def test_affects_unrelated(self):
'''
Unrelated objects test.
If I set an ACL on an object, it should not affect objects
that it doesn't match. (in this case, a different language)
'''
lang_cs = Language.objects.get(code='cs')
lang_de = Language.objects.get(code='de')
trans_cs = Translation.objects.create(
subproject=self.subproject, language=lang_cs,
filename="this/is/not/a.template"
)
trans_de = Translation.objects.create(
subproject=self.subproject, language=lang_de,
filename="this/is/not/a.template"
)
acl = GroupACL.objects.create(language=lang_cs)
acl.groups.add(self.group)
self.assertTrue(can_edit(self.privileged, trans_cs, self.PERMISSION))
self.assertFalse(can_edit(self.user, trans_cs, self.PERMISSION))
self.assertTrue(can_edit(self.privileged, trans_de, self.PERMISSION))
self.assertTrue(can_edit(self.user, trans_de, self.PERMISSION))
def test_affects_partial_match(self):
'''
Partial match test.
If I set an ACL on two criteria, e.g., subproject and language,
it should not affect objects that only match one of the criteria.
'''
lang_cs = Language.objects.get(code='cs')
lang_de = Language.objects.get(code='de')
trans_cs = Translation.objects.create(
subproject=self.subproject, language=lang_cs,
filename="this/is/not/a.template"
)
trans_de = Translation.objects.create(
subproject=self.subproject, language=lang_de,
filename="this/is/not/a.template"
)
acl = GroupACL.objects.create(
language=lang_cs,
subproject=self.subproject
)
acl.groups.add(self.group)
self.assertTrue(can_edit(self.privileged, trans_cs, self.PERMISSION))
self.assertFalse(can_edit(self.user, trans_cs, self.PERMISSION))
self.assertTrue(can_edit(self.privileged, trans_de, self.PERMISSION))
self.assertTrue(can_edit(self.user, trans_de, self.PERMISSION))
def test_affects_unrelated(self):
'''
Unrelated objects test.
If I set an ACL on an object, it should not affect objects
that it doesn't match. (in this case, a different language)
'''
lang_cs = Language.objects.get(code='cs')
lang_de = Language.objects.get(code='de')
trans_cs = Translation.objects.create(
subproject=self.subproject, language=lang_cs,
filename="this/is/not/a.template"
)
trans_de = Translation.objects.create(
subproject=self.subproject, language=lang_de,
filename="this/is/not/a.template"
)
acl = GroupACL.objects.create(language=lang_cs)
acl.groups.add(self.group)
self.assertTrue(can_edit(self.privileged, trans_cs, self.PERMISSION))
self.assertFalse(can_edit(self.user, trans_cs, self.PERMISSION))
self.assertTrue(can_edit(self.privileged, trans_de, self.PERMISSION))
self.assertTrue(can_edit(self.user, trans_de, self.PERMISSION))
def test_affects_partial_match(self):
'''
Partial match test.
If I set an ACL on two criteria, e.g., subproject and language,
it should not affect objects that only match one of the criteria.
'''
lang_cs = Language.objects.get(code='cs')
lang_de = Language.objects.get(code='de')
trans_cs = Translation.objects.create(
subproject=self.subproject, language=lang_cs,
filename="this/is/not/a.template"
)
trans_de = Translation.objects.create(
subproject=self.subproject, language=lang_de,
filename="this/is/not/a.template"
)
acl = GroupACL.objects.create(
language=lang_cs,
subproject=self.subproject
)
acl.groups.add(self.group)
self.assertTrue(can_edit(self.privileged, trans_cs, self.PERMISSION))
self.assertFalse(can_edit(self.user, trans_cs, self.PERMISSION))
self.assertTrue(can_edit(self.privileged, trans_de, self.PERMISSION))
self.assertTrue(can_edit(self.user, trans_de, self.PERMISSION))
def test_acl_lockout(self):
self.assertTrue(can_edit(self.user, self.trans, self.PERMISSION))
self.assertTrue(can_edit(self.privileged, self.trans, self.PERMISSION))
acl = GroupACL.objects.create(subproject=self.subproject)
acl.groups.add(self.group)
self.assertTrue(can_edit(self.privileged, self.trans, self.PERMISSION))
self.assertFalse(can_edit(self.user, self.trans, self.PERMISSION))
def test_acl_lockout(self):
self.assertTrue(can_edit(self.user, self.trans, self.PERMISSION))
self.assertTrue(can_edit(self.privileged, self.trans, self.PERMISSION))
acl = GroupACL.objects.create(subproject=self.subproject)
acl.groups.add(self.group)
self.assertTrue(can_edit(self.privileged, self.trans, self.PERMISSION))
self.assertFalse(can_edit(self.user, self.trans, self.PERMISSION))
def test_acl_overlap(self):
acl_lang = GroupACL.objects.create(language=self.language)
acl_lang.groups.add(self.group)
self.assertTrue(can_edit(self.privileged, self.trans, self.PERMISSION))
acl_sub = GroupACL.objects.create(subproject=self.subproject)
self.assertFalse(can_edit(self.privileged, self.trans,
self.PERMISSION))
acl_sub.groups.add(self.group)
self.assertTrue(can_edit(self.privileged, self.trans, self.PERMISSION))
def test_group_locked(self):
lang_cs = Language.objects.get(code='cs')
lang_de = Language.objects.get(code='de')
trans_cs = Translation.objects.create(
subproject=self.subproject, language=lang_cs,
filename="this/is/not/a.template"
)
trans_de = Translation.objects.create(
subproject=self.subproject, language=lang_de,
filename="this/is/not/a.template"
)
perm_name = 'trans.author_translation'
self.assertFalse(can_edit(self.user, trans_cs, perm_name))
self.assertFalse(can_edit(self.privileged, trans_cs, perm_name))
self.assertFalse(can_edit(self.privileged, trans_de, perm_name))
self.clear_permission_cache()
permission = Permission.objects.get(
codename='author_translation', content_type__app_label='trans'
)
self.group.permissions.add(permission)
self.assertFalse(can_edit(self.user, trans_cs, perm_name))
self.assertTrue(can_edit(self.privileged, trans_cs, perm_name))
self.assertTrue(can_edit(self.privileged, trans_de, perm_name))
self.clear_permission_cache()
acl = GroupACL.objects.create(language=lang_cs)
acl.groups.add(self.group)
self.assertTrue(can_edit(self.privileged, trans_cs, perm_name))
self.assertFalse(can_edit(self.privileged, trans_de, perm_name))
def test_acl_lockout(self):
'''
Basic sanity check.
Group ACL set on a subproject should only allow members of
the marked group to edit it.
'''
self.assertTrue(can_edit(self.user, self.trans, self.PERMISSION))
self.assertTrue(can_edit(self.privileged, self.trans, self.PERMISSION))
acl = GroupACL.objects.create(subproject=self.subproject)
acl.groups.add(self.group)
self.assertTrue(can_edit(self.privileged, self.trans, self.PERMISSION))
self.assertFalse(can_edit(self.user, self.trans, self.PERMISSION))
def test_group_locked(self):
lang_cs = Language.objects.get(code='cs')
lang_de = Language.objects.get(code='de')
trans_cs = Translation.objects.create(
subproject=self.subproject,
language=lang_cs,
filename="this/is/not/a.template")
trans_de = Translation.objects.create(
subproject=self.subproject,
language=lang_de,
filename="this/is/not/a.template")
perm_name = 'trans.author_translation'
self.assertFalse(can_edit(self.user, trans_cs, perm_name))
self.assertFalse(can_edit(self.privileged, trans_cs, perm_name))
self.assertFalse(can_edit(self.privileged, trans_de, perm_name))
self.clear_permission_cache()
permission = Permission.objects.get(codename='author_translation',
content_type__app_label='trans')
self.group.permissions.add(permission)
self.assertFalse(can_edit(self.user, trans_cs, perm_name))
self.assertTrue(can_edit(self.privileged, trans_cs, perm_name))
self.assertTrue(can_edit(self.privileged, trans_de, perm_name))
self.clear_permission_cache()
acl = GroupACL.objects.create(language=lang_cs)
acl.groups.add(self.group)
self.assertTrue(can_edit(self.privileged, trans_cs, perm_name))
self.assertFalse(can_edit(self.privileged, trans_de, perm_name))
def test_acl_overlap(self):
acl_lang = GroupACL.objects.create(language=self.language)
acl_lang.groups.add(self.group)
self.assertTrue(
can_edit(self.privileged, self.trans, self.PERMISSION))
acl_sub = GroupACL.objects.create(subproject=self.subproject)
self.assertFalse(
can_edit(self.privileged, self.trans, self.PERMISSION))
acl_sub.groups.add(self.group)
self.assertTrue(
can_edit(self.privileged, self.trans, self.PERMISSION))
def test_acl_lockout(self):
'''
Basic sanity check.
Group ACL set on a subproject should only allow members of
the marked group to edit it.
'''
self.assertTrue(can_edit(self.user, self.trans, self.PERMISSION))
self.assertTrue(can_edit(self.privileged, self.trans, self.PERMISSION))
acl = GroupACL.objects.create(subproject=self.subproject)
acl.groups.add(self.group)
self.clear_permission_cache()
self.assertTrue(can_edit(self.privileged, self.trans, self.PERMISSION))
self.assertFalse(can_edit(self.user, self.trans, self.PERMISSION))
def test_acl_overlap(self):
'''
Overlap test.
When two ACLs can apply to a translation object, only the most
specific one should apply.
'''
acl_lang = GroupACL.objects.create(language=self.language)
acl_lang.groups.add(self.group)
self.assertTrue(
can_edit(self.privileged, self.trans, self.PERMISSION))
acl_sub = GroupACL.objects.create(subproject=self.subproject)
self.assertFalse(
can_edit(self.privileged, self.trans, self.PERMISSION))
acl_sub.groups.add(self.group)
self.assertTrue(
can_edit(self.privileged, self.trans, self.PERMISSION))
def test_affects_unrelated(self):
lang_cs = Language.objects.get(code='cs')
lang_de = Language.objects.get(code='de')
trans_cs = Translation.objects.create(
subproject=self.subproject, language=lang_cs,
filename="this/is/not/a.template"
)
trans_de = Translation.objects.create(
subproject=self.subproject, language=lang_de,
filename="this/is/not/a.template"
)
acl = GroupACL.objects.create(language=lang_cs)
acl.groups.add(self.group)
self.assertTrue(can_edit(self.privileged, trans_cs, self.PERMISSION))
self.assertFalse(can_edit(self.user, trans_cs, self.PERMISSION))
self.assertTrue(can_edit(self.privileged, trans_de, self.PERMISSION))
self.assertTrue(can_edit(self.user, trans_de, self.PERMISSION))
def test_affects_unrelated(self):
lang_cs = Language.objects.get(code='cs')
lang_de = Language.objects.get(code='de')
trans_cs = Translation.objects.create(
subproject=self.subproject,
language=lang_cs,
filename="this/is/not/a.template")
trans_de = Translation.objects.create(
subproject=self.subproject,
language=lang_de,
filename="this/is/not/a.template")
acl = GroupACL.objects.create(language=lang_cs)
acl.groups.add(self.group)
self.assertTrue(can_edit(self.privileged, trans_cs, self.PERMISSION))
self.assertFalse(can_edit(self.user, trans_cs, self.PERMISSION))
self.assertTrue(can_edit(self.privileged, trans_de, self.PERMISSION))
self.assertTrue(can_edit(self.user, trans_de, self.PERMISSION))
def test_acl_overlap(self):
'''
Overlap test.
When two ACLs can apply to a translation object, only the most
specific one should apply.
'''
acl_lang = GroupACL.objects.create(language=self.language)
acl_lang.groups.add(self.group)
self.assertTrue(
can_edit(self.privileged, self.trans, self.PERMISSION))
acl_sub = GroupACL.objects.create(subproject=self.subproject)
self.clear_permission_cache()
self.assertFalse(
can_edit(self.privileged, self.trans, self.PERMISSION))
acl_sub.groups.add(self.group)
self.assertTrue(
can_edit(self.privileged, self.trans, self.PERMISSION))
def test_group_locked(self):
'''
Limited privilege test.
Once a group is used in a GroupACL, it is said to be "locked".
Privileges from the locked group should not apply outside GroupACL.
I.e., if I gain "author_translation" privilege through membership
in a "privileged_group", applicable to Czech language, this should
not apply to any other language.
'''
lang_cs = Language.objects.get(code='cs')
lang_de = Language.objects.get(code='de')
trans_cs = Translation.objects.create(
subproject=self.subproject, language=lang_cs,
filename="this/is/not/a.template"
)
trans_de = Translation.objects.create(
subproject=self.subproject, language=lang_de,
filename="this/is/not/a.template"
)
perm_name = 'trans.author_translation'
self.assertFalse(can_edit(self.user, trans_cs, perm_name))
self.assertFalse(can_edit(self.privileged, trans_cs, perm_name))
self.assertFalse(can_edit(self.privileged, trans_de, perm_name))
self.clear_permission_cache()
permission = Permission.objects.get(
codename='author_translation', content_type__app_label='trans'
)
self.group.permissions.add(permission)
self.assertFalse(can_edit(self.user, trans_cs, perm_name))
self.assertTrue(can_edit(self.privileged, trans_cs, perm_name))
self.assertTrue(can_edit(self.privileged, trans_de, perm_name))
self.clear_permission_cache()
acl = GroupACL.objects.create(language=lang_cs)
acl.groups.add(self.group)
self.assertTrue(can_edit(self.privileged, trans_cs, perm_name))
self.assertFalse(can_edit(self.privileged, trans_de, perm_name))
def test_group_locked(self):
'''
Limited privilege test.
Once a group is used in a GroupACL, it is said to be "locked".
Privileges from the locked group should not apply outside GroupACL.
I.e., if I gain "author_translation" privilege through membership
in a "privileged_group", applicable to Czech language, this should
not apply to any other language.
'''
lang_cs = Language.objects.get(code='cs')
lang_de = Language.objects.get(code='de')
trans_cs = Translation.objects.create(
subproject=self.subproject, language=lang_cs,
filename="this/is/not/a.template"
)
trans_de = Translation.objects.create(
subproject=self.subproject, language=lang_de,
filename="this/is/not/a.template"
)
perm_name = 'trans.author_translation'
self.assertFalse(can_edit(self.user, trans_cs, perm_name))
self.assertFalse(can_edit(self.privileged, trans_cs, perm_name))
self.assertFalse(can_edit(self.privileged, trans_de, perm_name))
self.clear_permission_cache()
permission = Permission.objects.get(
codename='author_translation', content_type__app_label='trans'
)
self.group.permissions.add(permission)
self.assertFalse(can_edit(self.user, trans_cs, perm_name))
self.assertTrue(can_edit(self.privileged, trans_cs, perm_name))
self.assertTrue(can_edit(self.privileged, trans_de, perm_name))
self.clear_permission_cache()
acl = GroupACL.objects.create(language=lang_cs)
acl.groups.add(self.group)
self.assertTrue(can_edit(self.privileged, trans_cs, perm_name))
self.assertFalse(can_edit(self.privileged, trans_de, perm_name))
