def get_user_permissions(self, user_id, user_uri):
"""
Get a user permissions record (AnnalistUser).
To return a value, both the user_id and the user_uri (typically a mailto: URI, but
may be any *authenticated* identifier) must match. This is to prevent access to
records of a deleted account being granted to a new account created with the
same user_id (username).
user_id local identifier for the type to retrieve.
user_uri authenticated identifier associated with the user_id. That is,
the authentication service used is presumed to confirm that
the identifier belongs to the user currently logged in with
the supplied username.
returns an AnnalistUser object for the identified user, or None. This object contains
information about permissions granted to the user in the current collection.
"""
user = AnnalistUser.load(self, user_id, altparent=self._parentsite)
log.debug(
"Collection.get_user_permissions: user_id %s, user_uri %s, user %r"
% (user_id, user_uri, user))
if user:
for f in [
RDFS.CURIE.label, RDFS.CURIE.comment, ANNAL.CURIE.user_uri,
ANNAL.CURIE.user_permissions
]:
if f not in user:
user = None
break
if user and user[ANNAL.CURIE.user_uri] != user_uri:
user = None # URI mismatch: return None.
return user
def get_user_permissions(self, user_id, user_uri):
"""
Get a user permissions record (AnnalistUser).
To return a value, both the user_id and the user_uri (typically a mailto: URI, but
may be any *authenticated* identifier) must match. This is to prevent access to
records of a deleted account being granted to a new account created with the
same user_id (username).
user_id local identifier for the type to retrieve.
user_uri authenticated identifier associated with the user_id. That is,
the authentication service used is presumed to confirm that
the identifier belongs to the user currently logged in with
the supplied username.
returns an AnnalistUser object for the identified user, or None. This object contains
information about permissions granted to the user in the current collection.
"""
user = AnnalistUser.load(self, user_id, altscope="user")
# log.debug("Collection.get_user_permissions: user_id %s, user_uri %s, user %r"%
# (user_id, user_uri, user)
# )
if user:
for f in [RDFS.CURIE.label, RDFS.CURIE.comment, ANNAL.CURIE.user_uri, ANNAL.CURIE.user_permission]:
if f not in user:
user = None
break
if user and user[ANNAL.CURIE.user_uri] != user_uri:
user = None # URI mismatch: return None.
return user
def test_annalistuser_create_load(self):
usr = AnnalistUser.create(self.testcoll, "user1",
annalistuser_create_values(user_id="user1"))
uld = AnnalistUser.load(self.testcoll, "user1").get_values()
ued = annalistuser_read_values(user_id="user1")
self.assertKeysMatch(uld, ued)
self.assertDictionaryMatch(uld, ued)
return
def test_annalistuser_create_load(self):
usr = AnnalistUser.create(
self.testcoll, "user1", annalistuser_create_values(user_id="user1")
)
uld = AnnalistUser.load(self.testcoll, "user1").get_values()
ued = annalistuser_read_values(user_id="user1")
self.assertKeysMatch(ued, uld)
self.assertDictionaryMatch(ued, uld)
return
def _check_annalist_user_values(self, user_id, user_permissions):
"Helper function checks content of annalist user entry with supplied user_id"
self.assertTrue(AnnalistUser.exists(self.testcoll, user_id))
t = AnnalistUser.load(self.testcoll, user_id)
self.assertEqual(t.get_id(), user_id)
self.assertEqual(t.get_view_url_path(), annalistuser_url("testcoll", user_id))
v = annalistuser_values(
coll_id="testcoll", user_id=user_id,
user_name="User %s"%user_id,
user_uri="mailto:%[email protected]"%user_id,
user_permissions=user_permissions
)
self.assertDictionaryMatch(t.get_values(), v)
return t
def _check_annalist_user_values(self, user_id, user_permissions):
"Helper function checks content of annalist user entry with supplied user_id"
self.assertTrue(AnnalistUser.exists(self.testcoll, user_id))
