def setUp(self):
self.authz = AuthorizationPolicy()
self.authz.get_bound_permissions = mock.sentinel.get_bound_perms
self.request = DummyRequest(method='GET')
self.context = RouteFactory(self.request)
self.context.on_collection = True
self.context.check_permission = mock.Mock(return_value=False)
def setUp(self):
self.authz = AuthorizationPolicy()
self.authz.get_bound_permissions = mock.sentinel.get_bound_perms
self.context = mock.MagicMock()
self.context.get_prefixed_userid.return_value = None
self.context.allowed_principals = []
self.context.object_id = mock.sentinel.object_id
self.context.required_permission = 'read'
self.principals = []
self.permission = 'dynamic'
def setUp(self):
self.authz = AuthorizationPolicy()
self.authz.get_bound_permissions = mock.sentinel.get_bound_perms
self.request = DummyRequest(method='GET')
self.context = RouteFactory(self.request)
self.context.on_collection = True
self.context.check_permission = mock.Mock(return_value=False)
def setUp(self):
self.authz = AuthorizationPolicy()
self.authz.get_bound_permissions = mock.sentinel.get_bound_perms
self.context = mock.MagicMock()
self.context.object_id = mock.sentinel.object_id
self.context.required_permission = 'read'
self.principals = mock.sentinel.principals
self.permission = 'dynamic'
class GuestAuthorizationPolicyTest(unittest.TestCase):
def setUp(self):
self.authz = AuthorizationPolicy()
self.authz.get_bound_permissions = mock.sentinel.get_bound_perms
self.request = DummyRequest(method='GET')
self.context = RouteFactory(self.request)
self.context.on_collection = True
self.context.check_permission = mock.Mock(return_value=False)
def test_permits_returns_true_if_collection_and_shared_records(self):
self.context.fetch_shared_records = mock.MagicMock(return_value=[
'record1', 'record2'])
allowed = self.authz.permits(self.context, ['userid'], 'dynamic')
self.context.fetch_shared_records.assert_called_with(
'read',
['userid', 'basicauth:bob', 'basicauth_bob'],
get_bound_permissions=mock.sentinel.get_bound_perms)
self.assertTrue(allowed)
def test_permits_does_not_return_true_if_not_collection(self):
self.context.on_collection = False
allowed = self.authz.permits(self.context, ['userid'], 'dynamic')
self.assertFalse(allowed)
def test_permits_does_not_return_true_if_not_list_operation(self):
self.context.required_permission = 'create'
allowed = self.authz.permits(self.context, ['userid'], 'dynamic')
self.assertFalse(allowed)
allowed = self.authz.permits(self.context, ['userid'], 'create')
self.assertFalse(allowed)
def test_permits_returns_false_if_collection_is_unknown(self):
self.context.fetch_shared_records = mock.MagicMock(return_value=[])
allowed = self.authz.permits(self.context, ['userid'], 'dynamic')
self.context.fetch_shared_records.assert_called_with(
'read',
['userid', 'basicauth:bob', 'basicauth_bob'],
get_bound_permissions=mock.sentinel.get_bound_perms)
self.assertFalse(allowed)
class GuestAuthorizationPolicyTest(unittest.TestCase):
def setUp(self):
self.authz = AuthorizationPolicy()
self.authz.get_bound_permissions = mock.sentinel.get_bound_perms
self.request = DummyRequest(method='GET')
self.context = RouteFactory(self.request)
self.context.on_collection = True
self.context.check_permission = mock.Mock(return_value=False)
def test_permits_returns_true_if_collection_and_shared_records(self):
self.context.fetch_shared_records = mock.MagicMock(return_value=[
'record1', 'record2'])
allowed = self.authz.permits(self.context, ['userid'], 'dynamic')
self.context.fetch_shared_records.assert_called_with(
'read',
['userid'],
get_bound_permissions=mock.sentinel.get_bound_perms)
self.assertTrue(allowed)
def test_permits_does_not_return_true_if_not_collection(self):
self.context.on_collection = False
allowed = self.authz.permits(self.context, ['userid'], 'dynamic')
self.assertFalse(allowed)
def test_permits_does_not_return_true_if_not_list_operation(self):
self.context.required_permission = 'create'
allowed = self.authz.permits(self.context, ['userid'], 'dynamic')
