コード例 #1
0
ファイル: user_test.go プロジェクト: reoring/tsuru
func (s *S) TestUserAddRole(c *check.C) {
	_, err := permission.NewRole("r1", "app")
	c.Assert(err, check.IsNil)
	_, err = permission.NewRole("r2", "app")
	c.Assert(err, check.IsNil)
	u := User{Email: "*****@*****.**", Password: "******"}
	err = u.Create()
	c.Assert(err, check.IsNil)
	err = u.AddRole("r1", "c1")
	c.Assert(err, check.IsNil)
	err = u.AddRole("r1", "c2")
	c.Assert(err, check.IsNil)
	err = u.AddRole("r2", "x")
	c.Assert(err, check.IsNil)
	err = u.AddRole("r2", "x")
	c.Assert(err, check.IsNil)
	err = u.AddRole("r3", "a")
	c.Assert(err, check.Equals, permission.ErrRoleNotFound)
	expected := []RoleInstance{
		{Name: "r1", ContextValue: "c1"},
		{Name: "r1", ContextValue: "c2"},
		{Name: "r2", ContextValue: "x"},
	}
	sort.Sort(roleInstanceList(expected))
	sort.Sort(roleInstanceList(u.Roles))
	c.Assert(u.Roles, check.DeepEquals, expected)
	uDB, err := GetUserByEmail("*****@*****.**")
	c.Assert(err, check.IsNil)
	sort.Sort(roleInstanceList(uDB.Roles))
	c.Assert(uDB.Roles, check.DeepEquals, expected)
}
コード例 #2
0
ファイル: permission_test.go プロジェクト: Endika/tsuru
func (s *S) TestAddDefaultRole(c *check.C) {
	_, err := permission.NewRole("r1", "team")
	c.Assert(err, check.IsNil)
	_, err = permission.NewRole("r2", "team")
	c.Assert(err, check.IsNil)
	_, err = permission.NewRole("r3", "global")
	c.Assert(err, check.IsNil)
	rec := httptest.NewRecorder()
	body := bytes.NewBufferString("team-create=r1&team-create=r2&user-create=r3")
	req, err := http.NewRequest("POST", "/role/default", body)
	c.Assert(err, check.IsNil)
	token := userWithPermission(c, permission.Permission{
		Scheme:  permission.PermRoleDefaultCreate,
		Context: permission.Context(permission.CtxGlobal, ""),
	})
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	req.Header.Set("Authorization", "bearer "+token.GetValue())
	server := RunServer(true)
	server.ServeHTTP(rec, req)
	c.Assert(rec.Code, check.Equals, http.StatusOK)
	r1, err := permission.FindRole("r1")
	c.Assert(err, check.IsNil)
	c.Assert(r1.Events, check.DeepEquals, []string{permission.RoleEventTeamCreate.String()})
	r2, err := permission.FindRole("r2")
	c.Assert(err, check.IsNil)
	c.Assert(r2.Events, check.DeepEquals, []string{permission.RoleEventTeamCreate.String()})
	r3, err := permission.FindRole("r3")
	c.Assert(err, check.IsNil)
	c.Assert(r3.Events, check.DeepEquals, []string{permission.RoleEventUserCreate.String()})
}
コード例 #3
0
ファイル: user_test.go プロジェクト: zhenruyan/tsuru
func (s *S) TestUserPermissionsWithRemovedRole(c *check.C) {
	role, err := permission.NewRole("test", "team")
	c.Assert(err, check.IsNil)
	u := User{Email: "*****@*****.**", Password: "******"}
	err = u.Create()
	c.Assert(err, check.IsNil)
	err = u.AddRole(role.Name, "team")
	c.Assert(err, check.IsNil)
	conn, err := db.Conn()
	c.Assert(err, check.IsNil)
	defer conn.Close()
	err = conn.Roles().RemoveId(role.Name)
	c.Assert(err, check.IsNil)
	perms, err := u.Permissions()
	c.Assert(err, check.IsNil)
	c.Assert(perms, check.IsNil)
	r1, err := permission.NewRole("r1", "app")
	c.Assert(err, check.IsNil)
	err = r1.AddPermissions("app.update.env", "app.deploy")
	c.Assert(err, check.IsNil)
	err = u.AddRole("r1", "myapp")
	c.Assert(err, check.IsNil)
	err = u.AddRole("r1", "myapp2")
	c.Assert(err, check.IsNil)
	perms, err = u.Permissions()
	c.Assert(err, check.IsNil)
	c.Assert(perms, check.DeepEquals, []permission.Permission{
		{Scheme: permission.PermAppDeploy, Context: permission.Context(permission.CtxApp, "myapp")},
		{Scheme: permission.PermAppUpdateEnv, Context: permission.Context(permission.CtxApp, "myapp")},
		{Scheme: permission.PermAppDeploy, Context: permission.Context(permission.CtxApp, "myapp2")},
