Example #1
0
 def setUp(self):
     self.env = EnvironmentStub(enable=('trac.attachment.*', 'trac.perm.*',
                                        ResourceManagerStub),
                                path=mkdtemp())
     self.env.config.set('trac', 'permission_policies',
                         'DefaultPermissionPolicy,LegacyAttachmentPolicy')
     self.policy = LegacyAttachmentPolicy(self.env)
Example #2
0
class LegacyAttachmentPolicyTestCase(unittest.TestCase):
    def setUp(self):
        self.env = EnvironmentStub(enable=('trac.attachment.*', 'trac.perm.*',
                                           ResourceManagerStub),
                                   path=mkdtemp())
        self.env.config.set('trac', 'permission_policies',
                            'DefaultPermissionPolicy,LegacyAttachmentPolicy')
        self.policy = LegacyAttachmentPolicy(self.env)

    def tearDown(self):
        self.env.reset_db_and_disk()

    def _insert_attachment(self, author):
        parent_resource = Resource('parent_realm', 'parent_id')
        att = Attachment(self.env, 'parent_realm', 'parent_id')
        att.author = author
        att.insert('file.txt', io.BytesIO(), 1)
        return Resource('attachment', 'file.txt', parent=parent_resource)

    def test_authenticated_can_delete_own_attachments(self):
        """Authenticated user can delete their own attachments."""
        resource = self._insert_attachment(author='user1')
        perm_cache = PermissionCache(self.env, 'user1', resource)
        action = 'ATTACHMENT_DELETE'

        self.assertIn(action, perm_cache)
        self.assertTrue(
            self.policy.check_permission(action, perm_cache.username, resource,
                                         perm_cache))

    def test_authenticated_cannot_delete_other_attachments(self):
        """Authenticated user cannot delete other attachments."""
        resource = self._insert_attachment(author='user1')
        perm_cache = PermissionCache(self.env, 'user2', resource)
        action = 'ATTACHMENT_DELETE'

        self.assertNotIn(action, perm_cache)
        self.assertIsNone(
            self.policy.check_permission(action, perm_cache.username, resource,
                                         perm_cache))

    def test_anonymous_cannot_delete_attachments(self):
        """Anonymous user cannot delete attachments."""
        resource = self._insert_attachment(author='anonymous')
        perm_cache = PermissionCache(self.env, 'anonymous', resource)
        action = 'ATTACHMENT_DELETE'

        self.assertNotIn(action, perm_cache)
        self.assertIsNone(
            self.policy.check_permission(action, perm_cache.username, resource,
                                         perm_cache))