t = AnnalistUser.load(self.testcoll, user_id)
self.assertEqual(t.get_id(), user_id)
self.assertEqual(t.get_view_url_path(),
annalistuser_url("testcoll", user_id))
v = annalistuser_values(coll_id="testcoll",
user_id=user_id,
user_name="User %s" % user_id,
user_uri="mailto:%[email protected]" % user_id,
user_permissions=user_permissions)
self.assertDictionaryMatch(t.get_values(), v)
return t
def test_alt_parent_inherit_user(self):
# Test inheritance of "user" scope definitions
coll_id = "newcoll"
newcoll = Collection.create(self.testsite, coll_id, collection_create_values(coll_id))
user1 = AnnalistUser.create(self.testcoll, "user1", annalistuser_create_values(user_id="user1"))
user2 = AnnalistUser.create(newcoll, "user2", annalistuser_create_values(user_id="user2"))
altparents = newcoll.set_alt_entities(self.testcoll)
parentids = [ p.get_id() for p in altparents ]
self.assertEqual(parentids, ["newcoll", "testcoll", layout.SITEDATA_ID])
self.assertFalse(AnnalistUser.exists(newcoll, "user1", altscope="user"))
self.assertTrue(AnnalistUser.exists(newcoll, "_default_user_perms", altscope="user")) # Access site data
self.assertTrue(AnnalistUser.exists(newcoll, "user2", altscope="user"))
testuser = AnnalistUser.load(newcoll, "user2", altscope="user")
self.assertEquals(testuser["rdfs:label"], "Test User")
return
def test_annalistuser_default_data(self):
usr = AnnalistUser.load(self.testcoll,
"_unknown_user_perms",
altparent=self.testsite)
self.assertEqual(usr.get_id(), "_unknown_user_perms")
self.assertIn(
"/c/testcoll/_annalist_collection/users/_unknown_user_perms",
usr.get_url())
self.assertEqual(usr.get_type_id(), "_user")
uld = usr.get_values()
self.assertEqual(set(uld.keys()), set(annalistuser_load_keys()))
uev = annalistuser_read_values(user_id="_unknown_user_perms")
uev.update({
'rdfs:label': 'Unknown user',
'rdfs:comment': 'Permissions for unauthenticated user.',
'annal:user_uri': 'annal:User/_unknown_user_perms',
'annal:user_permissions': ['VIEW']
})
self.assertDictionaryMatch(uld, uev)
return
def test_annalistuser_default_data(self):
usr = AnnalistUser.load(self.testcoll, "_unknown_user_perms", altscope="all")
self.assertEqual(usr.get_id(), "_unknown_user_perms")
self.assertIn(
"/c/_annalist_site/_annalist_collection/%(user_dir)s/_unknown_user_perms/"%self.layout,
usr.get_url()
)
self.assertIn(
"/c/testcoll/d/%(user_typeid)s/_unknown_user_perms"%self.layout,
usr.get_view_url()
)
self.assertEqual(usr.get_type_id(), layout.USER_TYPEID)
uld = usr.get_values()
self.assertEqual(set(uld.keys()), set(annalistuser_load_keys()))
uev = annalistuser_read_values(user_id="_unknown_user_perms")
uev.update(
{ 'rdfs:label': 'Unknown user'
, 'annal:user_uri': 'annal:User/_unknown_user_perms'
, 'annal:user_permission': ['VIEW']
})
uev.pop('rdfs:comment', None)
self.assertDictionaryMatch(uld, uev)
return
def test_annalistuser_default_data(self):
usr = AnnalistUser.load(self.testcoll,
"_unknown_user_perms",
altscope="all")
self.assertEqual(usr.get_id(), "_unknown_user_perms")
self.assertIn(
"/c/_annalist_site/_annalist_collection/%(user_dir)s/_unknown_user_perms/"
% self.layout, usr.get_url())
self.assertIn(
"/c/testcoll/d/%(user_typeid)s/_unknown_user_perms" % self.layout,
usr.get_view_url())
self.assertEqual(usr.get_type_id(), layout.USER_TYPEID)
uld = usr.get_values()
self.assertEqual(set(uld.keys()), set(annalistuser_load_keys()))
uev = annalistuser_read_values(user_id="_unknown_user_perms")
uev.update({
'rdfs:label': 'Unknown user',
'annal:user_uri': 'annal:User/_unknown_user_perms',
'annal:user_permission': ['VIEW']
})
uev.pop('rdfs:comment', None)
self.assertDictionaryMatch(uld, uev)
return
def _check_annalist_user_perms(self, user_id, user_perms):
self.assertTrue(AnnalistUser.exists(self.testcoll, user_id))
u = AnnalistUser.load(self.testcoll, user_id)
self.assertEqual(u.get_id(), user_id)
self.assertEqual(u[ANNAL.CURIE.user_permission], user_perms)
return