def testItemACLs(self): """ security: test item acls """ tests = [ # itemname, username, expected_rights (self.mainitem_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), (self.mainitem_name, u'AnyUser', ['read']), # by after acl (self.mainitem_name, u'JaneDoe', ['read', 'write']), # by item acl (self.mainitem_name, u'JoeDoe', []), # by item acl (self.subitem1_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), (self.subitem1_name, u'AnyUser', ['read']), # by after acl (self.subitem1_name, u'JoeDoe', []), # by inherited acl from main item (self.subitem1_name, u'JaneDoe', ['read', 'write']), # by inherited acl from main item (self.subitem2_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), (self.subitem2_name, u'AnyUser', ['read']), # by after acl (self.subitem2_name, u'JoeDoe', ['read']), # by after acl (self.subitem2_name, u'JaneDoe', ['read']), # by after acl (self.subitem_4boss, u'AnyUser', ['read']), # by after acl (self.subitem_4boss, u'JoeDoe', ['read', 'write']), # by item acl ] for itemname, username, may in tests: u = User(auth_username=username) u.valid = True # User should have these rights... for right in may: can_access = getattr(u.may, right)(itemname) assert can_access, "{0!r} may {1} {2!r} (hierarchic)".format(u.name, right, itemname) # User should NOT have these rights: mayNot = [right for right in app.cfg.acl_rights_contents if right not in may] for right in mayNot: can_access = getattr(u.may, right)(itemname) assert not can_access, "{0!r} may not {1} {2!r} (hierarchic)".format(u.name, right, itemname)
def testItemACLs(self): """ security: test item acls """ tests = [ # itemname, username, expected_rights (self.mainitem_name, u"WikiAdmin", ["read", "write", "admin", "create", "destroy"]), (self.mainitem_name, u"AnyUser", ["read"]), # by after acl (self.mainitem_name, u"JaneDoe", ["read", "write"]), # by item acl (self.mainitem_name, u"JoeDoe", []), # by item acl (self.subitem1_name, u"WikiAdmin", ["read", "write", "admin", "create", "destroy"]), (self.subitem1_name, u"AnyUser", ["read"]), # by after acl (self.subitem1_name, u"JoeDoe", []), # by inherited acl from main item (self.subitem1_name, u"JaneDoe", ["read", "write"]), # by inherited acl from main item (self.subitem2_name, u"WikiAdmin", ["read", "write", "admin", "create", "destroy"]), (self.subitem2_name, u"AnyUser", ["read"]), # by after acl (self.subitem2_name, u"JoeDoe", ["read"]), # by after acl (self.subitem2_name, u"JaneDoe", ["read"]), # by after acl (self.subitem_4boss, u"AnyUser", ["read"]), # by after acl (self.subitem_4boss, u"JoeDoe", ["read", "write"]), # by item acl ] for itemname, username, may in tests: u = User(auth_username=username) u.valid = True # User should have these rights... for right in may: can_access = getattr(u.may, right)(itemname) assert can_access, "{0!r} may {1} {2!r} (hierarchic)".format(u.name, right, itemname) # User should NOT have these rights: mayNot = [right for right in app.cfg.acl_rights_contents if right not in may] for right in mayNot: can_access = getattr(u.may, right)(itemname) assert not can_access, "{0!r} may not {1} {2!r} (hierarchic)".format(u.name, right, itemname)
def testPageACLs(self): """ security: test page acls """ tests = [ # hierarchic, pagename, username, expected_rights (False, self.mainpage_name, u'WikiAdmin', ['read', 'write', 'admin', 'revert', 'delete']), (True, self.mainpage_name, u'WikiAdmin', ['read', 'write', 'admin', 'revert', 'delete']), (False, self.mainpage_name, u'AnyUser', ['read']), # by after acl (True, self.mainpage_name, u'AnyUser', ['read']), # by after acl (False, self.mainpage_name, u'JaneDoe', ['read', 'write']), # by page acl (True, self.mainpage_name, u'JaneDoe', ['read', 'write']), # by page acl (False, self.mainpage_name, u'JoeDoe', []), # by page acl (True, self.mainpage_name, u'JoeDoe', []), # by page acl (False, self.subpage_name, u'WikiAdmin', ['read', 'write', 'admin', 'revert', 'delete']), (True, self.subpage_name, u'WikiAdmin', ['read', 'write', 'admin', 'revert', 'delete']), (False, self.subpage_name, u'AnyUser', ['read', 'write']), # by default acl (True, self.subpage_name, u'AnyUser', ['read']), # by after acl (False, self.subpage_name, u'JoeDoe', ['read', 'write']), # by default acl (True, self.subpage_name, u'JoeDoe', []), # by inherited acl from main page (False, self.subpage_name, u'JaneDoe', ['read', 'write']), # by default acl (True, self.subpage_name, u'JaneDoe', ['read', 'write']), # by inherited acl from main page (True, self.subitem_4boss, u'AnyUser', ['read']), # by after acl (True, self.subitem_4boss, u'JoeDoe', ['read', 'write']), # by item acl ] for hierarchic, pagename, username, may in tests: u = User(self.request, auth_username=username) u.valid = True def _have_right(u, right, pagename, hierarchic): self.request.cfg.acl_hierarchic = hierarchic can_access = u.may.