Gitiles
Code Review Sign In
gerrit.onosproject.org / spring-open / 816554403360a1135f7752239294e397c5312fd7 / . / cli / sdncon / clusterAdmin / tests / auth_backends.py
blob: ce2685900ca624c99e178ca3a56284bd6444871b [file] [log] [blame]
srikanth116e6e82014-08-19 07:22:37 -0700[diff] [blame]1#
2# Copyright (c) 2013 Big Switch Networks, Inc.
3#
4# Licensed under the Eclipse Public License, Version 1.0 (the
5# "License"); you may not use this file except in compliance with the
6# License. You may obtain a copy of the License at
7#
8# http://www.eclipse.org/legal/epl-v10.html
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
13# implied. See the License for the specific language governing
14# permissions and limitations under the License.
15#
16
17import warnings
18
19from django.conf import settings
20from django.contrib.auth.models import User, Group, Permission, AnonymousUser
21from django.contrib.contenttypes.models import ContentType
22from django.test import TestCase
23from django.utils.unittest import skipIf
24
25
26class BackendTest(TestCase):
27
28 backend = 'django.contrib.auth.backends.ModelBackend'
29
30 def setUp(self):
31 self.curr_auth = settings.AUTHENTICATION_BACKENDS
32 settings.AUTHENTICATION_BACKENDS = (self.backend,)
33 User.objects.create_user('test', 'test@example.com', 'test')
34
35 def tearDown(self):
36 settings.AUTHENTICATION_BACKENDS = self.curr_auth
37
38 @skipIf(True, "Do not support")
39 def test_has_perm(self):
40 user = User.objects.get(username='test')
41 self.assertEqual(user.has_perm('auth.test'), False)
42 user.is_staff = True
43 user.save()
44 self.assertEqual(user.has_perm('auth.test'), False)
45 user.is_superuser = True
46 user.save()
47 self.assertEqual(user.has_perm('auth.test'), True)
48 user.is_staff = False
49 user.is_superuser = False
50 user.save()
51 self.assertEqual(user.has_perm('auth.test'), False)
52 user.is_staff = True
53 user.is_superuser = True
54 user.is_active = False
55 user.save()
56 self.assertEqual(user.has_perm('auth.test'), False)
57
58 @skipIf(True, "Do not support")
59 def test_custom_perms(self):
60 user = User.objects.get(username='test')
61 content_type=ContentType.objects.get_for_model(Group)
62 perm = Permission.objects.create(name='test', content_type=content_type, codename='test')
63 user.user_permissions.add(perm)
64 user.save()
65
66 # reloading user to purge the _perm_cache
67 user = User.objects.get(username='test')
68 self.assertEqual(user.get_all_permissions() == set([u'auth.test']), True)
69 self.assertEqual(user.get_group_permissions(), set([]))
70 self.assertEqual(user.has_module_perms('Group'), False)
71 self.assertEqual(user.has_module_perms('auth'), True)
72 perm = Permission.objects.create(name='test2', content_type=content_type, codename='test2')
73 user.user_permissions.add(perm)
74 user.save()
75 perm = Permission.objects.create(name='test3', content_type=content_type, codename='test3')
76 user.user_permissions.add(perm)
77 user.save()
78 user = User.objects.get(username='test')
79 self.assertEqual(user.get_all_permissions(), set([u'auth.test2', u'auth.test', u'auth.test3']))
80 self.assertEqual(user.has_perm('test'), False)
81 self.assertEqual(user.has_perm('auth.test'), True)
82 self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), True)
83 perm = Permission.objects.create(name='test_group', content_type=content_type, codename='test_group')
84 group = Group.objects.create(name='test_group')
85 group.permissions.add(perm)
86 group.save()
87 user.groups.add(group)
88 user = User.objects.get(username='test')
89 exp = set([u'auth.test2', u'auth.test', u'auth.test3', u'auth.test_group'])
90 self.assertEqual(user.get_all_permissions(), exp)
91 self.assertEqual(user.get_group_permissions(), set([u'auth.test_group']))
92 self.assertEqual(user.has_perms(['auth.test3', 'auth.test_group']), True)
93
94 user = AnonymousUser()
95 self.assertEqual(user.has_perm('test'), False)
96 self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), False)
97
98 @skipIf(True, "Do not support")
99 def test_has_no_object_perm(self):
100 """Regressiontest for #12462"""
101 user = User.objects.get(username='test')
102 content_type=ContentType.objects.get_for_model(Group)
103 perm = Permission.objects.create(name='test', content_type=content_type, codename='test')
104 user.user_permissions.add(perm)
105 user.save()
106
107 self.assertEqual(user.has_perm('auth.test', 'object'), False)
108 self.assertEqual(user.get_all_permissions('object'), set([]))
109 self.assertEqual(user.has_perm('auth.test'), True)
110 self.assertEqual(user.get_all_permissions(), set(['auth.test']))
111
112
113class TestObj(object):
114 pass
115
116
117class SimpleRowlevelBackend(object):
118 supports_object_permissions = True
119
120 # This class also supports tests for anonymous user permissions,
121 # via subclasses which just set the 'supports_anonymous_user' attribute.
