[X2Go-Commits] [x2gobroker] 03/04: unit tests: Fix deep misunderstanding in the way allow-deny vs. deny-allow should actually work.
git-admin at x2go.org
git-admin at x2go.org
Mon Feb 12 15:56:22 CET 2018
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch master
in repository x2gobroker.
commit 134ecd67987109ad69e7e33029d08e5132ddfe4e
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Mon Feb 12 14:21:37 2018 +0100
unit tests: Fix deep misunderstanding in the way allow-deny vs. deny-allow should actually work.
---
debian/changelog | 2 +
x2gobroker/tests/test_broker_base.py | 213 ++++++++++++++++++++++++--------
x2gobroker/tests/test_broker_inifile.py | 8 +-
3 files changed, 166 insertions(+), 57 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index c9ea885..2d7940e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,8 @@ x2gobroker (0.0.4.0-0x2go1) UNRELEASED; urgency=medium
- Makefile: Assure that setup.py is run under Python3.
- Improve debugging messages during authentication phase.
- x2gobroker/basicauth.py: Fix call of base64.decodestring on Python3.
+ - Unit tests: Fix deep misunderstanding in the way allow-deny vs.
+ deny-allow should actually work.
* debian/{control,compat}: Bump to DH version level 9.
* debian/{control,x2gobroker-common.install}:
+ Split out common files into non-Pythonian bin:pkg.
diff --git a/x2gobroker/tests/test_broker_base.py b/x2gobroker/tests/test_broker_base.py
index cb05742..fc132eb 100644
--- a/x2gobroker/tests/test_broker_base.py
+++ b/x2gobroker/tests/test_broker_base.py
@@ -413,25 +413,25 @@ require-password = false
'acl-users-deny': ['ALL'],
'acl-users-order': 'deny-allow',
}
- self.assertEqual(base_backend.check_profile_acls(username, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username, acls), False)
acls = {
'acl-users-allow': ['foo'],
'acl-users-deny': ['ALL'],
'acl-users-order': 'allow-deny',
}
- self.assertEqual(base_backend.check_profile_acls(username, acls), False)
+ self.assertEqual(base_backend.check_profile_acls(username, acls), True)
acls = {
'acl-users-allow': ['ALL'],
'acl-users-deny': ['foo'],
'acl-users-order': 'deny-allow',
}
- self.assertEqual(base_backend.check_profile_acls(username, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username, acls), False)
acls = {
'acl-users-allow': ['ALL'],
'acl-users-deny': ['foo'],
'acl-users-order': 'allow-deny',
}
- self.assertEqual(base_backend.check_profile_acls(username, acls), False)
+ self.assertEqual(base_backend.check_profile_acls(username, acls), True)
def test_testsuite_nameservice(self):
@@ -483,27 +483,54 @@ enable = true
}
self.assertEqual(base_backend.check_profile_acls(username, acls), True)
acls = {
+ 'acl-groups-allow': ['female'],
+ 'acl-groups-order': 'deny-allow',
+ }
+ self.assertEqual(base_backend.check_profile_acls(username, acls), False)
+ acls = {
'acl-groups-allow': ['ALL'],
'acl-groups-order': 'allow-deny',
}
self.assertEqual(base_backend.check_profile_acls(username, acls), True)
acls = {
- 'acl-groups-allow': [],
+ 'acl-groups-allow': ['male'],
+ 'acl-groups-order': 'allow-deny',
+ }
+ self.assertEqual(base_backend.check_profile_acls(username, acls), True)
+ acls = {
+ 'acl-groups-allow': ['female'],
+ 'acl-groups-order': 'allow-deny',
+ }
+ self.assertEqual(base_backend.check_profile_acls(username, acls), False)
+
+ acls = {
'acl-groups-deny': ['ALL'],
- 'acl-groups-order': 'deny-allow',
+ 'acl-groups-order': 'allow-deny',
+ }
+ self.assertEqual(base_backend.check_profile_acls(username, acls), False)
+ acls = {
+ 'acl-groups-deny': ['male'],
+ 'acl-groups-order': 'allow-deny',
+ }
+ self.assertEqual(base_backend.check_profile_acls(username, acls), False)
+ acls = {
+ 'acl-groups-deny': ['female'],
+ 'acl-groups-order': 'allow-deny',
}
self.assertEqual(base_backend.check_profile_acls(username, acls), False)
acls = {
- 'acl-groups-allow': [],
'acl-groups-deny': ['ALL'],
'acl-groups-order': 'deny-allow',
}
- # now we set acl-users-allow to [] and we block all groups
