From nobody Fri Apr 19 14:32:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of ovirt.org designates 66.187.230.42 as permitted sender) client-ip=66.187.230.42; envelope-from=kimchi-devel-bounces@ovirt.org; helo=lists.ovirt.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of ovirt.org designates 66.187.230.42 as permitted sender) smtp.mailfrom=kimchi-devel-bounces@ovirt.org; Return-Path: Received: from lists.ovirt.org (lists.phx.ovirt.org [66.187.230.42]) by mx.zohomail.com with SMTPS id 1487265691491981.3504767289928; Thu, 16 Feb 2017 09:21:31 -0800 (PST) Received: from lists.phx.ovirt.org (localhost [127.0.0.1]) by lists.ovirt.org (Postfix) with ESMTP id 1624F82068B; Thu, 16 Feb 2017 17:21:29 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lists.ovirt.org (Postfix) with ESMTPS id 1D45E8205F6 for ; Thu, 16 Feb 2017 17:21:01 +0000 (UTC) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v1GHDqB7084821 for ; Thu, 16 Feb 2017 12:21:00 -0500 Received: from e24smtp05.br.ibm.com (e24smtp05.br.ibm.com [32.104.18.26]) by mx0b-001b2d01.pphosted.com with ESMTP id 28ndpj06b5-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 16 Feb 2017 12:21:00 -0500 Received: from localhost by e24smtp05.br.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 16 Feb 2017 15:20:58 -0200 Received: from d24dlp01.br.ibm.com (9.18.248.204) by e24smtp05.br.ibm.com (10.172.0.141) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 16 Feb 2017 15:20:57 -0200 Received: from d24relay03.br.ibm.com (d24relay03.br.ibm.com [9.18.232.225]) by d24dlp01.br.ibm.com (Postfix) with ESMTP id 74B8B352005F for ; Thu, 16 Feb 2017 12:20:23 -0500 (EST) Received: from d24av03.br.ibm.com (d24av03.br.ibm.com [9.8.31.95]) by d24relay03.br.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v1GHKuFp36372530 for ; Thu, 16 Feb 2017 15:20:56 -0200 Received: from d24av03.br.ibm.com (localhost [127.0.0.1]) by d24av03.br.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id v1GHKu0Y007789 for ; Thu, 16 Feb 2017 15:20:56 -0200 Received: from alinefm-TP440.ibmmodules.com ([9.80.208.98]) by d24av03.br.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id v1GHKo59007723 for ; Thu, 16 Feb 2017 15:20:55 -0200 X-Original-To: kimchi-devel@ovirt.org From: Aline Manera To: Kimchi Devel Date: Thu, 16 Feb 2017 15:20:46 -0200 X-Mailer: git-send-email 2.9.3 In-Reply-To: <20170216172048.9442-1-alinefm@linux.vnet.ibm.com> References: <20170216172048.9442-1-alinefm@linux.vnet.ibm.com> X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 17021617-0032-0000-0000-0000053F6C58 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17021617-0033-0000-0000-000011C26EE7 Message-Id: <20170216172048.9442-2-alinefm@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-02-16_13:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=9 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000 definitions=main-1702160162 Subject: [Kimchi-devel] [PATCH] [Wok 1/3] Do not sort tests on Wok X-BeenThere: kimchi-devel@ovirt.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: kimchi-devel-bounces@ovirt.org Errors-To: kimchi-devel-bounces@ovirt.org X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Wok does not have model vs mock model tests so there is no need to sort them. Signed-off-by: Aline Manera Reviewed-By: Lucio Correia --- tests/run_tests.sh.in | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/tests/run_tests.sh.in b/tests/run_tests.sh.in index a259bda..64e6e49 100644 --- a/tests/run_tests.sh.in +++ b/tests/run_tests.sh.in @@ -2,7 +2,7 @@ # # Project Wok # -# Copyright IBM Corp, 2013-2016 +# Copyright IBM Corp, 2013-2017 # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -40,16 +40,4 @@ else CMD=3D"python -m unittest" fi =20 -LIST=3D($ARGS) -MODEL_LIST=3D() -MOCK_LIST=3D() -for ((i=3D0;i<${#LIST[@]};i++)); do - - if [[ ${LIST[$i]} =3D=3D test_model* ]]; then - MODEL_LIST+=3D(${LIST[$i]}) - else - MOCK_LIST+=3D(${LIST[$i]}) - fi -done - -PYTHONPATH=3D../src:../ $CMD $OPTS ${MODEL_LIST[@]} ${MOCK_LIST[@]} +PYTHONPATH=3D../src:../ $CMD $OPTS $ARGS --=20 2.9.3 _______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel From nobody Fri Apr 19 14:32:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of ovirt.org designates 66.187.230.42 as permitted sender) client-ip=66.187.230.42; envelope-from=kimchi-devel-bounces@ovirt.org; helo=lists.ovirt.