class GuestAuthorizationPolicyTest(unittest.TestCase):
def setUp(self):
self.authz = AuthorizationPolicy()
self.authz.get_bound_permissions = lambda o, p: []
self.request = DummyRequest(method='GET')
self.context = RouteFactory(self.request)
self.context.on_collection = True
self.context.check_permission = mock.Mock(return_value=False)
def test_permits_returns_true_if_collection_and_shared_records(self):
self.context.fetch_shared_records = mock.MagicMock(
return_value=['record1', 'record2'])
allowed = self.authz.permits(self.context, ['userid'], 'dynamic')
# Note: we use the list of principals from request.prefixed_principals
self.context.fetch_shared_records.assert_called_with(
'read',
['system.Everyone', 'system.Authenticated', 'basicauth:bob'],
self.authz.get_bound_permissions)
self.assertTrue(allowed)
def test_permits_does_not_return_true_if_not_collection(self):
self.context.on_collection = False
allowed = self.authz.permits(self.context, ['userid'], 'dynamic')
self.assertFalse(allowed)
def test_permits_does_not_return_true_if_not_list_operation(self):
self.context.required_permission = 'create'
allowed = self.authz.permits(self.context, ['userid'], 'dynamic')
self.assertFalse(allowed)
allowed = self.authz.permits(self.context, ['userid'], 'create')
self.assertFalse(allowed)
def test_permits_returns_false_if_collection_is_unknown(self):
self.context.fetch_shared_records = mock.MagicMock(return_value=None)
allowed = self.authz.permits(self.context, ['userid'], 'dynamic')
# Note: we use the list of principals from request.prefixed_principals
self.context.fetch_shared_records.assert_called_with(
'read',
['system.Everyone', 'system.Authenticated', 'basicauth:bob'],
self.authz.get_bound_permissions)
self.assertFalse(allowed)
def test_perm_object_id_is_naive_if_no_record_path_exists(self):
def route_path(service_name, **kwargs):
# Simulate a resource that has no record_path (only list).
if service_name == 'article-record':
raise KeyError
return '/comments/sub/{id}'.format(**kwargs)
self.request.route_path.side_effect = route_path
self.request.path = '/comments'
self.context.resource_name = 'comment'
obj_id = self.context.get_permission_object_id(self.request, '*')
self.assertEquals(obj_id, '/comments/sub/*')
self.request.path = '/articles'
self.context.resource_name = 'article'
obj_id = self.context.get_permission_object_id(self.request, '*')
self.assertEquals(obj_id, '/articles/*')
class GuestAuthorizationPolicyTest(unittest.TestCase):
def setUp(self):
self.authz = AuthorizationPolicy()
self.authz.get_bound_permissions = lambda o, p: []
self.request = DummyRequest(method='GET')
self.context = RouteFactory(self.request)
self.context.on_collection = True
self.context.check_permission = mock.Mock(return_value=False)
def test_permits_returns_true_if_collection_and_shared_records(self):
self.context.fetch_shared_records = mock.MagicMock(return_value=[
'record1', 'record2'])
allowed = self.authz.permits(self.context, ['userid'], 'dynamic')
# Note: we use the list of principals from request.prefixed_principals
self.context.fetch_shared_records.assert_called_with(
'read',
['basicauth:bob', 'system.Everyone', 'system.Authenticated'],
self.authz.get_bound_permissions)
self.assertTrue(allowed)
def test_permits_does_not_return_true_if_not_collection(self):
self.context.on_collection = False
allowed = self.authz.permits(self.context, ['userid'], 'dynamic')
self.assertFalse(allowed)
def test_permits_does_not_return_true_if_not_list_operation(self):
self.context.required_permission = 'create'
allowed = self.authz.permits(self.context, ['userid'], 'dynamic')
self.assertFalse(allowed)
allowed = self.authz.permits(self.context, ['userid'], 'create')
self.assertFalse(allowed)
def test_permits_returns_false_if_collection_is_unknown(self):
self.context.fetch_shared_records = mock.MagicMock(return_value=None)
allowed = self.authz.permits(self.context, ['userid'], 'dynamic')
# Note: we use the list of principals from request.prefixed_principals
self.context.fetch_shared_records.assert_called_with(
'read',
['basicauth:bob', 'system.Everyone', 'system.Authenticated'],
self.authz.get_bound_permissions)
self.assertFalse(allowed)
def test_perm_object_id_is_naive_if_no_record_path_exists(self):
def route_path(service_name, **kwargs):
