def setUp(self):
        super(FilteringRestrictedItemsTest, self).setUp()

        # without explicit re-registration of the default policy unit tests
        # failed when running 'python setup.py test'
        self._register_default_policy()
        # get rid of default media
        Media.query.delete()
        self.private_media = Media.example(slug=u'private')
        self.public_media = Media.example(slug=u'public')
        self.permission_system = MediaCorePermissionSystem(self.pylons_config)
        self.media_query = Media.query
        user = self._create_user_without_groups()
        self.perm = UserPermissions(user, self.permission_system)
Пример #2
0
    def test_non_editors_are_redirect_to_home_page_after_login(self):
        user = User.example()
        perm = MediaCorePermissionSystem.permissions_for_user(user, config)
        assert_false(perm.contains_permission(u'edit'))
        assert_false(perm.contains_permission(u'admin'))

        response = self.call_post_login(user)
        assert_equals('http://server.example:80/', response.location)
Пример #3
0
 def test_non_editors_are_redirect_to_home_page_after_login(self):
     user = User.example()
     perm = MediaCorePermissionSystem.permissions_for_user(user, config)
     assert_false(perm.contains_permission(u'edit'))
     assert_false(perm.contains_permission(u'admin'))
     
     response = self.call_post_login(user)
     assert_equals('http://server.example:80/', response.location)
 def test_non_editors_are_redirect_to_home_page_after_login(self):
     user = User.example()
     perm = MediaCorePermissionSystem.permissions_for_user(user, config)
     assert_false(perm.contains_permission(u'edit'))
     assert_false(perm.contains_permission(u'admin'))
     
     response = self.call_post_login(user)
     redirect_path = urlparse.urlsplit(response.location)[2] # .path in 2.5+
     assert_equals('/', redirect_path)
Пример #5
0
 def _create_user_with_admin_permission_only(self):
     admin_perm = DBSession.query(Permission).filter(Permission.permission_name == u'admin').one()
     second_admin_group = Group.example(name=u'Second admin group')
     admin_perm.groups.append(second_admin_group)
     admin = User.example(groups=[second_admin_group])
     DBSession.commit()
     perm = MediaCorePermissionSystem.permissions_for_user(admin, config)
     assert_true(perm.contains_permission(u'admin'))
     assert_false(perm.contains_permission(u'edit'))
     return admin
Пример #6
0
 def _create_user_with_admin_permission_only(self):
     admin_perm = DBSession.query(Permission).filter(
         Permission.permission_name == u'admin').one()
     second_admin_group = Group.example(name=u'Second admin group')
     admin_perm.groups.append(second_admin_group)
     admin = User.example(groups=[second_admin_group])
     DBSession.commit()
     perm = MediaCorePermissionSystem.permissions_for_user(admin, config)
     assert_true(perm.contains_permission(u'admin'))
     assert_false(perm.contains_permission(u'edit'))
     return admin
 def set_authenticated_user(self, user, wsgi_environ=None):
     if wsgi_environ is None:
         wsgi_environ = pylons.request.environ
     
     identity = wsgi_environ.setdefault('repoze.who.identity', {})
     identity.update({
         'user': user,
         'repoze.who.userid': user.user_id,
     })
     perm = MediaCorePermissionSystem.permissions_for_request(wsgi_environ, self.pylons_config)
     wsgi_environ['mediacore.perm'] = perm
     pylons.request.perm = perm
 def setUp(self):
     super(FilteringRestrictedItemsTest, self).setUp()
     
     # without explicit re-registration of the default policy unit tests 
     # failed when running 'python setup.py test'
     self._register_default_policy()
     # get rid of default media
     Media.query.delete()
     self.private_media = Media.example(slug=u'private')
     self.public_media = Media.example(slug=u'public')
     self.permission_system = MediaCorePermissionSystem(self.pylons_config)
     self.media_query = Media.query
     user = self._create_user_without_groups()
     self.perm = UserPermissions(user, self.permission_system)
Пример #9
0
 def set_authenticated_user(self, user, wsgi_environ=None):
     if wsgi_environ is None:
         wsgi_environ = pylons.request.environ
     
