Exemplo n.º 1
0
    def test_checkpermission_allow(self):
        import ptah

        content = Content(acl=[DENY_ALL])

        self.assertFalse(ptah.check_permission("View", content, throw=False))
        self.assertTrue(ptah.check_permission(NO_PERMISSION_REQUIRED, content, throw=False))
Exemplo n.º 2
0
    def test_checkpermission_deny(self):
        import ptah

        content = Content(acl=[(Allow, ptah.Everyone.id, ALL_PERMISSIONS)])

        self.assertTrue(ptah.check_permission("View", content, throw=False))
        self.assertFalse(ptah.check_permission(ptah.NOT_ALLOWED, content, throw=False))
Exemplo n.º 3
0
def cmsContent(request, app, uri=None, action='', *args):
    info = {}

    appfactory = ptah.cms.get_app_factories().get(app)
    if appfactory is None:
        raise NotFound()

    root = appfactory(request)
    request.root = root

    if not uri:
        content = root
    else:
        content = load(uri)

    adapters = config.registry.adapters

    action = adapters.lookup(
        (IRestActionClassifier, providedBy(content)),
        IRestAction, name=action, default=None)

    if action:
        request.environ['SCRIPT_NAME'] = '%s/content:%s/'%(
            request.environ['SCRIPT_NAME'], app)

        ptah.check_permission(action.permission, content, request, True)
        res = action.callable(content, request, *args)
        if not res: # pragma: no cover
            res = {}
        return res

    raise NotFound()
Exemplo n.º 4
0
    def test_checkpermission_deny(self):
        import ptah

        content = Content(acl=[(Allow, ptah.Everyone.id, ALL_PERMISSIONS)])

        self.assertTrue(ptah.check_permission('View', content, throw=False))
        self.assertFalse(
            ptah.check_permission(ptah.NOT_ALLOWED, content, throw=False))
Exemplo n.º 5
0
    def test_checkpermission_user(self):
        import ptah

        content = Content(acl=[(Allow, 'test-user', 'View')])
        self.assertFalse(ptah.check_permission('View', content, throw=False))

        ptah.auth_service.set_userid('test-user')
        self.assertTrue(ptah.check_permission('View', content, throw=False))
Exemplo n.º 6
0
    def test_checkpermission_user(self):
        import ptah

        content = Content(acl=[(Allow, 'test-user', 'View')])
        self.assertFalse(ptah.check_permission('View', content, throw=False))

        ptah.auth_service.set_userid('test-user')
        self.assertTrue(ptah.check_permission('View', content, throw=False))
Exemplo n.º 7
0
    def test_checkpermission_superuser(self):
        import ptah
        from pyramid import security

        content = Content(acl=[(Deny, ptah.SUPERUSER_URI, security.ALL_PERMISSIONS)])

        ptah.authService.set_userid(ptah.SUPERUSER_URI)
        self.assertTrue(ptah.check_permission("View", content))
        self.assertFalse(ptah.check_permission(ptah.NOT_ALLOWED, content))
Exemplo n.º 8
0
    def test_checkpermission_authenticated(self):
        import ptah

        content = Content(acl=[(Allow, ptah.Authenticated.id, "View")])

        self.assertFalse(ptah.check_permission("View", content, throw=False))

        ptah.authService.set_userid("test-user")
        self.assertTrue(ptah.check_permission("View", content, throw=False))
Exemplo n.º 9
0
    def test_checkpermission_allow(self):
        import ptah

        content = Content(acl=[DENY_ALL])

        self.assertFalse(ptah.check_permission('View', content, throw=False))
        self.assertTrue(
            ptah.check_permission(NO_PERMISSION_REQUIRED, content,
                                  throw=False))
Exemplo n.º 10
0
    def test_checkpermission_superuser(self):
        import ptah
        from pyramid import security

        content = Content(acl=[(Deny, ptah.SUPERUSER_URI,
                                security.ALL_PERMISSIONS)])

