def test_grant_role_as_manager(self): """Test setting a role (as a Manager). """ self.layer.login('manager') access = IAuthorizationManager(self.root.folder) authorization = access.get_authorization('reader') self.assertEqual(authorization.role, 'Reader') # The user already have role, reader, so this does nothing with assertNotTriggersEvents('SecurityRoleAddedEvent'): self.assertEqual(authorization.grant('Reader'), False) self.assertEqual(authorization.local_role, None) # The user doesn't have that role so it is set with assertTriggersEvents('SecurityRoleAddedEvent'): self.assertEqual(authorization.grant('Manager'), True) self.assertEqual(authorization.local_role, 'Manager') # Now the user is editor self.assertEqual(authorization.role, 'Manager') # A new query returns the same results authorization = access.get_authorization('reader') self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.role, 'Manager')
def test_revoke_as_chiefeditor(self): """Revoke a local role as a chiefeditor (of an editor). """ self.layer.login('chiefeditor') access = IAuthorizationManager(self.root) authorization = access.get_authorization('reader') self.assertEqual(authorization.local_role, 'Editor') self.assertEqual(authorization.acquired_role, 'Reader') self.assertEqual(authorization.role, 'Editor') # We revoke the role with assertTriggersEvents('SecurityRoleRemovedEvent'): self.assertEqual(authorization.revoke(), True) # It is gone self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, 'Reader') self.assertEqual(authorization.role, 'Reader') # Even on a new query authorization = access.get_authorization('reader') self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, 'Reader') self.assertEqual(authorization.role, 'Reader')
def getItems(self): user_ids = self.store.get(USER_STORE_KEY, set()) if user_ids: access = IAuthorizationManager(self.context) authorizations = access.get_authorizations(user_ids).items() authorizations.sort(key=operator.itemgetter(0)) return filter(lambda auth: auth.type == 'user', map(operator.itemgetter(1), authorizations)) return []
def test_revoke_no_role(self): """Revoke local role when there is no local role. """ access = IAuthorizationManager(self.folder) authorization = access.get_authorization('viewer') self.assertEqual(authorization.local_role, None) with assertNotTriggersEvents('SecurityRoleRemovedEvent'): self.assertEqual(authorization.revoke(), False) self.assertEqual(authorization.local_role, None)
def test_authorization_email_user(self): """ Test email property on authorization object. """ member_service = component.getUtility(IMemberService) member = member_service.get_member('viewer') member.set_email('*****@*****.**') access = IAuthorizationManager(self.root.folder) authorization = access.get_authorization('viewer') self.assertEqual('*****@*****.**', authorization.email) authorization = access.get_authorization('reader') self.assertEqual(None, authorization.email)
def test_get_defined_authorizations_dont_acquire(self): """Retrieve current all current authorizations without acquiring. """ access = IAuthorizationManager(self.folder) authorizations = access.get_defined_authorizations(dont_acquire=True) self.assertEqual(len(authorizations), 1) self.assertTrue('reader' in list(authorizations.keys())) authorization = authorizations['reader'] self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.acquired_role, None) self.assertEqual(authorization.role, 'Manager')
def test_user_no_default_role(self): """Lookup a user that doesn't have a default role. """ access = IAuthorizationManager(self.root.folder) self.assertEqual(access.get_user_role('dummy'), None) authorization = access.get_authorization('dummy') self.assertTrue(verifyObject(IAuthorization, authorization)) self.assertEqual(authorization.identifier, 'dummy') self.assertEqual(authorization.type, 'user') self.assertEqual(authorization.role, None) self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, None)
def test_get_defined_authorizations_dont_acquire(self): """Retrieve current all current authorizations without acquiring. """ access = IAuthorizationManager(self.folder) authorizations = access.get_defined_authorizations(dont_acquire=True) self.assertEqual(len(authorizations), 1) self.assertTrue('reader' in authorizations.keys()) authorization = authorizations['reader'] self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.acquired_role, None) self.assertEqual(authorization.role, 'Manager')
def __init__(self, context): super(UserList, self).__init__(context) access = IAuthorizationManager(context) self.roles = set() self.users = [] self.users_roles = [] accesses = access.get_defined_authorizations(dont_acquire=True) for user_id, authorization in accesses.iteritems(): role = authorization.local_role self.users.append(user_id) self.users_roles.append((user_id, role,)) self.roles.add(role)
def test_get_authorization_dont_acquire(self): """Retrieve a user authorization that have some acquired roles. """ access = IAuthorizationManager(self.folder) authorization = access.get_authorization('reader', dont_acquire=True) self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.acquired_role, None) self.assertEqual(authorization.role, 'Manager') authorization = access.get_authorization('viewer', dont_acquire=True) self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, None) self.assertEqual(authorization.role, None)
