def doTestFor(self, dirDict, requestingUser): # changing acl should work on 'all' but not on 'write' dirDict['all'].setPermissionsAssertAllowed(requestingUser, self.alice, Actions.READ) self.assert_(dirDict['all'].isAllowed(self.alice, Action.READ)) def changeAclWrite(): dirDict['write'].setPermissionsAssertAllowed(requestingUser, self.alice, Actions.READ) self.assertRaises(PermissionDenied, changeAclWrite) # inserting an object should work on 'write' but not on 'read' m = Member(name='writeGood') m.saveAssertAllowed(requestingUser, checkFolders=[dirDict['write']]) m.folders = [dirDict['write']] m.save() self.assert_(Member.objects.filter(name='writeGood', folders=dirDict['write']).exists()) def insertObjectRead(): m = Member(name='writeBad') m.saveAssertAllowed(requestingUser, checkFolders=[dirDict['read']]) m.folders = [dirDict['read']] m.save() self.assertRaises(PermissionDenied, insertObjectRead) # reading an object should work on 'read' but not on 'none' self.assert_(Member.allowed(requestingUser).filter(folders=dirDict['read']).exists()) self.assertFalse(Member.allowed(requestingUser).filter(folders=dirDict['none']).exists())
def test_readObject(self): m = Member(name='x') m.save() m.folders = [self.f1] m.save() def containsX(querySet): return querySet.filter(name='x', folders=self.f1).exists() # admin, alice, bob, and clara have read privileges self.assert_(containsX(Member.allowed(self.admin))) self.assert_(containsX(Member.allowed(self.alice))) self.assert_(containsX(Member.allowed(self.bob))) self.assert_(containsX(Member.allowed(self.clara))) # dave has no privileges, denied self.assertFalse(containsX(Member.allowed(self.dave)))