        ptah.auth_service.set_userid(ptah.SUPERUSER_URI)
        self.assertTrue(ptah.check_permission('View', content))
        self.assertFalse(ptah.check_permission(ptah.NOT_ALLOWED, content))
Exemplo n.º 11
0
    def test_checkpermission_local_roles(self):
        import ptah

        content = Content(iface=ptah.ILocalRolesAware, acl=[(Allow, "role:test", "View")])

        ptah.authService.set_userid("test-user")
        self.assertFalse(ptah.check_permission("View", content, throw=False))

        content.__local_roles__["test-user"] = ["role:test"]
        self.assertTrue(ptah.check_permission("View", content, throw=False))
Exemplo n.º 12
0
    def test_checkpermission_local_roles(self):
        import ptah

        content = Content(iface=ptah.ILocalRolesAware,
                          acl=[(Allow, 'role:test', 'View')])

        ptah.auth_service.set_userid('test-user')
        self.assertFalse(ptah.check_permission('View', content, throw=False))

        content.__local_roles__['test-user'] = ['role:test']
        self.assertTrue(ptah.check_permission('View', content, throw=False))
Exemplo n.º 13
0
    def test_checkpermission_local_roles(self):
        import ptah

        content = Content(
            iface=ptah.ILocalRolesAware,
            acl=[(Allow, 'role:test', 'View')])

        ptah.auth_service.set_userid('test-user')
        self.assertFalse(ptah.check_permission('View', content, throw=False))

        content.__local_roles__['test-user'] = ['role:test']
        self.assertTrue(ptah.check_permission('View', content, throw=False))
Exemplo n.º 14
0
    def is_allowed(self, container):
        if not isinstance(container, Container):
            return False

        if self.permission:
            return ptah.check_permission(self.permission, container)
        return True
Exemplo n.º 15
0
def containerNodeInfo(content, request, *args):
    """Container information"""
    info = nodeInfo(content, request)

    contents = []
    for item in content.values():
        if not ptah.check_permission(View, item, request): # pragma: no cover
            continue

        contents.append(
            OrderedDict((
                    ('__name__', item.__name__),
                    ('__type__', item.__type_id__),
                    ('__uri__', item.__uri__),
                    ('__container__', isinstance(item, Container)),
                    ('__link__', '%s%s/'%(request.application_url,
                                          item.__uri__)),
                    ('title', item.title),
                    ('description', item.description),
                    ('created', item.created),
                    ('modified', item.modified),
                    )))

    info['__contents__'] = contents
    return info
Exemplo n.º 16
0
    def is_allowed(self, container):
        if not isinstance(container, BaseContainer):
            return False

        if self.permission:
            return ptah.check_permission(self.permission, container)
        return True
Exemplo n.º 17
0
    def update(self):
        context = self.context
        request = self.request
        registry = request.registry

        self.deleteContent = ptah.check_permission(
            cms.DeleteContent, context)

        # cms(uri).read()
        # cms(uri).create(type)
        # cms(uri).delete()
        # cms(uri).update(**kwargs)
        # cms(uri).items(offset, limit)

        if self.deleteContent and 'form.buttons.remove' in request.POST:
            uris = self.request.POST.getall('item')
            for uri in uris:
                cms.wrap(uri).delete()

                self.message("Selected content items have been removed.")

        if 'form.buttons.rename' in request.POST:
            uris = self.request.POST.getall('item')
            print '=============', uris

        if 'form.buttons.cut' in request.POST:
            uris = self.request.POST.getall('item')
            print '=============', uris
Exemplo n.º 18
0
    def get_protocol(self, name, _marker=object()):
        protocol = self.protocols.get(name)

        if protocol is None:
            item = self.registry.adapters.lookup(
                (providedBy(self),), IProtocol, name=name)
            if item is not None:
                factory, permission = item
            else:
                factory, permission = None, None

            # permission
            if permission:
                if not ptah.check_permission(
                    permission, self.request.context, self.request):
                    factory = None
                    self.protocols[name] = component = _marker
                    log.warning("Permission check failed for %s"%name)

            if factory is not None:
                # shared storage
                storage = self.manager.storage.get(name)
                if storage is None:
                    storage = {}
                    self.manager.storage[name] = storage

                # create
                protocol = factory(self, storage)
                protocol.__name__ = name
                protocol.request = self.request
                protocol.on_open()
                self.protocols[name] = protocol

        return protocol if protocol is not _marker else None
Exemplo n.º 19
0
def containerNodeInfo(content, request, *args):
    """Container information"""
    info = nodeInfo(content, request)

    contents = []
    for item in content.values():
        if not ptah.check_permission(View, item, request):  # pragma: no cover
            continue

        contents.append(
            OrderedDict((
                ('__name__', item.__name__),
                ('__type__', item.__type_id__),
                ('__uri__', item.__uri__),
                ('__container__', isinstance(item, Container)),
                ('__link__',
                 '%s%s/' % (request.application_url, item.__uri__)),
                ('title', item.title),
                ('description', item.description),
                ('created', item.created),
                ('modified', item.modified),
            )))

    info['__contents__'] = contents
    return info
Exemplo n.º 20
0
    def __getattr__(self, action):
        if not self._actions or action not in self._actions:
            raise NotFound(action)

        fname, permission = self._actions[action]
        if permission:
            if not ptah.check_permission(permission, self._content):
                raise Forbidden(action)

        return ActionWrapper(self._content, fname)
Exemplo n.º 21
0
    def check(self, context, request):
        if self.permission:
            if not ptah.check_permission(
                self.permission, context, request):
                return False

        if self.condition is not None:
            return self.condition(context, request)

        return True
Exemplo n.º 22
0
    def check(self, context, request):
        if self.permission:
            if not ptah.check_permission(
                self.permission, context, request):
                return False

        if self.condition is not None:
            return self.condition(context, request)

        return True
Exemplo n.º 23
0
    def __getattr__(self, action):
        if not self._actions or action not in self._actions:
            raise NotFound(action)

        fname, permission = self._actions[action]
        if permission:
            if not ptah.check_permission(permission, self._content):
                raise Forbidden(action)

        return ActionWrapper(self._content, fname)
Exemplo n.º 24
0
def cmsContent(request, app='', uri=None, action='', *args):
    name = getattr(request, 'subpath', ('content', ))[0]
    if ':' not in name:
        if not action:
            action = uri or ''
        uri = app
        app = ''

    content = None

    appfactory = ptahcms.get_app_factories().get(app)
    if appfactory is not None:
        root = appfactory(request)
        request.root = root

        if not uri:
            content = root

    if content is None:
        content = load(uri)

    adapters = request.registry.adapters

    action = adapters.lookup((IRestActionClassifier, providedBy(content)),
                             IRestAction,
                             name=action,
                             default=None)

    if action:
        if app:
            request.environ['SCRIPT_NAME'] = '%s/content:%s/' % (
                request.environ['SCRIPT_NAME'], app)
        else:
            request.environ['SCRIPT_NAME'] = '%s/content/' % (
                request.environ['SCRIPT_NAME'])

        ptah.check_permission(action.permission, content, request, True)
        res = action.callable(content, request, *args)
        if not res:  # pragma: no cover
            res = {}
        return res

    raise NotFound()
Exemplo n.º 25
0
def cmsContent(request, app='', uri=None, action='', *args):
    name = getattr(request, 'subpath', ('content',))[0]
    if ':' not in name:
        if not action:
            action = uri or ''
        uri = app
        app = u''

    content = None

    appfactory = ptah.cms.get_app_factories().get(app)
    if appfactory is not None:
        root = appfactory(request)
        request.root = root

        if not uri:
            content = root

    if content is None:
        content = load(uri)

    adapters = request.registry.adapters

    action = adapters.lookup(
        (IRestActionClassifier, providedBy(content)),
        IRestAction, name=action, default=None)

    if action:
        if app:
            request.environ['SCRIPT_NAME'] = '%s/content:%s/'%(
                request.environ['SCRIPT_NAME'], app)
        else:
            request.environ['SCRIPT_NAME'] = '%s/content/'%(
                request.environ['SCRIPT_NAME'])

        ptah.check_permission(action.permission, content, request, True)
        res = action.callable(content, request, *args)
        if not res: # pragma: no cover
            res = {}
        return res

    raise NotFound()
Exemplo n.º 26
0
    def contents(self):
        """ Returns public or viewable content of the container """

        contents = []
        
        for content in self.values():
            if IContent.providedBy(content):
                if content.public or ptah.check_permission(View, content):
                    contents.append(content)

        return contents
Exemplo n.º 27
0
    def contents(self):
        """ Returns public or viewable content of the container """

        contents = []

        for content in self.values():
            if IContent.providedBy(content):
                if content.public or ptah.check_permission(View, content):
                    contents.append(content)

        return contents
Exemplo n.º 28
0
def apidocAction(content, request, *args):
    """api doc"""
    actions = []
    url = request.application_url
    for name, action in request.registry.adapters.lookupAll(
        (IRestActionClassifier, providedBy(content)), IRestAction):

        if not ptah.check_permission(action.permission, content, request):
            continue

        actions.append(
            (name, action.title,
             OrderedDict((('name', name or 'info'),
                          ('link', '%s%s/%s' % (url, content.__uri__, name)),
                          ('title', action.title), ('description',
                                                    action.description)))))

    return [action for _t, _n, action in sorted(actions)]
Exemplo n.º 29
0
Arquivo: rest.py Projeto: runyaga/ptah
def apidocAction(content, request, *args):
    """api doc"""
    actions = []
    url = request.application_url
    for name, action in request.registry.adapters.lookupAll(
        (IRestActionClassifier, providedBy(content)), IRestAction):

        if not ptah.check_permission(
            action.permission, content, request):
            continue

        actions.append(
            (name, action.title,
             OrderedDict(
                    (('name', name or 'info'),
                     ('link', '%s%s/%s'%(url, content.__uri__, name)),
                     ('title', action.title),
                     ('description', action.description)))))

    return [action for _t, _n, action in sorted(actions)]
Exemplo n.º 30
0
    def update(self):
        context = self.context
        request = self.request
        registry = request.registry

        self.deleteContent = ptah.check_permission(
            ptah.cms.DeleteContent, context)

        # cms(uri).read()
        # cms(uri).create(type)
        # cms(uri).delete()
        # cms(uri).update(**kwargs)
        # cms(uri).items(offset, limit)

        if self.deleteContent and 'form.buttons.remove' in request.POST:
            uris = self.request.POST.getall('item')
            for uri in uris:
                ptah.cms.wrap(uri).delete()

                self.message("Selected content items have been removed.")
Exemplo n.º 31
0
def load(uri, permission=None):
    """ Load node by `uri` and initialize __parent__ attributes. Also checks
    permission if permissin is specified.

    :param uri: Node uri
    :param permission: Check permission on node object
    :type permission: Permission id or None
    :raise KeyError: Node with this uri is not found.
    :raise Forbidden: If current principal doesn't pass permission check on loaded node.
    """
    item = ptah.resolve(uri)

    if item is not None:
        load_parents(item)

        if permission is not None:
            if not ptah.check_permission(permission, item):
                raise Forbidden()
    else:
        raise NotFound(uri)

    return item
Exemplo n.º 32
0
def load(uri, permission=None):
    """ Load node by `uri` and initialize __parent__ attributes. Also checks
    permission if permissin is specified.

    :param uri: Node uri
    :param permission: Check permission on node object
    :type permission: Permission id or None
    :raise KeyError: Node with this uri is not found.
    :raise Forbidden: If current principal doesn't pass permission check on loaded node.
    """
    item = ptah.resolve(uri)

    if item is not None:
        load_parents(item)

        if permission is not None:
            if not ptah.check_permission(permission, item):
                raise Forbidden()
    else:
        raise NotFound(uri)

    return item
Exemplo n.º 33
0
 def is_allowed(self, container):
     if self.permission:
         return ptah.check_permission(self.permission, container)
     return True
Exemplo n.º 34
0
 def is_allowed(self, container):
     if self.permission:
         return ptah.check_permission(self.permission, container)
     return True