def test_link(self, group_service, links_service): ann = mock.Mock() res = AnnotationContext(ann, group_service, links_service) result = res.link('json') links_service.get.assert_called_once_with(ann, 'json') assert result == links_service.get.return_value
def test_link(self, group_service, links_service): ann = mock.Mock() res = AnnotationContext(ann, group_service, links_service) result = res.link("json") links_service.get.assert_called_once_with(ann, "json") assert result == links_service.get.return_value
def test_acl_private(self, factories, group_service, links_service): ann = factories.Annotation(shared=False, userid='saoirse') res = AnnotationContext(ann, group_service, links_service) actual = res.__acl__() expect = [(security.Allow, 'saoirse', 'read'), (security.Allow, 'saoirse', 'admin'), (security.Allow, 'saoirse', 'update'), (security.Allow, 'saoirse', 'delete'), security.DENY_ALL] assert actual == expect
def test_acl_private(self, factories, groupfinder_service, links_service): ann = factories.Annotation(shared=False, userid="saoirse") res = AnnotationContext(ann, groupfinder_service, links_service) actual = res.__acl__() # Note NOT the ``moderate`` permission expect = [ (security.Allow, "saoirse", "read"), (security.Allow, "saoirse", "flag"), (security.Allow, "saoirse", "admin"), (security.Allow, "saoirse", "update"), (security.Allow, "saoirse", "delete"), security.DENY_ALL, ] assert actual == expect
def test_acl_private(self, factories, group_service, links_service): ann = factories.Annotation(shared=False, userid="saoirse") res = AnnotationContext(ann, group_service, links_service) actual = res.__acl__() # Note NOT the ``moderate`` permission expect = [ (security.Allow, "saoirse", "read"), (security.Allow, "saoirse", "flag"), (security.Allow, "saoirse", "admin"), (security.Allow, "saoirse", "update"), (security.Allow, "saoirse", "delete"), security.DENY_ALL, ] assert actual == expect
def test_acl_shared(self, factories, pyramid_config, pyramid_request, groupid, userid, permitted, group_service, links_service): """ Shared annotation contexts should delegate their 'read' permission to their containing group. """ # Set up the test with a dummy authn policy and a real ACL authz # policy: policy = ACLAuthorizationPolicy() pyramid_config.testing_securitypolicy(userid) pyramid_config.set_authorization_policy(policy) ann = factories.Annotation(shared=True, userid='mioara', groupid=groupid) res = AnnotationContext(ann, group_service, links_service) if permitted: assert pyramid_request.has_permission('read', res) else: assert not pyramid_request.has_permission('read', res)
def test_acl_moderate_shared( self, factories, pyramid_config, pyramid_request, groupid, userid, permitted, groupfinder_service, links_service, ): """ Moderate permissions should only be applied when an annotation is shared—as the annotation here is shared, anyone set as a principal for the given ``FakeGroup`` will receive the ``moderate`` permission. """ # Set up the test with a dummy authn policy and a real ACL authz # policy: policy = ACLAuthorizationPolicy() pyramid_config.testing_securitypolicy(userid) pyramid_config.set_authorization_policy(policy) ann = factories.Annotation(shared=True, userid="mioara", groupid=groupid) res = AnnotationContext(ann, groupfinder_service, links_service) if permitted: assert pyramid_request.has_permission("moderate", res) else: assert not pyramid_request.has_permission("moderate", res)
def test_acl_flag_shared( self, factories, pyramid_config, pyramid_request, groupid, userid, permitted, groupfinder_service, links_service, ): """ Flag permissions should echo read permissions with the exception that `Security.Everyone` does not get the permission """ # Set up the test with a dummy authn policy and a real ACL authz # policy: policy = ACLAuthorizationPolicy() pyramid_config.testing_securitypolicy(userid) pyramid_config.set_authorization_policy(policy) ann = factories.Annotation(shared=True, userid="mioara", groupid=groupid) res = AnnotationContext(ann, groupfinder_service, links_service) if permitted: assert pyramid_request.has_permission("flag", res) else: assert not pyramid_request.has_permission("flag", res)
def test_links(self, groupfinder_service, links_service): ann = mock.Mock() res = AnnotationContext(ann, groupfinder_service, links_service) result = res.links links_service.get_all.assert_called_once_with(ann) assert result == links_service.get_all.return_value
def __getitem__(self, id): annotation = storage.fetch_annotation(self.request.db, id) if annotation is None: raise KeyError() group_service = self.request.find_service(IGroupService) links_service = self.request.find_service(name='links') return AnnotationContext(annotation, group_service, links_service)
def test_acl_deleted(self, factories, group_service, links_service): """ Nobody -- not even the owner -- should have any permissions on a deleted annotation. """ policy = ACLAuthorizationPolicy() ann = factories.Annotation(userid='saoirse', deleted=True) res = AnnotationContext(ann, group_service, links_service) for perm in ['read', 'admin', 'update', 'delete']: assert not policy.permits(res, ['saiorse'], perm)
def test_acl_deleted(self, factories, groupfinder_service, links_service): """ Nobody -- not even the owner -- should have any permissions on a deleted annotation. """ policy = ACLAuthorizationPolicy() ann = factories.Annotation(userid="saoirse", deleted=True) res = AnnotationContext(ann, groupfinder_service, links_service) for perm in ["read", "admin", "update", "delete", "moderate"]: assert not policy.permits(res, ["saiorse"], perm)
def test_acl_shared_admin_perms(self, factories, group_service, links_service): """ Shared annotation contexts should still only give admin/update/delete permissions to the owner. """ policy = ACLAuthorizationPolicy() ann = factories.Annotation(shared=False, userid='saoirse') res = AnnotationContext(ann, group_service, links_service) for perm in ['admin', 'update', 'delete']: assert policy.permits(res, ['saoirse'], perm) assert not policy.permits(res, ['someoneelse'], perm)