class GuestAuthorizationPolicyTest(unittest.TestCase): def setUp(self): self.authz = AuthorizationPolicy() self.authz.get_bound_permissions = lambda o, p: [] self.request = DummyRequest(method='GET') self.context = RouteFactory(self.request) self.context.on_collection = True self.context.check_permission = mock.Mock(return_value=False) def test_permits_returns_true_if_collection_and_shared_records(self): self.context.fetch_shared_records = mock.MagicMock( return_value=['record1', 'record2']) allowed = self.authz.permits(self.context, ['userid'], 'dynamic') # Note: we use the list of principals from request.prefixed_principals self.context.fetch_shared_records.assert_called_with( 'read', ['system.Everyone', 'system.Authenticated', 'basicauth:bob'], self.authz.get_bound_permissions) self.assertTrue(allowed) def test_permits_does_not_return_true_if_not_collection(self): self.context.on_collection = False allowed = self.authz.permits(self.context, ['userid'], 'dynamic') self.assertFalse(allowed) def test_permits_does_not_return_true_if_not_list_operation(self): self.context.required_permission = 'create' allowed = self.authz.permits(self.context, ['userid'], 'dynamic') self.assertFalse(allowed) allowed = self.authz.permits(self.context, ['userid'], 'create') self.assertFalse(allowed) def test_permits_returns_false_if_collection_is_unknown(self): self.context.fetch_shared_records = mock.MagicMock(return_value=None) allowed = self.authz.permits(self.context, ['userid'], 'dynamic') # Note: we use the list of principals from request.prefixed_principals self.context.fetch_shared_records.assert_called_with( 'read', ['system.Everyone', 'system.Authenticated', 'basicauth:bob'], self.authz.get_bound_permissions) self.assertFalse(allowed) def test_perm_object_id_is_naive_if_no_record_path_exists(self): def route_path(service_name, **kwargs): # Simulate a resource that has no record_path (only list). if service_name == 'article-record': raise KeyError return '/comments/sub/{id}'.format(**kwargs) self.request.route_path.side_effect = route_path self.request.path = '/comments' self.context.resource_name = 'comment' obj_id = self.context.get_permission_object_id(self.request, '*') self.assertEquals(obj_id, '/comments/sub/*') self.request.path = '/articles' self.context.resource_name = 'article' obj_id = self.context.get_permission_object_id(self.request, '*') self.assertEquals(obj_id, '/articles/*')
class GuestAuthorizationPolicyTest(unittest.TestCase): def setUp(self): self.authz = AuthorizationPolicy() self.authz.get_bound_permissions = lambda o, p: [] self.request = DummyRequest(method='GET') self.context = RouteFactory(self.request) self.context.on_collection = True self.context.check_permission = mock.Mock(return_value=False) def test_permits_returns_true_if_collection_and_shared_records(self): self.context.fetch_shared_records = mock.MagicMock(return_value=[ 'record1', 'record2']) allowed = self.authz.permits(self.context, ['userid'], 'dynamic') # Note: we use the list of principals from request.prefixed_principals self.context.fetch_shared_records.assert_called_with( 'read', ['basicauth:bob', 'system.Everyone', 'system.Authenticated'], self.authz.get_bound_permissions) self.assertTrue(allowed) def test_permits_does_not_return_true_if_not_collection(self): self.context.on_collection = False allowed = self.authz.permits(self.context, ['userid'], 'dynamic') self.assertFalse(allowed) def test_permits_does_not_return_true_if_not_list_operation(self): self.context.required_permission = 'create' allowed = self.authz.permits(self.context, ['userid'], 'dynamic') self.assertFalse(allowed) allowed = self.authz.permits(self.context, ['userid'], 'create') self.assertFalse(allowed) def test_permits_returns_false_if_collection_is_unknown(self): self.context.fetch_shared_records = mock.MagicMock(return_value=None) allowed = self.authz.permits(self.context, ['userid'], 'dynamic') # Note: we use the list of principals from request.prefixed_principals self.context.fetch_shared_records.assert_called_with( 'read', ['basicauth:bob', 'system.Everyone', 'system.Authenticated'], self.authz.get_bound_permissions) self.assertFalse(allowed) def test_perm_object_id_is_naive_if_no_record_path_exists(self): def route_path(service_name, **kwargs): # Simulate a resource that has no record_path (only list). if service_name == 'article-record': raise KeyError return '/comments/sub/{id}'.format_map(kwargs) self.request.route_path.side_effect = route_path self.request.path = '/comments' self.context.resource_name = 'comment' obj_id = self.context.get_permission_object_id(self.request, '*') self.assertEquals(obj_id, '/comments/sub/*') self.request.path = '/articles' self.context.resource_name = 'article' obj_id = self.context.get_permission_object_id(self.request, '*') self.assertEquals(obj_id, '/articles/*')
