def testItemACLs(self):
""" security: test item acls """
tests = [
# itemname, username, expected_rights
(self.mainitem_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']),
(self.mainitem_name, u'AnyUser', ['read']), # by after acl
(self.mainitem_name, u'JaneDoe', ['read', 'write']), # by item acl
(self.mainitem_name, u'JoeDoe', []), # by item acl
(self.subitem1_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']),
(self.subitem1_name, u'AnyUser', ['read']), # by after acl
(self.subitem1_name, u'JoeDoe', []), # by inherited acl from main item
(self.subitem1_name, u'JaneDoe', ['read', 'write']), # by inherited acl from main item
(self.subitem2_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']),
(self.subitem2_name, u'AnyUser', ['read']), # by after acl
(self.subitem2_name, u'JoeDoe', ['read']), # by after acl
(self.subitem2_name, u'JaneDoe', ['read']), # by after acl
(self.subitem_4boss, u'AnyUser', ['read']), # by after acl
(self.subitem_4boss, u'JoeDoe', ['read', 'write']), # by item acl
]
for itemname, username, may in tests:
u = User(auth_username=username)
u.valid = True
# User should have these rights...
for right in may:
can_access = getattr(u.may, right)(itemname)
assert can_access, "{0!r} may {1} {2!r} (hierarchic)".format(u.name, right, itemname)
# User should NOT have these rights:
mayNot = [right for right in app.cfg.acl_rights_contents
if right not in may]
for right in mayNot:
can_access = getattr(u.may, right)(itemname)
assert not can_access, "{0!r} may not {1} {2!r} (hierarchic)".format(u.name, right, itemname)
def testItemACLs(self):
""" security: test item acls """
tests = [
# itemname, username, expected_rights
(self.mainitem_name, u"WikiAdmin", ["read", "write", "admin", "create", "destroy"]),
(self.mainitem_name, u"AnyUser", ["read"]), # by after acl
(self.mainitem_name, u"JaneDoe", ["read", "write"]), # by item acl
(self.mainitem_name, u"JoeDoe", []), # by item acl
(self.subitem1_name, u"WikiAdmin", ["read", "write", "admin", "create", "destroy"]),
(self.subitem1_name, u"AnyUser", ["read"]), # by after acl
(self.subitem1_name, u"JoeDoe", []), # by inherited acl from main item
(self.subitem1_name, u"JaneDoe", ["read", "write"]), # by inherited acl from main item
(self.subitem2_name, u"WikiAdmin", ["read", "write", "admin", "create", "destroy"]),
(self.subitem2_name, u"AnyUser", ["read"]), # by after acl
(self.subitem2_name, u"JoeDoe", ["read"]), # by after acl
(self.subitem2_name, u"JaneDoe", ["read"]), # by after acl
(self.subitem_4boss, u"AnyUser", ["read"]), # by after acl
(self.subitem_4boss, u"JoeDoe", ["read", "write"]), # by item acl
]
for itemname, username, may in tests:
u = User(auth_username=username)
u.valid = True
# User should have these rights...
for right in may:
can_access = getattr(u.may, right)(itemname)
assert can_access, "{0!r} may {1} {2!r} (hierarchic)".format(u.name, right, itemname)
# User should NOT have these rights:
mayNot = [right for right in app.cfg.acl_rights_contents if right not in may]
for right in mayNot:
can_access = getattr(u.may, right)(itemname)
assert not can_access, "{0!r} may not {1} {2!r} (hierarchic)".format(u.name, right, itemname)
def testPageACLs(self):
""" security: test page acls """
tests = [
# hierarchic, pagename, username, expected_rights
(False, self.mainpage_name, u'WikiAdmin', ['read', 'write', 'admin', 'revert', 'delete']),
(True, self.mainpage_name, u'WikiAdmin', ['read', 'write', 'admin', 'revert', 'delete']),
(False, self.mainpage_name, u'AnyUser', ['read']), # by after acl
(True, self.mainpage_name, u'AnyUser', ['read']), # by after acl
(False, self.mainpage_name, u'JaneDoe', ['read', 'write']), # by page acl
(True, self.mainpage_name, u'JaneDoe', ['read', 'write']), # by page acl
(False, self.mainpage_name, u'JoeDoe', []), # by page acl
(True, self.mainpage_name, u'JoeDoe', []), # by page acl
(False, self.subpage_name, u'WikiAdmin', ['read', 'write', 'admin', 'revert', 'delete']),
(True, self.subpage_name, u'WikiAdmin', ['read', 'write', 'admin', 'revert', 'delete']),
(False, self.subpage_name, u'AnyUser', ['read', 'write']), # by default acl
(True, self.subpage_name, u'AnyUser', ['read']), # by after acl
(False, self.subpage_name, u'JoeDoe', ['read', 'write']), # by default acl
(True, self.subpage_name, u'JoeDoe', []), # by inherited acl from main page
(False, self.subpage_name, u'JaneDoe', ['read', 'write']), # by default acl
(True, self.subpage_name, u'JaneDoe', ['read', 'write']), # by inherited acl from main page
(True, self.subitem_4boss, u'AnyUser', ['read']), # by after acl
(True, self.subitem_4boss, u'JoeDoe', ['read', 'write']), # by item acl
]
for hierarchic, pagename, username, may in tests:
u = User(self.request, auth_username=username)
u.valid = True
def _have_right(u, right, pagename, hierarchic):
self.request.cfg.acl_hierarchic = hierarchic
can_access = u.may.__getattr__(right)(pagename)
if can_access:
print "page %s: %s test if %s may %s (success)" % (
pagename, ['normal', 'hierarchic'][hierarchic], username, right)
else:
print "page %s: %s test if %s may %s (failure)" % (
pagename, ['normal', 'hierarchic'][hierarchic], username, right)
assert can_access
# User should have these rights...
for right in may:
yield _have_right, u, right, pagename, hierarchic
def _not_have_right(u, right, pagename, hierarchic):
self.request.cfg.acl_hierarchic = hierarchic
can_access = u.may.__getattr__(right)(pagename)
if can_access:
print "page %s: %s test if %s may not %s (failure)" % (
pagename, ['normal', 'hierarchic'][hierarchic], username, right)
else:
print "page %s: %s test if %s may not %s (success)" % (
pagename, ['normal', 'hierarchic'][hierarchic], username, right)
assert not can_access
# User should NOT have these rights:
mayNot = [right for right in self.request.cfg.acl_rights_valid
if right not in may]
for right in mayNot:
yield _not_have_right, u, right, pagename, hierarchic
def request(self, request, user_obj, **kw):
user = request.env.get('repoze.who.identity', {}).get('user', None)
if user:
user = User(
request, auth_username=user.uid,
auth_method=self.name,
auth_attribs=('name', 'aliasname', 'email', 'password'))
#user.may = PlonePermissions(user)
user.language = 'es'
user.valid = 1
return user, True
return user_obj, True
def testItemACLs(self):
""" security: test item acls """
tests = [
# itemname, username, expected_rights
(self.mainitem_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']),
(self.mainitem_name, u'AnyUser', ['read']), # by after acl
(self.mainitem_name, u'JaneDoe', ['read', 'write']), # by item acl
(self.mainitem_name, u'JoeDoe', []), # by item acl
(self.subitem1_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']),
(self.subitem1_name, u'AnyUser', ['read', 'write']), # by default acl
(self.subitem1_name, u'JoeDoe', ['read', 'write']), # by default acl
(self.subitem1_name, u'JaneDoe', ['read', 'write']), # by default acl
(self.subitem2_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']),
(self.subitem2_name, u'AnyUser', ['read']), # by after acl
(self.subitem2_name, u'JoeDoe', ['read']), # by after acl
(self.subitem2_name, u'JaneDoe', ['read']), # by after acl
]
for itemname, username, may in tests:
u = User(auth_username=username)
u.valid = True
def _have_right(u, right, itemname):
can_access = getattr(u.may, right)(itemname)
assert can_access, "{0!r} may {1} {2!r} (normal)".format(u.name, right, itemname)
# User should have these rights...
for right in may:
yield _have_right, u, right, itemname
def _not_have_right(u, right, itemname):
can_access = getattr(u.may, right)(itemname)
assert not can_access, "{0!r} may not {1} {2!r} (normal)".format(u.name, right, itemname)
# User should NOT have these rights:
mayNot = [right for right in app.cfg.acl_rights_contents
if right not in may]
for right in mayNot:
yield _not_have_right, u, right, itemname
# check function rights
u = User(auth_username='******')
assert u.may.superuser()
u = User(auth_username='******')
assert u.may.notextcha()
u = User(auth_username='******')
assert not u.may.superuser()
assert not u.may.notextcha()
def testItemACLs(self):
""" security: test item acls """
tests = [
# itemname, username, expected_rights
(self.p1, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl
(self.p2, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl
(self.c1, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl
(self.c2, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl
(self.c12, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl
(self.p1, u'Editor', []), # by p1 acl
(self.c1, u'Editor', []), # by p1 acl
(self.p1, u'SomeOne', ['read']), # by after acl
(self.c1, u'SomeOne', ['read']), # by after acl
(self.p2, u'Editor', ['read', 'write']), # by default acl
(self.c2, u'Editor', ['read', 'write']), # by default acl
(self.p2, u'SomeOne', ['read']), # by after acl
(self.c2, u'SomeOne', ['read']), # by after acl
(self.c12, u'SomeOne', ['read']), # by after acl
# now check the rather special stuff:
(self.c12, u'Editor', ['read', 'write']), # disallowed via p1, but allowed via p2 via default acl
]
for itemnames, username, may in tests:
u = User(auth_username=username)
u.valid = True
itemname = itemnames[0]
def _have_right(u, right, itemname):
can_access = getattr(u.may, right)(itemname)
assert can_access, "{0!r} may {1} {2!r} (hierarchic)".format(u.name, right, itemname)
