unit test + admin roles fix

* adding various unit tests * now admin roles are inherited (ex admin-lv2 is admin -> admin-lv3 is admin * adding an exception when requesting groups for none existant role
2025-07-04 12:27:47 +02:00 · 2015-05-16 23:52:59 +02:00 · 2015-05-16 23:52:59 +02:00 · 0416ebe05b
commit 0416ebe05b
parent 87820da7d0
4 changed files with 60 additions and 8 deletions
--- a/ldapcherry/roles.py
+++ b/ldapcherry/roles.py
@ -11,7 +11,7 @@ import sys
 from sets import Set
 from ldapcherry.pyyamlwrapper import loadNoDump
 from ldapcherry.pyyamlwrapper import DumplicatedKey
-from ldapcherry.exceptions import DumplicateRoleKey, MissingKey, DumplicateRoleContent, MissingRolesFile
+from ldapcherry.exceptions import DumplicateRoleKey, MissingKey, DumplicateRoleContent, MissingRolesFile, MissingRole
 import yaml

 class CustomDumper(yaml.SafeDumper):
@ -38,6 +38,12 @@ class Roles:
        self.admin_roles = []
        self._nest()

+    def _set_admin(self, role):
+        for r in role['subroles']:
+            self.admin_roles.append(r)
+            self._set_admin(role['subroles'][r])
+
+
    def _is_parent(self, roleid1, roleid2):
        """Test if roleid1 is contained inside roleid2"""

@ -82,10 +88,6 @@ class Roles:
            for backend in role['backends']:
                self.backends.add(backend)

-            # Create the list of roles which are ldapcherry admins
-            if 'LC_admins' in role and role['LC_admins']:
-                self.admin_roles.append(roleid)
-
        # Create the nested groups
        for roleid in self.roles_raw:
            role = self.roles_raw[roleid]
@ -117,6 +119,16 @@ class Roles:
            if p in parents:
                self.roles[p] = nest(p)

+        for roleid in self.roles:
+            role = self.roles[roleid]
+            # Create the list of roles which are ldapcherry admins
+            if 'LC_admins' in role and role['LC_admins']:
+                self.admin_roles.append(roleid)
+                self._set_admin(role)
+
+    def get_admin_roles(self):
+        return self.admin_roles
+
    def dump_nest(self):
        """dump the nested role hierarchy"""
        return yaml.dump(self.roles, Dumper=CustomDumper)
@ -188,6 +200,8 @@ class Roles:

    def get_groups(self, role):
        """get the list of groups from role"""
+        if not role in self.roles_raw:
+            raise MissingRole(role)
        return self.roles_raw[role]['backends']

    def is_admin(self, roles):