From 0168300b0da3c79e05ec87aa777e04674a86cebb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Araujo?= Date: Sat, 14 Dec 2019 13:32:07 -0500 Subject: start reworking security policy --- tests/pkgs/securityapp/__init__.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'tests/pkgs') diff --git a/tests/pkgs/securityapp/__init__.py b/tests/pkgs/securityapp/__init__.py index 6ddba585b..b869ab541 100644 --- a/tests/pkgs/securityapp/__init__.py +++ b/tests/pkgs/securityapp/__init__.py @@ -4,9 +4,13 @@ from pyramid.security import Allowed, Denied class SecurityPolicy: def identify(self, request): + ... + + def authenticated_userid(self, request): return request.environ.get('REMOTE_USER') - def permits(self, request, context, identity, permission): + def permits(self, request, context, permission): + identity = self.identify(request) if identity and permission == 'foo': return Allowed('') else: @@ -15,7 +19,7 @@ class SecurityPolicy: def remember(self, request, userid, **kw): raise NotImplementedError() # pragma: no cover - def forget(self, request): + def forget(self, request, **kw): raise NotImplementedError() # pragma: no cover -- cgit v1.2.3 From a7692dbc47a86c8fbf763d095bf567d7e28ab3ff Mon Sep 17 00:00:00 2001 From: Theron Luhn Date: Sat, 14 Dec 2019 18:02:31 -0600 Subject: Fix security policy integration tests. --- tests/pkgs/securityapp/__init__.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'tests/pkgs') diff --git a/tests/pkgs/securityapp/__init__.py b/tests/pkgs/securityapp/__init__.py index b869ab541..6c9025e7d 100644 --- a/tests/pkgs/securityapp/__init__.py +++ b/tests/pkgs/securityapp/__init__.py @@ -4,14 +4,14 @@ from pyramid.security import Allowed, Denied class SecurityPolicy: def identify(self, request): - ... + raise NotImplementedError() # pragma: no cover def authenticated_userid(self, request): return request.environ.get('REMOTE_USER') def permits(self, request, context, permission): - identity = self.identify(request) - if identity and permission == 'foo': + userid = self.authenticated_userid(request) + if userid and permission == 'foo': return Allowed('') else: return Denied('') -- cgit v1.2.3 From 2e06fa414412688dc3b7e0b422b0fc0b96ec882f Mon Sep 17 00:00:00 2001 From: Theron Luhn Date: Sat, 14 Dec 2019 20:17:36 -0800 Subject: Bring back identity into permits. --- tests/pkgs/securityapp/__init__.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tests/pkgs') diff --git a/tests/pkgs/securityapp/__init__.py b/tests/pkgs/securityapp/__init__.py index 6c9025e7d..caf65ad4c 100644 --- a/tests/pkgs/securityapp/__init__.py +++ b/tests/pkgs/securityapp/__init__.py @@ -4,12 +4,12 @@ from pyramid.security import Allowed, Denied class SecurityPolicy: def identify(self, request): - raise NotImplementedError() # pragma: no cover + return self.authenticated_userid(request) def authenticated_userid(self, request): return request.environ.get('REMOTE_USER') - def permits(self, request, context, permission): + def permits(self, request, context, identity, permission): userid = self.authenticated_userid(request) if userid and permission == 'foo': return Allowed('') -- cgit v1.2.3 From 32bf9b3669f2ba0c4a0aaf35f4e2cdad8f9314f0 Mon Sep 17 00:00:00 2001 From: Theron Luhn Date: Sun, 15 Dec 2019 19:55:10 -0800 Subject: Revert "Bring back identity into permits." This reverts commit 2e06fa414412688dc3b7e0b422b0fc0b96ec882f. --- tests/pkgs/securityapp/__init__.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tests/pkgs') diff --git a/tests/pkgs/securityapp/__init__.py b/tests/pkgs/securityapp/__init__.py index caf65ad4c..6c9025e7d 100644 --- a/tests/pkgs/securityapp/__init__.py +++ b/tests/pkgs/securityapp/__init__.py @@ -4,12 +4,12 @@ from pyramid.security import Allowed, Denied class SecurityPolicy: def identify(self, request): - return self.authenticated_userid(request) + raise NotImplementedError() # pragma: no cover def authenticated_userid(self, request): return request.environ.get('REMOTE_USER') - def permits(self, request, context, identity, permission): + def permits(self, request, context, permission): userid = self.authenticated_userid(request) if userid and permission == 'foo': return Allowed('') -- cgit v1.2.3