__getattr__(right)(pagename) if can_access: print "page %s: %s test if %s may %s (success)" % ( pagename, ['normal', 'hierarchic'][hierarchic], username, right) else: print "page %s: %s test if %s may %s (failure)" % ( pagename, ['normal', 'hierarchic'][hierarchic], username, right) assert can_access # User should have these rights... for right in may: yield _have_right, u, right, pagename, hierarchic def _not_have_right(u, right, pagename, hierarchic): self.request.cfg.acl_hierarchic = hierarchic can_access = u.may.__getattr__(right)(pagename) if can_access: print "page %s: %s test if %s may not %s (failure)" % ( pagename, ['normal', 'hierarchic'][hierarchic], username, right) else: print "page %s: %s test if %s may not %s (success)" % ( pagename, ['normal', 'hierarchic'][hierarchic], username, right) assert not can_access # User should NOT have these rights: mayNot = [right for right in self.request.cfg.acl_rights_valid if right not in may] for right in mayNot: yield _not_have_right, u, right, pagename, hierarchic
def request(self, request, user_obj, **kw): user = request.env.get('repoze.who.identity', {}).get('user', None) if user: user = User( request, auth_username=user.uid, auth_method=self.name, auth_attribs=('name', 'aliasname', 'email', 'password')) #user.may = PlonePermissions(user) user.language = 'es' user.valid = 1 return user, True return user_obj, True
def testItemACLs(self): """ security: test item acls """ tests = [ # itemname, username, expected_rights (self.mainitem_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), (self.mainitem_name, u'AnyUser', ['read']), # by after acl (self.mainitem_name, u'JaneDoe', ['read', 'write']), # by item acl (self.mainitem_name, u'JoeDoe', []), # by item acl (self.subitem1_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), (self.subitem1_name, u'AnyUser', ['read', 'write']), # by default acl (self.subitem1_name, u'JoeDoe', ['read', 'write']), # by default acl (self.subitem1_name, u'JaneDoe', ['read', 'write']), # by default acl (self.subitem2_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), (self.subitem2_name, u'AnyUser', ['read']), # by after acl (self.subitem2_name, u'JoeDoe', ['read']), # by after acl (self.subitem2_name, u'JaneDoe', ['read']), # by after acl ] for itemname, username, may in tests: u = User(auth_username=username) u.valid = True def _have_right(u, right, itemname): can_access = getattr(u.may, right)(itemname) assert can_access, "{0!r} may {1} {2!r} (normal)".format(u.name, right, itemname) # User should have these rights... for right in may: yield _have_right, u, right, itemname def _not_have_right(u, right, itemname): can_access = getattr(u.may, right)(itemname) assert not can_access, "{0!r} may not {1} {2!r} (normal)".format(u.name, right, itemname) # User should NOT have these rights: mayNot = [right for right in app.cfg.acl_rights_contents if right not in may] for right in mayNot: yield _not_have_right, u, right, itemname # check function rights u = User(auth_username='******') assert u.may.superuser() u = User(auth_username='******') assert u.may.notextcha() u = User(auth_username='******') assert not u.may.superuser() assert not u.may.notextcha()
def testItemACLs(self): """ security: test item acls """ tests = [ # itemname, username, expected_rights (self.p1, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl (self.p2, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl (self.c1, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl (self.c2, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl (self.c12, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl (self.p1, u'Editor', []), # by p1 acl (self.c1, u'Editor', []), # by p1 acl (self.p1, u'SomeOne', ['read']), # by after acl (self.c1, u'SomeOne', ['read']), # by after acl (self.p2, u'Editor', ['read', 'write']), # by default acl (self.c2, u'Editor', ['read', 'write']), # by default acl (self.p2, u'SomeOne', ['read']), # by after acl (self.c2, u'SomeOne', ['read']), # by after acl (self.c12, u'SomeOne', ['read']), # by after acl # now check the rather special stuff: (self.c12, u'Editor', ['read', 'write']), # disallowed via p1, but allowed via p2 via default acl ] for itemnames, username, may in