Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1798)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: appengine/swarming/server/acl_test.py

Issue 2984843002: swarming: switch to a 'capability focused' ACL system (Closed)
Patch Set: Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« appengine/swarming/server/acl.py ('K') | « appengine/swarming/server/acl.py ('k') | appengine/swarming/server/task_request.py » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: appengine/swarming/server/acl_test.py
diff --git a/appengine/swarming/server/acl_test.py b/appengine/swarming/server/acl_test.py
index 48bec844b431a80aac7cf4027ae7b21e44a6c9f6..beb58e40be549587e4798436737ceaaec9463660 100755
--- a/appengine/swarming/server/acl_test.py
+++ b/appengine/swarming/server/acl_test.py
@@ -32,109 +32,40 @@ BOT_BOOTSTRAP_GROUP = ADMINS_GROUP
class AclTest(test_case.TestCase):
def setUp(self):
super(AclTest, self).setUp()
-
auth_testing.reset_local_state()
- utils.clear_cache(config.settings)
+ def settings():
+ return config_pb2.SettingsCfg(
+ auth=config_pb2.AuthSettings(
+ admins_group='admins',
+ privileged_users_group='privileged_users',
+ users_group='users',
+ view_all_bots_group='view_all_bots',
+ view_all_tasks_group='view_all_tasks'))
+ self.mock(config, 'settings', settings)
@staticmethod
def add_to_group(group):
auth.bootstrap_group(group, [auth.get_current_identity()])
+ auth_testing.reset_local_state()
def add_to_admin(self):
auth_testing.mock_is_admin(self, True)
- def mock_auth_config(self, **kwargs):
- cfg = config_pb2.SettingsCfg(auth=config_pb2.AuthSettings(**kwargs))
- self.mock(config, '_get_settings', lambda: ('test_rev', cfg))
-
def test_is_admin_app_admin(self):
self.add_to_admin()
- self.assertTrue(acl.is_admin())
+ self.assertTrue(acl._is_admin())
self.assertEqual(acl.get_user_type(), 'admin')
def test_is_admin_not_app_admin(self):
- self.assertFalse(acl.is_admin())
- self.assertIsNone(acl.get_user_type())
-
- def test_is_admin_default_group(self):
- self.add_to_group(ADMINS_GROUP)
- self.assertTrue(acl.is_admin())
- self.assertEqual(acl.get_user_type(), 'admin')
-
- def test_is_admin_custom_group(self):
- self.mock_auth_config(admins_group='test_group')
- self.add_to_group('test_group')
- self.assertTrue(acl.is_admin())
- self.assertEqual(acl.get_user_type(), 'admin')
-
- def test_is_privileged_user_admin(self):
- self.add_to_admin()
- self.assertTrue(acl.is_privileged_user())
- self.assertEqual(acl.get_user_type(), 'admin')
-
- def test_is_privileged_user_default_group(self):
- self.add_to_group(PRIVILEGED_USERS_GROUP)
- self.assertTrue(acl.is_privileged_user())
- self.assertEqual(acl.get_user_type(), 'admin')
-
- def test_is_privileged_user_custom_group(self):
- self.mock_auth_config(privileged_users_group='test_group')
- self.add_to_group('test_group')
- self.assertTrue(acl.is_privileged_user())
- self.assertEqual(acl.get_user_type(), 'privileged user')
-
- def test_is_privileged_user_wrong_group(self):
- self.mock_auth_config(privileged_users_group='test_group')
- self.add_to_group('wrong_test_group')
- self.assertFalse(acl.is_privileged_user())
+ self.assertFalse(acl._is_admin())
self.assertIsNone(acl.get_user_type())
- def test_is_user_privileged(self):
- self.mock_auth_config(privileged_users_group='test_group')
- self.add_to_group('test_group')
- self.assertTrue(acl.is_user())
- self.assertEqual(acl.get_user_type(), 'privileged user')
-
- def test_is_user_default_group(self):
- self.add_to_group(USERS_GROUP)
- self.assertTrue(acl.is_user())
- self.assertEqual(acl.get_user_type(), 'admin')
-
- def test_is_user_custom_group(self):
- self.mock_auth_config(users_group='test_group')
- self.add_to_group('test_group')
- self.assertTrue(acl.is_user())
+ def test_can_access(self):
+ self.assertFalse(acl.can_access())
+ self.add_to_group('users')
+ self.assertTrue(acl.can_access())
self.assertEqual(acl.get_user_type(), 'user')
- def test_is_user_wrong_group(self):
- self.mock_auth_config(users_group='test_group')
- self.add_to_group('wrong_test_group')
- self.assertFalse(acl.is_user())
- self.assertIsNone(acl.get_user_type())
-
- def test_is_bootstrapper_admin(self):
- self.add_to_admin()
- self.assertTrue(acl.is_bootstrapper())
- self.assertEqual(acl.get_user_type(), 'admin')
-
- def test_is_bootstrapper_default_group(self):
- self.add_to_group(BOT_BOOTSTRAP_GROUP)
- self.assertTrue(acl.is_bootstrapper())
- self.assertEqual(acl.get_user_type(), 'admin')
-
- def test_is_bootstrapper_custom_group(self):
- self.mock_auth_config(bot_bootstrap_group='test_group')
- self.add_to_group('test_group')
- self.assertTrue(acl.is_bootstrapper())
- self.assertIsNone(acl.get_user_type())
-
- def test_is_bootstrapper_wrong_group(self):
- self.mock_auth_config(privileged_users_group='test_wrong_group',
- bot_bootstrap_group='test_correct_group')
- self.add_to_group('test_wrong_group')
- self.assertFalse(acl.is_bootstrapper())
- self.assertEqual(acl.get_user_type(), 'privileged user')
-
if __name__ == '__main__':
if '-v' in sys.argv:
« appengine/swarming/server/acl.py ('K') | « appengine/swarming/server/acl.py ('k') | appengine/swarming/server/task_request.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698