summaryrefslogtreecommitdiff
path: root/tests/test_authorization.py
diff options
context:
space:
mode:
Diffstat (limited to 'tests/test_authorization.py')
-rw-r--r--tests/test_authorization.py154
1 files changed, 93 insertions, 61 deletions
diff --git a/tests/test_authorization.py b/tests/test_authorization.py
index 05cd3b4f8..efb84b203 100644
--- a/tests/test_authorization.py
+++ b/tests/test_authorization.py
@@ -2,6 +2,7 @@ import unittest
from pyramid.testing import cleanUp
+
class TestACLAuthorizationPolicy(unittest.TestCase):
def setUp(self):
cleanUp()
@@ -11,6 +12,7 @@ class TestACLAuthorizationPolicy(unittest.TestCase):
def _getTargetClass(self):
from pyramid.authorization import ACLAuthorizationPolicy
+
return ACLAuthorizationPolicy
def _makeOne(self):
@@ -19,18 +21,20 @@ class TestACLAuthorizationPolicy(unittest.TestCase):
def test_class_implements_IAuthorizationPolicy(self):
from zope.interface.verify import verifyClass
from pyramid.interfaces import IAuthorizationPolicy
+
verifyClass(IAuthorizationPolicy, self._getTargetClass())
def test_instance_implements_IAuthorizationPolicy(self):
from zope.interface.verify import verifyObject
from pyramid.interfaces import IAuthorizationPolicy
+
verifyObject(IAuthorizationPolicy, self._makeOne())
def test_permits_no_acl(self):
context = DummyContext()
policy = self._makeOne()
self.assertEqual(policy.permits(context, [], 'view'), False)
-
+
def test_permits(self):
from pyramid.security import Deny
from pyramid.security import Allow
@@ -38,68 +42,76 @@ class TestACLAuthorizationPolicy(unittest.TestCase):
from pyramid.security import Authenticated
from pyramid.security import ALL_PERMISSIONS
from pyramid.security import DENY_ALL
+
root = DummyContext()
community = DummyContext(__name__='community', __parent__=root)
blog = DummyContext(__name__='blog', __parent__=community)
- root.__acl__ = [
- (Allow, Authenticated, VIEW),
- ]
+ root.__acl__ = [(Allow, Authenticated, VIEW)]
community.__acl__ = [
(Allow, 'fred', ALL_PERMISSIONS),
(Allow, 'wilma', VIEW),
DENY_ALL,
- ]
+ ]
blog.__acl__ = [
(Allow, 'barney', MEMBER_PERMS),
(Allow, 'wilma', VIEW),
- ]
+ ]
policy = self._makeOne()
- result = policy.permits(blog, [Everyone, Authenticated, 'wilma'],
- 'view')
+ result = policy.permits(
+ blog, [Everyone, Authenticated, 'wilma'], 'view'
+ )
self.assertEqual(result, True)
self.assertEqual(result.context, blog)
self.assertEqual(result.ace, (Allow, 'wilma', VIEW))
self.assertEqual(result.acl, blog.__acl__)
- result = policy.permits(blog, [Everyone, Authenticated, 'wilma'],
- 'delete')
+ result = policy.permits(
+ blog, [Everyone, Authenticated, 'wilma'], 'delete'
+ )
self.assertEqual(result, False)
self.assertEqual(result.context, community)
self.assertEqual(result.ace, (Deny, Everyone, ALL_PERMISSIONS))
self.assertEqual(result.acl, community.__acl__)
- result = policy.permits(blog, [Everyone, Authenticated, 'fred'], 'view')
+ result = policy.permits(
+ blog, [Everyone, Authenticated, 'fred'], 'view'
+ )
self.assertEqual(result, True)
self.assertEqual(result.context, community)
self.assertEqual(result.ace, (Allow, 'fred', ALL_PERMISSIONS))
- result = policy.permits(blog, [Everyone, Authenticated, 'fred'],
- 'doesntevenexistyet')
+ result = policy.permits(
+ blog, [Everyone, Authenticated, 'fred'], 'doesntevenexistyet'
+ )
self.assertEqual(result, True)
self.assertEqual(result.context, community)
self.assertEqual(result.ace, (Allow, 'fred', ALL_PERMISSIONS))
self.assertEqual(result.acl, community.__acl__)
- result = policy.permits(blog, [Everyone, Authenticated, 'barney'],
