[pve-devel] r5613 - pve-access-control/trunk/test

Thu Feb 24 14:08:46 CET 2011

Author: dietmar
Date: 2011-02-24 14:08:46 +0100 (Thu, 24 Feb 2011)
New Revision: 5613

Modified:
   pve-access-control/trunk/test/perm-test1.pl
   pve-access-control/trunk/test/user.cfg.ex1
Log:
more tests


Modified: pve-access-control/trunk/test/perm-test1.pl
===================================================================

--- pve-access-control/trunk/test/perm-test1.pl	2011-02-24 12:19:06 UTC (rev 5612)
+++ pve-access-control/trunk/test/perm-test1.pl	2011-02-24 13:08:46 UTC (rev 5613)
@@ -11,6 +11,18 @@
 my $cfgfn = "user.cfg.ex1";
 $rpcenv->init_request(userconfig => $cfgfn);
 
+sub check_roles {
+    my ($user, $path, $expected_result) = @_;
+
+    my @ra = PVE::AccessControl::roles($rpcenv->{user_cfg}, $user, $path);
+    my $res = join(',', sort @ra);
+
+    die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
+	if $res ne $expected_result;
+
+    print "ROLES:$path:$user:$res\n";
+}
+
 sub check_permission {
     my ($user, $path, $expected_result) = @_;
 
@@ -25,15 +37,27 @@
     die "unexpected result (compiled)\nneed '${expected_result}'\ngot '$res'\n"
 	if $res ne $expected_result;
 
-    print "$path:$user:$res\n";
+    print "PERM:$path:$user:$res\n";
 
 }
 
-check_permission('max', '/', '');
-check_permission('max', '/vms', 'Permissions.Modify,VM.Allocate,VM.Audit,VM.Console');
-check_permission('alex', '/vms', '');
-check_permission('alex', '/vms/100', 'VM.Audit,VM.PowerMgmt');
+check_roles('max at pve', '/', '');
+check_roles('max at pve', '/vms', 'vm_admin');
+#user permissions overrides group permissions
+check_roles('max at pve', '/vms/100', 'customer');
+check_roles('max at pve', '/vms/101', 'vm_admin');
 
+check_permission('max at pve', '/', '');
+check_permission('max at pve', '/vms', 'Permissions.Modify,VM.Allocate,VM.Audit,VM.Console');
+check_permission('max at pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');
+
+check_permission('alex at pve', '/vms', '');
+check_permission('alex at pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');
+
+check_roles('max at pve', '/vms/200', 'storage_manager,vm_admin');
+check_roles('joe at pve', '/vms/200', 'vm_admin');
+#check_roles('sue at pve', '/vms/200', '');
+
 print "all tests passed\n";
 
 exit (0);

Modified: pve-access-control/trunk/test/user.cfg.ex1
===================================================================
--- pve-access-control/trunk/test/user.cfg.ex1	2011-02-24 12:19:06 UTC (rev 5612)
+++ pve-access-control/trunk/test/user.cfg.ex1	2011-02-24 13:08:46 UTC (rev 5613)
@@ -1,18 +1,22 @@
-user:joe:1:
-user:max:1:
-user:alex:1:
-user:carol:1:
+user:joe at pve:1:
+user:max at pve:1:
+user:alex at pve:1:
+user:sue at pve:1:
+user:carol at pam:1:
 
-group:testgroup1:joe,max:
-group:testgroup2:alex,carol:
+group:testgroup1:joe at pve,max at pve,sue at pve:
+group:testgroup2:alex at pve,carol at pam,sue at pve:
+group:testgroup3:max at pve:
 
 role:storage_manager:Datastore.AllocateSpace,Datastore.Audit:
 role:customer:VM.Audit,VM.PowerMgmt:
 role:vm_admin:VM.Audit,VM.Allocate,Permissions.Modify,VM.Console:
 
 acl:1:/vms:@testgroup1:vm_admin:
-acl:1:/vms/100/:alex:customer:
+acl:1:/vms/100/:alex at pve,max at pve:customer:
 acl:1:/storage/nfs1:@testgroup2:storage_manager:
-acl:1:/users:max:Administrator:
+acl:1:/users:max at pve:Administrator:
 
+acl:1:/vms/200:@testgroup3:storage_manager:
+acl:1:/vms/200:@testgroup2:NoAccess:
 


