RedHatTraining/pyramid.git

Merge pull request #3387 from mmerickel/src-folder-refactor

Michael Merickel

2018-10-15 81576ee51564c49d5ff3c1c07f214f22a8438231

commit \| author \| age
a1a9fb	1	import unittest
CM	2
b60bdb	3	from pyramid.testing import cleanUp
a1a9fb	4
CM	5	class TestACLAuthorizationPolicy(unittest.TestCase):
	6	def setUp(self):
	7	cleanUp()
	8
	9	def tearDown(self):
	10	cleanUp()
	11
	12	def _getTargetClass(self):
b60bdb	13	from pyramid.authorization import ACLAuthorizationPolicy
a1a9fb	14	return ACLAuthorizationPolicy
CM	15
	16	def _makeOne(self):
	17	return self._getTargetClass()()
	18
	19	def test_class_implements_IAuthorizationPolicy(self):
	20	from zope.interface.verify import verifyClass
b60bdb	21	from pyramid.interfaces import IAuthorizationPolicy
a1a9fb	22	verifyClass(IAuthorizationPolicy, self._getTargetClass())
CM	23
	24	def test_instance_implements_IAuthorizationPolicy(self):
	25	from zope.interface.verify import verifyObject
b60bdb	26	from pyramid.interfaces import IAuthorizationPolicy
a1a9fb	27	verifyObject(IAuthorizationPolicy, self._makeOne())
CM	28
	29	def test_permits_no_acl(self):
	30	context = DummyContext()
	31	policy = self._makeOne()
	32	self.assertEqual(policy.permits(context, [], 'view'), False)
	33
	34	def test_permits(self):
b60bdb	35	from pyramid.security import Deny
CM	36	from pyramid.security import Allow
	37	from pyramid.security import Everyone
	38	from pyramid.security import Authenticated
	39	from pyramid.security import ALL_PERMISSIONS
	40	from pyramid.security import DENY_ALL
a1a9fb	41	root = DummyContext()
CM	42	community = DummyContext(__name__='community', __parent__=root)
	43	blog = DummyContext(__name__='blog', __parent__=community)
	44	root.__acl__ = [
	45	(Allow, Authenticated, VIEW),
	46	]
	47	community.__acl__ = [
	48	(Allow, 'fred', ALL_PERMISSIONS),
	49	(Allow, 'wilma', VIEW),
	50	DENY_ALL,
	51	]
	52	blog.__acl__ = [
	53	(Allow, 'barney', MEMBER_PERMS),
	54	(Allow, 'wilma', VIEW),
	55	]
	56
	57	policy = self._makeOne()
	58
	59	result = policy.permits(blog, [Everyone, Authenticated, 'wilma'],
	60	'view')
	61	self.assertEqual(result, True)
	62	self.assertEqual(result.context, blog)
	63	self.assertEqual(result.ace, (Allow, 'wilma', VIEW))
e0162e	64	self.assertEqual(result.acl, blog.__acl__)
a1a9fb	65
CM	66	result = policy.permits(blog, [Everyone, Authenticated, 'wilma'],
	67	'delete')
	68	self.assertEqual(result, False)
	69	self.assertEqual(result.context, community)
	70	self.assertEqual(result.ace, (Deny, Everyone, ALL_PERMISSIONS))
e0162e	71	self.assertEqual(result.acl, community.__acl__)
a1a9fb	72
CM	73	result = policy.permits(blog, [Everyone, Authenticated, 'fred'], 'view')
	74	self.assertEqual(result, True)
	75	self.assertEqual(result.context, community)
	76	self.assertEqual(result.ace, (Allow, 'fred', ALL_PERMISSIONS))
	77	result = policy.permits(blog, [Everyone, Authenticated, 'fred'],
	78	'doesntevenexistyet')
	79	self.assertEqual(result, True)
	80	self.assertEqual(result.context, community)
	81	self.assertEqual(result.ace, (Allow, 'fred', ALL_PERMISSIONS))
e0162e	82	self.assertEqual(result.acl, community.__acl__)
a1a9fb	83
CM	84	result = policy.permits(blog, [Everyone, Authenticated, 'barney'],
	85	'view')
	86	self.assertEqual(result, True)
	87	self.assertEqual(result.context, blog)
