def create_forum(app, new_forum): if 'parent' in new_forum and new_forum['parent']: parent_id = ObjectId(str(new_forum['parent'])) shortname = (DM.Forum.query.get(_id=parent_id).shortname + '/' + new_forum['shortname']) else: parent_id = None shortname = new_forum['shortname'] description = new_forum.get('description', '') f = DM.Forum( app_config_id=app.config._id, parent_id=parent_id, name=h.really_unicode(new_forum['name']), shortname=h.really_unicode(shortname), description=h.really_unicode(description), members_only=new_forum.get('members_only', False), anon_posts=new_forum.get('anon_posts', False), monitoring_email=new_forum.get('monitoring_email', None), ) if f.members_only and f.anon_posts: flash('You cannot have anonymous posts in a members only forum.', 'warning') f.anon_posts = False if f.members_only: role_developer = ProjectRole.by_name('Developer')._id f.acl = [ACE.allow(role_developer, ALL_PERMISSIONS), DENY_ALL] elif f.anon_posts: role_anon = ProjectRole.anonymous()._id f.acl = [ACE.allow(role_anon, 'post')] else: f.acl = [] return f
def create_forum(app, new_forum): if 'parent' in new_forum and new_forum['parent']: parent_id = ObjectId(str(new_forum['parent'])) shortname = (DM.Forum.query.get(_id=parent_id).shortname + '/' + new_forum['shortname']) else: parent_id=None shortname = new_forum['shortname'] description = new_forum.get('description','') f = DM.Forum(app_config_id=app.config._id, parent_id=parent_id, name=h.really_unicode(new_forum['name']), shortname=h.really_unicode(shortname), description=h.really_unicode(description), members_only=new_forum.get('members_only', False), anon_posts=new_forum.get('anon_posts', False), monitoring_email=new_forum.get('monitoring_email', None), ) if f.members_only and f.anon_posts: flash('You cannot have anonymous posts in a members only forum.', 'warning') f.anon_posts = False if f.members_only: role_developer = ProjectRole.by_name('Developer')._id f.acl = [ ACE.allow(role_developer, ALL_PERMISSIONS), DENY_ALL] elif f.anon_posts: role_anon = ProjectRole.anonymous()._id f.acl = [ACE.allow(role_anon, 'post')] else: f.acl = [] if 'icon' in new_forum and new_forum['icon'] is not None and new_forum['icon'] != '': save_forum_icon(f, new_forum['icon']) return f
def test_private_ticket(self): from pylons import c from allura.model import ProjectRole, User from allura.model import ACE, ALL_PERMISSIONS, DENY_ALL from allura.lib.security import Credentials, has_access from allura.websetup import bootstrap admin = c.user creator = bootstrap.create_user('Not a Project Admin') developer = bootstrap.create_user('Project Developer') observer = bootstrap.create_user('Random Non-Project User') anon = User(_id=None, username='******', display_name='Anonymous') t = Ticket(summary='my ticket', ticket_num=3, reported_by_id=creator._id) assert creator == t.reported_by role_admin = ProjectRole.by_name('Admin')._id role_developer = ProjectRole.by_name('Developer')._id role_creator = t.reported_by.project_role()._id developer.project_role().roles.append(role_developer) cred = Credentials.get().clear() t.private = True assert t.acl == [ ACE.allow(role_developer, ALL_PERMISSIONS), ACE.allow(role_creator, ALL_PERMISSIONS), DENY_ALL ] assert has_access(t, 'read', user=admin)() assert has_access(t, 'create', user=admin)() assert has_access(t, 'update', user=admin)() assert has_access(t, 'read', user=creator)() assert has_access(t, 'create', user=creator)() assert has_access(t, 'update', user=creator)() assert has_access(t, 'read', user=developer)() assert has_access(t, 'create', user=developer)() assert has_access(t, 'update', user=developer)() assert not has_access(t, 'read', user=observer)() assert not has_access(t, 'create', user=observer)() assert not has_access(t, 'update', user=observer)() assert not has_access(t, 'read', user=anon)() assert not has_access(t, 'create', user=anon)() assert not has_access(t, 'update', user=anon)() t.private = False assert t.acl == [] assert has_access(t, 'read', user=admin)() assert has_access(t, 'create', user=admin)() assert has_access(t, 'update', user=admin)() assert has_access(t, 'read', user=developer)() assert has_access(t, 'create', user=developer)() assert has_access(t, 'update', user=developer)() assert has_access(t, 'read', user=creator)() assert has_access(t, 'unmoderated_post', user=creator)() assert not has_access(t, 'create', user=creator)() assert not has_access(t, 'update', user=creator)() assert has_access(t, 'read', user=observer)() assert has_access(t, 'read', user=anon)()
