func (s *userManagerSuite) TestNewUserManagerAPIRefusesNonClient(c *gc.C) {
anAuthoriser := s.authorizer
anAuthoriser.Client = false
endPoint, err := usermanager.NewUserManagerAPI(s.State, nil, anAuthoriser)
c.Assert(endPoint, gc.IsNil)
c.Assert(err, gc.ErrorMatches, "permission denied")
}
func (s *userManagerSuite) SetUpTest(c *gc.C) {
s.JujuConnSuite.SetUpTest(c)
user, err := s.State.User("admin")
c.Assert(err, gc.IsNil)
s.authorizer = apiservertesting.FakeAuthorizer{
Tag: names.NewUserTag("admin"),
LoggedIn: true,
Client: true,
Entity: user,
}
s.usermanager, err = usermanager.NewUserManagerAPI(s.State, nil, s.authorizer)
c.Assert(err, gc.IsNil)
}
func (s *userManagerSuite) TestAgentUnauthorized(c *gc.C) {
machine1, err := s.State.AddMachine("quantal", state.JobManageEnviron)
c.Assert(err, gc.IsNil)
// Create a FakeAuthorizer so we can check permissions,
// set up assuming machine 1 has logged in.
s.authorizer = apiservertesting.FakeAuthorizer{
Tag: machine1.Tag(),
LoggedIn: true,
MachineAgent: true,
}
s.usermanager, err = usermanager.NewUserManagerAPI(s.State, nil, s.authorizer)
c.Assert(err, gc.ErrorMatches, "permission denied")
}
// UserManager returns an object that provides access to the UserManager API
// facade. The id argument is reserved for future use and currently
// needs to be empty
func (r *srvRoot) UserManager(id string) (*usermanager.UserManagerAPI, error) {
if id != "" {
return nil, common.ErrBadId
}
return usermanager.NewUserManagerAPI(r.srv.state, r)
}