def test_map_principals_with_local_roles(self, db_session, root):
from kotti.security import get_principals
from kotti.security import map_principals_with_local_roles
self.test_principals_with_local_roles(db_session, root)
child = root["child"]
P = get_principals()
# No users are defined in P, thus we get the empty list:
assert map_principals_with_local_roles(root) == []
P["bob"] = {"name": "bob"}
P["group:bobsgroup"] = {"name": "group:bobsgroup"}
value = map_principals_with_local_roles(root)
assert len(value) == 1
bob, (bob_all, bob_inherited) = value[0]
assert bob_all == ["group:bobsgroup"]
assert bob_inherited == []
value = map_principals_with_local_roles(child)
assert len(value) == 2
bob, (bob_all, bob_inherited) = value[0]
bobsgroup, (bobsgroup_all, bobsgroup_inherited) = value[1]
assert set(bob_all) == {"group:bobsgroup", "role:editor"}
assert set(bob_inherited) == {"group:bobsgroup", "role:editor"}
assert bobsgroup_all == ["role:editor"]
assert bobsgroup_inherited == []
def test_map_principals_with_local_roles(self, db_session, root):
from kotti.security import get_principals
from kotti.security import map_principals_with_local_roles
self.test_principals_with_local_roles(db_session, root)
child = root[u'child']
P = get_principals()
# No users are defined in P, thus we get the empty list:
assert map_principals_with_local_roles(root) == []
P['bob'] = {'name': u'bob'}
P['group:bobsgroup'] = {'name': u'group:bobsgroup'}
value = map_principals_with_local_roles(root)
assert len(value) == 1
bob, (bob_all, bob_inherited) = value[0]
assert bob_all == ['group:bobsgroup']
assert bob_inherited == []
value = map_principals_with_local_roles(child)
assert len(value) == 2
bob, (bob_all, bob_inherited) = value[0]
bobsgroup, (bobsgroup_all, bobsgroup_inherited) = value[1]
assert (set(bob_all) == set(['group:bobsgroup', 'role:editor']))
assert (set(bob_inherited) == set(['group:bobsgroup', 'role:editor']))
assert bobsgroup_all == ['role:editor']
assert bobsgroup_inherited == []
def test_principals_with_local_roles(self, db_session, root):
from kotti.resources import Node
from kotti.security import map_principals_with_local_roles
from kotti.security import principals_with_local_roles
from kotti.security import set_groups
child = root["child"] = Node()
db_session.flush()
assert principals_with_local_roles(root) == []
assert principals_with_local_roles(child) == []
assert map_principals_with_local_roles(root) == []
assert map_principals_with_local_roles(child) == []
set_groups("group:bobsgroup", child, ["role:editor"])
set_groups("bob", root, ["group:bobsgroup"])
set_groups("group:franksgroup", root, ["role:editor"])
assert set(principals_with_local_roles(child)) == {
"bob",
"group:bobsgroup",
"group:franksgroup",
}
assert set(principals_with_local_roles(
child, inherit=False)) == {"group:bobsgroup"}
assert set(
principals_with_local_roles(root)) == {"bob", "group:franksgroup"}
def test_principals_with_local_roles(self, db_session, root):
from kotti.resources import Node
from kotti.security import map_principals_with_local_roles
from kotti.security import principals_with_local_roles
from kotti.security import set_groups
child = root[u'child'] = Node()
db_session.flush()
assert principals_with_local_roles(root) == []
assert principals_with_local_roles(child) == []
assert map_principals_with_local_roles(root) == []
assert map_principals_with_local_roles(child) == []
set_groups('group:bobsgroup', child, ['role:editor'])
set_groups('bob', root, ['group:bobsgroup'])
set_groups('group:franksgroup', root, ['role:editor'])
assert (set(principals_with_local_roles(child)) == {
'bob', 'group:bobsgroup', 'group:franksgroup'
})
assert (set(principals_with_local_roles(
child, inherit=False)) == {'group:bobsgroup'})
assert (set(
principals_with_local_roles(root)) == {'bob', 'group:franksgroup'})