def test_get_authorization_dont_acquire(self): """Retrieve a user authorization that have some acquired roles. """ access = IAuthorizationManager(self.folder) authorization = access.get_authorization( 'reader', dont_acquire=True) self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.acquired_role, None) self.assertEqual(authorization.role, 'Manager') authorization = access.get_authorization( 'viewer', dont_acquire=True) self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, None) self.assertEqual(authorization.role, None)
def test_user_lookup(self): """Lookup information about one specific user. """ for user_id in ['viewer', 'reader', 'author', 'editor', 'manager']: # Test users have the same login than their role (in lower case). access = IAuthorizationManager(self.root.folder) self.assertEqual(access.get_user_role(user_id).lower(), user_id) authorization = access.get_authorization(user_id) self.assertTrue(verifyObject(IAuthorization, authorization)) self.assertEqual(authorization.identifier, user_id) self.assertEqual(authorization.role.lower(), user_id) # By default users don't have a local here. Their role is # acquired. self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role.lower(), user_id)
def test_revoke_as_nobody(self): """Revoke local roles as nobody. """ self.layer.login('dummy') access = IAuthorizationManager(self.root) # We don't have the right to revoke that role authorization = access.get_authorization('reader') with assertNotTriggersEvents('SecurityRoleRemovedEvent'): with self.assertRaises(UnauthorizedRoleAssignement): authorization.revoke() # We don't have the right to revoke that role authorization = access.get_authorization('viewer') with assertNotTriggersEvents('SecurityRoleRemovedEvent'): with self.assertRaises(UnauthorizedRoleAssignement): authorization.revoke()
def test_user_lookup(self): """Lookup information about one specific user. """ for user_id in ['viewer', 'reader', 'author', 'editor', 'manager']: # Test users have the same login than their role (in lower case). access = IAuthorizationManager(self.root.folder) self.assertEqual( access.get_user_role(user_id).lower(), user_id) authorization = access.get_authorization(user_id) self.assertTrue(verifyObject(IAuthorization, authorization)) self.assertEqual(authorization.identifier, user_id) self.assertEqual(authorization.role.lower(), user_id) # By default users don't have a local here. Their role is # acquired. self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role.lower(), user_id)
def test_get_defined_authorizations(self): """Retrieve all current authorization, trying to acquire. """ access = IAuthorizationManager(self.folder) authorizations = access.get_defined_authorizations() self.assertEqual(len(authorizations), 2) self.assertTrue('viewer' in authorizations.keys()) self.assertTrue('reader' in authorizations.keys()) authorization = authorizations['viewer'] self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, 'ChiefEditor') self.assertEqual(authorization.role, 'ChiefEditor') authorization = authorizations['reader'] self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Manager')
def test_get_defined_authorizations(self): """Retrieve all current authorization, trying to acquire. """ access = IAuthorizationManager(self.folder) authorizations = access.get_defined_authorizations() self.assertEqual(len(authorizations), 2) self.assertTrue('viewer' in list(authorizations.keys())) self.assertTrue('reader' in list(authorizations.keys())) authorization = authorizations['viewer'] self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, 'ChiefEditor') self.assertEqual(authorization.role, 'ChiefEditor') authorization = authorizations['reader'] self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Manager')
def test_revoke_own_role_as_chiefeditor(self): """Revoke its own local role as chiefeditor. """ self.layer.login('viewer') access = IAuthorizationManager(self.root.publication) authorization = access.get_authorization('viewer') self.assertEqual(authorization.local_role, 'ChiefEditor') self.assertEqual(authorization.acquired_role, 'Reader') self.assertEqual(authorization.role, 'ChiefEditor') # We try to revoke the role with assertNotTriggersEvents('SecurityRoleRemovedEvent'): with self.assertRaises(UnauthorizedRoleAssignement): authorization.revoke() self.assertEqual(authorization.local_role, 'ChiefEditor') self.assertEqual(authorization.acquired_role, 'Reader') self.assertEqual(authorization.role, 'ChiefEditor')
def test_revoke_as_chiefeditor_unauthorized(self): """Try to revoke a manager local role as a chiefeditor. """ self.layer.login('chiefeditor') access = IAuthorizationManager(self.folder) authorization = access.get_authorization('reader') self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Manager') # We don't have the right to revoke that role with assertNotTriggersEvents('SecurityRoleRemovedEvent'): with self.assertRaises(UnauthorizedRoleAssignement): authorization.revoke() # So it is not changed self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Manager')
