def setUp(self): self.authz = AuthorizationPolicy() self.authz.get_bound_permissions = mock.sentinel.get_bound_perms self.request = DummyRequest(method='GET') self.context = RouteFactory(self.request) self.context.on_collection = True self.context.check_permission = mock.Mock(return_value=False)
def setUp(self): self.authz = AuthorizationPolicy() self.authz.get_bound_permissions = mock.sentinel.get_bound_perms self.context = mock.MagicMock() self.context.get_prefixed_userid.return_value = None self.context.allowed_principals = [] self.context.object_id = mock.sentinel.object_id self.context.required_permission = 'read' self.principals = [] self.permission = 'dynamic'
def setUp(self): self.authz = AuthorizationPolicy() self.authz.get_bound_permissions = mock.sentinel.get_bound_perms self.context = mock.MagicMock() self.context.object_id = mock.sentinel.object_id self.context.required_permission = 'read' self.principals = mock.sentinel.principals self.permission = 'dynamic'
class GuestAuthorizationPolicyTest(unittest.TestCase): def setUp(self): self.authz = AuthorizationPolicy() self.authz.get_bound_permissions = mock.sentinel.get_bound_perms self.request = DummyRequest(method='GET') self.context = RouteFactory(self.request) self.context.on_collection = True self.context.check_permission = mock.Mock(return_value=False) def test_permits_returns_true_if_collection_and_shared_records(self): self.context.fetch_shared_records = mock.MagicMock(return_value=[ 'record1', 'record2']) allowed = self.authz.permits(self.context, ['userid'], 'dynamic') self.context.fetch_shared_records.assert_called_with( 'read', ['userid', 'basicauth:bob', 'basicauth_bob'], get_bound_permissions=mock.sentinel.get_bound_perms) self.assertTrue(allowed) def test_permits_does_not_return_true_if_not_collection(self): self.context.on_collection = False allowed = self.authz.permits(self.context, ['userid'], 'dynamic') self.assertFalse(allowed) def test_permits_does_not_return_true_if_not_list_operation(self): self.context.required_permission = 'create' allowed = self.authz.permits(self.context, ['userid'], 'dynamic') self.assertFalse(allowed) allowed = self.authz.permits(self.context, ['userid'], 'create') self.assertFalse(allowed) def test_permits_returns_false_if_collection_is_unknown(self): self.context.fetch_shared_records = mock.MagicMock(return_value=[]) allowed = self.authz.permits(self.context, ['userid'], 'dynamic') self.context.fetch_shared_records.assert_called_with( 'read', ['userid', 'basicauth:bob', 'basicauth_bob'], get_bound_permissions=mock.sentinel.get_bound_perms) self.assertFalse(allowed)
class GuestAuthorizationPolicyTest(unittest.TestCase): def setUp(self): self.authz = AuthorizationPolicy() self.authz.get_bound_permissions = mock.sentinel.get_bound_perms self.request = DummyRequest(method='GET') self.context = RouteFactory(self.request) self.context.on_collection = True self.context.check_permission = mock.Mock(return_value=False) def test_permits_returns_true_if_collection_and_shared_records(self): self.context.fetch_shared_records = mock.MagicMock(return_value=[ 'record1', 'record2']) allowed = self.authz.permits(self.context, ['userid'], 'dynamic') self.context.fetch_shared_records.assert_called_with( 'read', ['userid'], get_bound_permissions=mock.sentinel.get_bound_perms) self.assertTrue(allowed) def test_permits_does_not_return_true_if_not_collection(self): self.context.on_collection = False allowed = self.authz.permits(self.context, ['userid'], 'dynamic') self.assertFalse(allowed) def test_permits_does_not_return_true_if_not_list_operation(self): self.context.required_permission = 'create' allowed = self.authz.permits(self.context, ['userid'], 'dynamic') self.assertFalse(allowed) allowed = self.authz.permits(self.context, ['userid'], 'create') self.assertFalse(allowed) def test_permits_returns_false_if_collection_is_unknown(self): self.context.fetch_shared_records = mock.MagicMock(return_value=[]) allowed = self.authz.permits(self.context, ['userid'], 'dynamic') self.context.fetch_shared_records.assert_called_with( 'read', ['userid'], get_bound_permissions=mock.sentinel.get_bound_perms) self.assertFalse(allowed)
