示例#1
0
    def test_pickle(self):
        """ __getstate__(), __setstate__() """
        acl = miracle.Acl()
        acl.grant('root',   '/admin',   'enter')
        acl.grant('user',   '/user',   'show')
        acl.grant('author',   '/article',   'post')

        self.assertDictEqual(acl.__getstate__(), {
            'roles': {'root','user','author'},
            'struct': {
                '/admin': {'enter'},
                '/user': {'show'},
                '/article': {'post'}
            },
            'grants': {
                'root': { '/admin': {'enter'} },
                'user': { '/user': {'show'} },
                'author': { '/article': {'post'} }
            }
        })

        acl2 = miracle.Acl()
        acl2.__setstate__(acl.__getstate__())

        self.assertDictEqual(
            acl .__getstate__(),
            acl2.__getstate__(),
        )
示例#2
0
    def test_permissions(self):
        """ add_permission(), list_permissions(), del_permission() """
        acl = miracle.Acl()

        # Add permissions
        acl.add_permission('user', 'create') # silently creates a resource
        acl.add_permission('user', 'create') # does not replace or fail
        acl.add_permission('user', 'read')
        acl.add_permission('user', 'write')
        acl.add_permission('post', 'read')
        acl.add_permission('post', 'create')
        acl.add_permission('log', 'delete')

        # Test resources
        self.assertSetEqual(acl.get_resources(), {'user', 'post', 'log'})

        # Test permissions on resources
        self.assertSetEqual(acl.get_permissions('404'), set()) # empty ok
        self.assertSetEqual(acl.get_permissions('user'), {'create','read','write'})
        self.assertSetEqual(acl.get_permissions('post'), {'read', 'create'})
        self.assertSetEqual(acl.get_permissions('log'), {'delete'})

        # Del permissions
        acl.del_permission('user', 'write')
        acl.del_permission('post', 'create')
        acl.del_permission('post', 'create') # does not fail

        # Test resources
        self.assertSetEqual(acl.get_resources(), {'user', 'post', 'log'})

        # Test permissions on resources
        self.assertSetEqual(acl.get_permissions('404'), set())
        self.assertSetEqual(acl.get_permissions('user'), {'create', 'read'})
        self.assertSetEqual(acl.get_permissions('post'), {'read'})
        self.assertSetEqual(acl.get_permissions('log'), {'delete'})
示例#3
0
    def test_del(self):
        """ del_*() does not remove grants """
        acl = miracle.Acl()
        acl.grants({
            'root': {
                'a': ['anything'],
                'b': ['everything']
            },
            'admin': {
                'b': ['something'],
            },
            'nobody': {
                'a': {'nothing'},
                'c': {'nothing'}
            }
        })

        acl.del_permission('a', 'anything')
        acl.del_role('root')
        acl.del_resource('c')

        self.assertDictEqual(acl.show(), {
            'admin': {
                'b': {'something'},
            },
            'nobody': {
                'a': {'nothing'}
            }
        })
示例#4
0
    def test_grant(self):
        """ grant(), grants(), revoke(), revoke_all(), show() """
        acl = miracle.Acl()
        acl.grant('root', '/admin', 'enter')
        acl.grant('root', '/admin', 'enter') # dupe
        acl.grant('root', '/article', 'edit')
        acl.grants({
            'user': {
                '/article': ['view'],
                '/admin': ['kill']
            }
        })
        acl.revoke('user', '/admin', 'kill')
        acl.revoke('user', '/admin', 'kill') # dupe

        # Structure
        self.assertSetEqual(acl.get_roles(), {'root', 'user'})
        self.assertDictEqual( acl.get(), {
            '/admin': {'enter','kill'}, # 'kill' remains, though revoked
            '/article': {'view','edit'}
        })

        # Grants
        self.assertDictEqual(acl.show(), {
            'root': {
                '/admin': {'enter'},
                '/article': {'edit'}
            },
            'user': {
                '/article':{'view'}
            }
        })

