コード例 #1
0
def test_initate_and_transition_to_frozen(registry, context):
    from substanced.util import get_acl
    workflow = registry.content.workflows['sample']
    assert workflow.state_of(context) is None
    workflow.initialize(context)
    assert workflow.state_of(context) is 'participate'
    assert ('Allow', 'role:participant', 'create_proposal') in get_acl(context)
    request = testing.DummyRequest()  # bypass permission check
    workflow.transition_to_state(context, request, 'frozen')
    assert workflow.state_of(context) is 'frozen'
    assert get_acl(context) == []
コード例 #2
0
ファイル: test_sample.py プロジェクト: andantic/adhocracy3
def test_initate_and_transition_to_frozen(registry, context):
    from substanced.util import get_acl
    workflow = registry.content.workflows['sample']
    assert workflow.state_of(context) is None
    workflow.initialize(context)
    assert workflow.state_of(context) is 'participate'
    assert ('Allow', 'role:participant', 'create_proposal') in get_acl(context)
    assert ('Allow', 'role:participant', 'create_document') in get_acl(context)
    request = testing.DummyRequest()  # bypass permission check
    workflow.transition_to_state(context, request, 'frozen')
    assert workflow.state_of(context) is 'frozen'
    assert get_acl(context) == []
コード例 #3
0
ファイル: test_bplan.py プロジェクト: pra85/adhocracy3
def test_initiate_bplan_private_workflow(registry, context):
    from substanced.util import get_acl
    workflow = registry.content.workflows['bplan_private']
    assert workflow.state_of(context) is None
    workflow.initialize(context)
    assert workflow.state_of(context) is 'private'
    local_acl = get_acl(context)
    assert ('Deny', 'system.Anonymous', 'view') in local_acl
コード例 #4
0
ファイル: test_bplan.py プロジェクト: andantic/adhocracy3
def test_initiate_bplan_private_workflow(registry, context):
    from substanced.util import get_acl
    workflow = registry.content.workflows['bplan_private']
    assert workflow.state_of(context) is None
    workflow.initialize(context)
    assert workflow.state_of(context) is 'private'
    local_acl = get_acl(context)
    assert ('Deny', 'system.Anonymous', 'view') in local_acl
コード例 #5
0
def test_initiate_bplan_private_workflow(registry, context):
    from substanced.util import get_acl

    workflow = registry.content.workflows["bplan_private"]
    assert workflow.state_of(context) is None
    workflow.initialize(context)
    assert workflow.state_of(context) is "private"
    local_acl = get_acl(context)
    assert ("Deny", "system.Anonymous", "view") in local_acl
コード例 #6
0
ファイル: test_root.py プロジェクト: robx/adhocracy3.mercator
 def test_create_root_with_acl(self, registry):
     from adhocracy_core.resources.root import IRootPool
     from substanced.util import get_acl
     from pyramid.security import Allow
     from pyramid.security import ALL_PERMISSIONS
     inst = registry.content.create(IRootPool.__identifier__)
     acl = get_acl(inst)
     assert (Allow, 'system.Anonymous', 'view') in acl
     assert (Allow, 'system.Anonymous', 'create_user') in acl
     assert (Allow, 'role:god', ALL_PERMISSIONS) == acl[0]
コード例 #7
0
 def test_create_root_with_acl(self, registry):
     from adhocracy_core.resources.root import IRootPool
     from substanced.util import get_acl
     from pyramid.security import Allow
     from pyramid.security import ALL_PERMISSIONS
     inst = registry.content.create(IRootPool.__identifier__)
     acl = get_acl(inst)
     assert (Allow, 'system.Anonymous', 'view') in acl
     assert (Allow, 'system.Anonymous', 'create_user') in acl
     assert (Allow, 'role:god', ALL_PERMISSIONS) == acl[0]
コード例 #8
0
ファイル: __init__.py プロジェクト: notaliens/youshouldsing
def change_acl_callback(content, workflow, transition, request):
    new_acl = []
    current_acl = get_acl(content, [])
    admins = find_service(content, 'principals')['groups']['admins']
    recording = content
    performer = getattr(recording, 'performer', None)
    if performer is None:
        return # eyeroll, foil workflow initialization via subscriber
    user = performer.user
    owner_id = user.__oid__
    admins_id = admins.__oid__
    for ace in current_acl:
        # preserve all permissions defined by other subsystems (like "like")
        if ace == DENY_ALL:
            continue
        _, _, perms = ace
        if perms is ALL_PERMISSIONS:
            continue
        if not is_nonstr_iter(perms):
            perms = [perms]
        if 'view' in perms or 'yss.indexed' in perms or 'yss.edit' in perms:
            continue
        new_acl.append(ace)

