def test_adding_a_task_for_bob_doesnt_add_it_for_alice(self):
record = MINIMALIST_RECORD.copy()
resp = self.app.post_json(self.collection_url + '/records',
record, headers=get_user_headers('bob'))
record_id = self.collection_url + '/records/' + resp.json['data']['id']
resp = self.app.get(record_id, headers=get_user_headers('alice'),
status=404)
def __init__(self, *args, **kwargs):
super(BaseWebTest, self).__init__(*args, **kwargs)
self.app = self.make_app()
self.headers = {
'Content-Type': 'application/json',
}
self.headers.update(get_user_headers('mat'))
def setUp(self):
self.alice_headers = get_user_headers("alice:")
self.julia_headers = get_user_headers("julia:")
self.mike_headers = get_user_headers("mike:")
self.alice_principal = "basicauth:845a151f1fbb0063738943a4531f8b7ef521fa488ed5ac7d077aa7ee1f349ef7" # NOQA
self.julia_principal = "basicauth:2f5fcddb299319097b9ae72f609d071d99aaf46ef9c3bc82bcc0212d14e35c4f" # NOQA
self.mike_principal = "basicauth:b3c35f5b528685cbd68b084a3aa3404f81c06e3d068000c2a109150356e45241" # NOQA
bucket = {"permissions": {"read": [self.alice_principal]}}
collection = {"permissions": {"read": [self.julia_principal]}}
record = {"permissions": {"write": [self.mike_principal, self.alice_principal]}}
self.app.put("/buckets/author-only", headers=self.headers)
self.app.put_json("/buckets/test", bucket, headers=self.headers)
self.app.put_json("/buckets/test/groups/admins", {"data": {"members": []}}, headers=self.headers)
self.app.put_json("/buckets/test/collections/alice-julia", collection, headers=self.headers)
self.app.put_json("/buckets/test/collections/author-only", headers=self.headers)
self.app.post_json("/buckets/test/collections/alice-julia/records", record, headers=self.headers)
self.app.post_json(
"/buckets/test/collections/alice-julia/records",
{"permissions": {"read": ["system.Authenticated"]}},
headers=self.headers,
)
def test_publicly_readable_record_allows_any_authenticated(self):
resp = self.app.get("/buckets/test/history", headers=get_user_headers("jack:"))
entries = resp.json["data"]
assert len(entries) == 1
assert "system.Authenticated" in entries[0]["target"]["permissions"]["read"]
assert entries[0]["resource_name"] == "record"
def test_read_permission_can_be_given_to_anybody_via_settings(self):
with mock.patch.dict(self.app.app.registry.settings, [("history_read_principals", "system.Everyone")]):
resp = self.app.get("/buckets/test/history", headers=get_user_headers("tartan:pion"))
entries = resp.json["data"]
assert len(entries) == 6 # everything.
