+++ /dev/null
-set XX@NS <pass>
-set testid@aaf.att.com <pass>
-set testunused@aaf.att.com <pass>
-set bogus boguspass
-#delay 10
-set NFR 0
-as testid@aaf.att.com
-# TC_Role2.10.0.POS Print NS to prove ok
-ns list name com.test.TC_Role2.@[user.name]
-** Expect 200 **
-
-List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
---------------------------------------------------------------------------------
- *** Namespace Not Found ***
-
-# TC_Role2.10.1.POS Create Namespace with valid IDs and Responsible Parties
-ns create com.test.TC_Role2.@[user.name] @[user.name] testid@aaf.att.com
-** Expect 201 **
-Created Namespace
-
-##############
-# Testing Model
-# We are making a Testing model based loosely on George Orwell's Animal Farm
-# In Animal Farm, Animals did all the work but didn't get any priviledges.
-# In our test, the animals can't see anything but their own role, etc
-# Dogs were supervisors, and ostensibly did something, though mostly laid around
-# In our test, they have Implicit Permissions by being Admins
-# Pigs were the Elite. They did nothing, but watch everyone and eat the produce
-# In our test, they have Explicit Permissions to see everything they want
-##############
-as testid@aaf.att.com
-# TC_Role2.20.1.POS List Data on non-Empty NS
-ns list name com.test.TC_Role2.@[user.name]
-** Expect 200 **
-
-List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
---------------------------------------------------------------------------------
-com.test.TC_Role2.@[THE_USER]
- Administrators
- testid@aaf.att.com
- Responsible Parties
- @[THE_USER]@csp.att.com
- Roles
- com.test.TC_Role2.@[THE_USER].admin
- com.test.TC_Role2.@[THE_USER].owner
- Permissions
- com.test.TC_Role2.@[THE_USER].access * *
- com.test.TC_Role2.@[THE_USER].access * read
-
-# TC_Role2.20.10.POS Create Orwellian Roles
-role create com.test.TC_Role2.@[user.name].r.animals
-** Expect 201 **
-Created Role
-
-role create com.test.TC_Role2.@[user.name].r.dogs
-** Expect 201 **
-Created Role
-
-role create com.test.TC_Role2.@[user.name].r.pigs
-** Expect 201 **
-Created Role
-
-# TC_Role2.20.20.POS Create and Grant Perms to Dog Roles
-perm create com.test.TC_Role2.@[user.name].r.A garbage eat com.test.TC_Role2.@[user.name].r.animals
-** Expect 201 **
-Created Permission
-Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|garbage|eat] to Role [com.test.TC_Role2.@[THE_USER].r.animals]
-
-perm create com.test.TC_Role2.@[user.name].r.A grain eat com.test.TC_Role2.@[user.name].r.dogs
-** Expect 201 **
-Created Permission
-Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|eat] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]
-
-perm create com.test.TC_Role2.@[user.name].r.A grain * com.test.TC_Role2.@[user.name].r.dogs
-** Expect 201 **
-Created Permission
-Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]
-
-perm create com.test.TC_Role2.@[user.name].r.A * * com.test.TC_Role2.@[user.name].r.dogs
-** Expect 201 **
-Created Permission
-Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|*|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]
-
-# TC_Role2.20.25.POS Create and Grant Animal Farm Priviledges to Pigs
-as XX@NS
-perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view com.test.TC_Role2.@[user.name].r.pigs
-** Expect 201 **
-Created Permission
-Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.animals|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs]
-
-perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view com.test.TC_Role2.@[user.name].r.pigs
-** Expect 201 **
-Created Permission
-Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.dogs|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs]
-
-# TC_Role2.20.60.POS List Data on non-Empty NS
-as testid@aaf.att.com
-ns list name com.test.TC_Role2.@[user.name]
-** Expect 200 **
-
-List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
---------------------------------------------------------------------------------
-com.test.TC_Role2.@[THE_USER]
- Administrators
- testid@aaf.att.com
- Responsible Parties
- @[THE_USER]@csp.att.com
- Roles
- com.test.TC_Role2.@[THE_USER].admin
- com.test.TC_Role2.@[THE_USER].owner
- com.test.TC_Role2.@[THE_USER].r.animals