# User should have these rights...
for right in may:
yield _have_right, u, right, itemname
def _not_have_right(u, right, itemname):
can_access = getattr(u.may, right)(itemname)
assert not can_access, "{0!r} may not {1} {2!r} (hierarchic)".format(u.name, right, itemname)
# User should NOT have these rights:
mayNot = [right for right in app.cfg.acl_rights_contents
if right not in may]
for right in mayNot:
yield _not_have_right, u, right, itemname
def testItemACLs(self):
""" security: test item acls """
tests = [
# itemname, username, expected_rights
(self.mainitem_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']),
(self.mainitem_name, u'AnyUser', ['read']), # by after acl
(self.mainitem_name, u'JaneDoe', ['read', 'write']), # by item acl
(self.mainitem_name, u'JoeDoe', []), # by item acl
(self.subitem1_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']),
(self.subitem1_name, u'AnyUser', ['read']), # by after acl
(self.subitem1_name, u'JoeDoe', []), # by inherited acl from main item
(self.subitem1_name, u'JaneDoe', ['read', 'write']), # by inherited acl from main item
(self.subitem2_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']),
(self.subitem2_name, u'AnyUser', ['read']), # by after acl
(self.subitem2_name, u'JoeDoe', ['read']), # by after acl
(self.subitem2_name, u'JaneDoe', ['read']), # by after acl
(self.subitem_4boss, u'AnyUser', ['read']), # by after acl
(self.subitem_4boss, u'JoeDoe', ['read', 'write']), # by item acl
]
for itemname, username, may in tests:
u = User(auth_username=username)
u.valid = True
def _have_right(u, right, itemname):
flaskg.user = u
can_access = getattr(u.may, right)(itemname)
assert can_access, "%r may %s %r (hierarchic)" % (u.name, right, itemname)
# User should have these rights...
for right in may:
yield _have_right, u, right, itemname
def _not_have_right(u, right, itemname):
flaskg.user = u
can_access = getattr(u.may, right)(itemname)
assert not can_access, "%r may not %s %r (hierarchic)" % (u.name, right, itemname)
# User should NOT have these rights:
mayNot = [right for right in app.cfg.acl_rights_valid
if right not in may]
for right in mayNot:
yield _not_have_right, u, right, itemname
def testItemACLs(self):
""" security: test item acls """
tests = [
# itemname, username, expected_rights
(self.mainitem_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']),
(self.mainitem_name, u'AnyUser', ['read']), # by after acl
(self.mainitem_name, u'JaneDoe', ['read', 'write']), # by item acl
(self.mainitem_name, u'JoeDoe', []), # by item acl
(self.subitem1_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']),
(self.subitem1_name, u'AnyUser', ['read']), # by after acl
(self.subitem1_name, u'JoeDoe', []), # by inherited acl from main item
(self.subitem1_name, u'JaneDoe', ['read', 'write']), # by inherited acl from main item
(self.subitem2_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']),
(self.subitem2_name, u'AnyUser', ['read']), # by after acl
(self.subitem2_name, u'JoeDoe', ['read']), # by after acl
(self.subitem2_name, u'JaneDoe', ['read']), # by after acl
(self.subitem_4boss, u'AnyUser', ['read']), # by after acl
(self.subitem_4boss, u'JoeDoe', ['read', 'write']), # by item acl
]
for itemname, username, may in tests:
u = User(auth_username=username)
u.valid = True
def _have_right(u, right, itemname):
can_access = getattr(u.may, right)(itemname)
assert can_access, "{0!r} may {1} {2!r} (hierarchic)".format(u.name, right, itemname)