		{Scheme: permission.PermAppUpdateEnv, Context: permission.Context(permission.CtxApp, "myapp2")},
	})
}
コード例 #4
0
ファイル: permission_test.go プロジェクト: tsuru/tsuru
func (s *S) TestAddDefaultRole(c *check.C) {
	_, err := permission.NewRole("r1", "team", "")
	c.Assert(err, check.IsNil)
	_, err = permission.NewRole("r2", "team", "")
	c.Assert(err, check.IsNil)
	_, err = permission.NewRole("r3", "global", "")
	c.Assert(err, check.IsNil)
	rec := httptest.NewRecorder()
	body := bytes.NewBufferString("team-create=r1&team-create=r2&user-create=r3")
	req, err := http.NewRequest("POST", "/role/default", body)
	c.Assert(err, check.IsNil)
	token := userWithPermission(c, permission.Permission{
		Scheme:  permission.PermRoleDefaultCreate,
		Context: permission.Context(permission.CtxGlobal, ""),
	})
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	req.Header.Set("Authorization", "bearer "+token.GetValue())
	server := RunServer(true)
	server.ServeHTTP(rec, req)
	c.Assert(rec.Code, check.Equals, http.StatusOK)
	r1, err := permission.FindRole("r1")
	c.Assert(err, check.IsNil)
	c.Assert(r1.Events, check.DeepEquals, []string{permission.RoleEventTeamCreate.String()})
	r2, err := permission.FindRole("r2")
	c.Assert(err, check.IsNil)
	c.Assert(r2.Events, check.DeepEquals, []string{permission.RoleEventTeamCreate.String()})
	r3, err := permission.FindRole("r3")
	c.Assert(err, check.IsNil)
	c.Assert(r3.Events, check.DeepEquals, []string{permission.RoleEventUserCreate.String()})
	c.Assert(eventtest.EventDesc{
		Target: event.Target{Type: event.TargetTypeRole, Value: "r1"},
		Owner:  token.GetUserName(),
		Kind:   "role.default.create",
		StartCustomData: []map[string]interface{}{
			{"name": "team-create", "value": []string{"r1", "r2"}},
			{"name": "user-create", "value": "r3"},
		},
	}, eventtest.HasEvent)
	c.Assert(eventtest.EventDesc{
		Target: event.Target{Type: event.TargetTypeRole, Value: "r2"},
		Owner:  token.GetUserName(),
		Kind:   "role.default.create",
		StartCustomData: []map[string]interface{}{
			{"name": "team-create", "value": []string{"r1", "r2"}},
			{"name": "user-create", "value": "r3"},
		},
	}, eventtest.HasEvent)
	c.Assert(eventtest.EventDesc{
		Target: event.Target{Type: event.TargetTypeRole, Value: "r3"},
		Owner:  token.GetUserName(),
		Kind:   "role.default.create",
		StartCustomData: []map[string]interface{}{
			{"name": "team-create", "value": []string{"r1", "r2"}},
			{"name": "user-create", "value": "r3"},
		},
	}, eventtest.HasEvent)
}
コード例 #5
0
ファイル: permission_test.go プロジェクト: reoring/tsuru
func (s *S) TestDissociateRole(c *check.C) {
	_, err := permission.NewRole("test", "team")
	c.Assert(err, check.IsNil)
	token := userWithPermission(c, permission.Permission{
		Scheme:  permission.PermRoleUpdateDissociate,
		Context: permission.Context(permission.CtxGlobal, ""),
	})
	u, err := auth.GetUserByEmail("*****@*****.**")
	c.Assert(err, check.IsNil)
	err = u.AddRole("test", "myteam")
	c.Assert(err, check.IsNil)
	c.Assert(u.Roles, check.HasLen, 2)
	req, err := http.NewRequest("DELETE", "/roles/test/user/[email protected]?context=myteam", nil)
	c.Assert(err, check.IsNil)
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	req.Header.Set("Authorization", "bearer "+token.GetValue())
	recorder := httptest.NewRecorder()
	server := RunServer(true)
	server.ServeHTTP(recorder, req)
	c.Assert(err, check.IsNil)
	c.Assert(recorder.Code, check.Equals, http.StatusOK)
	u, err = auth.GetUserByEmail("*****@*****.**")
	c.Assert(err, check.IsNil)
	c.Assert(u.Roles, check.HasLen, 1)
}
コード例 #6
0
ファイル: permission_test.go プロジェクト: tsuru/tsuru
func (s *S) TestRemoveDefaultRole(c *check.C) {
	r1, err := permission.NewRole("r1", "team", "")
	c.Assert(err, check.IsNil)
	err = r1.AddEvent(permission.RoleEventTeamCreate.String())
