def setUp(self):
self.env = EnvironmentStub(enable=[perm.DefaultPermissionStore,
perm.DefaultPermissionPolicy,
TestPermissionPolicy,
TestPermissionRequestor])
self.env.config.set('trac', 'permission_policies', 'TestPermissionPolicy')
self.policy = TestPermissionPolicy(self.env)
self.perm = perm.PermissionCache(self.env, 'testuser')
def create_request(self, authname='anonymous', **kwargs):
kw = {'perm': perm.PermissionCache(self.env, authname), 'args': {},
'href': self.env.href, 'abs_href': self.env.abs_href,
'tz': utc, 'locale': None, 'lc_time': locale_en,
'chrome': {'notices': [], 'warnings': []},
'method': None, 'get_header': lambda v: None}
kw.update(kwargs)
return Mock(**kw)
class EmailVerificationModule(CommonTemplateProvider):
"""Performs email verification on every new or changed address.
A working email sender for Trac (!TracNotification or !TracAnnouncer)
is strictly required to enable this module's functionality.
Anonymous users should register and perms should be tweaked, so that
anonymous users can't edit wiki pages and change or create tickets.
So this email verification code won't be used on them.
"""
implements(IRequestFilter, IRequestHandler)
def __init__(self, *args, **kwargs):
self.email_enabled = True
if self.config.getbool('announcer', 'email_enabled') != True and \
self.config.getbool('notification', 'smtp_enabled') != True:
self.email_enabled = False
if is_enabled(self.env, self.__class__) == True:
self.env.log.warn(' '.join([
self.__class__.__name__,
"can't work because of missing email setup."
]))
# IRequestFilter methods
def pre_process_request(self, req, handler):
if not req.session.authenticated:
# Permissions for anonymous users remain unchanged.
return handler
elif req.path_info == '/prefs' and req.method == 'POST' and \
not 'restore' in req.args:
try:
EmailCheck(self.env).validate_registration(req)
# Check passed without error: New email address seems good.
except RegistrationError, e:
# Attempt to change email to an empty or invalid
# address detected, resetting to previously stored value.
chrome.add_warning(req, Markup(gettext(e.message)))
req.redirect(req.href.prefs(None))
if AccountManager(self.env).verify_email and handler is not self and \
'email_verification_token' in req.session and \
not req.perm.has_permission('ACCTMGR_ADMIN'):
# TRANSLATOR: Your permissions have been limited until you ...
link = tag.a(_("verify your email address"),
href=req.href.verify_email())
# TRANSLATOR: ... verify your email address
chrome.add_warning(
req,
Markup(
tag.span(
Markup(
_("Your permissions have been limited until you %(link)s.",
link=link)))))
req.perm = perm.PermissionCache(self.env, 'anonymous')
return handler
def test_cache_shared(self):
# we need to start with an empty cache here (#7201)
perm1 = perm.PermissionCache(self.env, 'testcache')
perm1 = perm1('ticket', 1)
perm2 = perm1('ticket', 1) # share internal cache
self.perm_system.grant_permission('testcache', 'TEST_ADMIN')
perm1.require('TEST_ADMIN')
self.perm_system.revoke_permission('testcache', 'TEST_ADMIN')
# Using cached GRANT here (from shared cache)
perm2.require('TEST_ADMIN')
def setUp(self):
self.env = EnvironmentStub(enable=[perm.DefaultPermissionStore,
perm.DefaultPermissionPolicy,
TestPermissionRequestor])
self.perm_system = perm.PermissionSystem(self.env)
# by-pass DefaultPermissionPolicy cache:
perm.DefaultPermissionPolicy.CACHE_EXPIRY = -1
self.perm_system.grant_permission('testuser', 'TEST_MODIFY')
self.perm_system.grant_permission('testuser', 'TEST_ADMIN')
self.perm = perm.PermissionCache(self.env, 'testuser')
def test_user1_allowed_by_policy2(self):
"""policy1 consulted for ACTION_2. policy2 consulted for ACTION_2.
"""
perm_cache = perm.PermissionCache(self.env, 'user2')
self.assertIn('ACTION_2', perm_cache)
self.assertEqual(1, self.ps.policies[0].call_count)
self.assertEqual(1, self.ps.policies[1].call_count)
self.assertEqual([
('policy1', 'ACTION_2', None),
('policy2', 'ACTION_2', True),
], self.decisions)
def setUp(self):
self.env = EnvironmentStub(
enable=[perm.DefaultPermissionStore, perm.DefaultPermissionPolicy
] + self.permission_requestors)
self.env.config.set('trac', 'permission_policies',
'DefaultPermissionPolicy')
self.perm_system = perm.PermissionSystem(self.env)
# by-pass DefaultPermissionPolicy cache:
perm.DefaultPermissionPolicy.CACHE_EXPIRY = -1
self.perm_system.grant_permission('testuser', 'TEST_MODIFY')
self.perm_system.grant_permission('testuser', 'TEST_ADMIN')
self.perm = perm.PermissionCache(self.env, 'testuser')
def setUp(self):
self.env = EnvironmentStub(enable=['trac.*', 'itteco.*'])
self.env.config.set('trac', 'permission_policies',
'CalendarSystem, DefaultPermissionPolicy')
self.itteco_env = IttecoEvnSetup(self.env)
self.itteco_env.upgrade_environment(self.env.get_db_cnx())
self.calendar_system = CalendarSystem(self.env)
self.perm_system = perm.PermissionSystem(self.env)
self.perm = perm.PermissionCache(self.env, 'testuser')
def test_user2_denied_by_no_decision(self):
"""policy1 and policy2 consulted for ACTION_1. policy1 and
policy2 consulted for ACTION_2.
"""
perm_cache = perm.PermissionCache(self.env, 'user2')
self.assertNotIn('ACTION_1', perm_cache)
self.assertEqual(2, self.ps.policies[0].call_count)
self.assertEqual(2, self.ps.policies[1].call_count)
self.assertEqual([
('policy1', 'ACTION_2', None),
('policy2', 'ACTION_2', True),
('policy1', 'ACTION_1', None),
('policy2', 'ACTION_1', None),
], self.decisions)
def setUp(self):
self.env = EnvironmentStub(enable=[
perm.PermissionSystem, perm.DefaultPermissionStore,
TestPermissionRequestor
])
# Add a few groups
db = self.env.get_db_cnx()
cursor = db.cursor()
cursor.executemany("INSERT INTO permission VALUES(%s,%s)",
[('employee', 'TEST_MODIFY'),
('developer', 'TEST_ADMIN'),
('developer', 'employee'), ('bob', 'developer')])
db.commit()
self.perm = perm.PermissionCache(self.env, 'bob')
def test_new_product_perm(self):
"""Only product owner and TRAC_ADMIN will access new product
"""
newproduct = Product(self.global_env)
newproduct.prefix = 'NEW'
newproduct.name = 'New product'
newproduct.owner = 'owneruser'
newproduct.insert()
env = ProductEnvironment(self.global_env, newproduct)
self.global_perm_admin._do_add('adminuser', 'TRAC_ADMIN')
admin_perm = perm.PermissionCache(env, 'adminuser')
owner_perm = perm.PermissionCache(env, 'owneruser')
user_perm = perm.PermissionCache(env, 'testuser')
global_permsys = perm.PermissionSystem(self.global_env)
permsys = perm.PermissionSystem(env)
self.assertEquals({'EMAIL_VIEW': True, 'TEST_ADMIN': True,
'TEST_CREATE': True, 'TEST_DELETE': True,
'TEST_MODIFY': True, 'TRAC_ADMIN' : True},
global_permsys.get_user_permissions('adminuser'))
self.assertEquals({}, global_permsys.get_user_permissions('owneruser'))
self.assertEquals({}, global_permsys.get_user_permissions('testuser'))
self.assertEquals({}, permsys.get_user_permissions('adminuser'))
self.assertEquals({}, permsys.get_user_permissions('owneruser'))
self.assertEquals({}, permsys.get_user_permissions('testuser'))
all_actions = self.permsys.get_actions()
all_actions.remove('TRAC_ADMIN')
for action in all_actions:
self.assertTrue(admin_perm.has_permission(action))
self.assertTrue(owner_perm.has_permission(action))
self.assertFalse(user_perm.has_permission(action))
self.assertTrue(admin_perm.has_permission('TRAC_ADMIN'))
self.assertFalse(owner_perm.has_permission('TRAC_ADMIN'))
self.assertFalse(user_perm.has_permission('TRAC_ADMIN'))
def pre_process_request(self, req, handler):
if not req.session.authenticated:
