def test_principals_allowed_by_permission(self):
from pyramid.authorization import ACLHelper
from pyramid.security import Allow
from pyramid.security import Deny
from pyramid.security import DENY_ALL
from pyramid.security import ALL_PERMISSIONS
helper = ACLHelper()
root = DummyContext(__name__='', __parent__=None)
community = DummyContext(__name__='community', __parent__=root)
blog = DummyContext(__name__='blog', __parent__=community)
root.__acl__ = [
(Allow, 'chrism', ('read', 'write')),
(Allow, 'other', ('read', )),
(Allow, 'jim', ALL_PERMISSIONS),
]
community.__acl__ = [
(Deny, 'flooz', 'read'),
(Allow, 'flooz', 'read'),
(Allow, 'mork', 'read'),
(Deny, 'jim', 'read'),
(Allow, 'someguy', 'manage'),
]
blog.__acl__ = [(Allow, 'fred', 'read'), DENY_ALL]
result = sorted(helper.principals_allowed_by_permission(blog, 'read'))
self.assertEqual(result, ['fred'])
result = sorted(
helper.principals_allowed_by_permission(community, 'read'))
self.assertEqual(result, ['chrism', 'mork', 'other'])
result = sorted(
helper.principals_allowed_by_permission(community, 'read'))
result = sorted(helper.principals_allowed_by_permission(root, 'read'))
self.assertEqual(result, ['chrism', 'jim', 'other'])
def test_principals_allowed_by_permission_no_acls(self):
from pyramid.authorization import ACLHelper
helper = ACLHelper()
context = DummyContext()
result = sorted(
helper.principals_allowed_by_permission(context, 'read'))
self.assertEqual(result, [])
def test_principals_allowed_by_permission_deny_permission_in_acl(self):
from pyramid.authorization import ACLHelper, Deny, Everyone
helper = ACLHelper()
context = DummyContext()
acl = [(Deny, Everyone, 'read')]
context.__acl__ = acl
result = sorted(
helper.principals_allowed_by_permission(context, 'read'))
self.assertEqual(result, [])
def test_principals_allowed_by_permission_string_permission(self):
from pyramid.authorization import ACLHelper, Allow
helper = ACLHelper()
context = DummyContext()
acl = [(Allow, 'chrism', 'read_it')]
context.__acl__ = acl
result = helper.principals_allowed_by_permission(context, 'read')
# would be ['chrism'] if 'read' were compared against 'read_it' instead
# of against ['read_it']
self.assertEqual(list(result), [])
def test_principals_allowed_by_permission_callable_acl(self):
from pyramid.authorization import DENY_ALL, ACLHelper, Allow
helper = ACLHelper()
context = DummyContext()
acl = lambda: [
(Allow, 'chrism', ('read', 'write')),
DENY_ALL,
(Allow, 'other', 'read'),
]
context.__acl__ = acl
result = sorted(
helper.principals_allowed_by_permission(context, 'read'))
self.assertEqual(result, ['chrism'])
