Tenant utils - testing capabilities
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/584f7080 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/584f7080 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/584f7080 Branch: refs/heads/master Commit: 584f7080c7aaf7e4e581b75ee6f36e1717cbeef5 Parents: 512d1ef Author: nir-sopher <[email protected]> Authored: Mon Jun 5 00:14:10 2017 +0300 Committer: Jeremy Mitchell <[email protected]> Committed: Tue Jul 18 12:12:32 2017 -0600 ---------------------------------------------------------------------- traffic_ops/app/lib/API/Tenant.pm | 6 +- traffic_ops/app/lib/UI/TenantUtils.pm | 35 +++++--- traffic_ops/app/t/api/1.2/tenant.t | 133 ++++++++++++++++++++--------- 3 files changed, 118 insertions(+), 56 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/584f7080/traffic_ops/app/lib/API/Tenant.pm ---------------------------------------------------------------------- diff --git a/traffic_ops/app/lib/API/Tenant.pm b/traffic_ops/app/lib/API/Tenant.pm index 1c583d8..ab81728 100644 --- a/traffic_ops/app/lib/API/Tenant.pm +++ b/traffic_ops/app/lib/API/Tenant.pm @@ -40,7 +40,7 @@ sub index { my $tenants_data = $tenant_utils->create_tenants_data_from_db($orderby); my @data = (); - my @tenants_list = $tenant_utils->get_hierarchic_tenants_list($tenants_data, undef, $orderby); + my @tenants_list = $tenant_utils->get_hierarchic_tenants_list($tenants_data, undef); foreach my $row (@tenants_list) { if ($tenant_utils->is_tenant_resource_readable($tenants_data, $row->id)) { push( @@ -50,8 +50,6 @@ sub index { "active" => \$row->active, "parentId" => $row->parent_id, "parentName" => ( defined $row->parent_id ) ? $tenant_utils->get_tenant($tenants_data, $row->parent_id)->name : undef, - "heirarchyDepth" => $tenant_utils->get_tenant_heirarchy_depth($tenants_data, $row->id), - "heirarchyHeight" => $tenant_utils->get_tenant_heirarchy_height($tenants_data, $row->id), } ); } @@ -78,8 +76,6 @@ sub show { "active" => \$row->active, "parentId" => $row->parent_id, "parentName" => ( defined $row->parent_id ) ? $tenant_utils->get_tenant($tenants_data, $row->parent_id)->name : undef, - "heirarchyDepth" => $tenant_utils->get_tenant_heirarchy_depth($tenants_data, $row->id), - "heirarchyHeight" => $tenant_utils->get_tenant_heirarchy_height($tenants_data, $row->id), } ); } http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/584f7080/traffic_ops/app/lib/UI/TenantUtils.pm ---------------------------------------------------------------------- diff --git a/traffic_ops/app/lib/UI/TenantUtils.pm b/traffic_ops/app/lib/UI/TenantUtils.pm index 4c8fc0f..4162c82 100644 --- a/traffic_ops/app/lib/UI/TenantUtils.pm +++ b/traffic_ops/app/lib/UI/TenantUtils.pm @@ -36,15 +36,23 @@ use UI::Utils; sub new { my $class = shift; my $context = shift; - # For now, until the current user tenant ID will come from the jwt, the current user tenant is taken from the DB. - my $current_user_tenant = $context->db->resultset('TmUser')->search( { username => $context->current_user()->{username} } )->get_column('tenant_id')->single(); - my $dbh = $context->db; + my $current_user_tenant = shift; #optional - allowing the user tenancy to be set from outside, for testing capabilities + if (!defined($current_user_tenant)) { + # For now, until the current user tenant ID will come from the jwt, the current user tenant is taken from the DB. + $current_user_tenant = $context->db->resultset('TmUser')->search( { username => $context->current_user()->{username} } )->get_column('tenant_id')->single(); + } + + my $dbh = shift; #optional - allowing the DB handle to be set from outside, for testing capabilities + if (!defined($dbh)){ + $dbh = $context->db + } + my $self = { dbh => $dbh, # In order to reduce the number of calls from the DB, the current user tenant is taken in the class creation. # the below parameters are held temporarily until the info is taken from the jwt current_user_tenant => $current_user_tenant, - is_ldap => $context->is_ldap(), + is_ldap => defined($context) ? $context->is_ldap() : 0, }; bless $self, $class; return $self; @@ -105,7 +113,6 @@ sub get_tenant { sub get_tenants_list { my $self = shift; my $tenants_data = shift; - my $order_by = shift; my @result = (); foreach my $tenant_id (@{ $tenants_data->{ordered_by} }) { @@ -119,7 +126,6 @@ sub get_hierarchic_tenants_list { my $self = shift; my $tenants_data = shift; my $tree_root = shift; - my $order_by = shift; my @stack = (); if (defined($tree_root)){ @@ -286,6 +292,16 @@ sub _is_resource_accessable { my $resource_tenant = shift; my $operation = shift; + my $user_tenant = $self->current_user_tenant(); + if (defined($user_tenant)) { + my $tenant_record = $tenants_data->{tenants_dict}->{$user_tenant}; + my $is_active_tenant = $tenant_record->{row}->active; + if (! $is_active_tenant) { + #user tenant is in-active - cannot do any operation + return 0; + } + } + if (!defined($resource_tenant)) { #the object has no tenancy - opened for all return 1; @@ -307,13 +323,6 @@ sub _is_resource_accessable { return 0; } - my $tenant_record = $tenants_data->{tenants_dict}->{$user_tenant}; - my $is_active_tenant = $tenant_record->{row}->active; - if (! $is_active_tenant) { - #user tenant is in-active - cannot do any operation - return 0; - } - if ($user_tenant == $resource_tenant) { #resource has same tenancy of the user, operations are allowed return 1; http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/584f7080/traffic_ops/app/t/api/1.2/tenant.t ---------------------------------------------------------------------- diff --git a/traffic_ops/app/t/api/1.2/tenant.t b/traffic_ops/app/t/api/1.2/tenant.t index ac722a7..eaff442 100644 --- a/traffic_ops/app/t/api/1.2/tenant.t +++ b/traffic_ops/app/t/api/1.2/tenant.t @@ -22,6 +22,7 @@ use warnings; no warnings 'once'; use warnings 'all'; use Test::TestHelper; +use UI::TenantUtils; #no_transactions=>1 ==> keep fixtures after every execution, beware of duplicate data! #no_transactions=>0 ==> delete fixtures after every execution @@ -172,53 +173,111 @@ ok $t->get_ok("/api/1.2/tenants")->status_is(200) ->json_is( "/response/4/id", $tenantE_id) ->json_is( "/response/1/id", $tenantB_id)->or( sub { diag $t->tx->res->content->asset->{content}; } );; -#tenants heirarchy- test depth and height -ok $t->get_ok("/api/1.2/tenants/$root_tenant_id")->status_is(200) - ->json_is( "/response/0/heirarchyDepth", 0) - ->json_is( "/response/0/heirarchyHeight", 2) - ->or( sub { diag $t->tx->res->content->asset->{content}; } );; - -ok $t->get_ok("/api/1.2/tenants/$tenantA_id")->status_is(200) - ->json_is( "/response/0/heirarchyDepth", 1) - ->json_is( "/response/0/heirarchyHeight", 1) - ->or( sub { diag $t->tx->res->content->asset->{content}; } );; - -ok $t->get_ok("/api/1.2/tenants/$tenantB_id")->status_is(200) - ->json_is( "/response/0/heirarchyDepth", 1) - ->json_is( "/response/0/heirarchyHeight", 0) - ->or( sub { diag $t->tx->res->content->asset->{content}; } );; - -ok $t->get_ok("/api/1.2/tenants/$tenantD_id")->status_is(200) - ->json_is( "/response/0/heirarchyDepth", 2) - ->json_is( "/response/0/heirarchyHeight", 0) - ->or( sub { diag $t->tx->res->content->asset->{content}; } );; - -ok $t->get_ok("/api/1.2/tenants/$tenantE_id")->status_is(200) - ->json_is( "/response/0/heirarchyDepth", 2) - ->json_is( "/response/0/heirarchyHeight", 0) - ->or( sub { diag $t->tx->res->content->asset->{content}; } );; - - +#tenants heirarchy- test depth, height, root +my $tenant_utils_of_root = UI::TenantUtils->new(undef, $root_tenant_id, $schema); +my $tenants_data = $tenant_utils_of_root->create_tenants_data_from_db(); + +ok $tenant_utils_of_root->is_root_tenant($tenants_data, $root_tenant_id) == 1; +ok $tenant_utils_of_root->get_tenant_heirarchy_depth($tenants_data, $root_tenant_id) == 0; +ok $tenant_utils_of_root->get_tenant_heirarchy_height($tenants_data, $root_tenant_id) == 2; + +ok $tenant_utils_of_root->is_root_tenant($tenants_data, $tenantA_id) == 0; +ok $tenant_utils_of_root->get_tenant_heirarchy_depth($tenants_data, $tenantA_id) == 1; +ok $tenant_utils_of_root->get_tenant_heirarchy_height($tenants_data, $tenantA_id) == 1; + +ok $tenant_utils_of_root->is_root_tenant($tenants_data, $tenantB_id) == 0; +ok $tenant_utils_of_root->get_tenant_heirarchy_depth($tenants_data, $tenantB_id) == 1; +ok $tenant_utils_of_root->get_tenant_heirarchy_height($tenants_data, $tenantB_id) == 0; + +ok $tenant_utils_of_root->is_root_tenant($tenants_data, $tenantD_id) == 0; +ok $tenant_utils_of_root->get_tenant_heirarchy_depth($tenants_data, $tenantD_id) == 2; +ok $tenant_utils_of_root->get_tenant_heirarchy_height($tenants_data, $tenantD_id) == 0; + +ok $tenant_utils_of_root->is_root_tenant($tenants_data, $tenantE_id) == 0; +ok $tenant_utils_of_root->get_tenant_heirarchy_depth($tenants_data, $tenantE_id) == 2; +ok $tenant_utils_of_root->get_tenant_heirarchy_height($tenants_data, $tenantE_id) == 0; + +############################ +#testing tenancy checks +#root tenant - touch entire hierarchy as well as null +ok $tenant_utils_of_root->is_tenant_resource_readable($tenants_data, $root_tenant_id) == 1; +ok $tenant_utils_of_root->is_tenant_resource_writeable($tenants_data, $root_tenant_id) == 1; +ok $tenant_utils_of_root->is_tenant_resource_readable($tenants_data, undef) == 1; +ok $tenant_utils_of_root->is_tenant_resource_writeable($tenants_data, undef) == 1; +ok $tenant_utils_of_root->is_tenant_resource_readable($tenants_data, $tenantA_id) == 1; +ok $tenant_utils_of_root->is_tenant_resource_writeable($tenants_data, $tenantA_id) == 1; +ok $tenant_utils_of_root->is_tenant_resource_readable($tenants_data, $tenantE_id) == 1; +ok $tenant_utils_of_root->is_tenant_resource_writeable($tenants_data, $tenantE_id) == 1; + +my $tenant_utils_of_a = UI::TenantUtils->new(undef, $tenantA_id, $schema); +my $tenants_data_of_a = $tenant_utils_of_a->create_tenants_data_from_db(); +#parent - no access +ok $tenant_utils_of_a->is_tenant_resource_readable($tenants_data_of_a, $root_tenant_id) == 0; +ok $tenant_utils_of_a->is_tenant_resource_writeable($tenants_data_of_a, $root_tenant_id) == 0; +#undef - all have access +ok $tenant_utils_of_a->is_tenant_resource_readable($tenants_data_of_a, undef) == 1; +ok $tenant_utils_of_a->is_tenant_resource_writeable($tenants_data_of_a, undef) == 1; +#itself - full access +ok $tenant_utils_of_a->is_tenant_resource_readable($tenants_data_of_a, $tenantA_id) == 1; +ok $tenant_utils_of_a->is_tenant_resource_writeable($tenants_data_of_a, $tenantA_id) == 1; +# child - full access +ok $tenant_utils_of_a->is_tenant_resource_readable($tenants_data_of_a, $tenantE_id) == 1; +ok $tenant_utils_of_a->is_tenant_resource_writeable($tenants_data_of_a, $tenantE_id) == 1; +# Brother - no access +ok $tenant_utils_of_a->is_tenant_resource_readable($tenants_data_of_a, $tenantB_id) == 0; +ok $tenant_utils_of_a->is_tenant_resource_writeable($tenants_data_of_a, $tenantB_id) == 0; + +#leaf test +my $tenant_utils_of_d = UI::TenantUtils->new(undef, $tenantD_id, $schema); +my $tenants_data_of_d = $tenant_utils_of_d->create_tenants_data_from_db(); +#anchestor - no access +ok $tenant_utils_of_d->is_tenant_resource_readable($tenants_data_of_d, $root_tenant_id) == 0; +ok $tenant_utils_of_d->is_tenant_resource_writeable($tenants_data_of_d, $root_tenant_id) == 0; +#undef - all have access +ok $tenant_utils_of_d->is_tenant_resource_readable($tenants_data_of_d, undef) == 1; +ok $tenant_utils_of_d->is_tenant_resource_writeable($tenants_data_of_d, undef) == 1; +# parent - no access +ok $tenant_utils_of_d->is_tenant_resource_readable($tenants_data_of_d, $tenantA_id) == 0; +ok $tenant_utils_of_d->is_tenant_resource_writeable($tenants_data_of_d, $tenantA_id) == 0; +# itself - full access +ok $tenant_utils_of_d->is_tenant_resource_readable($tenants_data_of_d, $tenantD_id) == 1; +ok $tenant_utils_of_d->is_tenant_resource_writeable($tenants_data_of_d, $tenantD_id) == 1; +# uncle - no access +ok $tenant_utils_of_d->is_tenant_resource_readable($tenants_data_of_d, $tenantB_id) == 0; +ok $tenant_utils_of_d->is_tenant_resource_writeable($tenants_data_of_d, $tenantB_id) == 0; + +#inactive - nothing can do +my $tenant_utils_of_e = UI::TenantUtils->new(undef, $tenantE_id, $schema); +my $tenants_data_of_e = $tenant_utils_of_e->create_tenants_data_from_db(); +#anchestor - no access +ok $tenant_utils_of_e->is_tenant_resource_readable($tenants_data_of_e, $root_tenant_id) == 0; +ok $tenant_utils_of_e->is_tenant_resource_writeable($tenants_data_of_e, $root_tenant_id) == 0; +#undef - all have access +ok $tenant_utils_of_e->is_tenant_resource_readable($tenants_data_of_e, undef) == 0; +ok $tenant_utils_of_e->is_tenant_resource_writeable($tenants_data_of_e, undef) == 0; +# parent - no access +ok $tenant_utils_of_e->is_tenant_resource_readable($tenants_data_of_e, $tenantA_id) == 0; +ok $tenant_utils_of_e->is_tenant_resource_writeable($tenants_data_of_e, $tenantA_id) == 0; +# itself - full access +ok $tenant_utils_of_e->is_tenant_resource_readable($tenants_data_of_e, $tenantE_id) == 0; +ok $tenant_utils_of_e->is_tenant_resource_writeable($tenants_data_of_e, $tenantE_id) == 0; +# uncle - no access +ok $tenant_utils_of_e->is_tenant_resource_readable($tenants_data_of_e, $tenantB_id) == 0; +ok $tenant_utils_of_e->is_tenant_resource_writeable($tenants_data_of_e, $tenantB_id) == 0; + + +################# #moving A to be the child of B ok $t->put_ok('/api/1.2/tenants/' . $tenantA_id => {Accept => 'application/json'} => json => { "active" => 1, "parentId" => $tenantB_id, name => "tenantA2"}) ->status_is(200); -ok $t->get_ok("/api/1.2/tenants/$tenantB_id")->status_is(200) - ->json_is( "/response/0/heirarchyDepth", 1) - ->json_is( "/response/0/heirarchyHeight", 2) - ->or( sub { diag $t->tx->res->content->asset->{content}; } );; - ok $t->get_ok("/api/1.2/tenants/$tenantA_id")->status_is(200) ->json_is( "/response/0/parentId", $tenantB_id) - ->json_is( "/response/0/heirarchyDepth", 2) - ->json_is( "/response/0/heirarchyHeight", 1) ->or( sub { diag $t->tx->res->content->asset->{content}; } );; ok $t->get_ok("/api/1.2/tenants/$tenantD_id")->status_is(200) ->json_is( "/response/0/parentId", $tenantA_id) - ->json_is( "/response/0/heirarchyDepth", 3) - ->json_is( "/response/0/heirarchyHeight", 0) ->or( sub { diag $t->tx->res->content->asset->{content}; } );; @@ -241,8 +300,6 @@ ok $t->put_ok('/api/1.2/tenants/' . $tenantA_id => {Accept => 'application/json ok $t->get_ok("/api/1.2/tenants/$tenantA_id")->status_is(200) ->json_is( "/response/0/parentId", $root_tenant_id) - ->json_is( "/response/0/heirarchyDepth", 1) - ->json_is( "/response/0/heirarchyHeight", 1) ->or( sub { diag $t->tx->res->content->asset->{content}; } );; #cannot delete a tenant that have children
