def test_grant_role_as_manager(self):
"""Test setting a role (as a Manager).
"""
self.layer.login('manager')
access = IAuthorizationManager(self.root.folder)
authorization = access.get_authorization('reader')
self.assertEqual(authorization.role, 'Reader')
# The user already have role, reader, so this does nothing
with assertNotTriggersEvents('SecurityRoleAddedEvent'):
self.assertEqual(authorization.grant('Reader'), False)
self.assertEqual(authorization.local_role, None)
# The user doesn't have that role so it is set
with assertTriggersEvents('SecurityRoleAddedEvent'):
self.assertEqual(authorization.grant('Manager'), True)
self.assertEqual(authorization.local_role, 'Manager')
# Now the user is editor
self.assertEqual(authorization.role, 'Manager')
# A new query returns the same results
authorization = access.get_authorization('reader')
self.assertEqual(authorization.local_role, 'Manager')
self.assertEqual(authorization.role, 'Manager')
def test_revoke_as_chiefeditor(self):
"""Revoke a local role as a chiefeditor (of an editor).
"""
self.layer.login('chiefeditor')
access = IAuthorizationManager(self.root)
authorization = access.get_authorization('reader')
self.assertEqual(authorization.local_role, 'Editor')
self.assertEqual(authorization.acquired_role, 'Reader')
self.assertEqual(authorization.role, 'Editor')
# We revoke the role
with assertTriggersEvents('SecurityRoleRemovedEvent'):
self.assertEqual(authorization.revoke(), True)
# It is gone
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.acquired_role, 'Reader')
self.assertEqual(authorization.role, 'Reader')
# Even on a new query
authorization = access.get_authorization('reader')
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.acquired_role, 'Reader')
self.assertEqual(authorization.role, 'Reader')
def test_grant_role_as_manager(self):
"""Test setting a role (as a Manager).
"""
self.layer.login('manager')
access = IAuthorizationManager(self.root.folder)
authorization = access.get_authorization('reader')
self.assertEqual(authorization.role, 'Reader')
# The user already have role, reader, so this does nothing
with assertNotTriggersEvents('SecurityRoleAddedEvent'):
self.assertEqual(authorization.grant('Reader'), False)
self.assertEqual(authorization.local_role, None)
# The user doesn't have that role so it is set
with assertTriggersEvents('SecurityRoleAddedEvent'):
self.assertEqual(authorization.grant('Manager'), True)
self.assertEqual(authorization.local_role, 'Manager')
# Now the user is editor
self.assertEqual(authorization.role, 'Manager')
# A new query returns the same results
authorization = access.get_authorization('reader')
self.assertEqual(authorization.local_role, 'Manager')
self.assertEqual(authorization.role, 'Manager')
def test_revoke_as_chiefeditor(self):
"""Revoke a local role as a chiefeditor (of an editor).
"""
self.layer.login('chiefeditor')
access = IAuthorizationManager(self.root)
authorization = access.get_authorization('reader')
self.assertEqual(authorization.local_role, 'Editor')
self.assertEqual(authorization.acquired_role, 'Reader')
self.assertEqual(authorization.role, 'Editor')
# We revoke the role
with assertTriggersEvents('SecurityRoleRemovedEvent'):
self.assertEqual(authorization.revoke(), True)
# It is gone
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.acquired_role, 'Reader')
self.assertEqual(authorization.role, 'Reader')
# Even on a new query
authorization = access.get_authorization('reader')
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.acquired_role, 'Reader')
self.assertEqual(authorization.role, 'Reader')
def getItems(self):
user_ids = self.store.get(USER_STORE_KEY, set())
if user_ids:
access = IAuthorizationManager(self.context)
authorizations = access.get_authorizations(user_ids).items()
authorizations.sort(key=operator.itemgetter(0))
return filter(lambda auth: auth.type == 'user',
map(operator.itemgetter(1), authorizations))
return []
def test_revoke_no_role(self):
"""Revoke local role when there is no local role.
"""
access = IAuthorizationManager(self.folder)
authorization = access.get_authorization('viewer')
self.assertEqual(authorization.local_role, None)
with assertNotTriggersEvents('SecurityRoleRemovedEvent'):
self.assertEqual(authorization.revoke(), False)
self.assertEqual(authorization.local_role, None)
def test_authorization_email_user(self):
""" Test email property on authorization object.
