async def test_register_service_permission(container_requester):
cur_count = len(configure.get_configurations('guillotina.tests',
'service'))
class TestService(Service):
async def __call__(self):
return {"foo": "bar"}
configure.permission('guillotina.NoBody', 'Nobody has access')
configure.register_configuration(
TestService,
dict(context=IContainer,
name="@foobar2",
permission='guillotina.NoBody'), 'service')
assert len(configure.get_configurations(
'guillotina.tests', 'service')) == cur_count + 1 # noqa
async with container_requester as requester:
config = requester.root.app.config
configure.load_configuration(config, 'guillotina.tests', 'service')
config.execute_actions()
response, status = await requester('GET', '/db/guillotina/@foobar2')
assert status == 401
# -*- coding: utf-8 -*-
from guillotina import configure
from guillotina.i18n import MessageFactory
_ = MessageFactory('guillotina_dbusers')
app_settings = {
"auth_user_identifiers": ["guillotina_dbusers.users.DBUserIdentifier"]
}
configure.permission("guillotina.NotAuthenticated", "")
configure.permission("guillotina.Authenticated", "")
configure.permission("guillotina.AddUser", title="Add plone user")
configure.permission("guillotina.AddGroup", title="Add plone group")
configure.grant(permission="guillotina.AccessContent",
role="guillotina.Anonymous")
configure.grant(permission="guillotina.NotAuthenticated",
role="guillotina.Anonymous")
configure.grant(permission="guillotina.Authenticated",
role="guillotina.Authenticated")
configure.grant(permission="guillotina.AddUser",
role="guillotina.ContainerAdmin")
configure.grant(permission="guillotina.AddGroup",
role="guillotina.ContainerAdmin")
def includeme(root, settings):
configure.scan('guillotina_dbusers.content.users')
configure.scan('guillotina_dbusers.content.groups')
configure.scan('guillotina_dbusers.install')
configure.scan('guillotina_dbusers.services')
@index_field.with_accessor(IExample, 'categories_accessor', field='categories')
def categories_index_accessor(ob):
if not ob.categories:
raise NoIndexField
else:
return [c['label'] for c in ob.categories]
@index_field.with_accessor(IExample, 'foobar_accessor')
def foobar_accessor(ob):
return 'foobar'
configure.permission('example.MyPermission', 'example permission')
@implementer(IExample)
class Example(Resource):
pass
class IMarkerBehavior(Interface):
pass
class ITestBehavior(Interface):
foobar = schema.TextLine(required=False)
foobar_context = schema.TextLine(required=False, default='default-foobar')
from guillotina import configure
configure.permission('guillotina.AccessContent', 'Access content')
configure.permission('guillotina.ModifyContent', 'Modify content')
configure.permission('guillotina.DeleteContent', 'Delete content')
configure.permission('guillotina.AddContent', 'Add content')
configure.permission('guillotina.MoveContent', 'Move content')
configure.permission('guillotina.DuplicateContent', 'Duplicate content')
configure.permission('guillotina.ViewContent', 'View content')
configure.permission('guillotina.AddContainer', 'Add a portal/DB')
configure.permission('guillotina.GetContainers', 'Get a portal/DB')
configure.permission('guillotina.DeleteContainers', 'Delete a portal')
configure.permission('guillotina.MountDatabase', 'Mount a Database')
configure.permission('guillotina.GetDatabases', 'Get Databases')
configure.permission('guillotina.UmountDatabase', 'Umount a Database')
configure.permission('guillotina.AccessPreflight', 'Access Preflight View')
configure.permission('guillotina.ReadConfiguration', 'Read a configuration')
configure.permission('guillotina.WriteConfiguration', 'Write a configuration')
configure.permission('guillotina.RegisterConfigurations',
'Register a new configuration on Registry')
configure.permission('guillotina.ManageAddons', 'Manage addons on a container')