def test_private_ticket(self): from pylons import c from allura.model import ProjectRole, User from allura.model import ACE, ALL_PERMISSIONS, DENY_ALL from allura.lib.security import Credentials, has_access from allura.websetup import bootstrap admin = c.user creator = bootstrap.create_user('Not a Project Admin') developer = bootstrap.create_user('Project Developer') observer = bootstrap.create_user('Random Non-Project User') anon = User(_id=None, username='******', display_name='Anonymous') t = Ticket(summary='my ticket', ticket_num=3, reported_by_id=creator._id) assert creator == t.reported_by role_admin = ProjectRole.by_name('Admin')._id role_developer = ProjectRole.by_name('Developer')._id role_creator = t.reported_by.project_role()._id developer.project_role().roles.append(role_developer) cred = Credentials.get().clear() t.private = True assert t.acl == [ACE.allow(role_developer, ALL_PERMISSIONS), ACE.allow(role_creator, ALL_PERMISSIONS), DENY_ALL] assert has_access(t, 'read', user=admin)() assert has_access(t, 'create', user=admin)() assert has_access(t, 'update', user=admin)() assert has_access(t, 'read', user=creator)() assert has_access(t, 'create', user=creator)() assert has_access(t, 'update', user=creator)() assert has_access(t, 'read', user=developer)() assert has_access(t, 'create', user=developer)() assert has_access(t, 'update', user=developer)() assert not has_access(t, 'read', user=observer)() assert not has_access(t, 'create', user=observer)() assert not has_access(t, 'update', user=observer)() assert not has_access(t, 'read', user=anon)() assert not has_access(t, 'create', user=anon)() assert not has_access(t, 'update', user=anon)() t.private = False assert t.acl == [] assert has_access(t, 'read', user=admin)() assert has_access(t, 'create', user=admin)() assert has_access(t, 'update', user=admin)() assert has_access(t, 'read', user=developer)() assert has_access(t, 'create', user=developer)() assert has_access(t, 'update', user=developer)() assert has_access(t, 'read', user=creator)() assert has_access(t, 'unmoderated_post', user=creator)() assert not has_access(t, 'create', user=creator)() assert not has_access(t, 'update', user=creator)() assert has_access(t, 'read', user=observer)() assert has_access(t, 'read', user=anon)()
def _set_private(self, bool_flag): if bool_flag: role_developer = ProjectRole.by_name('Developer') role_creator = ProjectRole.by_user(self.reported_by, upsert=True) _allow_all = lambda role, perms: [ACE.allow(role._id, perm) for perm in perms] # maintain existing access for developers and the ticket creator, # but revoke all access for everyone else self.acl = _allow_all(role_developer, security.all_allowed(self, role_developer)) \ + _allow_all(role_creator, security.all_allowed(self, role_creator)) \ + [DENY_ALL] else: self.acl = []
def _set_private(self, bool_flag): if bool_flag: role_developer = ProjectRole.by_name("Developer") role_creator = ProjectRole.by_user(self.reported_by, upsert=True) def _allow_all(role, perms): return [ACE.allow(role._id, perm) for perm in perms] # maintain existing access for developers and the ticket creator, # but revoke all access for everyone else acl = _allow_all(role_developer, security.all_allowed(self, role_developer)) if role_creator != ProjectRole.anonymous(): acl += _allow_all(role_creator, security.all_allowed(self, role_creator)) acl += [DENY_ALL] self.acl = acl else: self.acl = []
