def test_map_principals_with_local_roles(self, db_session, root): from kotti.security import get_principals from kotti.security import map_principals_with_local_roles self.test_principals_with_local_roles(db_session, root) child = root["child"] P = get_principals() # No users are defined in P, thus we get the empty list: assert map_principals_with_local_roles(root) == [] P["bob"] = {"name": "bob"} P["group:bobsgroup"] = {"name": "group:bobsgroup"} value = map_principals_with_local_roles(root) assert len(value) == 1 bob, (bob_all, bob_inherited) = value[0] assert bob_all == ["group:bobsgroup"] assert bob_inherited == [] value = map_principals_with_local_roles(child) assert len(value) == 2 bob, (bob_all, bob_inherited) = value[0] bobsgroup, (bobsgroup_all, bobsgroup_inherited) = value[1] assert set(bob_all) == {"group:bobsgroup", "role:editor"} assert set(bob_inherited) == {"group:bobsgroup", "role:editor"} assert bobsgroup_all == ["role:editor"] assert bobsgroup_inherited == []
def test_map_principals_with_local_roles(self, db_session, root): from kotti.security import get_principals from kotti.security import map_principals_with_local_roles self.test_principals_with_local_roles(db_session, root) child = root[u'child'] P = get_principals() # No users are defined in P, thus we get the empty list: assert map_principals_with_local_roles(root) == [] P['bob'] = {'name': u'bob'} P['group:bobsgroup'] = {'name': u'group:bobsgroup'} value = map_principals_with_local_roles(root) assert len(value) == 1 bob, (bob_all, bob_inherited) = value[0] assert bob_all == ['group:bobsgroup'] assert bob_inherited == [] value = map_principals_with_local_roles(child) assert len(value) == 2 bob, (bob_all, bob_inherited) = value[0] bobsgroup, (bobsgroup_all, bobsgroup_inherited) = value[1] assert (set(bob_all) == set(['group:bobsgroup', 'role:editor'])) assert (set(bob_inherited) == set(['group:bobsgroup', 'role:editor'])) assert bobsgroup_all == ['role:editor'] assert bobsgroup_inherited == []
def test_principals_with_local_roles(self, db_session, root): from kotti.resources import Node from kotti.security import map_principals_with_local_roles from kotti.security import principals_with_local_roles from kotti.security import set_groups child = root["child"] = Node() db_session.flush() assert principals_with_local_roles(root) == [] assert principals_with_local_roles(child) == [] assert map_principals_with_local_roles(root) == [] assert map_principals_with_local_roles(child) == [] set_groups("group:bobsgroup", child, ["role:editor"]) set_groups("bob", root, ["group:bobsgroup"]) set_groups("group:franksgroup", root, ["role:editor"]) assert set(principals_with_local_roles(child)) == { "bob", "group:bobsgroup", "group:franksgroup", } assert set(principals_with_local_roles( child, inherit=False)) == {"group:bobsgroup"} assert set( principals_with_local_roles(root)) == {"bob", "group:franksgroup"}
def test_principals_with_local_roles(self, db_session, root): from kotti.resources import Node from kotti.security import map_principals_with_local_roles from kotti.security import principals_with_local_roles from kotti.security import set_groups child = root[u'child'] = Node() db_session.flush() assert principals_with_local_roles(root) == [] assert principals_with_local_roles(child) == [] assert map_principals_with_local_roles(root) == [] assert map_principals_with_local_roles(child) == [] set_groups('group:bobsgroup', child, ['role:editor']) set_groups('bob', root, ['group:bobsgroup']) set_groups('group:franksgroup', root, ['role:editor']) assert (set(principals_with_local_roles(child)) == { 'bob', 'group:bobsgroup', 'group:franksgroup' }) assert (set(principals_with_local_roles( child, inherit=False)) == {'group:bobsgroup'}) assert (set( principals_with_local_roles(root)) == {'bob', 'group:franksgroup'})
def test_principals_with_local_roles(self, db_session, root): from kotti.resources import Node from kotti.security import map_principals_with_local_roles from kotti.security import principals_with_local_roles from kotti.security import set_groups child = root[u'child'] = Node() db_session.flush() assert principals_with_local_roles(root) == [] assert principals_with_local_roles(child) == [] assert map_principals_with_local_roles(root) == [] assert map_principals_with_local_roles(child) == [] set_groups('group:bobsgroup', child, ['role:editor']) set_groups('bob', root, ['group:bobsgroup']) set_groups('group:franksgroup', root, ['role:editor']) assert ( set(principals_with_local_roles(child)) == set(['bob', 'group:bobsgroup', 'group:franksgroup']) ) assert ( set(principals_with_local_roles(child, inherit=False)) == set(['group:bobsgroup']) ) assert ( set(principals_with_local_roles(root)) == set(['bob', 'group:franksgroup']) )
def test_map_principals_with_local_roles(self, db_session, root): from kotti.security import get_principals from kotti.security import map_principals_with_local_roles self.test_principals_with_local_roles(db_session, root) child = root[u'child'] P = get_principals() # No users are defined in P, thus we get the empty list: assert map_principals_with_local_roles(root) == [] P['bob'] = {'name': u'bob'} P['group:bobsgroup'] = {'name': u'group:bobsgroup'} value = map_principals_with_local_roles(root) assert len(value) == 1 bob, (bob_all, bob_inherited) = value[0] assert bob_all == ['group:bobsgroup'] assert bob_inherited == [] value = map_principals_with_local_roles(child) assert len(value) == 2 bob, (bob_all, bob_inherited) = value[0] bobsgroup, (bobsgroup_all, bobsgroup_inherited) = value[1] assert (set(bob_all) == {'group:bobsgroup', 'role:editor'}) assert (set(bob_inherited) == {'group:bobsgroup', 'role:editor'}) assert bobsgroup_all == ['role:editor'] assert bobsgroup_inherited == []
def test_map_principals_with_local_roles(self): from kotti.resources import get_root from kotti.security import get_principals from kotti.security import map_principals_with_local_roles self.test_principals_with_local_roles() root = get_root() child = root[u'child'] P = get_principals() # No users are defined in P, thus we get the empty list: self.assertEqual(map_principals_with_local_roles(root), []) P['bob'] = {'name': u'bob'} P['group:bobsgroup'] = {'name': u'group:bobsgroup'} value = map_principals_with_local_roles(root) self.assertEqual(len(value), 1) bob, (bob_all, bob_inherited) = value[0] self.assertEqual(bob_all, ['group:bobsgroup']) self.assertEqual(bob_inherited, []) value = map_principals_with_local_roles(child) self.assertEqual(len(value), 2) bob, (bob_all, bob_inherited) = value[0] bobsgroup, (bobsgroup_all, bobsgroup_inherited) = value[1] self.assertEqual(set(bob_all), set(['group:bobsgroup', 'role:editor'])) self.assertEqual(set(bob_inherited), set(['group:bobsgroup', 'role:editor'])) self.assertEqual(bobsgroup_all, ['role:editor']) self.assertEqual(bobsgroup_inherited, [])
def test_principals_with_local_roles(self): from kotti import DBSession from kotti.resources import get_root from kotti.resources import Node from kotti.security import map_principals_with_local_roles from kotti.security import principals_with_local_roles from kotti.security import set_groups root = get_root() child = root[u'child'] = Node() DBSession.flush() self.assertEqual(principals_with_local_roles(root), []) self.assertEqual(principals_with_local_roles(child), []) self.assertEqual(map_principals_with_local_roles(root), []) self.assertEqual(map_principals_with_local_roles(child), []) set_groups('group:bobsgroup', child, ['role:editor']) set_groups('bob', root, ['group:bobsgroup']) set_groups('group:franksgroup', root, ['role:editor']) self.assertEqual( set(principals_with_local_roles(child)), set(['bob', 'group:bobsgroup', 'group:franksgroup']) ) self.assertEqual( set(principals_with_local_roles(child, inherit=False)), set(['group:bobsgroup']) ) self.assertEqual( set(principals_with_local_roles(root)), set(['bob', 'group:franksgroup']) )
def test_principals_with_local_roles(self): from kotti import DBSession from kotti.resources import get_root from kotti.resources import Node from kotti.security import map_principals_with_local_roles from kotti.security import principals_with_local_roles from kotti.security import set_groups root = get_root() child = root[u'child'] = Node() DBSession.flush() self.assertEqual(principals_with_local_roles(root), []) self.assertEqual(principals_with_local_roles(child), []) self.assertEqual(map_principals_with_local_roles(root), []) self.assertEqual(map_principals_with_local_roles(child), []) set_groups('group:bobsgroup', child, ['role:editor']) set_groups('bob', root, ['group:bobsgroup']) set_groups('group:franksgroup', root, ['role:editor']) self.assertEqual(set(principals_with_local_roles(child)), set(['bob', 'group:bobsgroup', 'group:franksgroup'])) self.assertEqual( set(principals_with_local_roles(child, inherit=False)), set(['group:bobsgroup'])) self.assertEqual(set(principals_with_local_roles(root)), set(['bob', 'group:franksgroup']))
def share_node(context, request): # Allow roles_form_handler to do processing on 'apply': changed = roles_form_handler( context, request, SHARING_ROLES, list_groups_raw) if changed: for (principal_name, context, groups) in changed: set_groups(principal_name, context, groups) return HTTPFound(location=request.url) existing = map_principals_with_local_roles(context) def with_roles(entry): all_groups = entry[1][0] return [g for g in all_groups if g.startswith('role:')] existing = filter(with_roles, existing) seen = set([entry[0].name for entry in existing]) # Allow search to take place and add some entries: entries = existing + search_principals(request, context, ignore=seen) available_roles = [ROLES[role_name] for role_name in SHARING_ROLES] return { 'entries': entries, 'available_roles': available_roles, }
def share_node(context, request): # Allow roles_form_handler to do processing on 'apply': if "apply" in request.POST: if request.params.get( "csrf_token") != request.session.get_csrf_token(): raise HTTPBadRequest("Invalid CSRF token") changed = roles_form_handler(context, request, SHARING_ROLES, list_groups_raw) if changed: for (principal_name, context, groups) in changed: set_groups(principal_name, context, groups) return HTTPFound(location=request.url) existing = map_principals_with_local_roles(context) def with_roles(entry): all_groups = entry[1][0] return len([g for g in all_groups if g.startswith("role:")]) > 0 existing = [e for e in filter(with_roles, existing)] seen = {entry[0].name for entry in existing} # Allow search to take place and add some entries: entries = list(existing) + search_principals(request, context, ignore=seen) available_roles = [ROLES[role_name] for role_name in SHARING_ROLES] return { "entries": entries, "available_roles": available_roles, "csrf_token": request.session.get_csrf_token(), }
def share_node(context, request): # Allow roles_form_handler to do processing on 'apply': changed = roles_form_handler(context, request, SHARING_ROLES, list_groups_raw) if changed: for (principal_name, context, groups) in changed: set_groups(principal_name, context, groups) return HTTPFound(location=request.url) existing = map_principals_with_local_roles(context) def with_roles(entry): all_groups = entry[1][0] return [g for g in all_groups if g.startswith('role:')] existing = filter(with_roles, existing) seen = set([entry[0].name for entry in existing]) # Allow search to take place and add some entries: entries = existing + search_principals(request, context, ignore=seen) available_roles = [ROLES[role_name] for role_name in SHARING_ROLES] return { 'entries': entries, 'available_roles': available_roles, }
def share_node(context, request): # Allow roles_form_handler to do processing on 'apply': if 'apply' in request.POST: if request.params.get('csrf_token') != request.session.get_csrf_token(): raise HTTPBadRequest('Invalid CSRF token') changed = roles_form_handler( context, request, SHARING_ROLES, list_groups_raw) if changed: for (principal_name, context, groups) in changed: set_groups(principal_name, context, groups) return HTTPFound(location=request.url) existing = map_principals_with_local_roles(context) def with_roles(entry): all_groups = entry[1][0] return len([g for g in all_groups if g.startswith('role:')]) > 0 existing = [e for e in filter(with_roles, existing)] seen = set([entry[0].name for entry in existing]) # Allow search to take place and add some entries: entries = list(existing) + search_principals(request, context, ignore=seen) available_roles = [ROLES[role_name] for role_name in SHARING_ROLES] return { 'entries': entries, 'available_roles': available_roles, 'csrf_token': request.session.get_csrf_token() }
def get_recepients(context, permission="state_change"): """ Get a list of principals that have the permission in context and a email. :param context: Object for that the permission is needed. :type context: :class:`kotti.resources.Node` :param permission: :type permission: str :result: List of principals. :rtype: set """ principal_db = get_principals() recepients = [] for p in principals_allowed_by_permission(context, permission): # set(['role:owner', 'role:editor']) for principal in principal_db.search(groups=u'*%s*' % p).all(): recepients.append(principal) for principal in map_principals_with_local_roles(context): # [ # ( # <Principal u'disko'>, # ( # [u'role:owner', u'group:admins', u'role:admin'], # [u'role:owner', u'group:admins', u'role:admin']))] if p in principal[1][0] or p in principal[1][1]: recepients.append(principal[0]) return set([r for r in recepients if r.email])
def test_principals_with_local_roles(self): session = DBSession() root = get_root() child = root[u'child'] = Node() session.flush() self.assertEqual(principals_with_local_roles(root), []) self.assertEqual(principals_with_local_roles(child), []) self.assertEqual(map_principals_with_local_roles(root), []) self.assertEqual(map_principals_with_local_roles(child), []) set_groups('group:bobsgroup', child, ['role:editor']) set_groups('bob', root, ['group:bobsgroup']) set_groups('group:franksgroup', root, ['role:editor']) self.assertEqual( set(principals_with_local_roles(child)), set(['bob', 'group:bobsgroup', 'group:franksgroup'])) self.assertEqual( set(principals_with_local_roles(root)), set(['bob', 'group:franksgroup']))