     if (user is None) and ('repoze.who.identity' in wsgi_environ):
         del wsgi_environ['repoze.who.identity']
     elif user is not None:
         identity = wsgi_environ.setdefault('repoze.who.identity', {})
         identity.update({
             'user': user,
             'repoze.who.userid': user.id,
         })
     perm = MediaCorePermissionSystem.permissions_for_request(wsgi_environ, self.pylons_config)
     wsgi_environ['mediacore.perm'] = perm
     pylons.request.perm = perm
Пример #10
0
def viewable_media(query):
    permission_system = MediaCorePermissionSystem(config)
    return permission_system.filter_restricted_items(query, u'view', request.perm)
 def assert_user_groups(self, groups, user):
     perm = MediaCorePermissionSystem.permissions_for_user(user, self.pylons_config)
     assert_equals(set(groups), set(perm.groups))
Пример #12
0
 def _create_user_with_edit_permission_only(self):
     editor = User.example(groups=[self.editor_group()])
     perm = MediaCorePermissionSystem.permissions_for_user(editor, config)
     assert_true(perm.contains_permission(u'edit'))
     assert_false(perm.contains_permission(u'admin'))
     return editor
class FilteringRestrictedItemsTest(DBTestCase):
    def setUp(self):
        super(FilteringRestrictedItemsTest, self).setUp()

        # without explicit re-registration of the default policy unit tests
        # failed when running 'python setup.py test'
        self._register_default_policy()
        # get rid of default media
        Media.query.delete()
        self.private_media = Media.example(slug=u'private')
        self.public_media = Media.example(slug=u'public')
        self.permission_system = MediaCorePermissionSystem(self.pylons_config)
        self.media_query = Media.query
        user = self._create_user_without_groups()
        self.perm = UserPermissions(user, self.permission_system)

    def _register_default_policy(self):
        PermissionPolicies.register(GroupBasedPermissionsPolicy)

    def _create_user_without_groups(self):
        user = User()
        user.user_name = u'joe'
        user.email_address = u'*****@*****.**'
        user.display_name = u'Joe'
        user.groups = []
        DBSession.add(user)
        DBSession.flush()
        return user

    # --- tests ---------------------------------------------------------------
    def test_can_use_policies_to_return_only_accessible_items(self):
        assert_equals(2, self.media_query.count())
        fake_policy = self._fake_view_policy(lambda media:
                                             (u'public' in media.slug))
        self.permission_system.policies = [fake_policy]

        results = self._media_query_results(u'view')
        assert_equals(1, results.count())
        assert_equals(self.public_media, list(results)[0])

    # --- tests with access filtering -----------------------------------------
    def test_can_add_filter_criteria_to_base_query(self):
        self.permission_system.policies = [
            self._fake_view_policy_with_query_conditions()
        ]
        results = self._media_query_results(u'view')
        assert_equals(1, results.count())
        assert_equals(self.private_media, list(results)[0])

        assert_equals(0, self._media_query_results(u'unknown').count())

    def test_only_adds_filter_criteria_to_query_if_all_policies_agree(self):
        self.permission_system.policies = [
            self._fake_view_policy_with_query_conditions(),
            self._fake_view_policy(lambda media: (u'public' in media.slug))
        ]
        results = self._media_query_results(u'view')
        assert_equals(1, results.count())
        assert_equals(self.public_media, list(results)[0])

    def test_policies_can_return_true_as_a_shortcut_to_prevent_further_result_filtering(
            self):
        class FakePolicy(IPermissionPolicy):
            permissions = (u'view', )

            def can_apply_access_restrictions_to_query(self, query,
                                                       permission):
                return True

            def access_condition_for_query(self, query, permission, perm):
                return True

        self.permission_system.policies = [FakePolicy()]

        results = self._media_query_results(u'view')
        assert_equals(2, results.count())

    def test_policies_can_return_false_to_suppress_all_items(self):
        class FakePolicy(IPermissionPolicy):
            permissions = (u'view', )

            def can_apply_access_restrictions_to_query(self, query,
                                                       permission):
                return True

            def access_condition_for_query(self, query, permission, perm):
                return False

        self.permission_system.policies = [FakePolicy()]

        results = self._media_query_results(u'view')
        assert_equals(0, results.count())

