##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
auth-lib: fixed and tested perms origin dicts....
super-admin -
r4943:873cb454 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -367,12 +367,18 b' class PermOriginDict(dict):'
367 self.perm_origin_stack = collections.OrderedDict()
367 self.perm_origin_stack = collections.OrderedDict()
368
368
369 def __setitem__(self, key, perm_origin_obj_id):
369 def __setitem__(self, key, perm_origin_obj_id):
370 # set (most likely via pickle) key:val pair without tuple
371 if not isinstance(perm_origin_obj_id, tuple):
372 perm = perm_origin_obj_id
373 dict.__setitem__(self, key, perm)
374 else:
375 # unpack if we create a key from tuple
370 (perm, origin, obj_id) = perm_origin_obj_id
376 (perm, origin, obj_id) = perm_origin_obj_id
371 self.perm_origin_stack.setdefault(key, []).append((perm, origin, obj_id))
377 self.perm_origin_stack.setdefault(key, []).append((perm, origin, obj_id))
372 dict.__setitem__(self, key, perm)
378 dict.__setitem__(self, key, perm)
373
379
374
380
375 class BranchPermOriginDict(PermOriginDict):
381 class BranchPermOriginDict(dict):
376 """
382 """
377 Dedicated branch permissions dict, with tracking of patterns and origins.
383 Dedicated branch permissions dict, with tracking of patterns and origins.
378
384
@@ -386,18 +392,24 b' class BranchPermOriginDict(PermOriginDic'
386 >>> perms.perm_origin_stack
392 >>> perms.perm_origin_stack
387 {'resource': {'*pattern': [('read', 'default'), ('write', 'admin')]}}
393 {'resource': {'*pattern': [('read', 'default'), ('write', 'admin')]}}
388 """
394 """
395 def __init__(self, *args, **kw):
396 dict.__init__(self, *args, **kw)
397 self.perm_origin_stack = collections.OrderedDict()
398
389 def __setitem__(self, key, pattern_perm_origin):
399 def __setitem__(self, key, pattern_perm_origin):
390 (pattern, perm, origin) = pattern_perm_origin
400 # set (most likely via pickle) key:val pair without tuple
391
401 if not isinstance(pattern_perm_origin, tuple):
402 pattern_perm = pattern_perm_origin
403 dict.__setitem__(self, key, pattern_perm)
404
405 else:
406 (pattern_perm, origin) = pattern_perm_origin
407 # we're passing in the dict, so we save the the stack
408 for pattern, perm in pattern_perm.items():
392 self.perm_origin_stack.setdefault(key, {}) \
409 self.perm_origin_stack.setdefault(key, {})\
393 .setdefault(pattern, []).append((perm, origin))
410 .setdefault(pattern, []).append((perm, origin))
394
411
395 if key in self:
412 dict.__setitem__(self, key, pattern_perm)
396 self[key].__setitem__(pattern, perm)
397 else:
398 patterns = collections.OrderedDict()
399 patterns[pattern] = perm
400 dict.__setitem__(self, key, patterns)
401
413
402
414
403 class PermissionCalculator(object):
415 class PermissionCalculator(object):
@@ -643,7 +655,7 b' class PermissionCalculator(object):'
643
655
644 # NOTE(marcink): register all pattern/perm instances in this
656 # NOTE(marcink): register all pattern/perm instances in this
645 # special dict that aggregates entries
657 # special dict that aggregates entries
646 self.permissions_repository_branches[r_k] = pattern, p, o
658 self.permissions_repository_branches[r_k] = {pattern: p}, o
647
659
648 def _calculate_default_permissions_repository_groups(self, user_inherit_object_permissions):
660 def _calculate_default_permissions_repository_groups(self, user_inherit_object_permissions):
649 for perm in self.default_repo_groups_perms:
661 for perm in self.default_repo_groups_perms:
@@ -827,7 +839,7 b' class PermissionCalculator(object):'
827 cur_perm = self.permissions_repository_branches[r_k][pattern]
839 cur_perm = self.permissions_repository_branches[r_k][pattern]
828 p = self._choose_permission(p, cur_perm)
840 p = self._choose_permission(p, cur_perm)
829
841
830 self.permissions_repository_branches[r_k] = pattern, p, o
842 self.permissions_repository_branches[r_k] = {pattern: p}, o
831
843
832 # user explicit branch permissions for repositories, overrides
844 # user explicit branch permissions for repositories, overrides
833 # any specified by the group permission
845 # any specified by the group permission
@@ -850,7 +862,7 b' class PermissionCalculator(object):'
850
862
851 # NOTE(marcink): register all pattern/perm instances in this
863 # NOTE(marcink): register all pattern/perm instances in this
852 # special dict that aggregates entries
864 # special dict that aggregates entries