        # revoke_all()
        acl.revoke_all('root', '/article')
        self.assertDictEqual(acl.show(), {
            'root': {
                '/admin': {'enter'}
            },
            'user': {
                '/article':{'view'}
            }
        })

        acl.revoke_all('root')
        self.assertDictEqual(acl.show(), {
            'user': {
                '/article':{'view'}
            }
        })
示例#5
0
    def test_structure(self):
        """ add(), list() """
        acl = miracle.Acl()

        # Add
        acl.add({
            '/article': {'create','edit'},
            '/profile': ['edit'],
        })
        acl.add({
            '/article': ['vote'],
        })

        # list()
        self.assertDictEqual(
            acl.get(),
            {
                '/article': {'create','edit','vote'},
                '/profile': {'edit'}
            }
        )

        # lit() must produce a copy
        l = acl.get()
        l['/lol'] = 'a'
        l['/article'].add('lol')

        # Test: should not be modified
        self.assertDictEqual(
            acl.get(),
            {
                '/article': {'create', 'edit', 'vote'},
                '/profile': {'edit'}
            }
        )

        # Test resources
        self.assertSetEqual(acl.get_resources(), {'/article', '/profile'})

        # Test permissions on resources
        self.assertSetEqual(acl.get_permissions('/article'), {'create', 'edit', 'vote'}) # empty ok
        self.assertSetEqual(acl.get_permissions('/profile'), {'edit'}) # empty ok
示例#6
0
    def test_resources(self):
        """ add_resource(), list_resource(), del_resource() """
        acl = miracle.Acl()

        # Add resources
        acl.add_resource('user')
        acl.add_resource('page')
        acl.add_resource('page') # does not replace or fail
        acl.add_resource('news')
        acl.add_resource('blog')

        # Test resources
        self.assertSetEqual(acl.get_resources(), {'user', 'page', 'news', 'blog'})

        # Delete resources
        acl.del_resource('news')
        acl.del_resource('news') # does not fail
        acl.del_resource('blog')

        # Test resources
        self.assertSetEqual(acl.get_resources(), {'user', 'page'})
示例#7
0
    def test_roles(self):
        """ add_role(), add_roles(), list_roles(), del_role() """
        acl = miracle.Acl()

        # Add roles
        acl.add_role('root')
        acl.add_role('superadmin')
        acl.add_role('superadmin') # does not replace or fail
        acl.add_role('user')
        acl.add_role('poweruser')
        acl.add_roles(['n00b', 'poweruser'])

        # Test roles
        self.assertSetEqual(acl.get_roles(), {'root','superadmin','user','poweruser','n00b'})

        # Del roles
        acl.del_role('poweruser')
        acl.del_role('poweruser') # does not fail
        acl.del_role('n00b')

        # Test roles
        self.assertSetEqual(acl.get_roles(), {'root','superadmin','user'})
示例#8
0
    def test_check(self):
        """ check(), check_any(), check_all() ; which(), which_any(), which_all() """
        acl = miracle.Acl()
        acl.grant('root',   '/admin',   'enter')
        acl.grant('admin',  '/admin',   'enter')
        acl.grant('root',   '/user',    'edit')
        acl.grant('root',   '/user',    'delete')
        acl.grant('root',   '/user',    'show')
        acl.grant('admin',  '/user',    'show')
        acl.grant('admin',  '/user',    'edit')
        acl.grant('user',   '/user',    'show')
        acl.add_role('nobody')

        # which()
        self.assertDictEqual(acl.which('???'), {})
        self.assertDictEqual(acl.which('root'), {
            '/admin': {'enter'},
            '/user': {'show','edit','delete'}
        })
        self.assertDictEqual(acl.which('admin'), {
            '/admin': {'enter'},
            '/user': {'show','edit'}
        })
        self.assertDictEqual(acl.which('user'), {
            '/user': {'show'}
        })
        self.assertDictEqual(acl.which('nobody'), {})

