def test_acl_register_same_name(self): import ptah ptah.ACL('map', 'acl1') ptah.ACL('map', 'acl2') self.assertRaises(ConfigurationConflictError, self.init_ptah)
def test_acl_register(self): pmap = ptah.ACL('map', 'ACL', 'Map') self.init_ptah() self.assertTrue(pmap.id == 'map') self.assertTrue(pmap.title == 'ACL') self.assertTrue(pmap.description == 'Map') self.assertTrue(ptah.get_acls()['map'] is pmap)
def test_acl_unset_all(self): pmap = ptah.ACL('map', 'acl map') pmap.allow('role:test1', 'perm1', 'perm2') pmap.allow('role:test2', 'perm1') pmap.deny('role:test1', 'perm1', 'perm2') pmap.deny('role:test2', ALL_PERMISSIONS) pmap.unset(None, ALL_PERMISSIONS) self.assertEqual(len(pmap), 0)
def test_acl_deny_all(self): pmap = ptah.ACL('map', 'acl map') pmap.deny('role:test', 'perm1') pmap.deny('role:test', ALL_PERMISSIONS) pmap.deny('role:test', 'perm2') self.assertEqual(len(pmap), 1) self.assertEqual(pmap[0][0], Deny) self.assertEqual(pmap[0][1], 'role:test') self.assertEqual(pmap[0][2], ALL_PERMISSIONS)
def test_acl_deny(self): role = ptah.Role('test', 'test') pmap = ptah.ACL('map', 'acl map') pmap.deny(role, 'perm1') pmap.deny('role:test', 'perm2') self.assertEqual(len(pmap), 1) self.assertEqual(pmap[0][0], Deny) self.assertEqual(pmap[0][1], 'role:test') self.assertEqual(pmap[0][2], set(('perm2', 'perm1')))
def test_acl_allow_all(self): role = ptah.Role('test', 'test') pmap = ptah.ACL('map', 'acl map') pmap.allow(role, 'perm1') pmap.allow(role, ALL_PERMISSIONS) pmap.allow(role, 'perm2') self.assertEqual(len(pmap), 1) self.assertEqual(pmap[0][0], Allow) self.assertEqual(pmap[0][1], 'role:test') self.assertEqual(pmap[0][2], ALL_PERMISSIONS)
def test_acls(self): import ptah acl1 = ptah.ACL('acl1', 'acl1') acl1.allow('role1', 'perm1', 'perm2') acl2 = ptah.ACL('acl2', 'acl2') acl2.deny('role1', 'perm1', 'perm2') self.init_ptah() class Content(object): __acl__ = ptah.ACLsProperty() content = Content() self.assertEqual(content.__acl__, ()) content.__acls__ = () self.assertEqual(content.__acl__, ()) content.__acls__ = ('acl1', ) self.assertEqual( list(content.__acl__), [['Allow', 'role1', set(['perm2', 'perm1'])]]) content.__acls__ = ( 'acl1', 'acl2', ) self.assertEqual( list(content.__acl__), [['Allow', 'role1', set(['perm2', 'perm1'])], ['Deny', 'role1', set(['perm2', 'perm1'])]]) content.__acls__ = ('acl2', 'acl1') self.assertEqual( list(content.__acl__), [['Deny', 'role1', set(['perm2', 'perm1'])], ['Allow', 'role1', set(['perm2', 'perm1'])]])
def test_acl_unset_allow(self): role = ptah.Role('test', 'test') pmap = ptah.ACL('map', 'acl map') pmap.allow(role, 'perm1', 'perm2') pmap.allow('role:test2', 'perm1') pmap.unset(None, 'perm1') self.assertEqual(len(pmap), 1) self.assertEqual(pmap[0][0], Allow) self.assertEqual(pmap[0][1], 'role:test') self.assertEqual(pmap[0][2], set(('perm2', )))
def test_acl_order(self): pmap = ptah.ACL('map', 'acl map') pmap.deny('role:test', 'perm1') pmap.allow('role:test', 'perm2') pmap.allow('role:test2', 'perm2') pmap.deny('role:test2', 'perm2') self.assertEqual(pmap[0][0], Deny) self.assertEqual(pmap[0][1], 'role:test') self.assertEqual(pmap[1][0], Allow) self.assertEqual(pmap[1][1], 'role:test') self.assertEqual(pmap[2][0], Allow) self.assertEqual(pmap[2][1], 'role:test2') self.assertEqual(pmap[3][0], Deny) self.assertEqual(pmap[3][1], 'role:test2')
def test_acl_unset_role_all(self): pmap = ptah.ACL('map', 'acl map') pmap.allow('role:test1', 'perm2') pmap.allow('role:test2', 'perm1') pmap.deny('role:test1', 'perm1', 'perm2') pmap.deny('role:test2', ALL_PERMISSIONS) pmap.unset('role:test2', ALL_PERMISSIONS) self.assertEqual(len(pmap), 2) self.assertEqual(pmap[0][0], Allow) self.assertEqual(pmap[0][1], 'role:test1') self.assertEqual(pmap[0][2], set(('perm2', ))) self.assertEqual(pmap[1][0], Deny) self.assertEqual(pmap[1][1], 'role:test1') self.assertEqual(pmap[1][2], set(('perm1', 'perm2')))
def test_acl_unset_role_deny(self): import ptah role = ptah.Role('test', 'test') pmap = ptah.ACL('map', 'acl map') pmap.deny(role, 'perm1', 'perm2') pmap.deny('role:test2', 'perm1') pmap.unset(role.id, 'perm1') self.assertEqual(len(pmap), 2) self.assertEqual(pmap[0][0], Deny) self.assertEqual(pmap[0][1], 'role:test') self.assertEqual(pmap[0][2], set(('perm2', ))) self.assertEqual(pmap[1][0], Deny) self.assertEqual(pmap[1][1], 'role:test2') self.assertEqual(pmap[1][2], set(('perm1', )))
Editor = ptah.Role('editor', 'Editor') Editor.allow(ptah.cms.View, ptah.cms.ModifyContent) Manager = ptah.Role('manager', 'Manager') Manager.allow(ptah.cms.ALL_PERMISSIONS) ptah.Owner.allow(ptah.cms.DeleteContent) # permissions AddTheme = ptah.Permission('ploud:AddTheme', 'Add theme') AddThemeFile = ptah.Permission('ploud:AddFile', 'Add theme file') RetractTheme = ptah.Permission('ploud:RetractTheme', 'Retract theme') ManageGallery = ptah.Permission('ploud:ManageGallery', 'Manage gallery') # Gallery ACL GALLERY_ACL = ptah.ACL('ploud-themegallery', 'Ploud theme gallery ACL') GALLERY_ACL.allow(ptah.Everyone, ptah.cms.View) GALLERY_ACL.allow(ptah.Authenticated, AddTheme) GALLERY_ACL.allow(ptah.Authenticated, ptah.cms.View) GALLERY_ACL.allow(ptah.Owner, AddThemeFile) GALLERY_ACL.allow(ptah.Owner, ptah.cms.ModifyContent) GALLERY_ACL.allow(ptah.Owner, ptah.cms.DeleteContent) GALLERY_ACL.allow(Manager, ptah.cms.ALL_PERMISSIONS) # ACL for private state PRIVATE = ptah.ACL('ploud-private-theme', 'Private ploud theme') PRIVATE.allow(Manager, ptah.cms.ALL_PERMISSIONS) PRIVATE.allow(ptah.Owner, ptah.cms.View) PRIVATE.allow(ptah.Owner, ptah.cms.ModifyContent) PRIVATE.deny(ptah.Owner, RetractTheme) PRIVATE.deny(ptah.Everyone, ptah.cms.View)