Features

-------- - In support of making it easier to configure applications which are "secure by default", a default permission feature was added. If supplied, the default permission is used as the permission string to all view registrations which don't otherwise name a permission. These APIs are in support of that: - A new constructor argument was added to the Configurator: ``default_permission``. - A new method was added to the Configurator: ``set_default_permission``. - A new ZCML directive was added: ``default_permission``. Documentation ------------- - Added documentation for the ``default_permission`` ZCML directive. - Added documentation for the ``default_permission`` constructor value and the ``set_default_permission`` method in the Configurator API documentation. - Added a new section to the "security" chapter named "Setting a Default Permission". - Document ``renderer_globals_factory`` and ``request_factory`` arguments to Configurator constructor.
author: Chris McDonough <chrism@agendaless.com> 2010-09-09 17:46:49 +0000
committer: Chris McDonough <chrism@agendaless.com> 2010-09-09 17:46:49 +0000
commit: e25a70a7d1c2016eaeff9c630df9109e715bba3b (patch)
tree: 520508b0bb66600e50b46db46c0a85ef05f0690c /repoze/bfg/tests
parent: 6ae0139d3682730e44a3b2330f83d10b31ebbc95 (diff)
download: pyramid-e25a70a7d1c2016eaeff9c630df9109e715bba3b.tar.gz
pyramid-e25a70a7d1c2016eaeff9c630df9109e715bba3b.tar.bz2
pyramid-e25a70a7d1c2016eaeff9c630df9109e715bba3b.zip
2 files changed, 96 insertions, 0 deletions
diff --git a/repoze/bfg/tests/test_configuration.py b/repoze/bfg/tests/test_configuration.py
index 2724b3381..943e6b832 100644
--- a/repoze/bfg/tests/test_configuration.py
+++ b/repoze/bfg/tests/test_configuration.py
@@ -179,6 +179,11 @@ class ConfiguratorTests(unittest.TestCase):
         self.assertEqual(config.registry.getUtility(IRendererFactory, 'yeah'),
                          renderer)
 
+    def test_ctor_default_permission(self):
+        from repoze.bfg.interfaces import IDefaultPermission
+        config = self._makeOne(default_permission='view')
+        self.assertEqual(config.registry.getUtility(IDefaultPermission), 'view')
+
     def test_with_package_module(self):
         from repoze.bfg.tests import test_configuration
         import repoze.bfg.tests
@@ -445,6 +450,14 @@ class ConfiguratorTests(unittest.TestCase):
         self.assertEqual(reg.getUtility(IRendererFactory, 'yeah'),
                          renderer)
 
+    def test_setup_registry_default_permission(self):
+        from repoze.bfg.registry import Registry
+        from repoze.bfg.interfaces import IDefaultPermission
+        reg = Registry()
+        config = self._makeOne(reg)
+        config.setup_registry(default_permission='view')
+        self.assertEqual(reg.getUtility(IDefaultPermission), 'view')
+
     def test_get_settings_nosettings(self):
         from repoze.bfg.registry import Registry
         reg = Registry()
@@ -1704,6 +1717,58 @@ class ConfiguratorTests(unittest.TestCase):
         request = self._makeRequest(config)
         self.assertEqual(view(None, request), 'second')
 