- 'view')
+ result = policy.permits(
+ blog, [Everyone, Authenticated, 'barney'], 'view'
+ )
self.assertEqual(result, True)
self.assertEqual(result.context, blog)
self.assertEqual(result.ace, (Allow, 'barney', MEMBER_PERMS))
- result = policy.permits(blog, [Everyone, Authenticated, 'barney'],
- 'administer')
+ result = policy.permits(
+ blog, [Everyone, Authenticated, 'barney'], 'administer'
+ )
self.assertEqual(result, False)
self.assertEqual(result.context, community)
self.assertEqual(result.ace, (Deny, Everyone, ALL_PERMISSIONS))
self.assertEqual(result.acl, community.__acl__)
-
- result = policy.permits(root, [Everyone, Authenticated, 'someguy'],
- 'view')
+
+ result = policy.permits(
+ root, [Everyone, Authenticated, 'someguy'], 'view'
+ )
self.assertEqual(result, True)
self.assertEqual(result.context, root)
self.assertEqual(result.ace, (Allow, Authenticated, VIEW))
- result = policy.permits(blog,
- [Everyone, Authenticated, 'someguy'], 'view')
+ result = policy.permits(
+ blog, [Everyone, Authenticated, 'someguy'], 'view'
+ )
self.assertEqual(result, False)
self.assertEqual(result.context, community)
self.assertEqual(result.ace, (Deny, Everyone, ALL_PERMISSIONS))
@@ -116,128 +128,149 @@ class TestACLAuthorizationPolicy(unittest.TestCase):
self.assertEqual(result, False)
self.assertEqual(result.ace, '<default deny>')
self.assertEqual(
- result.acl,
- '<No ACL found on any object in resource lineage>')
+ result.acl, '<No ACL found on any object in resource lineage>'
+ )
def test_permits_string_permissions_in_acl(self):
from pyramid.security import Allow
+
root = DummyContext()
- root.__acl__ = [
- (Allow, 'wilma', 'view_stuff'),
- ]
+ root.__acl__ = [(Allow, 'wilma', 'view_stuff')]
policy = self._makeOne()
result = policy.permits(root, ['wilma'], 'view')
# would be True if matching against 'view_stuff' instead of against
# ['view_stuff']
- self.assertEqual(result, False)
+ self.assertEqual(result, False)
def test_principals_allowed_by_permission_direct(self):
from pyramid.security import Allow
from pyramid.security import DENY_ALL
+
context = DummyContext()
- acl = [ (Allow, 'chrism', ('read', 'write')),
- DENY_ALL,
- (Allow, 'other', 'read') ]
+ acl = [
+ (Allow, 'chrism', ('read', 'write')),
+ DENY_ALL,
+ (Allow, 'other', 'read'),
+ ]
context.__acl__ = acl
policy = self._makeOne()
result = sorted(
- policy.principals_allowed_by_permission(context, 'read'))
+ policy.principals_allowed_by_permission(context, 'read')
+ )
self.assertEqual(result, ['chrism'])
def test_principals_allowed_by_permission_callable_acl(self):
from pyramid.security import Allow
from pyramid.security import DENY_ALL
+
context = DummyContext()
- acl = lambda: [ (Allow, 'chrism', ('read', 'write')),
- DENY_ALL,
- (Allow, 'other', 'read') ]
+ acl = lambda: [
+ (Allow, 'chrism', ('read', 'write')),
+ DENY_ALL,
+ (Allow, 'other', 'read'),
+ ]
context.__acl__ = acl
policy = self._makeOne()
result = sorted(
- policy.principals_allowed_by_permission(context, 'read'))
+ policy.principals_allowed_by_permission(context, 'read')
+ )
self.assertEqual(result, ['chrism'])
-
+
def test_principals_allowed_by_permission_string_permission(self):
from pyramid.security import Allow
+
context = DummyContext()
- acl = [ (Allow, 'chrism', 'read_it')]
+ acl = [(Allow, 'chrism', 'read_it')]
context.__acl__ = acl
policy = self._makeOne()
result = policy.principals_allowed_by_permission(context, 'read')
# would be ['chrism'] if 'read' were compared against 'read_it' instead
# of against ['read_it']
self.assertEqual(list(result), [])