853 self.permissions_repository_branches[r_k] = pattern, p, o
865 self.permissions_repository_branches[r_k] = {pattern: p}, o
854
866
855 def _calculate_repository_group_permissions(self):
867 def _calculate_repository_group_permissions(self):
856 """
868 """
Show file before | Show file after | Hide comments
@@ -33,6 +33,11 b' from rhodecode.model.user import UserMod'
33 from rhodecode.model.user_group import UserGroupModel
33 from rhodecode.model.user_group import UserGroupModel
34
34
35
35
36 def repickle(obj):
37 import pickle
38 return pickle.loads(pickle.dumps(obj, protocol=pickle.HIGHEST_PROTOCOL))
39
40
36 def test_perm_origin_dict():
41 def test_perm_origin_dict():
37 pod = auth.PermOriginDict()
42 pod = auth.PermOriginDict()
38 pod['thing'] = 'read', 'default', 1
43 pod['thing'] = 'read', 'default', 1
@@ -59,8 +64,90 b' def test_perm_origin_dict():'
59 'other': [('write', 'default', 8), ('none', 'override', 8)],
64 'other': [('write', 'default', 8), ('none', 'override', 8)],
60 'thing': [('read', 'default', 1), ('write', 'admin', 1)]}
65 'thing': [('read', 'default', 1), ('write', 'admin', 1)]}
61
66
67 # we can still save regular key
68 pod['thing'] = 'read'
62 with pytest.raises(ValueError):
69 with pytest.raises(ValueError):
70 pod['thing'] = 'read', 'missing-3td-key'
71
72
73 def test_perm_origin_dict_serialization():
74 pod = auth.PermOriginDict()
75 pod['thing'] = 'read', 'default', 1
76
77 assert pod['thing'] == 'read'
78 pod = repickle(pod)
79 assert pod['thing'] == 'read'
80
81 assert pod.perm_origin_stack == {
82 'thing': [('read', 'default', 1)]}
83
84 pod['thing'] = 'write', 'admin', 1
85 assert pod['thing'] == 'write'
86 assert pod['thing'] == 'write'
87 assert pod.perm_origin_stack == {
88 'thing': [('read', 'default', 1), ('write', 'admin', 1)]}
89
90 pod = repickle(pod)
91 assert pod['thing'] == 'write'
92 assert pod['thing'] == 'write'
93 assert pod.perm_origin_stack == {
94 'thing': [('read', 'default', 1), ('write', 'admin', 1)]}
95
96 pod['other'] = 'write', 'default', 8
97
98 assert pod.perm_origin_stack == {
99 'other': [('write', 'default', 8)],
100 'thing': [('read', 'default', 1), ('write', 'admin', 1)]}
101 pod = repickle(pod)
102 assert pod.perm_origin_stack == {
103 'other': [('write', 'default', 8)],
104 'thing': [('read', 'default', 1), ('write', 'admin', 1)]}
105
106 pod['other'] = 'none', 'override', 8
107
108 assert pod.perm_origin_stack == {
109 'other': [('write', 'default', 8), ('none', 'override', 8)],
110 'thing': [('read', 'default', 1), ('write', 'admin', 1)]}
111 pod = repickle(pod)
112 assert pod.perm_origin_stack == {
113 'other': [('write', 'default', 8), ('none', 'override', 8)],
114 'thing': [('read', 'default', 1), ('write', 'admin', 1)]}
115
63 pod['thing'] = 'read'
116 pod['thing'] = 'read'
117 with pytest.raises(ValueError):
118 pod['thing'] = 'read', 'missing-3td-key'
119
120
121 def test_branch_perm_origin_dict():
122 pod = auth.BranchPermOriginDict()
123 pod['resource'] = {'*pattern': 'read'}, 'default'
124 assert pod['resource'] == {'*pattern': 'read'}
125 assert pod.perm_origin_stack == {'resource': {'*pattern': [('read', 'default')]}}
126
127 # 2nd call
128 pod['resource'] = {'*pattern': 'write'}, 'admin'
129 assert pod['resource'] == {'*pattern': 'write'}
130 assert pod.perm_origin_stack == {'resource': {'*pattern': [('read', 'default'), ('write', 'admin')]}}
131
132
133 def test_branch_perm_origin_dict_serialization():
134 pod = auth.BranchPermOriginDict()
135 pod['resource'] = {'*pattern': 'read'}, 'default'
136 assert pod['resource'] == {'*pattern': 'read'}
137 assert pod.perm_origin_stack == {'resource': {'*pattern': [('read', 'default')]}}
138
139 pod = repickle(pod)
140 assert pod['resource'] == {'*pattern': 'read'}
141 assert pod.perm_origin_stack == {'resource': {'*pattern': [('read', 'default')]}}
142
143 # 2nd call
144 pod['resource'] = {'*pattern': 'write'}, 'admin'
145 assert pod['resource'] == {'*pattern': 'write'}
146 assert pod.perm_origin_stack == {'resource': {'*pattern': [('read', 'default'), ('write', 'admin')]}}
147
148 pod = repickle(pod)
149 assert pod['resource'] == {'*pattern': 'write'}
150 assert pod.perm_origin_stack == {'resource': {'*pattern': [('read', 'default'), ('write', 'admin')]}}
64
151
65
152
66 def test_cached_perms_data(user_regular, backend_random):
153 def test_cached_perms_data(user_regular, backend_random):
General Comments 0
You need to be logged in to leave comments. Login now