summaryrefslogtreecommitdiff
path: root/tests/test_authorization.py
diff options
context:
space:
mode:
authorMichael Merickel <michael@merickel.org>2018-10-14 21:11:41 -0500
committerMichael Merickel <michael@merickel.org>2018-10-14 21:11:41 -0500
commit3670c2cdb732d378ba6d38e72e7cd875ff726aa9 (patch)
tree5213452a778c992d42602efe7d3b3655a349abd5 /tests/test_authorization.py
parent2b024920847481592b1a13d4006d2a9fa8881d72 (diff)
downloadpyramid-3670c2cdb732d378ba6d38e72e7cd875ff726aa9.tar.gz
pyramid-3670c2cdb732d378ba6d38e72e7cd875ff726aa9.tar.bz2
pyramid-3670c2cdb732d378ba6d38e72e7cd875ff726aa9.zip
move tests out of the package
Diffstat (limited to 'tests/test_authorization.py')
-rw-r--r--tests/test_authorization.py259
1 files changed, 259 insertions, 0 deletions
diff --git a/tests/test_authorization.py b/tests/test_authorization.py
new file mode 100644
index 000000000..05cd3b4f8
--- /dev/null
+++ b/tests/test_authorization.py
@@ -0,0 +1,259 @@
+import unittest
+
+from pyramid.testing import cleanUp
+
+class TestACLAuthorizationPolicy(unittest.TestCase):
+ def setUp(self):
+ cleanUp()
+
+ def tearDown(self):
+ cleanUp()
+
+ def _getTargetClass(self):
+ from pyramid.authorization import ACLAuthorizationPolicy
+ return ACLAuthorizationPolicy
+
+ def _makeOne(self):
+ return self._getTargetClass()()
+
+ def test_class_implements_IAuthorizationPolicy(self):
+ from zope.interface.verify import verifyClass
+ from pyramid.interfaces import IAuthorizationPolicy
+ verifyClass(IAuthorizationPolicy, self._getTargetClass())
+
+ def test_instance_implements_IAuthorizationPolicy(self):
+ from zope.interface.verify import verifyObject
+ from pyramid.interfaces import IAuthorizationPolicy
+ verifyObject(IAuthorizationPolicy, self._makeOne())
+
+ def test_permits_no_acl(self):
+ context = DummyContext()
+ policy = self._makeOne()
+ self.assertEqual(policy.permits(context, [], 'view'), False)
+
+ def test_permits(self):
+ from pyramid.security import Deny
+ from pyramid.security import Allow
+ from pyramid.security import Everyone
+ from pyramid.security import Authenticated
+ from pyramid.security import ALL_PERMISSIONS
+ from pyramid.security import DENY_ALL
+ root = DummyContext()
+ community = DummyContext(__name__='community', __parent__=root)
+ blog = DummyContext(__name__='blog', __parent__=community)
+ root.__acl__ = [
+ (Allow, Authenticated, VIEW),
+ ]
+ community.__acl__ = [
+ (Allow, 'fred', ALL_PERMISSIONS),
+ (Allow, 'wilma', VIEW),
+ DENY_ALL,
+ ]
+ blog.__acl__ = [
+ (Allow, 'barney', MEMBER_PERMS),
+ (Allow, 'wilma', VIEW),
+ ]
+
+ policy = self._makeOne()
+
+ result = policy.permits(blog, [Everyone, Authenticated, 'wilma'],
+ 'view')
+ self.assertEqual(result, True)
+ self.assertEqual(result.context, blog)
+ self.assertEqual(result.ace, (Allow, 'wilma', VIEW))
+ self.assertEqual(result.acl, blog.__acl__)
+
+ result = policy.permits(blog, [Everyone, Authenticated, 'wilma'],
+ 'delete')
+ self.assertEqual(result, False)
+ self.assertEqual(result.context, community)
+ self.assertEqual(result.ace, (Deny, Everyone, ALL_PERMISSIONS))
+ self.assertEqual(result.acl, community.__acl__)
+
+ result = policy.permits(blog, [Everyone, Authenticated, 'fred'], 'view')
+ self.assertEqual(result, True)
