fix test_access
This commit is contained in:
parent
62b9e10bc0
commit
bc9f1f47b5
|
@ -518,6 +518,15 @@ class AuthManager(object):
|
|||
return drv.get_user_roles(User.safe_id(user),
|
||||
Project.safe_id(project))
|
||||
|
||||
def get_active_roles(self, user, project=None):
|
||||
"""Get all active roles for context"""
|
||||
if project:
|
||||
roles = FLAGS.allowed_roles
|
||||
roles.append('projectmanager')
|
||||
else:
|
||||
roles = FLAGS.global_roles
|
||||
return [role for role in roles if self.has_role(user, role, project)]
|
||||
|
||||
def get_project(self, pid):
|
||||
"""Get project object by id"""
|
||||
with self.driver() as drv:
|
||||
|
|
|
@ -16,7 +16,6 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import unittest
|
||||
import webob
|
||||
|
||||
from nova import context
|
||||
|
@ -93,7 +92,11 @@ class AccessTestCase(test.TestCase):
|
|||
super(AccessTestCase, self).tearDown()
|
||||
|
||||
def response_status(self, user, methodName):
|
||||
ctxt = context.RequestContext(user.id, self.project.id)
|
||||
roles = manager.AuthManager().get_active_roles(user, self.project)
|
||||
ctxt = context.RequestContext(user.id,
|
||||
self.project.id,
|
||||
is_admin=user.is_admin(),
|
||||
roles=roles)
|
||||
environ = self._env_for(ctxt, methodName)
|
||||
req = webob.Request.blank('/', environ)
|
||||
resp = req.get_response(self.mw)
|
||||
|
@ -105,30 +108,26 @@ class AccessTestCase(test.TestCase):
|
|||
def shouldDeny(self, user, methodName):
|
||||
self.assertEqual(401, self.response_status(user, methodName))
|
||||
|
||||
def test_001_allow_all(self):
|
||||
def test_allow_all(self):
|
||||
users = [self.testadmin, self.testpmsys, self.testnet, self.testsys]
|
||||
for user in users:
|
||||
self.shouldAllow(user, '_allow_all')
|
||||
|
||||
def test_002_allow_none(self):
|
||||
def test_allow_none(self):
|
||||
self.shouldAllow(self.testadmin, '_allow_none')
|
||||
users = [self.testpmsys, self.testnet, self.testsys]
|
||||
for user in users:
|
||||
self.shouldDeny(user, '_allow_none')
|
||||
|
||||
def test_003_allow_project_manager(self):
|
||||
def test_allow_project_manager(self):
|
||||
for user in [self.testadmin, self.testpmsys]:
|
||||
self.shouldAllow(user, '_allow_project_manager')
|
||||
for user in [self.testnet, self.testsys]:
|
||||
self.shouldDeny(user, '_allow_project_manager')
|
||||
|
||||
def test_004_allow_sys_and_net(self):
|
||||
def test_allow_sys_and_net(self):
|
||||
for user in [self.testadmin, self.testnet, self.testsys]:
|
||||
self.shouldAllow(user, '_allow_sys_and_net')
|
||||
# denied because it doesn't have the per project sysadmin
|
||||
for user in [self.testpmsys]:
|
||||
self.shouldDeny(user, '_allow_sys_and_net')
|
||||
|
||||
if __name__ == "__main__":
|
||||
# TODO: Implement use_fake as an option
|
||||
unittest.main()
|
||||
|
|
Loading…
Reference in New Issue