	c.Assert(err, check.IsNil)
	rec := httptest.NewRecorder()
	req, err := http.NewRequest("DELETE", "/role/default?team-create=r1", nil)
	c.Assert(err, check.IsNil)
	token := userWithPermission(c, permission.Permission{
		Scheme:  permission.PermRoleDefaultDelete,
		Context: permission.Context(permission.CtxGlobal, ""),
	})
	req.Header.Set("Authorization", "bearer "+token.GetValue())
	server := RunServer(true)
	server.ServeHTTP(rec, req)
	c.Assert(rec.Code, check.Equals, http.StatusOK)
	r1, err = permission.FindRole("r1")
	c.Assert(err, check.IsNil)
	c.Assert(r1.Events, check.DeepEquals, []string{})
	c.Assert(eventtest.EventDesc{
		Target: event.Target{Type: event.TargetTypeRole, Value: "r1"},
		Owner:  token.GetUserName(),
		Kind:   "role.default.delete",
		StartCustomData: []map[string]interface{}{
			{"name": "team-create", "value": "r1"},
		},
	}, eventtest.HasEvent)
}
コード例 #7
0
ファイル: permission_test.go プロジェクト: delkyd/tsuru
func (s *S) TestRemoveRole(c *check.C) {
	s.conn.Roles().DropCollection()
	_, err := permission.NewRole("test", "app")
	c.Assert(err, check.IsNil)
	req, err := http.NewRequest("DELETE", "/roles/test", nil)
	c.Assert(err, check.IsNil)
	token := userWithPermission(c, permission.Permission{
		Scheme:  permission.PermRoleDelete,
		Context: permission.Context(permission.CtxGlobal, ""),
	})
	user, err := token.User()
	c.Assert(err, check.IsNil)
	err = user.AddRole("test", "app")
	c.Assert(err, check.IsNil)
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	req.Header.Set("Authorization", "bearer "+token.GetValue())
	recorder := httptest.NewRecorder()
	server := RunServer(true)
	server.ServeHTTP(recorder, req)
	c.Assert(recorder.Code, check.Equals, http.StatusOK)
	roles, err := permission.ListRoles()
	c.Assert(err, check.IsNil)
	c.Assert(roles, check.HasLen, 1)
	user, err = token.User()
	c.Assert(err, check.IsNil)
	c.Assert(user.Roles, check.HasLen, 1)
}
コード例 #8
0
ファイル: permission_test.go プロジェクト: tsuru/tsuru
func (s *S) TestAssignRoleCheckGandalf(c *check.C) {
	role, err := permission.NewRole("test", "app", "")
	c.Assert(err, check.IsNil)
	err = role.AddPermissions("app.deploy")
	c.Assert(err, check.IsNil)
	emptyToken := customUserWithPermission(c, "user2")
	a := app.App{Name: "myapp", TeamOwner: s.team.Name}
	err = app.CreateApp(&a, s.user)
	c.Assert(err, check.IsNil)
	roleBody := bytes.NewBufferString(fmt.Sprintf("email=%s&context=myapp", emptyToken.GetUserName()))
	req, err := http.NewRequest("POST", "/roles/test/user", roleBody)
	c.Assert(err, check.IsNil)
	token := customUserWithPermission(c, "user1", permission.Permission{
		Scheme:  permission.PermRoleUpdateAssign,
		Context: permission.Context(permission.CtxGlobal, ""),
	}, permission.Permission{
		Scheme:  permission.PermAppDeploy,
		Context: permission.Context(permission.CtxApp, "myapp"),
	})
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	req.Header.Set("Authorization", "bearer "+token.GetValue())
	recorder := httptest.NewRecorder()
	server := RunServer(true)
	server.ServeHTTP(recorder, req)
	c.Assert(err, check.IsNil)
	c.Assert(recorder.Code, check.Equals, http.StatusOK)
	emptyUser, err := emptyToken.User()
	c.Assert(err, check.IsNil)
	users, err := repositorytest.Granted("myapp")
	c.Assert(err, check.IsNil)
	c.Assert(users, check.DeepEquals, []string{s.user.Email, emptyToken.GetUserName()})
	c.Assert(emptyUser.Roles, check.HasLen, 1)
}
コード例 #9
0
ファイル: permission_test.go プロジェクト: Endika/tsuru
func (s *S) benchmarkAddPermissionToRole(c *check.C, body string) []string {
	c.StopTimer()
	a := app.App{Name: "myapp", TeamOwner: s.team.Name}
	err := app.CreateApp(&a, s.user)
	c.Assert(err, check.IsNil)
	role, err := permission.NewRole("test", "team")
	c.Assert(err, check.IsNil)
	err = role.AddPermissions("app.create")
