def test_acl_register_same_name(self):
import ptah
ptah.ACL('map', 'acl1')
ptah.ACL('map', 'acl2')
self.assertRaises(ConfigurationConflictError, self.init_ptah)
def test_acl_register(self):
pmap = ptah.ACL('map', 'ACL', 'Map')
self.init_ptah()
self.assertTrue(pmap.id == 'map')
self.assertTrue(pmap.title == 'ACL')
self.assertTrue(pmap.description == 'Map')
self.assertTrue(ptah.get_acls()['map'] is pmap)
def test_acl_unset_all(self):
pmap = ptah.ACL('map', 'acl map')
pmap.allow('role:test1', 'perm1', 'perm2')
pmap.allow('role:test2', 'perm1')
pmap.deny('role:test1', 'perm1', 'perm2')
pmap.deny('role:test2', ALL_PERMISSIONS)
pmap.unset(None, ALL_PERMISSIONS)
self.assertEqual(len(pmap), 0)
def test_acl_deny_all(self):
pmap = ptah.ACL('map', 'acl map')
pmap.deny('role:test', 'perm1')
pmap.deny('role:test', ALL_PERMISSIONS)
pmap.deny('role:test', 'perm2')
self.assertEqual(len(pmap), 1)
self.assertEqual(pmap[0][0], Deny)
self.assertEqual(pmap[0][1], 'role:test')
self.assertEqual(pmap[0][2], ALL_PERMISSIONS)
def test_acl_deny(self):
role = ptah.Role('test', 'test')
pmap = ptah.ACL('map', 'acl map')
pmap.deny(role, 'perm1')
pmap.deny('role:test', 'perm2')
self.assertEqual(len(pmap), 1)
self.assertEqual(pmap[0][0], Deny)
self.assertEqual(pmap[0][1], 'role:test')
self.assertEqual(pmap[0][2], set(('perm2', 'perm1')))
def test_acl_allow_all(self):
role = ptah.Role('test', 'test')
pmap = ptah.ACL('map', 'acl map')
pmap.allow(role, 'perm1')
pmap.allow(role, ALL_PERMISSIONS)
pmap.allow(role, 'perm2')
self.assertEqual(len(pmap), 1)
self.assertEqual(pmap[0][0], Allow)
self.assertEqual(pmap[0][1], 'role:test')
self.assertEqual(pmap[0][2], ALL_PERMISSIONS)
def test_acls(self):
import ptah
acl1 = ptah.ACL('acl1', 'acl1')
acl1.allow('role1', 'perm1', 'perm2')
acl2 = ptah.ACL('acl2', 'acl2')
acl2.deny('role1', 'perm1', 'perm2')
self.init_ptah()
class Content(object):
__acl__ = ptah.ACLsProperty()
content = Content()
self.assertEqual(content.__acl__, ())
content.__acls__ = ()
self.assertEqual(content.__acl__, ())
content.__acls__ = ('acl1', )
self.assertEqual(
list(content.__acl__),
[['Allow', 'role1', set(['perm2', 'perm1'])]])
content.__acls__ = (
'acl1',
'acl2',
)
self.assertEqual(
list(content.__acl__),
[['Allow', 'role1', set(['perm2', 'perm1'])],
['Deny', 'role1', set(['perm2', 'perm1'])]])
content.__acls__ = ('acl2', 'acl1')
self.assertEqual(
list(content.__acl__),
[['Deny', 'role1', set(['perm2', 'perm1'])],
['Allow', 'role1', set(['perm2', 'perm1'])]])
def test_acl_unset_allow(self):
role = ptah.Role('test', 'test')
pmap = ptah.ACL('map', 'acl map')
pmap.allow(role, 'perm1', 'perm2')
pmap.allow('role:test2', 'perm1')
pmap.unset(None, 'perm1')
self.assertEqual(len(pmap), 1)
self.assertEqual(pmap[0][0], Allow)
self.assertEqual(pmap[0][1], 'role:test')
self.assertEqual(pmap[0][2], set(('perm2', )))
def test_acl_order(self):
pmap = ptah.ACL('map', 'acl map')
pmap.deny('role:test', 'perm1')
pmap.allow('role:test', 'perm2')
pmap.allow('role:test2', 'perm2')
pmap.deny('role:test2', 'perm2')
self.assertEqual(pmap[0][0], Deny)
self.assertEqual(pmap[0][1], 'role:test')
self.assertEqual(pmap[1][0], Allow)
self.assertEqual(pmap[1][1], 'role:test')
self.assertEqual(pmap[2][0], Allow)
self.assertEqual(pmap[2][1], 'role:test2')
self.assertEqual(pmap[3][0], Deny)
self.assertEqual(pmap[3][1], 'role:test2')
def test_acl_unset_role_all(self):
pmap = ptah.ACL('map', 'acl map')
pmap.allow('role:test1', 'perm2')
pmap.allow('role:test2', 'perm1')
pmap.deny('role:test1', 'perm1', 'perm2')
pmap.deny('role:test2', ALL_PERMISSIONS)
pmap.unset('role:test2', ALL_PERMISSIONS)
self.assertEqual(len(pmap), 2)
self.assertEqual(pmap[0][0], Allow)
self.assertEqual(pmap[0][1], 'role:test1')
self.assertEqual(pmap[0][2], set(('perm2', )))
self.assertEqual(pmap[1][0], Deny)
self.assertEqual(pmap[1][1], 'role:test1')
self.assertEqual(pmap[1][2], set(('perm1', 'perm2')))
def test_acl_unset_role_deny(self):
import ptah
role = ptah.Role('test', 'test')
pmap = ptah.ACL('map', 'acl map')
pmap.deny(role, 'perm1', 'perm2')
pmap.deny('role:test2', 'perm1')
pmap.unset(role.id, 'perm1')
self.assertEqual(len(pmap), 2)
self.assertEqual(pmap[0][0], Deny)
self.assertEqual(pmap[0][1], 'role:test')
self.assertEqual(pmap[0][2], set(('perm2', )))
self.assertEqual(pmap[1][0], Deny)
self.assertEqual(pmap[1][1], 'role:test2')
self.assertEqual(pmap[1][2], set(('perm1', )))
Editor = ptah.Role('editor', 'Editor')
Editor.allow(ptah.cms.View, ptah.cms.ModifyContent)
Manager = ptah.Role('manager', 'Manager')
Manager.allow(ptah.cms.ALL_PERMISSIONS)
ptah.Owner.allow(ptah.cms.DeleteContent)
# permissions
AddTheme = ptah.Permission('ploud:AddTheme', 'Add theme')
AddThemeFile = ptah.Permission('ploud:AddFile', 'Add theme file')
RetractTheme = ptah.Permission('ploud:RetractTheme', 'Retract theme')
ManageGallery = ptah.Permission('ploud:ManageGallery', 'Manage gallery')
# Gallery ACL
GALLERY_ACL = ptah.ACL('ploud-themegallery', 'Ploud theme gallery ACL')
GALLERY_ACL.allow(ptah.Everyone, ptah.cms.View)
GALLERY_ACL.allow(ptah.Authenticated, AddTheme)
GALLERY_ACL.allow(ptah.Authenticated, ptah.cms.View)
GALLERY_ACL.allow(ptah.Owner, AddThemeFile)
GALLERY_ACL.allow(ptah.Owner, ptah.cms.ModifyContent)
GALLERY_ACL.allow(ptah.Owner, ptah.cms.DeleteContent)
GALLERY_ACL.allow(Manager, ptah.cms.ALL_PERMISSIONS)
# ACL for private state
PRIVATE = ptah.ACL('ploud-private-theme', 'Private ploud theme')
PRIVATE.allow(Manager, ptah.cms.ALL_PERMISSIONS)
PRIVATE.allow(ptah.Owner, ptah.cms.View)
PRIVATE.allow(ptah.Owner, ptah.cms.ModifyContent)
PRIVATE.deny(ptah.Owner, RetractTheme)
PRIVATE.deny(ptah.Everyone, ptah.cms.View)
