def test__get_readable_descendants(self): project = ProjectFactory(creator=self.user) child = NodeFactory(parent=project, creator=self.user) nodes, all_readable = _get_readable_descendants(auth=Auth( project.creator), node=project) assert_equal(nodes[0]._id, child._id) assert_true(all_readable)
def test__get_readable_descendants_includes_pointers(self): project = ProjectFactory(creator=self.user) pointed = ProjectFactory() node_relation = project.add_pointer(pointed, auth=Auth(self.user)) project.save() nodes, all_readable = _get_readable_descendants(auth=Auth(project.creator), node=project) assert_equal(len(nodes), 1) assert_equal(nodes[0].title, pointed.title) assert_equal(nodes[0]._id, pointed._id) assert_true(all_readable)
def test__get_readable_descendants_masked_by_permissions(self): # Users should be able to see through components they do not have # permissions to. # Users should not be able to see through links to nodes they do not # have permissions to. # # 1(AB) # / | \ # * | \ # / | \ # 2(A) 4(B) 7(A) # | | | \ # | | | \ # 3(AB) 5(B) 8(AB) 9(B) # | # | # 6(A) # # userA = UserFactory(fullname='User A') userB = UserFactory(fullname='User B') project1 = ProjectFactory(creator=self.user, title='One') project1.add_contributor(userA, auth=Auth(self.user), permissions=['read']) project1.add_contributor(userB, auth=Auth(self.user), permissions=['read']) component2 = ProjectFactory(creator=self.user, title='Two') component2.add_contributor(userA, auth=Auth(self.user), permissions=['read']) component3 = ProjectFactory(creator=self.user, title='Three') component3.add_contributor(userA, auth=Auth(self.user), permissions=['read']) component3.add_contributor(userB, auth=Auth(self.user), permissions=['read']) component4 = ProjectFactory(creator=self.user, title='Four') component4.add_contributor(userB, auth=Auth(self.user), permissions=['read']) component5 = ProjectFactory(creator=self.user, title='Five') component5.add_contributor(userB, auth=Auth(self.user), permissions=['read']) component6 = ProjectFactory(creator=self.user, title='Six') component6.add_contributor(userA, auth=Auth(self.user), permissions=['read']) component7 = ProjectFactory(creator=self.user, title='Seven') component7.add_contributor(userA, auth=Auth(self.user), permissions=['read']) component8 = ProjectFactory(creator=self.user, title='Eight') component8.add_contributor(userA, auth=Auth(self.user), permissions=['read']) component8.add_contributor(userB, auth=Auth(self.user), permissions=['read']) component9 = ProjectFactory(creator=self.user, title='Nine') component9.add_contributor(userB, auth=Auth(self.user), permissions=['read']) project1.add_pointer(component2, Auth(self.user)) NodeRelation.objects.create(parent=project1, child=component4) NodeRelation.objects.create(parent=project1, child=component7) NodeRelation.objects.create(parent=component2, child=component3) NodeRelation.objects.create(parent=component4, child=component5) NodeRelation.objects.create(parent=component5, child=component6) NodeRelation.objects.create(parent=component7, child=component8) NodeRelation.objects.create(parent=component7, child=component9) nodes, all_readable = _get_readable_descendants(auth=Auth(userA), node=project1) assert_equal(len(nodes), 3) assert_false(all_readable) for node in nodes: assert_in(node.title, ['Two', 'Six', 'Seven']) nodes, all_readable = _get_readable_descendants(auth=Auth(userB), node=project1) assert_equal(len(nodes), 3) assert_false(all_readable) for node in nodes: assert_in(node.title, ['Four', 'Eight', 'Nine'])
def test__get_readable_descendants(self): project = ProjectFactory(creator=self.user) child = NodeFactory(parent=project, creator=self.user) nodes, all_readable = _get_readable_descendants(auth=Auth(project.creator), node=project) assert_equal(nodes[0]._id, child._id) assert_true(all_readable)