def test_acl_applies_group_model_acl_if_group_is_not_None(
self, pyramid_config, pyramid_request, factories):
group = factories.Group()
policy = ACLAuthorizationPolicy()
pyramid_config.testing_securitypolicy(
'acct:adminuser@foo', groupids=[security.Authenticated])
pyramid_config.set_authorization_policy(policy)
context = GroupUpsertContext(group=group, request=pyramid_request)
assert context.__acl__() == group.__acl__()
def test_acl_applies_group_model_acl_if_group_is_not_None(
self, pyramid_config, pyramid_request, factories
):
group = factories.Group()
policy = ACLAuthorizationPolicy()
pyramid_config.testing_securitypolicy(
"acct:adminuser@foo", groupids=[security.Authenticated]
)
pyramid_config.set_authorization_policy(policy)
context = GroupUpsertContext(group=group, request=pyramid_request)
assert context.__acl__() == group.__acl__()
def test_acl_denies_root_upsert_if_no_user_role_and_no_group(
self, pyramid_config, pyramid_request):
policy = ACLAuthorizationPolicy()
pyramid_config.testing_securitypolicy(
'acct:adminuser@foo', groupids=[security.Authenticated])
pyramid_config.set_authorization_policy(policy)
context = GroupUpsertContext(group=None, request=pyramid_request)
assert not pyramid_request.has_permission('upsert', context)
def test_acl_applies_root_upsert_to_user_role_when_no_group(
self, pyramid_config, pyramid_request):
policy = ACLAuthorizationPolicy()
pyramid_config.testing_securitypolicy(
"acct:adminuser@foo", groupids=[security.Authenticated, role.User])
pyramid_config.set_authorization_policy(policy)
context = GroupUpsertContext(group=None, request=pyramid_request)
assert pyramid_request.has_permission("upsert", context)
def test_acl_does_not_apply_root_upsert_permission_if_group_is_not_None(
self, pyramid_config, pyramid_request, factories):
group = factories.Group()
policy = ACLAuthorizationPolicy()
pyramid_config.testing_securitypolicy(
'acct:adminuser@foo', groupids=[security.Authenticated, role.User])
pyramid_config.set_authorization_policy(policy)
context = GroupUpsertContext(group=group, request=pyramid_request)
# an `upsert` permission could be present in the ACL via the model IF the current
# user were the creator, but they're not
assert not pyramid_request.has_permission('upsert', context)