- com.test.TC_Role2.@[THE_USER].r.dogs
- com.test.TC_Role2.@[THE_USER].r.pigs
- Permissions
- com.test.TC_Role2.@[THE_USER].access * *
- com.test.TC_Role2.@[THE_USER].access * read
- com.test.TC_Role2.@[THE_USER].r.A * *
- com.test.TC_Role2.@[THE_USER].r.A garbage eat
- com.test.TC_Role2.@[THE_USER].r.A grain *
- com.test.TC_Role2.@[THE_USER].r.A grain eat
-
-as XX@NS
-# TC_Role2.40.1.POS List Data on Role
-role list role com.test.TC_Role2.@[user.name].r.animals
-** Expect 200 **
-
-List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
---------------------------------------------------------------------------------
-ROLE Name
- PERM Type Instance Action
---------------------------------------------------------------------------------
-com.test.TC_Role2.@[THE_USER].r.animals
- com.test.TC_Role2.@[THE_USER].r.A garbage eat
-
-role list role com.test.TC_Role2.@[user.name].r.dogs
-** Expect 200 **
-
-List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs]
---------------------------------------------------------------------------------
-ROLE Name
- PERM Type Instance Action
---------------------------------------------------------------------------------
-com.test.TC_Role2.@[THE_USER].r.dogs
- com.test.TC_Role2.@[THE_USER].r.A * *
- com.test.TC_Role2.@[THE_USER].r.A grain *
- com.test.TC_Role2.@[THE_USER].r.A grain eat
-
-role list role com.test.TC_Role2.@[user.name].r.pigs
-** Expect 200 **
-
-List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
---------------------------------------------------------------------------------
-ROLE Name
- PERM Type Instance Action
---------------------------------------------------------------------------------
-com.test.TC_Role2.@[THE_USER].r.pigs
- com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
- com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
-
-# TC_Role2.40.10.POS Add testunused to animals
-as testid@aaf.att.com
-user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
-** Expect 201 **
-Added Role [com.test.TC_Role2.@[THE_USER].r.animals] to User [testunused@aaf.att.com]
-
-# TC_Role2.40.11.POS List by Name when part of role
-as testunused@aaf.att.com
-role list role com.test.TC_Role2.@[user.name].r.animals
-** Expect 200 **
-
-List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
---------------------------------------------------------------------------------
-ROLE Name
- PERM Type Instance Action
---------------------------------------------------------------------------------
-com.test.TC_Role2.@[THE_USER].r.animals
- com.test.TC_Role2.@[THE_USER].r.A garbage eat
-
-# TC_Role2.40.12.NEG List by Name when not part of Role
-role list role com.test.TC_Role2.@[user.name].r.dogs
-** Expect 403 **
-Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs]
-
-role list role com.test.TC_Role2.@[user.name].r.pigs
-** Expect 403 **
-Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.pigs]
-
-# TC_Role2.40.30.POS Read various Roles based on being Admin in Namespace
-as testid@aaf.att.com
-role list role com.test.TC_Role2.@[user.name].r.animals
-** Expect 200 **
-
-List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
---------------------------------------------------------------------------------
-ROLE Name
- PERM Type Instance Action
---------------------------------------------------------------------------------
-com.test.TC_Role2.@[THE_USER].r.animals
- com.test.TC_Role2.@[THE_USER].r.A garbage eat
-
-role list role com.test.TC_Role2.@[user.name].r.dogs
-** Expect 200 **
-
-List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs]
---------------------------------------------------------------------------------
-ROLE Name
- PERM Type Instance Action
---------------------------------------------------------------------------------
-com.test.TC_Role2.@[THE_USER].r.dogs
- com.test.TC_Role2.@[THE_USER].r.A * *
- com.test.TC_Role2.@[THE_USER].r.A grain *
- com.test.TC_Role2.@[THE_USER].r.A grain eat
-
-role list role com.test.TC_Role2.@[user.name].r.pigs
-** Expect 200 **
-
-List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
---------------------------------------------------------------------------------
-ROLE Name
- PERM Type Instance Action