	c.Assert(err, check.IsNil)
	nUsers := 100
	var userEmails []string
	for i := 0; i < nUsers; i++ {
		email := fmt.Sprintf("*****@*****.**", i)
		userEmails = append(userEmails, email)
		user := &auth.User{Email: email, Password: "******"}
		_, err = nativeScheme.Create(user)
		c.Assert(err, check.IsNil)
		err = user.AddRole("test", s.team.Name)
		c.Assert(err, check.IsNil)
	}
	recorder := httptest.NewRecorder()
	m := RunServer(true)
	c.StartTimer()
	for i := 0; i < c.N; i++ {
		b := bytes.NewBufferString(body)
		request, err := http.NewRequest("POST", "/roles/test/permissions", b)
		c.Assert(err, check.IsNil)
		request.Header.Add("Authorization", "bearer "+s.token.GetValue())
		request.Header.Set("Content-Type", "application/x-www-form-urlencoded")
		m.ServeHTTP(recorder, request)
	}
	c.StopTimer()
	c.Assert(recorder.Code, check.Equals, http.StatusOK)
	return userEmails
}
コード例 #10
0
ファイル: permission_test.go プロジェクト: tsuru/tsuru
func (s *S) TestRemovePermissionsFromRole(c *check.C) {
	r, err := permission.NewRole("test", "team", "")
	c.Assert(err, check.IsNil)
	defer permission.DestroyRole(r.Name)
	err = r.AddPermissions("app.update")
	c.Assert(err, check.IsNil)
	rec := httptest.NewRecorder()
	req, err := http.NewRequest("DELETE", "/roles/test/permissions/app.update", nil)
	c.Assert(err, check.IsNil)
	token := userWithPermission(c, permission.Permission{
		Scheme:  permission.PermRoleUpdate,
		Context: permission.Context(permission.CtxGlobal, ""),
	})
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	req.Header.Set("Authorization", "bearer "+token.GetValue())
	server := RunServer(true)
	server.ServeHTTP(rec, req)
	c.Assert(rec.Code, check.Equals, http.StatusOK)
	r, err = permission.FindRole("test")
	c.Assert(err, check.IsNil)
	c.Assert(r.SchemeNames, check.DeepEquals, []string{})
	c.Assert(eventtest.EventDesc{
		Target: event.Target{Type: event.TargetTypeRole, Value: "test"},
		Owner:  token.GetUserName(),
		Kind:   "role.update.permission.remove",
		StartCustomData: []map[string]interface{}{
			{"name": ":name", "value": "test"},
			{"name": ":permission", "value": "app.update"},
		},
	}, eventtest.HasEvent)
}
コード例 #11
0
ファイル: permission_test.go プロジェクト: tsuru/tsuru
func (s *S) TestAddPermissionsToARole(c *check.C) {
	_, err := permission.NewRole("test", "team", "")
	c.Assert(err, check.IsNil)
	rec := httptest.NewRecorder()
	b := bytes.NewBufferString(`permission=app.update&permission=app.deploy`)
	req, err := http.NewRequest("POST", "/roles/test/permissions", b)
	c.Assert(err, check.IsNil)
	token := userWithPermission(c, permission.Permission{
		Scheme:  permission.PermRoleUpdate,
		Context: permission.Context(permission.CtxGlobal, ""),
	})
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	req.Header.Set("Authorization", "bearer "+token.GetValue())
	server := RunServer(true)
	server.ServeHTTP(rec, req)
	c.Assert(rec.Code, check.Equals, http.StatusOK)
	r, err := permission.FindRole("test")
	c.Assert(err, check.IsNil)
	sort.Strings(r.SchemeNames)
	c.Assert(r.SchemeNames, check.DeepEquals, []string{"app.deploy", "app.update"})
	c.Assert(eventtest.EventDesc{
		Target: event.Target{Type: event.TargetTypeRole, Value: "test"},
		Owner:  token.GetUserName(),
		Kind:   "role.update.permission.add",
		StartCustomData: []map[string]interface{}{
			{"name": "permission", "value": []string{"app.update", "app.deploy"}},
		},
	}, eventtest.HasEvent)
}
コード例 #12
0
ファイル: permission_test.go プロジェクト: tsuru/tsuru
func (s *S) TestRemoveRole(c *check.C) {
	s.conn.Roles().DropCollection()
	_, err := permission.NewRole("test", "app", "")
	c.Assert(err, check.IsNil)
	req, err := http.NewRequest("DELETE", "/roles/test", nil)
	c.Assert(err, check.IsNil)
	token := userWithPermission(c, permission.Permission{
