refactoring tests to not use authmanager, and now returning 403 when non admin user tries to update quotas

2 files changed, 58 insertions, 59 deletions

diff --git a/nova/api/openstack/contrib/quotas.py b/nova/api/openstack/contrib/quotas.py
index 5f2b54d57..f7e7b4105 100644
--- a/nova/api/openstack/contrib/quotas.py
+++ b/nova/api/openstack/contrib/quotas.py
@@ -15,6 +15,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import webob
 import urlparse
 
 from nova import db
@@ -54,7 +55,6 @@ class QuotaSetsController(object):
         resources = ['metadata_items', 'injected_file_content_bytes',
                 'volumes', 'gigabytes', 'ram', 'floating_ips', 'instances',
                 'injected_files', 'cores']
-
         for key in body['quota_set'].keys():
             if key in resources:
                 value = int(body['quota_set'][key])
@@ -62,6 +62,8 @@ class QuotaSetsController(object):
                     db.quota_update(context, project_id, key, value)
                 except exception.ProjectQuotaNotFound:
                     db.quota_create(context, project_id, key, value)
+                except exception.AdminRequired as e:
+                    return webob.Response(status_int=403)
         return {'quota_set': quota.get_project_quotas(context, project_id)}
 
     def defaults(self, req):
diff --git a/nova/tests/api/openstack/contrib/test_quotas.py b/nova/tests/api/openstack/contrib/test_quotas.py
index decc76b4e..e2bd05428 100644
--- a/nova/tests/api/openstack/contrib/test_quotas.py
+++ b/nova/tests/api/openstack/contrib/test_quotas.py
@@ -39,39 +39,18 @@ def quota_set_list():
                                quota_set('update_me')]}
 
 
-def create_project(project_name, manager_user):
-    auth_manager.AuthManager().create_project(project_name, manager_user)
-
-
-def delete_project(project_name):
-    auth_manager.AuthManager().delete_project(project_name)
-
-
-def create_admin_user(name):
-    auth_manager.AuthManager().create_user(name, admin=True)
-
-
-def delete_user(name):
-    auth_manager.AuthManager().delete_user(name)
-
-
 class QuotaSetsTest(test.TestCase):
 
     def setUp(self):
         super(QuotaSetsTest, self).setUp()
         self.controller = QuotaSetsController()
-        self.context = context.get_admin_context()
-
-        create_admin_user('foo')
-        create_project('1234', 'foo')
-        create_project('5678', 'foo')
-        create_project('update_me', 'foo')
-
-    def tearDown(self):
-        delete_project('1234')
-        delete_project('5678')
-        delete_project('update_me')
-        delete_user('foo')
+        self.user_id = 'fake'
+        self.project_id = 'fake'
+        self.user_context = context.RequestContext(self.user_id,
+                                                   self.project_id)
+        self.admin_context = context.RequestContext(self.user_id,
+                                                    self.project_id,
+                                                    is_admin=True)
 
     def test_format_quota_set(self):
         raw_quota_set = {
@@ -83,22 +62,22 @@ class QuotaSetsTest(test.TestCase):
             'floating_ips': 10,
             'metadata_items': 128,
             'injected_files': 5,
-            'injected_file_content_bytes': 10240,
-        }
-
-        quota_set = QuotaSetsController()._format_quota_set('1234', raw_quota_set)
-        quota_set_check = quota_set['quota_set']
-
-        self.assertEqual(quota_set_check['id'], '1234')
-        self.assertEqual(quota_set_check['instances'], 10)
-        self.assertEqual(quota_set_check['cores'], 20)
-        self.assertEqual(quota_set_check['ram'], 51200)
-        self.assertEqual(quota_set_check['volumes'], 10)
-        self.assertEqual(quota_set_check['gigabytes'], 1000)
-        self.assertEqual(quota_set_check['floating_ips'], 10)
-        self.assertEqual(quota_set_check['metadata_items'], 128)
-        self.assertEqual(quota_set_check['injected_files'], 5)
-        self.assertEqual(quota_set_check['injected_file_content_bytes'], 10240)
+            'injected_file_content_bytes': 10240}
+
+        quota_set = QuotaSetsController()._format_quota_set('1234',
+                                                            raw_quota_set)
+        qs = quota_set['quota_set']
+
+        self.assertEqual(qs['id'], '1234')
+        self.assertEqual(qs['instances'], 10)
+        self.assertEqual(qs['cores'], 20)
+        self.assertEqual(qs['ram'], 51200)
+        self.assertEqual(qs['volumes'], 10)
+        self.assertEqual(qs['gigabytes'], 1000)
+        self.assertEqual(qs['floating_ips'], 10)
+        self.assertEqual(qs['metadata_items'], 128)
+        self.assertEqual(qs['injected_files'], 5)
+        self.assertEqual(qs['injected_file_content_bytes'], 10240)
 
     def test_quotas_defaults(self):
         req = webob.Request.blank('/v1.1/os-quota-sets/defaults')
@@ -108,16 +87,16 @@ class QuotaSetsTest(test.TestCase):
 
         self.assertEqual(res.status_int, 200)
         expected = {'quota_set': {
-            'id': 'defaults',
-            'instances': 10,
-            'cores': 20,
-            'ram': 51200,
-            'volumes': 10,
-            'gigabytes': 1000,
-            'floating_ips': 10,
-            'metadata_items': 128,
-            'injected_files': 5,
-            'injected_file_content_bytes': 10240}}
+                    'id': 'defaults',
+                    'instances': 10,
+                    'cores': 20,
+                    'ram': 51200,
+                    'volumes': 10,
+                    'gigabytes': 1000,
+                    'floating_ips': 10,
+                    'metadata_items': 128,
+                    'injected_files': 5,
+                    'injected_file_content_bytes': 10240}}
 
         self.assertEqual(json.loads(res.body), expected)
 
@@ -125,12 +104,13 @@ class QuotaSetsTest(test.TestCase):
         req = webob.Request.blank('/v1.1/os-quota-sets/1234')
         req.method = 'GET'
         req.headers['Content-Type'] = 'application/json'
-        res = req.get_response(fakes.wsgi_app())
+        res = req.get_response(fakes.wsgi_app(fake_auth_context=
+                                              self.admin_context))
 
         self.assertEqual(res.status_int, 200)
         self.assertEqual(json.loads(res.body), quota_set('1234'))
 
-    def test_quotas_update(self):
+    def test_quotas_update_as_admin(self):
         updated_quota_set = {'quota_set': {'instances': 50,
                              'cores': 50, 'ram': 51200, 'volumes': 10,
                              'gigabytes': 1000, 'floating_ips': 10,
@@ -143,7 +123,24 @@ class QuotaSetsTest(test.TestCase):
         req.headers['Content-Type'] = 'application/json'
 
         res = req.get_response(fakes.wsgi_app(fake_auth_context=
-                               context.RequestContext('fake', 'fake',
-                                                      is_admin=True)))
+                                              self.admin_context))
 
         self.assertEqual(json.loads(res.body), updated_quota_set)
+
+
+    def test_quotas_update_as_user(self):
+        updated_quota_set = {'quota_set': {'instances': 50,
+                             'cores': 50, 'ram': 51200, 'volumes': 10,
+                             'gigabytes': 1000, 'floating_ips': 10,
+                             'metadata_items': 128, 'injected_files': 5,
+                             'injected_file_content_bytes': 10240}}
+
+        req = webob.Request.blank('/v1.1/os-quota-sets/update_me')
+        req.method = 'PUT'
+        req.body = json.dumps(updated_quota_set)
+        req.headers['Content-Type'] = 'application/json'
+
+        res = req.get_response(fakes.wsgi_app(fake_auth_context=
+                                              self.user_context))
+
+        self.assertEqual(res.status_int, 403)