+ self.assertEqual(result.context, community)
+ self.assertEqual(result.ace, (Allow, 'fred', ALL_PERMISSIONS))
+ result = policy.permits(blog, [Everyone, Authenticated, 'fred'],
+ 'doesntevenexistyet')
+ self.assertEqual(result, True)
+ self.assertEqual(result.context, community)
+ self.assertEqual(result.ace, (Allow, 'fred', ALL_PERMISSIONS))
+ self.assertEqual(result.acl, community.__acl__)
+
+ result = policy.permits(blog, [Everyone, Authenticated, 'barney'],
+ 'view')
+ self.assertEqual(result, True)
+ self.assertEqual(result.context, blog)
+ self.assertEqual(result.ace, (Allow, 'barney', MEMBER_PERMS))
+ result = policy.permits(blog, [Everyone, Authenticated, 'barney'],
+ 'administer')
+ self.assertEqual(result, False)
+ self.assertEqual(result.context, community)
+ self.assertEqual(result.ace, (Deny, Everyone, ALL_PERMISSIONS))
+ self.assertEqual(result.acl, community.__acl__)
+
+ result = policy.permits(root, [Everyone, Authenticated, 'someguy'],
+ 'view')
+ self.assertEqual(result, True)
+ self.assertEqual(result.context, root)
+ self.assertEqual(result.ace, (Allow, Authenticated, VIEW))
+ result = policy.permits(blog,
+ [Everyone, Authenticated, 'someguy'], 'view')
+ self.assertEqual(result, False)
+ self.assertEqual(result.context, community)
+ self.assertEqual(result.ace, (Deny, Everyone, ALL_PERMISSIONS))
+ self.assertEqual(result.acl, community.__acl__)
+
+ result = policy.permits(root, [Everyone], 'view')
+ self.assertEqual(result, False)
+ self.assertEqual(result.context, root)
+ self.assertEqual(result.ace, '<default deny>')
+ self.assertEqual(result.acl, root.__acl__)
+
+ context = DummyContext()
+ result = policy.permits(context, [Everyone], 'view')
+ self.assertEqual(result, False)
+ self.assertEqual(result.ace, '<default deny>')
+ self.assertEqual(
+ result.acl,
+ '<No ACL found on any object in resource lineage>')
+
+ def test_permits_string_permissions_in_acl(self):
+ from pyramid.security import Allow
+ root = DummyContext()
+ root.__acl__ = [
+ (Allow, 'wilma', 'view_stuff'),
+ ]
+
+ policy = self._makeOne()
+
+ result = policy.permits(root, ['wilma'], 'view')
+ # would be True if matching against 'view_stuff' instead of against
+ # ['view_stuff']
+ self.assertEqual(result, False)
+
+ def test_principals_allowed_by_permission_direct(self):
+ from pyramid.security import Allow
+ from pyramid.security import DENY_ALL
+ context = DummyContext()
+ acl = [ (Allow, 'chrism', ('read', 'write')),
+ DENY_ALL,
+ (Allow, 'other', 'read') ]
+ context.__acl__ = acl
+ policy = self._makeOne()
+ result = sorted(
+ policy.principals_allowed_by_permission(context, 'read'))
+ self.assertEqual(result, ['chrism'])
+
+ def test_principals_allowed_by_permission_callable_acl(self):
+ from pyramid.security import Allow
+ from pyramid.security import DENY_ALL
+ context = DummyContext()
+ acl = lambda: [ (Allow, 'chrism', ('read', 'write')),
+ DENY_ALL,
+ (Allow, 'other', 'read') ]
+ context.__acl__ = acl
+ policy = self._makeOne()
+ result = sorted(
+ policy.principals_allowed_by_permission(context, 'read'))
+ self.assertEqual(result, ['chrism'])
+
+ def test_principals_allowed_by_permission_string_permission(self):
+ from pyramid.security import Allow
+ context = DummyContext()
+ acl = [ (Allow, 'chrism', 'read_it')]
