Browse files

Removing old user default permissions, updated user delete controller…

… to delete all permissions for user including for admin and added unit tests to test these changes
  • Loading branch information...
1 parent 5866c91 commit d322053fd8213b82473ea0266cfbbf57ccc8f1a6 Sayli Karmarkar committed Sep 30, 2012
View
12 platform/src/pulp/server/managers/auth/permission/cud.py
@@ -218,7 +218,6 @@ def grant_automatic_permissions_for_resource(self, resource):
operations = [self.CREATE, self.READ, self.UPDATE, self.DELETE, self.EXECUTE]
self.grant(resource, user['login'], operations)
- return True
def grant_automatic_permissions_for_user(self, login):
@@ -229,12 +228,9 @@ def grant_automatic_permissions_for_user(self, login):
@param login: login of the new user
@type login: str
"""
- self.grant('/users/%s/' % login, login, [self.READ, self.UPDATE])
- self.grant('/users/admin_certificate/', login, [self.READ])
self.grant('/v2/actions/login/', login, [self.READ, self.UPDATE])
self.grant('/v2/actions/logout/', login, [self.READ, self.UPDATE])
self.grant('/v2/users/%s/' % login, login, [self.READ, self.UPDATE])
- self.grant('/v2/users/admin_certificate/', login, [self.READ])
def revoke_permission_from_user(self, resource, login, operation_names):
@@ -271,7 +267,9 @@ def revoke_all_permissions_from_user(self, login):
if login not in permission['users']:
continue
del permission['users'][login]
- Permission.get_collection().save(permission, safe=True)
-
- return True
+ if permission['users']:
+ Permission.get_collection().save(permission, safe=True)
+ else:
+ # Delete entire permission if there are no more users
+ Permission.get_collection().remove({'resource':permission['resource']}, safe=True)
View
4 platform/src/pulp/server/webservices/controllers/users.py
@@ -137,6 +137,10 @@ def DELETE(self, login):
[login],
resources=resources,
tags=tags)
+ # Remove permissions
+ user_link = serialization.link.current_link_obj()
+ permission_manager = managers.permission_manager()
+ permission_manager.delete_permission(user_link['_href'])
return execution.execute_ok(self, call_request)
View
52 platform/test/unit/test_auth_controller.py
@@ -67,7 +67,6 @@ def test_get(self):
self.assertTrue('password' not in body[0])
self.assertTrue('_href' in body[0])
-
def test_get_no_users(self):
"""
Tests that a list with admin user is returned when no users are present.
@@ -80,7 +79,6 @@ def test_get_no_users(self):
self.assertEqual(200, status)
self.assertEqual(1, len(body))
-
def test_post(self):
"""
Tests using post to create a user.
@@ -105,6 +103,30 @@ def test_post(self):
self.assertTrue(user is not None)
self.assertEqual(params['name'], user['name'])
self.assertTrue(self.password_manager.check_password(user['password'], params['password']))
+
+ def test_user_default_permissions(self):
+ """
+ Tests default permissions given to the user after creation.
+ """
+
+ # Setup
+ params = {
+ 'login' : 'user-1',
+ 'name' : 'User 1',
+ 'password' : 'test-password',
+ }
+
+ # Test
+ self.post('/v2/users/', params=params)
+
+ # Verify
+ user = User.get_collection().find_one({'login' : 'user-1'})
+ self.assertTrue(user is not None)
+
+ permission = Permission.get_collection().find_one({'resource' : '/v2/users/user-1/'})
+ self.assertTrue(permission is not None)
+ self.assertTrue('user-1' in permission['users'])
+ self.assertTrue('ws-user' in permission['users'])
def test_post_bad_data(self):
"""
@@ -136,6 +158,7 @@ def test_post_conflict(self):
# Verify
self.assertEqual(409, status)
+
class UserResourceTests(AuthControllersTests):
def test_get(self):
@@ -155,7 +178,6 @@ def test_get(self):
self.assertTrue('_href' in body)
self.assertTrue(body['_href'].endswith('users/user-1/'))
-
def test_get_missing_user(self):
"""
Tests that a 404 is returned when getting a user that doesn't exist.
@@ -184,6 +206,27 @@ def test_delete(self):
user = User.get_collection().find_one({'login' : 'doomed'})
self.assertTrue(user is None)
+ def test_delete_user_permissions(self):
+ """
+ Tests deleting an existing user.
+ """
+
+ # Setup
+ params = {
+ 'login' : 'user-1',
+ 'name' : 'User 1',
+ 'password' : 'test-password',
+ }
+ self.post('/v2/users/', params=params)
+
+ # Test
+ status, body = self.delete('/v2/users/user-1/')
+
+ # Verify that permissions are removed
+ self.assertEqual(200, status)
+ permission = Permission.get_collection().find_one({'resource' : '/v2/users/user-1/'})
+ self.assertTrue(permission is None)
+
def test_delete_missing_user(self):
"""
Tests deleting a user that isn't there.
@@ -245,7 +288,6 @@ def populate(self):
for login in self.USER_LOGINS:
user_manager = manager_factory.user_manager()
user_manager.create_user(login=login, password=login, roles=[self.ROLE_ID])
-
def validate(self, body, user_count=None):
if user_count is None:
@@ -379,8 +421,6 @@ def test_post_with_roles(self):
self.validate(body)
-
-
class RoleCollectionTests(AuthControllersTests):
def test_get(self):

0 comments on commit d322053

Please sign in to comment.