"""
member_service = component.getUtility(IMemberService)
member = member_service.get_member('viewer')
member.set_email('*****@*****.**')
access = IAuthorizationManager(self.root.folder)
authorization = access.get_authorization('viewer')
self.assertEqual('*****@*****.**', authorization.email)
authorization = access.get_authorization('reader')
self.assertEqual(None, authorization.email)
def test_authorization_email_user(self):
""" Test email property on authorization object.
"""
member_service = component.getUtility(IMemberService)
member = member_service.get_member('viewer')
member.set_email('*****@*****.**')
access = IAuthorizationManager(self.root.folder)
authorization = access.get_authorization('viewer')
self.assertEqual('*****@*****.**', authorization.email)
authorization = access.get_authorization('reader')
self.assertEqual(None, authorization.email)
def test_revoke_no_role(self):
"""Revoke local role when there is no local role.
"""
access = IAuthorizationManager(self.folder)
authorization = access.get_authorization('viewer')
self.assertEqual(authorization.local_role, None)
with assertNotTriggersEvents('SecurityRoleRemovedEvent'):
self.assertEqual(authorization.revoke(), False)
self.assertEqual(authorization.local_role, None)
def test_get_defined_authorizations_dont_acquire(self):
"""Retrieve current all current authorizations without acquiring.
"""
access = IAuthorizationManager(self.folder)
authorizations = access.get_defined_authorizations(dont_acquire=True)
self.assertEqual(len(authorizations), 1)
self.assertTrue('reader' in list(authorizations.keys()))
authorization = authorizations['reader']
self.assertEqual(authorization.local_role, 'Manager')
self.assertEqual(authorization.acquired_role, None)
self.assertEqual(authorization.role, 'Manager')
def test_user_no_default_role(self):
"""Lookup a user that doesn't have a default role.
"""
access = IAuthorizationManager(self.root.folder)
self.assertEqual(access.get_user_role('dummy'), None)
authorization = access.get_authorization('dummy')
self.assertTrue(verifyObject(IAuthorization, authorization))
self.assertEqual(authorization.identifier, 'dummy')
self.assertEqual(authorization.type, 'user')
self.assertEqual(authorization.role, None)
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.acquired_role, None)
def test_user_no_default_role(self):
"""Lookup a user that doesn't have a default role.
"""
access = IAuthorizationManager(self.root.folder)
self.assertEqual(access.get_user_role('dummy'), None)
authorization = access.get_authorization('dummy')
self.assertTrue(verifyObject(IAuthorization, authorization))
self.assertEqual(authorization.identifier, 'dummy')
self.assertEqual(authorization.type, 'user')
self.assertEqual(authorization.role, None)
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.acquired_role, None)
def test_get_defined_authorizations_dont_acquire(self):
"""Retrieve current all current authorizations without acquiring.
"""
access = IAuthorizationManager(self.folder)
authorizations = access.get_defined_authorizations(dont_acquire=True)
self.assertEqual(len(authorizations), 1)
self.assertTrue('reader' in authorizations.keys())
authorization = authorizations['reader']
self.assertEqual(authorization.local_role, 'Manager')
self.assertEqual(authorization.acquired_role, None)
self.assertEqual(authorization.role, 'Manager')
def __init__(self, context):
super(UserList, self).__init__(context)
access = IAuthorizationManager(context)
self.roles = set()
self.users = []
self.users_roles = []
accesses = access.get_defined_authorizations(dont_acquire=True)
for user_id, authorization in accesses.iteritems():
role = authorization.local_role
self.users.append(user_id)
self.users_roles.append((user_id, role,))
self.roles.add(role)
def test_get_authorization_dont_acquire(self):
"""Retrieve a user authorization that have some acquired roles.
"""
access = IAuthorizationManager(self.folder)
authorization = access.get_authorization('reader', dont_acquire=True)
self.assertEqual(authorization.local_role, 'Manager')
self.assertEqual(authorization.acquired_role, None)
self.assertEqual(authorization.role, 'Manager')
authorization = access.get_authorization('viewer', dont_acquire=True)
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.acquired_role, None)
self.assertEqual(authorization.role, None)
def test_get_authorization_dont_acquire(self):
"""Retrieve a user authorization that have some acquired roles.
"""
access = IAuthorizationManager(self.folder)
authorization = access.get_authorization(
'reader', dont_acquire=True)
self.assertEqual(authorization.local_role, 'Manager')
self.assertEqual(authorization.acquired_role, None)
self.assertEqual(authorization.role, 'Manager')
authorization = access.get_authorization(
'viewer', dont_acquire=True)
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.acquired_role, None)
self.assertEqual(authorization.role, None)
def test_user_lookup(self):
"""Lookup information about one specific user.
"""
for user_id in ['viewer', 'reader', 'author', 'editor', 'manager']:
# Test users have the same login than their role (in lower case).
access = IAuthorizationManager(self.root.folder)
self.assertEqual(access.get_user_role(user_id).lower(), user_id)
authorization = access.get_authorization(user_id)
self.assertTrue(verifyObject(IAuthorization, authorization))
self.assertEqual(authorization.identifier, user_id)
self.assertEqual(authorization.role.lower(), user_id)
# By default users don't have a local here. Their role is
# acquired.
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.acquired_role.lower(), user_id)
def test_revoke_as_nobody(self):
"""Revoke local roles as nobody.
"""
self.layer.login('dummy')
access = IAuthorizationManager(self.root)
# We don't have the right to revoke that role
authorization = access.get_authorization('reader')
with assertNotTriggersEvents('SecurityRoleRemovedEvent'):
with self.assertRaises(UnauthorizedRoleAssignement):
authorization.revoke()
# We don't have the right to revoke that role
authorization = access.get_authorization('viewer')
with assertNotTriggersEvents('SecurityRoleRemovedEvent'):
with self.assertRaises(UnauthorizedRoleAssignement):
authorization.revoke()
def test_user_lookup(self):
"""Lookup information about one specific user.
"""
for user_id in ['viewer', 'reader', 'author', 'editor', 'manager']:
# Test users have the same login than their role (in lower case).
access = IAuthorizationManager(self.root.folder)
self.assertEqual(
access.get_user_role(user_id).lower(), user_id)
authorization = access.get_authorization(user_id)
self.assertTrue(verifyObject(IAuthorization, authorization))
self.assertEqual(authorization.identifier, user_id)
self.assertEqual(authorization.role.lower(), user_id)
# By default users don't have a local here. Their role is
# acquired.
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.acquired_role.lower(), user_id)
def test_revoke_as_nobody(self):
"""Revoke local roles as nobody.
"""
self.layer.login('dummy')
access = IAuthorizationManager(self.root)
# We don't have the right to revoke that role
authorization = access.get_authorization('reader')
with assertNotTriggersEvents('SecurityRoleRemovedEvent'):
with self.assertRaises(UnauthorizedRoleAssignement):
authorization.revoke()
# We don't have the right to revoke that role
authorization = access.get_authorization('viewer')
with assertNotTriggersEvents('SecurityRoleRemovedEvent'):
with self.assertRaises(UnauthorizedRoleAssignement):
authorization.revoke()
def test_get_defined_authorizations(self):
"""Retrieve all current authorization, trying to acquire.
"""
access = IAuthorizationManager(self.folder)
authorizations = access.get_defined_authorizations()
self.assertEqual(len(authorizations), 2)
self.assertTrue('viewer' in authorizations.keys())
self.assertTrue('reader' in authorizations.keys())
authorization = authorizations['viewer']
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.acquired_role, 'ChiefEditor')
self.assertEqual(authorization.role, 'ChiefEditor')
authorization = authorizations['reader']
self.assertEqual(authorization.local_role, 'Manager')
self.assertEqual(authorization.acquired_role, 'Editor')
self.assertEqual(authorization.role, 'Manager')
def test_get_defined_authorizations(self):
"""Retrieve all current authorization, trying to acquire.
"""
access = IAuthorizationManager(self.folder)
authorizations = access.get_defined_authorizations()
self.assertEqual(len(authorizations), 2)
self.assertTrue('viewer' in list(authorizations.keys()))
self.assertTrue('reader' in list(authorizations.keys()))
authorization = authorizations['viewer']
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.acquired_role, 'ChiefEditor')
self.assertEqual(authorization.role, 'ChiefEditor')
authorization = authorizations['reader']
self.assertEqual(authorization.local_role, 'Manager')
self.assertEqual(authorization.acquired_role, 'Editor')
self.assertEqual(authorization.role, 'Manager')
def test_revoke_own_role_as_chiefeditor(self):
"""Revoke its own local role as chiefeditor.