def test_principals_with_local_roles(self, db_session, root):
from kotti.resources import Node
from kotti.security import map_principals_with_local_roles
from kotti.security import principals_with_local_roles
from kotti.security import set_groups
child = root[u'child'] = Node()
db_session.flush()
assert principals_with_local_roles(root) == []
assert principals_with_local_roles(child) == []
assert map_principals_with_local_roles(root) == []
assert map_principals_with_local_roles(child) == []
set_groups('group:bobsgroup', child, ['role:editor'])
set_groups('bob', root, ['group:bobsgroup'])
set_groups('group:franksgroup', root, ['role:editor'])
assert (
set(principals_with_local_roles(child)) ==
set(['bob', 'group:bobsgroup', 'group:franksgroup'])
)
assert (
set(principals_with_local_roles(child, inherit=False)) ==
set(['group:bobsgroup'])
)
assert (
set(principals_with_local_roles(root)) ==
set(['bob', 'group:franksgroup'])
)
def test_map_principals_with_local_roles(self, db_session, root):
from kotti.security import get_principals
from kotti.security import map_principals_with_local_roles
self.test_principals_with_local_roles(db_session, root)
child = root[u'child']
P = get_principals()
# No users are defined in P, thus we get the empty list:
assert map_principals_with_local_roles(root) == []
P['bob'] = {'name': u'bob'}
P['group:bobsgroup'] = {'name': u'group:bobsgroup'}
value = map_principals_with_local_roles(root)
assert len(value) == 1
bob, (bob_all, bob_inherited) = value[0]
assert bob_all == ['group:bobsgroup']
assert bob_inherited == []
value = map_principals_with_local_roles(child)
assert len(value) == 2
bob, (bob_all, bob_inherited) = value[0]
bobsgroup, (bobsgroup_all, bobsgroup_inherited) = value[1]
assert (set(bob_all) == {'group:bobsgroup', 'role:editor'})
assert (set(bob_inherited) == {'group:bobsgroup', 'role:editor'})
assert bobsgroup_all == ['role:editor']
assert bobsgroup_inherited == []
def test_map_principals_with_local_roles(self):
from kotti.resources import get_root
from kotti.security import get_principals
from kotti.security import map_principals_with_local_roles
self.test_principals_with_local_roles()
root = get_root()
child = root[u'child']
P = get_principals()
# No users are defined in P, thus we get the empty list:
self.assertEqual(map_principals_with_local_roles(root), [])
P['bob'] = {'name': u'bob'}
P['group:bobsgroup'] = {'name': u'group:bobsgroup'}
value = map_principals_with_local_roles(root)
self.assertEqual(len(value), 1)
bob, (bob_all, bob_inherited) = value[0]
self.assertEqual(bob_all, ['group:bobsgroup'])
self.assertEqual(bob_inherited, [])
value = map_principals_with_local_roles(child)
self.assertEqual(len(value), 2)
bob, (bob_all, bob_inherited) = value[0]
bobsgroup, (bobsgroup_all, bobsgroup_inherited) = value[1]
self.assertEqual(set(bob_all),
set(['group:bobsgroup', 'role:editor']))
self.assertEqual(set(bob_inherited),
set(['group:bobsgroup', 'role:editor']))
self.assertEqual(bobsgroup_all, ['role:editor'])
self.assertEqual(bobsgroup_inherited, [])
def test_principals_with_local_roles(self):
from kotti import DBSession
from kotti.resources import get_root
from kotti.resources import Node
from kotti.security import map_principals_with_local_roles
from kotti.security import principals_with_local_roles
from kotti.security import set_groups
root = get_root()
child = root[u'child'] = Node()
DBSession.flush()
self.assertEqual(principals_with_local_roles(root), [])
self.assertEqual(principals_with_local_roles(child), [])
self.assertEqual(map_principals_with_local_roles(root), [])
self.assertEqual(map_principals_with_local_roles(child), [])
set_groups('group:bobsgroup', child, ['role:editor'])
set_groups('bob', root, ['group:bobsgroup'])
set_groups('group:franksgroup', root, ['role:editor'])
self.assertEqual(
set(principals_with_local_roles(child)),
