def test_role_register_conflict(self):
import ptah
ptah.Role('myrole', 'MyRole1')
ptah.Role('myrole', 'MyRole2')
self.assertRaises(ConfigurationConflictError, self.init_ptah)
def _make_app(self, request=None):
from ptah.manage.manage import PtahManageRoute
class Principal(object):
id = 'test-user'
uri = 'test:user'
login = '******'
principal = Principal()
@ptah.resolver('test')
def principalResolver(uri):
return principal
@ptah.principal_searcher('test')
def principalSearcher(term):
return (principal, )
cms.ApplicationFactory(TestApp1, '/test1', 'app1', 'Root App 1')
cms.ApplicationFactory(TestApp2, '/test2', 'app2', 'Root App 2')
self.TestRole = ptah.Role('test', 'Test role')
self.init_ptah()
if request is None:
request = DummyRequest()
ptah.auth_service.set_userid(ptah.SUPERUSER_URI)
cfg = ptah.get_settings(ptah.CFG_ID_PTAH, self.registry)
cfg['managers'] = ('*', )
mr = PtahManageRoute(request)
mod = mr['apps']
return mod['app1']
def test_role_roles(self):
import ptah
role = ptah.Role('myrole', 'MyRole')
self.init_ptah()
self.assertTrue('myrole' in ptah.get_roles())
self.assertTrue(ptah.get_roles()['myrole'] is role)
def test_role_register(self):
role = ptah.Role('myrole', 'MyRole')
self.assertTrue(role.id == 'role:myrole')
self.assertTrue(role.name == 'myrole')
self.assertTrue(role.title == 'MyRole')
self.assertTrue(role.description == '')
self.assertTrue(str(role) == 'Role<MyRole>')
self.assertTrue(repr(role) == 'role:myrole')
def test_role_unset_denied_permission(self):
from ptah import DEFAULT_ACL
role = ptah.Role('myrole', 'MyRole')
role.deny('perm1')
self.assertEqual(len(DEFAULT_ACL), 1)
role.unset('perm1')
self.assertEqual(len(DEFAULT_ACL), 0)
def test_acl_deny(self):
role = ptah.Role('test', 'test')
pmap = ptah.ACL('map', 'acl map')
pmap.deny(role, 'perm1')
pmap.deny('role:test', 'perm2')
self.assertEqual(len(pmap), 1)
self.assertEqual(pmap[0][0], Deny)
self.assertEqual(pmap[0][1], 'role:test')
self.assertEqual(pmap[0][2], set(('perm2', 'perm1')))
def test_acl_allow_all(self):
role = ptah.Role('test', 'test')
pmap = ptah.ACL('map', 'acl map')
pmap.allow(role, 'perm1')
pmap.allow(role, ALL_PERMISSIONS)
pmap.allow(role, 'perm2')
self.assertEqual(len(pmap), 1)
self.assertEqual(pmap[0][0], Allow)
self.assertEqual(pmap[0][1], 'role:test')
self.assertEqual(pmap[0][2], ALL_PERMISSIONS)
def test_role_deny_permission(self):
from ptah import DEFAULT_ACL
role = ptah.Role('myrole', 'MyRole')
role.deny('perm1', 'perm2')
rec = DEFAULT_ACL.get(Deny, role.id)
self.assertEqual(rec[0], Deny)
self.assertEqual(rec[1], role.id)
self.assertTrue('perm1' in rec[2])
self.assertTrue('perm2' in rec[2])
def test_role_allow_permission(self):
from ptah import DEFAULT_ACL
role = ptah.Role('myrole', 'MyRole')
role.allow('perm1', 'perm2')
rec = DEFAULT_ACL.get(Allow, role.id)
self.assertEqual(rec[0], Allow)
self.assertEqual(rec[1], role.id)
self.assertTrue('perm1' in rec[2])
self.assertTrue('perm2' in rec[2])
def test_acl_unset_allow(self):
role = ptah.Role('test', 'test')
pmap = ptah.ACL('map', 'acl map')
pmap.allow(role, 'perm1', 'perm2')
pmap.allow('role:test2', 'perm1')
pmap.unset(None, 'perm1')
self.assertEqual(len(pmap), 1)
self.assertEqual(pmap[0][0], Allow)
self.assertEqual(pmap[0][1], 'role:test')
self.assertEqual(pmap[0][2], set(('perm2', )))
def test_acl_unset_role_deny(self):
import ptah
role = ptah.Role('test', 'test')
pmap = ptah.ACL('map', 'acl map')
pmap.deny(role, 'perm1', 'perm2')
pmap.deny('role:test2', 'perm1')
pmap.unset(role.id, 'perm1')
self.assertEqual(len(pmap), 2)
self.assertEqual(pmap[0][0], Deny)
self.assertEqual(pmap[0][1], 'role:test')
self.assertEqual(pmap[0][2], set(('perm2', )))
self.assertEqual(pmap[1][0], Deny)
self.assertEqual(pmap[1][1], 'role:test2')
self.assertEqual(pmap[1][2], set(('perm1', )))
""" theme gallery permissions """
import ptah
ptah.Everyone.allow(ptah.cms.View)
ptah.Authenticated.allow(ptah.cms.AddContent)
Viewer = ptah.Role('viewer', 'Viewer')
Viewer.allow(ptah.cms.View)
Editor = ptah.Role('editor', 'Editor')
Editor.allow(ptah.cms.View, ptah.cms.ModifyContent)
Manager = ptah.Role('manager', 'Manager')
Manager.allow(ptah.cms.ALL_PERMISSIONS)
ptah.Owner.allow(ptah.cms.DeleteContent)
# permissions
AddTheme = ptah.Permission('ploud:AddTheme', 'Add theme')
AddThemeFile = ptah.Permission('ploud:AddFile', 'Add theme file')
RetractTheme = ptah.Permission('ploud:RetractTheme', 'Retract theme')
ManageGallery = ptah.Permission('ploud:ManageGallery', 'Manage gallery')
# Gallery ACL
GALLERY_ACL = ptah.ACL('ploud-themegallery', 'Ploud theme gallery ACL')
GALLERY_ACL.allow(ptah.Everyone, ptah.cms.View)
GALLERY_ACL.allow(ptah.Authenticated, AddTheme)
GALLERY_ACL.allow(ptah.Authenticated, ptah.cms.View)
GALLERY_ACL.allow(ptah.Owner, AddThemeFile)
GALLERY_ACL.allow(ptah.Owner, ptah.cms.ModifyContent)
GALLERY_ACL.allow(ptah.Owner, ptah.cms.DeleteContent)