self.assertEqual(base_backend.check_profile_acls(username, acls), False)
acls = {
- 'acl-groups-allow': [],
- 'acl-groups-deny': ['ALL'],
- 'acl-groups-order': 'allow-deny',
+ 'acl-groups-deny': ['male'],
+ 'acl-groups-order': 'deny-allow',
+ }
+ self.assertEqual(base_backend.check_profile_acls(username, acls), False)
+ acls = {
+ 'acl-groups-deny': ['female'],
+ 'acl-groups-order': 'deny-allow',
}
self.assertEqual(base_backend.check_profile_acls(username, acls), False)
@@ -511,6 +538,75 @@ enable = true
username_f = 'flip' # is a male grasshopper
username_m = 'maja' # is a female bee
username_w = 'willi' # is a drone (male bee)
+
+ # first with order: deny-allow
+ _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
+ _config = """
+[global]
+default-user-db = testsuite
+default-group-db = testsuite
+
+[broker_base]
+enable = true
+"""
+ tf = tempfile.NamedTemporaryFile(mode='w')
+ tf.write(_config)
+ tf.seek(0)
+ base_backend = base.X2GoBroker(config_file=tf.name, config_defaults=_config_defaults)
+ acls = {
+ 'acl-groups-deny': ['bees','flip'],
+ 'acl-groups-allow': ['ALL'],
+ 'acl-groups-order': 'deny-allow',
+ }
+ self.assertEqual(base_backend.check_profile_acls(username_m, acls), False)
+ self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username_w, acls), False)
+ _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
+ _config = """
+[global]
+default-user-db = testsuite
+default-group-db = testsuite
+ignore-primary-group-memberships = true
+
+[broker_base]
+enable = true
+"""
+ tf = tempfile.NamedTemporaryFile(mode='w')
+ tf.write(_config)
+ tf.seek(0)
+ base_backend = base.X2GoBroker(config_file=tf.name, config_defaults=_config_defaults)
+ acls = {
+ 'acl-groups-deny': ['bees','flip'],
+ 'acl-groups-allow': ['ALL'],
+ 'acl-groups-order': 'deny-allow',
+ }
+ self.assertEqual(base_backend.check_profile_acls(username_m, acls), False)
+ self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username_w, acls), False)
+ _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
+ _config = """
+[global]
+default-user-db = testsuite
+default-group-db = testsuite
+ignore-primary-group-memberships = false
+
+[broker_base]
+enable = true
+"""
+ tf = tempfile.NamedTemporaryFile(mode='w')
+ tf.write(_config)
+ tf.seek(0)
+ base_backend = base.X2GoBroker(config_file=tf.name, config_defaults=_config_defaults)
+ acls = {
+ 'acl-groups-deny': ['bees','flip'],
+ 'acl-groups-allow': ['ALL'],
+ 'acl-groups-order': 'deny-allow',
+ }
+ self.assertEqual(base_backend.check_profile_acls(username_m, acls), False)
+ self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
+ self.assertEqual(base_backend.check_profile_acls(username_w, acls), False)
+
+ # now with order: allow-deny
_config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
_config = """
[global]
@@ -527,7 +623,7 @@ enable = true
acls = {
'acl-groups-allow': ['bees','flip'],
'acl-groups-deny': ['ALL'],
- 'acl-groups-order': 'deny-allow',
+ 'acl-groups-order': 'allow-deny',
}
self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
@@ -549,7 +645,7 @@ enable = true
acls = {
'acl-groups-allow': ['bees','flip'],
'acl-groups-deny': ['ALL'],
- 'acl-groups-order': 'deny-allow',
+ 'acl-groups-order': 'allow-deny',
}
self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
@@ -571,7 +667,7 @@ enable = true
acls = {
'acl-groups-allow': ['bees','flip'],
'acl-groups-deny': ['ALL'],
- 'acl-groups-order': 'deny-allow',
+ 'acl-groups-order': 'allow-deny',
}
self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
@@ -599,33 +695,33 @@ enable = true
'acl-groups-deny': ['ALL'],
'acl-groups-order': 'deny-allow',
}
- self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username_m, acls), False)
self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
- self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username_w, acls), False)
acls = {
'acl-groups-allow': ['ALL'],
'acl-groups-deny': ['bees'],
'acl-groups-order': 'allow-deny',
}
