def setup_auth(config, userid = None, debug = True): from arche.security import groupfinder config.set_authorization_policy(ACLAuthorizationPolicy()) ap = CallbackAuthenticationPolicy() ap.debug = debug ap.unauthenticated_userid = lambda request: userid ap.callback = groupfinder config.set_authentication_policy(ap)
def test_works_with_auth(self, db_session, root): from kotti.resources import Node from kotti.security import get_principals from kotti.security import list_groups_callback from kotti.security import set_groups child = root[u'child'] = Node() db_session.flush() request = DummyRequest() auth = CallbackAuthenticationPolicy() auth.unauthenticated_userid = lambda *args: 'bob' auth.callback = list_groups_callback request.context = root assert ( # user doesn't exist yet auth.effective_principals(request) == ['system.Everyone']) get_principals()[u'bob'] = dict(name=u'bob') assert (auth.effective_principals(request) == [ 'system.Everyone', 'system.Authenticated', 'bob' ]) # Define that bob belongs to bobsgroup on the root level: set_groups('bob', root, ['group:bobsgroup']) request.context = child assert (set(auth.effective_principals(request)) == set([ 'system.Everyone', 'system.Authenticated', 'bob', 'group:bobsgroup' ])) # define that bob belongs to franksgroup in the user db: get_principals()[u'bob'].groups = [u'group:franksgroup'] set_groups('group:franksgroup', child, ['group:anothergroup']) assert (set(auth.effective_principals(request)) == set([ 'system.Everyone', 'system.Authenticated', 'bob', 'group:bobsgroup', 'group:franksgroup', 'group:anothergroup', ])) # And lastly test that circular group defintions are not a # problem here either: get_principals()[u'group:franksgroup'] = dict( name=u'group:franksgroup', title=u"Frank's group", groups=[u'group:funnygroup', u'group:bobsgroup'], ) assert (set(auth.effective_principals(request)) == set([ 'system.Everyone', 'system.Authenticated', 'bob', 'group:bobsgroup', 'group:franksgroup', 'group:anothergroup', 'group:funnygroup', ]))
def test_works_with_auth(self): session = DBSession() root = get_root() child = root[u'child'] = Node() session.flush() request = DummyRequest() auth = CallbackAuthenticationPolicy() auth.unauthenticated_userid = lambda *args: 'bob' auth.callback = list_groups_callback request.context = root self.assertEqual( # user doesn't exist yet auth.effective_principals(request), ['system.Everyone'] ) get_principals()[u'bob'] = dict(name=u'bob') self.assertEqual( auth.effective_principals(request), ['system.Everyone', 'system.Authenticated', 'bob'] ) # Define that bob belongs to bobsgroup on the root level: set_groups('bob', root, ['group:bobsgroup']) request.context = child self.assertEqual( set(auth.effective_principals(request)), set([ 'system.Everyone', 'system.Authenticated', 'bob', 'group:bobsgroup' ]) ) # define that bob belongs to franksgroup in the user db: get_principals()[u'bob'].groups = [u'group:franksgroup'] set_groups('group:franksgroup', child, ['group:anothergroup']) self.assertEqual( set(auth.effective_principals(request)), set([ 'system.Everyone', 'system.Authenticated', 'bob', 'group:bobsgroup', 'group:franksgroup', 'group:anothergroup', ]) ) # And lastly test that circular group defintions are not a # problem here either: get_principals()[u'group:franksgroup'] = dict( name=u'group:franksgroup', title=u"Frank's group", groups=[u'group:funnygroup', u'group:bobsgroup'], ) self.assertEqual( set(auth.effective_principals(request)), set([ 'system.Everyone', 'system.Authenticated', 'bob', 'group:bobsgroup', 'group:franksgroup', 'group:anothergroup', 'group:funnygroup', ]) )
def setup_security(config, userid = None, debug = True): from arche.security import groupfinder config.set_authorization_policy(ACLAuthorizationPolicy()) ap = CallbackAuthenticationPolicy() ap.debug = debug ap.unauthenticated_userid = lambda request: userid ap.callback = groupfinder config.set_authentication_policy(ap) config.include('arche.override_perm_methods')
def test_works_with_auth(self, db_session, root): from kotti.resources import Node from kotti.security import get_principals from kotti.security import list_groups_callback from kotti.security import set_groups child = root["child"] = Node() db_session.flush() request = DummyRequest() auth = CallbackAuthenticationPolicy() auth.unauthenticated_userid = lambda *args: "bob" auth.callback = list_groups_callback request.context = root assert auth.effective_principals( request) == [ # user doesn't exist yet "system.Everyone" ] get_principals()["bob"] = dict(name="bob") assert auth.effective_principals(request) == [ "system.Everyone", "system.Authenticated", "bob", ] # Define that bob belongs to bobsgroup on the root level: set_groups("bob", root, ["group:bobsgroup"]) request.context = child assert set(auth.effective_principals(request)) == { "system.Everyone", "system.Authenticated", "bob", "group:bobsgroup", } # define that bob belongs to franksgroup in the user db: get_principals()["bob"].groups = ["group:franksgroup"] set_groups("group:franksgroup", child, ["group:anothergroup"]) assert set(auth.effective_principals(request)) == { "system.Everyone", "system.Authenticated", "bob", "group:bobsgroup", "group:franksgroup", "group:anothergroup", } # And lastly test that circular group defintions are not a # problem here either: get_principals()["group:franksgroup"] = dict( name="group:franksgroup", title="Frank's group", groups=["group:funnygroup", "group:bobsgroup"], ) assert set(auth.effective_principals(request)) == { "system.Everyone", "system.Authenticated", "bob", "group:bobsgroup", "group:franksgroup", "group:anothergroup", "group:funnygroup", }
def test_works_with_auth(self, db_session, root): from kotti.resources import Node from kotti.security import get_principals from kotti.security import list_groups_callback from kotti.security import set_groups child = root[u'child'] = Node() db_session.flush() request = DummyRequest() auth = CallbackAuthenticationPolicy() auth.unauthenticated_userid = lambda *args: 'bob' auth.callback = list_groups_callback request.context = root assert ( # user doesn't exist yet auth.effective_principals(request) == ['system.Everyone'] ) get_principals()[u'bob'] = dict(name=u'bob') assert ( auth.effective_principals(request) == ['system.Everyone', 'system.Authenticated', 'bob'] ) # Define that bob belongs to bobsgroup on the root level: set_groups('bob', root, ['group:bobsgroup']) request.context = child assert ( set(auth.effective_principals(request)) == set([ 'system.Everyone', 'system.Authenticated', 'bob', 'group:bobsgroup' ]) ) # define that bob belongs to franksgroup in the user db: get_principals()[u'bob'].groups = [u'group:franksgroup'] set_groups('group:franksgroup', child, ['group:anothergroup']) assert ( set(auth.effective_principals(request)) == set([ 'system.Everyone', 'system.Authenticated', 'bob', 'group:bobsgroup', 'group:franksgroup', 'group:anothergroup', ]) ) # And lastly test that circular group defintions are not a # problem here either: get_principals()[u'group:franksgroup'] = dict( name=u'group:franksgroup', title=u"Frank's group", groups=[u'group:funnygroup', u'group:bobsgroup'], ) assert ( set(auth.effective_principals(request)) == set([ 'system.Everyone', 'system.Authenticated', 'bob', 'group:bobsgroup', 'group:franksgroup', 'group:anothergroup', 'group:funnygroup', ]) )