コード例 #1
0
ファイル: test_security.py プロジェクト: Doik/Kotti
    def test_groups_from_users(self):
        from kotti import DBSession
        from kotti.resources import get_root
        from kotti.resources import Node
        from kotti.security import list_groups
        from kotti.security import set_groups

        self.make_bob()
        root = get_root()
        child = root[u'child'] = Node()
        DBSession.flush()

        self.assertEqual(list_groups('bob', root), ['group:bobsgroup'])

        set_groups('group:bobsgroup', root, ['role:editor'])
        set_groups('role:editor', child, ['group:foogroup'])

        self.assertEqual(
            set(list_groups('bob', root)),
            set(['group:bobsgroup', 'role:editor'])
            )
        self.assertEqual(
            set(list_groups('bob', child)),
            set(['group:bobsgroup', 'role:editor', 'group:foogroup'])
            )
コード例 #2
0
ファイル: test_node_views.py プロジェクト: simoncayoon/Kotti
    def test_apply(self, extra_principals, root):
        from kotti.security import list_groups
        from kotti.security import set_groups
        from kotti.views.users import share_node

        request = DummyRequest()

        request.params['apply'] = ''
        share_node(root, request)
        assert (request.session.pop_flash('info') == ['No changes were made.'])
        assert list_groups('bob', root) == []
        set_groups('bob', root, ['role:special'])

        request.params['role::bob::role:owner'] = '1'
        request.params['role::bob::role:editor'] = '1'
        request.params['orig-role::bob::role:owner'] = ''
        request.params['orig-role::bob::role:editor'] = ''

        share_node(root, request)
        assert (request.session.pop_flash('success') == [
            'Your changes have been saved.'
        ])
        assert (set(list_groups(
            'bob', root)) == {'role:owner', 'role:editor', 'role:special'})

        # We cannot set a role that's not displayed, even if we forged
        # the request:
        request.params['role::bob::role:admin'] = '1'
        request.params['orig-role::bob::role:admin'] = ''
        with raises(Forbidden):
            share_node(root, request)
        assert (set(list_groups(
            'bob', root)) == {'role:owner', 'role:editor', 'role:special'})
コード例 #3
0
    def test_apply(self, extra_principals, root):
        from kotti.security import get_principals
        from kotti.security import list_groups
        from kotti.views.users import UsersManage

        request = DummyRequest()

        bob = get_principals()[u'bob']

        request.params['apply'] = u''
        UsersManage(root, request)()
        assert (request.session.pop_flash('info') == [u'No changes were made.'])
        assert list_groups('bob') == []
        bob.groups = [u'role:special']

        request.params['role::bob::role:owner'] = u'1'
        request.params['role::bob::role:editor'] = u'1'
        request.params['orig-role::bob::role:owner'] = u''
        request.params['orig-role::bob::role:editor'] = u''

        UsersManage(root, request)()
        assert (request.session.pop_flash('success') ==
                [u'Your changes have been saved.'])
        assert (
            set(list_groups('bob')) ==
            {'role:owner', 'role:editor', 'role:special'}
            )
コード例 #4
0
    def test_apply(self):
        from kotti.resources import get_root
        from kotti.security import list_groups
        from kotti.security import set_groups
        from kotti.views.users import share_node

        root = get_root()
        request = DummyRequest()
        self.add_some_principals()

        request.params['apply'] = u''
        share_node(root, request)
        self.assertEqual(request.session.pop_flash('info'),
                         [u'No changes made.'])
        self.assertEqual(list_groups('bob', root), [])
        set_groups('bob', root, ['role:special'])

        request.params['role::bob::role:owner'] = u'1'
        request.params['role::bob::role:editor'] = u'1'
        request.params['orig-role::bob::role:owner'] = u''
        request.params['orig-role::bob::role:editor'] = u''

        share_node(root, request)
        self.assertEqual(request.session.pop_flash('success'),
                         [u'Your changes have been saved.'])
        self.assertEqual(set(list_groups('bob', root)),
                         set(['role:owner', 'role:editor', 'role:special']))

        # We cannot set a role that's not displayed, even if we forged
        # the request:
        request.params['role::bob::role:admin'] = u'1'
        request.params['orig-role::bob::role:admin'] = u''
        self.assertRaises(Forbidden, share_node, root, request)
        self.assertEqual(set(list_groups('bob', root)),
                         set(['role:owner', 'role:editor', 'role:special']))
コード例 #5
0
ファイル: test_node_views.py プロジェクト: pyfidelity/Kotti
    def test_apply(self):
        from kotti.resources import get_root
        from kotti.security import list_groups
        from kotti.security import set_groups
        from kotti.views.users import share_node

        root = get_root()
        request = DummyRequest()
        self.add_some_principals()

        request.params["apply"] = u""
        share_node(root, request)
        self.assertEqual(request.session.pop_flash("info"), [u"No changes made."])
        self.assertEqual(list_groups("bob", root), [])
        set_groups("bob", root, ["role:special"])

        request.params["role::bob::role:owner"] = u"1"
        request.params["role::bob::role:editor"] = u"1"
        request.params["orig-role::bob::role:owner"] = u""
        request.params["orig-role::bob::role:editor"] = u""

        share_node(root, request)
        self.assertEqual(request.session.pop_flash("success"), [u"Your changes have been saved."])
        self.assertEqual(set(list_groups("bob", root)), set(["role:owner", "role:editor", "role:special"]))

        # We cannot set a role that's not displayed, even if we forged
        # the request:
        request.params["role::bob::role:admin"] = u"1"
        request.params["orig-role::bob::role:admin"] = u""
        self.assertRaises(Forbidden, share_node, root, request)
        self.assertEqual(set(list_groups("bob", root)), set(["role:owner", "role:editor", "role:special"]))
コード例 #6
0
ファイル: test_security.py プロジェクト: Doik/Kotti
    def test_inherit(self):
        from kotti import DBSession
        from kotti.resources import get_root
        from kotti.resources import Node
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.security import set_groups

        root = get_root()
        child = root[u'child'] = Node()
        DBSession.flush()

        self.assertEqual(list_groups('bob', child), [])
        set_groups('bob', root, ['role:editor'])
        self.assertEqual(list_groups('bob', child), ['role:editor'])

        # Groups from the child are added:
        set_groups('bob', child, ['group:somegroup'])
        self.assertEqual(
            set(list_groups('bob', child)),
            set(['group:somegroup', 'role:editor'])
            )

        # We can ask to list only those groups that are defined locally:
        self.assertEqual(
            list_groups_raw(u'bob', child), set(['group:somegroup']))
コード例 #7
0
ファイル: tests.py プロジェクト: djpnewton/Kotti
    def test_apply(self):
        from kotti.views.users import share_node
        root = get_root()
        request = DummyRequest()
        self.add_some_principals()

        request.params['apply'] = u''
        share_node(root, request)
        self.assertEqual(
            request.session.pop_flash('notice'), [u'No changes made.'])
        self.assertEqual(list_groups('bob', root), [])
        set_groups('bob', root, ['role:special'])

        request.params['role::bob::role:owner'] = u'1'
        request.params['role::bob::role:editor'] = u'1'
        request.params['orig-role::bob::role:owner'] = u''
        request.params['orig-role::bob::role:editor'] = u''

        share_node(root, request)
        self.assertEqual(
            request.session.pop_flash('success'),
            [u'Your changes have been saved.'])
        self.assertEqual(
            set(list_groups('bob', root)),
            set(['role:owner', 'role:editor', 'role:special']))

        # We cannot set a role that's not displayed, even if we forged
        # the request:
        request.params['role::bob::role:admin'] = u'1'
        request.params['orig-role::bob::role:admin'] = u''
        self.assertRaises(Forbidden, share_node, root, request)
        self.assertEqual(
            set(list_groups('bob', root)),
            set(['role:owner', 'role:editor', 'role:special']))
コード例 #8
0
ファイル: test_security_views.py プロジェクト: dnouri/Kotti
    def test_apply(self):
        from kotti.resources import get_root
        from kotti.security import get_principals
        from kotti.security import list_groups
        from kotti.tests.test_node_views import TestNodeShare
        from kotti.views.users import users_manage

        root = get_root()
        request = DummyRequest()

        TestNodeShare.add_some_principals()
        bob = get_principals()[u'bob']

        request.params['apply'] = u''
        users_manage(root, request)
        self.assertEqual(request.session.pop_flash('info'),
                         [u'No changes made.'])
        self.assertEqual(list_groups('bob'), [])
        bob.groups = [u'role:special']

        request.params['role::bob::role:owner'] = u'1'
        request.params['role::bob::role:editor'] = u'1'
        request.params['orig-role::bob::role:owner'] = u''
        request.params['orig-role::bob::role:editor'] = u''

        users_manage(root, request)
        self.assertEqual(request.session.pop_flash('success'),
                         [u'Your changes have been saved.'])
        self.assertEqual(
            set(list_groups('bob')),
            set(['role:owner', 'role:editor', 'role:special'])
            )
コード例 #9
0
    def test_apply(self):
        from kotti.resources import get_root
        from kotti.security import get_principals
        from kotti.security import list_groups
        from kotti.tests.test_node_views import TestNodeShare
        from kotti.views.users import users_manage

        root = get_root()
        request = DummyRequest()

        TestNodeShare.add_some_principals()
        bob = get_principals()[u'bob']

        request.params['apply'] = u''
        users_manage(root, request)
        self.assertEqual(request.session.pop_flash('info'),
                         [u'No changes made.'])
        self.assertEqual(list_groups('bob'), [])
        bob.groups = [u'role:special']

        request.params['role::bob::role:owner'] = u'1'
        request.params['role::bob::role:editor'] = u'1'
        request.params['orig-role::bob::role:owner'] = u''
        request.params['orig-role::bob::role:editor'] = u''

        users_manage(root, request)
        self.assertEqual(request.session.pop_flash('success'),
                         [u'Your changes have been saved.'])
        self.assertEqual(set(list_groups('bob')),
                         set(['role:owner', 'role:editor', 'role:special']))
コード例 #10
0
    def test_apply(self, extra_principals, root):
        from kotti.security import get_principals
        from kotti.security import list_groups
        from kotti.views.users import UsersManage

        request = DummyRequest()

        bob = get_principals()['bob']

        request.params['apply'] = ''
        UsersManage(root, request)()
        assert (request.session.pop_flash('info') == ['No changes were made.'])
        assert list_groups('bob') == []
        bob.groups = ['role:special']

        request.params['role::bob::role:owner'] = '1'
        request.params['role::bob::role:editor'] = '1'
        request.params['orig-role::bob::role:owner'] = ''
        request.params['orig-role::bob::role:editor'] = ''

        UsersManage(root, request)()
        assert (request.session.pop_flash('success') == [
            'Your changes have been saved.'
        ])
        assert (set(list_groups('bob')) == {
            'role:owner', 'role:editor', 'role:special'
        })
コード例 #11
0
    def test_apply(self, extra_principals):
        from kotti.resources import get_root
        from kotti.security import get_principals
        from kotti.security import list_groups
        from kotti.views.users import users_manage

        root = get_root()
        request = DummyRequest()

        bob = get_principals()[u'bob']

        request.params['apply'] = u''
        users_manage(root, request)
        assert (request.session.pop_flash('info') == [u'No changes made.'])
        assert list_groups('bob') == []
        bob.groups = [u'role:special']

        request.params['role::bob::role:owner'] = u'1'
        request.params['role::bob::role:editor'] = u'1'
        request.params['orig-role::bob::role:owner'] = u''
        request.params['orig-role::bob::role:editor'] = u''

        users_manage(root, request)
        assert (request.session.pop_flash('success') ==
            [u'Your changes have been saved.'])
        assert (
            set(list_groups('bob')) ==
            set(['role:owner', 'role:editor', 'role:special'])
            )
コード例 #12
0
    def test_apply(self, extra_principals, root):
        from kotti.security import list_groups
        from kotti.security import set_groups
        from kotti.views.users import share_node

        request = DummyRequest()

        request.params['apply'] = u''
        share_node(root, request)
        assert (request.session.pop_flash('info') == [
            u'No changes were made.'
        ])
        assert list_groups('bob', root) == []
        set_groups('bob', root, ['role:special'])

        request.params['role::bob::role:owner'] = u'1'
        request.params['role::bob::role:editor'] = u'1'
        request.params['orig-role::bob::role:owner'] = u''
        request.params['orig-role::bob::role:editor'] = u''

        share_node(root, request)
        assert (request.session.pop_flash('success') == [
            u'Your changes have been saved.'
        ])
        assert (set(list_groups(
            'bob', root)) == {'role:owner', 'role:editor', 'role:special'})