"""
self.layer.login('viewer')
access = IAuthorizationManager(self.root.publication)
authorization = access.get_authorization('viewer')
self.assertEqual(authorization.local_role, 'ChiefEditor')
self.assertEqual(authorization.acquired_role, 'Reader')
self.assertEqual(authorization.role, 'ChiefEditor')
# We try to revoke the role
with assertNotTriggersEvents('SecurityRoleRemovedEvent'):
with self.assertRaises(UnauthorizedRoleAssignement):
authorization.revoke()
self.assertEqual(authorization.local_role, 'ChiefEditor')
self.assertEqual(authorization.acquired_role, 'Reader')
self.assertEqual(authorization.role, 'ChiefEditor')
def test_revoke_own_role_as_chiefeditor(self):
"""Revoke its own local role as chiefeditor.
"""
self.layer.login('viewer')
access = IAuthorizationManager(self.root.publication)
authorization = access.get_authorization('viewer')
self.assertEqual(authorization.local_role, 'ChiefEditor')
self.assertEqual(authorization.acquired_role, 'Reader')
self.assertEqual(authorization.role, 'ChiefEditor')
# We try to revoke the role
with assertNotTriggersEvents('SecurityRoleRemovedEvent'):
with self.assertRaises(UnauthorizedRoleAssignement):
authorization.revoke()
self.assertEqual(authorization.local_role, 'ChiefEditor')
self.assertEqual(authorization.acquired_role, 'Reader')
self.assertEqual(authorization.role, 'ChiefEditor')
def test_revoke_as_chiefeditor_unauthorized(self):
"""Try to revoke a manager local role as a chiefeditor.
"""
self.layer.login('chiefeditor')
access = IAuthorizationManager(self.folder)
authorization = access.get_authorization('reader')
self.assertEqual(authorization.local_role, 'Manager')
self.assertEqual(authorization.acquired_role, 'Editor')
self.assertEqual(authorization.role, 'Manager')
# We don't have the right to revoke that role
with assertNotTriggersEvents('SecurityRoleRemovedEvent'):
with self.assertRaises(UnauthorizedRoleAssignement):
authorization.revoke()
# So it is not changed
self.assertEqual(authorization.local_role, 'Manager')
self.assertEqual(authorization.acquired_role, 'Editor')
self.assertEqual(authorization.role, 'Manager')
def test_revoke_as_chiefeditor_unauthorized(self):
"""Try to revoke a manager local role as a chiefeditor.
"""
self.layer.login('chiefeditor')
access = IAuthorizationManager(self.folder)
authorization = access.get_authorization('reader')
self.assertEqual(authorization.local_role, 'Manager')
self.assertEqual(authorization.acquired_role, 'Editor')
self.assertEqual(authorization.role, 'Manager')
# We don't have the right to revoke that role
with assertNotTriggersEvents('SecurityRoleRemovedEvent'):
with self.assertRaises(UnauthorizedRoleAssignement):
authorization.revoke()
# So it is not changed
self.assertEqual(authorization.local_role, 'Manager')
self.assertEqual(authorization.acquired_role, 'Editor')
self.assertEqual(authorization.role, 'Manager')
def test_get_users_authorization(self):
"""Test get_authorizations.