def test_get_users_authorization(self): """Test get_authorizations. """ access = IAuthorizationManager(self.folder) authorizations = access.get_authorizations( ['reader', 'viewer', 'editor', 'hacker']) self.assertEqual(len(authorizations), 3) self.assertTrue('reader' in authorizations.keys()) self.assertTrue('viewer' in authorizations.keys()) self.assertTrue('editor' in authorizations.keys()) self.assertFalse('manager' in authorizations.keys()) self.assertFalse('hacker' in authorizations.keys()) authorization = authorizations['reader'] self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Manager') authorization = authorizations['editor'] self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Editor')
def setUp(self): self.root = self.layer.get_application() self.layer.login('manager') factory = self.root.manage_addProduct['Silva'] factory.manage_addFolder('folder', 'Folder') factory.manage_addPublication('publication', 'Publication') factory = self.root.publication.manage_addProduct['Silva'] factory.manage_addFolder('folder', 'Folder') self.folder = self.root.publication.folder access = IAuthorizationManager(self.root) authorization = access.get_authorization('reader') authorization.grant('Editor') authorization = access.get_authorization('viewer') authorization.grant('Reader') access = IAuthorizationManager(self.root.publication) authorization = access.get_authorization('viewer') authorization.grant('ChiefEditor') access = IAuthorizationManager(self.folder) authorization = access.get_authorization('reader') authorization.grant('Manager')
def test_get_users_authorization(self): """Test get_authorizations. """ access = IAuthorizationManager(self.folder) authorizations = access.get_authorizations( ['reader', 'viewer', 'editor', 'hacker']) self.assertEqual(len(authorizations), 3) self.assertTrue('reader' in list(authorizations.keys())) self.assertTrue('viewer' in list(authorizations.keys())) self.assertTrue('editor' in list(authorizations.keys())) self.assertFalse('manager' in list(authorizations.keys())) self.assertFalse('hacker' in list(authorizations.keys())) authorization = authorizations['reader'] self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Manager') authorization = authorizations['editor'] self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Editor')
def test_grant_role(self): """Test setting a role (as a ChiefEditor). """ access = IAuthorizationManager(self.root.folder) authorization = access.get_authorization('reader') self.assertEqual(authorization.role, 'Reader') # We (chiefeditor) don't have Manager, so can't give that role. with assertNotTriggersEvents('SecurityRoleAddedEvent'): with self.assertRaises(UnauthorizedRoleAssignement): authorization.grant('Manager') # The user already have role, reader, so this does nothing with assertNotTriggersEvents('SecurityRoleAddedEvent'): self.assertEqual(authorization.grant('Viewer'), False) self.assertEqual(authorization.local_role, None) # The user doesn't have that role so it is set with assertTriggersEvents('SecurityRoleAddedEvent'): self.assertEqual(authorization.grant('Editor'), True) self.assertEqual(authorization.local_role, 'Editor') # Now the user is editor self.assertEqual(authorization.role, 'Editor')
def test_grant_role_as_nobody(self): """Test setting a role while being nobody. """ self.layer.login('dummy') access = IAuthorizationManager(self.root.folder) authorization = access.get_authorization('reader') self.assertEqual(authorization.role, 'Reader') # You don't have the right to do any of those with assertNotTriggersEvents('SecurityRoleAddedEvent'): with self.assertRaises(UnauthorizedRoleAssignement): authorization.grant('Manager') with self.assertRaises(UnauthorizedRoleAssignement): authorization.grant('Editor') with self.assertRaises(UnauthorizedRoleAssignement): authorization.grant('Author') # The user already have role, reader, so this does nothing self.assertEqual(authorization.grant('Viewer'), False) # Nothing changed self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.role, 'Reader')
def test_revoke_as_manager(self): """Revoke a local role as a manager. """ access = IAuthorizationManager(self.folder) authorization = access.get_authorization('reader') self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Manager') # We revoke the role with assertTriggersEvents('SecurityRoleRemovedEvent'): self.assertEqual(authorization.revoke(), True) # It is gone self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Editor') # Even on a new query authorization = access.get_authorization('reader') self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Editor')
def getItems(self): access = IAuthorizationManager(self.context) authorizations = access.get_defined_authorizations().items() authorizations.sort(key=operator.itemgetter(0)) return filter(lambda auth: auth.type == 'user', map(operator.itemgetter(1), authorizations))
def add_roles(content, user, *roles): access = IAuthorizationManager(content) authorization = access.get_authorization(user, dont_acquire=True) for role in roles: authorization.grant(role)
def test_interface(self): access = IAuthorizationManager(self.root.folder) self.assertTrue(verifyObject(IAuthorizationManager, access))
def remove_roles(content, user): access = IAuthorizationManager(content) authorization = access.get_authorization(user, dont_acquire=True) authorization.revoke()