		Scheme:  permission.PermRoleDelete,
		Context: permission.Context(permission.CtxGlobal, ""),
	})
	user, err := token.User()
	c.Assert(err, check.IsNil)
	err = user.AddRole("test", "app")
	c.Assert(err, check.IsNil)
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	req.Header.Set("Authorization", "bearer "+token.GetValue())
	recorder := httptest.NewRecorder()
	server := RunServer(true)
	server.ServeHTTP(recorder, req)
	c.Assert(recorder.Code, check.Equals, http.StatusOK)
	roles, err := permission.ListRoles()
	c.Assert(err, check.IsNil)
	c.Assert(roles, check.HasLen, 1)
	user, err = token.User()
	c.Assert(err, check.IsNil)
	c.Assert(user.Roles, check.HasLen, 1)
	c.Assert(eventtest.EventDesc{
		Target: event.Target{Type: event.TargetTypeRole, Value: "test"},
		Owner:  token.GetUserName(),
		Kind:   "role.delete",
		StartCustomData: []map[string]interface{}{
			{"name": ":name", "value": "test"},
		},
	}, eventtest.HasEvent)
}
コード例 #13
0
ファイル: permission_test.go プロジェクト: Endika/tsuru
func (s *S) TestAssignRoleNotAuthorized(c *check.C) {
	role, err := permission.NewRole("test", "team")
	c.Assert(err, check.IsNil)
	err = role.AddPermissions("app.create")
	c.Assert(err, check.IsNil)
	emptyToken := customUserWithPermission(c, "user2")
	roleBody := bytes.NewBufferString(fmt.Sprintf("email=%s&context=myteam", emptyToken.GetUserName()))
	req, err := http.NewRequest("POST", "/roles/test/user", roleBody)
	c.Assert(err, check.IsNil)
	token := userWithPermission(c, permission.Permission{
		Scheme:  permission.PermRoleUpdateAssign,
		Context: permission.Context(permission.CtxGlobal, ""),
	}, permission.Permission{
		Scheme:  permission.PermAppCreate,
		Context: permission.Context(permission.CtxTeam, "otherteam"),
	})
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	req.Header.Set("Authorization", "bearer "+token.GetValue())
	recorder := httptest.NewRecorder()
	server := RunServer(true)
	server.ServeHTTP(recorder, req)
	c.Assert(err, check.IsNil)
	c.Assert(recorder.Code, check.Equals, http.StatusForbidden)
	c.Assert(recorder.Body.String(), check.Equals, "User not authorized to use permission app.create(team myteam)\n")
	emptyUser, err := emptyToken.User()
	c.Assert(err, check.IsNil)
	c.Assert(emptyUser.Roles, check.HasLen, 0)
}
コード例 #14
0
ファイル: permission_test.go プロジェクト: Endika/tsuru
func (s *S) TestRemovePermissionsFromRoleSyncGitRepository(c *check.C) {
	r, err := permission.NewRole("test", "team")
	c.Assert(err, check.IsNil)
	defer permission.DestroyRole(r.Name)
	err = r.AddPermissions("app.deploy")
	c.Assert(err, check.IsNil)
	user := &auth.User{Email: "*****@*****.**", Password: "******"}
	_, err = nativeScheme.Create(user)
	c.Assert(err, check.IsNil)
	err = user.AddRole("test", s.team.Name)
	c.Assert(err, check.IsNil)
	a := app.App{Name: "myapp", TeamOwner: s.team.Name}
	err = app.CreateApp(&a, s.user)
	err = repository.Manager().GrantAccess(a.Name, user.Email)
	c.Assert(err, check.IsNil)
	rec := httptest.NewRecorder()
	req, err := http.NewRequest("DELETE", "/roles/test/permissions/app.deploy", nil)
	c.Assert(err, check.IsNil)
	token := userWithPermission(c, permission.Permission{
		Scheme:  permission.PermRoleUpdate,
		Context: permission.Context(permission.CtxGlobal, ""),
	})
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	req.Header.Set("Authorization", "bearer "+token.GetValue())
	server := RunServer(true)
	server.ServeHTTP(rec, req)
	c.Assert(rec.Code, check.Equals, http.StatusOK)
	r, err = permission.FindRole("test")
	c.Assert(err, check.IsNil)
	c.Assert(r.SchemeNames, check.DeepEquals, []string{})
	users, err := repositorytest.Granted(a.Name)
	c.Assert(err, check.IsNil)
	c.Assert(users, check.DeepEquals, []string{s.user.Email})
}
コード例 #15
0