# Permissions for anonymous users remain unchanged.
return handler
if AccountManager(self.env).verify_email and handler is not self and \
'email_verification_token' in req.session and \
not req.perm.has_permission('ACCTMGR_ADMIN'):
# TRANSLATOR: Your permissions have been limited until you ...
link = tag.a(_("verify your email address"),
href=req.href.verify_email())
# TRANSLATOR: ... verify your email address
chrome.add_warning(
req,
Markup(
tag.span(
Markup(
_("Your permissions have been limited until you %(link)s.",
link=link)))))
req.perm = perm.PermissionCache(self.env, 'anonymous')
return handler
class EmailVerificationModule(CommonTemplateProvider):
"""Performs email verification on every new or changed address.
A working email sender for Trac (!TracNotification or !TracAnnouncer)
is strictly required to enable this module's functionality.
Anonymous users should register and perms should be tweaked, so that
anonymous users can't edit wiki pages and change or create tickets.
So this email verification code won't be used on them.
"""
implements(IRequestFilter, IRequestHandler)
verify_email = BoolOption(
'account-manager', 'verify_email', True,
doc="Verify the email address of Trac users.")
def __init__(self, *args, **kwargs):
self.email_enabled = True
if self.config.getbool('announcer', 'email_enabled') and \
self.config.getbool('notification', 'smtp_enabled'):
self.email_enabled = False
if self.env.is_enabled(self.__class__):
self.log.warning("%s can't work because of missing email "
"setup.", self.__class__.__name__)
# IRequestFilter methods
def pre_process_request(self, req, handler):
if not req.authname or req.authname == 'anonymous':
# Permissions for anonymous users remain unchanged.
return handler
elif req.path_info == '/prefs' and \
req.method == 'POST' and \
'restore' not in req.args and \
req.get_header(
'X-Requested-With') != 'XMLHttpRequest':
try:
AccountManager(self.env).validate_account(req)
# Check passed without error: New email address seems good.
except RegistrationError, e:
# Always warn about issues.
chrome.add_warning(req, e)
# Look, if the issue existed before.
attributes = get_user_attribute(self.env, req.authname,
attribute='email')
email = req.authname in attributes and \
attributes[req.authname][1].get('email') or None
new_email = req.args.get('email', '').strip()
if (email or new_email) and email != new_email:
# Attempt to change email to an empty or invalid
# address detected, resetting to previously stored value.
req.redirect(req.href.prefs(None))
if self.verify_email and handler is not self and \
'email_verification_token' in req.session and \
'ACCTMGR_ADMIN' not in req.perm:
# TRANSLATOR: Your permissions have been limited until you ...
link = tag.a(_("verify your email address"),
href=req.href.verify_email())
# TRANSLATOR: ... verify your email address
chrome.add_warning(req,
tag_("Your permissions have been limited "
"until you %(link)s.", link=link))
req.perm = perm.PermissionCache(self.env, 'anonymous')
return handler
def setUp(self):
ProductPermissionCacheTestCase.setUp(self)
nbh = Neighborhood('product', self.default_product)
resource = nbh.child(None, None)
self.perm = perm.PermissionCache(self.global_env, 'testuser', resource)
