Unified user representation for web and API calls
Both approaches now use a pillar.auth.UserClass instance. g.current_user is now always set to that instance, even for web entry points. This UserClass instance can still be keyed like the old dict, but this is for temporary compatibility and shouldn't be relied on in new or touched code.
This commit is contained in:
@@ -536,14 +536,12 @@ class RequireRolesTest(AbstractPillarTest):
|
||||
called[0] = True
|
||||
|
||||
with self.app.test_request_context():
|
||||
g.current_user = {'user_id': ObjectId(24 * 'a'),
|
||||
'roles': ['succubus']}
|
||||
self.login_api_as(ObjectId(24 * 'a'), roles=['succubus'])
|
||||
call_me()
|
||||
|
||||
self.assertTrue(called[0])
|
||||
|
||||
def test_some_roles_required(self):
|
||||
from flask import g
|
||||
from pillar.api.utils.authorization import require_login
|
||||
|
||||
called = [False]
|
||||
@@ -553,19 +551,16 @@ class RequireRolesTest(AbstractPillarTest):
|
||||
called[0] = True
|
||||
|
||||
with self.app.test_request_context():
|
||||
g.current_user = {'user_id': ObjectId(24 * 'a'),
|
||||
'roles': ['succubus']}
|
||||
self.login_api_as(ObjectId(24 * 'a'), ['succubus'])
|
||||
self.assertRaises(Forbidden, call_me)
|
||||
self.assertFalse(called[0])
|
||||
|
||||
with self.app.test_request_context():
|
||||
g.current_user = {'user_id': ObjectId(24 * 'a'),
|
||||
'roles': ['admin']}
|
||||
self.login_api_as(ObjectId(24 * 'a'), ['admin'])
|
||||
call_me()
|
||||
self.assertTrue(called[0])
|
||||
|
||||
def test_all_roles_required(self):
|
||||
from flask import g
|
||||
from pillar.api.utils.authorization import require_login
|
||||
|
||||
called = [False]
|
||||
@@ -576,39 +571,38 @@ class RequireRolesTest(AbstractPillarTest):
|
||||
called[0] = True
|
||||
|
||||
with self.app.test_request_context():
|
||||
g.current_user = {'user_id': ObjectId(24 * 'a'),
|
||||
'roles': ['admin']}
|
||||
self.login_api_as(ObjectId(24 * 'a'), ['admin'])
|
||||
self.assertRaises(Forbidden, call_me)
|
||||
self.assertFalse(called[0])
|
||||
|
||||
with self.app.test_request_context():
|
||||
g.current_user = {'user_id': ObjectId(24 * 'a'),
|
||||
'roles': ['service']}
|
||||
self.login_api_as(ObjectId(24 * 'a'), ['service'])
|
||||
self.assertRaises(Forbidden, call_me)
|
||||
self.assertFalse(called[0])
|
||||
|
||||
with self.app.test_request_context():
|
||||
g.current_user = {'user_id': ObjectId(24 * 'a'),
|
||||
'roles': ['badger']}
|
||||
self.login_api_as(ObjectId(24 * 'a'), ['badger'])
|
||||
self.assertRaises(Forbidden, call_me)
|
||||
self.assertFalse(called[0])
|
||||
|
||||
with self.app.test_request_context():
|
||||
g.current_user = {'user_id': ObjectId(24 * 'a'),
|
||||
'roles': ['service', 'badger']}
|
||||
self.login_api_as(ObjectId(24 * 'a'), ['service', 'badger'])
|
||||
call_me()
|
||||
self.assertTrue(called[0])
|
||||
|
||||
def test_user_has_role(self):
|
||||
from pillar.api.utils.authorization import user_has_role
|
||||
|
||||
def make_user(roles):
|
||||
return self.create_user_object(ObjectId(), roles=roles)
|
||||
|
||||
with self.app.test_request_context():
|
||||
self.assertTrue(user_has_role('subscriber', {'roles': ['aap', 'noot', 'subscriber']}))
|
||||
self.assertTrue(user_has_role('subscriber', {'roles': ['aap', 'subscriber']}))
|
||||
self.assertFalse(user_has_role('admin', {'roles': ['aap', 'noot', 'subscriber']}))
|
||||
self.assertFalse(user_has_role('admin', {'roles': []}))
|
||||
self.assertFalse(user_has_role('admin', {'roles': None}))
|
||||
self.assertFalse(user_has_role('admin', {}))
|
||||
self.assertTrue(user_has_role('subscriber', make_user(['aap', 'noot', 'subscriber'])))
|
||||
self.assertTrue(user_has_role('subscriber', make_user(['aap', 'subscriber'])))
|
||||
self.assertFalse(user_has_role('admin', make_user(['aap', 'noot', 'subscriber'])))
|
||||
self.assertFalse(user_has_role('admin', make_user([])))
|
||||
self.assertFalse(user_has_role('admin', make_user(None)))
|
||||
self.assertFalse(user_has_role('admin', None))
|
||||
|
||||
|
||||
class UserCreationTest(AbstractPillarTest):
|
||||
|
||||
@@ -71,7 +71,7 @@ class BlenderIdSubclientTest(AbstractPillarTest):
|
||||
with self.app.test_request_context(headers={'Authorization': auth_header}):
|
||||
self.assertTrue(auth.validate_token())
|
||||
self.assertIsNotNone(g.current_user)
|
||||
self.assertEqual(db_user['_id'], g.current_user['user_id'])
|
||||
self.assertEqual(db_user['_id'], g.current_user.user_id)
|
||||
|
||||
def _common_user_test(self, expected_status_code, scst=TEST_SUBCLIENT_TOKEN,
|
||||
expected_full_name=TEST_FULL_NAME,
|
||||
|
||||
@@ -38,10 +38,9 @@ class NodeContentTypeTest(AbstractPillarTest):
|
||||
'name': 'My first test node'}
|
||||
|
||||
with self.app.test_request_context():
|
||||
g.current_user = {'user_id': user_id,
|
||||
self.login_api_as(user_id, roles={'subscriber', 'admin'},
|
||||
# This group is hardcoded in the EXAMPLE_PROJECT.
|
||||
'groups': [ObjectId('5596e975ea893b269af85c0e')],
|
||||
'roles': {'subscriber', 'admin'}}
|
||||
group_ids=[ObjectId('5596e975ea893b269af85c0e')])
|
||||
nodes = self.app.data.driver.db['nodes']
|
||||
|
||||
# Create the node.
|
||||
|
||||
Reference in New Issue
Block a user