"""
access = IAuthorizationManager(self.folder)
authorizations = access.get_authorizations(
['reader', 'viewer', 'editor', 'hacker'])
self.assertEqual(len(authorizations), 3)
self.assertTrue('reader' in authorizations.keys())
self.assertTrue('viewer' in authorizations.keys())
self.assertTrue('editor' in authorizations.keys())
self.assertFalse('manager' in authorizations.keys())
self.assertFalse('hacker' in authorizations.keys())
authorization = authorizations['reader']
self.assertEqual(authorization.local_role, 'Manager')
self.assertEqual(authorization.acquired_role, 'Editor')
self.assertEqual(authorization.role, 'Manager')
authorization = authorizations['editor']
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.acquired_role, 'Editor')
self.assertEqual(authorization.role, 'Editor')
def setUp(self):
self.root = self.layer.get_application()
self.layer.login('manager')
factory = self.root.manage_addProduct['Silva']
factory.manage_addFolder('folder', 'Folder')
factory.manage_addPublication('publication', 'Publication')
factory = self.root.publication.manage_addProduct['Silva']
factory.manage_addFolder('folder', 'Folder')
self.folder = self.root.publication.folder
access = IAuthorizationManager(self.root)
authorization = access.get_authorization('reader')
authorization.grant('Editor')
authorization = access.get_authorization('viewer')
authorization.grant('Reader')
access = IAuthorizationManager(self.root.publication)
authorization = access.get_authorization('viewer')
authorization.grant('ChiefEditor')
access = IAuthorizationManager(self.folder)
authorization = access.get_authorization('reader')
authorization.grant('Manager')
def test_get_users_authorization(self):
"""Test get_authorizations.
"""
access = IAuthorizationManager(self.folder)
authorizations = access.get_authorizations(
['reader', 'viewer', 'editor', 'hacker'])
self.assertEqual(len(authorizations), 3)
self.assertTrue('reader' in list(authorizations.keys()))
self.assertTrue('viewer' in list(authorizations.keys()))
self.assertTrue('editor' in list(authorizations.keys()))
self.assertFalse('manager' in list(authorizations.keys()))
self.assertFalse('hacker' in list(authorizations.keys()))
authorization = authorizations['reader']
self.assertEqual(authorization.local_role, 'Manager')
self.assertEqual(authorization.acquired_role, 'Editor')
self.assertEqual(authorization.role, 'Manager')
authorization = authorizations['editor']
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.acquired_role, 'Editor')
self.assertEqual(authorization.role, 'Editor')
def test_grant_role(self):
"""Test setting a role (as a ChiefEditor).
"""
access = IAuthorizationManager(self.root.folder)
authorization = access.get_authorization('reader')
self.assertEqual(authorization.role, 'Reader')
# We (chiefeditor) don't have Manager, so can't give that role.
with assertNotTriggersEvents('SecurityRoleAddedEvent'):
with self.assertRaises(UnauthorizedRoleAssignement):
authorization.grant('Manager')
# The user already have role, reader, so this does nothing
with assertNotTriggersEvents('SecurityRoleAddedEvent'):
self.assertEqual(authorization.grant('Viewer'), False)
self.assertEqual(authorization.local_role, None)
# The user doesn't have that role so it is set
with assertTriggersEvents('SecurityRoleAddedEvent'):
self.assertEqual(authorization.grant('Editor'), True)
self.assertEqual(authorization.local_role, 'Editor')
# Now the user is editor
self.assertEqual(authorization.role, 'Editor')
def test_grant_role(self):
"""Test setting a role (as a ChiefEditor).
"""
access = IAuthorizationManager(self.root.folder)
authorization = access.get_authorization('reader')
self.assertEqual(authorization.role, 'Reader')
# We (chiefeditor) don't have Manager, so can't give that role.
with assertNotTriggersEvents('SecurityRoleAddedEvent'):
with self.assertRaises(UnauthorizedRoleAssignement):
authorization.grant('Manager')
# The user already have role, reader, so this does nothing
with assertNotTriggersEvents('SecurityRoleAddedEvent'):
self.assertEqual(authorization.grant('Viewer'), False)
self.assertEqual(authorization.local_role, None)
# The user doesn't have that role so it is set
with assertTriggersEvents('SecurityRoleAddedEvent'):
self.assertEqual(authorization.grant('Editor'), True)
self.assertEqual(authorization.local_role, 'Editor')
# Now the user is editor
self.assertEqual(authorization.role, 'Editor')
def test_grant_role_as_nobody(self):
"""Test setting a role while being nobody.
