Beispiel #1
0
    def test_link(self, group_service, links_service):
        ann = mock.Mock()
        res = AnnotationContext(ann, group_service, links_service)

        result = res.link('json')

        links_service.get.assert_called_once_with(ann, 'json')
        assert result == links_service.get.return_value
Beispiel #2
0
    def test_link(self, group_service, links_service):
        ann = mock.Mock()
        res = AnnotationContext(ann, group_service, links_service)

        result = res.link("json")

        links_service.get.assert_called_once_with(ann, "json")
        assert result == links_service.get.return_value
Beispiel #3
0
 def test_acl_private(self, factories, group_service, links_service):
     ann = factories.Annotation(shared=False, userid='saoirse')
     res = AnnotationContext(ann, group_service, links_service)
     actual = res.__acl__()
     expect = [(security.Allow, 'saoirse', 'read'),
               (security.Allow, 'saoirse', 'admin'),
               (security.Allow, 'saoirse', 'update'),
               (security.Allow, 'saoirse', 'delete'), security.DENY_ALL]
     assert actual == expect
Beispiel #4
0
 def test_acl_private(self, factories, groupfinder_service, links_service):
     ann = factories.Annotation(shared=False, userid="saoirse")
     res = AnnotationContext(ann, groupfinder_service, links_service)
     actual = res.__acl__()
     # Note NOT the ``moderate`` permission
     expect = [
         (security.Allow, "saoirse", "read"),
         (security.Allow, "saoirse", "flag"),
         (security.Allow, "saoirse", "admin"),
         (security.Allow, "saoirse", "update"),
         (security.Allow, "saoirse", "delete"),
         security.DENY_ALL,
     ]
     assert actual == expect
Beispiel #5
0
 def test_acl_private(self, factories, group_service, links_service):
     ann = factories.Annotation(shared=False, userid="saoirse")
     res = AnnotationContext(ann, group_service, links_service)
     actual = res.__acl__()
     # Note NOT the ``moderate`` permission
     expect = [
         (security.Allow, "saoirse", "read"),
         (security.Allow, "saoirse", "flag"),
         (security.Allow, "saoirse", "admin"),
         (security.Allow, "saoirse", "update"),
         (security.Allow, "saoirse", "delete"),
         security.DENY_ALL,
     ]
     assert actual == expect
Beispiel #6
0
    def test_acl_shared(self,
                        factories,
                        pyramid_config,
                        pyramid_request,
                        groupid,
                        userid,
                        permitted,
                        group_service,
                        links_service):
        """
        Shared annotation contexts should delegate their 'read' permission to
        their containing group.
        """
        # Set up the test with a dummy authn policy and a real ACL authz
        # policy:
        policy = ACLAuthorizationPolicy()
        pyramid_config.testing_securitypolicy(userid)
        pyramid_config.set_authorization_policy(policy)

        ann = factories.Annotation(shared=True,
                                   userid='mioara',
                                   groupid=groupid)
        res = AnnotationContext(ann, group_service, links_service)

        if permitted:
            assert pyramid_request.has_permission('read', res)
        else:
            assert not pyramid_request.has_permission('read', res)
Beispiel #7
0
    def test_acl_moderate_shared(
        self,
        factories,
        pyramid_config,
        pyramid_request,
        groupid,
        userid,
        permitted,
        groupfinder_service,
        links_service,
    ):
        """
        Moderate permissions should only be applied when an annotation
        is shared—as the annotation here is shared, anyone set as a principal
        for the given ``FakeGroup`` will receive the ``moderate`` permission.
        """
        # Set up the test with a dummy authn policy and a real ACL authz
        # policy:
        policy = ACLAuthorizationPolicy()
        pyramid_config.testing_securitypolicy(userid)
        pyramid_config.set_authorization_policy(policy)

        ann = factories.Annotation(shared=True,
                                   userid="mioara",
                                   groupid=groupid)
        res = AnnotationContext(ann, groupfinder_service, links_service)

        if permitted:
            assert pyramid_request.has_permission("moderate", res)
        else:
            assert not pyramid_request.has_permission("moderate", res)
Beispiel #8
0
    def test_acl_flag_shared(
        self,
        factories,
        pyramid_config,
        pyramid_request,
        groupid,
        userid,
        permitted,
        groupfinder_service,
        links_service,
    ):
        """
        Flag permissions should echo read permissions with the exception that
        `Security.Everyone` does not get the permission
        """
        # Set up the test with a dummy authn policy and a real ACL authz
        # policy:
        policy = ACLAuthorizationPolicy()
        pyramid_config.testing_securitypolicy(userid)
        pyramid_config.set_authorization_policy(policy)

        ann = factories.Annotation(shared=True,
                                   userid="mioara",
                                   groupid=groupid)
        res = AnnotationContext(ann, groupfinder_service, links_service)

        if permitted:
            assert pyramid_request.has_permission("flag", res)
        else:
            assert not pyramid_request.has_permission("flag", res)
Beispiel #9
0
    def test_links(self, groupfinder_service, links_service):
        ann = mock.Mock()
        res = AnnotationContext(ann, groupfinder_service, links_service)

        result = res.links

        links_service.get_all.assert_called_once_with(ann)
        assert result == links_service.get_all.return_value
Beispiel #10
0
Datei: roots.py Projekt: ziqizh/h 
    def __getitem__(self, id):
        annotation = storage.fetch_annotation(self.request.db, id)
        if annotation is None:
            raise KeyError()

        group_service = self.request.find_service(IGroupService)
        links_service = self.request.find_service(name='links')
        return AnnotationContext(annotation, group_service, links_service)
Beispiel #11
0
    def test_acl_deleted(self, factories, group_service, links_service):
        """
        Nobody -- not even the owner -- should have any permissions on a
        deleted annotation.
        """
        policy = ACLAuthorizationPolicy()

        ann = factories.Annotation(userid='saoirse', deleted=True)
        res = AnnotationContext(ann, group_service, links_service)

        for perm in ['read', 'admin', 'update', 'delete']:
            assert not policy.permits(res, ['saiorse'], perm)
Beispiel #12
0
    def test_acl_deleted(self, factories, groupfinder_service, links_service):
        """
        Nobody -- not even the owner -- should have any permissions on a
        deleted annotation.
        """
        policy = ACLAuthorizationPolicy()

        ann = factories.Annotation(userid="saoirse", deleted=True)
        res = AnnotationContext(ann, groupfinder_service, links_service)

        for perm in ["read", "admin", "update", "delete", "moderate"]:
            assert not policy.permits(res, ["saiorse"], perm)
Beispiel #13
0
    def test_acl_shared_admin_perms(self, factories, group_service, links_service):
        """
        Shared annotation contexts should still only give admin/update/delete
        permissions to the owner.
        """
        policy = ACLAuthorizationPolicy()

        ann = factories.Annotation(shared=False, userid='saoirse')
        res = AnnotationContext(ann, group_service, links_service)

        for perm in ['admin', 'update', 'delete']:
            assert policy.permits(res, ['saoirse'], perm)
            assert not policy.permits(res, ['someoneelse'], perm)