def setUp(self):
# setup the system and install our own test database
self.db = zoom.database.setup_test()
self.users = Users(self.db)
self.user = self.users.first(username='******')
self.site = zoom.system.site = FakeSite(
db=self.db,
url='',
logging=False,
users=self.users,
)
self.request = context.request = FakeRequest(
'/myapp',
user=self.user,
site=self.site,
path='/myapp',
ip_address='127.0.0.1',
remote_user='',
host='localhost',
data={},
)
# create the test collection
self.collection = Collection(person_fields,
name='People',
model=Person,
url='/myapp',
store=zoom.store.EntityStore(
self.db, Person))
# so we can see our print statements
self.save_stdout = sys.stdout
sys.stdout = sys.stderr
self.logger = logging.getLogger(__name__)
def main(route, request):
db = request.site.db
users = Users(db)
fields = user_fields(request)
columns = 'link', 'username', 'phone', 'email', 'username', 'status', 'updated', 'updated_by'
return Collection(fields,
model=User,
controller=UserCollectionController,
store=users,
item_name='user',
columns=columns,
url='/admin/users')(route, request)
def main(route, request):
def user_group(group):
return group.type == 'U' and not group.name.startswith('a_')
db = request.site.db
users = Groups(db)
fields = group_fields(request)
columns = 'link', 'description', 'administrators'
return Collection(
fields,
model=Group,
controller=GroupCollectionController,
store=users,
item_name='group',
url='/admin/groups',
filter=user_group,
columns=columns,
)(route, request)
def setUp(self):
# setup the system and install our own test database
system.setup(os.path.expanduser('~'))
user.initialize('guest')
user.groups = ['managers']
params = dict(
host='database',
user='******',
passwd='password',
db='test',
)
self.db = Database(MySQLdb.Connect, **params)
self.db.autocommit(1)
system.db = self.db
# create the test collection
self.collection = Collection('People', person_fields, Person, url='/myapp')
# so we can see our print statements
self.save_stdout = sys.stdout
sys.stdout = sys.stderr
def __init__(self):
Collection.__init__(self, 'Contact', contact_fields, Contact)
self.labels = 'name', 'title', 'photo'
self.columns = 'link', 'title', 'photo_img'
self.url = url_for_app('contacts')
def test_published(self):
class PrivatePerson(Person):
def allows(self, user, action=None):
def is_owner(user):
return user.user_id == self.owner_id
def is_user(user):
return user.is_authenticated
actions = {
'create': is_user,
'read': is_user,
'update': is_owner,
'delete': is_owner,
}
return actions.get(action)(user)
self.collection = Collection('People', person_fields, PrivatePerson, url='/myapp')
self.collection.can_edit = lambda: True
self.collection.store.zap()
t = self.collection()
assert_same(VIEW_EMPTY_LIST, t.content)
# user one inserts two records
user.initialize('user')
assert user.is_authenticated
user.groups = ['managers']
joe_input = dict(
CREATE_BUTTON='y',
NAME='Jim',
ADDRESS='123 Somewhere St',
SALARY=Decimal('40000'),
)
t = self.collection('new', **joe_input)
sally_input = dict(
CREATE_BUTTON='y',
NAME='Sally',
ADDRESS='123 Special St',
SALARY=Decimal('45000'),
)
t = self.collection('new', **sally_input)
t = self.collection()
assert_same(VIEW_UPDATED_JOE_LIST, t.content)
# user two inserts one record
user.initialize('admin')
self.collection('new', **dict(
CREATE_BUTTON='y',
NAME='Joe',
ADDRESS='123 Somewhere St',
SALARY=Decimal('40000'),
))
t = self.collection()
assert_same(VIEW_ALL_RECORDS_LIST, t.content)
# user one can also see all
user.initialize('user')
t = self.collection()
assert_same(VIEW_ALL_RECORDS_LIST, t.content)
# guest can't read records
user.initialize('guest')
with self.assertRaises(UnauthorizedException):
t = self.collection('joe')
# authenticated user can read records that belong to others
user.initialize('user')
t = self.collection('joe')
# user can't edit records that belong to others
user.initialize('guest')
with self.assertRaises(UnauthorizedException):
t = self.collection('joe', 'edit')
# user can't edit records that belong to others
user.initialize('user')
with self.assertRaises(UnauthorizedException):
t = self.collection('joe', 'edit')
# guest can't do delete confirmation for records that belong to others
user.initialize('guest')
with self.assertRaises(UnauthorizedException):
t = self.collection('joe', 'delete')
# user can't do delete confirmation for records that belong to others
user.initialize('user')
with self.assertRaises(UnauthorizedException):
t = self.collection('joe', 'delete')
# user can't update records that belong to others
with self.assertRaises(UnauthorizedException):
t = self.collection('joe', 'edit', **dict(
SAVE_BUTTON='y',
NAME='Andy',
ADDRESS='123 Somewhere St',
SALARY=Decimal('40000'),
))
# user can't delete records that belong to others
with self.assertRaises(UnauthorizedException):
self.collection('joe', 'delete', **{'CONFIRM': 'NO'})
# switch back to owner and do the same operations
user.initialize('admin')
self.collection('joe')
self.collection('joe', 'edit')
self.collection('joe', 'delete')
self.collection('joe', 'edit', **dict(
SAVE_BUTTON='y',
NAME='Andy',
ADDRESS='123 Somewhere St',
SALARY=Decimal('40000'),
))
self.collection('andy', 'delete', **{'CONFIRM': 'NO'})
# guest can't delete
user.initialize('guest')
user.groups = ['managers']
with self.assertRaises(UnauthorizedException):
self.collection('delete', 'jim', **{'CONFIRM': 'NO'})
# guest can't delete
with self.assertRaises(UnauthorizedException):
self.collection('delete', 'sally', **{'CONFIRM': 'NO'})
# non-owner can't delete
user.initialize('admin')
user.groups = ['managers']
with self.assertRaises(UnauthorizedException):
self.collection('delete', 'jim', **{'CONFIRM': 'NO'})
# non-owner can't delete
with self.assertRaises(UnauthorizedException):
self.collection('delete', 'sally', **{'CONFIRM': 'NO'})
# owner can delete
user.initialize('user')
user.groups = ['managers']
self.collection('delete', 'jim', **{'CONFIRM': 'NO'})
t = self.collection()
assert_same(VIEW_NO_JOE_LIST, t.content)
self.collection('delete', 'sally', **{'CONFIRM': 'NO'})
t = self.collection()
assert_same(VIEW_EMPTY_LIST, t.content)
def __init__(self):
Collection.__init__(self, 'Contact', contact_fields, Contact)
self.labels = 'name', 'title', 'photo'
self.columns = 'link', 'title', 'photo_img'
self.url = url_for_app('contacts')