class GuestAuthorizationPolicyTest(unittest.TestCase): def setUp(self): self.authz = AuthorizationPolicy() self.authz.get_bound_permissions = lambda o, p: [] self.request = DummyRequest(method="GET") self.context = RouteFactory(self.request) self.context.on_plural_endpoint = True self.context.check_permission = mock.Mock(return_value=False) def test_permits_returns_true_if_plural_endpoint_and_shared_objects(self): self.context.fetch_shared_objects = mock.MagicMock( return_value=["object1", "object2"]) allowed = self.authz.permits(self.context, ["userid"], "dynamic") # Note: we use the list of principals from request.prefixed_principals self.context.fetch_shared_objects.assert_called_with( "read", ["basicauth:bob", "system.Everyone", "system.Authenticated"], self.authz.get_bound_permissions, ) self.assertTrue(allowed) def test_permits_does_not_return_true_if_not_plural_endpoint(self): self.context.on_plural_endpoint = False allowed = self.authz.permits(self.context, ["userid"], "dynamic") self.assertFalse(allowed) def test_permits_does_not_return_true_if_not_list_operation(self): self.context.required_permission = "create" allowed = self.authz.permits(self.context, ["userid"], "dynamic") self.assertFalse(allowed) allowed = self.authz.permits(self.context, ["userid"], "create") self.assertFalse(allowed) def test_permits_returns_false_if_resource_is_unknown(self): self.context.fetch_shared_objects = mock.MagicMock(return_value=None) allowed = self.authz.permits(self.context, ["userid"], "dynamic") # Note: we use the list of principals from request.prefixed_principals self.context.fetch_shared_objects.assert_called_with( "read", ["basicauth:bob", "system.Everyone", "system.Authenticated"], self.authz.get_bound_permissions, ) self.assertFalse(allowed) def test_perm_object_id_is_naive_if_no_object_path_exists(self): def route_path(service_name, **kwargs): # Simulate a resource that has no object_path (only list). if service_name == "article-object": raise KeyError return "/comments/sub/{id}".format_map(kwargs) self.request.route_path.side_effect = route_path self.request.path = "/comments" self.context.resource_name = "comment" obj_id = self.context.get_permission_object_id(self.request, "*") self.assertEqual(obj_id, "/comments/sub/*") self.request.path = "/articles" self.context.resource_name = "article" obj_id = self.context.get_permission_object_id(self.request, "*") self.assertEqual(obj_id, "/articles/*")
class GuestAuthorizationPolicyTest(unittest.TestCase): def setUp(self): self.authz = AuthorizationPolicy() self.authz.get_bound_permissions = lambda o, p: [] self.request = DummyRequest(method="GET") self.context = RouteFactory(self.request) self.context.on_collection = True self.context.check_permission = mock.Mock(return_value=False) def test_permits_returns_true_if_collection_and_shared_records(self): self.context.fetch_shared_records = mock.MagicMock(return_value=["record1", "record2"]) allowed = self.authz.permits(self.context, ["userid"], "dynamic") # Note: we use the list of principals from request.prefixed_principals self.context.fetch_shared_records.assert_called_with( "read", ["basicauth:bob", "system.Everyone", "system.Authenticated"], self.authz.get_bound_permissions, ) self.assertTrue(allowed) def test_permits_does_not_return_true_if_not_collection(self): self.context.on_collection = False allowed = self.authz.permits(self.context, ["userid"], "dynamic") self.assertFalse(allowed) def test_permits_does_not_return_true_if_not_list_operation(self): self.context.required_permission = "create" allowed = self.authz.permits(self.context, ["userid"], "dynamic") self.assertFalse(allowed) allowed = self.authz.permits(self.context, ["userid"], "create") self.assertFalse(allowed) def test_permits_returns_false_if_collection_is_unknown(self): self.context.fetch_shared_records = mock.MagicMock(return_value=None) allowed = self.authz.permits(self.context, ["userid"], "dynamic") # Note: we use the list of principals from request.prefixed_principals self.context.fetch_shared_records.assert_called_with( "read", ["basicauth:bob", "system.Everyone", "system.Authenticated"], self.authz.get_bound_permissions, ) self.assertFalse(allowed) def test_perm_object_id_is_naive_if_no_record_path_exists(self): def route_path(service_name, **kwargs): # Simulate a resource that has no record_path (only list). if service_name == "article-record": raise KeyError return "/comments/sub/{id}".format_map(kwargs) self.request.route_path.side_effect = route_path self.request.path = "/comments" self.context.resource_name = "comment" obj_id = self.context.get_permission_object_id(self.request, "*") self.assertEqual(obj_id, "/comments/sub/*") self.request.path = "/articles" self.context.resource_name = "article" obj_id = self.context.get_permission_object_id(self.request, "*") self.assertEqual(obj_id, "/articles/*")