- self.assertEqual(base_backend.check_profile_acls(username_m, acls), False)
+ self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
- self.assertEqual(base_backend.check_profile_acls(username_w, acls), False)
+ self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
acls = {
'acl-groups-allow': ['ALL'],
'acl-groups-deny': ['bees'],
'acl-groups-order': 'deny-allow',
}
- self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username_m, acls), False)
self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
- self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username_w, acls), False)
acls = {
'acl-groups-allow': ['bees'],
'acl-groups-deny': ['ALL'],
'acl-groups-order': 'allow-deny',
}
- self.assertEqual(base_backend.check_profile_acls(username_m, acls), False)
+ self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
- self.assertEqual(base_backend.check_profile_acls(username_w, acls), False)
+ self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
acls = {
'acl-groups-allow': ['male'],
'acl-groups-deny': ['bees'],
@@ -633,7 +729,7 @@ enable = true
}
self.assertEqual(base_backend.check_profile_acls(username_m, acls), False)
self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
- self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username_w, acls), False)
acls = {
'acl-groups-allow': ['male'],
'acl-groups-deny': ['bees'],
@@ -641,7 +737,7 @@ enable = true
}
self.assertEqual(base_backend.check_profile_acls(username_m, acls), False)
self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
- self.assertEqual(base_backend.check_profile_acls(username_w, acls), False)
+ self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
def test_checkprofileacls_userandgroup_combitests(self):
_config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
@@ -673,7 +769,7 @@ enable = true
self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_k, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
- self.assertEqual(base_backend.check_profile_acls(username_t, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username_t, acls), False)
self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
acls = {
'acl-users-allow': ['flip'],
@@ -686,7 +782,7 @@ enable = true
self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_k, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
- self.assertEqual(base_backend.check_profile_acls(username_t, acls), False)
+ self.assertEqual(base_backend.check_profile_acls(username_t, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
acls = {
'acl-users-allow': ['flip'],
@@ -699,7 +795,7 @@ enable = true
self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_k, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
- self.assertEqual(base_backend.check_profile_acls(username_t, acls), False)
+ self.assertEqual(base_backend.check_profile_acls(username_t, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
acls = {
'acl-users-allow': [],
@@ -709,6 +805,19 @@ enable = true
'acl-groups-deny': ['spiders','grasshoppers'],
'acl-groups-order': 'allow-deny',
}
+ self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username_k, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username_t, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
+ acls = {
+ 'acl-users-allow': [],
+ 'acl-users-deny': [],
+ 'acl-users-order': 'allow-deny',
+ 'acl-groups-allow': ['male','female'],
+ 'acl-groups-deny': ['spiders','grasshoppers'],
+ 'acl-groups-order': 'deny-allow',
+ }
self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
self.assertEqual(base_backend.check_profile_acls(username_k, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
@@ -720,7 +829,7 @@ enable = true
'acl-users-order': 'allow-deny',
'acl-groups-allow': ['male','female'],
'acl-groups-deny': ['spiders','grasshoppers'],
- 'acl-groups-order': 'allow-deny',
+ 'acl-groups-order': 'deny-allow',
}
self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_k, acls), True)
@@ -846,7 +955,7 @@ enable = true
acls = {
