Back to index

moin  1.9.0~rc2
Classes | Public Member Functions | Public Attributes | Static Public Attributes
test_security.TestPageAcls Class Reference
Collaboration diagram for test_security.TestPageAcls:
Collaboration graph
[legend]

List of all members.

Classes

class  Config

Public Member Functions

def setup_class
def teardown_class
def testPageACLs

Public Attributes

 savedUser

Static Public Attributes

string mainpage_name = u'AclTestMainPage'
string subpage_name = u'AclTestMainPage/SubPage'
string item_rwforall = u'EveryoneMayReadWriteMe'
string subitem_4boss = u'EveryoneMayReadWriteMe/OnlyTheBossMayWMe'
list pages

Detailed Description

security: real-life access control list on pages testing

Definition at line 251 of file test_security.py.


Member Function Documentation

Definition at line 273 of file test_security.py.

00273 
00274     def setup_class(self):
00275         # Backup user
00276         self.savedUser = self.request.user.name
00277         self.request.user = User(self.request, auth_username=u'WikiAdmin')
00278         self.request.user.valid = True
00279 
00280         for page_name, page_content in self.pages:
00281             create_page(self.request, page_name, page_content)

Definition at line 282 of file test_security.py.

00282 
00283     def teardown_class(self):
00284         # Restore user
00285         self.request.user.name = self.savedUser
00286 
00287         for page_name, dummy in self.pages:
00288             nuke_page(self.request, page_name)

Here is the call graph for this function:

security: test page acls 

Definition at line 289 of file test_security.py.

00289 
00290     def testPageACLs(self):
00291         """ security: test page acls """
00292         tests = [
00293             # hierarchic, pagename, username, expected_rights
00294             (False, self.mainpage_name, u'WikiAdmin', ['read', 'write', 'admin', 'revert', 'delete']),
00295             (True,  self.mainpage_name, u'WikiAdmin', ['read', 'write', 'admin', 'revert', 'delete']),
00296             (False, self.mainpage_name, u'AnyUser', ['read']), # by after acl
00297             (True,  self.mainpage_name, u'AnyUser', ['read']), # by after acl
00298             (False, self.mainpage_name, u'JaneDoe', ['read', 'write']), # by page acl
00299             (True,  self.mainpage_name, u'JaneDoe', ['read', 'write']), # by page acl
00300             (False, self.mainpage_name, u'JoeDoe', []), # by page acl
00301             (True,  self.mainpage_name, u'JoeDoe', []), # by page acl
00302             (False, self.subpage_name, u'WikiAdmin', ['read', 'write', 'admin', 'revert', 'delete']),
00303             (True,  self.subpage_name, u'WikiAdmin', ['read', 'write', 'admin', 'revert', 'delete']),
00304             (False, self.subpage_name, u'AnyUser', ['read', 'write']), # by default acl
00305             (True,  self.subpage_name, u'AnyUser', ['read']), # by after acl
00306             (False, self.subpage_name, u'JoeDoe', ['read', 'write']), # by default acl
00307             (True,  self.subpage_name, u'JoeDoe', []), # by inherited acl from main page
00308             (False, self.subpage_name, u'JaneDoe', ['read', 'write']), # by default acl
00309             (True,  self.subpage_name, u'JaneDoe', ['read', 'write']), # by inherited acl from main page
00310             (True,  self.subitem_4boss, u'AnyUser', ['read']), # by after acl
00311             (True,  self.subitem_4boss, u'JoeDoe', ['read', 'write']), # by item acl
00312         ]
00313 
00314         for hierarchic, pagename, username, may in tests:
00315             u = User(self.request, auth_username=username)
00316             u.valid = True
00317 
00318             def _have_right(u, right, pagename, hierarchic):
00319                 self.request.cfg.acl_hierarchic = hierarchic
00320                 can_access = u.may.__getattr__(right)(pagename)
00321                 if can_access:
00322                     print "page %s: %s test if %s may %s (success)" % (
00323                         pagename, ['normal', 'hierarchic'][hierarchic], username, right)
00324                 else:
00325                     print "page %s: %s test if %s may %s (failure)" % (
00326                         pagename, ['normal', 'hierarchic'][hierarchic], username, right)
00327                 assert can_access
00328 
00329             # User should have these rights...
00330             for right in may:
00331                 yield _have_right, u, right, pagename, hierarchic
00332 
00333             def _not_have_right(u, right, pagename, hierarchic):
00334                 self.request.cfg.acl_hierarchic = hierarchic
00335                 can_access = u.may.__getattr__(right)(pagename)
00336                 if can_access:
00337                     print "page %s: %s test if %s may not %s (failure)" % (
00338                         pagename, ['normal', 'hierarchic'][hierarchic], username, right)
00339                 else:
00340                     print "page %s: %s test if %s may not %s (success)" % (
00341                         pagename, ['normal', 'hierarchic'][hierarchic], username, right)
00342                 assert not can_access
00343 
00344             # User should NOT have these rights:
00345             mayNot = [right for right in self.request.cfg.acl_rights_valid
00346                       if right not in may]
00347             for right in mayNot:
00348                 yield _not_have_right, u, right, pagename, hierarchic

Here is the call graph for this function:


Member Data Documentation

string test_security.TestPageAcls.item_rwforall = u'EveryoneMayReadWriteMe' [static]

Definition at line 256 of file test_security.py.

string test_security.TestPageAcls.mainpage_name = u'AclTestMainPage' [static]

Definition at line 254 of file test_security.py.

Initial value:
[
        # pagename, content
        (mainpage_name, u"#acl JoeDoe:\n#acl JaneDoe:read,write\nFoo!"),
        (subpage_name, u"FooFoo!"),
        (item_rwforall, u"#acl All:read,write\nMay be read from and written to by anyone"),
        (subitem_4boss, u"#acl JoeDoe:read,write\nOnly JoeDoe (the boss) may write"),
    ]

Definition at line 258 of file test_security.py.

Definition at line 275 of file test_security.py.

string test_security.TestPageAcls.subitem_4boss = u'EveryoneMayReadWriteMe/OnlyTheBossMayWMe' [static]

Definition at line 257 of file test_security.py.

string test_security.TestPageAcls.subpage_name = u'AclTestMainPage/SubPage' [static]

Definition at line 255 of file test_security.py.


The documentation for this class was generated from the following file: