Mercurial > p > roundup > code
diff test/test_security.py @ 4444:8137456a86f3
more fixes to search permissions:
- require that for links and multilinks the searching user has access to
at least the orderprop, labelprop, and ID of the linked class
- allow combinations of roles: we previosly required that for transitive
properties all elements where searchable by the same role. We now
allow that the roles can be different for each property. This allows
assigning different roles to different sub-systems and allowing users
having all required roles to search across subsystems.
- regression test updated
- fix doc/upgrading example for new signature of roleHasSearchPermission
| author | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
|---|---|
| date | Thu, 21 Oct 2010 08:59:43 +0000 |
| parents | 222efa59ee6c |
| children | 1613754d2646 |
line wrap: on
line diff
--- a/test/test_security.py Wed Oct 20 20:24:09 2010 +0000 +++ b/test/test_security.py Thu Oct 21 08:59:43 2010 +0000 @@ -183,21 +183,31 @@ has = self.db.security.hasSearchPermission addRole = self.db.security.addRole addToRole = self.db.security.addPermissionToRole + addRole(name='User') + addRole(name='Anonymous') + addRole(name='Issue') + addRole(name='Msg') + addRole(name='UV') user = self.db.user.create(username='user1', roles='User') anon = self.db.user.create(username='anonymous', roles='Anonymous') - addRole(name='User') - addRole(name='Anonymous') + ui = self.db.user.create(username='user2', roles='Issue') + uim = self.db.user.create(username='user3', roles='Issue,Msg') + uimu = self.db.user.create(username='user4', roles='Issue,Msg,UV') iv = add(name="View", klass="issue") addToRole('User', iv) addToRole('Anonymous', iv) + addToRole('Issue', iv) ms = add(name="Search", klass="msg") addToRole('User', ms) addToRole('Anonymous', ms) - addToRole('User', add(name="View", klass="user")) + addToRole('Msg', ms) + uv = add(name="View", klass="user") + addToRole('User', uv) + addToRole('UV', uv) self.assertEquals(has(anon, 'issue', 'messages'), 1) - self.assertEquals(has(anon, 'issue', 'messages.author'), 1) + self.assertEquals(has(anon, 'issue', 'messages.author'), 0) self.assertEquals(has(anon, 'issue', 'messages.author.username'), 0) - self.assertEquals(has(anon, 'issue', 'messages.recipients'), 1) + self.assertEquals(has(anon, 'issue', 'messages.recipients'), 0) self.assertEquals(has(anon, 'issue', 'messages.recipients.username'), 0) self.assertEquals(has(user, 'issue', 'messages'), 1) self.assertEquals(has(user, 'issue', 'messages.author'), 1) @@ -205,6 +215,24 @@ self.assertEquals(has(user, 'issue', 'messages.recipients'), 1) self.assertEquals(has(user, 'issue', 'messages.recipients.username'), 1) + self.assertEquals(has(ui, 'issue', 'messages'), 0) + self.assertEquals(has(ui, 'issue', 'messages.author'), 0) + self.assertEquals(has(ui, 'issue', 'messages.author.username'), 0) + self.assertEquals(has(ui, 'issue', 'messages.recipients'), 0) + self.assertEquals(has(ui, 'issue', 'messages.recipients.username'), 0) + + self.assertEquals(has(uim, 'issue', 'messages'), 1) + self.assertEquals(has(uim, 'issue', 'messages.author'), 0) + self.assertEquals(has(uim, 'issue', 'messages.author.username'), 0) + self.assertEquals(has(uim, 'issue', 'messages.recipients'), 0) + self.assertEquals(has(uim, 'issue', 'messages.recipients.username'), 0) + + self.assertEquals(has(uimu, 'issue', 'messages'), 1) + self.assertEquals(has(uimu, 'issue', 'messages.author'), 1) + self.assertEquals(has(uimu, 'issue', 'messages.author.username'), 1) + self.assertEquals(has(uimu, 'issue', 'messages.recipients'), 1) + self.assertEquals(has(uimu, 'issue', 'messages.recipients.username'), 1) + def test_suite(): suite = unittest.TestSuite() suite.addTest(unittest.makeSuite(PermissionTest))