configure.permission('guillotina.SeePermissions', 'See permissions')
configure.permission('guillotina.ChangePermissions', 'Change permissions')
configure.permission('guillotina.SearchContent', 'Search content')
from guillotina import configure
# Add new permission
configure.permission("guillotina.ManageAMQP",
"Manage guillotina amqp endpoints")
configure.permission("guillotina.DebugAMQP", "Debug guillotina amqp tasks")
# Grant it to guillotina.Manager
configure.grant(permission="guillotina.ManageAMQP", role="guillotina.Manager")
configure.grant(permission="guillotina.DebugAMQP", role="guillotina.Manager")
'port': 6379,
'ttl': 3600,
'memory_cache_size': 209715200,
'updates_channel': 'guillotina',
'pool': {
'minsize': 5,
'maxsize': 100
},
'cluster_mode': False
},
"load_utilities": {
"guillotina_rediscache.cache": {
'provides':
'guillotina_rediscache.interfaces.IRedisChannelUtility', # noqa
'factory': 'guillotina_rediscache.utility.RedisChannelUtility',
'settings': {}
}
}
}
configure.permission('guillotina_rediscache.Manage', 'Manage redis cache')
configure.grant(permission="guillotina_rediscache.Manage",
role="guillotina.Manager")
def includeme(root, settings):
configure.scan('guillotina_rediscache.cache_strategy')
configure.scan('guillotina_rediscache.utility')
configure.scan('guillotina_rediscache.api')
configure.scan('guillotina_rediscache.serialize')
from guillotina import configure
configure.permission('hive.Manage', 'Manage Hive Cluster')
configure.permission('hive.Schedulle', 'Schedulle tasks')
configure.grant(
permission="hive.Manage",
role="guillotina.ContainerAdmin")
from guillotina import configure
# Add new permission
configure.permission('guillotina.ManageAMQP', 'Manage guillotina amqp endpoints')
# Grant it to guillotina.Manager
configure.grant(
permission='guillotina.ManageAMQP',
role='guillotina.Manager')
},
"hive_tasks": {},
"hive": {
"image": None,
"default_namespace": "hive",
"orchestrator": "k8s",
"cluster_config": {},
"guillotina_default": {
"entrypoint": None,
"volumes": None,
"volumeMounts": None,
"envFrom": None,
"container_args": ["guillotina", "hive-worker"]
},
'quota': None,
'settings_serializer': 'guillotina_hive.utils.settings_serializer'
}
}
configure.permission('guillotina_hive.Manage', 'Manage hive')
configure.grant(permission="guillotina_hive.Manage", role="guillotina.Manager")
def includeme(root):
configure.scan('guillotina_hive.content')
configure.scan('guillotina_hive.client')
configure.scan('guillotina_hive.install')
configure.scan('guillotina_hive.permissions')
configure.scan('guillotina_hive.api')
configure.scan('guillotina_hive.builtins')
from guillotina import configure
configure.permission("guillotina.AddJinjaTemplate", title="Add Jinja template")
configure.grant(permission="guillotina.AddJinjaTemplate",
role="guillotina.Manager")
configure.grant(permission="guillotina.AddJinjaTemplate",
role="guillotina.ContainerAdmin")
from guillotina import configure
configure.permission('guillotina.ManageVersioning',
'Ability to modify versioning on an object')
configure.permission('guillotina.ManageConstraints',
'Allow to check and change type constraints')
configure.permission('guillotina.ReviewContent', 'Review content permission')
configure.permission('guillotina.RequestReview',
'Request review content permission')
configure.grant(permission='guillotina.ManageVersioning',
role='guillotina.Manager')
configure.grant(permission='guillotina.ManageConstraints',
role='guillotina.Manager')
configure.grant(permission='guillotina.ManageConstraints',
role='guillotina.ContainerAdmin')
configure.grant(permission='guillotina.ReviewContent',
role='guillotina.Reviewer')
configure.grant(permission='guillotina.ReviewContent',
role='guillotina.Manager')
configure.grant(permission='guillotina.RequestReview',
role='guillotina.Manager')
configure.grant(permission='guillotina.RequestReview', role='guillotina.Owner')
from guillotina import configure
configure.permission("guillotina.swagger.View", "View swagger definition")
configure.grant(permission="guillotina.swagger.View",
role="guillotina.Anonymous")
configure.grant(permission="guillotina.swagger.View",
role="guillotina.Authenticated")
app_settings = {
"static": {
"swagger_static": "guillotina.contrib.swagger:static"
},
"swagger": {
"authentication_allowed": True,
"base_url": None,
"auth_storage_search_keys": ["auth"],
"base_configuration": {
"swagger": "2.0",
"info": {
"version": "",
"title": "Guillotina",
"description": "The REST Resource API",
},
"host": "",
"basePath": "",
"schemes": [],
"produces": ["application/json"],
"consumes": ["application/json"],
"paths": {},
"definitions": {},
},
from guillotina import configure
configure.permission("guillotina.AddUser", title="Add plone user")
configure.permission("guillotina.AddGroup", title="Add plone group")
configure.permission("guillotina.Nobody", "Permission not assigned to anyone")
configure.permission("guillotina.ManageUsers", "Manage Users on site",
"Be able to manage users on site")
configure.grant(permission="guillotina.AddUser", role="guillotina.Manager")
configure.grant(permission="guillotina.AddGroup", role="guillotina.Manager")
configure.grant(permission="guillotina.ManageUsers", role="guillotina.Manager")
configure.grant(permission="guillotina.AddUser",
role="guillotina.ContainerAdmin")
configure.grant(permission="guillotina.AddGroup",
role="guillotina.ContainerAdmin")
configure.grant(permission="guillotina.ManageUsers",
role="guillotina.ContainerAdmin")
from guillotina import configure
configure.permission("guillotina.ManageVersioning",
"Ability to modify versioning on an object")
configure.permission("guillotina.ManageConstraints",
"Allow to check and change type constraints")
configure.permission("guillotina.ReviewContent", "Review content permission")
configure.permission("guillotina.RequestReview",
"Request review content permission")
configure.permission("guillotina.ViewComments", "View comments")
configure.permission("guillotina.ModifyComments", "Modify comments")
configure.permission("guillotina.AddComments", "Add comments")
configure.permission("guillotina.DeleteComments", "Delete comments")
configure.permission("guillotina.DeleteAllComments", "Delete all comments")
configure.grant(permission="guillotina.ManageVersioning",
role="guillotina.Manager")
configure.grant(permission="guillotina.ManageConstraints",
role="guillotina.Manager")
configure.grant(permission="guillotina.ManageConstraints",
role="guillotina.ContainerAdmin")
configure.grant(permission="guillotina.ReviewContent",
role="guillotina.Reviewer")
configure.grant(permission="guillotina.ReviewContent",
role="guillotina.Manager")
from . import settings
from guillotina import configure
from guillotina.interfaces import IFolder
import json
import pytest
pytestmark = pytest.mark.asyncio
configure.permission("dbusers.SeeTopSecret", "SeeTopSecret", "Ability to see TopSecret docs")
configure.role("dbusers.DoubleO", "00 Agent")
configure.grant(permission="dbusers.SeeTopSecret", role="dbusers.DoubleO")
@configure.service(
context=IFolder, method="GET", permission="dbusers.SeeTopSecret", name="@top-secret",
)
async def top_secret(context, request):
return {"documents": ["abcd"]}
@pytest.mark.app_settings(settings.DEFAULT_SETTINGS)
async def test_roles_in_groups(dbusers_requester):
async with dbusers_requester as requester:
# Create the group 'top-agents' and assign the role "dbusers.DoubleO"
resp, status = await requester(
"POST",
"/db/guillotina/groups",
data=json.dumps({"id": "top-agents", "@type": "Group", "user_roles": ["dbusers.DoubleO"]}),