	88	self.assertEqual(result.ace, (Allow, 'barney', MEMBER_PERMS))
	89	result = policy.permits(blog, [Everyone, Authenticated, 'barney'],
	90	'administer')
	91	self.assertEqual(result, False)
	92	self.assertEqual(result.context, community)
	93	self.assertEqual(result.ace, (Deny, Everyone, ALL_PERMISSIONS))
e0162e	94	self.assertEqual(result.acl, community.__acl__)
a1a9fb	95
CM	96	result = policy.permits(root, [Everyone, Authenticated, 'someguy'],
	97	'view')
	98	self.assertEqual(result, True)
	99	self.assertEqual(result.context, root)
	100	self.assertEqual(result.ace, (Allow, Authenticated, VIEW))
	101	result = policy.permits(blog,
	102	[Everyone, Authenticated, 'someguy'], 'view')
	103	self.assertEqual(result, False)
	104	self.assertEqual(result.context, community)
	105	self.assertEqual(result.ace, (Deny, Everyone, ALL_PERMISSIONS))
e0162e	106	self.assertEqual(result.acl, community.__acl__)
a1a9fb	107
CM	108	result = policy.permits(root, [Everyone], 'view')
	109	self.assertEqual(result, False)
	110	self.assertEqual(result.context, root)
e0162e	111	self.assertEqual(result.ace, '<default deny>')
CM	112	self.assertEqual(result.acl, root.__acl__)
a1a9fb	113
CM	114	context = DummyContext()
	115	result = policy.permits(context, [Everyone], 'view')
	116	self.assertEqual(result, False)
e0162e	117	self.assertEqual(result.ace, '<default deny>')
CM	118	self.assertEqual(
	119	result.acl,
3e2f12	120	'<No ACL found on any object in resource lineage>')
a1a9fb	121
52ca12	122	def test_permits_string_permissions_in_acl(self):
CM	123	from pyramid.security import Allow
	124	root = DummyContext()
	125	root.__acl__ = [
	126	(Allow, 'wilma', 'view_stuff'),
	127	]
	128
	129	policy = self._makeOne()
	130
	131	result = policy.permits(root, ['wilma'], 'view')
	132	# would be True if matching against 'view_stuff' instead of against
	133	# ['view_stuff']
	134	self.assertEqual(result, False)
	135
a1a9fb	136	def test_principals_allowed_by_permission_direct(self):
b60bdb	137	from pyramid.security import Allow
CM	138	from pyramid.security import DENY_ALL
a1a9fb	139	context = DummyContext()
CM	140	acl = [ (Allow, 'chrism', ('read', 'write')),
	141	DENY_ALL,
	142	(Allow, 'other', 'read') ]
	143	context.__acl__ = acl
	144	policy = self._makeOne()
	145	result = sorted(
	146	policy.principals_allowed_by_permission(context, 'read'))
	147	self.assertEqual(result, ['chrism'])
	148
678f49	149	def test_principals_allowed_by_permission_callable_acl(self):
CM	150	from pyramid.security import Allow
	151	from pyramid.security import DENY_ALL
	152	context = DummyContext()
	153	acl = lambda: [ (Allow, 'chrism', ('read', 'write')),
	154	DENY_ALL,
	155	(Allow, 'other', 'read') ]
	156	context.__acl__ = acl
	157	policy = self._makeOne()
	158	result = sorted(
	159	policy.principals_allowed_by_permission(context, 'read'))
	160	self.assertEqual(result, ['chrism'])
	161
52ca12	162	def test_principals_allowed_by_permission_string_permission(self):
CM	163	from pyramid.security import Allow
	164	context = DummyContext()
	165	acl = [ (Allow, 'chrism', 'read_it')]
	166	context.__acl__ = acl
	167	policy = self._makeOne()
	168	result = policy.principals_allowed_by_permission(context, 'read')
	169	# would be ['chrism'] if 'read' were compared against 'read_it' instead
	170	# of against ['read_it']