---------------------------------------------------------------------------------
-com.test.TC_Role2.@[THE_USER].r.pigs
- com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
- com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
-
-# TC_Role2.40.50.POS Change testunused to Pigs
-as testid@aaf.att.com
-user role del testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
-** Expect 200 **
-Removed Role [com.test.TC_Role2.@[THE_USER].r.animals] from User [testunused@aaf.att.com]
-
-user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.pigs
-** Expect 201 **
-Added Role [com.test.TC_Role2.@[THE_USER].r.pigs] to User [testunused@aaf.att.com]
-
-# TC_Role2.40.51.POS Read various Roles based on having Explicit Permissions
-as testunused@aaf.att.com
-role list role com.test.TC_Role2.@[user.name].r.animals
-** Expect 403 **
-Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.animals]
-
-role list role com.test.TC_Role2.@[user.name].r.dogs
-** Expect 403 **
-Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs]
-
-role list role com.test.TC_Role2.@[user.name].r.pigs
-** Expect 200 **
-
-List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
---------------------------------------------------------------------------------
-ROLE Name
- PERM Type Instance Action
---------------------------------------------------------------------------------
-com.test.TC_Role2.@[THE_USER].r.pigs
- com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
- com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
-
-# TC_Role2.41.10.POS List by User when Same as Caller
-as testunused@aaf.att.com
-role list user testunused@aaf.att.com
-** Expect 200 **
-
-List Roles for User [testunused@aaf.att.com]
---------------------------------------------------------------------------------
-ROLE Name
- PERM Type Instance Action
---------------------------------------------------------------------------------
-com.test.TC_Role2.@[THE_USER].r.pigs
- com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
- com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
-
-# TC_Role2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
-as testid@aaf.att.com
-role list user testunused@aaf.att.com
-** Expect 200 **
-
-List Roles for User [testunused@aaf.att.com]
---------------------------------------------------------------------------------
-ROLE Name
- PERM Type Instance Action
---------------------------------------------------------------------------------
-com.test.TC_Role2.@[THE_USER].r.pigs
- com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
- com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
-
-# TC_Role2.41.20.POS List by User when not same as Caller, but parent owner of Namespace
-as XX@NS
-role list user testunused@aaf.att.com
-** Expect 200 **
-
-List Roles for User [testunused@aaf.att.com]
---------------------------------------------------------------------------------
-ROLE Name
- PERM Type Instance Action
---------------------------------------------------------------------------------
-com.test.TC_Role2.@[THE_USER].r.pigs
- com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
- com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
-
-# TC_Role2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown)
-as testunused@aaf.att.com
-role list user XX@NS
-** Expect 200 **
-
-List Roles for User [XX@NS]
---------------------------------------------------------------------------------
-ROLE Name
- PERM Type Instance Action
---------------------------------------------------------------------------------
-
-# TC_Role2.42.10.POS List Roles from NS when not allowed to see NS
-as testid@aaf.att.com
-role list ns com.test.TC_Role2.@[user.name]
-** Expect 200 **
-
-List Roles by NS [com.test.TC_Role2.@[THE_USER]]
---------------------------------------------------------------------------------
-ROLE Name
- PERM Type Instance Action
---------------------------------------------------------------------------------
-com.test.TC_Role2.@[THE_USER].admin
- com.test.TC_Role2.@[THE_USER].access * *
-com.test.TC_Role2.@[THE_USER].owner
- com.test.TC_Role2.@[THE_USER].access * read
-com.test.TC_Role2.@[THE_USER].r.animals
