def test_grant_role_as_manager(self): """Test setting a role (as a Manager). """ self.layer.login('manager') access = IAuthorizationManager(self.root.folder) authorization = access.get_authorization('reader') self.assertEqual(authorization.role, 'Reader') # The user already have role, reader, so this does nothing with assertNotTriggersEvents('SecurityRoleAddedEvent'): self.assertEqual(authorization.grant('Reader'), False) self.assertEqual(authorization.local_role, None) # The user doesn't have that role so it is set with assertTriggersEvents('SecurityRoleAddedEvent'): self.assertEqual(authorization.grant('Manager'), True) self.assertEqual(authorization.local_role, 'Manager') # Now the user is editor self.assertEqual(authorization.role, 'Manager') # A new query returns the same results authorization = access.get_authorization('reader') self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.role, 'Manager')
def test_revoke_as_chiefeditor(self): """Revoke a local role as a chiefeditor (of an editor). """ self.layer.login('chiefeditor') access = IAuthorizationManager(self.root) authorization = access.get_authorization('reader') self.assertEqual(authorization.local_role, 'Editor') self.assertEqual(authorization.acquired_role, 'Reader') self.assertEqual(authorization.role, 'Editor') # We revoke the role with assertTriggersEvents('SecurityRoleRemovedEvent'): self.assertEqual(authorization.revoke(), True) # It is gone self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, 'Reader') self.assertEqual(authorization.role, 'Reader') # Even on a new query authorization = access.get_authorization('reader') self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, 'Reader') self.assertEqual(authorization.role, 'Reader')
def test_grant_role_as_manager(self): """Test setting a role (as a Manager). """ self.layer.login('manager') access = IAuthorizationManager(self.root.folder) authorization = access.get_authorization('reader') self.assertEqual(authorization.role, 'Reader') # The user already have role, reader, so this does nothing with assertNotTriggersEvents('SecurityRoleAddedEvent'): self.assertEqual(authorization.grant('Reader'), False) self.assertEqual(authorization.local_role, None) # The user doesn't have that role so it is set with assertTriggersEvents('SecurityRoleAddedEvent'): self.assertEqual(authorization.grant('Manager'), True) self.assertEqual(authorization.local_role, 'Manager') # Now the user is editor self.assertEqual(authorization.role, 'Manager') # A new query returns the same results authorization = access.get_authorization('reader') self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.role, 'Manager')
def test_revoke_as_chiefeditor(self): """Revoke a local role as a chiefeditor (of an editor). """ self.layer.login('chiefeditor') access = IAuthorizationManager(self.root) authorization = access.get_authorization('reader') self.assertEqual(authorization.local_role, 'Editor') self.assertEqual(authorization.acquired_role, 'Reader') self.assertEqual(authorization.role, 'Editor') # We revoke the role with assertTriggersEvents('SecurityRoleRemovedEvent'): self.assertEqual(authorization.revoke(), True) # It is gone self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, 'Reader') self.assertEqual(authorization.role, 'Reader') # Even on a new query authorization = access.get_authorization('reader') self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, 'Reader') self.assertEqual(authorization.role, 'Reader')
def test_authorization_email_user(self): """ Test email property on authorization object. """ member_service = component.getUtility(IMemberService) member = member_service.get_member('viewer') member.set_email('*****@*****.**') access = IAuthorizationManager(self.root.folder) authorization = access.get_authorization('viewer') self.assertEqual('*****@*****.**', authorization.email) authorization = access.get_authorization('reader') self.assertEqual(None, authorization.email)
def test_authorization_email_user(self): """ Test email property on authorization object. """ member_service = component.getUtility(IMemberService) member = member_service.get_member('viewer') member.set_email('*****@*****.**') access = IAuthorizationManager(self.root.folder) authorization = access.get_authorization('viewer') self.assertEqual('*****@*****.**', authorization.email) authorization = access.get_authorization('reader') self.assertEqual(None, authorization.email)
def test_get_authorization_dont_acquire(self): """Retrieve a user authorization that have some acquired roles. """ access = IAuthorizationManager(self.folder) authorization = access.get_authorization('reader', dont_acquire=True) self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.acquired_role, None) self.assertEqual(authorization.role, 'Manager') authorization = access.get_authorization('viewer', dont_acquire=True) self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, None) self.assertEqual(authorization.role, None)