ファイル: user_test.go プロジェクト: tsuru/tsuru
func (s *S) TestUserPermissions(c *check.C) {
	u := User{Email: "*****@*****.**", Password: "******"}
	err := u.Create()
	c.Assert(err, check.IsNil)
	perms, err := u.Permissions()
	c.Assert(err, check.IsNil)
	c.Assert(perms, check.DeepEquals, []permission.Permission{
		{Scheme: permission.PermUser, Context: permission.Context(permission.CtxUser, u.Email)},
	})
	r1, err := permission.NewRole("r1", "app", "")
	c.Assert(err, check.IsNil)
	err = r1.AddPermissions("app.update.env", "app.deploy")
	c.Assert(err, check.IsNil)
	err = u.AddRole("r1", "myapp")
	c.Assert(err, check.IsNil)
	err = u.AddRole("r1", "myapp2")
	c.Assert(err, check.IsNil)
	perms, err = u.Permissions()
	c.Assert(err, check.IsNil)
	c.Assert(perms, check.DeepEquals, []permission.Permission{
		{Scheme: permission.PermUser, Context: permission.Context(permission.CtxUser, u.Email)},
		{Scheme: permission.PermAppDeploy, Context: permission.Context(permission.CtxApp, "myapp")},
		{Scheme: permission.PermAppUpdateEnv, Context: permission.Context(permission.CtxApp, "myapp")},
		{Scheme: permission.PermAppDeploy, Context: permission.Context(permission.CtxApp, "myapp2")},
		{Scheme: permission.PermAppUpdateEnv, Context: permission.Context(permission.CtxApp, "myapp2")},
	})
}
コード例 #16
0
ファイル: permission_test.go プロジェクト: Endika/tsuru
func (s *S) TestAddPermissionsToARoleSyncGitRepository(c *check.C) {
	_, err := permission.NewRole("test", "team")
	c.Assert(err, check.IsNil)
	user := &auth.User{Email: "*****@*****.**", Password: "******"}
	_, err = nativeScheme.Create(user)
	c.Assert(err, check.IsNil)
	err = user.AddRole("test", s.team.Name)
	c.Assert(err, check.IsNil)
	a := app.App{Name: "myapp", TeamOwner: s.team.Name}
	err = app.CreateApp(&a, s.user)
	c.Assert(err, check.IsNil)
	users, err := repositorytest.Granted("myapp")
	c.Assert(err, check.IsNil)
	c.Assert(users, check.DeepEquals, []string{s.user.Email})
	rec := httptest.NewRecorder()
	b := bytes.NewBufferString(`permission=app.update&permission=app.deploy`)
	req, err := http.NewRequest("POST", "/roles/test/permissions", b)
	c.Assert(err, check.IsNil)
	token := userWithPermission(c, permission.Permission{
		Scheme:  permission.PermRoleUpdate,
		Context: permission.Context(permission.CtxGlobal, ""),
	})
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	req.Header.Set("Authorization", "bearer "+token.GetValue())
	server := RunServer(true)
	server.ServeHTTP(rec, req)
	c.Assert(rec.Code, check.Equals, http.StatusOK)
	users, err = repositorytest.Granted("myapp")
	c.Assert(err, check.IsNil)
	c.Assert(users, check.DeepEquals, []string{s.user.Email, user.Email})
}
コード例 #17
0
ファイル: permission_test.go プロジェクト: Endika/tsuru
func (s *S) TestDissociateRoleNotAuthorized(c *check.C) {
	role, err := permission.NewRole("test", "team")
	c.Assert(err, check.IsNil)
	err = role.AddPermissions("app.create")
	c.Assert(err, check.IsNil)
	otherToken := customUserWithPermission(c, "user2")
	otherUser, err := otherToken.User()
	c.Assert(err, check.IsNil)
	err = otherUser.AddRole(role.Name, "myteam")
	c.Assert(err, check.IsNil)
	url := fmt.Sprintf("/roles/test/user/%s?context=myteam", otherToken.GetUserName())
	req, err := http.NewRequest("DELETE", url, nil)
	c.Assert(err, check.IsNil)
	token := customUserWithPermission(c, "user1", permission.Permission{
		Scheme:  permission.PermRoleUpdateDissociate,
		Context: permission.Context(permission.CtxGlobal, ""),
	}, permission.Permission{
		Scheme:  permission.PermAppCreate,
		Context: permission.Context(permission.CtxTeam, "otherteam"),
	})
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	req.Header.Set("Authorization", "bearer "+token.GetValue())
	recorder := httptest.NewRecorder()
	server := RunServer(true)