# User should have these rights...
for right in may:
yield _have_right, u, right, itemname
def _not_have_right(u, right, itemname):
can_access = getattr(u.may, right)(itemname)
assert not can_access, "{0!r} may not {1} {2!r} (hierarchic)".format(u.name, right, itemname)
# User should NOT have these rights:
mayNot = [right for right in app.cfg.acl_rights_contents
if right not in may]
for right in mayNot:
yield _not_have_right, u, right, itemname
def test_ItemACLs(self):
""" security: test item acls """
tests = [
# itemname, username, expected_rights
(self.mainitem_name, u"WikiAdmin", ["read", "write", "admin", "create", "destroy"]),
(self.mainitem_name, u"AnyUser", ["read"]), # by after acl
(self.mainitem_name, u"JaneDoe", ["read", "write"]), # by item acl
(self.mainitem_name, u"JoeDoe", []), # by item acl
(self.subitem1_name, u"WikiAdmin", ["read", "write", "admin", "create", "destroy"]),
(self.subitem1_name, u"AnyUser", ["read", "write"]), # by default acl
(self.subitem1_name, u"JoeDoe", ["read", "write"]), # by default acl
(self.subitem1_name, u"JaneDoe", ["read", "write"]), # by default acl
(self.subitem2_name, u"WikiAdmin", ["read", "write", "admin", "create", "destroy"]),
(self.subitem2_name, u"AnyUser", ["read"]), # by after acl
(self.subitem2_name, u"JoeDoe", ["read"]), # by after acl
(self.subitem2_name, u"JaneDoe", ["read"]), # by after acl
]
for itemname, username, may in tests:
u = User(auth_username=username)
u.valid = True
# User should have these rights...
for right in may:
can_access = getattr(u.may, right)(itemname)
assert can_access, "{0!r} may {1} {2!r} (normal)".format(u.name, right, itemname)
# User should NOT have these rights:
mayNot = [right for right in app.cfg.acl_rights_contents if right not in may]
for right in mayNot:
can_access = getattr(u.may, right)(itemname)
assert not can_access, "{0!r} may not {1} {2!r} (normal)".format(u.name, right, itemname)
# check function rights
u = User(auth_username="******")
assert u.may.superuser()
u = User(auth_username="******")
assert u.may.notextcha()
u = User(auth_username="******")
assert not u.may.superuser()
assert not u.may.notextcha()
def test_ItemACLs(self):
""" security: test item acls """
tests = [
# itemname, username, expected_rights
(self.mainitem_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']),
(self.mainitem_name, u'AnyUser', ['read']), # by after acl
(self.mainitem_name, u'JaneDoe', ['read', 'write']), # by item acl
(self.mainitem_name, u'JoeDoe', []), # by item acl
(self.subitem1_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']),
(self.subitem1_name, u'AnyUser', ['read', 'write']), # by default acl
(self.subitem1_name, u'JoeDoe', ['read', 'write']), # by default acl
(self.subitem1_name, u'JaneDoe', ['read', 'write']), # by default acl
(self.subitem2_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']),
(self.subitem2_name, u'AnyUser', ['read']), # by after acl
(self.subitem2_name, u'JoeDoe', ['read']), # by after acl
(self.subitem2_name, u'JaneDoe', ['read']), # by after acl
]
for itemname, username, may in tests:
u = User(auth_username=username)
u.valid = True
# User should have these rights...
for right in may:
can_access = getattr(u.may, right)(itemname)
assert can_access, "{0!r} may {1} {2!r} (normal)".format(u.name, right, itemname)
# User should NOT have these rights:
mayNot = [right for right in app.cfg.acl_rights_contents if right not in may]
for right in mayNot:
can_access = getattr(u.may, right)(itemname)
assert not can_access, "{0!r} may not {1} {2!r} (normal)".format(u.name, right, itemname)
# check function rights
u = User(auth_username='******')
assert u.may.superuser()
u = User(auth_username='******')
assert u.may.notextcha()
u = User(auth_username='******')
assert not u.may.superuser()
assert not u.may.notextcha()
def testItemACLs(self):
""" security: test item acls """
tests = [
# itemname, username, expected_rights
(self.p1, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl
(self.p2, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl
(self.c1, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl
(self.c2, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl
(self.c12, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl
(self.p1, u'Editor', []), # by p1 acl
(self.c1, u'Editor', []), # by p1 acl
(self.p1, u'SomeOne', ['read']), # by after acl
(self.c1, u'SomeOne', ['read']), # by after acl
(self.p2, u'Editor', ['read', 'write']), # by default acl
(self.c2, u'Editor', ['read', 'write']), # by default acl
(self.p2, u'SomeOne', ['read']), # by after acl
(self.c2, u'SomeOne', ['read']), # by after acl
(self.c12, u'SomeOne', ['read']), # by after acl
# now check the rather special stuff:
(self.c12, u'Editor', ['read', 'write']), # disallowed via p1, but allowed via p2 via default acl
]
for itemnames, username, may in tests:
u = User(auth_username=username)
u.valid = True
itemname = itemnames[0]
# User should have these rights...
for right in may:
can_access = getattr(u.may, right)(itemname)
assert can_access, "{0!r} may {1} {2!r} (hierarchic)".format(u.name, right, itemname)
# User should NOT have these rights:
mayNot = [right for right in app.cfg.acl_rights_contents
if right not in may]
for right in mayNot:
can_access = getattr(u.may, right)(itemname)
assert not can_access, "{0!r} may not {1} {2!r} (hierarchic)".format(u.name, right, itemname)