        # We cannot set a role that's not displayed, even if we forged
        # the request:
        request.params['role::bob::role:admin'] = u'1'
        request.params['orig-role::bob::role:admin'] = u''
        with raises(Forbidden):
            share_node(root, request)
        assert (set(list_groups(
            'bob', root)) == {'role:owner', 'role:editor', 'role:special'})
コード例 #13
0
    def test_apply(self, extra_principals, root):
        from kotti.security import get_principals
        from kotti.security import list_groups
        from kotti.views.users import UsersManage

        request = DummyRequest()

        bob = get_principals()["bob"]

        request.params["apply"] = ""
        UsersManage(root, request)()
        assert request.session.pop_flash("info") == ["No changes were made."]
        assert list_groups("bob") == []
        bob.groups = ["role:special"]

        request.params["role::bob::role:owner"] = "1"
        request.params["role::bob::role:editor"] = "1"
        request.params["orig-role::bob::role:owner"] = ""
        request.params["orig-role::bob::role:editor"] = ""

        UsersManage(root, request)()
        assert request.session.pop_flash("success") == [
            "Your changes have been saved."
        ]
        assert set(list_groups("bob")) == {
            "role:owner", "role:editor", "role:special"
        }
コード例 #14
0
ファイル: tests.py プロジェクト: djpnewton/Kotti
 def test_simple(self):
     root = get_root()
     set_groups('bob', root, ['role:editor'])
     self.assertEqual(
         list_groups('bob', root), ['role:editor'])
     self.assertEqual(
         list_groups_raw('bob', root), ['role:editor'])
コード例 #15
0
ファイル: tests.py プロジェクト: djpnewton/Kotti
    def test_owner(self):
        session = DBSession()
        self.config.testing_securitypolicy(userid=u'bob')
        root = get_root()
        child = root[u'child'] = Content()
        session.flush()
        self.assertEqual(child.owner, u'bob')
        self.assertEqual(list_groups(u'bob', child), [u'role:owner'])

        clear_request_cache()
        # The event listener does not set the role again for subitems:
        grandchild = child[u'grandchild'] = Content()
        session.flush()
        self.assertEqual(grandchild.owner, u'bob')
        self.assertEqual(list_groups(u'bob', grandchild), [u'role:owner'])
        self.assertEqual(len(list_groups_raw(u'bob', grandchild)), 0)
コード例 #16
0
    def test_overwrite_and_delete(self, db_session, root):
        from kotti.resources import get_root
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.security import set_groups

        set_groups('bob', root, ['role:editor'])
        assert list_groups('bob', root) == ['role:editor']
        assert list_groups_raw(u'bob', root) == {'role:editor'}

        set_groups('bob', root, ['role:admin'])
        assert list_groups('bob', root) == ['role:admin']
        assert list_groups_raw(u'bob', root) == {'role:admin'}

        set_groups('bob', root)
        assert list_groups('bob', root) == []
        assert get_root() is root
コード例 #17
0
    def test_simple(self, db_session, root):
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.security import set_groups

        set_groups('bob', root, ['role:editor'])
        assert list_groups('bob', root) == ['role:editor']
        assert list_groups_raw(u'bob', root) == set(['role:editor'])
コード例 #18
0
ファイル: test_security.py プロジェクト: Doik/Kotti
    def test_root_default(self):
        from kotti.resources import get_root
        from kotti.security import list_groups
        from kotti.security import list_groups_raw

        root = get_root()
        self.assertEqual(list_groups('admin', root), ['role:admin'])
        self.assertEqual(list_groups_raw(u'admin', root), set([]))
コード例 #19
0
ファイル: test_security.py プロジェクト: MichaelGregory/Kotti
    def test_root_default(self, db_session):
        from kotti.resources import get_root
        from kotti.security import list_groups
        from kotti.security import list_groups_raw

        root = get_root()
        assert list_groups('admin', root) == ['role:admin']
        assert list_groups_raw(u'admin', root) == set([])
コード例 #20
0
    def test_overwrite_and_delete(self, db_session, root):
        from kotti.resources import get_root
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.security import set_groups

        set_groups('bob', root, ['role:editor'])
        assert list_groups('bob', root) == ['role:editor']
        assert list_groups_raw(u'bob', root) == set(['role:editor'])

        set_groups('bob', root, ['role:admin'])
        assert list_groups('bob', root) == ['role:admin']
        assert list_groups_raw(u'bob', root) == set(['role:admin'])

        set_groups('bob', root)
        assert list_groups('bob', root) == []
        assert get_root() is root
コード例 #21
0
    def test_root_default(self, db_session):
        from kotti.resources import get_root
        from kotti.security import list_groups
        from kotti.security import list_groups_raw

        root = get_root()
        assert list_groups('admin', root) == ['role:admin']
        assert list_groups_raw(u'admin', root) == set([])
コード例 #22
0
ファイル: test_security.py プロジェクト: timgates42/Kotti
    def test_overwrite_and_delete(self, db_session, root):
        from kotti.resources import get_root
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.security import set_groups

        set_groups("bob", root, ["role:editor"])
        assert list_groups("bob", root) == ["role:editor"]
        assert list_groups_raw("bob", root) == {"role:editor"}

        set_groups("bob", root, ["role:admin"])
        assert list_groups("bob", root) == ["role:admin"]
        assert list_groups_raw("bob", root) == {"role:admin"}

        set_groups("bob", root)
        assert list_groups("bob", root) == []
        assert get_root() is root
コード例 #23
0
ファイル: test_security.py プロジェクト: timgates42/Kotti
    def test_simple(self, db_session, root):
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.security import set_groups

        set_groups("bob", root, ["role:editor"])
        assert list_groups("bob", root) == ["role:editor"]
        assert list_groups_raw("bob", root) == {"role:editor"}
コード例 #24
0
ファイル: test_security.py プロジェクト: Doik/Kotti
    def test_root_default(self):
        from kotti.resources import get_root
        from kotti.security import list_groups
        from kotti.security import list_groups_raw

        root = get_root()
        self.assertEqual(list_groups('admin', root), ['role:admin'])
        self.assertEqual(list_groups_raw(u'admin', root), set([]))
コード例 #25
0
    def test_simple(self, db_session, root):
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.security import set_groups

        set_groups('bob', root, ['role:editor'])
        assert list_groups('bob', root) == ['role:editor']
        assert list_groups_raw(u'bob', root) == {'role:editor'}
コード例 #26
0
ファイル: tests.py プロジェクト: djpnewton/Kotti
    def test_inherit(self):
        session = DBSession()
        root = get_root()
        child = root[u'child'] = Node()
        session.flush()

        self.assertEqual(list_groups('bob', child), [])
        set_groups('bob', root, ['role:editor'])
        self.assertEqual(list_groups('bob', child), ['role:editor'])

        # Groups from the child are added:
        set_groups('bob', child, ['group:somegroup'])
        self.assertEqual(
            set(list_groups('bob', child)),
            set(['group:somegroup', 'role:editor']))

        # We can ask to list only those groups that are defined locally:
        self.assertEqual(list_groups_raw('bob', child), ['group:somegroup'])
コード例 #27
0
ファイル: test_security.py プロジェクト: Doik/Kotti
    def test_overwrite_and_delete(self):
        from kotti.resources import get_root
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.security import set_groups

        root = get_root()
        set_groups('bob', root, ['role:editor'])
        self.assertEqual(list_groups('bob', root), ['role:editor'])
        self.assertEqual(list_groups_raw(u'bob', root), set(['role:editor']))

        set_groups('bob', root, ['role:admin'])
        self.assertEqual(list_groups('bob', root), ['role:admin'])
        self.assertEqual(list_groups_raw(u'bob', root), set(['role:admin']))

        set_groups('bob', root)
        self.assertEqual(list_groups('bob', root), [])
        self.assertTrue(get_root() is root)
コード例 #28
0
    def test_groups_from_users(self, db_session, root):
        from kotti.resources import Node
        from kotti.security import list_groups
        from kotti.security import set_groups

        self.make_bob()
        child = root[u'child'] = Node()
        db_session.flush()

        assert list_groups('bob', root) == ['group:bobsgroup']

        set_groups('group:bobsgroup', root, ['role:editor'])
        set_groups('role:editor', child, ['group:foogroup'])

        assert (set(list_groups('bob', root)) == set(
            ['group:bobsgroup', 'role:editor']))
        assert (set(list_groups('bob', child)) == set(
            ['group:bobsgroup', 'role:editor', 'group:foogroup']))
コード例 #29
0
    def test_groups_from_users(self, db_session, root):
        from kotti.resources import Node
        from kotti.security import list_groups
        from kotti.security import set_groups

        self.make_bob()
        child = root[u'child'] = Node()
        db_session.flush()

        assert list_groups('bob', root) == ['group:bobsgroup']

        set_groups('group:bobsgroup', root, ['role:editor'])
        set_groups('role:editor', child, ['group:foogroup'])

        assert (set(list_groups('bob', root)) ==
                set(['group:bobsgroup', 'role:editor']))
        assert (set(list_groups('bob', child)) ==
                set(['group:bobsgroup', 'role:editor', 'group:foogroup']))
コード例 #30
0
    def test_simple(self, db_session):
        from kotti.resources import get_root
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.security import set_groups

        root = get_root()
        set_groups('bob', root, ['role:editor'])
        assert list_groups('bob', root) == ['role:editor']
        assert list_groups_raw(u'bob', root) == set(['role:editor'])
コード例 #31
0
ファイル: test_security.py プロジェクト: MichaelGregory/Kotti
    def test_simple(self, db_session):
        from kotti.resources import get_root
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.security import set_groups

        root = get_root()
        set_groups('bob', root, ['role:editor'])
        assert list_groups('bob', root) == ['role:editor']
        assert list_groups_raw(u'bob', root) == set(['role:editor'])
コード例 #32
0
ファイル: test_security.py プロジェクト: Doik/Kotti
    def test_simple(self):
        from kotti.resources import get_root
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.security import set_groups

        root = get_root()
        set_groups('bob', root, ['role:editor'])
        self.assertEqual(list_groups('bob', root), ['role:editor'])
        self.assertEqual(list_groups_raw(u'bob', root), set(['role:editor']))
コード例 #33
0
ファイル: tests.py プロジェクト: djpnewton/Kotti
    def test_groups_from_users(self):
        self.make_bob()

        session = DBSession()
        root = get_root()
        child = root[u'child'] = Node()
        session.flush()

        self.assertEqual(list_groups('bob', root), ['group:bobsgroup'])

        set_groups('group:bobsgroup', root, ['role:editor'])
        set_groups('role:editor', child, ['group:foogroup'])

        self.assertEqual(
            set(list_groups('bob', root)),
            set(['group:bobsgroup', 'role:editor']))
        self.assertEqual(
            set(list_groups('bob', child)),
            set(['group:bobsgroup', 'role:editor', 'group:foogroup']))
コード例 #34
0
ファイル: test_security.py プロジェクト: rkx-forks/Kotti
    def test_inherit(self, db_session, root):
        from kotti.resources import Node
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.security import set_groups

        child = root["child"] = Node()
        db_session.flush()

        assert list_groups("bob", child) == []
        set_groups("bob", root, ["role:editor"])
        assert list_groups("bob", child) == ["role:editor"]

        # Groups from the child are added:
        set_groups("bob", child, ["group:somegroup"])
        assert set(list_groups("bob", child)) == {"group:somegroup", "role:editor"}

        # We can ask to list only those groups that are defined locally:
        assert list_groups_raw("bob", child) == {"group:somegroup"}
コード例 #35
0
ファイル: test_events.py プロジェクト: castaf/Kotti
    def test_owner(self, root, db_session, events, dummy_request):
        from kotti.resources import Content
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.util import clear_cache

        child = root['child'] = Content()
        db_session.flush()
        assert child.owner == 'bob'
        assert list_groups('bob', child) == ['role:owner']

        clear_cache()

        # The event listener does not set the role again for subitems:
        grandchild = child['grandchild'] = Content()
        db_session.flush()
        assert grandchild.owner == 'bob'
        assert list_groups('bob', grandchild) == ['role:owner']
        assert len(list_groups_raw('bob', grandchild)) == 0
コード例 #36
0
    def test_owner(self, root, db_session, events, dummy_request):
        from kotti.resources import Content
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.util import clear_cache

        child = root[u'child'] = Content()
        db_session.flush()
        assert child.owner == u'bob'
        assert list_groups(u'bob', child) == [u'role:owner']

        clear_cache()

        # The event listener does not set the role again for subitems:
        grandchild = child[u'grandchild'] = Content()
        db_session.flush()
        assert grandchild.owner == u'bob'
        assert list_groups(u'bob', grandchild) == [u'role:owner']
        assert len(list_groups_raw(u'bob', grandchild)) == 0
コード例 #37
0
    def test_inherit(self, db_session, root):
        from kotti.resources import Node
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.security import set_groups

        child = root[u'child'] = Node()
        db_session.flush()

        assert list_groups('bob', child) == []
        set_groups('bob', root, ['role:editor'])
        assert list_groups('bob', child) == ['role:editor']

        # Groups from the child are added:
        set_groups('bob', child, ['group:somegroup'])
        assert (set(list_groups('bob',
                                child)) == {'group:somegroup', 'role:editor'})

        # We can ask to list only those groups that are defined locally:
        assert list_groups_raw(u'bob', child) == {'group:somegroup'}
コード例 #38
0
ファイル: test_security.py プロジェクト: rkx-forks/Kotti
    def test_groups_from_users(self, db_session, root):
        from kotti.resources import Node
        from kotti.security import list_groups
        from kotti.security import set_groups

        self.make_bob()
        child = root["child"] = Node()
        db_session.flush()

        assert list_groups("bob", root) == ["group:bobsgroup"]

        set_groups("group:bobsgroup", root, ["role:editor"])
        set_groups("role:editor", child, ["group:foogroup"])

        assert set(list_groups("bob", root)) == {"group:bobsgroup", "role:editor"}
        assert set(list_groups("bob", child)) == {
            "group:bobsgroup",
            "role:editor",
            "group:foogroup",
        }
コード例 #39
0
ファイル: events.py プロジェクト: twei55/Kotti
def set_owner(event):
    obj, request = event.object, event.request
    if request is not None and isinstance(obj, Node) and obj.owner is None:
        userid = authenticated_userid(request)
        if userid is not None:
            # Set owner metadata:
            obj.owner = userid
            # Add owner role for userid if it's not inherited already:
            if u'role:owner' not in list_groups(userid, obj):
                groups = list_groups_raw(userid, obj) | set([u'role:owner'])
                set_groups(userid, obj, groups)
コード例 #40
0
ファイル: test_events.py プロジェクト: 5urprise/Kotti
    def test_owner(self, root, db_session, events, dummy_request):
        from kotti.resources import Content
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.util import clear_cache

        with patch('kotti.events.authenticated_userid', return_value='bob'):
            child = root[u'child'] = Content()
            db_session.flush()
        assert child.owner == u'bob'
        assert list_groups(u'bob', child) == [u'role:owner']

        clear_cache()
        # The event listener does not set the role again for subitems:
        with patch('kotti.events.authenticated_userid', return_value='bob'):
            grandchild = child[u'grandchild'] = Content()
            db_session.flush()
        assert grandchild.owner == u'bob'
        assert list_groups(u'bob', grandchild) == [u'role:owner']
        assert len(list_groups_raw(u'bob', grandchild)) == 0
コード例 #41
0
ファイル: events.py プロジェクト: eugeneai/Kotti
def set_owner(event):
    obj, request = event.object, event.request
    if request is not None and isinstance(obj, Node) and obj.owner is None:
        userid = authenticated_userid(request)
        if userid is not None:
            userid = unicode(userid)
            # Set owner metadata:
            obj.owner = userid
            # Add owner role for userid if it's not inherited already:
            if u'role:owner' not in list_groups(userid, obj):
                groups = list_groups_raw(userid, obj) | set([u'role:owner'])
                set_groups(userid, obj, groups)
コード例 #42
0
ファイル: test_security.py プロジェクト: Doik/Kotti
    def test_simple(self):
        from kotti.resources import get_root
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.security import set_groups

        root = get_root()
        set_groups('bob', root, ['role:editor'])
        self.assertEqual(
            list_groups('bob', root), ['role:editor'])
        self.assertEqual(
            list_groups_raw(u'bob', root), set(['role:editor']))
コード例 #43
0
    def test_inherit(self, db_session, root):
        from kotti.resources import Node
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.security import set_groups

        child = root[u'child'] = Node()
        db_session.flush()

        assert list_groups('bob', child) == []
        set_groups('bob', root, ['role:editor'])
        assert list_groups('bob', child) == ['role:editor']

        # Groups from the child are added:
        set_groups('bob', child, ['group:somegroup'])
        assert (
            set(list_groups('bob', child)) ==
            set(['group:somegroup', 'role:editor'])
            )