	server.ServeHTTP(recorder, req)
	c.Assert(err, check.IsNil)
	c.Assert(recorder.Code, check.Equals, http.StatusForbidden)
	c.Assert(recorder.Body.String(), check.Equals, "User not authorized to use permission app.create(team myteam)\n")
	otherUser, err = otherToken.User()
	c.Assert(err, check.IsNil)
	c.Assert(otherUser.Roles, check.HasLen, 1)
}
コード例 #18
0
ファイル: user_test.go プロジェクト: tsuru/tsuru
func (s *S) TestListUsersWithPermissions(c *check.C) {
	u1 := User{Email: "*****@*****.**", Password: "******"}
	err := u1.Create()
	c.Assert(err, check.IsNil)
	u2 := User{Email: "*****@*****.**", Password: "******"}
	err = u2.Create()
	c.Assert(err, check.IsNil)
	r1, err := permission.NewRole("r1", "app", "")
	c.Assert(err, check.IsNil)
	err = r1.AddPermissions("app.update.env", "app.deploy")
	c.Assert(err, check.IsNil)
	err = u1.AddRole("r1", "myapp1")
	c.Assert(err, check.IsNil)
	err = u2.AddRole("r1", "myapp2")
	c.Assert(err, check.IsNil)
	users, err := ListUsersWithPermissions(permission.Permission{
		Scheme:  permission.PermAppDeploy,
		Context: permission.Context(permission.CtxApp, "myapp1"),
	})
	c.Assert(err, check.IsNil)
	c.Assert(users, check.HasLen, 1)
	c.Assert(users[0].Email, check.Equals, u1.Email)
	users, err = ListUsersWithPermissions(permission.Permission{
		Scheme:  permission.PermAppDeploy,
		Context: permission.Context(permission.CtxApp, "myapp2"),
	})
	c.Assert(err, check.IsNil)
	c.Assert(users, check.HasLen, 1)
	c.Assert(users[0].Email, check.Equals, u2.Email)
}
コード例 #19
0
ファイル: permission_test.go プロジェクト: Endika/tsuru
func (s *S) TestListPermissions(c *check.C) {
	role, err := permission.NewRole("test", "app")
	c.Assert(err, check.IsNil)
	err = role.AddPermissions("app")
	c.Assert(err, check.IsNil)
	rec := httptest.NewRecorder()
	req, err := http.NewRequest("GET", "/permissions", nil)
	c.Assert(err, check.IsNil)
	token := userWithPermission(c, permission.Permission{
		Scheme:  permission.PermRoleUpdate,
		Context: permission.Context(permission.CtxGlobal, ""),
	})
	req.Header.Set("Authorization", "bearer "+token.GetValue())
	server := RunServer(true)
	server.ServeHTTP(rec, req)
	c.Assert(rec.Code, check.Equals, http.StatusOK)
	var data []permissionSchemeData
	err = json.Unmarshal(rec.Body.Bytes(), &data)
	c.Assert(err, check.IsNil)
	c.Assert(len(data) > 0, check.Equals, true)
	c.Assert(data[0], check.DeepEquals, permissionSchemeData{
		Name:     "",
		Contexts: []string{"global"},
	})
}
コード例 #20
0
ファイル: migrate.go プロジェクト: tsuru/tsuru
func createRole(name, contextType string) (permission.Role, error) {
	role, err := permission.NewRole(name, contextType, "")
	if err == permission.ErrRoleAlreadyExists {
		role, err = permission.FindRole(name)
	}
	return role, err
}
コード例 #21
0
ファイル: permission.go プロジェクト: reoring/tsuru
func addRole(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	if !permission.Check(t, permission.PermRoleCreate) {
		return permission.ErrUnauthorized
	}
	_, err := permission.NewRole(r.FormValue("name"), r.FormValue("context"))
	if err == nil {
		w.WriteHeader(http.StatusCreated)
	}
	return err
}
コード例 #22
0
func (s *S) TestRemoveRole(c *check.C) {
	_, err := permission.NewRole("test", "app")
	c.Assert(err, check.IsNil)
	rec := httptest.NewRecorder()
	role := bytes.NewBufferString(`{"name": "test"}`)
	req, err := http.NewRequest("DELETE", "/role", role)
	c.Assert(err, check.IsNil)
	err = removeRole(rec, req, nil)
	c.Assert(err, check.IsNil)
}
コード例 #23
0
func (s *S) TestListRoles(c *check.C) {
	_, err := permission.NewRole("test", "app")
	c.Assert(err, check.IsNil)
	rec := httptest.NewRecorder()
	req, err := http.NewRequest("GET", "/role", nil)
	c.Assert(err, check.IsNil)
	expected := `[{"name":"test","context":"app"}]`
	err = listRoles(rec, req, nil)