- com.test.TC_Role2.@[THE_USER].r.A garbage eat
-com.test.TC_Role2.@[THE_USER].r.dogs
- com.test.TC_Role2.@[THE_USER].r.A * *
- com.test.TC_Role2.@[THE_USER].r.A grain *
- com.test.TC_Role2.@[THE_USER].r.A grain eat
-com.test.TC_Role2.@[THE_USER].r.pigs
- com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
- com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
-
-# TC_Role2.42.20.NEG Don't List Roles from NS when not allowed to see NS
-as testunused@aaf.att.com
-role list ns com.test.TC_Role2.@[user.name]
-** Expect 403 **
-Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_Role2.@[THE_USER]]
-
-# TC_Role2.43.10.POS List Roles when allowed to see Perm
-as testid@aaf.att.com
-role list perm com.test.TC_Role2.@[user.name].r.A grain eat
-** Expect 200 **
-
-List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|eat
---------------------------------------------------------------------------------
-ROLE Name
- PERM Type Instance Action
---------------------------------------------------------------------------------
-com.test.TC_Role2.@[THE_USER].r.dogs
- com.test.TC_Role2.@[THE_USER].r.A * *
- com.test.TC_Role2.@[THE_USER].r.A grain *
- com.test.TC_Role2.@[THE_USER].r.A grain eat
-
-role list perm com.test.TC_Role2.@[user.name].r.A grain *
-** Expect 200 **
-
-List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|*
---------------------------------------------------------------------------------
-ROLE Name
- PERM Type Instance Action
---------------------------------------------------------------------------------
-com.test.TC_Role2.@[THE_USER].r.dogs
- com.test.TC_Role2.@[THE_USER].r.A * *
- com.test.TC_Role2.@[THE_USER].r.A grain *
- com.test.TC_Role2.@[THE_USER].r.A grain eat
-
-role list perm com.test.TC_Role2.@[user.name].r.A * *
-** Expect 200 **
-
-List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|*|*
---------------------------------------------------------------------------------
-ROLE Name
- PERM Type Instance Action
---------------------------------------------------------------------------------
-com.test.TC_Role2.@[THE_USER].r.dogs
- com.test.TC_Role2.@[THE_USER].r.A * *
- com.test.TC_Role2.@[THE_USER].r.A grain *
- com.test.TC_Role2.@[THE_USER].r.A grain eat
-
-# TC_Role2.43.15.NEG Don't List Roles when not allowed to see Perm
-as testunused@aaf.att.com
-role list perm com.test.TC_Role2.@[user.name].r.A grain eat
-** Expect 403 **
-Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|eat]
-
-role list perm com.test.TC_Role2.@[user.name].r.A grain *
-** Expect 403 **
-Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|*]
-
-role list perm com.test.TC_Role2.@[user.name].r.A * *
-** Expect 403 **
-Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|*|*]
-
-as XX@NS
-# TC_Role2.99.1.POS Delete Roles
-force role delete com.test.TC_Role2.@[user.name].r.animals
-** Expect 200,404 **
-Deleted Role
-
-force role delete com.test.TC_Role2.@[user.name].r.dogs
-** Expect 200,404 **
-Deleted Role
-
-force role delete com.test.TC_Role2.@[user.name].r.pigs
-** Expect 200,404 **
-Deleted Role
-
-# TC_Role2.99.2.POS Delete Perms
-force perm delete com.test.TC_Role2.@[user.name].r.A garbage eat
-** Expect 200,404 **
-Deleted Permission
-
-force perm delete com.test.TC_Role2.@[user.name].r.A grain eat
-** Expect 200,404 **
-Deleted Permission
-
-force perm delete com.test.TC_Role2.@[user.name].r.A grain *
-** Expect 200,404 **
-Deleted Permission
-
-force perm delete com.test.TC_Role2.@[user.name].r.A * *
-** Expect 200,404 **
-Deleted Permission
-
-force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view
-** Expect 200,404 **
-Deleted Permission
-
-force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view
-** Expect 200,404 **
-Deleted Permission
-
-# TC_Role2.99.2.POS Namespace Admin can delete Namespace
-force ns delete com.test.TC_Role2.@[user.name]
-** Expect 200,404 **
-Deleted Namespace
-
-# TC_Role2.99.3.POS Print Namespaces
-ns list name com.test.TC_Role2.@[user.name]
-** Expect 200,404 **
-
-List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
---------------------------------------------------------------------------------
- *** Namespace Not Found ***
-
Code Review / aaf / authz.git / blobdiff