Esempio n. 1
0
def create_forum(app, new_forum):
    if 'parent' in new_forum and new_forum['parent']:
        parent_id = ObjectId(str(new_forum['parent']))
        shortname = (DM.Forum.query.get(_id=parent_id).shortname + '/' +
                     new_forum['shortname'])
    else:
        parent_id = None
        shortname = new_forum['shortname']
    description = new_forum.get('description', '')

    f = DM.Forum(
        app_config_id=app.config._id,
        parent_id=parent_id,
        name=h.really_unicode(new_forum['name']),
        shortname=h.really_unicode(shortname),
        description=h.really_unicode(description),
        members_only=new_forum.get('members_only', False),
        anon_posts=new_forum.get('anon_posts', False),
        monitoring_email=new_forum.get('monitoring_email', None),
    )
    if f.members_only and f.anon_posts:
        flash('You cannot have anonymous posts in a members only forum.',
              'warning')
        f.anon_posts = False
    if f.members_only:
        role_developer = ProjectRole.by_name('Developer')._id
        f.acl = [ACE.allow(role_developer, ALL_PERMISSIONS), DENY_ALL]
    elif f.anon_posts:
        role_anon = ProjectRole.anonymous()._id
        f.acl = [ACE.allow(role_anon, 'post')]
    else:
        f.acl = []
    return f
Esempio n. 2
0
def create_forum(app, new_forum):
    if 'parent' in new_forum and new_forum['parent']:
        parent_id = ObjectId(str(new_forum['parent']))
        shortname = (DM.Forum.query.get(_id=parent_id).shortname + '/'
                        + new_forum['shortname'])
    else:
        parent_id=None
        shortname = new_forum['shortname']
    description = new_forum.get('description','')

    f = DM.Forum(app_config_id=app.config._id,
                    parent_id=parent_id,
                    name=h.really_unicode(new_forum['name']),
                    shortname=h.really_unicode(shortname),
                    description=h.really_unicode(description),
                    members_only=new_forum.get('members_only', False),
                    anon_posts=new_forum.get('anon_posts', False),
                    monitoring_email=new_forum.get('monitoring_email', None),
                    )
    if f.members_only and f.anon_posts:
        flash('You cannot have anonymous posts in a members only forum.', 'warning')
        f.anon_posts = False
    if f.members_only:
        role_developer = ProjectRole.by_name('Developer')._id
        f.acl = [
            ACE.allow(role_developer, ALL_PERMISSIONS),
            DENY_ALL]
    elif f.anon_posts:
        role_anon = ProjectRole.anonymous()._id
        f.acl = [ACE.allow(role_anon, 'post')]
    else:
        f.acl = []
    if 'icon' in new_forum and new_forum['icon'] is not None and new_forum['icon'] != '':
        save_forum_icon(f, new_forum['icon'])
    return f
Esempio n. 3
0
    def test_private_ticket(self):
        from pylons import c
        from allura.model import ProjectRole, User
        from allura.model import ACE, ALL_PERMISSIONS, DENY_ALL
        from allura.lib.security import Credentials, has_access
        from allura.websetup import bootstrap

        admin = c.user
        creator = bootstrap.create_user('Not a Project Admin')
        developer = bootstrap.create_user('Project Developer')
        observer = bootstrap.create_user('Random Non-Project User')
        anon = User(_id=None, username='******', display_name='Anonymous')
        t = Ticket(summary='my ticket',
                   ticket_num=3,
                   reported_by_id=creator._id)

        assert creator == t.reported_by
        role_admin = ProjectRole.by_name('Admin')._id
        role_developer = ProjectRole.by_name('Developer')._id
        role_creator = t.reported_by.project_role()._id
        developer.project_role().roles.append(role_developer)
        cred = Credentials.get().clear()

        t.private = True
        assert t.acl == [
            ACE.allow(role_developer, ALL_PERMISSIONS),
            ACE.allow(role_creator, ALL_PERMISSIONS), DENY_ALL
        ]
        assert has_access(t, 'read', user=admin)()
        assert has_access(t, 'create', user=admin)()
        assert has_access(t, 'update', user=admin)()
        assert has_access(t, 'read', user=creator)()
        assert has_access(t, 'create', user=creator)()
        assert has_access(t, 'update', user=creator)()
        assert has_access(t, 'read', user=developer)()
        assert has_access(t, 'create', user=developer)()
        assert has_access(t, 'update', user=developer)()
        assert not has_access(t, 'read', user=observer)()
        assert not has_access(t, 'create', user=observer)()
        assert not has_access(t, 'update', user=observer)()
        assert not has_access(t, 'read', user=anon)()
        assert not has_access(t, 'create', user=anon)()
        assert not has_access(t, 'update', user=anon)()

