Merge "Implement backend filtering on membership queries"

2015-07-23 07:15:51 +00:00 · 2015-07-23 07:15:51 +00:00 · 4ab94ced4d
parent a9c794ae5e 27a744e0bd
commit 4ab94ced4d
4 changed files with 38 additions and 26 deletions
--- a/keystone/identity/backends/sql.py
+++ b/keystone/identity/backends/sql.py
@ -211,28 +211,19 @@ class Identity(identity.Driver):
            session.delete(membership_ref)

    def list_groups_for_user(self, user_id, hints):
-        # TODO(henry-nash) We could implement full filtering here by enhancing
-        # the join below.  However, since it is likely to be a fairly rare
-        # occurrence to filter on more than the user_id already being used
-        # here, this is left as future enhancement and until then we leave
-        # it for the controller to do for us.
        session = sql.get_session()
        self.get_user(user_id)
        query = session.query(Group).join(UserGroupMembership)
        query = query.filter(UserGroupMembership.user_id == user_id)
+        query = sql.filter_limit_query(Group, query, hints)
        return [g.to_dict() for g in query]

    def list_users_in_group(self, group_id, hints):
-        # TODO(henry-nash) We could implement full filtering here by enhancing
-        # the join below.  However, since it is likely to be a fairly rare
-        # occurrence to filter on more than the group_id already being used
-        # here, this is left as future enhancement and until then we leave
-        # it for the controller to do for us.
        session = sql.get_session()
        self.get_group(group_id)
        query = session.query(User).join(UserGroupMembership)
        query = query.filter(UserGroupMembership.group_id == group_id)
-
+        query = sql.filter_limit_query(User, query, hints)
        return [identity.filter_user(u.to_dict()) for u in query]

    def delete_user(self, user_id):
--- a/keystone/tests/unit/test_backend.py
+++ b/keystone/tests/unit/test_backend.py
@ -5838,6 +5838,31 @@ class FilterTests(filtering.FilterTests):
        users = self.identity_api.list_users(hints=hints)
        self.assertEqual([], users)

+    def test_list_users_in_group_filtered(self):
+        number_of_users = 10
+        user_name_data = {
+            1: 'Arthur Conan Doyle',
+            3: 'Arthur Rimbaud',
+            9: 'Arthur Schopenhauer',
+        }
+        user_list = self._create_test_data(
+            'user', number_of_users,
+            domain_id=DEFAULT_DOMAIN_ID, name_dict=user_name_data)
+        group = self._create_one_entity('group',
+                                        DEFAULT_DOMAIN_ID, 'Great Writers')
+        for i in range(7):
+            self.identity_api.add_user_to_group(user_list[i]['id'],
+                                                group['id'])
+
+        hints = driver_hints.Hints()
+        hints.add_filter('name', 'Arthur', comparator='startswith')
+        users = self.identity_api.list_users_in_group(group['id'], hints=hints)
+        self.assertThat(len(users), matchers.Equals(2))
+        self.assertIn(user_list[1]['id'], [users[0]['id'], users[1]['id']])
+        self.assertIn(user_list[3]['id'], [users[0]['id'], users[1]['id']])
+        self._delete_test_data('user', user_list)
+        self._delete_entity('group')(group['id'])
+

 class LimitTests(filtering.FilterTests):
    ENTITIES = ['user', 'group', 'project']
--- a/keystone/tests/unit/test_backend_ldap.py
+++ b/keystone/tests/unit/test_backend_ldap.py
@ -3035,3 +3035,14 @@ class LdapFilterTests(test_backend.FilterTests, tests.TestCase):
    def clear_database(self):
        for shelf in fakeldap.FakeShelves:
            fakeldap.FakeShelves[shelf].clear()
+
+    def test_list_users_in_group_filtered(self):
+        # The LDAP identity driver currently does not support filtering on the
+        # listing users for a given group, so will fail this test.
+        try:
+            super(LdapFilterTests, self).test_list_users_in_group_filtered()
+        except matchers.MismatchError:
+            return
+        # We shouldn't get here...if we do, it means someone has implemented
+        # filtering, so we can remove this test override.
+        self.assertTrue(False)
--- a/keystone/tests/unit/test_backend_sql.py
+++ b/keystone/tests/unit/test_backend_sql.py
@ -815,21 +815,6 @@ class SqlFilterTests(SqlTests, test_backend.FilterTests):
        groups = self.identity_api.list_groups()
        self.assertTrue(len(groups) > 0)

-    def test_groups_for_user_filtered(self):
-        # The SQL identity driver currently does not support filtering on the
-        # listing groups for a given user, so will fail this test. This is
-        # raised as bug #1412447.
-        try:
-            super(SqlFilterTests, self).test_groups_for_user_filtered()
-        except matchers.MismatchError:
-            return
-        # We shouldn't get here...if we do, it means someone has fixed the
-        # above defect, so we can remove this test override. As an aside, it
-        # would be nice to have used self.assertRaises() around the call above
-        # to achieve the logic here...but that does not seem to work when
-        # wrapping another assert (it won't seem to catch the error).
-        self.assertTrue(False)
-

 class SqlLimitTests(SqlTests, test_backend.LimitTests):
    def setUp(self):