    def test_policies_can_return_none_as_access_condition(self):
        class FakePolicy(IPermissionPolicy):
            permissions = (u'view', )

            def can_apply_access_restrictions_to_query(self, query,
                                                       permission):
                return True

            def access_condition_for_query(self, query, permission, perm):
                return None

        self.permission_system.policies = [FakePolicy()]
        results = self._media_query_results(u'view')
        assert_equals(0, results.count())

        self.permission_system.policies = [
            FakePolicy(),
            self._fake_view_policy_with_query_conditions()
        ]
        results = self._media_query_results(u'view')
        assert_equals(1, results.count())

    def test_policies_can_return_query_and_condition(self):
        test_self = self

        class FakePolicy(IPermissionPolicy):
            permissions = (u'view', )

            def can_apply_access_restrictions_to_query(self, query,
                                                       permission):
                return True

            def access_condition_for_query(self, query, permission, perm):
                query = query.filter(Media.id == test_self.private_media.id)
                return None, query

        self.permission_system.policies = [FakePolicy()]

        results = self._media_query_results(u'view')
        assert_equals(1, results.count())
        assert_equals(self.private_media, results.first())

    # --- helpers -------------------------------------------------------------

    def _media_query_results(self, permission):
        return self.permission_system.filter_restricted_items(
            self.media_query, permission, self.perm)

    def _fake_view_policy(self, condition):
        class FakeViewPolicy(IPermissionPolicy):
            permissions = (u'view', )

            def permits(self, permission, user_permissions, resource):
                media = resource.data['media']
                return condition(media)

        return FakeViewPolicy()

    def _fake_view_policy_with_query_conditions(self):
        test_self = self

        class FakePolicy(IPermissionPolicy):
            permissions = (u'view', )

            def permits(self, permission, user_permissions, resource):
                return (resource.data['media'].id == test_self.public_media.id)

            def can_apply_access_restrictions_to_query(self, query,
                                                       permission):
                return True

            def access_condition_for_query(self, query, permission, perm):
                return (Media.id == test_self.private_media.id)

        return FakePolicy()
Пример #14
0
def viewable_media(query):
    permission_system = MediaCorePermissionSystem(config)
    return permission_system.filter_restricted_items(query, u'view',
                                                     request.perm)
Пример #15
0
 def __call__(self, environ, start_response):
     environ['mediacore.perm'] = \
         MediaCorePermissionSystem.permissions_for_request(environ, self.config)
     return self.app(environ, start_response)
Пример #16
0
 def _create_user_with_edit_permission_only(self):
     editor = User.example(groups=[self.editor_group()])
     perm = MediaCorePermissionSystem.permissions_for_user(editor, config)
     assert_true(perm.contains_permission(u'edit'))
     assert_false(perm.contains_permission(u'admin'))
     return editor
class FilteringRestrictedItemsTest(DBTestCase):
    def setUp(self):
        super(FilteringRestrictedItemsTest, self).setUp()
        
        # without explicit re-registration of the default policy unit tests 
        # failed when running 'python setup.py test'
        self._register_default_policy()
        # get rid of default media
        Media.query.delete()
        self.private_media = Media.example(slug=u'private')
        self.public_media = Media.example(slug=u'public')
        self.permission_system = MediaCorePermissionSystem(self.pylons_config)
        self.media_query = Media.query
        user = self._create_user_without_groups()
        self.perm = UserPermissions(user, self.permission_system)
    
    def _register_default_policy(self):
        PermissionPolicies.register(GroupBasedPermissionsPolicy)
    
    def _create_user_without_groups(self):
        user = User()
        user.user_name = u'joe'
        user.email_address = u'*****@*****.**'
        user.display_name = u'Joe'
        user.groups = []
        DBSession.add(user)
        DBSession.flush()
        return user
    
    # --- tests ---------------------------------------------------------------
    def test_can_use_policies_to_return_only_accessible_items(self):
        assert_equals(2, self.media_query.count())
        fake_policy = self._fake_view_policy(lambda media: (u'public' in media.slug))
        self.permission_system.policies = [fake_policy]
        
        results = self._media_query_results(u'view')
        assert_equals(1, results.count())
        assert_equals(self.public_media, list(results)[0])
    