        t.private = False
        assert t.acl == []
        assert has_access(t, 'read', user=admin)()
        assert has_access(t, 'create', user=admin)()
        assert has_access(t, 'update', user=admin)()
        assert has_access(t, 'read', user=developer)()
        assert has_access(t, 'create', user=developer)()
        assert has_access(t, 'update', user=developer)()
        assert has_access(t, 'read', user=creator)()
        assert has_access(t, 'unmoderated_post', user=creator)()
        assert not has_access(t, 'create', user=creator)()
        assert not has_access(t, 'update', user=creator)()
        assert has_access(t, 'read', user=observer)()
        assert has_access(t, 'read', user=anon)()
Esempio n. 4
0
    def test_private_ticket(self):
        from pylons import c
        from allura.model import ProjectRole, User
        from allura.model import ACE, ALL_PERMISSIONS, DENY_ALL
        from allura.lib.security import Credentials, has_access
        from allura.websetup import bootstrap

        admin = c.user
        creator = bootstrap.create_user('Not a Project Admin')
        developer = bootstrap.create_user('Project Developer')
        observer = bootstrap.create_user('Random Non-Project User')
        anon = User(_id=None, username='******',
                    display_name='Anonymous')
        t = Ticket(summary='my ticket', ticket_num=3, reported_by_id=creator._id)

        assert creator == t.reported_by
        role_admin = ProjectRole.by_name('Admin')._id
        role_developer = ProjectRole.by_name('Developer')._id
        role_creator = t.reported_by.project_role()._id
        developer.project_role().roles.append(role_developer)
        cred = Credentials.get().clear()

        t.private = True
        assert t.acl == [ACE.allow(role_developer, ALL_PERMISSIONS),
                         ACE.allow(role_creator, ALL_PERMISSIONS),
                         DENY_ALL]
        assert has_access(t, 'read', user=admin)()
        assert has_access(t, 'create', user=admin)()
        assert has_access(t, 'update', user=admin)()
        assert has_access(t, 'read', user=creator)()
        assert has_access(t, 'create', user=creator)()
        assert has_access(t, 'update', user=creator)()
        assert has_access(t, 'read', user=developer)()
        assert has_access(t, 'create', user=developer)()
        assert has_access(t, 'update', user=developer)()
        assert not has_access(t, 'read', user=observer)()
        assert not has_access(t, 'create', user=observer)()
        assert not has_access(t, 'update', user=observer)()
        assert not has_access(t, 'read', user=anon)()
        assert not has_access(t, 'create', user=anon)()
        assert not has_access(t, 'update', user=anon)()

        t.private = False
        assert t.acl == []
        assert has_access(t, 'read', user=admin)()
        assert has_access(t, 'create', user=admin)()
        assert has_access(t, 'update', user=admin)()
        assert has_access(t, 'read', user=developer)()
        assert has_access(t, 'create', user=developer)()
        assert has_access(t, 'update', user=developer)()
        assert has_access(t, 'read', user=creator)()
        assert has_access(t, 'unmoderated_post', user=creator)()
        assert not has_access(t, 'create', user=creator)()
        assert not has_access(t, 'update', user=creator)()
        assert has_access(t, 'read', user=observer)()
        assert has_access(t, 'read', user=anon)()
Esempio n. 5
0
 def _set_private(self, bool_flag):
     if bool_flag:
         role_developer = ProjectRole.by_name('Developer')
         role_creator = ProjectRole.by_user(self.reported_by, upsert=True)
         _allow_all = lambda role, perms: [ACE.allow(role._id, perm) for perm in perms]
         # maintain existing access for developers and the ticket creator,
         # but revoke all access for everyone else
         self.acl = _allow_all(role_developer, security.all_allowed(self, role_developer)) \
                  + _allow_all(role_creator, security.all_allowed(self, role_creator)) \
                  + [DENY_ALL]
     else:
         self.acl = []
Esempio n. 6
0
    def _set_private(self, bool_flag):
        if bool_flag:
            role_developer = ProjectRole.by_name("Developer")
            role_creator = ProjectRole.by_user(self.reported_by, upsert=True)

            def _allow_all(role, perms):
                return [ACE.allow(role._id, perm) for perm in perms]

