def doTestFor(self, dirDict, requestingUser):
# changing acl should work on 'all' but not on 'write'
dirDict['all'].setPermissionsAssertAllowed(requestingUser, self.alice, Actions.READ)
self.assert_(dirDict['all'].isAllowed(self.alice, Action.READ))
def changeAclWrite():
dirDict['write'].setPermissionsAssertAllowed(requestingUser, self.alice, Actions.READ)
self.assertRaises(PermissionDenied, changeAclWrite)
# inserting an object should work on 'write' but not on 'read'
m = Member(name='writeGood')
m.saveAssertAllowed(requestingUser, checkFolders=[dirDict['write']])
m.folders = [dirDict['write']]
m.save()
self.assert_(Member.objects.filter(name='writeGood', folders=dirDict['write']).exists())
def insertObjectRead():
m = Member(name='writeBad')
m.saveAssertAllowed(requestingUser, checkFolders=[dirDict['read']])
m.folders = [dirDict['read']]
m.save()
self.assertRaises(PermissionDenied, insertObjectRead)
# reading an object should work on 'read' but not on 'none'
self.assert_(Member.allowed(requestingUser).filter(folders=dirDict['read']).exists())
self.assertFalse(Member.allowed(requestingUser).filter(folders=dirDict['none']).exists())
def test_readObject(self):
m = Member(name='x')
m.save()
m.folders = [self.f1]
m.save()
def containsX(querySet):
return querySet.filter(name='x', folders=self.f1).exists()
# admin, alice, bob, and clara have read privileges
self.assert_(containsX(Member.allowed(self.admin)))
self.assert_(containsX(Member.allowed(self.alice)))
self.assert_(containsX(Member.allowed(self.bob)))
self.assert_(containsX(Member.allowed(self.clara)))
# dave has no privileges, denied
self.assertFalse(containsX(Member.allowed(self.dave)))