    # --- tests with access filtering -----------------------------------------
    def test_can_add_filter_criteria_to_base_query(self):
        self.permission_system.policies = [
            self._fake_view_policy_with_query_conditions()
        ]
        results = self._media_query_results(u'view')
        assert_equals(1, results.count())
        assert_equals(self.private_media, list(results)[0])
        
        assert_equals(0, self._media_query_results(u'unknown').count())
    
    def test_only_adds_filter_criteria_to_query_if_all_policies_agree(self):
        self.permission_system.policies = [
            self._fake_view_policy_with_query_conditions(),
            self._fake_view_policy(lambda media: (u'public' in media.slug))
        ]
        results = self._media_query_results(u'view')
        assert_equals(1, results.count())
        assert_equals(self.public_media, list(results)[0])
    
    def test_policies_can_return_true_as_a_shortcut_to_prevent_further_result_filtering(self):
        class FakePolicy(IPermissionPolicy):
            permissions = (u'view', )
            
            def can_apply_access_restrictions_to_query(self, query, permission):
                return True
            
            def access_condition_for_query(self, query, permission, perm):
                return True
        self.permission_system.policies = [FakePolicy()]
        
        results = self._media_query_results(u'view')
        assert_equals(2, results.count())
    
    def test_policies_can_return_false_to_suppress_all_items(self):
        class FakePolicy(IPermissionPolicy):
            permissions = (u'view', )
            
            def can_apply_access_restrictions_to_query(self, query, permission):
                return True
            
            def access_condition_for_query(self, query, permission, perm):
                return False
        self.permission_system.policies = [FakePolicy()]
        
        results = self._media_query_results(u'view')
        assert_equals(0, results.count())
    
    def test_policies_can_return_none_as_access_condition(self):
        class FakePolicy(IPermissionPolicy):
            permissions = (u'view', )
            
            def can_apply_access_restrictions_to_query(self, query, permission):
                return True
            
            def access_condition_for_query(self, query, permission, perm):
                return None
        
        self.permission_system.policies = [FakePolicy()]
        results = self._media_query_results(u'view')
        assert_equals(0, results.count())
        
        self.permission_system.policies = [
            FakePolicy(), 
            self._fake_view_policy_with_query_conditions()
        ]
        results = self._media_query_results(u'view')
        assert_equals(1, results.count())
    
    def test_policies_can_return_query_and_condition(self):
        test_self = self
        class FakePolicy(IPermissionPolicy):
            permissions = (u'view', )
            
            def can_apply_access_restrictions_to_query(self, query, permission):
                return True
            
            def access_condition_for_query(self, query, permission, perm):
                query = query.filter(Media.id == test_self.private_media.id)
                return None, query
        self.permission_system.policies = [FakePolicy()]
        
        results = self._media_query_results(u'view')
        assert_equals(1, results.count())
        assert_equals(self.private_media, results.first())
    
    # --- helpers -------------------------------------------------------------
    
    def _media_query_results(self, permission):
        return self.permission_system.filter_restricted_items(self.media_query, permission, self.perm)
    
    def _fake_view_policy(self, condition):
        class FakeViewPolicy(IPermissionPolicy):
            permissions = (u'view', )
            
            def permits(self, permission, user_permissions, resource):
                media = resource.data['media']
                return condition(media)
        return FakeViewPolicy()
    
    def _fake_view_policy_with_query_conditions(self):
        test_self = self
        class FakePolicy(IPermissionPolicy):
            permissions = (u'view', )
            
            def permits(self, permission, user_permissions, resource):
                return (resource.data['media'].id == test_self.public_media.id)
            
            def can_apply_access_restrictions_to_query(self, query, permission):
                return True
            
            def access_condition_for_query(self, query, permission, perm):
                return (Media.id == test_self.private_media.id)
        return FakePolicy()
    def perm(self):
        system = MediaCorePermissionSystem(self.pylons_config)
        system.policies = [self.policy]

        user = DBSession.query(User).filter(User.user_name == u'admin').one()
        return UserPermissions(user, system)
 def perm(self):
     system = MediaCorePermissionSystem(self.pylons_config)
     system.policies = [self.policy]
     
     user = DBSession.query(User).filter(User.user_name == u'admin').one()
     return UserPermissions(user, system)