            # maintain existing access for developers and the ticket creator,
            # but revoke all access for everyone else
            acl = _allow_all(role_developer, security.all_allowed(self, role_developer))
            if role_creator != ProjectRole.anonymous():
                acl += _allow_all(role_creator, security.all_allowed(self, role_creator))
            acl += [DENY_ALL]
            self.acl = acl
        else:
            self.acl = []
Esempio n. 7
0
 def _set_private(self, bool_flag):
     if bool_flag:
         role_developer = ProjectRole.by_name('Developer')._id
         role_creator = self.reported_by.project_role()._id
         self.acl = [
             ACE.allow(role_developer, ALL_PERMISSIONS),
             ACE.allow(role_creator, ALL_PERMISSIONS), DENY_ALL
         ]
     else:
         self.acl = []
Esempio n. 8
0
 def _set_private(self, bool_flag):
     if bool_flag:
         role_developer = ProjectRole.by_name('Developer')._id
         role_creator = self.reported_by.project_role()._id
         self.acl = [
             ACE.allow(role_developer, ALL_PERMISSIONS),
             ACE.allow(role_creator, ALL_PERMISSIONS),
             DENY_ALL]
     else:
         self.acl = []
Esempio n. 9
0
 def _set_private(self, bool_flag):
     if bool_flag:
         role_developer = ProjectRole.by_name('Developer')
         role_creator = self.reported_by.project_role()
         _allow_all = lambda role, perms: [
             ACE.allow(role._id, perm) for perm in perms
         ]
         # maintain existing access for developers and the ticket creator,
         # but revoke all access for everyone else
         self.acl = _allow_all(role_developer, security.all_allowed(self, role_developer)) \
                  + _allow_all(role_creator, security.all_allowed(self, role_creator)) \
                  + [DENY_ALL]
     else:
         self.acl = []
Esempio n. 10
0
 def install(self, project):
     pr = ProjectRole.by_user(c.user)
     if pr:
         self.config.acl = [
             ACE.allow(pr._id, perm) for perm in self.permissions
         ]
Esempio n. 11
0
    def test_private_ticket(self):
        from allura.model import ProjectRole
        from allura.model import ACE, DENY_ALL
        from allura.lib.security import Credentials, has_access
        from allura.websetup import bootstrap

        admin = c.user
        creator = bootstrap.create_user('Not a Project Admin')
        developer = bootstrap.create_user('Project Developer')
        observer = bootstrap.create_user('Random Non-Project User')
        anon = User(_id=None, username='******',
                    display_name='Anonymous')
        t = Ticket(summary='my ticket', ticket_num=3,
                   reported_by_id=creator._id)

        assert creator == t.reported_by
        role_admin = ProjectRole.by_name('Admin')._id
        role_developer = ProjectRole.by_name('Developer')._id
        role_creator = ProjectRole.by_user(t.reported_by, upsert=True)._id
        ProjectRole.by_user(
            developer, upsert=True).roles.append(role_developer)
        ThreadLocalORMSession.flush_all()
        cred = Credentials.get().clear()

        t.private = True
        assert_equal(t.acl, [
            ACE.allow(role_developer, 'save_searches'),
            ACE.allow(role_developer, 'read'),
            ACE.allow(role_developer, 'create'),
            ACE.allow(role_developer, 'update'),
            ACE.allow(role_developer, 'unmoderated_post'),
            ACE.allow(role_developer, 'post'),
            ACE.allow(role_developer, 'moderate'),
            ACE.allow(role_developer, 'delete'),
            ACE.allow(role_creator, 'read'),
            ACE.allow(role_creator, 'post'),
            ACE.allow(role_creator, 'create'),
            ACE.allow(role_creator, 'unmoderated_post'),
            DENY_ALL])
        assert has_access(t, 'read', user=admin)()
        assert has_access(t, 'create', user=admin)()
        assert has_access(t, 'update', user=admin)()
        assert has_access(t, 'read', user=creator)()
        assert has_access(t, 'post', user=creator)()
        assert has_access(t, 'unmoderated_post', user=creator)()
        assert has_access(t, 'create', user=creator)()
        assert not has_access(t, 'update', user=creator)()
        assert has_access(t, 'read', user=developer)()
        assert has_access(t, 'create', user=developer)()
        assert has_access(t, 'update', user=developer)()
        assert not has_access(t, 'read', user=observer)()
        assert not has_access(t, 'create', user=observer)()
        assert not has_access(t, 'update', user=observer)()
        assert not has_access(t, 'read', user=anon)()
        assert not has_access(t, 'create', user=anon)()
        assert not has_access(t, 'update', user=anon)()