self.assertFalse(allowed)
allowed = self.authz.permits(self.context, ['userid'], 'create')
self.assertFalse(allowed)
def test_permits_returns_false_if_collection_is_unknown(self):
self.context.fetch_shared_records = mock.MagicMock(return_value=[])
allowed = self.authz.permits(self.context, ['userid'], 'dynamic')
self.context.fetch_shared_records.assert_called_with(
'read',
['userid'],
get_bound_permissions=mock.sentinel.get_bound_perms)
self.assertFalse(allowed)
class AuthorizationPolicyTest(unittest.TestCase):
def setUp(self):
self.authz = AuthorizationPolicy()
self.authz.get_bound_permissions = mock.sentinel.get_bound_perms
self.context = mock.MagicMock()
self.context.object_id = mock.sentinel.object_id
self.context.required_permission = 'read'
self.principals = mock.sentinel.principals
self.permission = 'dynamic'
def test_permits_refers_to_context_to_check_permissions(self):
self.context.check_permission.return_value = True
allowed = self.authz.permits(self.context, self.principals, 'dynamic')
self.assertTrue(allowed)
def test_permits_reads_the_context_when_permission_is_dynamic(self):
self.authz.permits(self.context, self.principals, 'dynamic')
self.context.check_permission.assert_called_with(
'read',
mock.sentinel.principals,
get_bound_permissions=mock.sentinel.get_bound_perms)
def test_permits_consider_permission_when_not_dynamic(self):
self.authz.permits(self.context, self.principals, 'foobar')
self.context.check_permission.assert_called_with(
'foobar',
mock.sentinel.principals,
get_bound_permissions=mock.sentinel.get_bound_perms)
def test_permits_prepend_obj_type_to_permission_on_create(self):
self.context.required_permission = 'create'
self.context.resource_name = 'record'
self.authz.permits(self.context, self.principals, 'dynamic')
self.context.check_permission.assert_called_with(
'record:create',
mock.sentinel.principals,
get_bound_permissions=mock.sentinel.get_bound_perms)
class AuthorizationPolicyTest(unittest.TestCase):
def setUp(self):
self.authz = AuthorizationPolicy()
self.authz.get_bound_permissions = mock.sentinel.get_bound_perms
self.context = mock.MagicMock()
self.context.prefixed_userid = None
self.context.allowed_principals = []
self.context.object_id = mock.sentinel.object_id
self.context.required_permission = 'read'
self.principals = []
self.permission = 'dynamic'
def test_permits_does_not_refer_to_context_if_permission_is_private(self):
self.assertFalse(self.authz.permits(None, [], 'private'))
def test_permits_return_if_authenticated_when_permission_is_private(self):
self.assertTrue(self.authz.permits(None,
['system.Authenticated'],
'private'))
def test_permits_refers_to_context_to_check_permissions(self):
self.context.check_permission.return_value = True
allowed = self.authz.permits(self.context, self.principals, 'dynamic')
self.assertTrue(allowed)
def test_permits_refers_to_context_to_check_permission_principals(self):
self.context.check_permission.return_value = False
self.context.allowed_principals = ['fxa:user']
allowed = self.authz.permits(
self.context, ['fxa:user', 'system.Authenticated'], 'dynamic')
self.assertTrue(allowed)
def test_permits_reads_the_context_when_permission_is_dynamic(self):
self.authz.permits(self.context, self.principals, 'dynamic')
self.context.check_permission.assert_called_with(
'read',
self.principals,
get_bound_permissions=mock.sentinel.get_bound_perms)
def test_permits_consider_permission_when_not_dynamic(self):
self.authz.permits(self.context, self.principals, 'foobar')
self.context.check_permission.assert_called_with(
'foobar',
self.principals,
get_bound_permissions=mock.sentinel.get_bound_perms)
def test_permits_prepend_obj_type_to_permission_on_create(self):
self.context.required_permission = 'create'
self.context.resource_name = 'record'
self.authz.permits(self.context, self.principals, 'dynamic')
self.context.check_permission.assert_called_with(
'record:create',
self.principals,
get_bound_permissions=mock.sentinel.get_bound_perms)
def test_permits_takes_route_factory_allowed_principals_into_account(self):