        # which_any()
        self.assertDictEqual(acl.which_any([]), {})
        self.assertDictEqual(acl.which_any(['root', 'user']), acl.which('root'))
        self.assertDictEqual(acl.which_any(['admin', 'user']), acl.which('admin'))
        self.assertDictEqual(acl.which_any(['user']), acl.which('user'))
        self.assertDictEqual(acl.which_any(['user', 'nobody']), acl.which('user'))

        # which_all()
        self.assertDictEqual(acl.which_all([]), {})
        self.assertDictEqual(acl.which_all(['root', 'admin']), acl.which('admin'))
        self.assertDictEqual(acl.which_all(['admin', 'user']), acl.which('user'))
        self.assertDictEqual(acl.which_all(['root', 'nobody']), acl.which('nobody'))
        self.assertDictEqual(acl.which_all(['user', 'root', 'nobody']), acl.which('nobody'))

        # which_permissions()
        self.assertEqual(acl.which_permissions('???', '/admin'), set())
        self.assertEqual(acl.which_permissions('root', '/???'), set())
        self.assertEqual(acl.which_permissions('root', '/admin'), {'enter'})
        self.assertEqual(acl.which_permissions('root', '/user'), {'edit', 'delete', 'show'})
        self.assertEqual(acl.which_permissions('user', '/user'), {'show'})

        # which_permissions_any()
        self.assertEqual(acl.which_permissions_any([], '/admin'), {})
        self.assertEqual(acl.which_permissions_any(['root', 'user'], '/user'), acl.which_permissions('root', '/user'))
        self.assertEqual(acl.which_permissions_any(['admin', 'user'], '/user'), acl.which_permissions('admin', '/user'))
        self.assertEqual(acl.which_permissions_any(['user'], '/user'), acl.which_permissions('user', '/user'))
        self.assertEqual(acl.which_permissions_any(['user', 'nobody'], '/user'), acl.which_permissions('user', '/user'))

        # which_permissions_all()
        self.assertEqual(acl.which_permissions_all([], '/admin'), {})
        self.assertEqual(acl.which_permissions_all(['root', 'user'], '/user'), acl.which_permissions('user', '/user'))
        self.assertEqual(acl.which_permissions_all(['admin', 'user'], '/user'), acl.which_permissions('user', '/user'))
        self.assertEqual(acl.which_permissions_all(['user'], '/user'), acl.which_permissions('user', '/user'))
        self.assertEqual(acl.which_permissions_all(['user', 'nobody'], '/user'), acl.which_permissions('nobody', '/user'))

        # check()
        self.assertTrue(acl.check('root', '/admin', 'enter'))
        self.assertFalse(acl.check('???', '/admin', 'enter')) # unknown role
        self.assertFalse(acl.check('root', '/???', 'enter')) # unknown resource
        self.assertFalse(acl.check('root', '/admin', '???')) # unknown permission
        self.assertTrue(acl.check('user', '/user', 'show'))

        # check_any()
        self.assertFalse(acl.check_any([], '/user', 'show'))
        self.assertTrue(acl.check_any(['root'], '/user', 'show'))
        self.assertTrue(acl.check_any(['root','user'], '/user', 'show'))
        self.assertTrue(acl.check_any(['root','user'], '/admin', 'enter'))
        self.assertTrue(acl.check_any(['root','user'], '/user', 'delete'))
        self.assertFalse(acl.check_any(['admin','user'], '/user', 'delete'))

        # check_all()
        self.assertFalse(acl.check_all([], '/user', 'show'))
        self.assertTrue(acl.check_all(['root','user'], '/user', 'show'))
        self.assertFalse(acl.check_all(['root','user'], '/admin', 'enter'))
        self.assertFalse(acl.check_all(['root','user'], '/user', 'delete'))
        self.assertFalse(acl.check_all(['root','user'], '/user', 'delete'))
        self.assertFalse(acl.check_all(['root','admin'], '/user', 'delete'))
        self.assertTrue(acl.check_all(['root','admin'], '/user', 'edit'))