github.com/wallyworld/juju@v0.0.0-20161013125918-6cf1bc9d917a/apiserver/testing/fakeauthorizer.go

github.com/wallyworld/juju@v0.0.0-20161013125918-6cf1bc9d917a/apiserver/testing/fakeauthorizer.go (about)

     1  // Copyright 2013 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package testing
     5  
     6  import (
     7  	"gopkg.in/juju/names.v2"
     8  
     9  	"github.com/juju/juju/permission"
    10  )
    11  
    12  // FakeAuthorizer implements the facade.Authorizer interface.
    13  type FakeAuthorizer struct {
    14  	Tag            names.Tag
    15  	EnvironManager bool
    16  	ModelUUID      string
    17  	AdminTag       names.UserTag
    18  	HasWriteTag    names.UserTag
    19  }
    20  
    21  func (fa FakeAuthorizer) AuthOwner(tag names.Tag) bool {
    22  	return fa.Tag == tag
    23  }
    24  
    25  func (fa FakeAuthorizer) AuthModelManager() bool {
    26  	return fa.EnvironManager
    27  }
    28  
    29  // AuthMachineAgent returns whether the current client is a machine agent.
    30  func (fa FakeAuthorizer) AuthMachineAgent() bool {
    31  	_, isMachine := fa.GetAuthTag().(names.MachineTag)
    32  	return isMachine
    33  }
    34  
    35  // AuthUnitAgent returns whether the current client is a unit agent.
    36  func (fa FakeAuthorizer) AuthUnitAgent() bool {
    37  	_, isUnit := fa.GetAuthTag().(names.UnitTag)
    38  	return isUnit
    39  }
    40  
    41  // AuthClient returns whether the authenticated entity is a client
    42  // user.
    43  func (fa FakeAuthorizer) AuthClient() bool {
    44  	_, isUser := fa.GetAuthTag().(names.UserTag)
    45  	return isUser
    46  }
    47  
    48  func (fa FakeAuthorizer) GetAuthTag() names.Tag {
    49  	return fa.Tag
    50  }
    51  
    52  // HasPermission returns true if the logged in user is admin or has a name equal to
    53  // the pre-set admin tag.
    54  func (fa FakeAuthorizer) HasPermission(operation permission.Access, target names.Tag) (bool, error) {
    55  	if fa.Tag.Kind() == names.UserTagKind {
    56  		ut := fa.Tag.(names.UserTag)
    57  		if ut.Name() == "admin" {
    58  			return true, nil
    59  		}
    60  		emptyTag := names.UserTag{}
    61  		if fa.AdminTag != emptyTag && ut == fa.AdminTag {
    62  			return true, nil
    63  		}
    64  		if operation == permission.WriteAccess && ut == fa.HasWriteTag {
    65  			return true, nil
    66  		}
    67  		return false, nil
    68  	}
    69  	return true, nil
    70  }
    71  
    72  // ConnectedModel returns the UUID of the model the current client is
    73  // connected to.
    74  func (fa FakeAuthorizer) ConnectedModel() string {
    75  	return fa.ModelUUID
    76  }
    77  
    78  // HasPermission returns true if the passed user is admin or has a name equal to
    79  // the pre-set admin tag.
    80  func (fa FakeAuthorizer) UserHasPermission(user names.UserTag, operation permission.Access, target names.Tag) (bool, error) {
    81  	if user.Name() == "admin" {
    82  		return true, nil
    83  	}
    84  	emptyTag := names.UserTag{}
    85  	if fa.AdminTag != emptyTag && user == fa.AdminTag {
    86  		return true, nil
    87  	}
    88  	ut := fa.Tag.(names.UserTag)
    89  	if ut == user {
    90  		return true, nil
    91  	}
    92  	return false, nil
    93  }