def test_basic(self):
from kotti.security import authz_context
context, request = object(), DummyRequest()
with authz_context(context, request):
assert request.environ["authz_context"] == context
assert "authz_context" not in request.environ
def render_view(context, request, name="", secure=True):
from kotti.security import authz_context
with authz_context(context, request):
response = render_view_to_response(context, request, name, secure)
if response is not None:
return response.ubody
def render_view(context, request, name='', secure=True):
from kotti.security import authz_context
with authz_context(context, request):
response = render_view_to_response(context, request, name, secure)
if response is not None:
return response.ubody
def test_basic(self):
from kotti.security import authz_context
context, request = object(), DummyRequest()
with authz_context(context, request):
assert request.environ['authz_context'] == context
assert 'authz_context' not in request.environ
def test_set_before(self):
from kotti.security import authz_context
context, context2, request = object(), object(), DummyRequest()
request.environ["authz_context"] = context2
with authz_context(context, request):
assert request.environ["authz_context"] == context
assert request.environ["authz_context"] == context2
def test_set_before(self):
from kotti.security import authz_context
context, context2, request = object(), object(), DummyRequest()
request.environ['authz_context'] = context2
with authz_context(context, request):
assert request.environ['authz_context'] == context
assert request.environ['authz_context'] == context2
def test_with_exception(self):
from kotti.security import authz_context
context, context2, request = object(), object(), DummyRequest()
request.environ["authz_context"] = context2
try:
with authz_context(context, request):
assert request.environ["authz_context"] == context
raise ValueError
except ValueError:
assert request.environ["authz_context"] == context2
def test_with_exception(self):
from kotti.security import authz_context
context, context2, request = object(), object(), DummyRequest()
request.environ['authz_context'] = context2
try:
with authz_context(context, request):
assert request.environ['authz_context'] == context
raise ValueError
except ValueError:
assert request.environ['authz_context'] == context2
def has_permission(self, permission, context=None):
""" Check if the current request has the given permission on the
current or explicitly passed context. This is different from
:meth:`pyramid.request.Request.has_permission`` in that a context other
than the one bound to the request can be passed. This allows to
consider local roles for the check.
:param permission: name of the permission to check
:type permission: str
:param context: context for which the permission is checked.
Defaults to the context on which the request invoked.
:type context: :class:`kotti.resources.Node`
:result: True if has_permission, False else
:rtype: bool
"""
from kotti.security import authz_context
with authz_context(context, self):
return BaseRequest.has_permission(self, permission, context)