id"], + subject_category, + new_subject_category_scope[new_subject_category_scope_uuid]) + self.assertIsInstance(subject_category_scope, dict) + self.assertIn("subject_category_scope", subject_category_scope) + self.assertIn("uuid", subject_category_scope["subject_category_scope"]) + self.assertEqual(new_subject_category_scope[new_subject_category_scope_uuid], + subject_category_scope["subject_category_scope"]["name"]) + subject_category_scope = self.manager.get_subject_category_scope_dict( + admin_user["id"], + ref["id"], + subject_category) + self.assertIsInstance(subject_category_scope, dict) + self.assertIn("subject_category_scope", subject_category_scope) + self.assertIn("id", subject_category_scope) + self.assertIn("intra_extension_uuid", subject_category_scope) + self.assertEqual(ref["id"], subject_category_scope["intra_extension_uuid"]) + self.assertNotIn(new_subject_category_scope_uuid, subject_category_scope["subject_category_scope"]) + + def test_object_category_scope(self): + admin_user = self.create_user("admin") + ref = self.create_intra_extension() + demo_user = self.create_user("demo") + + object_categories = self.manager.set_object_category_dict( + admin_user["id"], + ref["id"], + { + uuid.uuid4().hex: "id", + uuid.uuid4().hex: "domain", + } + ) + + for object_category in object_categories["object_categories"]: + self.assertRaises( + ObjectCategoryScopeReadNotAuthorized, + self.manager.get_object_category_scope_dict, + demo_user["id"], ref["id"], object_category) + + object_category_scope = self.manager.get_object_category_scope_dict( + admin_user["id"], + ref["id"], + object_category) + self.assertIsInstance(object_category_scope, dict) + self.assertIn("object_category_scope", object_category_scope) + self.assertIn("id", object_category_scope) + self.assertIn("intra_extension_uuid", object_category_scope) + self.assertEqual(ref["id"], object_category_scope["intra_extension_uuid"]) + self.assertIsInstance(object_category_scope["object_category_scope"], dict) + + new_object_category_scope = dict() + new_object_category_scope_uuid = uuid.uuid4().hex + new_object_category_scope[new_object_category_scope_uuid] = "new_object_category_scope" + + self.assertRaises( + ObjectCategoryScopeAddNotAuthorized, + self.manager.set_object_category_scope_dict, + demo_user["id"], ref["id"], object_category, new_object_category_scope) + + object_category_scope = self.manager.set_object_category_scope_dict( + admin_user["id"], + ref["id"], + object_category, + new_object_category_scope) + self.assertIsInstance(object_category_scope, dict) + self.assertIn("object_category_scope", object_category_scope) + self.assertIn("id", object_category_scope) + self.assertIn("intra_extension_uuid", object_category_scope) + self.assertEqual(ref["id"], object_category_scope["intra_extension_uuid"]) + self.assertIn(new_object_category_scope[new_object_category_scope_uuid], + object_category_scope["object_category_scope"][object_category].values()) + + # Delete the new object_category_scope + self.assertRaises( + ObjectCategoryScopeDelNotAuthorized, + self.manager.del_object_category_scope_dict, + demo_user["id"], ref["id"], object_category, new_object_category_scope) + + self.manager.del_object_category_scope( + admin_user["id"], + ref["id"], + object_category, + new_object_category_scope_uuid) + object_category_scope = self.manager.get_object_category_scope_dict( + admin_user["id"], + ref["id"], + object_category) + self.assertIsInstance(object_category_scope, dict) + self.assertIn("object_category_scope", object_category_scope) + self.assertIn("id", object_category_scope) + self.assertIn("intra_extension_uuid", object_category_scope) + self.assertEqual(ref["id"], object_category_scope["intra_extension_uuid"]) + self.assertNotIn(new_object_category_scope_uuid, object_category_scope["object_category_scope"]) + + # Add a particular object_category_scope + self.assertRaises( + ObjectCategoryScopeAddNotAuthorized, + self.manager.add_object_category_scope_dict, + demo_user["id"], ref["id"], object_category, + new_object_category_scope[new_object_category_scope_uuid] + ) + + object_category_scope = self.manager.add_object_category_scope_dict( + admin_user["id"], + ref["id"], + object_category, + new_object_category_scope[new_object_category_scope_uuid]) + self.assertIsInstance(object_category_scope, dict) + self.assertIn("object_category_scope", object_category_scope) + self.assertIn("uuid", object_category_scope["object_category_scope"]) + self.assertEqual(new_object_category_scope[new_object_category_scope_uuid], + object_category_scope["object_category_scope"]["name"]) + object_category_scope = self.manager.get_object_category_scope_dict( + admin_user["id"], + ref["id"], + object_category) + self.assertIsInstance(object_category_scope, dict) + self.assertIn("object_category_scope", object_category_scope) + self.assertIn("id", object_category_scope) + self.assertIn("intra_extension_uuid", object_category_scope) + self.assertEqual(ref["id"], object_category_scope["intra_extension_uuid"]) + self.assertNotIn(new_object_category_scope_uuid, object_category_scope["object_category_scope"]) + + def test_action_category_scope(self): + admin_user = self.create_user("admin") + ref = self.create_intra_extension() + demo_user = self.create_user("demo") + + action_categories = self.manager.set_action_category_dict( + admin_user["id"], + ref["id"], + { + uuid.uuid4().hex: "compute", + uuid.uuid4().hex: "identity", + } + ) + + for action_category in action_categories["action_categories"]: + self.assertRaises( + ActionCategoryScopeReadNotAuthorized, + self.manager.get_object_category_scope_dict, + demo_user["id"], ref["id"], action_category) + + action_category_scope = self.manager.get_action_category_scope_dict( + admin_user["id"], + ref["id"], + action_category) + self.assertIsInstance(action_category_scope, dict) + self.assertIn("action_category_scope", action_category_scope) + self.assertIn("id", action_category_scope) + self.assertIn("intra_extension_uuid", action_category_scope) + self.assertEqual(ref["id"], action_category_scope["intra_extension_uuid"]) + self.assertIsInstance(action_category_scope["action_category_scope"], dict) + + new_action_category_scope = dict() + new_action_category_scope_uuid = uuid.uuid4().hex + new_action_category_scope[new_action_category_scope_uuid] = "new_action_category_scope" + + self.assertRaises( + ActionCategoryScopeAddNotAuthorized, + self.manager.set_action_category_scope_dict, + demo_user["id"], ref["id"], action_category, new_action_category_scope) + + action_category_scope = self.manager.set_action_category_scope_dict( + admin_user["id"], + ref["id"], + action_category, + new_action_category_scope) + self.assertIsInstance(action_category_scope, dict) + self.assertIn("action_category_scope", action_category_scope) + self.assertIn("id", action_category_scope) + self.assertIn("intra_extension_uuid", action_category_scope) + self.assertEqual(ref["id"], action_category_scope["intra_extension_uuid"]) + self.assertIn(new_action_category_scope[new_action_category_scope_uuid], + action_category_scope["action_category_scope"][action_category].values()) + + # Delete the new action_category_scope + self.assertRaises( + ActionCategoryScopeDelNotAuthorized, + self.manager.del_action_category_scope_dict, + demo_user["id"], ref["id"], action_category, + new_action_category_scope_uuid + ) + + self.manager.del_action_category_scope( + admin_user["id"], + ref["id"], + action_category, + new_action_category_scope_uuid) + action_category_scope = self.manager.get_action_category_scope_dict( + admin_user["id"], + ref["id"], + action_category) + self.assertIsInstance(action_category_scope, dict) + self.assertIn("action_category_scope", action_category_scope) + self.assertIn("id", action_category_scope) + self.assertIn("intra_extension_uuid", action_category_scope) + self.assertEqual(ref["id"], action_category_scope["intra_extension_uuid"]) + self.assertNotIn(new_action_category_scope_uuid, action_category_scope["action_category_scope"]) + + # Add a particular action_category_scope + self.assertRaises( + ActionCategoryScopeAddNotAuthorized, + self.manager.add_action_category_scope_dict, + demo_user["id"], ref["id"], action_category, + new_action_category_scope[new_action_category_scope_uuid] + ) + + action_category_scope = self.manager.add_action_category_scope_dict( + admin_user["id"], + ref["id"], + action_category, + new_action_category_scope[new_action_category_scope_uuid]) + self.assertIsInstance(action_category_scope, dict) + self.assertIn("action_category_scope", action_category_scope) + self.assertIn("uuid", action_category_scope["action_category_scope"]) + self.assertEqual(new_action_category_scope[new_action_category_scope_uuid], + action_category_scope["action_category_scope"]["name"]) + action_category_scope = self.manager.get_action_category_scope_dict( + admin_user["id"], + ref["id"], + action_category) + self.assertIsInstance(action_category_scope, dict) + self.assertIn("action_category_scope", action_category_scope) + self.assertIn("id", action_category_scope) + self.assertIn("intra_extension_uuid", action_category_scope) + self.assertEqual(ref["id"], action_category_scope["intra_extension_uuid"]) + self.assertNotIn(new_action_category_scope_uuid, action_category_scope["action_category_scope"]) + + def test_subject_category_assignment(self): + admin_user = self.create_user("admin") + ref = self.create_intra_extension() + demo_user = self.create_user("demo") + + new_subject = self.create_user() + new_subjects = dict() + new_subjects[new_subject["id"]] = new_subject["name"] + subjects = self.manager.set_subject_dict(admin_user["id"], ref["id"], new_subjects) + + new_subject_category_uuid = uuid.uuid4().hex + new_subject_category_value = "role" + subject_categories = self.manager.set_subject_category_dict( + admin_user["id"], + ref["id"], + { + new_subject_category_uuid: new_subject_category_value + } + ) + + for subject_category in subject_categories["subject_categories"]: + subject_category_scope = self.manager.get_subject_category_scope_dict( + admin_user["id"], + ref["id"], + subject_category) + self.assertIsInstance(subject_category_scope, dict) + self.assertIn("subject_category_scope", subject_category_scope) + self.assertIn("id", subject_category_scope) + self.assertIn("intra_extension_uuid", subject_category_scope) + self.assertEqual(ref["id"], subject_category_scope["intra_extension_uuid"]) + self.assertIsInstance(subject_category_scope["subject_category_scope"], dict) + + new_subject_category_scope = dict() + new_subject_category_scope_uuid = uuid.uuid4().hex + new_subject_category_scope[new_subject_category_scope_uuid] = admin_user["id"] + subject_category_scope = self.manager.set_subject_category_scope_dict( + admin_user["id"], + ref["id"], + subject_category, + new_subject_category_scope) + self.assertIsInstance(subject_category_scope, dict) + self.assertIn("subject_category_scope", subject_category_scope) + self.assertIn("id", subject_category_scope) + self.assertIn("intra_extension_uuid", subject_category_scope) + self.assertEqual(ref["id"], subject_category_scope["intra_extension_uuid"]) + self.assertIn(new_subject_category_scope[new_subject_category_scope_uuid], + subject_category_scope["subject_category_scope"][subject_category].values()) + + new_subject_category_scope2 = dict() + new_subject_category_scope2_uuid = uuid.uuid4().hex + new_subject_category_scope2[new_subject_category_scope2_uuid] = "dev" + subject_category_scope = self.manager.set_subject_category_scope_dict( + admin_user["id"], + ref["id"], + subject_category, + new_subject_category_scope2) + self.assertIsInstance(subject_category_scope, dict) + self.assertIn("subject_category_scope", subject_category_scope) + self.assertIn("id", subject_category_scope) + self.assertIn("intra_extension_uuid", subject_category_scope) + self.assertEqual(ref["id"], subject_category_scope["intra_extension_uuid"]) + self.assertIn(new_subject_category_scope2[new_subject_category_scope2_uuid], + subject_category_scope["subject_category_scope"][subject_category].values()) + + self.assertRaises( + SubjectCategoryAssignmentReadNotAuthorized, + self.manager.get_subject_category_assignment_dict, + demo_user["id"], ref["id"], new_subject["id"]) + + subject_category_assignments = self.manager.get_subject_category_assignment_dict( + admin_user["id"], + ref["id"], + new_subject["id"] + ) + self.assertIsInstance(subject_category_assignments, dict) + self.assertIn("subject_category_assignments", subject_category_assignments) + self.assertIn("id", subject_category_assignments) + self.assertIn("intra_extension_uuid", subject_category_assignments) + self.assertEqual(ref["id"], subject_category_assignments["intra_extension_uuid"]) + self.assertEqual({}, subject_category_assignments["subject_category_assignments"][new_subject["id"]]) + + self.assertRaises( + SubjectCategoryAssignmentAddNotAuthorized, + self.manager.set_subject_category_assignment_dict, + demo_user["id"], ref["id"], new_subject["id"], + { + new_subject_category_uuid: [new_subject_category_scope_uuid, new_subject_category_scope2_uuid], + } + ) + + subject_category_assignments = self.manager.set_subject_category_assignment_dict( + admin_user["id"], + ref["id"], + new_subject["id"], + { + new_subject_category_uuid: [new_subject_category_scope_uuid, new_subject_category_scope2_uuid], + } + ) + self.assertIsInstance(subject_category_assignments, dict) + self.assertIn("subject_category_assignments", subject_category_assignments) + self.assertIn("id", subject_category_assignments) + self.assertIn("intra_extension_uuid", subject_category_assignments) + self.assertEqual(ref["id"], subject_category_assignments["intra_extension_uuid"]) + self.assertEqual( + {new_subject_category_uuid: [new_subject_category_scope_uuid, new_subject_category_scope2_uuid]}, + subject_category_assignments["subject_category_assignments"][new_subject["id"]]) + subject_category_assignments = self.manager.get_subject_category_assignment_dict( + admin_user["id"], + ref["id"], + new_subject["id"] + ) + self.assertIsInstance(subject_category_assignments, dict) + self.assertIn("subject_category_assignments", subject_category_assignments) + self.assertIn("id", subject_category_assignments) + self.assertIn("intra_extension_uuid", subject_category_assignments) + self.assertEqual(ref["id"], subject_category_assignments["intra_extension_uuid"]) + self.assertEqual( + {new_subject_category_uuid: [new_subject_category_scope_uuid, new_subject_category_scope2_uuid]}, + subject_category_assignments["subject_category_assignments"][new_subject["id"]]) + + self.assertRaises( + SubjectCategoryAssignmentDelNotAuthorized, + self.manager.del_subject_category_assignment_dict, + demo_user["id"], ref["id"], new_subject["id"], + new_subject_category_uuid, + new_subject_category_scope_uuid + ) + + self.manager.del_subject_category_assignment( + admin_user["id"], + ref["id"], + new_subject["id"], + new_subject_category_uuid, + new_subject_category_scope_uuid + ) + subject_category_assignments = self.manager.get_subject_category_assignment_dict( + admin_user["id"], + ref["id"], + new_subject["id"] + ) + self.assertIsInstance(subject_category_assignments, dict) + self.assertIn("subject_category_assignments", subject_category_assignments) + self.assertIn("id", subject_category_assignments) + self.assertIn("intra_extension_uuid", subject_category_assignments) + self.assertEqual(ref["id"], subject_category_assignments["intra_extension_uuid"]) + self.assertEqual( + {new_subject_category_uuid: [new_subject_category_scope2_uuid, ]}, + subject_category_assignments["subject_category_assignments"][new_subject["id"]]) + + self.assertRaises( + SubjectCategoryAssignmentAddNotAuthorized, + self.manager.add_subject_category_assignment_dict, + demo_user["id"], ref["id"], new_subject["id"], + new_subject_category_uuid, + new_subject_category_scope_uuid + ) + + data = self.manager.add_subject_category_assignment_dict( + admin_user["id"], + ref["id"], + new_subject["id"], + new_subject_category_uuid, + new_subject_category_scope_uuid + ) + + subject_category_assignments = self.manager.get_subject_category_assignment_dict( + admin_user["id"], + ref["id"], + new_subject["id"] + ) + self.assertIsInstance(subject_category_assignments, dict) + self.assertIn("subject_category_assignments", subject_category_assignments) + self.assertIn("id", subject_category_assignments) + self.assertIn("intra_extension_uuid", subject_category_assignments) + self.assertEqual(ref["id"], subject_category_assignments["intra_extension_uuid"]) + self.assertEqual( + {new_subject_category_uuid: [new_subject_category_scope2_uuid, new_subject_category_scope_uuid]}, + subject_category_assignments["subject_category_assignments"][new_subject["id"]]) + + def test_object_category_assignment(self): + admin_user = self.create_user("admin") + ref = self.create_intra_extension() + demo_user = self.create_user("demo") + + new_object = self.create_user() + new_objects = dict() + new_objects[new_object["id"]] = new_object["name"] + objects = self.manager.set_object_dict(admin_user["id"], ref["id"], new_objects) + + new_object_category_uuid = uuid.uuid4().hex + new_object_category_value = "role" + object_categories = self.manager.set_object_category_dict( + admin_user["id"], + ref["id"], + { + new_object_category_uuid: new_object_category_value + } + ) + + for object_category in object_categories["object_categories"]: + object_category_scope = self.manager.get_object_category_scope_dict( + admin_user["id"], + ref["id"], + object_category) + self.assertIsInstance(object_category_scope, dict) + self.assertIn("object_category_scope", object_category_scope) + self.assertIn("id", object_category_scope) + self.assertIn("intra_extension_uuid", object_category_scope) + self.assertEqual(ref["id"], object_category_scope["intra_extension_uuid"]) + self.assertIsInstance(object_category_scope["object_category_scope"], dict) + + new_object_category_scope = dict() + new_object_category_scope_uuid = uuid.uuid4().hex + new_object_category_scope[new_object_category_scope_uuid] = admin_user["id"] + object_category_scope = self.manager.set_object_category_scope_dict( + admin_user["id"], + ref["id"], + object_category, + new_object_category_scope) + self.assertIsInstance(object_category_scope, dict) + self.assertIn("object_category_scope", object_category_scope) + self.assertIn("id", object_category_scope) + self.assertIn("intra_extension_uuid", object_category_scope) + self.assertEqual(ref["id"], object_category_scope["intra_extension_uuid"]) + self.assertIn(new_object_category_scope[new_object_category_scope_uuid], + object_category_scope["object_category_scope"][object_category].values()) + + new_object_category_scope2 = dict() + new_object_category_scope2_uuid = uuid.uuid4().hex + new_object_category_scope2[new_object_category_scope2_uuid] = "dev" + object_category_scope = self.manager.set_object_category_scope_dict( + admin_user["id"], + ref["id"], + object_category, + new_object_category_scope2) + self.assertIsInstance(object_category_scope, dict) + self.assertIn("object_category_scope", object_category_scope) + self.assertIn("id", object_category_scope) + self.assertIn("intra_extension_uuid", object_category_scope) + self.assertEqual(ref["id"], object_category_scope["intra_extension_uuid"]) + self.assertIn(new_object_category_scope2[new_object_category_scope2_uuid], + object_category_scope["object_category_scope"][object_category].values()) + + self.assertRaises( + ObjectCategoryAssignmentReadNotAuthorized, + self.manager.get_object_category_assignment_dict, + demo_user["id"], ref["id"], new_object["id"] + ) + + object_category_assignments = self.manager.get_object_category_assignment_dict( + admin_user["id"], + ref["id"], + new_object["id"] + ) + self.assertIsInstance(object_category_assignments, dict) + self.assertIn("object_category_assignments", object_category_assignments) + self.assertIn("id", object_category_assignments) + self.assertIn("intra_extension_uuid", object_category_assignments) + self.assertEqual(ref["id"], object_category_assignments["intra_extension_uuid"]) + self.assertEqual({}, object_category_assignments["object_category_assignments"][new_object["id"]]) + + self.assertRaises( + ObjectCategoryAssignmentAddNotAuthorized, + self.manager.set_object_category_assignment_dict, + demo_user["id"], ref["id"], new_object["id"], + { + new_object_category_uuid: [new_object_category_scope_uuid, new_object_category_scope2_uuid], + } + ) + + object_category_assignments = self.manager.set_object_category_assignment_dict( + admin_user["id"], + ref["id"], + new_object["id"], + { + new_object_category_uuid: [new_object_category_scope_uuid, new_object_category_scope2_uuid], + } + ) + self.assertIsInstance(object_category_assignments, dict) + self.assertIn("object_category_assignments", object_category_assignments) + self.assertIn("id", object_category_assignments) + self.assertIn("intra_extension_uuid", object_category_assignments) + self.assertEqual(ref["id"], object_category_assignments["intra_extension_uuid"]) + self.assertEqual( + {new_object_category_uuid: [new_object_category_scope_uuid, new_object_category_scope2_uuid]}, + object_category_assignments["object_category_assignments"][new_object["id"]]) + object_category_assignments = self.manager.get_object_category_assignment_dict( + admin_user["id"], + ref["id"], + new_object["id"] + ) + self.assertIsInstance(object_category_assignments, dict) + self.assertIn("object_category_assignments", object_category_assignments) + self.assertIn("id", object_category_assignments) + self.assertIn("intra_extension_uuid", object_category_assignments) + self.assertEqual(ref["id"], object_category_assignments["intra_extension_uuid"]) + self.assertEqual( + {new_object_category_uuid: [new_object_category_scope_uuid, new_object_category_scope2_uuid]}, + object_category_assignments["object_category_assignments"][new_object["id"]]) + + self.assertRaises( + ObjectCategoryAssignmentDelNotAuthorized, + self.manager.del_object_category_assignment_dict, + demo_user["id"], ref["id"], new_object["id"], + new_object_category_uuid, + new_object_category_scope_uuid + ) + + self.manager.del_object_category_assignment( + admin_user["id"], + ref["id"], + new_object["id"], + new_object_category_uuid, + new_object_category_scope_uuid + ) + object_category_assignments = self.manager.get_object_category_assignment_dict( + admin_user["id"], + ref["id"], + new_object["id"] + ) + self.assertIsInstance(object_category_assignments, dict) + self.assertIn("object_category_assignments", object_category_assignments) + self.assertIn("id", object_category_assignments) + self.assertIn("intra_extension_uuid", object_category_assignments) + self.assertEqual(ref["id"], object_category_assignments["intra_extension_uuid"]) + self.assertEqual( + {new_object_category_uuid: [new_object_category_scope2_uuid, ]}, + object_category_assignments["object_category_assignments"][new_object["id"]]) + + self.assertRaises( + ObjectCategoryAssignmentAddNotAuthorized, + self.manager.add_object_category_assignment_dict, + demo_user["id"], ref["id"], new_object["id"], + new_object_category_uuid, + new_object_category_scope_uuid + ) + + self.manager.add_object_category_assignment_dict( + admin_user["id"], + ref["id"], + new_object["id"], + new_object_category_uuid, + new_object_category_scope_uuid + ) + + object_category_assignments = self.manager.get_object_category_assignment_dict( + admin_user["id"], + ref["id"], + new_object["id"] + ) + self.assertIsInstance(object_category_assignments, dict) + self.assertIn("object_category_assignments", object_category_assignments) + self.assertIn("id", object_category_assignments) + self.assertIn("intra_extension_uuid", object_category_assignments) + self.assertEqual(ref["id"], object_category_assignments["intra_extension_uuid"]) + self.assertEqual( + {new_object_category_uuid: [new_object_category_scope2_uuid, new_object_category_scope_uuid]}, + object_category_assignments["object_category_assignments"][new_object["id"]]) + + def test_action_category_assignment(self): + admin_user = self.create_user("admin") + ref = self.create_intra_extension() + demo_user = self.create_user("demo") + + new_action = self.create_user() + new_actions = dict() + new_actions[new_action["id"]] = new_action["name"] + actions = self.manager.set_action_dict(admin_user["id"], ref["id"], new_actions) + + new_action_category_uuid = uuid.uuid4().hex + new_action_category_value = "role" + action_categories = self.manager.set_action_category_dict( + admin_user["id"], + ref["id"], + { + new_action_category_uuid: new_action_category_value + } + ) + + for action_category in action_categories["action_categories"]: + action_category_scope = self.manager.get_action_category_scope_dict( + admin_user["id"], + ref["id"], + action_category) + self.assertIsInstance(action_category_scope, dict) + self.assertIn("action_category_scope", action_category_scope) + self.assertIn("id", action_category_scope) + self.assertIn("intra_extension_uuid", action_category_scope) + self.assertEqual(ref["id"], action_category_scope["intra_extension_uuid"]) + self.assertIsInstance(action_category_scope["action_category_scope"], dict) + + new_action_category_scope = dict() + new_action_category_scope_uuid = uuid.uuid4().hex + new_action_category_scope[new_action_category_scope_uuid] = admin_user["id"] + action_category_scope = self.manager.set_action_category_scope_dict( + admin_user["id"], + ref["id"], + action_category, + new_action_category_scope) + self.assertIsInstance(action_category_scope, dict) + self.assertIn("action_category_scope", action_category_scope) + self.assertIn("id", action_category_scope) + self.assertIn("intra_extension_uuid", action_category_scope) + self.assertEqual(ref["id"], action_category_scope["intra_extension_uuid"]) + self.assertIn(new_action_category_scope[new_action_category_scope_uuid], + action_category_scope["action_category_scope"][action_category].values()) + + new_action_category_scope2 = dict() + new_action_category_scope2_uuid = uuid.uuid4().hex + new_action_category_scope2[new_action_category_scope2_uuid] = "dev" + action_category_scope = self.manager.set_action_category_scope_dict( + admin_user["id"], + ref["id"], + action_category, + new_action_category_scope2) + self.assertIsInstance(action_category_scope, dict) + self.assertIn("action_category_scope", action_category_scope) + self.assertIn("id", action_category_scope) + self.assertIn("intra_extension_uuid", action_category_scope) + self.assertEqual(ref["id"], action_category_scope["intra_extension_uuid"]) + self.assertIn(new_action_category_scope2[new_action_category_scope2_uuid], + action_category_scope["action_category_scope"][action_category].values()) + + self.assertRaises( + ActionCategoryAssignmentReadNotAuthorized, + self.manager.get_action_category_assignment_dict, + demo_user["id"], ref["id"], new_action["id"] + ) + + action_category_assignments = self.manager.get_action_category_assignment_dict( + admin_user["id"], + ref["id"], + new_action["id"] + ) + self.assertIsInstance(action_category_assignments, dict) + self.assertIn("action_category_assignments", action_category_assignments) + self.assertIn("id", action_category_assignments) + self.assertIn("intra_extension_uuid", action_category_assignments) + self.assertEqual(ref["id"], action_category_assignments["intra_extension_uuid"]) + self.assertEqual({}, action_category_assignments["action_category_assignments"][new_action["id"]]) + + self.assertRaises( + ActionCategoryAssignmentAddNotAuthorized, + self.manager.set_action_category_assignment_dict, + demo_user["id"], ref["id"], new_action["id"], + { + new_action_category_uuid: [new_action_category_scope_uuid, new_action_category_scope2_uuid], + } + ) + + action_category_assignments = self.manager.set_action_category_assignment_dict( + admin_user["id"], + ref["id"], + new_action["id"], + { + new_action_category_uuid: [new_action_category_scope_uuid, new_action_category_scope2_uuid], + } + ) + self.assertIsInstance(action_category_assignments, dict) + self.assertIn("action_category_assignments", action_category_assignments) + self.assertIn("id", action_category_assignments) + self.assertIn("intra_extension_uuid", action_category_assignments) + self.assertEqual(ref["id"], action_category_assignments["intra_extension_uuid"]) + self.assertEqual( + {new_action_category_uuid: [new_action_category_scope_uuid, new_action_category_scope2_uuid]}, + action_category_assignments["action_category_assignments"][new_action["id"]]) + action_category_assignments = self.manager.get_action_category_assignment_dict( + admin_user["id"], + ref["id"], + new_action["id"] + ) + self.assertIsInstance(action_category_assignments, dict) + self.assertIn("action_category_assignments", action_category_assignments) + self.assertIn("id", action_category_assignments) + self.assertIn("intra_extension_uuid", action_category_assignments) + self.assertEqual(ref["id"], action_category_assignments["intra_extension_uuid"]) + self.assertEqual( + {new_action_category_uuid: [new_action_category_scope_uuid, new_action_category_scope2_uuid]}, + action_category_assignments["action_category_assignments"][new_action["id"]]) + + self.assertRaises( + ActionCategoryAssignmentDelNotAuthorized, + self.manager.del_action_category_assignment_dict, + demo_user["id"], ref["id"], new_action["id"], + new_action_category_uuid, + new_action_category_scope_uuid + ) + + self.manager.del_action_category_assignment( + admin_user["id"], + ref["id"], + new_action["id"], + new_action_category_uuid, + new_action_category_scope_uuid + ) + action_category_assignments = self.manager.get_action_category_assignment_dict( + admin_user["id"], + ref["id"], + new_action["id"] + ) + self.assertIsInstance(action_category_assignments, dict) + self.assertIn("action_category_assignments", action_category_assignments) + self.assertIn("id", action_category_assignments) + self.assertIn("intra_extension_uuid", action_category_assignments) + self.assertEqual(ref["id"], action_category_assignments["intra_extension_uuid"]) + self.assertEqual( + {new_action_category_uuid: [new_action_category_scope2_uuid, ]}, + action_category_assignments["action_category_assignments"][new_action["id"]]) + + self.assertRaises( + ActionCategoryAssignmentAddNotAuthorized, + self.manager.add_action_category_assignment_dict, + demo_user["id"], ref["id"], new_action["id"], + new_action_category_uuid, + new_action_category_scope_uuid + ) + + self.manager.add_action_category_assignment_dict( + admin_user["id"], + ref["id"], + new_action["id"], + new_action_category_uuid, + new_action_category_scope_uuid + ) + + action_category_assignments = self.manager.get_action_category_assignment_dict( + admin_user["id"], + ref["id"], + new_action["id"] + ) + self.assertIsInstance(action_category_assignments, dict) + self.assertIn("action_category_assignments", action_category_assignments) + self.assertIn("id", action_category_assignments) + self.assertIn("intra_extension_uuid", action_category_assignments) + self.assertEqual(ref["id"], action_category_assignments["intra_extension_uuid"]) + self.assertEqual( + {new_action_category_uuid: [new_action_category_scope2_uuid, new_action_category_scope_uuid]}, + action_category_assignments["action_category_assignments"][new_action["id"]]) + + def test_sub_meta_rules(self): + admin_user = self.create_user("admin") + ref = self.create_intra_extension() + demo_user = self.create_user("demo") + + aggregation_algorithms = self.manager.get_aggregation_algorithms(admin_user["id"], ref["id"]) + self.assertIsInstance(aggregation_algorithms, dict) + self.assertIsInstance(aggregation_algorithms["aggregation_algorithms"], list) + self.assertIn("and_true_aggregation", aggregation_algorithms["aggregation_algorithms"]) + self.assertIn("test_aggregation", aggregation_algorithms["aggregation_algorithms"]) + + self.assertRaises( + MetaRuleReadNotAuthorized, + self.manager.get_aggregation_algorithm, + demo_user["id"], ref["id"] + ) + + aggregation_algorithm = self.manager.get_aggregation_algorithm(admin_user["id"], ref["id"]) + self.assertIsInstance(aggregation_algorithm, dict) + self.assertIn("aggregation", aggregation_algorithm) + self.assertIn(aggregation_algorithm["aggregation"], aggregation_algorithms["aggregation_algorithms"]) + + _aggregation_algorithm = list(aggregation_algorithms["aggregation_algorithms"]) + _aggregation_algorithm.remove(aggregation_algorithm["aggregation"]) + + self.assertRaises( + MetaRuleAddNotAuthorized, + self.manager.set_aggregation_algorithms, + demo_user["id"], ref["id"], _aggregation_algorithm[0] + ) + + aggregation_algorithm = self.manager.set_aggregation_algorithm(admin_user["id"], ref["id"], _aggregation_algorithm[0]) + self.assertIsInstance(aggregation_algorithm, dict) + self.assertIn("aggregation", aggregation_algorithm) + self.assertIn(aggregation_algorithm["aggregation"], aggregation_algorithms["aggregation_algorithms"]) + + self.assertRaises( + MetaRuleReadNotAuthorized, + self.manager.get_sub_meta_rule, + demo_user["id"], ref["id"] + ) + + sub_meta_rules = self.manager.get_sub_meta_rule(admin_user["id"], ref["id"]) + self.assertIsInstance(sub_meta_rules, dict) + self.assertIn("sub_meta_rules", sub_meta_rules) + sub_meta_rules_conf = json.load(open(os.path.join(self.policy_directory, ref["model"], "metarule.json"))) + metarule = dict() + categories = { + "subject_categories": self.manager.get_subject_category_dict(admin_user["id"], ref["id"]), + "object_categories": self.manager.get_object_category_dict(admin_user["id"], ref["id"]), + "action_categories": self.manager.get_action_category_dict(admin_user["id"], ref["id"]) + } + for relation in sub_meta_rules_conf["sub_meta_rules"]: + metarule[relation] = dict() + for item in ("subject_categories", "object_categories", "action_categories"): + metarule[relation][item] = list() + for element in sub_meta_rules_conf["sub_meta_rules"][relation][item]: + metarule[relation][item].append(self.