def login_user(request, user_data):
request.security = Interaction(request)
participation = GuillotinaParticipation(request)
participation.interaction = None
if 'id' in user_data:
user = GuillotinaUser(request)
user.id = user_data['id']
user._groups = user_data.get('groups', [])
user._roles = user_data.get('roles', [])
user.data = user_data.get('data', {})
participation.principal = user
request._cache_user = user
request.security.add(participation)
request.security.invalidate_cache()
request._cache_groups = {}
if user_data.get('Authorization'):
request.headers['Authorization'] = user_data['Authorization']
async def test_allowsingle2(container_requester):
async with container_requester as requester:
response, status = await requester("POST",
"/db/guillotina/",
data=json.dumps({
"@type": "Folder",
"id": "testing"
}))
assert status == 201
response, status = await requester("POST",
"/db/guillotina/testing/",
data=json.dumps({
"@type": "Item",
"id": "test1"
}))
assert status == 201
response, status = await requester("POST",
"/db/guillotina/testing/",
data=json.dumps({
"@type": "Item",
"id": "test2"
}))
assert status == 201
response, status = await requester(
"POST",
"/db/guillotina/@sharing",
data=json.dumps({
"prinperm": [{
"principal": "group1",
"permission": "guillotina.AccessContent",
"setting": "AllowSingle",
}]
}),
)
assert status == 200
response, status = await requester(
"POST",
"/db/guillotina/testing/@sharing",
data=json.dumps({
"prinperm": [
{
"principal": "group2",
"permission": "guillotina.AccessContent",
"setting": "Allow"
},
{
"principal": "group1",
"permission": "guillotina.ViewContent",
"setting": "AllowSingle",
},
]
}),
)
assert status == 200
response, status = await requester(
"POST",
"/db/guillotina/testing/test1/@sharing",
data=json.dumps({
"prinperm": [{
"principal": "group3",
"permission": "guillotina.ViewContent",
"setting": "Allow"
}]
}),
)
assert status == 200
response, status = await requester(
"POST",
"/db/guillotina/testing/test2/@sharing",
data=json.dumps({
"prinrole": [{
"principal": "group2",
"role": "guillotina.Reader",
"setting": "Allow"
}],
"roleperm": [{
"role": "guillotina.Reader",
"permission": "guillotina.ViewContent",
"setting": "Allow",
}],
}),
)
assert status == 200
container = await utils.get_container(requester=requester)
content = await container.async_get("testing")
user = GuillotinaUser("user1")
user._groups = ["group2", "group1"]
utils.login(user=user)
policy = get_security_policy()
assert policy.check_permission("guillotina.AccessContent", container)
assert policy.check_permission("guillotina.AccessContent", content)
user = GuillotinaUser("user2")
user._groups = ["group1"]
utils.login(user=user)
policy = get_security_policy(user)
assert policy.check_permission("guillotina.AccessContent", container)
assert not policy.check_permission("guillotina.AccessContent", content)
user = GuillotinaUser("user3")
user._groups = ["group1", "group2", "group3"]
user._roles = {"testing.Role1": Allow}
utils.login(user=user)
test1 = await content.async_get("test1")
test2 = await content.async_get("test2")
policy = get_security_policy(user)
assert policy.check_permission("guillotina.ViewContent", test1)
assert policy.check_permission("guillotina.ViewContent", test2)
roles = get_roles_principal(test2)
assert "guillotina.Reader" in roles
assert "guillotina.Anonymous" in roles
assert "guillotina.Authenticated" in roles
assert "testing.Role1" in roles