entrouvert/wcs
entrouvert
/
wcs
14
1
Fork 0
Code Issues Pull Requests 46 Releases Activity
wcs/tests/test_acl_read.py

147 lines
3.7 KiB
Python
Raw Permalink Blame History

import sys
import shutil
from quixote import cleanup
from wcs.qommon.http_request import HTTPRequest
from wcs import formdef
from wcs.formdef import FormDef
from utilities import create_temporary_pub
users = {}
def setup_module(module):
cleanup()
global users
global pub
pub = create_temporary_pub()
req = HTTPRequest(None, {})
pub._set_request(req)
user = pub.user_class(name='user')
user.id = 'user'
users[user.id] = user
user = pub.user_class(name='user-one-role')
user.id = 'user-one-role'
user.roles = ['role-1']
users[user.id] = user
user = pub.user_class(name='user-same-role')
user.id = 'user-same-role'
user.roles = ['role-1']
users[user.id] = user
user = pub.user_class(name='user-other-role')
user.id = 'user-other-role'
user.roles = ['role-2']
users[user.id] = user
user = pub.user_class(name='user-admin')
user.id = 'user-admin'
user.is_admin = True
users[user.id] = user
def teardown_module(module):
shutil.rmtree(pub.APP_DIR)
def create_objects():
formdef = FormDef()
formdef.url_name = 'foobar'
formdef.workflow_roles = {}
formdata = formdef.data_class()()
formdata._formdef = formdef
formdata.status = 'wf-new'
return formdef, formdata
def check_acl(formdata, access_user_id):
return formdata.formdef.is_user_allowed_read(users.get(access_user_id), formdata)
def test_acl_all():
formdef, formdata = create_objects()
formdef.acl_read = 'all'
assert check_acl(formdata, None)
assert check_acl(formdata, 'user')
def test_acl_owner():
formdef, formdata = create_objects()
formdef.acl_read = 'owner'
formdata.user_id = 'user'
assert not check_acl(formdata, None)
assert check_acl(formdata, 'user')
assert not check_acl(formdata, 'user-one-role')
assert check_acl(formdata, 'user-admin')
formdata.user_id = 'user-one-role'
assert not check_acl(formdata, 'user')
def test_acl_roles_basics():
formdef, formdata = create_objects()
formdef.acl_read = 'roles'
formdef.user_id = 'user-one-role'
formdef.roles = ['role-1']
assert not check_acl(formdata, None)
assert not check_acl(formdata, 'user')
assert check_acl(formdata, 'user-admin')
def test_acl_roles_submitter_role():
formdef, formdata = create_objects()
formdef.acl_read = 'roles'
formdef.user_id = 'user-one-role'
formdef.roles = ['role-1']
assert check_acl(formdata, 'user-one-role')
assert check_acl(formdata, 'user-same-role')
assert not check_acl(formdata, 'user-other-role')
def test_acl_roles_receiver_role():
formdef, formdata = create_objects()
formdef.acl_read = 'roles'
formdef.user_id = 'user-one-role'
formdef.workflow_roles['_receiver'] = 'role-1'
assert check_acl(formdata, 'user-one-role')
assert check_acl(formdata, 'user-same-role')
assert not check_acl(formdata, 'user-other-role')
def test_acl_none_basics():
formdef, formdata = create_objects()
formdef.acl_read = 'none'
formdef.user_id = 'user'
formdef.workflow_roles['_receiver'] = 'role-1'
assert not check_acl(formdata, None)
assert not check_acl(formdata, 'user')
assert check_acl(formdata, 'user-admin')
assert check_acl(formdata, 'user-one-role')
assert not check_acl(formdata, 'user-other-role')
def test_acl_none_finished():
formdef, formdata = create_objects()
formdef.acl_read = 'none'
formdef.user_id = 'user'
formdef.workflow_roles['_receiver'] = 'role-1'
formdata.status = 'wf-finished'
assert not check_acl(formdata, None)
assert not check_acl(formdata, 'user')
assert check_acl(formdata, 'user-admin')
assert check_acl(formdata, 'user-one-role')
assert not check_acl(formdata, 'user-other-role')
View Git Blame Copy Permalink