tests: u = User(auth_username=username) u.valid = True itemname = itemnames[0] def _have_right(u, right, itemname): can_access = getattr(u.may, right)(itemname) assert can_access, "{0!r} may {1} {2!r} (hierarchic)".format(u.name, right, itemname) # User should have these rights... for right in may: yield _have_right, u, right, itemname def _not_have_right(u, right, itemname): can_access = getattr(u.may, right)(itemname) assert not can_access, "{0!r} may not {1} {2!r} (hierarchic)".format(u.name, right, itemname) # User should NOT have these rights: mayNot = [right for right in app.cfg.acl_rights_contents if right not in may] for right in mayNot: yield _not_have_right, u, right, itemname
def testItemACLs(self): """ security: test item acls """ tests = [ # itemname, username, expected_rights (self.mainitem_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), (self.mainitem_name, u'AnyUser', ['read']), # by after acl (self.mainitem_name, u'JaneDoe', ['read', 'write']), # by item acl (self.mainitem_name, u'JoeDoe', []), # by item acl (self.subitem1_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), (self.subitem1_name, u'AnyUser', ['read']), # by after acl (self.subitem1_name, u'JoeDoe', []), # by inherited acl from main item (self.subitem1_name, u'JaneDoe', ['read', 'write']), # by inherited acl from main item (self.subitem2_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), (self.subitem2_name, u'AnyUser', ['read']), # by after acl (self.subitem2_name, u'JoeDoe', ['read']), # by after acl (self.subitem2_name, u'JaneDoe', ['read']), # by after acl (self.subitem_4boss, u'AnyUser', ['read']), # by after acl (self.subitem_4boss, u'JoeDoe', ['read', 'write']), # by item acl ] for itemname, username, may in tests: u = User(auth_username=username) u.valid = True def _have_right(u, right, itemname): flaskg.user = u can_access = getattr(u.may, right)(itemname) assert can_access, "%r may %s %r (hierarchic)" % (u.name, right, itemname) # User should have these rights... for right in may: yield _have_right, u, right, itemname def _not_have_right(u, right, itemname): flaskg.user = u can_access = getattr(u.may, right)(itemname) assert not can_access, "%r may not %s %r (hierarchic)" % (u.name, right, itemname) # User should NOT have these rights: mayNot = [right for right in app.cfg.acl_rights_valid if right not in may] for right in mayNot: yield _not_have_right, u, right, itemname
def testItemACLs(self): """ security: test item acls """ tests = [ # itemname, username, expected_rights (self.mainitem_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), (self.mainitem_name, u'AnyUser', ['read']), # by after acl (self.mainitem_name, u'JaneDoe', ['read', 'write']), # by item acl (self.mainitem_name, u'JoeDoe', []), # by item acl (self.subitem1_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), (self.subitem1_name, u'AnyUser', ['read']), # by after acl (self.subitem1_name, u'JoeDoe', []), # by inherited acl from main item (self.subitem1_name, u'JaneDoe', ['read', 'write']), # by inherited acl from main item (self.subitem2_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), (self.subitem2_name, u'AnyUser', ['read']), # by after acl (self.subitem2_name, u'JoeDoe', ['read']), # by after acl (self.subitem2_name, u'JaneDoe', ['read']), # by after acl (self.subitem_4boss, u'AnyUser', ['read']), # by after acl (self.subitem_4boss, u'JoeDoe', ['read', 'write']), # by item acl ] for itemname, username, may in tests: u = User(auth_username=username) u.valid = True def _have_right(u, right, itemname): can_access = getattr(u.may, right)(itemname) assert can_access, "{0!r} may {1} {2!r} (hierarchic)".format(u.name, right, itemname) # User should have these rights... for right in may: yield _have_right, u, right, itemname def _not_have_right(u, right, itemname): can_access = getattr(u.may, right)(itemname) assert not can_access, "{0!r} may not {1} {2!r} (hierarchic)".format(u.name, right, itemname) # User should NOT have these rights: mayNot = [right for right in app.cfg.acl_rights_contents if right not in may] for right in mayNot: yield _not_have_right, u, right, itemname