def test_get_authorization_dont_acquire(self): """Retrieve a user authorization that have some acquired roles. """ access = IAuthorizationManager(self.folder) authorization = access.get_authorization( 'reader', dont_acquire=True) self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.acquired_role, None) self.assertEqual(authorization.role, 'Manager') authorization = access.get_authorization( 'viewer', dont_acquire=True) self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, None) self.assertEqual(authorization.role, None)
def test_revoke_as_nobody(self): """Revoke local roles as nobody. """ self.layer.login('dummy') access = IAuthorizationManager(self.root) # We don't have the right to revoke that role authorization = access.get_authorization('reader') with assertNotTriggersEvents('SecurityRoleRemovedEvent'): with self.assertRaises(UnauthorizedRoleAssignement): authorization.revoke() # We don't have the right to revoke that role authorization = access.get_authorization('viewer') with assertNotTriggersEvents('SecurityRoleRemovedEvent'): with self.assertRaises(UnauthorizedRoleAssignement): authorization.revoke()
def test_revoke_as_nobody(self): """Revoke local roles as nobody. """ self.layer.login('dummy') access = IAuthorizationManager(self.root) # We don't have the right to revoke that role authorization = access.get_authorization('reader') with assertNotTriggersEvents('SecurityRoleRemovedEvent'): with self.assertRaises(UnauthorizedRoleAssignement): authorization.revoke() # We don't have the right to revoke that role authorization = access.get_authorization('viewer') with assertNotTriggersEvents('SecurityRoleRemovedEvent'): with self.assertRaises(UnauthorizedRoleAssignement): authorization.revoke()
def test_revoke_no_role(self): """Revoke local role when there is no local role. """ access = IAuthorizationManager(self.folder) authorization = access.get_authorization('viewer') self.assertEqual(authorization.local_role, None) with assertNotTriggersEvents('SecurityRoleRemovedEvent'): self.assertEqual(authorization.revoke(), False) self.assertEqual(authorization.local_role, None)
def test_revoke_no_role(self): """Revoke local role when there is no local role. """ access = IAuthorizationManager(self.folder) authorization = access.get_authorization('viewer') self.assertEqual(authorization.local_role, None) with assertNotTriggersEvents('SecurityRoleRemovedEvent'): self.assertEqual(authorization.revoke(), False) self.assertEqual(authorization.local_role, None)
def test_user_no_default_role(self): """Lookup a user that doesn't have a default role. """ access = IAuthorizationManager(self.root.folder) self.assertEqual(access.get_user_role('dummy'), None) authorization = access.get_authorization('dummy') self.assertTrue(verifyObject(IAuthorization, authorization)) self.assertEqual(authorization.identifier, 'dummy') self.assertEqual(authorization.type, 'user') self.assertEqual(authorization.role, None) self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, None)
def test_user_no_default_role(self): """Lookup a user that doesn't have a default role. """ access = IAuthorizationManager(self.root.folder) self.assertEqual(access.get_user_role('dummy'), None) authorization = access.get_authorization('dummy') self.assertTrue(verifyObject(IAuthorization, authorization)) self.assertEqual(authorization.identifier, 'dummy') self.assertEqual(authorization.type, 'user') self.assertEqual(authorization.role, None) self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, None)
def setUp(self): self.root = self.layer.get_application() self.layer.login('manager') factory = self.root.manage_addProduct['Silva'] factory.manage_addFolder('folder', 'Folder') factory.manage_addPublication('publication', 'Publication') factory = self.root.publication.manage_addProduct['Silva'] factory.manage_addFolder('folder', 'Folder') self.folder = self.root.publication.folder access = IAuthorizationManager(self.root) authorization = access.get_authorization('reader') authorization.grant('Editor') authorization = access.get_authorization('viewer') authorization.grant('Reader') access = IAuthorizationManager(self.root.publication) authorization = access.get_authorization('viewer') authorization.grant('ChiefEditor') access = IAuthorizationManager(self.folder) authorization = access.get_authorization('reader') authorization.grant('Manager')
def setUp(self): self.root = self.layer.get_application() self.layer.login('manager') factory = self.root.manage_addProduct['Silva'] factory.manage_addFolder('folder', 'Folder') factory.manage_addPublication('publication', 'Publication') factory = self.root.publication.manage_addProduct['Silva'] factory.manage_addFolder('folder', 'Folder') self.folder = self.root.publication.folder access = IAuthorizationManager(self.root) authorization = access.get_authorization('reader') authorization.grant('Editor') authorization = access.get_authorization('viewer') authorization.grant('Reader') access = IAuthorizationManager(self.root.publication) authorization = access.get_authorization('viewer') authorization.grant('ChiefEditor') access = IAuthorizationManager(self.folder) authorization = access.get_authorization('reader') authorization.grant('Manager')
def test_revoke_as_manager(self): """Revoke a local role as a manager. """ access = IAuthorizationManager(self.folder) authorization = access.get_authorization('reader') self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Manager') # We revoke the role with assertTriggersEvents('SecurityRoleRemovedEvent'): self.assertEqual(authorization.revoke(), True) # It is gone self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Editor') # Even on a new query authorization = access.get_authorization('reader') self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Editor')
def test_revoke_as_manager(self): """Revoke a local role as a manager. """ access = IAuthorizationManager(self.folder) authorization = access.get_authorization('reader') self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Manager') # We revoke the role with assertTriggersEvents('SecurityRoleRemovedEvent'): self.assertEqual(authorization.revoke(), True) # It is gone self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Editor') # Even on a new query authorization = access.get_authorization('reader') self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Editor')
def test_user_lookup(self): """Lookup information about one specific user. """ for user_id in ['viewer', 'reader', 'author', 'editor', 'manager']: # Test users have the same login than their role (in lower case). access = IAuthorizationManager(self.root.folder) self.assertEqual(access.get_user_role(user_id).lower(), user_id) authorization = access.get_authorization(user_id) self.assertTrue(verifyObject(IAuthorization, authorization)) self.assertEqual(authorization.identifier, user_id) self.assertEqual(authorization.role.lower(), user_id) # By default users don't have a local here. Their role is # acquired. self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role.lower(), user_id)
def test_user_lookup(self): """Lookup information about one specific user. """ for user_id in ['viewer', 'reader', 'author', 'editor', 'manager']: # Test users have the same login than their role (in lower case). access = IAuthorizationManager(self.root.folder) self.assertEqual( access.get_user_role(user_id).lower(), user_id) authorization = access.get_authorization(user_id) self.assertTrue(verifyObject(IAuthorization, authorization)) self.assertEqual(authorization.identifier, user_id) self.assertEqual(authorization.role.lower(), user_id) # By default users don't have a local here. Their role is # acquired. self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.acquired_role.lower(), user_id)
def test_revoke_own_role_as_chiefeditor(self): """Revoke its own local role as chiefeditor. """ self.layer.login('viewer') access = IAuthorizationManager(self.root.publication) authorization = access.get_authorization('viewer') self.assertEqual(authorization.local_role, 'ChiefEditor') self.assertEqual(authorization.acquired_role, 'Reader') self.assertEqual(authorization.role, 'ChiefEditor') # We try to revoke the role with assertNotTriggersEvents('SecurityRoleRemovedEvent'): with self.assertRaises(UnauthorizedRoleAssignement): authorization.revoke() self.assertEqual(authorization.local_role, 'ChiefEditor') self.assertEqual(authorization.acquired_role, 'Reader') self.assertEqual(authorization.role, 'ChiefEditor')
def test_revoke_own_role_as_chiefeditor(self): """Revoke its own local role as chiefeditor. """ self.layer.login('viewer') access = IAuthorizationManager(self.root.publication) authorization = access.get_authorization('viewer') self.assertEqual(authorization.local_role, 'ChiefEditor') self.assertEqual(authorization.acquired_role, 'Reader') self.assertEqual(authorization.role, 'ChiefEditor') # We try to revoke the role with assertNotTriggersEvents('SecurityRoleRemovedEvent'): with self.assertRaises(UnauthorizedRoleAssignement): authorization.revoke() self.assertEqual(authorization.local_role, 'ChiefEditor') self.assertEqual(authorization.acquired_role, 'Reader') self.assertEqual(authorization.role, 'ChiefEditor')
def test_revoke_as_chiefeditor_unauthorized(self): """Try to revoke a manager local role as a chiefeditor. """ self.layer.login('chiefeditor') access = IAuthorizationManager(self.folder) authorization = access.get_authorization('reader') self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Manager') # We don't have the right to revoke that role with assertNotTriggersEvents('SecurityRoleRemovedEvent'): with self.assertRaises(UnauthorizedRoleAssignement): authorization.revoke() # So it is not changed self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Manager')
def test_revoke_as_chiefeditor_unauthorized(self): """Try to revoke a manager local role as a chiefeditor. """ self.layer.login('chiefeditor') access = IAuthorizationManager(self.folder) authorization = access.get_authorization('reader') self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Manager') # We don't have the right to revoke that role with assertNotTriggersEvents('SecurityRoleRemovedEvent'): with self.assertRaises(UnauthorizedRoleAssignement): authorization.revoke() # So it is not changed self.assertEqual(authorization.local_role, 'Manager') self.assertEqual(authorization.acquired_role, 'Editor') self.assertEqual(authorization.role, 'Manager')
def test_grant_role(self): """Test setting a role (as a ChiefEditor). """ access = IAuthorizationManager(self.root.folder) authorization = access.get_authorization('reader') self.assertEqual(authorization.role, 'Reader') # We (chiefeditor) don't have Manager, so can't give that role. with assertNotTriggersEvents('SecurityRoleAddedEvent'): with self.assertRaises(UnauthorizedRoleAssignement): authorization.grant('Manager') # The user already have role, reader, so this does nothing with assertNotTriggersEvents('SecurityRoleAddedEvent'): self.assertEqual(authorization.grant('Viewer'), False) self.assertEqual(authorization.local_role, None) # The user doesn't have that role so it is set with assertTriggersEvents('SecurityRoleAddedEvent'): self.assertEqual(authorization.grant('Editor'), True) self.assertEqual(authorization.local_role, 'Editor') # Now the user is editor self.assertEqual(authorization.role, 'Editor')
def test_grant_role(self): """Test setting a role (as a ChiefEditor). """ access = IAuthorizationManager(self.root.folder) authorization = access.get_authorization('reader') self.assertEqual(authorization.role, 'Reader') # We (chiefeditor) don't have Manager, so can't give that role. with assertNotTriggersEvents('SecurityRoleAddedEvent'): with self.assertRaises(UnauthorizedRoleAssignement): authorization.grant('Manager') # The user already have role, reader, so this does nothing with assertNotTriggersEvents('SecurityRoleAddedEvent'): self.assertEqual(authorization.grant('Viewer'), False) self.assertEqual(authorization.local_role, None) # The user doesn't have that role so it is set with assertTriggersEvents('SecurityRoleAddedEvent'): self.assertEqual(authorization.grant('Editor'), True) self.assertEqual(authorization.local_role, 'Editor') # Now the user is editor self.assertEqual(authorization.role, 'Editor')
def test_grant_role_as_nobody(self): """Test setting a role while being nobody. """ self.layer.login('dummy') access = IAuthorizationManager(self.root.folder) authorization = access.get_authorization('reader') self.assertEqual(authorization.role, 'Reader') # You don't have the right to do any of those with assertNotTriggersEvents('SecurityRoleAddedEvent'): with self.assertRaises(UnauthorizedRoleAssignement): authorization.grant('Manager') with self.assertRaises(UnauthorizedRoleAssignement): authorization.grant('Editor') with self.assertRaises(UnauthorizedRoleAssignement): authorization.grant('Author') # The user already have role, reader, so this does nothing self.assertEqual(authorization.grant('Viewer'), False) # Nothing changed self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.role, 'Reader')
def test_grant_role_as_nobody(self): """Test setting a role while being nobody. """ self.layer.login('dummy') access = IAuthorizationManager(self.root.folder) authorization = access.get_authorization('reader') self.assertEqual(authorization.role, 'Reader') # You don't have the right to do any of those with assertNotTriggersEvents('SecurityRoleAddedEvent'): with self.assertRaises(UnauthorizedRoleAssignement): authorization.grant('Manager') with self.assertRaises(UnauthorizedRoleAssignement): authorization.grant('Editor') with self.assertRaises(UnauthorizedRoleAssignement): authorization.grant('Author') # The user already have role, reader, so this does nothing self.assertEqual(authorization.grant('Viewer'), False) # Nothing changed self.assertEqual(authorization.local_role, None) self.assertEqual(authorization.role, 'Reader')
def add_roles(content, user, *roles): access = IAuthorizationManager(content) authorization = access.get_authorization(user, dont_acquire=True) for role in roles: authorization.grant(role)
def remove_roles(content, user): access = IAuthorizationManager(content) authorization = access.get_authorization(user, dont_acquire=True) authorization.revoke()