        t.private = False
        assert t.acl == []
        assert has_access(t, 'read', user=admin)()
        assert has_access(t, 'create', user=admin)()
        assert has_access(t, 'update', user=admin)()
        assert has_access(t, 'read', user=developer)()
        assert has_access(t, 'create', user=developer)()
        assert has_access(t, 'update', user=developer)()
        assert has_access(t, 'read', user=creator)()
        assert has_access(t, 'unmoderated_post', user=creator)()
        assert has_access(t, 'create', user=creator)()
        assert not has_access(t, 'update', user=creator)()
        assert has_access(t, 'read', user=observer)()
        assert has_access(t, 'read', user=anon)()
Esempio n. 12
0
 def install(self, project):
     pr = ProjectRole.by_user(c.user)
     if pr:
         self.config.acl = [
             ACE.allow(pr._id, perm)
             for perm in self.permissions]
Esempio n. 13
0
    def test_private_ticket(self):
        from allura.model import ProjectRole
        from allura.model import ACE, DENY_ALL
        from allura.lib.security import Credentials, has_access
        from allura.websetup import bootstrap

        admin = c.user
        creator = bootstrap.create_user('Not a Project Admin')
        developer = bootstrap.create_user('Project Developer')
        observer = bootstrap.create_user('Random Non-Project User')
        anon = User(_id=None, username='******',
                    display_name='Anonymous')
        t = Ticket(summary='my ticket', ticket_num=3,
                   reported_by_id=creator._id)

        assert creator == t.reported_by
        role_admin = ProjectRole.by_name('Admin')._id
        role_developer = ProjectRole.by_name('Developer')._id
        role_creator = ProjectRole.by_user(t.reported_by, upsert=True)._id
        ProjectRole.by_user(
            developer, upsert=True).roles.append(role_developer)
        ThreadLocalORMSession.flush_all()
        cred = Credentials.get().clear()

        t.private = True
        assert_equal(t.acl, [
            ACE.allow(role_developer, 'save_searches'),
            ACE.allow(role_developer, 'read'),
            ACE.allow(role_developer, 'create'),
            ACE.allow(role_developer, 'update'),
            ACE.allow(role_developer, 'unmoderated_post'),
            ACE.allow(role_developer, 'post'),
            ACE.allow(role_developer, 'moderate'),
            ACE.allow(role_developer, 'delete'),
            ACE.allow(role_creator, 'read'),
            ACE.allow(role_creator, 'post'),
            ACE.allow(role_creator, 'create'),
            ACE.allow(role_creator, 'unmoderated_post'),
            DENY_ALL])
        assert has_access(t, 'read', user=admin)()
        assert has_access(t, 'create', user=admin)()
        assert has_access(t, 'update', user=admin)()
        assert has_access(t, 'read', user=creator)()
        assert has_access(t, 'post', user=creator)()
        assert has_access(t, 'unmoderated_post', user=creator)()
        assert has_access(t, 'create', user=creator)()
        assert not has_access(t, 'update', user=creator)()
        assert has_access(t, 'read', user=developer)()
        assert has_access(t, 'create', user=developer)()
        assert has_access(t, 'update', user=developer)()
        assert not has_access(t, 'read', user=observer)()
        assert not has_access(t, 'create', user=observer)()
        assert not has_access(t, 'update', user=observer)()
        assert not has_access(t, 'read', user=anon)()
        assert not has_access(t, 'create', user=anon)()
        assert not has_access(t, 'update', user=anon)()

        t.private = False
        assert t.acl == []
        assert has_access(t, 'read', user=admin)()
        assert has_access(t, 'create', user=admin)()
        assert has_access(t, 'update', user=admin)()
        assert has_access(t, 'read', user=developer)()
        assert has_access(t, 'create', user=developer)()
        assert has_access(t, 'update', user=developer)()
        assert has_access(t, 'read', user=creator)()
        assert has_access(t, 'unmoderated_post', user=creator)()
        assert has_access(t, 'create', user=creator)()
        assert not has_access(t, 'update', user=creator)()
        assert has_access(t, 'read', user=observer)()
        assert has_access(t, 'read', user=anon)()