class AuthorizationPolicyTest(unittest.TestCase): def setUp(self): self.authz = AuthorizationPolicy() self.authz.get_bound_permissions = mock.sentinel.get_bound_perms self.context = mock.MagicMock() self.context.object_id = mock.sentinel.object_id self.context.required_permission = 'read' self.principals = mock.sentinel.principals self.permission = 'dynamic' def test_permits_refers_to_context_to_check_permissions(self): self.context.check_permission.return_value = True allowed = self.authz.permits(self.context, self.principals, 'dynamic') self.assertTrue(allowed) def test_permits_reads_the_context_when_permission_is_dynamic(self): self.authz.permits(self.context, self.principals, 'dynamic') self.context.check_permission.assert_called_with( 'read', mock.sentinel.principals, get_bound_permissions=mock.sentinel.get_bound_perms) def test_permits_consider_permission_when_not_dynamic(self): self.authz.permits(self.context, self.principals, 'foobar') self.context.check_permission.assert_called_with( 'foobar', mock.sentinel.principals, get_bound_permissions=mock.sentinel.get_bound_perms) def test_permits_prepend_obj_type_to_permission_on_create(self): self.context.required_permission = 'create' self.context.resource_name = 'record' self.authz.permits(self.context, self.principals, 'dynamic') self.context.check_permission.assert_called_with( 'record:create', mock.sentinel.principals, get_bound_permissions=mock.sentinel.get_bound_perms)
class AuthorizationPolicyTest(unittest.TestCase): def setUp(self): self.authz = AuthorizationPolicy() self.authz.get_bound_permissions = mock.sentinel.get_bound_perms self.context = mock.MagicMock() self.context.prefixed_userid = None self.context.allowed_principals = [] self.context.object_id = mock.sentinel.object_id self.context.required_permission = 'read' self.principals = [] self.permission = 'dynamic' def test_permits_does_not_refer_to_context_if_permission_is_private(self): self.assertFalse(self.authz.permits(None, [], 'private')) def test_permits_return_if_authenticated_when_permission_is_private(self): self.assertTrue(self.authz.permits(None, ['system.Authenticated'], 'private')) def test_permits_refers_to_context_to_check_permissions(self): self.context.check_permission.return_value = True allowed = self.authz.permits(self.context, self.principals, 'dynamic') self.assertTrue(allowed) def test_permits_refers_to_context_to_check_permission_principals(self): self.context.check_permission.return_value = False self.context.allowed_principals = ['fxa:user'] allowed = self.authz.permits( self.context, ['fxa:user', 'system.Authenticated'], 'dynamic') self.assertTrue(allowed) def test_permits_reads_the_context_when_permission_is_dynamic(self): self.authz.permits(self.context, self.principals, 'dynamic') self.context.check_permission.assert_called_with( 'read', self.principals, get_bound_permissions=mock.sentinel.get_bound_perms) def test_permits_consider_permission_when_not_dynamic(self): self.authz.permits(self.context, self.principals, 'foobar') self.context.check_permission.assert_called_with( 'foobar', self.principals, get_bound_permissions=mock.sentinel.get_bound_perms) def test_permits_prepend_obj_type_to_permission_on_create(self): self.context.required_permission = 'create' self.context.resource_name = 'record' self.authz.permits(self.context, self.principals, 'dynamic') self.context.check_permission.assert_called_with( 'record:create', self.principals, get_bound_permissions=mock.sentinel.get_bound_perms) def test_permits_takes_route_factory_allowed_principals_into_account(self): self.context.resource_name = 'record' self.context.required_permission = 