Mercurial > p > roundup > code
comparison test/test_security.py @ 4444:8137456a86f3
more fixes to search permissions:
- require that for links and multilinks the searching user has access to
at least the orderprop, labelprop, and ID of the linked class
- allow combinations of roles: we previosly required that for transitive
properties all elements where searchable by the same role. We now
allow that the roles can be different for each property. This allows
assigning different roles to different sub-systems and allowing users
having all required roles to search across subsystems.
- regression test updated
- fix doc/upgrading example for new signature of roleHasSearchPermission
| author | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
|---|---|
| date | Thu, 21 Oct 2010 08:59:43 +0000 |
| parents | 222efa59ee6c |
| children | 1613754d2646 |
comparison
equal
deleted
inserted
replaced
| 4443:9edbab31e2ac | 4444:8137456a86f3 |
|---|---|
| 181 def testTransitiveSearchPermissions(self): | 181 def testTransitiveSearchPermissions(self): |
| 182 add = self.db.security.addPermission | 182 add = self.db.security.addPermission |
| 183 has = self.db.security.hasSearchPermission | 183 has = self.db.security.hasSearchPermission |
| 184 addRole = self.db.security.addRole | 184 addRole = self.db.security.addRole |
| 185 addToRole = self.db.security.addPermissionToRole | 185 addToRole = self.db.security.addPermissionToRole |
| 186 addRole(name='User') | |
| 187 addRole(name='Anonymous') | |
| 188 addRole(name='Issue') | |
| 189 addRole(name='Msg') | |
| 190 addRole(name='UV') | |
| 186 user = self.db.user.create(username='user1', roles='User') | 191 user = self.db.user.create(username='user1', roles='User') |
| 187 anon = self.db.user.create(username='anonymous', roles='Anonymous') | 192 anon = self.db.user.create(username='anonymous', roles='Anonymous') |
| 188 addRole(name='User') | 193 ui = self.db.user.create(username='user2', roles='Issue') |
| 189 addRole(name='Anonymous') | 194 uim = self.db.user.create(username='user3', roles='Issue,Msg') |
| 195 uimu = self.db.user.create(username='user4', roles='Issue,Msg,UV') | |
| 190 iv = add(name="View", klass="issue") | 196 iv = add(name="View", klass="issue") |
| 191 addToRole('User', iv) | 197 addToRole('User', iv) |
| 192 addToRole('Anonymous', iv) | 198 addToRole('Anonymous', iv) |
| 199 addToRole('Issue', iv) | |
| 193 ms = add(name="Search", klass="msg") | 200 ms = add(name="Search", klass="msg") |
| 194 addToRole('User', ms) | 201 addToRole('User', ms) |
| 195 addToRole('Anonymous', ms) | 202 addToRole('Anonymous', ms) |
| 196 addToRole('User', add(name="View", klass="user")) | 203 addToRole('Msg', ms) |
| 204 uv = add(name="View", klass="user") | |
| 205 addToRole('User', uv) | |
| 206 addToRole('UV', uv) | |
| 197 self.assertEquals(has(anon, 'issue', 'messages'), 1) | 207 self.assertEquals(has(anon, 'issue', 'messages'), 1) |
| 198 self.assertEquals(has(anon, 'issue', 'messages.author'), 1) | 208 self.assertEquals(has(anon, 'issue', 'messages.author'), 0) |
| 199 self.assertEquals(has(anon, 'issue', 'messages.author.username'), 0) | 209 self.assertEquals(has(anon, 'issue', 'messages.author.username'), 0) |
| 200 self.assertEquals(has(anon, 'issue', 'messages.recipients'), 1) | 210 self.assertEquals(has(anon, 'issue', 'messages.recipients'), 0) |
| 201 self.assertEquals(has(anon, 'issue', 'messages.recipients.username'), 0) | 211 self.assertEquals(has(anon, 'issue', 'messages.recipients.username'), 0) |
| 202 self.assertEquals(has(user, 'issue', 'messages'), 1) | 212 self.assertEquals(has(user, 'issue', 'messages'), 1) |
| 203 self.assertEquals(has(user, 'issue', 'messages.author'), 1) | 213 self.assertEquals(has(user, 'issue', 'messages.author'), 1) |
| 204 self.assertEquals(has(user, 'issue', 'messages.author.username'), 1) | 214 self.assertEquals(has(user, 'issue', 'messages.author.username'), 1) |
| 205 self.assertEquals(has(user, 'issue', 'messages.recipients'), 1) | 215 self.assertEquals(has(user, 'issue', 'messages.recipients'), 1) |
| 206 self.assertEquals(has(user, 'issue', 'messages.recipients.username'), 1) | 216 self.assertEquals(has(user, 'issue', 'messages.recipients.username'), 1) |
| 207 | 217 |
| 218 self.assertEquals(has(ui, 'issue', 'messages'), 0) | |
| 219 self.assertEquals(has(ui, 'issue', 'messages.author'), 0) | |
| 220 self.assertEquals(has(ui, 'issue', 'messages.author.username'), 0) | |
| 221 self.assertEquals(has(ui, 'issue', 'messages.recipients'), 0) | |
| 222 self.assertEquals(has(ui, 'issue', 'messages.recipients.username'), 0) | |
| 223 | |
| 224 self.assertEquals(has(uim, 'issue', 'messages'), 1) | |
| 225 self.assertEquals(has(uim, 'issue', 'messages.author'), 0) | |
| 226 self.assertEquals(has(uim, 'issue', 'messages.author.username'), 0) | |
| 227 self.assertEquals(has(uim, 'issue', 'messages.recipients'), 0) | |
| 228 self.assertEquals(has(uim, 'issue', 'messages.recipients.username'), 0) | |
| 229 | |
| 230 self.assertEquals(has(uimu, 'issue', 'messages'), 1) | |
| 231 self.assertEquals(has(uimu, 'issue', 'messages.author'), 1) | |
| 232 self.assertEquals(has(uimu, 'issue', 'messages.author.username'), 1) | |
| 233 self.assertEquals(has(uimu, 'issue', 'messages.recipients'), 1) | |
| 234 self.assertEquals(has(uimu, 'issue', 'messages.recipients.username'), 1) | |
| 235 | |
| 208 def test_suite(): | 236 def test_suite(): |
| 209 suite = unittest.TestSuite() | 237 suite = unittest.TestSuite() |
| 210 suite.addTest(unittest.makeSuite(PermissionTest)) | 238 suite.addTest(unittest.makeSuite(PermissionTest)) |
| 211 return suite | 239 return suite |
| 212 | 240 |