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of ovirt.org designates 66.187.230.42 as permitted sender) smtp.mailfrom=kimchi-devel-bounces@ovirt.org; Return-Path: Received: from lists.ovirt.org (lists.phx.ovirt.org [66.187.230.42]) by mx.zohomail.com with SMTPS id 148726571549647.655575445997215; Thu, 16 Feb 2017 09:21:55 -0800 (PST) Received: from lists.phx.ovirt.org (localhost [127.0.0.1]) by lists.ovirt.org (Postfix) with ESMTP id 71ED682069D; Thu, 16 Feb 2017 17:21:54 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lists.ovirt.org (Postfix) with ESMTPS id 9D3FB82062B for ; Thu, 16 Feb 2017 17:21:04 +0000 (UTC) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v1GHEL8j130561 for ; Thu, 16 Feb 2017 12:21:04 -0500 Received: from e24smtp02.br.ibm.com (e24smtp02.br.ibm.com [32.104.18.86]) by mx0a-001b2d01.pphosted.com with ESMTP id 28n7mg8841-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 16 Feb 2017 12:21:03 -0500 Received: from localhost by e24smtp02.br.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 16 Feb 2017 15:21:01 -0200 Received: from d24dlp01.br.ibm.com (9.18.248.204) by e24smtp02.br.ibm.com (10.172.0.142) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 16 Feb 2017 15:20:59 -0200 Received: from d24relay04.br.ibm.com (d24relay04.br.ibm.com [9.18.232.146]) by d24dlp01.br.ibm.com (Postfix) with ESMTP id 05C92352006C for ; Thu, 16 Feb 2017 12:20:25 -0500 (EST) Received: from d24av03.br.ibm.com (d24av03.br.ibm.com [9.8.31.95]) by d24relay04.br.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v1GHKw8T35389508 for ; Thu, 16 Feb 2017 15:20:58 -0200 Received: from d24av03.br.ibm.com (localhost [127.0.0.1]) by d24av03.br.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id v1GHKwgS007813 for ; Thu, 16 Feb 2017 15:20:58 -0200 Received: from alinefm-TP440.ibmmodules.com ([9.80.208.98]) by d24av03.br.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id v1GHKo5A007723 for ; Thu, 16 Feb 2017 15:20:57 -0200 X-Original-To: kimchi-devel@ovirt.org From: Aline Manera To: Kimchi Devel Date: Thu, 16 Feb 2017 15:20:47 -0200 X-Mailer: git-send-email 2.9.3 In-Reply-To: <20170216172048.9442-1-alinefm@linux.vnet.ibm.com> References: <20170216172048.9442-1-alinefm@linux.vnet.ibm.com> X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 17021617-0020-0000-0000-0000028850A0 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17021617-0021-0000-0000-000030A3531C Message-Id: <20170216172048.9442-3-alinefm@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-02-16_13:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000 definitions=main-1702160162 Subject: [Kimchi-devel] [PATCH] [Wok 2/3] Specify user when doing a request instead of trying to override FakeUser class attribute X-BeenThere: kimchi-devel@ovirt.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: kimchi-devel-bounces@ovirt.org Errors-To: kimchi-devel-bounces@ovirt.org X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" A class attribute (sudo) was added to FakeUser class to allow request with different type of access. But it will not work when FakeUser class instance is already in memory and login() function only calls a static method to authenticate user, ie, the class attribute will be the original o= ne. To avoid problems on that area, specify which user to do a request. Signed-off-by: Aline Manera Reviewed-By: Lucio Correia --- tests/utils.py | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/tests/utils.py b/tests/utils.py index 9c18637..3c7e9da 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -42,7 +42,7 @@ from wok.utils import wok_log HOST =3D '0.0.0.0' PROXY_PORT =3D 8001 =20 -fake_user =3D {'root': 'letmein!'} +fake_user =3D {'admin': 'letmein!', 'user': 'letmein!'} =20 =20 def get_fake_user(): @@ -109,19 +109,19 @@ def running_as_root(): return os.geteuid() =3D=3D 0 =20 =20 -def _request(conn, path, data, method, headers): +def _request(conn, path, data, method, headers, user): if headers is None: headers =3D {'Content-Type': 'application/json', 'Accept': 'application/json'} if 'AUTHORIZATION' not in headers.keys(): - user, pw =3D fake_user.items()[0] + user, pw =3D user, fake_user[user] hdr =3D "Basic " + base64.b64encode("%s:%s" % (user, pw)) headers['AUTHORIZATION'] =3D hdr conn.request(method, path, data, headers) return conn.getresponse() =20 =20 -def request(path, data=3DNone, method=3D'GET', headers=3DNone): +def request(path, data=3DNone, method=3D'GET', headers=3DNone, user=3D'adm= in'): # verify if HTTPSConnection has context parameter if "context" in inspect.getargspec(httplib.HTTPSConnection.