'acl-clients-allow': ['10.0.2.0/24'],
'acl-clients-deny': ['ALL'],
- 'acl-clients-order': 'deny-allow',
+ 'acl-clients-order': 'allow-deny',
}
base_backend.set_client_address(ipv4_1)
self.assertEqual(base_backend.check_profile_acls(username, acls), True)
@@ -857,7 +966,7 @@ enable = true
acls = {
'acl-clients-allow': ['ALL'],
'acl-clients-deny': ['10.0.2.0/24'],
- 'acl-clients-order': 'allow-deny',
+ 'acl-clients-order': 'deny-allow',
}
base_backend.set_client_address(ipv4_1)
self.assertEqual(base_backend.check_profile_acls(username, acls), False)
@@ -868,18 +977,18 @@ enable = true
acls = {
'acl-clients-allow': ['10.0.2.0/24'],
'acl-clients-deny': ['10.0.0.0/16', '10.0.3.0/24'],
- 'acl-clients-order': 'deny-allow',
+ 'acl-clients-order': 'allow-deny',
}
base_backend.set_client_address(ipv4_1)
self.assertEqual(base_backend.check_profile_acls(username, acls), True)
base_backend.set_client_address(ipv4_2)
self.assertEqual(base_backend.check_profile_acls(username, acls), False)
base_backend.set_client_address(ipv4_3)
- self.assertEqual(base_backend.check_profile_acls(username, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username, acls), False)
acls = {
'acl-clients-allow': ['10.0.0.0/16', '10.0.3.0/24'],
'acl-clients-deny': ['10.0.2.0/24'],
- 'acl-clients-order': 'allow-deny',
+ 'acl-clients-order': 'deny-allow',
}
base_backend.set_client_address(ipv4_1)
self.assertEqual(base_backend.check_profile_acls(username, acls), False)
@@ -920,37 +1029,37 @@ enable = true
acls = {
'acl-clients-allow': ['fe80::4f8:900:e5d:2'],
'acl-clients-deny': [],
- 'acl-clients-order': 'deny-allow',
+ 'acl-clients-order': 'allow-deny',
}
self.assertEqual(base_backend.check_profile_acls(username, acls), True)
acls = {
'acl-clients-allow': ['fe80::4f8:900:e5d:2'],
'acl-clients-deny': [],
- 'acl-clients-order': 'allow-deny',
+ 'acl-clients-order': 'deny-allow',
}
self.assertEqual(base_backend.check_profile_acls(username, acls), True)
acls = {
'acl-clients-allow': [],
'acl-clients-deny': ['ALL'],
- 'acl-clients-order': 'deny-allow',
+ 'acl-clients-order': 'allow-deny',
}
self.assertEqual(base_backend.check_profile_acls(username, acls), False)
acls = {
'acl-clients-allow': [],
'acl-clients-deny': ['ALL'],
- 'acl-clients-order': 'allow-deny',
+ 'acl-clients-order': 'deny-allow',
}
self.assertEqual(base_backend.check_profile_acls(username, acls), False)
acls = {
'acl-clients-allow': [],
'acl-clients-deny': ['fe80::4f8:900:e5d:2'],
- 'acl-clients-order': 'deny-allow',
+ 'acl-clients-order': 'allow-deny',
}
self.assertEqual(base_backend.check_profile_acls(username, acls), False)
acls = {
'acl-clients-allow': [],
'acl-clients-deny': ['fe80::4f8:900:e5d:2'],
- 'acl-clients-order': 'allow-deny',
+ 'acl-clients-order': 'deny-allow',
}
self.assertEqual(base_backend.check_profile_acls(username, acls), False)
@@ -966,7 +1075,7 @@ enable = true
acls = {
'acl-clients-allow': ['fe80::/64'],
'acl-clients-deny': ['ALL'],
- 'acl-clients-order': 'deny-allow',
+ 'acl-clients-order': 'allow-deny',
}
base_backend.set_client_address(ipv6_1)
self.assertEqual(base_backend.check_profile_acls(username, acls), True)
@@ -977,7 +1086,7 @@ enable = true
acls = {
'acl-clients-allow': ['ALL'],
'acl-clients-deny': ['fe80::/64'],
- 'acl-clients-order': 'allow-deny',
+ 'acl-clients-order': 'deny-allow',
}
base_backend.set_client_address(ipv6_1)
self.assertEqual(base_backend.check_profile_acls(username, acls), False)
@@ -988,18 +1097,18 @@ enable = true
acls = {
'acl-clients-allow': ['fe80::/64'],
'acl-clients-deny': ['fe80::/56','fe80:0:0:1::/64'],
- 'acl-clients-order': 'deny-allow',
+ 'acl-clients-order': 'allow-deny',
}
base_backend.set_client_address(ipv6_1)
self.assertEqual(base_backend.check_profile_acls(username, acls), True)
base_backend.set_client_address(ipv6_2)
self.assertEqual(base_backend.check_profile_acls(username, acls), False)
base_backend.set_client_address(ipv6_3)
- self.assertEqual(base_backend.check_profile_acls(username, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username, acls), False)
