def test_insertObject(self): # admin, alice and bob have write privileges m = Member(name='byAdmin') m.saveAssertAllowed(self.admin, checkFolders=[self.f1]) m.folders = [self.f1] m.save() self.assert_(Member.objects.filter(name='byAdmin', folders=self.f1).exists()) m = Member(name='byAlice') m.saveAssertAllowed(self.alice, checkFolders=[self.f1]) m.folders = [self.f1] m.save() self.assert_(Member.objects.filter(name='byAlice', folders=self.f1).exists()) m = Member(name='byBob') m.saveAssertAllowed(self.bob, checkFolders=[self.f1]) m.folders = [self.f1] m.save() self.assert_(Member.objects.filter(name='byBob', folders=self.f1).exists()) # clara only has read privileges, denied def byClara(): m = Member(name='byClara') m.saveAssertAllowed(self.clara, checkFolders=[self.f1]) m.folders = [self.f1] m.save() self.assertRaises(PermissionDenied, byClara)
def doTestFor(self, dirDict, requestingUser): # changing acl should work on 'all' but not on 'write' dirDict['all'].setPermissionsAssertAllowed(requestingUser, self.alice, Actions.READ) self.assert_(dirDict['all'].isAllowed(self.alice, Action.READ)) def changeAclWrite(): dirDict['write'].setPermissionsAssertAllowed(requestingUser, self.alice, Actions.READ) self.assertRaises(PermissionDenied, changeAclWrite) # inserting an object should work on 'write' but not on 'read' m = Member(name='writeGood') m.saveAssertAllowed(requestingUser, checkFolders=[dirDict['write']]) m.folders = [dirDict['write']] m.save() self.assert_(Member.objects.filter(name='writeGood', folders=dirDict['write']).exists()) def insertObjectRead(): m = Member(name='writeBad') m.saveAssertAllowed(requestingUser, checkFolders=[dirDict['read']]) m.folders = [dirDict['read']] m.save() self.assertRaises(PermissionDenied, insertObjectRead) # reading an object should work on 'read' but not on 'none' self.assert_(Member.allowed(requestingUser).filter(folders=dirDict['read']).exists()) self.assertFalse(Member.allowed(requestingUser).filter(folders=dirDict['none']).exists())
def makeFolderWithPerms(self, agent, actionsName): root = Folder.getRootFolder() actions = getattr(Actions, actionsName.upper()) prefix = re.sub(r'^\w+:', '', agent) folder = root.makeSubFolder('%s_%s' % (prefix, actionsName)) folder.clearAcl() folder.setPermissions(agent, actions) # insert an object to the folder so we can test read access m = Member(name='foo') m.save() m.folders = [folder] m.save() return folder
def test_readObject(self): m = Member(name='x') m.save() m.folders = [self.f1] m.save() def containsX(querySet): return querySet.filter(name='x', folders=self.f1).exists() # admin, alice, bob, and clara have read privileges self.assert_(containsX(Member.allowed(self.admin))) self.assert_(containsX(Member.allowed(self.alice))) self.assert_(containsX(Member.allowed(self.bob))) self.assert_(containsX(Member.allowed(self.clara))) # dave has no privileges, denied self.assertFalse(containsX(Member.allowed(self.dave)))
def insertObjectRead(): m = Member(name='writeBad') m.saveAssertAllowed(requestingUser, checkFolders=[dirDict['read']]) m.folders = [dirDict['read']] m.save()
def byClara(): m = Member(name='byClara') m.saveAssertAllowed(self.clara, checkFolders=[self.f1]) m.folders = [self.f1] m.save()