        # We can ask to list only those groups that are defined locally:
        assert list_groups_raw(u'bob', child) == set(['group:somegroup'])
コード例 #44
0
ファイル: test_security.py プロジェクト: Doik/Kotti
    def test_groups_from_users(self):
        from kotti import DBSession
        from kotti.resources import get_root
        from kotti.resources import Node
        from kotti.security import list_groups
        from kotti.security import set_groups

        self.make_bob()
        root = get_root()
        child = root[u'child'] = Node()
        DBSession.flush()

        self.assertEqual(list_groups('bob', root), ['group:bobsgroup'])

        set_groups('group:bobsgroup', root, ['role:editor'])
        set_groups('role:editor', child, ['group:foogroup'])

        self.assertEqual(set(list_groups('bob', root)),
                         set(['group:bobsgroup', 'role:editor']))
        self.assertEqual(
            set(list_groups('bob', child)),
            set(['group:bobsgroup', 'role:editor', 'group:foogroup']))
コード例 #45
0
    def test_apply(self, extra_principals, root):
        from kotti.security import list_groups
        from kotti.security import set_groups
        from kotti.views.users import share_node

        request = DummyRequest()

        request.params["apply"] = ""
        request.params["csrf_token"] = request.session.get_csrf_token()
        share_node(root, request)
        assert request.session.pop_flash("info") == ["No changes were made."]
        assert list_groups("bob", root) == []
        set_groups("bob", root, ["role:special"])

        request.params["role::bob::role:owner"] = "1"
        request.params["role::bob::role:editor"] = "1"
        request.params["orig-role::bob::role:owner"] = ""
        request.params["orig-role::bob::role:editor"] = ""

        share_node(root, request)
        assert request.session.pop_flash("success") == ["Your changes have been saved."]
        assert set(list_groups("bob", root)) == {
            "role:owner",
            "role:editor",
            "role:special",
        }

        # We cannot set a role that's not displayed, even if we forged
        # the request:
        request.params["role::bob::role:admin"] = "1"
        request.params["orig-role::bob::role:admin"] = ""
        with raises(Forbidden):
            share_node(root, request)
        assert set(list_groups("bob", root)) == {
            "role:owner",
            "role:editor",
            "role:special",
        }
コード例 #46
0
ファイル: test_security_views.py プロジェクト: Kotti/Kotti
    def test_apply(self, extra_principals, root):
        from kotti.security import get_principals
        from kotti.security import list_groups
        from kotti.views.users import UsersManage

        request = DummyRequest()

        bob = get_principals()["bob"]

        request.params["apply"] = ""
        UsersManage(root, request)()
        assert request.session.pop_flash("info") == ["No changes were made."]
        assert list_groups("bob") == []
        bob.groups = ["role:special"]

        request.params["role::bob::role:owner"] = "1"
        request.params["role::bob::role:editor"] = "1"
        request.params["orig-role::bob::role:owner"] = ""
        request.params["orig-role::bob::role:editor"] = ""

        UsersManage(root, request)()
        assert request.session.pop_flash("success") == ["Your changes have been saved."]
        assert set(list_groups("bob")) == {"role:owner", "role:editor", "role:special"}
コード例 #47
0
ファイル: test_events.py プロジェクト: mujinjun/Kotti
    def test_owner(self, get_current_request, authenticated_userid):
        from kotti import DBSession
        from kotti.resources import get_root
        from kotti.resources import Content
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.util import clear_cache

        get_current_request.return_value = not None
        authenticated_userid.return_value = 'bob'
        root = get_root()
        child = root[u'child'] = Content()
        DBSession.flush()
        self.assertEqual(child.owner, u'bob')
        self.assertEqual(list_groups(u'bob', child), [u'role:owner'])

        clear_cache()
        # The event listener does not set the role again for subitems:
        grandchild = child[u'grandchild'] = Content()
        DBSession.flush()
        self.assertEqual(grandchild.owner, u'bob')
        self.assertEqual(list_groups(u'bob', grandchild), [u'role:owner'])
        self.assertEqual(len(list_groups_raw(u'bob', grandchild)), 0)
コード例 #48
0
ファイル: test_security.py プロジェクト: Doik/Kotti
    def test_overwrite_and_delete(self):
        from kotti.resources import get_root
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.security import set_groups

        root = get_root()
        set_groups('bob', root, ['role:editor'])
        self.assertEqual(
            list_groups('bob', root), ['role:editor'])
        self.assertEqual(
            list_groups_raw(u'bob', root), set(['role:editor']))

        set_groups('bob', root, ['role:admin'])
        self.assertEqual(
            list_groups('bob', root), ['role:admin'])
        self.assertEqual(
            list_groups_raw(u'bob', root), set(['role:admin']))

        set_groups('bob', root)
        self.assertEqual(
            list_groups('bob', root), [])
        self.assertTrue(get_root() is root)
コード例 #49
0
ファイル: test_events.py プロジェクト: eugeneai/Kotti
    def test_owner(self, get_current_request, authenticated_userid):
        from kotti import DBSession
        from kotti.resources import get_root
        from kotti.resources import Content
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.util import clear_cache

        get_current_request.return_value = not None
        authenticated_userid.return_value = 'bob'
        root = get_root()
        child = root[u'child'] = Content()
        DBSession.flush()
        self.assertEqual(child.owner, u'bob')
        self.assertEqual(list_groups(u'bob', child), [u'role:owner'])

        clear_cache()
        # The event listener does not set the role again for subitems:
        grandchild = child[u'grandchild'] = Content()
        DBSession.flush()
        self.assertEqual(grandchild.owner, u'bob')
        self.assertEqual(list_groups(u'bob', grandchild), [u'role:owner'])
        self.assertEqual(len(list_groups_raw(u'bob', grandchild)), 0)
コード例 #50
0
ファイル: test_events.py プロジェクト: dnouri/Kotti
    def test_owner(self):
        from kotti import DBSession
        from kotti.resources import get_root
        from kotti.resources import Content
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.util import clear_cache

        session = DBSession()
        self.config.testing_securitypolicy(userid='bob')
        root = get_root()
        child = root[u'child'] = Content()
        session.flush()
        self.assertEqual(child.owner, u'bob')
        self.assertEqual(list_groups(u'bob', child), [u'role:owner'])

        clear_cache()
        # The event listener does not set the role again for subitems:
        grandchild = child[u'grandchild'] = Content()
        session.flush()
        self.assertEqual(grandchild.owner, u'bob')
        self.assertEqual(list_groups(u'bob', grandchild), [u'role:owner'])
        self.assertEqual(len(list_groups_raw(u'bob', grandchild)), 0)
コード例 #51
0
    def test_owner(self):
        from kotti import DBSession
        from kotti.resources import get_root
        from kotti.resources import Content
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.util import clear_cache

