def test_normal_authenticated_no_adapter(self): # Authorization is denied when there's no adapter. cache = {} expected = [False] observed = iter_authorization( self.object, self.permission, self.principal, cache=cache) self.assertEqual(expected, list(observed)) # The cache is not updated when there's no adapter. self.assertEqual({}, cache)
def test_normal_authenticated_cached(self): # Authorization is taken from the cache regardless of the presence of # an adapter or its behaviour. self.explode() token = getrandbits(32) expected = [token] observed = iter_authorization( self.object, self.permission, principal=self.principal, cache={self.object: {self.permission: token}}) self.assertEqual(expected, list(observed))
def test_normal_authenticated_denied(self): # The result of the registered IAuthorization adapter is returned. self.deny() cache = {} expected = [False] observed = iter_authorization( self.object, self.permission, self.principal, cache=cache) self.assertEqual(expected, list(observed)) # The cache is updated with the result. self.assertEqual({self.object: {self.permission: False}}, cache)
def test_normal_unauthenticated_allowed(self): # The result of the registered IAuthorization adapter is returned. self.allow() cache = {} expected = [True] observed = iter_authorization( self.object, self.permission, principal=None, cache=cache) self.assertEqual(expected, list(observed)) # The cache is updated with the result. self.assertEqual({self.object: {self.permission: True}}, cache)
def test_normal_authenticated_no_adapter_cached(self): # Authorization is taken from the cache even if an adapter is not # registered. This situation - the cache holding a result for an # object+permission for which there is no IAuthorization adapter - # will not arise unless the cache is tampered with, so this test is # solely for documentation. token = getrandbits(32) expected = [token] observed = iter_authorization( self.object, self.permission, self.principal, cache={self.object: {self.permission: token}}) self.assertEqual(expected, list(observed))
def test_delegated_authenticated(self): # Authorization is delegated and we see the results of authorization # against the objects to which it has been delegated. self.delegate() cache = {} expected = [True, False] observed = iter_authorization( self.object, self.permission, self.principal, cache=cache) self.assertEqual(expected, list(observed)) # The cache is updated with the result of the leaf checks and not the # delegated check. cache_expected = { Delegate.object_one: {Delegate.permission: True}, Delegate.object_two: {Delegate.permission: False}, } self.assertEqual(cache_expected, cache)