# Simulate a resource that has no record_path (only list).
if service_name == 'article-record':
raise KeyError
return '/comments/sub/{id}'.format_map(kwargs)
self.request.route_path.side_effect = route_path
self.request.path = '/comments'
self.context.resource_name = 'comment'
obj_id = self.context.get_permission_object_id(self.request, '*')
self.assertEquals(obj_id, '/comments/sub/*')
self.request.path = '/articles'
self.context.resource_name = 'article'
obj_id = self.context.get_permission_object_id(self.request, '*')
self.assertEquals(obj_id, '/articles/*')
class GuestAuthorizationPolicyTest(unittest.TestCase):
def setUp(self):
self.authz = AuthorizationPolicy()
self.authz.get_bound_permissions = lambda o, p: []
self.request = DummyRequest(method="GET")
self.context = RouteFactory(self.request)
self.context.on_plural_endpoint = True
self.context.check_permission = mock.Mock(return_value=False)
def test_permits_returns_true_if_plural_endpoint_and_shared_objects(self):
self.context.fetch_shared_objects = mock.MagicMock(
return_value=["object1", "object2"])
allowed = self.authz.permits(self.context, ["userid"], "dynamic")
# Note: we use the list of principals from request.prefixed_principals
self.context.fetch_shared_objects.assert_called_with(
"read",
["basicauth:bob", "system.Everyone", "system.Authenticated"],
self.authz.get_bound_permissions,
)
self.assertTrue(allowed)
def test_permits_does_not_return_true_if_not_plural_endpoint(self):
self.context.on_plural_endpoint = False
allowed = self.authz.permits(self.context, ["userid"], "dynamic")
self.assertFalse(allowed)
def test_permits_does_not_return_true_if_not_list_operation(self):
self.context.required_permission = "create"
allowed = self.authz.permits(self.context, ["userid"], "dynamic")
self.assertFalse(allowed)
allowed = self.authz.permits(self.context, ["userid"], "create")
self.assertFalse(allowed)
def test_permits_returns_false_if_resource_is_unknown(self):
self.context.fetch_shared_objects = mock.MagicMock(return_value=None)
allowed = self.authz.permits(self.context, ["userid"], "dynamic")
# Note: we use the list of principals from request.prefixed_principals
self.context.fetch_shared_objects.assert_called_with(
"read",
["basicauth:bob", "system.Everyone", "system.Authenticated"],
self.authz.get_bound_permissions,
)
self.assertFalse(allowed)
def test_perm_object_id_is_naive_if_no_object_path_exists(self):
def route_path(service_name, **kwargs):
# Simulate a resource that has no object_path (only list).
if service_name == "article-object":
raise KeyError
return "/comments/sub/{id}".format_map(kwargs)
self.request.route_path.side_effect = route_path
self.request.path = "/comments"
self.context.resource_name = "comment"
obj_id = self.context.get_permission_object_id(self.request, "*")
self.assertEqual(obj_id, "/comments/sub/*")
self.request.path = "/articles"
self.context.resource_name = "article"
obj_id = self.context.get_permission_object_id(self.request, "*")
self.assertEqual(obj_id, "/articles/*")
class GuestAuthorizationPolicyTest(unittest.TestCase):
def setUp(self):
self.authz = AuthorizationPolicy()
self.authz.get_bound_permissions = lambda o, p: []
self.request = DummyRequest(method="GET")
self.context = RouteFactory(self.request)
self.context.on_collection = True
self.context.check_permission = mock.Mock(return_value=False)
def test_permits_returns_true_if_collection_and_shared_records(self):
self.context.fetch_shared_records = mock.MagicMock(return_value=["record1", "record2"])
allowed = self.authz.permits(self.context, ["userid"], "dynamic")
# Note: we use the list of principals from request.prefixed_principals
self.context.fetch_shared_records.assert_called_with(
"read",
["basicauth:bob", "system.Everyone", "system.Authenticated"],
self.authz.get_bound_permissions,
)
self.assertTrue(allowed)
def test_permits_does_not_return_true_if_not_collection(self):
self.context.on_collection = False
allowed = self.authz.permits(self.context, ["userid"], "dynamic")
self.assertFalse(allowed)
def test_permits_does_not_return_true_if_not_list_operation(self):
self.context.required_permission = "create"
allowed = self.authz.permits(self.context, ["userid"], "dynamic")
self.assertFalse(allowed)
allowed = self.authz.permits(self.context, ["userid"], "create")
self.assertFalse(allowed)
def test_permits_returns_false_if_collection_is_unknown(self):
self.context.fetch_shared_records = mock.MagicMock(return_value=None)
allowed = self.authz.permits(self.context, ["userid"], "dynamic")
# Note: we use the list of principals from request.prefixed_principals
self.context.fetch_shared_records.assert_called_with(
"read",
["basicauth:bob", "system.Everyone", "system.Authenticated"],
self.authz.get_bound_permissions,
)
self.assertFalse(allowed)
def test_perm_object_id_is_naive_if_no_record_path_exists(self):
def route_path(service_name, **kwargs):
# Simulate a resource that has no record_path (only list).
if service_name == "article-record":
raise KeyError
return "/comments/sub/{id}".format_map(kwargs)
self.request.route_path.side_effect = route_path
self.request.path = "/comments"
self.context.resource_name = "comment"
obj_id = self.context.get_permission_object_id(self.request, "*")
self.assertEqual(obj_id, "/comments/sub/*")
self.request.path = "/articles"
self.context.resource_name = "article"
obj_id = self.context.get_permission_object_id(self.request, "*")
self.assertEqual(obj_id, "/articles/*")
