def test_principals_allowed_by_permission(self): from pyramid.authorization import ACLHelper from pyramid.security import Allow from pyramid.security import Deny from pyramid.security import DENY_ALL from pyramid.security import ALL_PERMISSIONS helper = ACLHelper() root = DummyContext(__name__='', __parent__=None) community = DummyContext(__name__='community', __parent__=root) blog = DummyContext(__name__='blog', __parent__=community) root.__acl__ = [ (Allow, 'chrism', ('read', 'write')), (Allow, 'other', ('read', )), (Allow, 'jim', ALL_PERMISSIONS), ] community.__acl__ = [ (Deny, 'flooz', 'read'), (Allow, 'flooz', 'read'), (Allow, 'mork', 'read'), (Deny, 'jim', 'read'), (Allow, 'someguy', 'manage'), ] blog.__acl__ = [(Allow, 'fred', 'read'), DENY_ALL] result = sorted(helper.principals_allowed_by_permission(blog, 'read')) self.assertEqual(result, ['fred']) result = sorted( helper.principals_allowed_by_permission(community, 'read')) self.assertEqual(result, ['chrism', 'mork', 'other']) result = sorted( helper.principals_allowed_by_permission(community, 'read')) result = sorted(helper.principals_allowed_by_permission(root, 'read')) self.assertEqual(result, ['chrism', 'jim', 'other'])
def test_principals_allowed_by_permission_no_acls(self): from pyramid.authorization import ACLHelper helper = ACLHelper() context = DummyContext() result = sorted( helper.principals_allowed_by_permission(context, 'read')) self.assertEqual(result, [])
def test_principals_allowed_by_permission_deny_permission_in_acl(self): from pyramid.authorization import ACLHelper, Deny, Everyone helper = ACLHelper() context = DummyContext() acl = [(Deny, Everyone, 'read')] context.__acl__ = acl result = sorted( helper.principals_allowed_by_permission(context, 'read')) self.assertEqual(result, [])
def test_principals_allowed_by_permission_string_permission(self): from pyramid.authorization import ACLHelper, Allow helper = ACLHelper() context = DummyContext() acl = [(Allow, 'chrism', 'read_it')] context.__acl__ = acl result = helper.principals_allowed_by_permission(context, 'read') # would be ['chrism'] if 'read' were compared against 'read_it' instead # of against ['read_it'] self.assertEqual(list(result), [])
def test_principals_allowed_by_permission_callable_acl(self): from pyramid.authorization import DENY_ALL, ACLHelper, Allow helper = ACLHelper() context = DummyContext() acl = lambda: [ (Allow, 'chrism', ('read', 'write')), DENY_ALL, (Allow, 'other', 'read'), ] context.__acl__ = acl result = sorted( helper.principals_allowed_by_permission(context, 'read')) self.assertEqual(result, ['chrism'])