set(['bob', 'group:bobsgroup', 'group:franksgroup'])
)
self.assertEqual(
set(principals_with_local_roles(child, inherit=False)),
set(['group:bobsgroup'])
)
self.assertEqual(
set(principals_with_local_roles(root)),
set(['bob', 'group:franksgroup'])
)
def test_map_principals_with_local_roles(self):
from kotti.resources import get_root
from kotti.security import get_principals
from kotti.security import map_principals_with_local_roles
self.test_principals_with_local_roles()
root = get_root()
child = root[u'child']
P = get_principals()
# No users are defined in P, thus we get the empty list:
self.assertEqual(map_principals_with_local_roles(root), [])
P['bob'] = {'name': u'bob'}
P['group:bobsgroup'] = {'name': u'group:bobsgroup'}
value = map_principals_with_local_roles(root)
self.assertEqual(len(value), 1)
bob, (bob_all, bob_inherited) = value[0]
self.assertEqual(bob_all, ['group:bobsgroup'])
self.assertEqual(bob_inherited, [])
value = map_principals_with_local_roles(child)
self.assertEqual(len(value), 2)
bob, (bob_all, bob_inherited) = value[0]
bobsgroup, (bobsgroup_all, bobsgroup_inherited) = value[1]
self.assertEqual(set(bob_all), set(['group:bobsgroup', 'role:editor']))
self.assertEqual(set(bob_inherited),
set(['group:bobsgroup', 'role:editor']))
self.assertEqual(bobsgroup_all, ['role:editor'])
self.assertEqual(bobsgroup_inherited, [])
def test_principals_with_local_roles(self):
from kotti import DBSession
from kotti.resources import get_root
from kotti.resources import Node
from kotti.security import map_principals_with_local_roles
from kotti.security import principals_with_local_roles
from kotti.security import set_groups
root = get_root()
child = root[u'child'] = Node()
DBSession.flush()
self.assertEqual(principals_with_local_roles(root), [])
self.assertEqual(principals_with_local_roles(child), [])
self.assertEqual(map_principals_with_local_roles(root), [])
self.assertEqual(map_principals_with_local_roles(child), [])
set_groups('group:bobsgroup', child, ['role:editor'])
set_groups('bob', root, ['group:bobsgroup'])
set_groups('group:franksgroup', root, ['role:editor'])
self.assertEqual(set(principals_with_local_roles(child)),
set(['bob', 'group:bobsgroup', 'group:franksgroup']))
self.assertEqual(
set(principals_with_local_roles(child, inherit=False)),
set(['group:bobsgroup']))
self.assertEqual(set(principals_with_local_roles(root)),
set(['bob', 'group:franksgroup']))
def share_node(context, request):
# Allow roles_form_handler to do processing on 'apply':
changed = roles_form_handler(
context, request, SHARING_ROLES, list_groups_raw)
if changed:
for (principal_name, context, groups) in changed:
set_groups(principal_name, context, groups)
return HTTPFound(location=request.url)
existing = map_principals_with_local_roles(context)
def with_roles(entry):
all_groups = entry[1][0]
return [g for g in all_groups if g.startswith('role:')]
existing = filter(with_roles, existing)
seen = set([entry[0].name for entry in existing])
# Allow search to take place and add some entries:
entries = existing + search_principals(request, context, ignore=seen)
available_roles = [ROLES[role_name] for role_name in SHARING_ROLES]
return {
'entries': entries,
'available_roles': available_roles,
}
def share_node(context, request):
# Allow roles_form_handler to do processing on 'apply':
if "apply" in request.POST:
if request.params.get(
"csrf_token") != request.session.get_csrf_token():
raise HTTPBadRequest("Invalid CSRF token")
changed = roles_form_handler(context, request, SHARING_ROLES,
list_groups_raw)
if changed:
for (principal_name, context, groups) in changed:
set_groups(principal_name, context, groups)
return HTTPFound(location=request.url)
existing = map_principals_with_local_roles(context)
def with_roles(entry):
all_groups = entry[1][0]
return len([g for g in all_groups if g.startswith("role:")]) > 0