        session = DBSession()
        self.config.testing_securitypolicy(userid='bob')
        root = get_root()
        child = root[u'child'] = Content()
        session.flush()
        self.assertEqual(child.owner, u'bob')
        self.assertEqual(list_groups(u'bob', child), [u'role:owner'])

        clear_cache()
        # The event listener does not set the role again for subitems:
        grandchild = child[u'grandchild'] = Content()
        session.flush()
        self.assertEqual(grandchild.owner, u'bob')
        self.assertEqual(list_groups(u'bob', grandchild), [u'role:owner'])
        self.assertEqual(len(list_groups_raw(u'bob', grandchild)), 0)
コード例 #52
0
    def test_owner(self, db_session, events, dummy_request):
        from kotti import DBSession
        from kotti.resources import get_root
        from kotti.resources import Content
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.util import clear_cache

        root = get_root()
        with patch('kotti.events.authenticated_userid', return_value='bob'):
            child = root[u'child'] = Content()
            DBSession.flush()
        assert child.owner == u'bob'
        assert list_groups(u'bob', child) == [u'role:owner']

        clear_cache()
        # The event listener does not set the role again for subitems:
        with patch('kotti.events.authenticated_userid', return_value='bob'):
            grandchild = child[u'grandchild'] = Content()
            DBSession.flush()
        assert grandchild.owner == u'bob'
        assert list_groups(u'bob', grandchild) == [u'role:owner']
        assert len(list_groups_raw(u'bob', grandchild)) == 0
コード例 #53
0
ファイル: test_security.py プロジェクト: Doik/Kotti
    def test_nested_groups(self):
        from kotti.resources import get_root
        from kotti.security import list_groups
        from kotti.security import list_groups_ext

        self.add_some_groups()
        root = get_root()
        child = root[u'child']
        grandchild = child[u'grandchild']

        # Check bob's groups on every level:
        self.assertEqual(list_groups('bob', root), ['group:bobsgroup'])
        self.assertEqual(
            set(list_groups('bob', child)),
            set(['group:bobsgroup', 'group:franksgroup', 'role:editor']))
        self.assertEqual(
            set(list_groups('bob', grandchild)),
            set([
                'group:bobsgroup', 'group:franksgroup', 'role:editor',
                'role:owner'
            ]))

        # Check group:franksgroup groups on every level:
        self.assertEqual(set(list_groups('frank', root)),
                         set(['group:franksgroup', 'role:editor']))
        self.assertEqual(set(list_groups('frank', child)),
                         set(['group:franksgroup', 'role:editor']))
        self.assertEqual(
            set(list_groups('frank', grandchild)),
            set([
                'group:franksgroup', 'role:editor', 'role:owner',
                'group:bobsgroup'
            ]))

        # Sometimes it's useful to know which of the groups were
        # inherited, that's what 'list_groups_ext' is for:
        groups, inherited = list_groups_ext('bob', root)
        self.assertEqual(groups, ['group:bobsgroup'])
        self.assertEqual(inherited, [])

        groups, inherited = list_groups_ext('bob', child)
        self.assertEqual(
            set(groups),
            set(['group:bobsgroup', 'group:franksgroup', 'role:editor']))
        self.assertEqual(
            set(inherited),
            set(['group:bobsgroup', 'group:franksgroup', 'role:editor']))

        groups, inherited = list_groups_ext('group:bobsgroup', child)
        self.assertEqual(set(groups), set(['group:franksgroup',
                                           'role:editor']))
        self.assertEqual(inherited, ['role:editor'])

        groups, inherited = list_groups_ext('group:franksgroup', grandchild)
        self.assertEqual(set(groups),
                         set(['group:bobsgroup', 'role:owner', 'role:editor']))
        self.assertEqual(inherited, ['role:editor'])
コード例 #54
0
ファイル: test_security.py プロジェクト: Doik/Kotti
    def test_inherit(self):
        from kotti import DBSession
        from kotti.resources import get_root
        from kotti.resources import Node
        from kotti.security import list_groups
        from kotti.security import list_groups_raw
        from kotti.security import set_groups

        root = get_root()
        child = root[u'child'] = Node()
        DBSession.flush()

        self.assertEqual(list_groups('bob', child), [])
        set_groups('bob', root, ['role:editor'])
        self.assertEqual(list_groups('bob', child), ['role:editor'])

        # Groups from the child are added:
        set_groups('bob', child, ['group:somegroup'])
        self.assertEqual(set(list_groups('bob', child)),
                         set(['group:somegroup', 'role:editor']))

        # We can ask to list only those groups that are defined locally:
        self.assertEqual(list_groups_raw(u'bob', child),
                         set(['group:somegroup']))
コード例 #55
0
ファイル: tests.py プロジェクト: djpnewton/Kotti
    def test_nested_groups(self):
        self.add_some_groups()
        root = get_root()
        child = root[u'child']
        grandchild = child[u'grandchild']

        # Check bob's groups on every level:
        self.assertEqual(list_groups('bob', root), ['group:bobsgroup'])
        self.assertEqual(
            set(list_groups('bob', child)),
            set(['group:bobsgroup', 'group:franksgroup', 'role:editor']))
        self.assertEqual(
            set(list_groups('bob', grandchild)),
            set([
                'group:bobsgroup', 'group:franksgroup', 'role:editor',
                'role:owner'
            ]))

        # Check group:franksgroup groups on every level:
        self.assertEqual(
            set(list_groups('frank', root)),
            set(['group:franksgroup', 'role:editor']))
        self.assertEqual(
            set(list_groups('frank', child)),
            set(['group:franksgroup', 'role:editor']))
        self.assertEqual(
            set(list_groups('frank', grandchild)),
            set([
                'group:franksgroup', 'role:editor', 'role:owner',
                'group:bobsgroup'
            ]))