self.context.resource_name = 'record'
self.context.required_permission = 'create'
self.context.allowed_principals = ['fxa:user']
has_permission = self.authz.permits(
self.context, ['fxa:user'], 'dynamic')
self.context.check_permission.assert_not_called()
self.assertTrue(has_permission)
def test_prefixed_userid_is_added_to_principals(self):
self.context.prefixed_userid = 'fxa:userid'
self.authz.permits(self.context, self.principals, 'foobar')
self.context.check_permission.assert_called_with(
'foobar',
self.principals + ['fxa:userid', 'fxa_userid'],
get_bound_permissions=mock.sentinel.get_bound_perms)
def test_unprefixed_userid_is_removed_from_principals(self):
self.context.prefixed_userid = 'fxa:userid'
self.authz.permits(self.context, ['userid'], 'foobar')
self.context.check_permission.assert_called_with(
'foobar',
['fxa:userid', 'fxa_userid'],
get_bound_permissions=mock.sentinel.get_bound_perms)
class AuthorizationPolicyTest(unittest.TestCase):
def setUp(self):
self.authz = AuthorizationPolicy()
self.authz.get_bound_permissions = mock.sentinel.get_bound_perms
self.context = mock.MagicMock()
self.context.get_prefixed_userid.return_value = None
self.context.allowed_principals = []
self.context.object_id = mock.sentinel.object_id
self.context.required_permission = 'read'
self.principals = []
self.permission = 'dynamic'
def test_permits_does_not_refer_to_context_if_permission_is_private(self):
self.assertFalse(self.authz.permits(None, [], 'private'))
def test_permits_return_if_authenticated_when_permission_is_private(self):
self.assertTrue(self.authz.permits(None,
['system.Authenticated'],
'private'))
def test_permits_refers_to_context_to_check_permissions(self):
self.context.check_permission.return_value = True
allowed = self.authz.permits(self.context, self.principals, 'dynamic')
self.assertTrue(allowed)
def test_permits_refers_to_context_to_check_permission_principals(self):
self.context.check_permission.return_value = False
self.context.allowed_principals = ['fxa:user']
allowed = self.authz.permits(
self.context, ['fxa:user', 'system.Authenticated'], 'dynamic')
self.assertTrue(allowed)
def test_permits_reads_the_context_when_permission_is_dynamic(self):
self.authz.permits(self.context, self.principals, 'dynamic')
self.context.check_permission.assert_called_with(
'read',
self.principals,
get_bound_permissions=mock.sentinel.get_bound_perms)
def test_permits_consider_permission_when_not_dynamic(self):
self.authz.permits(self.context, self.principals, 'foobar')
self.context.check_permission.assert_called_with(
'foobar',
self.principals,
get_bound_permissions=mock.sentinel.get_bound_perms)
def test_permits_prepend_obj_type_to_permission_on_create(self):
self.context.required_permission = 'create'
self.context.resource_name = 'record'
self.authz.permits(self.context, self.principals, 'dynamic')
self.context.check_permission.assert_called_with(
'record:create',
self.principals,
get_bound_permissions=mock.sentinel.get_bound_perms)
def test_permits_takes_route_factory_allowed_principals_into_account(self):
self.context.resource_name = 'record'
self.context.required_permission = 'create'
self.context.allowed_principals = ['fxa:user']
has_permission = self.authz.permits(
self.context, ['fxa:user'], 'dynamic')
self.context.check_permission.assert_not_called()
self.assertTrue(has_permission)
def test_prefixed_userid_is_added_to_principals(self):
self.context.get_prefixed_userid.return_value = 'fxa:userid'
self.authz.permits(self.context, self.principals, 'foobar')
self.context.check_permission.assert_called_with(
'foobar',
self.principals + ['fxa:userid', 'fxa_userid'],
get_bound_permissions=mock.sentinel.get_bound_perms)
def test_unprefixed_userid_is_removed_from_principals(self):
self.context.get_prefixed_userid.return_value = 'fxa:userid'
self.authz.permits(self.context, ['userid'], 'foobar')
self.context.check_permission.assert_called_with(
'foobar',
['fxa:userid', 'fxa_userid'],
get_bound_permissions=mock.sentinel.get_bound_perms)