existing = [e for e in filter(with_roles, existing)]
seen = {entry[0].name for entry in existing}
# Allow search to take place and add some entries:
entries = list(existing) + search_principals(request, context, ignore=seen)
available_roles = [ROLES[role_name] for role_name in SHARING_ROLES]
return {
"entries": entries,
"available_roles": available_roles,
"csrf_token": request.session.get_csrf_token(),
}
def share_node(context, request):
# Allow roles_form_handler to do processing on 'apply':
changed = roles_form_handler(context, request, SHARING_ROLES,
list_groups_raw)
if changed:
for (principal_name, context, groups) in changed:
set_groups(principal_name, context, groups)
return HTTPFound(location=request.url)
existing = map_principals_with_local_roles(context)
def with_roles(entry):
all_groups = entry[1][0]
return [g for g in all_groups if g.startswith('role:')]
existing = filter(with_roles, existing)
seen = set([entry[0].name for entry in existing])
# Allow search to take place and add some entries:
entries = existing + search_principals(request, context, ignore=seen)
available_roles = [ROLES[role_name] for role_name in SHARING_ROLES]
return {
'entries': entries,
'available_roles': available_roles,
}
def share_node(context, request):
# Allow roles_form_handler to do processing on 'apply':
if 'apply' in request.POST:
if request.params.get('csrf_token') != request.session.get_csrf_token():
raise HTTPBadRequest('Invalid CSRF token')
changed = roles_form_handler(
context, request, SHARING_ROLES, list_groups_raw)
if changed:
for (principal_name, context, groups) in changed:
set_groups(principal_name, context, groups)
return HTTPFound(location=request.url)
existing = map_principals_with_local_roles(context)
def with_roles(entry):
all_groups = entry[1][0]
return len([g for g in all_groups if g.startswith('role:')]) > 0
existing = [e for e in filter(with_roles, existing)]
seen = set([entry[0].name for entry in existing])
# Allow search to take place and add some entries:
entries = list(existing) + search_principals(request, context, ignore=seen)
available_roles = [ROLES[role_name] for role_name in SHARING_ROLES]
return {
'entries': entries,
'available_roles': available_roles,
'csrf_token': request.session.get_csrf_token()
}
def get_recepients(context, permission="state_change"):
"""
Get a list of principals that have the permission in context and a email.
:param context: Object for that the permission is needed.
:type context: :class:`kotti.resources.Node`
:param permission:
:type permission: str
:result: List of principals.
:rtype: set
"""
principal_db = get_principals()
recepients = []
for p in principals_allowed_by_permission(context, permission):
# set(['role:owner', 'role:editor'])
for principal in principal_db.search(groups=u'*%s*' % p).all():
recepients.append(principal)
for principal in map_principals_with_local_roles(context):
# [
# (
# <Principal u'disko'>,
# (
# [u'role:owner', u'group:admins', u'role:admin'],
# [u'role:owner', u'group:admins', u'role:admin']))]
if p in principal[1][0] or p in principal[1][1]:
recepients.append(principal[0])
return set([r for r in recepients if r.email])
def test_principals_with_local_roles(self):
session = DBSession()
root = get_root()
child = root[u'child'] = Node()
session.flush()
self.assertEqual(principals_with_local_roles(root), [])
self.assertEqual(principals_with_local_roles(child), [])
self.assertEqual(map_principals_with_local_roles(root), [])
self.assertEqual(map_principals_with_local_roles(child), [])
set_groups('group:bobsgroup', child, ['role:editor'])
set_groups('bob', root, ['group:bobsgroup'])
set_groups('group:franksgroup', root, ['role:editor'])
self.assertEqual(
set(principals_with_local_roles(child)),
set(['bob', 'group:bobsgroup', 'group:franksgroup']))
self.assertEqual(
set(principals_with_local_roles(root)),
set(['bob', 'group:franksgroup']))
