From 73779cd58ac946a72f5d740d039c8c27d4fc2fa1 Mon Sep 17 00:00:00 2001 From: Aleksey Lim Date: Mon, 01 Oct 2012 19:41:02 +0000 Subject: Add anonymous user --- diff --git a/sugar_network/local/mountset.py b/sugar_network/local/mountset.py index c8a3337..ac81e5d 100644 --- a/sugar_network/local/mountset.py +++ b/sugar_network/local/mountset.py @@ -142,8 +142,6 @@ class Mountset(dict, ad.CommandsProcessor, Commands, SyncCommands): del self._subscriptions[callback] def publish(self, event): - _logger.debug('Publish event: %r', event) - for callback, condition in self._subscriptions.items(): for key, value in condition.items(): if event.get(key) != value: diff --git a/sugar_network/node/auth.py b/sugar_network/node/auth.py index fdb7975..131cda5 100644 --- a/sugar_network/node/auth.py +++ b/sugar_network/node/auth.py @@ -25,23 +25,29 @@ _config = None def validate(request, role): - enforce(_validate(request.principal, role), ad.Forbidden, + enforce(_validate(request, role), ad.Forbidden, 'No enough permissions to proceed the operation') def try_validate(request, role): - return _validate(request.principal, role) or False + return _validate(request, role) or False -def _validate(user, role): +def _validate(request, role): global _config + if role == 'user': + if request.principal: + return True + else: + request.principal = 'anonymous' + if _config is None: _config = ConfigParser() config_path = join(node.data_root.value, 'authorization.conf') if exists(config_path): _config.read(config_path) - if _config.has_option(user, role): - return _config.get(user, role).strip().lower() in \ + if _config.has_option(request.principal, role): + return _config.get(request.principal, role).strip().lower() in \ ('true', 'on', '1', 'allow') diff --git a/sugar_network/node/commands.py b/sugar_network/node/commands.py index 1df1a13..36889dc 100644 --- a/sugar_network/node/commands.py +++ b/sugar_network/node/commands.py @@ -91,7 +91,7 @@ class NodeCommands(ad.VolumeCommands, Commands): return if cmd.permissions & ad.ACCESS_AUTH: - enforce(request.principal is not None, router.Unauthorized, + enforce(auth.try_validate(request, 'user'), router.Unauthorized, 'User is not authenticated') if cmd.permissions & ad.ACCESS_AUTHOR and 'guid' in request: diff --git a/sugar_network/resources/volume.py b/sugar_network/resources/volume.py index bf5d122..a5690db 100644 --- a/sugar_network/resources/volume.py +++ b/sugar_network/resources/volume.py @@ -253,6 +253,7 @@ class Commands(object): _logger.debug('Stop pulling events to %s user', peer) def _notify(self, event): + _logger.debug('Publish event: %r', event) self._notifier.set(event) self._notifier = coroutine.AsyncResult() coroutine.dispatch() diff --git a/tests/units/auth.py b/tests/units/auth.py index e499f35..530a9cd 100755 --- a/tests/units/auth.py +++ b/tests/units/auth.py @@ -65,6 +65,48 @@ class AuthTest(tests.Test): client.put(['context', 'guid'], {'title': 'probe'}) self.assertEqual('probe', client.get(['context', 'guid', 'title'])) + def test_Anonymous(self): + client = Client(sugar_auth=False) + + props = {'implement': 'guid', + 'type': 'package', + 'title': 'title', + 'summary': 'summary', + 'description': 'description', + } + self.start_master() + + self.assertRaises(RuntimeError, client.post, ['context'], props) + + self.touch(('authorization.conf', [ + '[anonymous]', + 'user = True', + ])) + auth._config = None + client.post(['context'], props) + self.assertEqual('title', client.get(['context', 'guid', 'title'])) + self.assertEqual(['anonymous'], client.get(['context', 'guid', 'user'])) + + self.stop_servers() + self.touch(( + 'master/context/gu/guid/user', + '{"seqno": 1, "value": ["fake"]}', + )) + self.start_master() + + auth._config = None + self.assertRaises(RuntimeError, client.put, ['context', 'guid'], {'title': 'probe'}) + + self.touch(('authorization.conf', [ + '[anonymous]', + 'user = True', + 'root = True', + ])) + auth._config = None + client.put(['context', 'guid'], {'title': 'probe'}) + self.assertEqual('probe', client.get(['context', 'guid', 'title'])) + self.assertEqual(['fake'], client.get(['context', 'guid', 'user'])) + if __name__ == '__main__': tests.main() -- cgit v0.9.1