def create_forum(app, new_forum):
if 'parent' in new_forum and new_forum['parent']:
parent_id = ObjectId(str(new_forum['parent']))
shortname = (DM.Forum.query.get(_id=parent_id).shortname + '/' +
new_forum['shortname'])
else:
parent_id = None
shortname = new_forum['shortname']
description = new_forum.get('description', '')
f = DM.Forum(
app_config_id=app.config._id,
parent_id=parent_id,
name=h.really_unicode(new_forum['name']),
shortname=h.really_unicode(shortname),
description=h.really_unicode(description),
members_only=new_forum.get('members_only', False),
anon_posts=new_forum.get('anon_posts', False),
monitoring_email=new_forum.get('monitoring_email', None),
)
if f.members_only and f.anon_posts:
flash('You cannot have anonymous posts in a members only forum.',
'warning')
f.anon_posts = False
if f.members_only:
role_developer = ProjectRole.by_name('Developer')._id
f.acl = [ACE.allow(role_developer, ALL_PERMISSIONS), DENY_ALL]
elif f.anon_posts:
role_anon = ProjectRole.anonymous()._id
f.acl = [ACE.allow(role_anon, 'post')]
else:
f.acl = []
return f
def create_forum(app, new_forum):
if 'parent' in new_forum and new_forum['parent']:
parent_id = ObjectId(str(new_forum['parent']))
shortname = (DM.Forum.query.get(_id=parent_id).shortname + '/'
+ new_forum['shortname'])
else:
parent_id=None
shortname = new_forum['shortname']
description = new_forum.get('description','')
f = DM.Forum(app_config_id=app.config._id,
parent_id=parent_id,
name=h.really_unicode(new_forum['name']),
shortname=h.really_unicode(shortname),
description=h.really_unicode(description),
members_only=new_forum.get('members_only', False),
anon_posts=new_forum.get('anon_posts', False),
monitoring_email=new_forum.get('monitoring_email', None),
)
if f.members_only and f.anon_posts:
flash('You cannot have anonymous posts in a members only forum.', 'warning')
f.anon_posts = False
if f.members_only:
role_developer = ProjectRole.by_name('Developer')._id
f.acl = [
ACE.allow(role_developer, ALL_PERMISSIONS),
DENY_ALL]
elif f.anon_posts:
role_anon = ProjectRole.anonymous()._id
f.acl = [ACE.allow(role_anon, 'post')]
else:
f.acl = []
if 'icon' in new_forum and new_forum['icon'] is not None and new_forum['icon'] != '':
save_forum_icon(f, new_forum['icon'])
return f
def test_private_ticket(self):
from pylons import c
from allura.model import ProjectRole, User
from allura.model import ACE, ALL_PERMISSIONS, DENY_ALL
from allura.lib.security import Credentials, has_access
from allura.websetup import bootstrap
admin = c.user
creator = bootstrap.create_user('Not a Project Admin')
developer = bootstrap.create_user('Project Developer')
observer = bootstrap.create_user('Random Non-Project User')
anon = User(_id=None, username='******', display_name='Anonymous')
t = Ticket(summary='my ticket',
ticket_num=3,
reported_by_id=creator._id)
assert creator == t.reported_by
role_admin = ProjectRole.by_name('Admin')._id
role_developer = ProjectRole.by_name('Developer')._id
role_creator = t.reported_by.project_role()._id
developer.project_role().roles.append(role_developer)
cred = Credentials.get().clear()
t.private = True
assert t.acl == [
ACE.allow(role_developer, ALL_PERMISSIONS),
ACE.allow(role_creator, ALL_PERMISSIONS), DENY_ALL
]
assert has_access(t, 'read', user=admin)()
assert has_access(t, 'create', user=admin)()
assert has_access(t, 'update', user=admin)()
assert has_access(t, 'read', user=creator)()
assert has_access(t, 'create', user=creator)()
assert has_access(t, 'update', user=creator)()
assert has_access(t, 'read', user=developer)()
assert has_access(t, 'create', user=developer)()
assert has_access(t, 'update', user=developer)()
assert not has_access(t, 'read', user=observer)()
assert not has_access(t, 'create', user=observer)()
assert not has_access(t, 'update', user=observer)()
assert not has_access(t, 'read', user=anon)()
assert not has_access(t, 'create', user=anon)()
assert not has_access(t, 'update', user=anon)()
t.private = False
assert t.acl == []
assert has_access(t, 'read', user=admin)()
assert has_access(t, 'create', user=admin)()
assert has_access(t, 'update', user=admin)()
assert has_access(t, 'read', user=developer)()
assert has_access(t, 'create', user=developer)()
assert has_access(t, 'update', user=developer)()
assert has_access(t, 'read', user=creator)()
assert has_access(t, 'unmoderated_post', user=creator)()
assert not has_access(t, 'create', user=creator)()
assert not has_access(t, 'update', user=creator)()
assert has_access(t, 'read', user=observer)()
assert has_access(t, 'read', user=anon)()
def test_private_ticket(self):
from pylons import c
from allura.model import ProjectRole, User
from allura.model import ACE, ALL_PERMISSIONS, DENY_ALL
from allura.lib.security import Credentials, has_access
from allura.websetup import bootstrap
admin = c.user
creator = bootstrap.create_user('Not a Project Admin')
developer = bootstrap.create_user('Project Developer')
observer = bootstrap.create_user('Random Non-Project User')
anon = User(_id=None, username='******',
display_name='Anonymous')
t = Ticket(summary='my ticket', ticket_num=3, reported_by_id=creator._id)
assert creator == t.reported_by
role_admin = ProjectRole.by_name('Admin')._id
role_developer = ProjectRole.by_name('Developer')._id
role_creator = t.reported_by.project_role()._id
developer.project_role().roles.append(role_developer)
cred = Credentials.get().clear()
t.private = True
assert t.acl == [ACE.allow(role_developer, ALL_PERMISSIONS),
ACE.allow(role_creator, ALL_PERMISSIONS),
DENY_ALL]
assert has_access(t, 'read', user=admin)()
assert has_access(t, 'create', user=admin)()
assert has_access(t, 'update', user=admin)()
assert has_access(t, 'read', user=creator)()
assert has_access(t, 'create', user=creator)()
assert has_access(t, 'update', user=creator)()
assert has_access(t, 'read', user=developer)()
assert has_access(t, 'create', user=developer)()
assert has_access(t, 'update', user=developer)()
assert not has_access(t, 'read', user=observer)()
assert not has_access(t, 'create', user=observer)()
assert not has_access(t, 'update', user=observer)()
assert not has_access(t, 'read', user=anon)()
assert not has_access(t, 'create', user=anon)()
assert not has_access(t, 'update', user=anon)()
t.private = False
assert t.acl == []
assert has_access(t, 'read', user=admin)()
assert has_access(t, 'create', user=admin)()
assert has_access(t, 'update', user=admin)()
assert has_access(t, 'read', user=developer)()
assert has_access(t, 'create', user=developer)()
assert has_access(t, 'update', user=developer)()
assert has_access(t, 'read', user=creator)()
assert has_access(t, 'unmoderated_post', user=creator)()
assert not has_access(t, 'create', user=creator)()
assert not has_access(t, 'update', user=creator)()
assert has_access(t, 'read', user=observer)()
assert has_access(t, 'read', user=anon)()
def _set_private(self, bool_flag):
if bool_flag:
role_developer = ProjectRole.by_name('Developer')._id
role_creator = self.reported_by.project_role()._id
self.acl = [
ACE.allow(role_developer, ALL_PERMISSIONS),
ACE.allow(role_creator, ALL_PERMISSIONS), DENY_ALL
]
else:
self.acl = []
def _set_private(self, bool_flag):
if bool_flag:
role_developer = ProjectRole.by_name('Developer')._id
role_creator = self.reported_by.project_role()._id
self.acl = [
ACE.allow(role_developer, ALL_PERMISSIONS),
ACE.allow(role_creator, ALL_PERMISSIONS),
DENY_ALL]
else:
self.acl = []
def _set_private(self, bool_flag):
if bool_flag:
role_developer = ProjectRole.by_name('Developer')
role_creator = ProjectRole.by_user(self.reported_by, upsert=True)
_allow_all = lambda role, perms: [ACE.allow(role._id, perm) for perm in perms]
# maintain existing access for developers and the ticket creator,
# but revoke all access for everyone else
self.acl = _allow_all(role_developer, security.all_allowed(self, role_developer)) \
+ _allow_all(role_creator, security.all_allowed(self, role_creator)) \
+ [DENY_ALL]
else:
self.acl = []
def _set_private(self, bool_flag):
if bool_flag:
role_developer = ProjectRole.by_name('Developer')
role_creator = self.reported_by.project_role()
_allow_all = lambda role, perms: [
ACE.allow(role._id, perm) for perm in perms
]
# maintain existing access for developers and the ticket creator,
# but revoke all access for everyone else
self.acl = _allow_all(role_developer, security.all_allowed(self, role_developer)) \
+ _allow_all(role_creator, security.all_allowed(self, role_creator)) \
+ [DENY_ALL]
else:
self.acl = []
def install(self, project):
pr = ProjectRole.by_user(c.user)
if pr:
self.config.acl = [
ACE.allow(pr._id, perm) for perm in self.permissions
]
def install(self, project):
pr = c.user.project_role()
if pr:
self.config.acl = [
ACE.allow(pr._id, perm)
for perm in self.permissions ]
def test_private_ticket(self):
from allura.model import ProjectRole
from allura.model import ACE, DENY_ALL
from allura.lib.security import Credentials, has_access
from allura.websetup import bootstrap
admin = c.user
creator = bootstrap.create_user('Not a Project Admin')
developer = bootstrap.create_user('Project Developer')
observer = bootstrap.create_user('Random Non-Project User')
anon = User(_id=None, username='******',
display_name='Anonymous')
t = Ticket(summary='my ticket', ticket_num=3,
reported_by_id=creator._id)
assert creator == t.reported_by
role_admin = ProjectRole.by_name('Admin')._id
role_developer = ProjectRole.by_name('Developer')._id
role_creator = ProjectRole.by_user(t.reported_by, upsert=True)._id
ProjectRole.by_user(
developer, upsert=True).roles.append(role_developer)
ThreadLocalORMSession.flush_all()
cred = Credentials.get().clear()
t.private = True
assert_equal(t.acl, [
ACE.allow(role_developer, 'save_searches'),
ACE.allow(role_developer, 'read'),
ACE.allow(role_developer, 'create'),
ACE.allow(role_developer, 'update'),
ACE.allow(role_developer, 'unmoderated_post'),
ACE.allow(role_developer, 'post'),
ACE.allow(role_developer, 'moderate'),
ACE.allow(role_developer, 'delete'),
ACE.allow(role_creator, 'read'),
ACE.allow(role_creator, 'post'),
ACE.allow(role_creator, 'create'),
ACE.allow(role_creator, 'unmoderated_post'),
DENY_ALL])
assert has_access(t, 'read', user=admin)()
assert has_access(t, 'create', user=admin)()
assert has_access(t, 'update', user=admin)()
assert has_access(t, 'read', user=creator)()
assert has_access(t, 'post', user=creator)()
assert has_access(t, 'unmoderated_post', user=creator)()
assert has_access(t, 'create', user=creator)()
assert not has_access(t, 'update', user=creator)()
assert has_access(t, 'read', user=developer)()
assert has_access(t, 'create', user=developer)()
assert has_access(t, 'update', user=developer)()
assert not has_access(t, 'read', user=observer)()
assert not has_access(t, 'create', user=observer)()
assert not has_access(t, 'update', user=observer)()
assert not has_access(t, 'read', user=anon)()
assert not has_access(t, 'create', user=anon)()
assert not has_access(t, 'update', user=anon)()
t.private = False
assert t.acl == []
assert has_access(t, 'read', user=admin)()
