def testPrincipalPermission(self):
manager = AnnotationPrincipalPermissionManager(Manageable())
provideUtility(Permission('APerm', 'title'), IPermission, 'APerm')
permission = 'APerm'
principal = self._make_principal()
# check that an allow permission is saved correctly
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that the allow permission is removed.
manager.unsetPermissionForPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
# now put a deny in there, check it's set.
manager.denyPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Deny)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Deny)])
# test for deny followed by allow . The latter should override.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that allow followed by allow is just a single allow.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that two unsets in a row quietly ignores the second one.
manager.unsetPermissionForPrincipal(permission, principal)
manager.unsetPermissionForPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
# check the result of getSetting() when it's empty.
self.assertEqual(manager.getSetting(permission, principal), Unset)
# check the result of getSetting() when it's allowed.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getSetting(permission, principal), Allow)
# check the result of getSetting() when it's denied.
manager.denyPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getSetting(permission, principal), Deny)
def testManyPrincipalsOnePermission(self):
manager = AnnotationPrincipalPermissionManager(Manageable())
provideUtility(Permission('Perm One', 'title'), IPermission,
'Perm One')
perm1 = 'Perm One'
prin1 = self._make_principal()
prin2 = self._make_principal('Principal 2', 'Principal Two')
manager.grantPermissionToPrincipal(perm1, prin1)
manager.denyPermissionToPrincipal(perm1, prin2)
principals = manager.getPrincipalsForPermission(perm1)
self.assertEqual(len(principals), 2)
self.assertTrue((prin1, Allow) in principals)
self.assertTrue((prin2, Deny) in principals)
def testManyPermissionsOnePrincipal(self):
manager = AnnotationPrincipalPermissionManager(Manageable())
provideUtility(Permission('Perm One', 'title'), IPermission,
'Perm One')
perm1 = 'Perm One'
provideUtility(Permission('Perm Two', 'title'), IPermission,
'Perm Two')
perm2 = 'Perm Two'
prin1 = self._make_principal()
manager.grantPermissionToPrincipal(perm1, prin1)
manager.grantPermissionToPrincipal(perm2, prin1)
perms = manager.getPermissionsForPrincipal(prin1)
self.assertEqual(len(perms), 2)
self.failUnless((perm1, Allow) in perms)
self.failUnless((perm2, Allow) in perms)
manager.denyPermissionToPrincipal(perm2, prin1)
perms = manager.getPermissionsForPrincipal(prin1)
self.assertEqual(len(perms), 2)
self.failUnless((perm1, Allow) in perms)
self.failUnless((perm2, Deny) in perms)