Too long role name raises error

LayerManager · Dec 15, 2023 · 348a692 · 348a692
1 parent c4e9c18
commit 348a692
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/doc/models.md b/doc/models.md
@@ -81,7 +81,7 @@
 ## Role
 - Role is any group of users. One user can be assigned to multiple roles.
 - Each role is identified by name that is unique among all roles.
-- The name is upper-case (in contrast with [username](#username)).
+- The name is upper-case (in contrast with [username](#username)), maximum length is 64 characters.
 - Roles can be used for assigning access rights.
 
 ## Workspace

diff --git a/src/layman/authz/role_service.py b/src/layman/authz/role_service.py
@@ -1,7 +1,7 @@
 from db import util as db_util
 from layman import settings
 
-ROLE_NAME_PATTERN = r'^[A-Z][A-Z0-9]*(?:_[A-Z0-9]+)*$'
+ROLE_NAME_PATTERN = r'^(?!.{65,})[A-Z][A-Z0-9]*(?:_[A-Z0-9]+)*$'
 
 
 def get_user_roles(username):

diff --git a/src/layman/common/prime_db_schema/publications_test.py b/src/layman/common/prime_db_schema/publications_test.py
@@ -63,12 +63,13 @@ def test_raises(cls):
 class TestOnlyValidRoleNames:
     role1 = 'TEST_ONLY_VALID_ROLE_NAMES_ROLE1'
     role2 = 'TEST_ONLY_VALID_ROLE_NAMES_ROLE2'
+    role64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_ABCDEFGHIJKLMNOPQRSTUVWXYZ_ABCDEFGHIJ'
     user = 'TEST_ONLY_VALID_ROLE_NAMES_USER'
     non_existent_role = 'TEST_ONLY_VALID_ROLE_NAMES_NON_EXISTENT_ROLE'
 
     @pytest.fixture(scope="class", autouse=True)
     def provide_data(self, request):
-        roles = [self.role1, self.role2]
+        roles = [self.role1, self.role2, self.role64]
         for role in roles:
             ensure_role(role)
         ensure_user(self.user, '11')
@@ -82,6 +83,7 @@ def provide_data(self, request):
         pytest.param({role1}, id='one-existing-role'),
         pytest.param({role1, role2}, id='two-existing-roles'),
         pytest.param({'EVERYONE'}, id='everyone-role'),
+        pytest.param({role64}, id='64-characters'),
     ])
     def test_ok(self, roles):
         publications.only_valid_role_names(roles)
@@ -99,6 +101,7 @@ def test_ok(self, roles):
         pytest.param({f'ADMIN'}, id='ADMIN'),
         pytest.param({f'ADMIN_GROUP'}, id='ADMIN_GROUP'),
         pytest.param({settings.LAYMAN_GS_ROLE}, id='value-of-LAYMAN_GS_ROLE'),
+        pytest.param({'ABCDEFGHIJKLMNOPQRSTUVWXYZ_ABCDEFGHIJKLMNOPQRSTUVWXYZ_ABCDEFGHIJK'}, id='65-characters'),
     ])
     def test_raises(self, roles):
         with pytest.raises(LaymanError) as exc_info: