def test_normal_authenticated_no_adapter(self):
# Authorization is denied when there's no adapter.
cache = {}
expected = [False]
observed = iter_authorization(
self.object, self.permission, self.principal, cache=cache)
self.assertEqual(expected, list(observed))
# The cache is not updated when there's no adapter.
self.assertEqual({}, cache)
def test_normal_authenticated_cached(self):
# Authorization is taken from the cache regardless of the presence of
# an adapter or its behaviour.
self.explode()
token = getrandbits(32)
expected = [token]
observed = iter_authorization(
self.object, self.permission, principal=self.principal,
cache={self.object: {self.permission: token}})
self.assertEqual(expected, list(observed))
def test_normal_authenticated_denied(self):
# The result of the registered IAuthorization adapter is returned.
self.deny()
cache = {}
expected = [False]
observed = iter_authorization(
self.object, self.permission, self.principal, cache=cache)
self.assertEqual(expected, list(observed))
# The cache is updated with the result.
self.assertEqual({self.object: {self.permission: False}}, cache)
def test_normal_unauthenticated_allowed(self):
# The result of the registered IAuthorization adapter is returned.
self.allow()
cache = {}
expected = [True]
observed = iter_authorization(
self.object, self.permission, principal=None, cache=cache)
self.assertEqual(expected, list(observed))
# The cache is updated with the result.
self.assertEqual({self.object: {self.permission: True}}, cache)
def test_normal_authenticated_no_adapter_cached(self):
# Authorization is taken from the cache even if an adapter is not
# registered. This situation - the cache holding a result for an
# object+permission for which there is no IAuthorization adapter -
# will not arise unless the cache is tampered with, so this test is
# solely for documentation.
token = getrandbits(32)
expected = [token]
observed = iter_authorization(
self.object, self.permission, self.principal,
cache={self.object: {self.permission: token}})
self.assertEqual(expected, list(observed))
def test_delegated_authenticated(self):
# Authorization is delegated and we see the results of authorization
# against the objects to which it has been delegated.
self.delegate()
cache = {}
expected = [True, False]
observed = iter_authorization(
self.object, self.permission, self.principal, cache=cache)
self.assertEqual(expected, list(observed))
# The cache is updated with the result of the leaf checks and not the
# delegated check.
cache_expected = {
Delegate.object_one: {Delegate.permission: True},
Delegate.object_two: {Delegate.permission: False},
}
self.assertEqual(cache_expected, cache)