122
123 def has_perm(self, user, perm, obj=None):
124 if not obj:
125 return # We only support row level perms
126
127 if isinstance(obj, TestObj):
128 if user.username == 'test2':
129 return True
130 elif user.is_anonymous() and perm == 'anon':
131 # not reached due to supports_anonymous_user = False
132 return True
133 return False
134
135 def has_module_perms(self, user, app_label):
136 return app_label == "app1"
137
138 def get_all_permissions(self, user, obj=None):
139 if not obj:
140 return [] # We only support row level perms
141
142 if not isinstance(obj, TestObj):
143 return ['none']
144
145 if user.is_anonymous():
146 return ['anon']
147 if user.username == 'test2':
148 return ['simple', 'advanced']
149 else:
150 return ['simple']
151
152 def get_group_permissions(self, user, obj=None):
153 if not obj:
154 return # We only support row level perms
155
156 if not isinstance(obj, TestObj):
157 return ['none']
158
159 if 'test_group' in [group.name for group in user.groups.all()]:
160 return ['group_perm']
161 else:
162 return ['none']
163
164
165class RowlevelBackendTest(TestCase):
166 """
167 Tests for auth backend that supports object level permissions
168 """
169 backend = 'django.contrib.auth.tests.auth_backends.SimpleRowlevelBackend'
170
171 def setUp(self):
172 self.curr_auth = settings.AUTHENTICATION_BACKENDS
173 settings.AUTHENTICATION_BACKENDS = tuple(self.curr_auth) + (self.backend,)
174 self.user1 = User.objects.create_user('test', 'test@example.com', 'test')
175 self.user2 = User.objects.create_user('test2', 'test2@example.com', 'test')
176 self.user3 = User.objects.create_user('test3', 'test3@example.com', 'test')
177 self.save_warnings_state()
178 warnings.filterwarnings('ignore', category=DeprecationWarning,
179 module='django.contrib.auth')
180
181 def tearDown(self):
182 settings.AUTHENTICATION_BACKENDS = self.curr_auth
183 self.restore_warnings_state()
184
185 @skipIf(True, "Do not support")
186 def test_has_perm(self):
187 self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
188 self.assertEqual(self.user2.has_perm('perm', TestObj()), True)
189 self.assertEqual(self.user2.has_perm('perm'), False)
190 self.assertEqual(self.user2.has_perms(['simple', 'advanced'], TestObj()), True)
191 self.assertEqual(self.user3.has_perm('perm', TestObj()), False)
192 self.assertEqual(self.user3.has_perm('anon', TestObj()), False)
193 self.assertEqual(self.user3.has_perms(['simple', 'advanced'], TestObj()), False)
194
195 @skipIf(True, "Do not support")
196 def test_get_all_permissions(self):
197 self.assertEqual(self.user1.get_all_permissions(TestObj()), set(['simple']))
198 self.assertEqual(self.user2.get_all_permissions(TestObj()), set(['simple', 'advanced']))
199 self.assertEqual(self.user2.get_all_permissions(), set([]))
200
201 @skipIf(True, "Do not support")
202 def test_get_group_permissions(self):
203 content_type=ContentType.objects.get_for_model(Group)
204 group = Group.objects.create(name='test_group')
205 self.user3.groups.add(group)
206 self.assertEqual(self.user3.get_group_permissions(TestObj()), set(['group_perm']))
207
208
209class AnonymousUserBackend(SimpleRowlevelBackend):
210
211 supports_anonymous_user = True
212
213
214class NoAnonymousUserBackend(SimpleRowlevelBackend):
215
216 supports_anonymous_user = False
217
218
219class AnonymousUserBackendTest(TestCase):
220 """
221 Tests for AnonymousUser delegating to backend if it has 'supports_anonymous_user' = True
222 """
223
224 backend = 'django.contrib.auth.tests.auth_backends.AnonymousUserBackend'
225
226 def setUp(self):
227 self.curr_auth = settings.AUTHENTICATION_BACKENDS
228 settings.AUTHENTICATION_BACKENDS = (self.backend,)
229 self.user1 = AnonymousUser()
230
231 def tearDown(self):
232 settings.AUTHENTICATION_BACKENDS = self.curr_auth
233
234 @skipIf(True, "Do not support")
235 def test_has_perm(self):
236 self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
237 self.assertEqual(self.user1.has_perm('anon', TestObj()), True)
238
239 @skipIf(True, "Do not support")
240 def test_has_perms(self):
241 self.assertEqual(self.user1.has_perms(['anon'], TestObj()), True)
242 self.assertEqual(self.user1.has_perms(['anon', 'perm'], TestObj()), False)
243
244 def test_has_module_perms(self):
245 self.assertEqual(self.user1.has_module_perms("app1"), True)
246 self.assertEqual(self.user1.has_module_perms("app2"), False)
247
248 @skipIf(True, "Do not support")
249 def test_get_all_permissions(self):
250 self.assertEqual(self.user1.get_all_permissions(TestObj()), set(['anon']))
251
252
253class NoAnonymousUserBackendTest(TestCase):
254 """
255 Tests that AnonymousUser does not delegate to backend if it has 'supports_anonymous_user' = False
256 """
257 backend = 'django.contrib.auth.tests.auth_backends.NoAnonymousUserBackend'
258
259 def setUp(self):
260 self.curr_auth = settings.AUTHENTICATION_BACKENDS
261 settings.AUTHENTICATION_BACKENDS = tuple(self.curr_auth) + (self.backend,)
262 self.user1 = AnonymousUser()
263
264 def tearDown(self):
265 settings.AUTHENTICATION_BACKENDS = self.curr_auth
266
267 @skipIf(True, "Do not support")
268 def test_has_perm(self):
269 self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
270 self.assertEqual(self.user1.has_perm('anon', TestObj()), False)
271
272 def test_has_perms(self):
273 self.assertEqual(self.user1.has_perms(['anon'], TestObj()), False)
274
275 def test_has_module_perms(self):
276 self.assertEqual(self.user1.has_module_perms("app1"), False)
277 self.assertEqual(self.user1.has_module_perms("app2"), False)
278
279 def test_get_all_permissions(self):
280 self.assertEqual(self.user1.get_all_permissions(TestObj()), set())