        # Sometimes it's useful to know which of the groups were
        # inherited, that's what 'list_groups_ext' is for:
        groups, inherited = list_groups_ext('bob', root)
        self.assertEqual(groups, ['group:bobsgroup'])
        self.assertEqual(inherited, [])

        groups, inherited = list_groups_ext('bob', child)
        self.assertEqual(
            set(groups),
            set(['group:bobsgroup', 'group:franksgroup', 'role:editor']))
        self.assertEqual(
            set(inherited),
            set(['group:bobsgroup', 'group:franksgroup', 'role:editor']))

        groups, inherited = list_groups_ext('group:bobsgroup', child)
        self.assertEqual(
            set(groups), set(['group:franksgroup', 'role:editor']))
        self.assertEqual(inherited, ['role:editor'])

        groups, inherited = list_groups_ext('group:franksgroup', grandchild)
        self.assertEqual(
            set(groups), set(['group:bobsgroup', 'role:owner', 'role:editor']))
        self.assertEqual(inherited, ['role:editor'])
コード例 #56
0
ファイル: test_security.py プロジェクト: timgates42/Kotti
    def test_nested_groups(self, db_session, root):
        from kotti.security import list_groups
        from kotti.security import list_groups_ext

        self.add_some_groups(db_session, root)
        child = root["child"]
        grandchild = child["grandchild"]

        # Check bob's groups on every level:
        assert list_groups("bob", root) == ["group:bobsgroup"]
        assert set(list_groups("bob", child)) == {
            "group:bobsgroup",
            "group:franksgroup",
            "role:editor",
        }
        assert set(list_groups("bob", grandchild)) == {
            "group:bobsgroup",
            "group:franksgroup",
            "role:editor",
            "role:owner",
        }

        # Check group:franksgroup groups on every level:
        assert set(list_groups("frank",
                               root)) == {"group:franksgroup", "role:editor"}
        assert set(list_groups("frank",
                               child)) == {"group:franksgroup", "role:editor"}
        assert set(list_groups("frank", grandchild)) == {
            "group:franksgroup",
            "role:editor",
            "role:owner",
            "group:bobsgroup",
        }

        # Sometimes it's useful to know which of the groups were
        # inherited, that's what 'list_groups_ext' is for:
        groups, inherited = list_groups_ext("bob", root)
        assert groups == ["group:bobsgroup"]
        assert inherited == []

        groups, inherited = list_groups_ext("bob", child)
        assert set(groups) == {
            "group:bobsgroup", "group:franksgroup", "role:editor"
        }
        assert set(inherited) == {
            "group:bobsgroup", "group:franksgroup", "role:editor"
        }

        groups, inherited = list_groups_ext("group:bobsgroup", child)
        assert set(groups) == {"group:franksgroup", "role:editor"}
        assert inherited == ["role:editor"]

        groups, inherited = list_groups_ext("group:franksgroup", grandchild)
        assert set(groups) == {"group:bobsgroup", "role:owner", "role:editor"}
        assert inherited == ["role:editor"]
コード例 #57
0
ファイル: events.py プロジェクト: nightmarebadger/Kotti
def set_owner(event):
    """Set ``owner`` of the object that triggered the event.

    :param event: event that trigerred this handler.
    :type event: :class:`ObjectInsert`
    """

    obj, request = event.object, event.request
    if request is not None and isinstance(obj, Node) and obj.owner is None:
        userid = request.authenticated_userid
        if userid is not None:
            userid = unicode(userid)
            # Set owner metadata:
            obj.owner = userid
            # Add owner role for userid if it's not inherited already:
            if u'role:owner' not in list_groups(userid, obj):
                groups = list_groups_raw(userid, obj) | set([u'role:owner'])
                set_groups(userid, obj, groups)
コード例 #58
0
ファイル: events.py プロジェクト: adamcheasley/Kotti
def set_owner(event):
    """Set ``owner`` of the object that triggered the event.

    :param event: event that trigerred this handler.
    :type event: :class:`ObjectInsert`
    """

    obj, request = event.object, event.request
    if request is not None and isinstance(obj, Node) and obj.owner is None:
        userid = request.authenticated_userid
        if userid is not None:
            userid = unicode(userid)
            # Set owner metadata:
            obj.owner = userid
            # Add owner role for userid if it's not inherited already:
            if u'role:owner' not in list_groups(userid, obj):
                groups = list_groups_raw(userid, obj) | set([u'role:owner'])
                set_groups(userid, obj, groups)
コード例 #59
0
ファイル: test_security.py プロジェクト: MichaelGregory/Kotti
    def test_nested_groups(self, db_session):
        from kotti.resources import get_root
        from kotti.security import list_groups
        from kotti.security import list_groups_ext

        self.add_some_groups()
        root = get_root()
        child = root[u'child']
        grandchild = child[u'grandchild']

        # Check bob's groups on every level:
        assert list_groups('bob', root) == ['group:bobsgroup']
        assert (set(list_groups('bob', child)) ==
            set(['group:bobsgroup', 'group:franksgroup', 'role:editor']))
        assert (set(list_groups('bob', grandchild)) ==
            set(['group:bobsgroup', 'group:franksgroup', 'role:editor',
                 'role:owner']))

        # Check group:franksgroup groups on every level:
        assert (set(list_groups('frank', root)) ==
            set(['group:franksgroup', 'role:editor']))
        assert (set(list_groups('frank', child)) ==
            set(['group:franksgroup', 'role:editor']))
        assert (set(list_groups('frank', grandchild)) ==
            set(['group:franksgroup', 'role:editor', 'role:owner',
                 'group:bobsgroup']))

        # Sometimes it's useful to know which of the groups were
        # inherited, that's what 'list_groups_ext' is for:
        groups, inherited = list_groups_ext('bob', root)
        assert groups == ['group:bobsgroup']
        assert inherited == []

        groups, inherited = list_groups_ext('bob', child)
        assert (set(groups) ==
            set(['group:bobsgroup', 'group:franksgroup', 'role:editor']))
        assert (set(inherited) ==
            set(['group:bobsgroup', 'group:franksgroup', 'role:editor']))

        groups, inherited = list_groups_ext('group:bobsgroup', child)
        assert set(groups) == set(['group:franksgroup', 'role:editor'])
        assert inherited == ['role:editor']

        groups, inherited = list_groups_ext('group:franksgroup', grandchild)
        assert (set(groups) ==
            set(['group:bobsgroup', 'role:owner', 'role:editor']))
        assert inherited == ['role:editor']