assert has_access(t, 'create', user=admin)()
assert has_access(t, 'update', user=admin)()
assert has_access(t, 'read', user=developer)()
assert has_access(t, 'create', user=developer)()
assert has_access(t, 'update', user=developer)()
assert has_access(t, 'read', user=creator)()
assert has_access(t, 'unmoderated_post', user=creator)()
assert has_access(t, 'create', user=creator)()
assert not has_access(t, 'update', user=creator)()
assert has_access(t, 'read', user=observer)()
assert has_access(t, 'read', user=anon)()
def install(self, project):
pr = c.user.project_role()
if pr:
self.config.acl = [
ACE.allow(pr._id, perm)
for perm in self.permissions ]
def install(self, project):
pr = ProjectRole.by_user(c.user)
if pr:
self.config.acl = [
ACE.allow(pr._id, perm)
for perm in self.permissions]
def test_private_ticket(self):
from allura.model import ProjectRole
from allura.model import ACE, DENY_ALL
from allura.lib.security import Credentials, has_access
from allura.websetup import bootstrap
admin = c.user
creator = bootstrap.create_user('Not a Project Admin')
developer = bootstrap.create_user('Project Developer')
observer = bootstrap.create_user('Random Non-Project User')
anon = User(_id=None, username='******',
display_name='Anonymous')
t = Ticket(summary='my ticket', ticket_num=3,
reported_by_id=creator._id)
assert creator == t.reported_by
role_admin = ProjectRole.by_name('Admin')._id
role_developer = ProjectRole.by_name('Developer')._id
role_creator = ProjectRole.by_user(t.reported_by, upsert=True)._id
ProjectRole.by_user(
developer, upsert=True).roles.append(role_developer)
ThreadLocalORMSession.flush_all()
cred = Credentials.get().clear()
t.private = True
assert_equal(t.acl, [
ACE.allow(role_developer, 'save_searches'),
ACE.allow(role_developer, 'read'),
ACE.allow(role_developer, 'create'),
ACE.allow(role_developer, 'update'),
ACE.allow(role_developer, 'unmoderated_post'),
ACE.allow(role_developer, 'post'),
ACE.allow(role_developer, 'moderate'),
ACE.allow(role_developer, 'delete'),
ACE.allow(role_creator, 'read'),
ACE.allow(role_creator, 'post'),
ACE.allow(role_creator, 'create'),
ACE.allow(role_creator, 'unmoderated_post'),
DENY_ALL])
assert has_access(t, 'read', user=admin)()
assert has_access(t, 'create', user=admin)()
assert has_access(t, 'update', user=admin)()
assert has_access(t, 'read', user=creator)()
assert has_access(t, 'post', user=creator)()
assert has_access(t, 'unmoderated_post', user=creator)()
assert has_access(t, 'create', user=creator)()
assert not has_access(t, 'update', user=creator)()
assert has_access(t, 'read', user=developer)()
assert has_access(t, 'create', user=developer)()
assert has_access(t, 'update', user=developer)()
assert not has_access(t, 'read', user=observer)()
assert not has_access(t, 'create', user=observer)()
assert not has_access(t, 'update', user=observer)()
assert not has_access(t, 'read', user=anon)()
assert not has_access(t, 'create', user=anon)()
assert not has_access(t, 'update', user=anon)()
t.private = False
assert t.acl == []
assert has_access(t, 'read', user=admin)()
assert has_access(t, 'create', user=admin)()
assert has_access(t, 'update', user=admin)()
assert has_access(t, 'read', user=developer)()
assert has_access(t, 'create', user=developer)()
assert has_access(t, 'update', user=developer)()
assert has_access(t, 'read', user=creator)()
assert has_access(t, 'unmoderated_post', user=creator)()
assert has_access(t, 'create', user=creator)()
assert not has_access(t, 'update', user=creator)()
assert has_access(t, 'read', user=observer)()
assert has_access(t, 'read', user=anon)()
def _allow_all(role, perms):
return [ACE.allow(role._id, perm) for perm in perms]