	c.Assert(err, check.IsNil)
	c.Assert(rec.Body.String(), check.Equals, expected)
}
コード例 #24
0
ファイル: handlers_test.go プロジェクト: tsuru/tsuru
func createTokenForUser(user *auth.User, perm, contextType, contextValue string, c *check.C) auth.Token {
	token, err := nativeScheme.Login(map[string]string{"email": user.Email, "password": "******"})
	c.Assert(err, check.IsNil)
	role, err := permission.NewRole("provisioner-docker-"+user.Email+perm, contextType, "")
	c.Assert(err, check.IsNil)
	err = role.AddPermissions(perm)
	c.Assert(err, check.IsNil)
	err = user.AddRole(role.Name, contextValue)
	c.Assert(err, check.IsNil)
	return token
}
コード例 #25
0
ファイル: permission.go プロジェクト: nicolas2bonfils/tsuru
func addRole(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	defer r.Body.Close()
	b, err := ioutil.ReadAll(r.Body)
	if err != nil {
		return err
	}
	var params map[string]string
	err = json.Unmarshal(b, &params)
	_, err = permission.NewRole(params["name"], params["context"])
	return err
}
コード例 #26
0
func (s *S) TestAddPermissionsToARole(c *check.C) {
	r, err := permission.NewRole("test", "team")
	c.Assert(err, check.IsNil)
	defer permission.DestroyRole(r.Name)
	rec := httptest.NewRecorder()
	url := fmt.Sprintf("/role/%s/permissions?:name=%s", r.Name, r.Name)
	b := bytes.NewBufferString(`{"permissions": ["app.update"]}`)
	req, err := http.NewRequest("POST", url, b)
	c.Assert(err, check.IsNil)
	err = addPermissions(rec, req, nil)
	c.Assert(err, check.IsNil)
}
コード例 #27
0
ファイル: permission_test.go プロジェクト: Endika/tsuru
func (s *S) TestRemoveRoleUnauthorized(c *check.C) {
	_, err := permission.NewRole("test", "app")
	c.Assert(err, check.IsNil)
	req, err := http.NewRequest("DELETE", "/roles/test", nil)
	c.Assert(err, check.IsNil)
	token := userWithPermission(c)
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	req.Header.Set("Authorization", "bearer "+token.GetValue())
	recorder := httptest.NewRecorder()
	server := RunServer(true)
	server.ServeHTTP(recorder, req)
	c.Assert(recorder.Code, check.Equals, http.StatusForbidden)
}
コード例 #28
0
ファイル: user_test.go プロジェクト: tsuru/tsuru
func (s *S) TestAddRolesForEvent(c *check.C) {
	r1, err := permission.NewRole("r1", "team", "")
	c.Assert(err, check.IsNil)
	err = r1.AddEvent(permission.RoleEventTeamCreate.String())
	c.Assert(err, check.IsNil)
	u1 := User{Email: "*****@*****.**", Password: "******"}
	err = u1.Create()
	c.Assert(err, check.IsNil)
	err = u1.AddRolesForEvent(permission.RoleEventTeamCreate, "team1")
	c.Assert(err, check.IsNil)
	u, err := GetUserByEmail(u1.Email)
	c.Assert(err, check.IsNil)
	c.Assert(u.Roles, check.DeepEquals, []RoleInstance{{Name: "r1", ContextValue: "team1"}})
}
コード例 #29
0
ファイル: token.go プロジェクト: pedrosnk/tsuru
func addSuperRole(u *auth.User) error {
	defaultRoleName := "AllowAll"
	r, err := permission.FindRole(defaultRoleName)
	if err != nil {
		r, err = permission.NewRole(defaultRoleName, string(permission.CtxGlobal), "")
		if err != nil {
			return err
		}
	}
	err = r.AddPermissions("*")
	if err != nil {
		return err
	}
	return u.AddRole(defaultRoleName, "")
}
コード例 #30
0
ファイル: platform_test.go プロジェクト: zhenruyan/tsuru
func createToken(c *check.C) auth.Token {
	user := &auth.User{Email: "platform-admin" + "@groundcontrol.com", Password: "******", Quota: quota.Unlimited}
	nativeScheme.Remove(user)
	_, err := nativeScheme.Create(user)
	c.Assert(err, check.IsNil)
	token, err := nativeScheme.Login(map[string]string{"email": user.Email, "password": "******"})
	c.Assert(err, check.IsNil)
	role, err := permission.NewRole("platform-admin", string(permission.CtxGlobal))
	c.Assert(err, check.IsNil)
	err = role.AddPermissions("*")
	c.Assert(err, check.IsNil)
	err = user.AddRole(role.Name, "")
	c.Assert(err, check.IsNil)
	return token
}