def test_registerView_with_permission_denying2(self): from pyramid import testing from pyramid.security import view_execution_permitted def view(context, request): """ """ view = testing.registerView('moo.html', view=view, permission='bar') testing.registerDummySecurityPolicy(permissive=False) import types self.failUnless(isinstance(view, types.FunctionType)) result = view_execution_permitted(None, None, 'moo.html') self.assertEqual(result, False)
def test_registerView_with_permission_denying2(self): from pyramid import testing from pyramid.security import view_execution_permitted def view(context, request): """ """ view = testing.registerView('moo.html', view=view, permission='bar') testing.registerDummySecurityPolicy(permissive=False) import types self.assertTrue(isinstance(view, types.FunctionType)) result = view_execution_permitted(None, None, 'moo.html') self.assertEqual(result, False)
def test_registerDummySecurityPolicy(self): from pyramid import testing testing.registerDummySecurityPolicy('user', ('group1', 'group2'), permissive=False) from pyramid.interfaces import IAuthenticationPolicy from pyramid.interfaces import IAuthorizationPolicy ut = self.registry.getUtility(IAuthenticationPolicy) from pyramid.testing import DummySecurityPolicy self.failUnless(isinstance(ut, DummySecurityPolicy)) ut = self.registry.getUtility(IAuthorizationPolicy) self.assertEqual(ut.userid, 'user') self.assertEqual(ut.groupids, ('group1', 'group2')) self.assertEqual(ut.permissive, False)
def test_invalid_noprofile(self): from pyramid.exceptions import Forbidden testing.registerDummySecurityPolicy(userid='testuser') context = testing.DummyModel() context['profiles'] = testing.DummyModel() request = testing.DummyRequest( params={'external_url': 'http://example.com'}) try: response = self._callFUT(context, request) except Forbidden, exception: self.assertEqual(str(exception), 'No profile found for user testuser')
def test_registerView_with_permission_allowing(self): from pyramid import testing def view(context, request): from webob import Response return Response('123') view = testing.registerView('moo.html', view=view, permission='bar') testing.registerDummySecurityPolicy(permissive=True) import types self.failUnless(isinstance(view, types.FunctionType)) from pyramid.view import render_view_to_response request = DummyRequest() request.registry = self.registry result = render_view_to_response(None, request, 'moo.html') self.assertEqual(result.app_iter, ['123'])
def test_registerView_with_permission_denying(self): from pyramid import testing from pyramid.exceptions import Forbidden def view(context, request): """ """ view = testing.registerView('moo.html', view=view, permission='bar') testing.registerDummySecurityPolicy(permissive=False) import types self.failUnless(isinstance(view, types.FunctionType)) from pyramid.view import render_view_to_response request = DummyRequest() request.registry = self.registry self.assertRaises(Forbidden, render_view_to_response, None, request, 'moo.html')
def test_registerView_with_permission_allowing(self): from pyramid import testing def view(context, request): from webob import Response return Response('123') view = testing.registerView('moo.html', view=view, permission='bar') testing.registerDummySecurityPolicy(permissive=True) import types self.assertTrue(isinstance(view, types.FunctionType)) from pyramid.view import render_view_to_response request = DummyRequest() request.registry = self.registry result = render_view_to_response(None, request, 'moo.html') self.assertEqual(result.app_iter, ['123'])
def test_registerView_with_permission_denying(self): from pyramid import testing from pyramid.exceptions import Forbidden def view(context, request): """ """ view = testing.registerView('moo.html', view=view, permission='bar') testing.registerDummySecurityPolicy(permissive=False) import types self.assertTrue(isinstance(view, types.FunctionType)) from pyramid.view import render_view_to_response request = DummyRequest() request.registry = self.registry self.assertRaises(Forbidden, render_view_to_response, None, request, 'moo.html')
def test_valid_no_get_args(self): testing.registerDummySecurityPolicy(userid='testuser') context = testing.DummyModel() context['profiles'] = testing.DummyModel() profile = testing.DummyModel() profile.firstname = 'Firstname' profile.lastname = 'Lastname' profile.email = '*****@*****.**' context['profiles']['testuser'] = profile request = testing.DummyRequest( params={'external_url': 'http://example.com'}) response = self._callFUT(context, request) location_parts = response.location.split('?') self.assertEqual(location_parts[0], 'http://example.com') self.assertEqual(location_parts[1][:27], 'karl_authentication_ticket=') self.assertEqual(len(location_parts[1][27:]), 32)
def test_it_with_nondefault_permission(self): from pyramid import testing from pyramid.exceptions import Forbidden testing.registerDummySecurityPolicy(permissive=False) from pyramid.threadlocal import get_current_registry from zope.interface import implementedBy from pyramid.static import StaticURLInfo from pyramid.interfaces import IView from pyramid.interfaces import IViewClassifier from pyramid.interfaces import IRouteRequest from pyramid.interfaces import IRoutesMapper context = DummyContext() self._callFUT(context, 'name', 'fixtures/static', permission='aperm') actions = context.actions self.assertEqual(len(actions), 2) reg = get_current_registry() route_action = actions[0] discriminator = route_action['discriminator'] self.assertEqual(discriminator, ('static', 'name')) route_action['callable'](*route_action['args'], **route_action['kw']) mapper = reg.getUtility(IRoutesMapper) routes = mapper.get_routes() self.assertEqual(len(routes), 1) self.assertEqual(routes[0].pattern, 'name/*subpath') self.assertEqual(routes[0].name, 'name/') view_action = actions[1] discriminator = view_action['discriminator'] self.assertEqual(discriminator[:3], ('view', StaticURLInfo, '')) self.assertEqual(discriminator[4], IView) iface = implementedBy(StaticURLInfo) request_type = reg.getUtility(IRouteRequest, 'name/') view = reg.adapters.lookup( (IViewClassifier, request_type, iface), IView, name='') request = DummyRequest() self.assertRaises(Forbidden, view, None, request)
def test_it_with_slash(self): from pyramid import testing testing.registerDummySecurityPolicy(permissive=False) from pyramid.static import PackageURLParser from zope.interface import implementedBy from pyramid.static import StaticURLInfo from pyramid.interfaces import IView from pyramid.interfaces import IViewClassifier from pyramid.interfaces import IRouteRequest from pyramid.interfaces import IRoutesMapper reg = self.config.registry context = DummyContext() context.registry = reg self._callFUT(context, 'name', 'fixtures/static') actions = context.actions self.assertEqual(len(actions), 2) route_action = actions[0] discriminator = route_action['discriminator'] self.assertEqual(discriminator, ('static', 'name')) route_action['callable'](*route_action['args'], **route_action['kw']) mapper = reg.getUtility(IRoutesMapper) routes = mapper.get_routes() self.assertEqual(len(routes), 1) self.assertEqual(routes[0].pattern, 'name/*subpath') self.assertEqual(routes[0].name, 'name/') view_action = actions[1] discriminator = view_action['discriminator'] self.assertEqual(discriminator[:3], ('view', StaticURLInfo, '')) self.assertEqual(discriminator[4], IView) iface = implementedBy(StaticURLInfo) request_type = reg.getUtility(IRouteRequest, 'name/') view = reg.adapters.lookup( (IViewClassifier, request_type, iface), IView, name='') request = DummyRequest() self.assertEqual(view(None, request).__class__, PackageURLParser)