class GroupBasedPermissionsPolicyTest(DBTestCase): def setUp(self): super(GroupBasedPermissionsPolicyTest, self).setUp() self.policy = GroupBasedPermissionsPolicy() def test_applies_to_all_permissions_in_db(self): Permission.example(name=u'custom') assert_contains(u'edit', self.policy.permissions) assert_contains(u'admin', self.policy.permissions) assert_contains(u'custom', self.policy.permissions) def perm(self): system = MediaCorePermissionSystem(self.pylons_config) system.policies = [self.policy] user = DBSession.query(User).filter(User.user_name == u'admin').one() return UserPermissions(user, system) def test_can_restrict_queries(self): query = Media.query permission = u'view' perm = self.perm() assert_true( self.policy.can_apply_access_restrictions_to_query( query, permission)) assert_true( self.policy.access_condition_for_query(query, permission, perm)) def test_can_restrict_query_if_user_does_not_have_the_required_permission( self): query = Media.query permission = u'view' perm = self.perm() view_permission = DBSession.query(Permission).filter( Permission.permission_name == permission).one() view_permission.groups = [] DBSession.flush() assert_none( self.policy.access_condition_for_query(query, permission, perm))
class GroupBasedPermissionsPolicyTest(DBTestCase): def setUp(self): super(GroupBasedPermissionsPolicyTest, self).setUp() self.policy = GroupBasedPermissionsPolicy() def test_applies_to_all_permissions_in_db(self): Permission.example(name=u'custom') assert_contains(u'edit', self.policy.permissions) assert_contains(u'admin', self.policy.permissions) assert_contains(u'custom', self.policy.permissions) def perm(self): system = MediaCorePermissionSystem(self.pylons_config) system.policies = [self.policy] user = DBSession.query(User).filter(User.user_name == u'admin').one() return UserPermissions(user, system) def test_can_restrict_queries(self): query = Media.query permission = u'view' perm = self.perm() assert_true(self.policy.can_apply_access_restrictions_to_query(query, permission)) assert_true(self.policy.access_condition_for_query(query, permission, perm)) def test_can_restrict_query_if_user_does_not_have_the_required_permission(self): query = Media.query permission = u'view' perm = self.perm() view_permission = DBSession.query(Permission).filter(Permission.permission_name == permission).one() view_permission.groups = [] DBSession.flush() assert_none(self.policy.access_condition_for_query(query, permission, perm))