import unittest from app import app from data import model from auth import scopes from auth.permissions import SuperUserPermission, QuayDeferredPermissionUser from initdb import setup_database_for_testing, finished_database_for_testing SUPER_USERNAME = 'devtable' UNSUPER_USERNAME = 'freshuser' class TestSuperUserOps(unittest.TestCase): def setUp(self): setup_database_for_testing(self) self._su = model.get_user(SUPER_USERNAME) self._normie = model.get_user(UNSUPER_USERNAME) def tearDown(self): finished_database_for_testing(self) def test_superuser_matrix(self): import logging logging.basicConfig(level=logging.DEBUG) test_cases = [ (self._su, {scopes.SUPERUSER}, True), (self._su, {scopes.DIRECT_LOGIN}, True), (self._su, {scopes.READ_USER, scopes.SUPERUSER}, True), (self._su, {scopes.READ_USER}, False), (self._normie, {scopes.SUPERUSER}, False), (self._normie, {scopes.DIRECT_LOGIN}, False), (self._normie, {scopes.READ_USER, scopes.SUPERUSER}, False), (self._normie, {scopes.READ_USER}, False), ] for user_obj, scope_set, expected in test_cases: perm_user = QuayDeferredPermissionUser.for_user(user_obj, scope_set) has_su = perm_user.can(SuperUserPermission()) self.assertEquals(has_su, expected)