"""
self.layer.login('dummy')
access = IAuthorizationManager(self.root.folder)
authorization = access.get_authorization('reader')
self.assertEqual(authorization.role, 'Reader')
# You don't have the right to do any of those
with assertNotTriggersEvents('SecurityRoleAddedEvent'):
with self.assertRaises(UnauthorizedRoleAssignement):
authorization.grant('Manager')
with self.assertRaises(UnauthorizedRoleAssignement):
authorization.grant('Editor')
with self.assertRaises(UnauthorizedRoleAssignement):
authorization.grant('Author')
# The user already have role, reader, so this does nothing
self.assertEqual(authorization.grant('Viewer'), False)
# Nothing changed
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.role, 'Reader')
def test_grant_role_as_nobody(self):
"""Test setting a role while being nobody.
"""
self.layer.login('dummy')
access = IAuthorizationManager(self.root.folder)
authorization = access.get_authorization('reader')
self.assertEqual(authorization.role, 'Reader')
# You don't have the right to do any of those
with assertNotTriggersEvents('SecurityRoleAddedEvent'):
with self.assertRaises(UnauthorizedRoleAssignement):
authorization.grant('Manager')
with self.assertRaises(UnauthorizedRoleAssignement):
authorization.grant('Editor')
with self.assertRaises(UnauthorizedRoleAssignement):
authorization.grant('Author')
# The user already have role, reader, so this does nothing
self.assertEqual(authorization.grant('Viewer'), False)
# Nothing changed
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.role, 'Reader')
def test_revoke_as_manager(self):
"""Revoke a local role as a manager.
"""
access = IAuthorizationManager(self.folder)
authorization = access.get_authorization('reader')
self.assertEqual(authorization.local_role, 'Manager')
self.assertEqual(authorization.acquired_role, 'Editor')
self.assertEqual(authorization.role, 'Manager')
# We revoke the role
with assertTriggersEvents('SecurityRoleRemovedEvent'):
self.assertEqual(authorization.revoke(), True)
# It is gone
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.acquired_role, 'Editor')
self.assertEqual(authorization.role, 'Editor')
# Even on a new query
authorization = access.get_authorization('reader')
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.acquired_role, 'Editor')
self.assertEqual(authorization.role, 'Editor')
def test_revoke_as_manager(self):
"""Revoke a local role as a manager.
"""
access = IAuthorizationManager(self.folder)
authorization = access.get_authorization('reader')
self.assertEqual(authorization.local_role, 'Manager')
self.assertEqual(authorization.acquired_role, 'Editor')
self.assertEqual(authorization.role, 'Manager')
# We revoke the role
with assertTriggersEvents('SecurityRoleRemovedEvent'):
self.assertEqual(authorization.revoke(), True)
# It is gone
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.acquired_role, 'Editor')
self.assertEqual(authorization.role, 'Editor')
# Even on a new query
authorization = access.get_authorization('reader')
self.assertEqual(authorization.local_role, None)
self.assertEqual(authorization.acquired_role, 'Editor')
self.assertEqual(authorization.role, 'Editor')
def setUp(self):
self.root = self.layer.get_application()
self.layer.login('manager')
factory = self.root.manage_addProduct['Silva']
factory.manage_addFolder('folder', 'Folder')
factory.manage_addPublication('publication', 'Publication')
factory = self.root.publication.manage_addProduct['Silva']
factory.manage_addFolder('folder', 'Folder')
self.folder = self.root.publication.folder
access = IAuthorizationManager(self.root)
authorization = access.get_authorization('reader')
authorization.grant('Editor')
authorization = access.get_authorization('viewer')
authorization.grant('Reader')
access = IAuthorizationManager(self.root.publication)
authorization = access.get_authorization('viewer')
authorization.grant('ChiefEditor')
access = IAuthorizationManager(self.folder)
authorization = access.get_authorization('reader')
authorization.grant('Manager')
def getItems(self):
access = IAuthorizationManager(self.context)
authorizations = access.get_defined_authorizations().items()
authorizations.sort(key=operator.itemgetter(0))
return filter(lambda auth: auth.type == 'user',
map(operator.itemgetter(1), authorizations))
def add_roles(content, user, *roles):
access = IAuthorizationManager(content)
authorization = access.get_authorization(user, dont_acquire=True)
for role in roles:
authorization.grant(role)
def test_interface(self):
access = IAuthorizationManager(self.root.folder)
self.assertTrue(verifyObject(IAuthorizationManager, access))
def remove_roles(content, user):
access = IAuthorizationManager(content)
authorization = access.get_authorization(user, dont_acquire=True)
authorization.revoke()
