147 lines
3.7 KiB
Python
147 lines
3.7 KiB
Python
import sys
|
|
import shutil
|
|
|
|
from quixote import cleanup
|
|
from wcs.qommon.http_request import HTTPRequest
|
|
from wcs import formdef
|
|
from wcs.formdef import FormDef
|
|
|
|
from utilities import create_temporary_pub
|
|
|
|
users = {}
|
|
|
|
def setup_module(module):
|
|
cleanup()
|
|
|
|
global users
|
|
global pub
|
|
|
|
pub = create_temporary_pub()
|
|
|
|
req = HTTPRequest(None, {})
|
|
pub._set_request(req)
|
|
|
|
user = pub.user_class(name='user')
|
|
user.id = 'user'
|
|
users[user.id] = user
|
|
|
|
user = pub.user_class(name='user-one-role')
|
|
user.id = 'user-one-role'
|
|
user.roles = ['role-1']
|
|
users[user.id] = user
|
|
|
|
user = pub.user_class(name='user-same-role')
|
|
user.id = 'user-same-role'
|
|
user.roles = ['role-1']
|
|
users[user.id] = user
|
|
|
|
user = pub.user_class(name='user-other-role')
|
|
user.id = 'user-other-role'
|
|
user.roles = ['role-2']
|
|
users[user.id] = user
|
|
|
|
user = pub.user_class(name='user-admin')
|
|
user.id = 'user-admin'
|
|
user.is_admin = True
|
|
users[user.id] = user
|
|
|
|
|
|
def teardown_module(module):
|
|
shutil.rmtree(pub.APP_DIR)
|
|
|
|
|
|
def create_objects():
|
|
formdef = FormDef()
|
|
formdef.url_name = 'foobar'
|
|
formdef.workflow_roles = {}
|
|
formdata = formdef.data_class()()
|
|
formdata._formdef = formdef
|
|
formdata.status = 'wf-new'
|
|
return formdef, formdata
|
|
|
|
|
|
def check_acl(formdata, access_user_id):
|
|
return formdata.formdef.is_user_allowed_read(users.get(access_user_id), formdata)
|
|
|
|
|
|
def test_acl_all():
|
|
formdef, formdata = create_objects()
|
|
formdef.acl_read = 'all'
|
|
|
|
assert check_acl(formdata, None)
|
|
assert check_acl(formdata, 'user')
|
|
|
|
|
|
def test_acl_owner():
|
|
formdef, formdata = create_objects()
|
|
formdef.acl_read = 'owner'
|
|
formdata.user_id = 'user'
|
|
|
|
assert not check_acl(formdata, None)
|
|
assert check_acl(formdata, 'user')
|
|
assert not check_acl(formdata, 'user-one-role')
|
|
assert check_acl(formdata, 'user-admin')
|
|
|
|
formdata.user_id = 'user-one-role'
|
|
assert not check_acl(formdata, 'user')
|
|
|
|
|
|
def test_acl_roles_basics():
|
|
formdef, formdata = create_objects()
|
|
formdef.acl_read = 'roles'
|
|
formdef.user_id = 'user-one-role'
|
|
formdef.roles = ['role-1']
|
|
|
|
assert not check_acl(formdata, None)
|
|
assert not check_acl(formdata, 'user')
|
|
assert check_acl(formdata, 'user-admin')
|
|
|
|
|
|
def test_acl_roles_submitter_role():
|
|
formdef, formdata = create_objects()
|
|
formdef.acl_read = 'roles'
|
|
formdef.user_id = 'user-one-role'
|
|
formdef.roles = ['role-1']
|
|
|
|
assert check_acl(formdata, 'user-one-role')
|
|
assert check_acl(formdata, 'user-same-role')
|
|
assert not check_acl(formdata, 'user-other-role')
|
|
|
|
|
|
def test_acl_roles_receiver_role():
|
|
formdef, formdata = create_objects()
|
|
formdef.acl_read = 'roles'
|
|
formdef.user_id = 'user-one-role'
|
|
formdef.workflow_roles['_receiver'] = 'role-1'
|
|
|
|
assert check_acl(formdata, 'user-one-role')
|
|
assert check_acl(formdata, 'user-same-role')
|
|
assert not check_acl(formdata, 'user-other-role')
|
|
|
|
|
|
def test_acl_none_basics():
|
|
formdef, formdata = create_objects()
|
|
formdef.acl_read = 'none'
|
|
formdef.user_id = 'user'
|
|
formdef.workflow_roles['_receiver'] = 'role-1'
|
|
|
|
assert not check_acl(formdata, None)
|
|
assert not check_acl(formdata, 'user')
|
|
assert check_acl(formdata, 'user-admin')
|
|
assert check_acl(formdata, 'user-one-role')
|
|
assert not check_acl(formdata, 'user-other-role')
|
|
|
|
|
|
def test_acl_none_finished():
|
|
formdef, formdata = create_objects()
|
|
formdef.acl_read = 'none'
|
|
formdef.user_id = 'user'
|
|
formdef.workflow_roles['_receiver'] = 'role-1'
|
|
formdata.status = 'wf-finished'
|
|
|
|
assert not check_acl(formdata, None)
|
|
assert not check_acl(formdata, 'user')
|
|
assert check_acl(formdata, 'user-admin')
|
|
assert check_acl(formdata, 'user-one-role')
|
|
assert not check_acl(formdata, 'user-other-role')
|