+ context.__acl__ = acl
+ policy = self._makeOne()
+ result = policy.principals_allowed_by_permission(context, 'read')
+ # would be ['chrism'] if 'read' were compared against 'read_it' instead
+ # of against ['read_it']
+ self.assertEqual(list(result), [])
+
+ def test_principals_allowed_by_permission(self):
+ from pyramid.security import Allow
+ from pyramid.security import Deny
+ from pyramid.security import DENY_ALL
+ from pyramid.security import ALL_PERMISSIONS
+ root = DummyContext(__name__='', __parent__=None)
+ community = DummyContext(__name__='community', __parent__=root)
+ blog = DummyContext(__name__='blog', __parent__=community)
+ root.__acl__ = [ (Allow, 'chrism', ('read', 'write')),
+ (Allow, 'other', ('read',)),
+ (Allow, 'jim', ALL_PERMISSIONS)]
+ community.__acl__ = [ (Deny, 'flooz', 'read'),
+ (Allow, 'flooz', 'read'),
+ (Allow, 'mork', 'read'),
+ (Deny, 'jim', 'read'),
+ (Allow, 'someguy', 'manage')]
+ blog.__acl__ = [ (Allow, 'fred', 'read'),
+ DENY_ALL]
+
+ policy = self._makeOne()
+
+ result = sorted(policy.principals_allowed_by_permission(blog, 'read'))
+ self.assertEqual(result, ['fred'])
+ result = sorted(policy.principals_allowed_by_permission(community,
+ 'read'))
+ self.assertEqual(result, ['chrism', 'mork', 'other'])
+ result = sorted(policy.principals_allowed_by_permission(community,
+ 'read'))
+ result = sorted(policy.principals_allowed_by_permission(root, 'read'))
+ self.assertEqual(result, ['chrism', 'jim', 'other'])
+
+ def test_principals_allowed_by_permission_no_acls(self):
+ context = DummyContext()
+ policy = self._makeOne()
+ result = sorted(policy.principals_allowed_by_permission(context,'read'))
+ self.assertEqual(result, [])
+
+ def test_principals_allowed_by_permission_deny_not_permission_in_acl(self):
+ from pyramid.security import Deny
+ from pyramid.security import Everyone
+ context = DummyContext()
+ acl = [ (Deny, Everyone, 'write') ]
+ context.__acl__ = acl
+ policy = self._makeOne()
+ result = sorted(
+ policy.principals_allowed_by_permission(context, 'read'))
+ self.assertEqual(result, [])
+
+ def test_principals_allowed_by_permission_deny_permission_in_acl(self):
+ from pyramid.security import Deny
+ from pyramid.security import Everyone
+ context = DummyContext()
+ acl = [ (Deny, Everyone, 'read') ]
+ context.__acl__ = acl
+ policy = self._makeOne()
+ result = sorted(
+ policy.principals_allowed_by_permission(context, 'read'))
+ self.assertEqual(result, [])
+
+ def test_callable_acl(self):
+ from pyramid.security import Allow
+ context = DummyContext()
+ fn = lambda self: [(Allow, 'bob', 'read')]
+ context.__acl__ = fn.__get__(context, context.__class__)
+ policy = self._makeOne()
+ result = policy.permits(context, ['bob'], 'read')
+ self.assertTrue(result)
+
+
+class DummyContext:
+ def __init__(self, *arg, **kw):
+ self.__dict__.update(kw)
+
+
+VIEW = 'view'
+EDIT = 'edit'
+CREATE = 'create'
+DELETE = 'delete'
+MODERATE = 'moderate'
+ADMINISTER = 'administer'
+COMMENT = 'comment'
+
+GUEST_PERMS = (VIEW, COMMENT)
+MEMBER_PERMS = GUEST_PERMS + (EDIT, CREATE, DELETE)
+MODERATOR_PERMS = MEMBER_PERMS + (MODERATE,)
+ADMINISTRATOR_PERMS = MODERATOR_PERMS + (ADMINISTER,)
+
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-11 07:06:40 +0000