__init__).a= rgs: context =3D ssl._create_unverified_context() @@ -129,12 +129,11 @@ def request(path, data=3DNone, method=3D'GET', header= s=3DNone): else: conn =3D httplib.HTTPSConnection(HOST, PROXY_PORT) =20 - return _request(conn, path, data, method, headers) + return _request(conn, path, data, method, headers, user) =20 =20 class FakeUser(User): auth_type =3D "fake" - sudo =3D True =20 def __init__(self, username): super(FakeUser, self).__init__(username) @@ -143,9 +142,7 @@ class FakeUser(User): return sorted([group.gr_name for group in grp.getgrall()])[0:3] =20 def _get_role(self): - if self.sudo: - return 'admin' - return 'user' + return self.name =20 @staticmethod def authenticate(username, password, service=3D"passwd"): @@ -156,13 +153,12 @@ class FakeUser(User): 'code': e.message}) =20 =20 -def patch_auth(sudo=3DTrue): +def patch_auth(): """ Override the authenticate function with a simple test against an internal dict of users and passwords. """ config.set("authentication", "method", "fake") - FakeUser.sudo =3D sudo =20 =20 def wait_task(task_lookup, taskid, timeout=3D10): --=20 2.9.3 _______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel From nobody Fri Apr 19 14:32:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of ovirt.org designates 66.187.230.42 as permitted sender) client-ip=66.187.230.42; envelope-from=kimchi-devel-bounces@ovirt.org; helo=lists.ovirt.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of ovirt.org designates 66.187.230.42 as permitted sender) smtp.mailfrom=kimchi-devel-bounces@ovirt.org; Return-Path: Received: from lists.ovirt.org (lists.phx.ovirt.org [66.187.230.42]) by mx.zohomail.com with SMTPS id 1487265727481682.0704820104162; Thu, 16 Feb 2017 09:22:07 -0800 (PST) Received: from lists.phx.ovirt.org (localhost [127.0.0.1]) by lists.ovirt.org (Postfix) with ESMTP id A40B8820673; Thu, 16 Feb 2017 17:22:05 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lists.ovirt.org (Postfix) with ESMTPS id 2ED9982062B for ; Thu, 16 Feb 2017 17:21:06 +0000 (UTC) Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v1GHDrgS127741 for ; Thu, 16 Feb 2017 12:21:05 -0500 Received: from e24smtp02.br.ibm.com (e24smtp02.br.ibm.com [32.104.18.86]) by mx0b-001b2d01.pphosted.com with ESMTP id 28new0vgg1-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 16 Feb 2017 12:21:05 -0500 Received: from localhost by e24smtp02.br.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 16 Feb 2017 15:21:03 -0200 Received: from d24dlp01.br.ibm.com (9.18.248.204) by e24smtp02.br.ibm.com (10.172.0.142) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 16 Feb 2017 15:21:00 -0200 Received: from d24relay04.br.ibm.com (d24relay04.br.ibm.com [9.18.232.146]) by d24dlp01.br.ibm.com (Postfix) with ESMTP id 927FE352006C for ; Thu, 16 Feb 2017 12:20:26 -0500 (EST) Received: from d24av03.br.ibm.com (d24av03.br.ibm.com [9.8.31.95]) by d24relay04.br.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v1GHKxXA35651662 for ; Thu, 16 Feb 2017 15:21:00 -0200 Received: from d24av03.br.ibm.com (localhost [127.0.0.1]) by d24av03.br.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id v1GHL099007867 for ; Thu, 16 Feb 2017 15:21:00 -0200 Received: from alinefm-TP440.ibmmodules.com ([9.80.208.98]) by d24av03.br.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id v1GHKo5B007723 for ; Thu, 16 Feb 2017 15:20:59 -0200 X-Original-To: kimchi-devel@ovirt.org From: Aline Manera To: Kimchi Devel Date: Thu, 16 Feb 2017 15:20:48 -0200 X-Mailer: git-send-email 2.9.3 In-Reply-To: <20170216172048.9442-1-alinefm@linux.vnet.ibm.com> References: <20170216172048.9442-1-alinefm@linux.vnet.ibm.com> X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 17021617-0020-0000-0000-0000028850A1 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17021617-0021-0000-0000-000030A3531D Message-Id: <20170216172048.9442-4-alinefm@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-02-16_13:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000 definitions=main-1702160162 Subject: [Kimchi-devel] [PATCH] [Wok 3/3] Allow protecting an resource action (POST) when resource (GET) is not protected X-BeenThere: kimchi-devel@ovirt.