24
24
class TestACLStringIterator(object):
26
def setup_method(self, method):
27
self.config = self.TestConfig(defaults=['acl_rights_valid', 'acl_rights_before'])
28
def teardown_method(self, method):
26
31
def testEmpty(self):
27
32
""" security: empty acl string raise StopIteration """
28
33
iter = acliter(self.request.cfg.acl_rights_valid, '')
188
193
def setup_method(self, method):
195
self.config = self.TestConfig(defaults=['acl_rights_valid', 'acl_rights_before'])
190
196
self.savedUser = self.request.user.name
192
198
def teardown_method(self, method):
194
200
self.request.user.name = self.savedUser
196
203
def testApplyACLByUser(self):
197
204
""" security: applying acl by user name"""
198
205
# This acl string...
204
207
"Admin1,Admin2:read,write,delete,revert,admin "
205
208
"Admin3:read,write,admin "
206
209
"JoeDoe:read,write "
251
250
class TestPageAcls(object):
252
251
""" security: real-life access control list on pages testing
253
acls_before = u"WikiAdmin:admin,read,write,delete,revert"
254
acls_default = u"All:read,write"
255
acls_after = u"All:read"
254
256
mainpage_name = u'AclTestMainPage'
255
257
subpage_name = u'AclTestMainPage/SubPage'
256
item_rwforall = u'EveryoneMayReadWriteMe'
257
subitem_4boss = u'EveryoneMayReadWriteMe/OnlyTheBossMayWMe'
259
259
# pagename, content
260
(mainpage_name, u"#acl JoeDoe:\n#acl JaneDoe:read,write\nFoo!"),
260
(mainpage_name, u"#acl JoeDoe: JaneDoe:read,write\nFoo!"),
261
261
(subpage_name, u"FooFoo!"),
262
(item_rwforall, u"#acl All:read,write\nMay be read from and written to by anyone"),
263
(subitem_4boss, u"#acl JoeDoe:read,write\nOnly JoeDoe (the boss) may write"),
266
from MoinMoin._tests import wikiconfig
267
class Config(wikiconfig.Config):
268
acl_rights_before = u"WikiAdmin:admin,read,write,delete,revert"
269
acl_rights_default = u"All:read,write"
270
acl_rights_after = u"All:read"
271
acl_hierarchic = False
273
264
def setup_class(self):
265
self.config = self.TestConfig(
266
acl_rights_before=self.acls_before,
267
acl_rights_default=self.acls_default,
268
acl_rights_after=self.acls_after,
269
acl_hierarchic=False,
270
defaults=['acl_rights_valid'])
271
# TestConfig is crap, it does some wild hack and does not inherit from DefaultConfig
272
# nor call DefaultConfig's __init__() to do post processing, thus we do it here for now:
273
cfg = self.request.cfg
274
cfg.cache.acl_rights_before = AccessControlList(cfg, [cfg.acl_rights_before])
275
cfg.cache.acl_rights_default = AccessControlList(cfg, [cfg.acl_rights_default])
276
cfg.cache.acl_rights_after = AccessControlList(cfg, [cfg.acl_rights_after])
275
279
self.savedUser = self.request.user.name
276
280
self.request.user = User(self.request, auth_username=u'WikiAdmin')
280
284
create_page(self.request, page_name, page_content)
282
286
def teardown_class(self):
288
cfg = self.request.cfg
289
cfg.cache.acl_rights_before = AccessControlList(cfg, [cfg.acl_rights_before])
290
cfg.cache.acl_rights_default = AccessControlList(cfg, [cfg.acl_rights_default])
291
cfg.cache.acl_rights_after = AccessControlList(cfg, [cfg.acl_rights_after])
284
294
self.request.user.name = self.savedUser
306
316
(True, self.subpage_name, u'JoeDoe', []), # by inherited acl from main page
307
317
(False, self.subpage_name, u'JaneDoe', ['read', 'write']), # by default acl
308
318
(True, self.subpage_name, u'JaneDoe', ['read', 'write']), # by inherited acl from main page
309
(True, self.subitem_4boss, u'AnyUser', ['read']), # by after acl
310
(True, self.subitem_4boss, u'JoeDoe', ['read', 'write']), # by item acl
313
321
for hierarchic, pagename, username, may in tests:
322
self.request.cfg.acl_hierarchic = hierarchic
314
323
u = User(self.request, auth_username=username)
317
def _have_right(u, right, pagename, hierarchic):
318
self.request.cfg.acl_hierarchic = hierarchic
326
# User should have these rights...
319
328
can_access = u.may.__getattr__(right)(pagename)
321
330
print "page %s: %s test if %s may %s (success)" % (
325
334
pagename, ['normal', 'hierarchic'][hierarchic], username, right)
326
335
assert can_access
328
# User should have these rights...
330
yield _have_right, u, right, pagename, hierarchic
332
def _not_have_right(u, right, pagename, hierarchic):
333
self.request.cfg.acl_hierarchic = hierarchic
337
# User should NOT have these rights:
338
mayNot = [right for right in self.request.cfg.acl_rights_valid
334
341
can_access = u.may.__getattr__(right)(pagename)
336
343
print "page %s: %s test if %s may not %s (failure)" % (
340
347
pagename, ['normal', 'hierarchic'][hierarchic], username, right)
341
348
assert not can_access
343
# User should NOT have these rights:
344
mayNot = [right for right in self.request.cfg.acl_rights_valid
347
yield _not_have_right, u, right, pagename, hierarchic
349
350
coverage_modules = ['MoinMoin.security']