	171	self.assertEqual(list(result), [])
	172
a1a9fb	173	def test_principals_allowed_by_permission(self):
b60bdb	174	from pyramid.security import Allow
CM	175	from pyramid.security import Deny
	176	from pyramid.security import DENY_ALL
	177	from pyramid.security import ALL_PERMISSIONS
a1a9fb	178	root = DummyContext(__name__='', __parent__=None)
CM	179	community = DummyContext(__name__='community', __parent__=root)
	180	blog = DummyContext(__name__='blog', __parent__=community)
	181	root.__acl__ = [ (Allow, 'chrism', ('read', 'write')),
	182	(Allow, 'other', ('read',)),
	183	(Allow, 'jim', ALL_PERMISSIONS)]
	184	community.__acl__ = [ (Deny, 'flooz', 'read'),
	185	(Allow, 'flooz', 'read'),
	186	(Allow, 'mork', 'read'),
	187	(Deny, 'jim', 'read'),
	188	(Allow, 'someguy', 'manage')]
	189	blog.__acl__ = [ (Allow, 'fred', 'read'),
	190	DENY_ALL]
	191
	192	policy = self._makeOne()
	193
	194	result = sorted(policy.principals_allowed_by_permission(blog, 'read'))
	195	self.assertEqual(result, ['fred'])
	196	result = sorted(policy.principals_allowed_by_permission(community,
	197	'read'))
	198	self.assertEqual(result, ['chrism', 'mork', 'other'])
	199	result = sorted(policy.principals_allowed_by_permission(community,
	200	'read'))
	201	result = sorted(policy.principals_allowed_by_permission(root, 'read'))
	202	self.assertEqual(result, ['chrism', 'jim', 'other'])
	203
	204	def test_principals_allowed_by_permission_no_acls(self):
	205	context = DummyContext()
	206	policy = self._makeOne()
	207	result = sorted(policy.principals_allowed_by_permission(context,'read'))
	208	self.assertEqual(result, [])
	209
729c91	210	def test_principals_allowed_by_permission_deny_not_permission_in_acl(self):
CM	211	from pyramid.security import Deny
	212	from pyramid.security import Everyone
	213	context = DummyContext()
	214	acl = [ (Deny, Everyone, 'write') ]
	215	context.__acl__ = acl
	216	policy = self._makeOne()
	217	result = sorted(
	218	policy.principals_allowed_by_permission(context, 'read'))
	219	self.assertEqual(result, [])
	220
	221	def test_principals_allowed_by_permission_deny_permission_in_acl(self):
	222	from pyramid.security import Deny
	223	from pyramid.security import Everyone
	224	context = DummyContext()
	225	acl = [ (Deny, Everyone, 'read') ]
	226	context.__acl__ = acl
	227	policy = self._makeOne()
	228	result = sorted(
	229	policy.principals_allowed_by_permission(context, 'read'))
	230	self.assertEqual(result, [])
038dcb	231
MM	232	def test_callable_acl(self):
	233	from pyramid.security import Allow
	234	context = DummyContext()
	235	fn = lambda self: [(Allow, 'bob', 'read')]
	236	context.__acl__ = fn.__get__(context, context.__class__)
	237	policy = self._makeOne()
	238	result = policy.permits(context, ['bob'], 'read')
	239	self.assertTrue(result)
729c91	240
CM	241
a1a9fb	242	class DummyContext:
CM	243	def __init__(self, arg, *kw):
	244	self.__dict__.update(kw)
	245
	246
	247	VIEW = 'view'
	248	EDIT = 'edit'
	249	CREATE = 'create'
	250	DELETE = 'delete'
	251	MODERATE = 'moderate'
	252	ADMINISTER = 'administer'
	253	COMMENT = 'comment'
	254
	255	GUEST_PERMS = (VIEW, COMMENT)
	256	MEMBER_PERMS = GUEST_PERMS + (EDIT, CREATE, DELETE)
	257	MODERATOR_PERMS = MEMBER_PERMS + (MODERATE,)
	258	ADMINISTRATOR_PERMS = MODERATOR_PERMS + (ADMINISTER,)
	259