41
40
class AccessTestCase(test.TestCase):
42
41
def _env_for(self, ctxt, action):
44
env['ec2.context'] = ctxt
43
env['nova.context'] = ctxt
45
44
env['ec2.request'] = FakeApiRequest(action)
93
92
super(AccessTestCase, self).tearDown()
95
94
def response_status(self, user, methodName):
96
ctxt = context.RequestContext(user, self.project)
95
roles = manager.AuthManager().get_active_roles(user, self.project)
96
ctxt = context.RequestContext(user.id,
98
is_admin=user.is_admin(),
97
100
environ = self._env_for(ctxt, methodName)
98
101
req = webob.Request.blank('/', environ)
99
102
resp = req.get_response(self.mw)
105
108
def shouldDeny(self, user, methodName):
106
109
self.assertEqual(401, self.response_status(user, methodName))
108
def test_001_allow_all(self):
111
def test_allow_all(self):
109
112
users = [self.testadmin, self.testpmsys, self.testnet, self.testsys]
110
113
for user in users:
111
114
self.shouldAllow(user, '_allow_all')
113
def test_002_allow_none(self):
116
def test_allow_none(self):
114
117
self.shouldAllow(self.testadmin, '_allow_none')
115
118
users = [self.testpmsys, self.testnet, self.testsys]
116
119
for user in users:
117
120
self.shouldDeny(user, '_allow_none')
119
def test_003_allow_project_manager(self):
122
def test_allow_project_manager(self):
120
123
for user in [self.testadmin, self.testpmsys]:
121
124
self.shouldAllow(user, '_allow_project_manager')
122
125
for user in [self.testnet, self.testsys]:
123
126
self.shouldDeny(user, '_allow_project_manager')
125
def test_004_allow_sys_and_net(self):
128
def test_allow_sys_and_net(self):
126
129
for user in [self.testadmin, self.testnet, self.testsys]:
127
130
self.shouldAllow(user, '_allow_sys_and_net')
128
131
# denied because it doesn't have the per project sysadmin
129
132
for user in [self.testpmsys]:
130
133
self.shouldDeny(user, '_allow_sys_and_net')
132
if __name__ == "__main__":
133
# TODO: Implement use_fake as an option