def test_ItemACLs(self): """ security: test item acls """ tests = [ # itemname, username, expected_rights (self.mainitem_name, u"WikiAdmin", ["read", "write", "admin", "create", "destroy"]), (self.mainitem_name, u"AnyUser", ["read"]), # by after acl (self.mainitem_name, u"JaneDoe", ["read", "write"]), # by item acl (self.mainitem_name, u"JoeDoe", []), # by item acl (self.subitem1_name, u"WikiAdmin", ["read", "write", "admin", "create", "destroy"]), (self.subitem1_name, u"AnyUser", ["read", "write"]), # by default acl (self.subitem1_name, u"JoeDoe", ["read", "write"]), # by default acl (self.subitem1_name, u"JaneDoe", ["read", "write"]), # by default acl (self.subitem2_name, u"WikiAdmin", ["read", "write", "admin", "create", "destroy"]), (self.subitem2_name, u"AnyUser", ["read"]), # by after acl (self.subitem2_name, u"JoeDoe", ["read"]), # by after acl (self.subitem2_name, u"JaneDoe", ["read"]), # by after acl ] for itemname, username, may in tests: u = User(auth_username=username) u.valid = True # User should have these rights... for right in may: can_access = getattr(u.may, right)(itemname) assert can_access, "{0!r} may {1} {2!r} (normal)".format(u.name, right, itemname) # User should NOT have these rights: mayNot = [right for right in app.cfg.acl_rights_contents if right not in may] for right in mayNot: can_access = getattr(u.may, right)(itemname) assert not can_access, "{0!r} may not {1} {2!r} (normal)".format(u.name, right, itemname) # check function rights u = User(auth_username="******") assert u.may.superuser() u = User(auth_username="******") assert u.may.notextcha() u = User(auth_username="******") assert not u.may.superuser() assert not u.may.notextcha()
def test_ItemACLs(self): """ security: test item acls """ tests = [ # itemname, username, expected_rights (self.mainitem_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), (self.mainitem_name, u'AnyUser', ['read']), # by after acl (self.mainitem_name, u'JaneDoe', ['read', 'write']), # by item acl (self.mainitem_name, u'JoeDoe', []), # by item acl (self.subitem1_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), (self.subitem1_name, u'AnyUser', ['read', 'write']), # by default acl (self.subitem1_name, u'JoeDoe', ['read', 'write']), # by default acl (self.subitem1_name, u'JaneDoe', ['read', 'write']), # by default acl (self.subitem2_name, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), (self.subitem2_name, u'AnyUser', ['read']), # by after acl (self.subitem2_name, u'JoeDoe', ['read']), # by after acl (self.subitem2_name, u'JaneDoe', ['read']), # by after acl ] for itemname, username, may in tests: u = User(auth_username=username) u.valid = True # User should have these rights... for right in may: can_access = getattr(u.may, right)(itemname) assert can_access, "{0!r} may {1} {2!r} (normal)".format(u.name, right, itemname) # User should NOT have these rights: mayNot = [right for right in app.cfg.acl_rights_contents if right not in may] for right in mayNot: can_access = getattr(u.may, right)(itemname) assert not can_access, "{0!r} may not {1} {2!r} (normal)".format(u.name, right, itemname) # check function rights u = User(auth_username='******') assert u.may.superuser() u = User(auth_username='******') assert u.may.notextcha() u = User(auth_username='******') assert not u.may.superuser() assert not u.may.notextcha()
def testItemACLs(self): """ security: test item acls """ tests = [ # itemname, username, expected_rights (self.p1, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl (self.p2, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl (self.c1, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl (self.c2, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl (self.c12, u'WikiAdmin', ['read', 'write', 'admin', 'create', 'destroy']), # by before acl (self.p1, u'Editor', []), # by p1 acl (self.c1, u'Editor', []), # by p1 acl (self.p1, u'SomeOne', ['read']), # by after acl (self.c1, u'SomeOne', ['read']), # by after acl (self.p2, u'Editor', ['read', 'write']), # by default acl (self.c2, u'Editor', ['read', 'write']), # by default acl (self.p2, u'SomeOne', ['read']), # by after acl (self.c2, u'SomeOne', ['read']), # by after acl (self.c12, u'SomeOne', ['read']), # by after acl # now check the rather special stuff: (self.c12, u'Editor', ['read', 'write']), # disallowed via p1, but allowed via p2 via default acl ] for itemnames, username, may in tests: u = User(auth_username=username) u.valid = True itemname = itemnames[0] # User should have these rights... for right in may: can_access = getattr(u.may, right)(itemname) assert can_access, "{0!r} may {1} {2!r} (hierarchic)".format(u.name, right, itemname) # User should NOT have these rights: mayNot = [right for right in app.cfg.acl_rights_contents if right not in may] for right in mayNot: can_access = getattr(u.may, right)(itemname) assert not can_access, "{0!r} may not {1} {2!r} (hierarchic)".format(u.name, right, itemname)