__get_key_from_value( + element, + categories[item][item] + )) + + for relation in sub_meta_rules["sub_meta_rules"]: + self.assertIn(relation, metarule) + for item in ("subject_categories", "object_categories", "action_categories"): + self.assertEqual( + sub_meta_rules["sub_meta_rules"][relation][item], + metarule[relation][item] + ) + + new_subject_category = {"id": uuid.uuid4().hex, "name": "subject_category_test"} + # Add a particular subject_category + data = self.manager.add_subject_category_dict( + admin_user["id"], + ref["id"], + new_subject_category["name"]) + new_subject_category["id"] = data["subject_category"]["uuid"] + subject_categories = self.manager.get_subject_category_dict( + admin_user["id"], + ref["id"]) + self.assertIsInstance(subject_categories, dict) + self.assertIn("subject_categories", subject_categories) + self.assertIn("id", subject_categories) + self.assertIn("intra_extension_uuid", subject_categories) + self.assertEqual(ref["id"], subject_categories["intra_extension_uuid"]) + self.assertIn(new_subject_category["id"], subject_categories["subject_categories"]) + metarule[relation]["subject_categories"].append(new_subject_category["id"]) + + self.assertRaises( + MetaRuleAddNotAuthorized, + self.manager.set_sub_meta_rule, + demo_user["id"], ref["id"], metarule + ) + + _sub_meta_rules = self.manager.set_sub_meta_rule(admin_user["id"], ref["id"], metarule) + self.assertIn(relation, metarule) + for item in ("subject_categories", "object_categories", "action_categories"): + self.assertEqual( + _sub_meta_rules["sub_meta_rules"][relation][item], + metarule[relation][item] + ) + + def test_sub_rules(self): + admin_user = self.create_user("admin") + ref = self.create_intra_extension() + demo_user = self.create_user("demo") + + sub_meta_rules = self.manager.get_sub_meta_rule(admin_user["id"], ref["id"]) + self.assertIsInstance(sub_meta_rules, dict) + self.assertIn("sub_meta_rules", sub_meta_rules) + + self.assertRaises( + RuleReadNotAuthorized, + self.manager.get_sub_rules, + demo_user["id"], ref["id"] + ) + + sub_rules = self.manager.get_sub_rules(admin_user["id"], ref["id"]) + self.assertIsInstance(sub_rules, dict) + self.assertIn("rules", sub_rules) + rules = dict() + for relation in sub_rules["rules"]: + self.assertIn(relation, self.manager.get_sub_meta_rule_relations(admin_user["id"], ref["id"])["sub_meta_rule_relations"]) + rules[relation] = list() + for rule in sub_rules["rules"][relation]: + print(rule) + for cat, cat_func, func_name in ( + ("subject_categories", self.manager.get_subject_category_scope_dict, "subject_category_scope"), + ("action_categories", self.manager.get_action_category_scope_dict, "action_category_scope"), + ("object_categories", self.manager.get_object_category_scope_dict, "object_category_scope"), + ): + for cat_value in sub_meta_rules["sub_meta_rules"][relation][cat]: + scope = cat_func( + admin_user["id"], + ref["id"], + cat_value + ) + a_scope = rule.pop(0) + print(a_scope) + if type(a_scope) is not bool: + self.assertIn(a_scope, scope[func_name][cat_value]) + + # add a new subrule + + relation = sub_rules["rules"].keys()[0] + sub_rule = [] + for cat, cat_func, func_name in ( + ("subject_categories", self.manager.get_subject_category_scope_dict, "subject_category_scope"), + ("action_categories", self.manager.get_action_category_scope_dict, "action_category_scope"), + ("object_categories", self.manager.get_object_category_scope_dict, "object_category_scope"), + ): + for cat_value in sub_meta_rules["sub_meta_rules"][relation][cat]: + scope = cat_func( + admin_user["id"], + ref["id"], + cat_value + ) + sub_rule.append(scope[func_name][cat_value].keys()[0]) + + sub_rule.append(True) + self.assertRaises( + RuleAddNotAuthorized, + self.manager.set_sub_rules, + demo_user["id"], ref["id"], relation, sub_rule + ) + + sub_rules = self.manager.set_sub_rule(admin_user["id"], ref["id"], relation, sub_rule) + self.assertIsInstance(sub_rules, dict) + self.assertIn("rules", sub_rules) + rules = dict() + self.assertIn(sub_rule, sub_rules["rules"][relation]) + for relation in sub_rules["rules"]: + self.assertIn(relation, self.manager.get_sub_meta_rule_relations(admin_user["id"], ref["id"])["sub_meta_rule_relations"]) + rules[relation] = list() + for rule in sub_rules["rules"][relation]: + for cat, cat_func, func_name in ( + ("subject_categories", self.manager.get_subject_category_scope_dict, "subject_category_scope"), + ("action_categories", self.manager.get_action_category_scope_dict, "action_category_scope"), + ("object_categories", self.manager.get_object_category_scope_dict, "object_category_scope"), + ): + for cat_value in sub_meta_rules["sub_meta_rules"][relation][cat]: + scope = cat_func( + admin_user["id"], + ref["id"], + cat_value + ) + a_scope = rule.pop(0) + self.assertIn(a_scope, scope[func_name][cat_value]) |