acls = {
'acl-clients-allow': ['fe80::/56','fe80:0:0:1::/64'],
'acl-clients-deny': ['fe80::/64'],
- 'acl-clients-order': 'allow-deny',
+ 'acl-clients-order': 'deny-allow',
}
base_backend.set_client_address(ipv6_1)
self.assertEqual(base_backend.check_profile_acls(username, acls), False)
@@ -1042,7 +1151,7 @@ enable = true
'acl-groups-order': 'deny-allow',
'acl-clients-allow': ['fe80:0:0:1::/64','10.0.3.0/24'],
'acl-clients-deny': ['ALL'],
- 'acl-clients-order': 'deny-allow',
+ 'acl-clients-order': 'allow-deny',
}
base_backend.set_client_address(ipv4_1)
self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
@@ -1054,7 +1163,7 @@ enable = true
self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_k, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
- self.assertEqual(base_backend.check_profile_acls(username_t, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username_t, acls), False)
self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
base_backend.set_client_address(ipv4_3)
self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
@@ -1072,7 +1181,7 @@ enable = true
self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_k, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
- self.assertEqual(base_backend.check_profile_acls(username_t, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username_t, acls), False)
self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
base_backend.set_client_address(ipv6_3)
self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
@@ -1089,13 +1198,13 @@ enable = true
'acl-groups-order': 'allow-deny',
'acl-clients-allow': ['fe80::/64','10.0.2.0/24'],
'acl-clients-deny': ['ALL'],
- 'acl-clients-order': 'deny-allow',
+ 'acl-clients-order': 'allow-deny',
}
base_backend.set_client_address(ipv4_1)
self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_k, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
- self.assertEqual(base_backend.check_profile_acls(username_t, acls), False)
+ self.assertEqual(base_backend.check_profile_acls(username_t, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
base_backend.set_client_address(ipv4_2)
self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
@@ -1113,7 +1222,7 @@ enable = true
self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_k, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
- self.assertEqual(base_backend.check_profile_acls(username_t, acls), False)
+ self.assertEqual(base_backend.check_profile_acls(username_t, acls), True)
self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
base_backend.set_client_address(ipv6_2)
self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
@@ -1133,10 +1242,10 @@ enable = true
'acl-users-order': 'allow-deny',
'acl-groups-allow': ['male','female'],
'acl-groups-deny': ['spiders','grasshoppers'],
- 'acl-groups-order': 'allow-deny',
+ 'acl-groups-order': 'deny-allow',
'acl-clients-allow': ['ALL'],
'acl-clients-deny': ['fe80::/56','10.0.0.0/8'],
- 'acl-clients-order': 'allow-deny',
+ 'acl-clients-order': 'deny-allow',
}
base_backend.set_client_address(ipv4_1)
self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
diff --git a/x2gobroker/tests/test_broker_inifile.py b/x2gobroker/tests/test_broker_inifile.py
index cd97ae4..4f878ff 100644
--- a/x2gobroker/tests/test_broker_inifile.py
+++ b/x2gobroker/tests/test_broker_inifile.py
@@ -367,21 +367,19 @@ height = 600
applications = TERMINAL, WWWBROWSER
acl-groups-allow = bees
acl-groups-deny = ALL
-acl-groups-order = deny-allow
+acl-groups-order = allow-deny
[testprofile1]
user =
command = GNOME
acl-users-allow = flip
-acl-users-deny = ALL
-acl-users-order = deny-allow
+acl-users-order = allow-deny
[testprofile2]
user =
command = XFCE
acl-users-allow = thekla
-acl-users-deny = ALL
-acl-users-order = deny-allow
+acl-users-order = allow-deny
[testprofile3]
user =
--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
More information about the x2go-commits
mailing list