+    def test_add_view_with_permission(self):
+        view1 = lambda *arg: 'OK'
+        outerself = self
+        class DummyPolicy(object):
+            def effective_principals(self, r):
+                outerself.assertEqual(r, request)
+                return ['abc']
+            def permits(self, context, principals, permission):
+                outerself.assertEqual(context, None)
+                outerself.assertEqual(principals, ['abc'])
+                outerself.assertEqual(permission, 'view')
+                return True
+        policy = DummyPolicy()
+        config = self._makeOne(authorization_policy=policy,
+                               authentication_policy=policy)
+        config.add_view(view=view1, permission='view')
+        view = self._getViewCallable(config)
+        request = self._makeRequest(config)
+        self.assertEqual(view(None, request), 'OK')
+
+    def test_add_view_with_default_permission_no_explicit_permission(self):
+        view1 = lambda *arg: 'OK'
+        outerself = self
+        class DummyPolicy(object):
+            def effective_principals(self, r):
+                outerself.assertEqual(r, request)
+                return ['abc']
+            def permits(self, context, principals, permission):
+                outerself.assertEqual(context, None)
+                outerself.assertEqual(principals, ['abc'])
+                outerself.assertEqual(permission, 'view')
+                return True
+        policy = DummyPolicy()
+        config = self._makeOne(authorization_policy=policy,
+                               authentication_policy=policy,
+                               default_permission='view')
+        config.add_view(view=view1)
+        view = self._getViewCallable(config)
+        request = self._makeRequest(config)
+        self.assertEqual(view(None, request), 'OK')
+
+    def test_add_view_with_no_default_permission_no_explicit_permission(self):
+        view1 = lambda *arg: 'OK'
+        class DummyPolicy(object): pass # wont be called
+        policy = DummyPolicy()
+        config = self._makeOne(authorization_policy=policy,
+                               authentication_policy=policy)
+        config.add_view(view=view1)
+        view = self._getViewCallable(config)
+        request = self._makeRequest(config)
+        self.assertEqual(view(None, request), 'OK')
+
     def _assertRoute(self, config, name, path, num_predicates=0):
         from repoze.bfg.interfaces import IRoutesMapper
         mapper = config.registry.getUtility(IRoutesMapper)
@@ -2149,6 +2214,13 @@ class ConfiguratorTests(unittest.TestCase):
         self.assertEqual(config.registry.getUtility(IRendererGlobalsFactory),
                          dummyfactory)
 
+    def test_set_default_permission(self):
+        from repoze.bfg.interfaces import IDefaultPermission
+        config = self._makeOne()
+        config.set_default_permission('view')
+        self.assertEqual(config.registry.getUtility(IDefaultPermission),
+                         'view')
+
     def test_add_translation_dirs_missing_dir(self):
         from repoze.bfg.exceptions import ConfigurationError
         config = self._makeOne()
diff --git a/repoze/bfg/tests/test_zcml.py b/repoze/bfg/tests/test_zcml.py
index 4cd7f88d3..131122d7b 100644
--- a/repoze/bfg/tests/test_zcml.py
+++ b/repoze/bfg/tests/test_zcml.py
@@ -1123,6 +1123,30 @@ class TestLocaleNegotiatorDirective(unittest.TestCase):
         self.assertEqual(action['args'], (dummy_negotiator,))
         action['callable'](*action['args']) # doesn't blow up
 
+class TestDefaultPermissionDirective(unittest.TestCase):
+    def setUp(self):
+        testing.setUp()
+
+    def tearDown(self):
+        testing.tearDown()
+
+    def _callFUT(self, context, name):
+        from repoze.bfg.zcml import default_permission
+        return default_permission(context, name)
+    
+    def test_it(self):
+        from repoze.bfg.threadlocal import get_current_registry
+        from repoze.bfg.interfaces import IDefaultPermission
+        reg = get_current_registry()
+        context = DummyContext()
+        self._callFUT(context, 'view')
+        actions = context.actions
+        self.assertEqual(len(actions), 1)
+        regadapt = actions[0]
+        self.assertEqual(regadapt['discriminator'], IDefaultPermission)
+        perm = reg.getUtility(IDefaultPermission)
+        self.assertEqual(perm, 'view')
+
 class TestLoadZCML(unittest.TestCase):
     def setUp(self):
         testing.setUp()
author	Chris McDonough <chrism@agendaless.com>	2010-09-09 17:46:49 +0000
committer	Chris McDonough <chrism@agendaless.com>	2010-09-09 17:46:49 +0000
commit	e25a70a7d1c2016eaeff9c630df9109e715bba3b (patch)
tree	520508b0bb66600e50b46db46c0a85ef05f0690c /repoze/bfg/tests
parent	6ae0139d3682730e44a3b2330f83d10b31ebbc95 (diff)
download	pyramid-e25a70a7d1c2016eaeff9c630df9109e715bba3b.tar.gz pyramid-e25a70a7d1c2016eaeff9c630df9109e715bba3b.tar.bz2 pyramid-e25a70a7d1c2016eaeff9c630df9109e715bba3b.zip