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: kimchi-devel-bounces@ovirt.org Errors-To: kimchi-devel-bounces@ovirt.org X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Signed-off-by: Aline Manera Reviewed-By: Lucio Correia --- src/wok/control/base.py | 13 +++++++---- src/wok/control/config.py | 6 ++--- tests/test_authorization.py | 57 +++++++++++++++++++++++++++++++++++++++++= ++++ 3 files changed, 69 insertions(+), 7 deletions(-) create mode 100644 tests/test_authorization.py diff --git a/src/wok/control/base.py b/src/wok/control/base.py index 3070e53..0791062 100644 --- a/src/wok/control/base.py +++ b/src/wok/control/base.py @@ -27,7 +27,7 @@ import urllib2 =20 import wok.template from wok.asynctask import save_request_log_id -from wok.auth import USER_GROUPS, USER_NAME, USER_ROLE +from wok.auth import wokauth, USER_GROUPS, USER_NAME, USER_ROLE from wok.control.utils import get_class_name, internal_redirect, model_fn from wok.control.utils import parse_request, validate_method from wok.control.utils import validate_params @@ -91,7 +91,7 @@ class Resource(object): raise cherrypy.HTTPRedirect(base_uri % tuple(uri_params), code) =20 def generate_action_handler(self, action_name, action_args=3DNone, - destructive=3DFalse): + destructive=3DFalse, protected=3DNone): def _render_element(self, ident): self._redirect(ident) uri_params =3D [] @@ -104,7 +104,8 @@ class Resource(object): =20 return self._generate_action_handler_base(action_name, _render_ele= ment, destructive=3Ddestructiv= e, - action_args=3Daction_arg= s) + action_args=3Daction_arg= s, + protected=3Dprotected) =20 def generate_action_handler_task(self, action_name, action_args=3DNone= ): def _render_task(self, task): @@ -115,10 +116,14 @@ class Resource(object): action_args=3Daction_arg= s) =20 def _generate_action_handler_base(self, action_name, render_fn, - destructive=3DFalse, action_args=3DN= one): + destructive=3DFalse, action_args=3DN= one, + protected=3DNone): def wrapper(*args, **kwargs): # status must be always set in order to request be logged. # use 500 as fallback for "exception not handled" cases. + if protected is not None and protected: + wokauth() + details =3D None status =3D 500 =20 diff --git a/src/wok/control/config.py b/src/wok/control/config.py index 8da2fc0..a18fff0 100644 --- a/src/wok/control/config.py +++ b/src/wok/control/config.py @@ -44,7 +44,7 @@ class Config(Resource): self.admin_methods =3D ['POST'] self.plugins =3D Plugins(self.model) self.log_map =3D CONFIG_REQUESTS - self.reload =3D self.generate_action_handler('reload') + self.reload =3D self.generate_action_handler('reload', protected= =3DTrue) =20 @property def data(self): @@ -64,8 +64,8 @@ class Plugin(Resource): self.admin_methods =3D ['POST'] self.uri_fmt =3D "/config/plugins/%s" self.log_map =3D PLUGIN_REQUESTS - self.enable =3D self.generate_action_handler('enable') - self.disable =3D self.generate_action_handler('disable') + self.enable =3D self.generate_action_handler('enable', protected= =3DTrue) + self.disable =3D self.generate_action_handler('disable', protected= =3DTrue) =20 @property def data(self): diff --git a/tests/test_authorization.py b/tests/test_authorization.py new file mode 100644 index 0000000..7b7bbcc --- /dev/null +++ b/tests/test_authorization.py @@ -0,0 +1,57 @@ +# +# Project Wok +# +# Copyright IBM Corp, 2014-2017 +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-130= 1 USA + +import unittest +from functools import partial + +from tests.utils import patch_auth +from tests.utils import request, run_server + +test_server =3D None + + +def setUpModule(): + global test_server + + patch_auth() + test_server =3D run_server(test_mode=3DTrue) + + +def tearDownModule(): + test_server.stop() + + +class AuthorizationTests(unittest.TestCase): + def setUp(self): + self.request =3D partial(request, user=3D'user') + + def test_nonroot_access(self): + # Non-root users can not reload wok config + resp =3D self.request('/config', '{}', 'GET') + self.assertEquals(200, resp.status) + resp =3D self.request('/config/reload', '{}', 'POST') + self.assertEquals(403, resp.status) + + # Non-root users can not enable/disable a plugin + resp =3D self.request('/config/plugins/sample', '{}', 'GET') + self.assertEquals(200, resp.status) + resp =3D self.request('/config/plugins/sample/enable', '{}', 'POST= ') + self.assertEquals(403, resp.status) + resp =3D self.request('/config/plugins/sample/disable', '{}', 'POS= T') + self.assertEquals(403, resp.status) --=20 2.9.3 _______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel