def test_affects_unrelated(self): ''' Unrelated objects test. If I set an ACL on an object, it should not affect objects that it doesn't match. (in this case, a different language) ''' lang_cs = Language.objects.get(code='cs') lang_de = Language.objects.get(code='de') trans_cs = Translation.objects.create( subproject=self.subproject, language=lang_cs, filename="this/is/not/a.template" ) trans_de = Translation.objects.create( subproject=self.subproject, language=lang_de, filename="this/is/not/a.template" ) acl = GroupACL.objects.create(language=lang_cs) acl.groups.add(self.group) self.assertTrue(can_edit(self.privileged, trans_cs, self.PERMISSION)) self.assertFalse(can_edit(self.user, trans_cs, self.PERMISSION)) self.assertTrue(can_edit(self.privileged, trans_de, self.PERMISSION)) self.assertTrue(can_edit(self.user, trans_de, self.PERMISSION))
def test_affects_partial_match(self): ''' Partial match test. If I set an ACL on two criteria, e.g., subproject and language, it should not affect objects that only match one of the criteria. ''' lang_cs = Language.objects.get(code='cs') lang_de = Language.objects.get(code='de') trans_cs = Translation.objects.create( subproject=self.subproject, language=lang_cs, filename="this/is/not/a.template" ) trans_de = Translation.objects.create( subproject=self.subproject, language=lang_de, filename="this/is/not/a.template" ) acl = GroupACL.objects.create( language=lang_cs, subproject=self.subproject ) acl.groups.add(self.group) self.assertTrue(can_edit(self.privileged, trans_cs, self.PERMISSION)) self.assertFalse(can_edit(self.user, trans_cs, self.PERMISSION)) self.assertTrue(can_edit(self.privileged, trans_de, self.PERMISSION)) self.assertTrue(can_edit(self.user, trans_de, self.PERMISSION))
def test_acl_lockout(self): self.assertTrue(can_edit(self.user, self.trans, self.PERMISSION)) self.assertTrue(can_edit(self.privileged, self.trans, self.PERMISSION)) acl = GroupACL.objects.create(subproject=self.subproject) acl.groups.add(self.group) self.assertTrue(can_edit(self.privileged, self.trans, self.PERMISSION)) self.assertFalse(can_edit(self.user, self.trans, self.PERMISSION))
def test_acl_overlap(self): acl_lang = GroupACL.objects.create(language=self.language) acl_lang.groups.add(self.group) self.assertTrue(can_edit(self.privileged, self.trans, self.PERMISSION)) acl_sub = GroupACL.objects.create(subproject=self.subproject) self.assertFalse(can_edit(self.privileged, self.trans, self.PERMISSION)) acl_sub.groups.add(self.group) self.assertTrue(can_edit(self.privileged, self.trans, self.PERMISSION))
def test_group_locked(self): lang_cs = Language.objects.get(code='cs') lang_de = Language.objects.get(code='de') trans_cs = Translation.objects.create( subproject=self.subproject, language=lang_cs, filename="this/is/not/a.template" ) trans_de = Translation.objects.create( subproject=self.subproject, language=lang_de, filename="this/is/not/a.template" ) perm_name = 'trans.author_translation' self.assertFalse(can_edit(self.user, trans_cs, perm_name)) self.assertFalse(can_edit(self.privileged, trans_cs, perm_name)) self.assertFalse(can_edit(self.privileged, trans_de, perm_name)) self.clear_permission_cache() permission = Permission.objects.get( codename='author_translation', content_type__app_label='trans' ) self.group.permissions.add(permission) self.assertFalse(can_edit(self.user, trans_cs, perm_name)) self.assertTrue(can_edit(self.privileged, trans_cs, perm_name)) self.assertTrue(can_edit(self.privileged, trans_de, perm_name)) self.clear_permission_cache() acl = GroupACL.objects.create(language=lang_cs) acl.groups.add(self.group) self.assertTrue(can_edit(self.privileged, trans_cs, perm_name)) self.assertFalse(can_edit(self.privileged, trans_de, perm_name))
def test_acl_lockout(self): ''' Basic sanity check. Group ACL set on a subproject should only allow members of the marked group to edit it. ''' self.assertTrue(can_edit(self.user, self.trans, self.PERMISSION)) self.assertTrue(can_edit(self.privileged, self.trans, self.PERMISSION)) acl = GroupACL.objects.create(subproject=self.subproject) acl.groups.add(self.group) self.assertTrue(can_edit(self.privileged, self.trans, self.PERMISSION)) self.assertFalse(can_edit(self.user, self.trans, self.PERMISSION))
def test_group_locked(self): lang_cs = Language.objects.get(code='cs') lang_de = Language.objects.get(code='de') trans_cs = Translation.objects.create( subproject=self.subproject, language=lang_cs, filename="this/is/not/a.template") trans_de = Translation.objects.create( subproject=self.subproject, language=lang_de, filename="this/is/not/a.template") perm_name = 'trans.author_translation' self.assertFalse(can_edit(self.user, trans_cs, perm_name)) self.assertFalse(can_edit(self.privileged, trans_cs, perm_name)) self.assertFalse(can_edit(self.privileged, trans_de, perm_name)) self.clear_permission_cache() permission = Permission.objects.get(codename='author_translation', content_type__app_label='trans') self.group.permissions.add(permission) self.assertFalse(can_edit(self.user, trans_cs, perm_name)) self.assertTrue(can_edit(self.privileged, trans_cs, perm_name)) self.assertTrue(can_edit(self.privileged, trans_de, perm_name)) self.clear_permission_cache() acl = GroupACL.objects.create(language=lang_cs) acl.groups.add(self.group) self.assertTrue(can_edit(self.privileged, trans_cs, perm_name)) self.assertFalse(can_edit(self.privileged, trans_de, perm_name))
def test_acl_overlap(self): acl_lang = GroupACL.objects.create(language=self.language) acl_lang.groups.add(self.group) self.assertTrue( can_edit(self.privileged, self.trans, self.PERMISSION)) acl_sub = GroupACL.objects.create(subproject=self.subproject) self.assertFalse( can_edit(self.privileged, self.trans, self.PERMISSION)) acl_sub.groups.add(self.group) self.assertTrue( can_edit(self.privileged, self.trans, self.PERMISSION))
def test_acl_lockout(self): ''' Basic sanity check. Group ACL set on a subproject should only allow members of the marked group to edit it. ''' self.assertTrue(can_edit(self.user, self.trans, self.PERMISSION)) self.assertTrue(can_edit(self.privileged, self.trans, self.PERMISSION)) acl = GroupACL.objects.create(subproject=self.subproject) acl.groups.add(self.group) self.clear_permission_cache() self.assertTrue(can_edit(self.privileged, self.trans, self.PERMISSION)) self.assertFalse(can_edit(self.user, self.trans, self.PERMISSION))
def test_acl_overlap(self): ''' Overlap test. When two ACLs can apply to a translation object, only the most specific one should apply. ''' acl_lang = GroupACL.objects.create(language=self.language) acl_lang.groups.add(self.group) self.assertTrue( can_edit(self.privileged, self.trans, self.PERMISSION)) acl_sub = GroupACL.objects.create(subproject=self.subproject) self.assertFalse( can_edit(self.privileged, self.trans, self.PERMISSION)) acl_sub.groups.add(self.group) self.assertTrue( can_edit(self.privileged, self.trans, self.PERMISSION))
def test_affects_unrelated(self): lang_cs = Language.objects.get(code='cs') lang_de = Language.objects.get(code='de') trans_cs = Translation.objects.create( subproject=self.subproject, language=lang_cs, filename="this/is/not/a.template" ) trans_de = Translation.objects.create( subproject=self.subproject, language=lang_de, filename="this/is/not/a.template" ) acl = GroupACL.objects.create(language=lang_cs) acl.groups.add(self.group) self.assertTrue(can_edit(self.privileged, trans_cs, self.PERMISSION)) self.assertFalse(can_edit(self.user, trans_cs, self.PERMISSION)) self.assertTrue(can_edit(self.privileged, trans_de, self.PERMISSION)) self.assertTrue(can_edit(self.user, trans_de, self.PERMISSION))
def test_affects_unrelated(self): lang_cs = Language.objects.get(code='cs') lang_de = Language.objects.get(code='de') trans_cs = Translation.objects.create( subproject=self.subproject, language=lang_cs, filename="this/is/not/a.template") trans_de = Translation.objects.create( subproject=self.subproject, language=lang_de, filename="this/is/not/a.template") acl = GroupACL.objects.create(language=lang_cs) acl.groups.add(self.group) self.assertTrue(can_edit(self.privileged, trans_cs, self.PERMISSION)) self.assertFalse(can_edit(self.user, trans_cs, self.PERMISSION)) self.assertTrue(can_edit(self.privileged, trans_de, self.PERMISSION)) self.assertTrue(can_edit(self.user, trans_de, self.PERMISSION))
def test_acl_overlap(self): ''' Overlap test. When two ACLs can apply to a translation object, only the most specific one should apply. ''' acl_lang = GroupACL.objects.create(language=self.language) acl_lang.groups.add(self.group) self.assertTrue( can_edit(self.privileged, self.trans, self.PERMISSION)) acl_sub = GroupACL.objects.create(subproject=self.subproject) self.clear_permission_cache() self.assertFalse( can_edit(self.privileged, self.trans, self.PERMISSION)) acl_sub.groups.add(self.group) self.assertTrue( can_edit(self.privileged, self.trans, self.PERMISSION))
def test_group_locked(self): ''' Limited privilege test. Once a group is used in a GroupACL, it is said to be "locked". Privileges from the locked group should not apply outside GroupACL. I.e., if I gain "author_translation" privilege through membership in a "privileged_group", applicable to Czech language, this should not apply to any other language. ''' lang_cs = Language.objects.get(code='cs') lang_de = Language.objects.get(code='de') trans_cs = Translation.objects.create( subproject=self.subproject, language=lang_cs, filename="this/is/not/a.template" ) trans_de = Translation.objects.create( subproject=self.subproject, language=lang_de, filename="this/is/not/a.template" ) perm_name = 'trans.author_translation' self.assertFalse(can_edit(self.user, trans_cs, perm_name)) self.assertFalse(can_edit(self.privileged, trans_cs, perm_name)) self.assertFalse(can_edit(self.privileged, trans_de, perm_name)) self.clear_permission_cache() permission = Permission.objects.get( codename='author_translation', content_type__app_label='trans' ) self.group.permissions.add(permission) self.assertFalse(can_edit(self.user, trans_cs, perm_name)) self.assertTrue(can_edit(self.privileged, trans_cs, perm_name)) self.assertTrue(can_edit(self.privileged, trans_de, perm_name)) self.clear_permission_cache() acl = GroupACL.objects.create(language=lang_cs) acl.groups.add(self.group) self.assertTrue(can_edit(self.privileged, trans_cs, perm_name)) self.assertFalse(can_edit(self.privileged, trans_de, perm_name))