    PRIVATE_ACES = [
        (Allow, admins_id, ALL_PERMISSIONS),
        (Allow, owner_id, ('view',)),
        (Allow, owner_id, ('yss.edit',)),
        DENY_ALL,
        ]

    if transition:
        # if not initial state
        if transition['name'].startswith('Make public'):
            new_acl.extend([
                (Allow, Everyone, ('view',)),
                (Allow, Everyone, ('yss.indexed',)),
                (Allow, owner_id, ('yss.edit',)),
            ])
        if transition['name'].startswith('Make private'):
            new_acl.extend(PRIVATE_ACES)
        if transition['name'].startswith('Make authenticated-only'):
            new_acl.extend([
                (Allow, admins_id, ALL_PERMISSIONS),
                (Allow, 'system.Authenticated', ('view',)),
                (Allow, 'system.Authenticated', ('yss.indexed',)),
                (Allow, owner_id, ('yss.edit',)),
                DENY_ALL,
            ])
    else:
        # initial state
        new_acl.extend(PRIVATE_ACES)

    set_acl(content, new_acl)
コード例 #9
0
ファイル: evolve.py プロジェクト: pabo3000/substanced
def add_path_to_acl_to_objectmap(root):
    objectmap = root.__objectmap__
    objectmap.path_to_acl = objectmap.family.OO.BTree()
    logger.info('Populating path_to_acl in objectmap (expensive evolve step)')
    for obj in postorder(root):
        oid = objectmap.objectid_for(obj)
        path = objectmap.path_for(oid)
        upath = _SLASH.join(path)
        acl = get_acl(obj, None)
        suffix = '(no acl)'
        if acl is not None:
            objectmap.set_acl(obj, acl)
            suffix = '(indexed acl)'
        logger.info('%s %s' % (upath, suffix))
コード例 #10
0
ファイル: views.py プロジェクト: notaliens/youshouldsing
 def accept_retime(self):
     song = self.context
     song.timings = song.alt_timings
     song.alt_timings = ''
     new_acl = []
     acl = get_acl(song)
     for ace in acl:
         if ace[0] == Deny and ace[2] == ['yss.indexed']:
             continue
         new_acl.append(ace)
     set_acl(song, new_acl)
     event = ObjectModified(song)
     self.request.registry.subscribers((event, song), None)
     self.request.session.flash(
         'Retime accepted, song will show up in searches, and may now be '
         'recorded by everyone. Nice work.', 'info')
     return self.request.resource_url(self.context, '@@retime')
コード例 #11
0
ファイル: __init__.py プロジェクト: robx/adhocracy3.mercator
def set_acms_for_app_root(app: Router, acms: (dict)=()):
    """
    Set the :term:`acm`s for the `app`s root object.

    In addition all permissions are granted the god user.

    :param app: The pyramid wsgi application
    :param acms: :class:`adhocracy_core.schema.ACM` dictionaries.
                 :term:`acm`s with overriding permissions should be put
                 before :term:`acm`s with default permissions.
    """
    new_acl = [god_all_permission_ace]
    for acm in acms:
        new_acl += acm_to_acl(acm, app.registry)
    root = get_root(app)
    old_acl = get_acl(root)
    if old_acl == new_acl:
        return
    set_acl(root, new_acl, app.registry)
    transaction.commit()
コード例 #12
0
def set_acms_for_app_root(app: Router, acms: (dict) = ()):
    """
    Set the :term:`acm`s for the `app`s root object.

    In addition all permissions are granted the god user.

    :param app: The pyramid wsgi application
    :param acms: :class:`adhocracy_core.schema.ACM` dictionaries.
                 :term:`acm`s with overriding permissions should be put
                 before :term:`acm`s with default permissions.
    """
    new_acl = [god_all_permission_ace]
    for acm in acms:
        new_acl += acm_to_acl(acm, app.registry)
    root = get_root(app)
    old_acl = get_acl(root)
    if old_acl == new_acl:
        return
    set_acl(root, new_acl, app.registry)
    transaction.commit()
コード例 #13
0
ファイル: __init__.py プロジェクト: Janaba/adhocracy3
def set_acms_for_app_root(event):
    """Set/update :term:`acm`s for the root object of the pyramid application.

    :param event: this function should be used as a subscriber for the
                  :class:`pyramid.interfaces.IApplicationCreated` event.
                  That way everytime the application starts the root `acm`
                  is updated.

    The `root_acm` (:func:`root_acm_asset`) is extended by the :term:`acm`
    returned by the :class:`adhocracy_core.authorization.IRootACMExtension`
    adapter.

    In addition all permissions are granted the god user.
    """
    root, closer = get_root(event.app)
    acl = [god_all_permission_ace]
    acl += _get_root_extension_acl(root, event.app.registry)
    acl += _get_root_base_acl()
    old_acl = get_acl(root, [])
    if old_acl == acl:
        return
    set_acl(root, acl, event.app.registry)
    transaction.commit()
    closer()
コード例 #14
0
ファイル: __init__.py プロジェクト: robx/adhocracy3.mercator
def set_god_all_permissions(resource: IResource, registry=None) -> bool:
    """Set the god's permissions on the resource."""
    old_acl = get_acl(resource)
    new_acl = [god_all_permission_ace] + old_acl
    set_acl(resource, new_acl, registry)
コード例 #15
0
def set_god_all_permissions(resource: IResource, registry=None) -> bool:
    """Set the god's permissions on the resource."""
    old_acl = get_acl(resource)
    new_acl = [god_all_permission_ace] + old_acl
    set_acl(resource, new_acl, registry)