'create' self.context.allowed_principals = ['fxa:user'] has_permission = self.authz.permits( self.context, ['fxa:user'], 'dynamic') self.context.check_permission.assert_not_called() self.assertTrue(has_permission) def test_prefixed_userid_is_added_to_principals(self): self.context.prefixed_userid = 'fxa:userid' self.authz.permits(self.context, self.principals, 'foobar') self.context.check_permission.assert_called_with( 'foobar', self.principals + ['fxa:userid', 'fxa_userid'], get_bound_permissions=mock.sentinel.get_bound_perms) def test_unprefixed_userid_is_removed_from_principals(self): self.context.prefixed_userid = 'fxa:userid' self.authz.permits(self.context, ['userid'], 'foobar') self.context.check_permission.assert_called_with( 'foobar', ['fxa:userid', 'fxa_userid'], get_bound_permissions=mock.sentinel.get_bound_perms)
class AuthorizationPolicyTest(unittest.TestCase): def setUp(self): self.authz = AuthorizationPolicy() self.authz.get_bound_permissions = mock.sentinel.get_bound_perms self.context = mock.MagicMock() self.context.get_prefixed_userid.return_value = None self.context.allowed_principals = [] self.context.object_id = mock.sentinel.object_id self.context.required_permission = 'read' self.principals = [] self.permission = 'dynamic' def test_permits_does_not_refer_to_context_if_permission_is_private(self): self.assertFalse(self.authz.permits(None, [], 'private')) def test_permits_return_if_authenticated_when_permission_is_private(self): self.assertTrue(self.authz.permits(None, ['system.Authenticated'], 'private')) def test_permits_refers_to_context_to_check_permissions(self): self.context.check_permission.return_value = True allowed = self.authz.permits(self.context, self.principals, 'dynamic') self.assertTrue(allowed) def test_permits_refers_to_context_to_check_permission_principals(self): self.context.check_permission.return_value = False self.context.allowed_principals = ['fxa:user'] allowed = self.authz.permits( self.context, ['fxa:user', 'system.Authenticated'], 'dynamic') self.assertTrue(allowed) def test_permits_reads_the_context_when_permission_is_dynamic(self): self.authz.permits(self.context, self.principals, 'dynamic') self.context.check_permission.assert_called_with( 'read', self.principals, get_bound_permissions=mock.sentinel.get_bound_perms) def test_permits_consider_permission_when_not_dynamic(self): self.authz.permits(self.context, self.principals, 'foobar') self.context.check_permission.assert_called_with( 'foobar', self.principals, get_bound_permissions=mock.sentinel.get_bound_perms) def test_permits_prepend_obj_type_to_permission_on_create(self): self.context.required_permission = 'create' self.context.resource_name = 'record' self.authz.permits(self.context, self.principals, 'dynamic') self.context.check_permission.assert_called_with( 'record:create', self.principals, get_bound_permissions=mock.sentinel.get_bound_perms) def test_permits_takes_route_factory_allowed_principals_into_account(self): self.context.resource_name = 'record' self.context.required_permission = 'create' self.context.allowed_principals = ['fxa:user'] has_permission = self.authz.permits( self.context, ['fxa:user'], 'dynamic') self.context.check_permission.assert_not_called() self.assertTrue(has_permission) def test_prefixed_userid_is_added_to_principals(self): self.context.get_prefixed_userid.return_value = 'fxa:userid' self.authz.permits(self.context, self.principals, 'foobar') self.context.check_permission.assert_called_with( 'foobar', self.principals + ['fxa:userid', 'fxa_userid'], get_bound_permissions=mock.sentinel.get_bound_perms) def test_unprefixed_userid_is_removed_from_principals(self): self.context.get_prefixed_userid.return_value = 'fxa:userid' self.authz.permits(self.context, ['userid'], 'foobar') self.context.check_permission.assert_called_with( 'foobar', ['fxa:userid', 'fxa_userid'], get_bound_permissions=mock.sentinel.get_bound_perms)