-
+
def test_principals_allowed_by_permission(self):
from pyramid.security import Allow
from pyramid.security import Deny
from pyramid.security import DENY_ALL
from pyramid.security import ALL_PERMISSIONS
+
root = DummyContext(__name__='', __parent__=None)
community = DummyContext(__name__='community', __parent__=root)
blog = DummyContext(__name__='blog', __parent__=community)
- root.__acl__ = [ (Allow, 'chrism', ('read', 'write')),
- (Allow, 'other', ('read',)),
- (Allow, 'jim', ALL_PERMISSIONS)]
- community.__acl__ = [ (Deny, 'flooz', 'read'),
- (Allow, 'flooz', 'read'),
- (Allow, 'mork', 'read'),
- (Deny, 'jim', 'read'),
- (Allow, 'someguy', 'manage')]
- blog.__acl__ = [ (Allow, 'fred', 'read'),
- DENY_ALL]
+ root.__acl__ = [
+ (Allow, 'chrism', ('read', 'write')),
+ (Allow, 'other', ('read',)),
+ (Allow, 'jim', ALL_PERMISSIONS),
+ ]
+ community.__acl__ = [
+ (Deny, 'flooz', 'read'),
+ (Allow, 'flooz', 'read'),
+ (Allow, 'mork', 'read'),
+ (Deny, 'jim', 'read'),
+ (Allow, 'someguy', 'manage'),
+ ]
+ blog.__acl__ = [(Allow, 'fred', 'read'), DENY_ALL]
policy = self._makeOne()
-
+
result = sorted(policy.principals_allowed_by_permission(blog, 'read'))
self.assertEqual(result, ['fred'])
- result = sorted(policy.principals_allowed_by_permission(community,
- 'read'))
+ result = sorted(
+ policy.principals_allowed_by_permission(community, 'read')
+ )
self.assertEqual(result, ['chrism', 'mork', 'other'])
- result = sorted(policy.principals_allowed_by_permission(community,
- 'read'))
+ result = sorted(
+ policy.principals_allowed_by_permission(community, 'read')
+ )
result = sorted(policy.principals_allowed_by_permission(root, 'read'))
self.assertEqual(result, ['chrism', 'jim', 'other'])
def test_principals_allowed_by_permission_no_acls(self):
context = DummyContext()
policy = self._makeOne()
- result = sorted(policy.principals_allowed_by_permission(context,'read'))
+ result = sorted(
+ policy.principals_allowed_by_permission(context, 'read')
+ )
self.assertEqual(result, [])
def test_principals_allowed_by_permission_deny_not_permission_in_acl(self):
from pyramid.security import Deny
from pyramid.security import Everyone
+
context = DummyContext()
- acl = [ (Deny, Everyone, 'write') ]
+ acl = [(Deny, Everyone, 'write')]
context.__acl__ = acl
policy = self._makeOne()
result = sorted(
- policy.principals_allowed_by_permission(context, 'read'))
+ policy.principals_allowed_by_permission(context, 'read')
+ )
self.assertEqual(result, [])
def test_principals_allowed_by_permission_deny_permission_in_acl(self):
from pyramid.security import Deny
from pyramid.security import Everyone
+
context = DummyContext()
- acl = [ (Deny, Everyone, 'read') ]
+ acl = [(Deny, Everyone, 'read')]
context.__acl__ = acl
policy = self._makeOne()
result = sorted(
- policy.principals_allowed_by_permission(context, 'read'))
+ policy.principals_allowed_by_permission(context, 'read')
+ )
self.assertEqual(result, [])
def test_callable_acl(self):
from pyramid.security import Allow
+
context = DummyContext()
fn = lambda self: [(Allow, 'bob', 'read')]
context.__acl__ = fn.__get__(context, context.__class__)
policy = self._makeOne()
result = policy.permits(context, ['bob'], 'read')
self.assertTrue(result)
-
+
class DummyContext:
def __init__(self, *arg, **kw):
@@ -256,4 +289,3 @@ GUEST_PERMS = (VIEW, COMMENT)
MEMBER_PERMS = GUEST_PERMS + (EDIT, CREATE, DELETE)
MODERATOR_PERMS = MEMBER_PERMS + (MODERATE,)
ADMINISTRATOR_PERMS = MODERATOR_PERMS + (ADMINISTER,)
-
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-10 21:15:27 +0000