fix test_access

2011-07-22 20:41:46 +00:00 · 2011-07-22 20:41:46 +00:00 · bc9f1f47b5
parent 62b9e10bc0
commit bc9f1f47b5
2 changed files with 18 additions and 10 deletions
--- a/nova/auth/manager.py
+++ b/nova/auth/manager.py
@ -518,6 +518,15 @@ class AuthManager(object):
            return drv.get_user_roles(User.safe_id(user),
                                      Project.safe_id(project))

+    def get_active_roles(self, user, project=None):
+        """Get all active roles for context"""
+        if project:
+            roles = FLAGS.allowed_roles
+            roles.append('projectmanager')
+        else:
+            roles = FLAGS.global_roles
+        return [role for role in roles if self.has_role(user, role, project)]
+
    def get_project(self, pid):
        """Get project object by id"""
        with self.driver() as drv:
--- a/nova/tests/test_access.py
+++ b/nova/tests/test_access.py
@ -16,7 +16,6 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

-import unittest
 import webob

 from nova import context
@ -93,7 +92,11 @@ class AccessTestCase(test.TestCase):
        super(AccessTestCase, self).tearDown()

    def response_status(self, user, methodName):
-        ctxt = context.RequestContext(user.id, self.project.id)
+        roles = manager.AuthManager().get_active_roles(user, self.project)
+        ctxt = context.RequestContext(user.id,
+                                      self.project.id,
+                                      is_admin=user.is_admin(),
+                                      roles=roles)
        environ = self._env_for(ctxt, methodName)
        req = webob.Request.blank('/', environ)
        resp = req.get_response(self.mw)
@ -105,30 +108,26 @@ class AccessTestCase(test.TestCase):
    def shouldDeny(self, user, methodName):
        self.assertEqual(401, self.response_status(user, methodName))

-    def test_001_allow_all(self):
+    def test_allow_all(self):
        users = [self.testadmin, self.testpmsys, self.testnet, self.testsys]
        for user in users:
            self.shouldAllow(user, '_allow_all')

-    def test_002_allow_none(self):
+    def test_allow_none(self):
        self.shouldAllow(self.testadmin, '_allow_none')
        users = [self.testpmsys, self.testnet, self.testsys]
        for user in users:
            self.shouldDeny(user, '_allow_none')

-    def test_003_allow_project_manager(self):
+    def test_allow_project_manager(self):
        for user in [self.testadmin, self.testpmsys]:
            self.shouldAllow(user, '_allow_project_manager')
        for user in [self.testnet, self.testsys]:
            self.shouldDeny(user, '_allow_project_manager')

-    def test_004_allow_sys_and_net(self):
+    def test_allow_sys_and_net(self):
        for user in [self.testadmin, self.testnet, self.testsys]:
            self.shouldAllow(user, '_allow_sys_and_net')
        # denied because it doesn't have the per project sysadmin
        for user in [self.testpmsys]:
            self.shouldDeny(user, '_allow_sys_and_net')
-
-if __name__ == "__main__":
-    # TODO: Implement use_fake as an option
-    unittest.main()