Commit 82b197a6 authored by Alejandro Alvarez Ayllon's avatar Alejandro Alvarez Ayllon
Browse files

FTS-697: Check user dn too when the level is VO

parent c6be8c6d
......@@ -49,7 +49,7 @@ def authorized(operation, resource_owner=None, resource_vo=None, env=None):
if granted_level == ALL:
return True
elif granted_level == VO:
return resource_vo is None or user.has_vo(resource_vo)
return resource_vo is None or user.has_vo(resource_vo) or resource_owner == user.user_dn
elif granted_level == PRIVATE:
return resource_owner is None or resource_owner == user.user_dn
......
......@@ -82,6 +82,15 @@ class TestAuthorization(unittest.TestCase):
resource_owner = 'someone', resource_vo = 'othervo',
env = self.env))
def test_authorized_same_dn_different_vo(self):
"""
If the user is the owner of the resource, even if the DN does not match, it must be granted
permissions.
"""
self.assertTrue(fts3auth.authorized(fts3auth.TRANSFER,
resource_owner = TestAuthorization.DN, resource_vo = 'othervo',
env = self.env))
def test_authorized_all(self):
"""
Try to perform an action that is configured to be executed by anyone (all)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment