def doTestFor(self, dirDict, requestingUser):
# changing acl should work on 'all' but not on 'write'
dirDict['all'].setPermissionsAssertAllowed(requestingUser, self.alice, Actions.READ)
self.assert_(dirDict['all'].isAllowed(self.alice, Action.READ))
def changeAclWrite():
dirDict['write'].setPermissionsAssertAllowed(requestingUser, self.alice, Actions.READ)
self.assertRaises(PermissionDenied, changeAclWrite)
# inserting an object should work on 'write' but not on 'read'
m = Member(name='writeGood')
m.saveAssertAllowed(requestingUser, checkFolders=[dirDict['write']])
m.folders = [dirDict['write']]
m.save()
self.assert_(Member.objects.filter(name='writeGood', folders=dirDict['write']).exists())
def insertObjectRead():
m = Member(name='writeBad')
m.saveAssertAllowed(requestingUser, checkFolders=[dirDict['read']])
m.folders = [dirDict['read']]
m.save()
self.assertRaises(PermissionDenied, insertObjectRead)
# reading an object should work on 'read' but not on 'none'
self.assert_(Member.allowed(requestingUser).filter(folders=dirDict['read']).exists())
self.assertFalse(Member.allowed(requestingUser).filter(folders=dirDict['none']).exists())
def makeFolderWithPerms(self, agent, actionsName):
root = Folder.getRootFolder()
actions = getattr(Actions, actionsName.upper())
prefix = re.sub(r'^\w+:', '', agent)
folder = root.makeSubFolder('%s_%s' % (prefix, actionsName))
folder.clearAcl()
folder.setPermissions(agent, actions)
# insert an object to the folder so we can test read access
m = Member(name='foo')
m.save()
m.folders = [folder]
m.save()
return folder
def test_insertObject(self):
# admin, alice and bob have write privileges
m = Member(name='byAdmin')
m.saveAssertAllowed(self.admin, checkFolders=[self.f1])
m.folders = [self.f1]
m.save()
self.assert_(Member.objects.filter(name='byAdmin', folders=self.f1).exists())
m = Member(name='byAlice')
m.saveAssertAllowed(self.alice, checkFolders=[self.f1])
m.folders = [self.f1]
m.save()
self.assert_(Member.objects.filter(name='byAlice', folders=self.f1).exists())
m = Member(name='byBob')
m.saveAssertAllowed(self.bob, checkFolders=[self.f1])
m.folders = [self.f1]
m.save()
self.assert_(Member.objects.filter(name='byBob', folders=self.f1).exists())
# clara only has read privileges, denied
def byClara():
m = Member(name='byClara')
m.saveAssertAllowed(self.clara, checkFolders=[self.f1])
m.folders = [self.f1]
m.save()
self.assertRaises(PermissionDenied, byClara)
def insertObjectRead():
m = Member(name='writeBad')
m.saveAssertAllowed(requestingUser, checkFolders=[dirDict['read']])
m.folders = [dirDict['read']]
m.save()
def test_readObject(self):
m = Member(name='x')
m.save()
m.folders = [self.f1]
m.save()
def containsX(querySet):
return querySet.filter(name='x', folders=self.f1).exists()
# admin, alice, bob, and clara have read privileges
self.assert_(containsX(Member.allowed(self.admin)))
self.assert_(containsX(Member.allowed(self.alice)))
self.assert_(containsX(Member.allowed(self.bob)))
self.assert_(containsX(Member.allowed(self.clara)))
# dave has no privileges, denied
self.assertFalse(containsX(Member.allowed(self.dave)))
def byClara():
m = Member(name='byClara')
m.saveAssertAllowed(self.clara, checkFolders=[self.f1])
m.folders = [self.f1]
m.save()