def _set_private(self, bool_flag): if bool_flag: role_developer = ProjectRole.by_name('Developer')._id role_creator = self.reported_by.project_role()._id self.acl = [ ACE.allow(role_developer, ALL_PERMISSIONS), ACE.allow(role_creator, ALL_PERMISSIONS), DENY_ALL ] else: self.acl = []
def _set_private(self, bool_flag): if bool_flag: role_developer = ProjectRole.by_name('Developer')._id role_creator = self.reported_by.project_role()._id self.acl = [ ACE.allow(role_developer, ALL_PERMISSIONS), ACE.allow(role_creator, ALL_PERMISSIONS), DENY_ALL] else: self.acl = []
def _set_private(self, bool_flag): if bool_flag: role_developer = ProjectRole.by_name('Developer') role_creator = self.reported_by.project_role() _allow_all = lambda role, perms: [ ACE.allow(role._id, perm) for perm in perms ] # maintain existing access for developers and the ticket creator, # but revoke all access for everyone else self.acl = _allow_all(role_developer, security.all_allowed(self, role_developer)) \ + _allow_all(role_creator, security.all_allowed(self, role_creator)) \ + [DENY_ALL] else: self.acl = []
def install(self, project): pr = ProjectRole.by_user(c.user) if pr: self.config.acl = [ ACE.allow(pr._id, perm) for perm in self.permissions ]
def test_private_ticket(self): from allura.model import ProjectRole from allura.model import ACE, DENY_ALL from allura.lib.security import Credentials, has_access from allura.websetup import bootstrap admin = c.user creator = bootstrap.create_user('Not a Project Admin') developer = bootstrap.create_user('Project Developer') observer = bootstrap.create_user('Random Non-Project User') anon = User(_id=None, username='******', display_name='Anonymous') t = Ticket(summary='my ticket', ticket_num=3, reported_by_id=creator._id) assert creator == t.reported_by role_admin = ProjectRole.by_name('Admin')._id role_developer = ProjectRole.by_name('Developer')._id role_creator = ProjectRole.by_user(t.reported_by, upsert=True)._id ProjectRole.by_user( developer, upsert=True).roles.append(role_developer) ThreadLocalORMSession.flush_all() cred = Credentials.get().clear() t.private = True assert_equal(t.acl, [ ACE.allow(role_developer, 'save_searches'), ACE.allow(role_developer, 'read'), ACE.allow(role_developer, 'create'), ACE.allow(role_developer, 'update'), ACE.allow(role_developer, 'unmoderated_post'), ACE.allow(role_developer, 'post'), ACE.allow(role_developer, 'moderate'), ACE.allow(role_developer, 'delete'), ACE.allow(role_creator, 'read'), ACE.allow(role_creator, 'post'), ACE.allow(role_creator, 'create'), ACE.allow(role_creator, 'unmoderated_post'), DENY_ALL]) assert has_access(t, 'read', user=admin)() assert has_access(t, 'create', user=admin)() assert has_access(t, 'update', user=admin)() assert has_access(t, 'read', user=creator)() assert has_access(t, 'post', user=creator)() assert has_access(t, 'unmoderated_post', user=creator)() assert has_access(t, 'create', user=creator)() assert not has_access(t, 'update', user=creator)() assert has_access(t, 'read', user=developer)() assert has_access(t, 'create', user=developer)() assert has_access(t, 'update', user=developer)() assert not has_access(t, 'read', user=observer)() assert not has_access(t, 'create', user=observer)() assert not has_access(t, 'update', user=observer)() assert not has_access(t, 'read', user=anon)() assert not has_access(t, 'create', user=anon)() assert not has_access(t, 'update', user=anon)() t.private = False assert t.acl == [] assert has_access(t, 'read', user=admin)() assert has_access(t, 'create', user=admin)() assert has_access(t, 'update', user=admin)() assert has_access(t, 'read', user=developer)() assert has_access(t, 'create', user=developer)() assert has_access(t, 'update', user=developer)() assert has_access(t, 'read', user=creator)() assert has_access(t, 'unmoderated_post', user=creator)() assert has_access(t, 'create', user=creator)() assert not has_access(t, 'update', user=creator)() assert has_access(t, 'read', user=observer)() assert has_access(t, 'read', user=anon)()
def install(self, project): pr = ProjectRole.by_user(c.user) if pr: self.config.acl = [ ACE.allow(pr._id, perm) for perm in self.permissions]