@index_field.with_accessor(IExample, "categories_accessor", field="categories")
def categories_index_accessor(ob):
if not ob.categories:
raise NoIndexField
else:
return [c["label"] for c in ob.categories]
@index_field.with_accessor(IExample, "foobar_accessor")
def foobar_accessor(ob):
return "foobar"
configure.permission("example.MyPermission", "example permission")
@implementer(IExample)
class Example(Resource): # type: ignore
pass
class IMarkerBehavior(Interface):
pass
class ITestBehavior(Interface):
foobar = schema.TextLine(required=False)
foobar_context = schema.TextLine(required=False, default="default-foobar")
@index_field.with_accessor(IExample, "categories_accessor", field="categories")
def categories_index_accessor(ob):
if not ob.categories:
raise NoIndexField
else:
return [c["label"] for c in ob.categories]
@index_field.with_accessor(IExample, "foobar_accessor")
def foobar_accessor(ob):
return "foobar"
configure.permission("example.MyPermission", "example permission")
configure.permission("foo.Permission", "Foo permission")
configure.permission("example.MyPermissionOwner", "example permission owner")
configure.grant(role="guillotina.Owner",
permission="example.MyPermissionOwner")
@implementer(IExample)
class Example(Resource): # type: ignore
pass
class IMarkerBehavior(Interface):
pass
from guillotina import configure
configure.permission("guillotina.Nobody", "Permission not assigned to anyone")
configure.permission("guillotina.ManageUsers", "Manage Users on site",
"Be able to manage users on site")
configure.grant(permission="guillotina.ManageUsers", role="guillotina.Manager")
from guillotina import configure
configure.permission("guillotina.AccessContent", "Access content")
configure.permission("guillotina.ModifyContent", "Modify content")
configure.permission("guillotina.DeleteContent", "Delete content")
configure.permission("guillotina.AddContent", "Add content")
configure.permission("guillotina.MoveContent", "Move content")
configure.permission("guillotina.DuplicateContent", "Duplicate content")
configure.permission("guillotina.ViewContent", "View content")
configure.permission("guillotina.AddContainer", "Add a portal/DB")
configure.permission("guillotina.GetContainers", "Get a portal/DB")
configure.permission("guillotina.DeleteContainers", "Delete a portal")
configure.permission("guillotina.MountDatabase", "Mount a Database")
configure.permission("guillotina.GetDatabases", "Get Databases")
configure.permission("guillotina.UmountDatabase", "Umount a Database")
configure.permission("guillotina.AccessPreflight", "Access Preflight View")
configure.permission("guillotina.ReadConfiguration", "Read a configuration")
configure.permission("guillotina.WriteConfiguration", "Write a configuration")
configure.permission("guillotina.RegisterConfigurations",
"Register a new configuration on Registry")
configure.permission("guillotina.ManageAddons", "Manage addons on a container")
configure.permission("guillotina.SeePermissions", "See permissions")
configure.permission("guillotina.ChangePermissions", "Change permissions")
configure.permission("guillotina.RefreshToken", "Refresh token")
"mailer": {
"default_sender": "*****@*****.**",
"endpoints": {
"default": {
"type": "smtp",
"host": "localhost",
"port": 25
}
},
"debug": False,
"utility": "guillotina_mailer.utility.MailerUtility",
"use_html2text": True,
"domain": None
}
}
configure.permission(id="mailer.SendMail", title="Request subscription")
configure.grant(permission="mailer.SendMail", role="guillotina.ContainerAdmin")
def includeme(root, settings):
factory = import_class(
settings.get('mailer', {}).get('utility',
app_settings['mailer']['utility']))
utility = factory()
provide_utility(utility, IMailer)
configure.scan('guillotina_mailer.api')
configure.scan('guillotina_mailer.utility')
