316 |
316 |
317 def test_visibility_propagation(self): |
317 def test_visibility_propagation(self): |
318 with self.admin_access.repo_cnx() as cnx: |
318 with self.admin_access.repo_cnx() as cnx: |
319 # create a user for later security checks |
319 # create a user for later security checks |
320 toto = self.create_user(cnx, 'toto') |
320 toto = self.create_user(cnx, 'toto') |
|
321 |
321 cnx.commit() |
322 cnx.commit() |
|
323 |
322 # init some data using the default manager connection |
324 # init some data using the default manager connection |
323 folder = cnx.create_entity('Folder', |
325 folder = cnx.create_entity('Folder', |
324 name=u'restricted', |
326 name=u'restricted', |
325 visibility=u'restricted') |
327 visibility=u'restricted') |
326 photo1 = cnx.create_entity('File', |
328 photo1 = cnx.create_entity('File', |
327 data_name=u'photo1.jpg', |
329 data_name=u'photo1.jpg', |
328 data=Binary('xxx'), |
330 data=Binary('xxx'), |
329 filed_under=folder) |
331 filed_under=folder) |
|
332 |
330 cnx.commit() |
333 cnx.commit() |
|
334 |
331 # visibility propagation |
335 # visibility propagation |
332 self.assertEquals(photo1.visibility, 'restricted') |
336 self.assertEquals(photo1.visibility, 'restricted') |
|
337 |
333 # unless explicitly specified |
338 # unless explicitly specified |
334 photo2 = cnx.create_entity('File', |
339 photo2 = cnx.create_entity('File', |
335 data_name=u'photo2.jpg', |
340 data_name=u'photo2.jpg', |
336 data=Binary('xxx'), |
341 data=Binary('xxx'), |
337 visibility=u'public', |
342 visibility=u'public', |
338 filed_under=folder) |
343 filed_under=folder) |
|
344 |
339 cnx.commit() |
345 cnx.commit() |
|
346 |
340 self.assertEquals(photo2.visibility, 'public') |
347 self.assertEquals(photo2.visibility, 'public') |
|
348 |
341 with self.new_access('toto').repo_cnx() as cnx: |
349 with self.new_access('toto').repo_cnx() as cnx: |
342 # test security |
350 # test security |
343 self.assertEqual(1, len(cnx.execute('File X'))) # only the public one |
351 self.assertEqual(1, len(cnx.execute('File X'))) # only the public one |
344 self.assertEqual(0, len(cnx.execute('Folder X'))) # restricted... |
352 self.assertEqual(0, len(cnx.execute('Folder X'))) # restricted... |
|
353 |
345 with self.admin_access.repo_cnx() as cnx: |
354 with self.admin_access.repo_cnx() as cnx: |
346 # may_be_read_by propagation |
355 # may_be_read_by propagation |
347 folder = cnx.entity_from_eid(folder.eid) |
356 folder = cnx.entity_from_eid(folder.eid) |
348 folder.cw_set(may_be_read_by=toto) |
357 folder.cw_set(may_be_read_by=toto) |
|
358 |
349 cnx.commit() |
359 cnx.commit() |
|
360 |
350 with self.new_access('toto').repo_cnx() as cnx: |
361 with self.new_access('toto').repo_cnx() as cnx: |
351 photo1 = cnx.entity_from_eid(photo1.eid) |
362 photo1 = cnx.entity_from_eid(photo1.eid) |
|
363 |
352 self.failUnless(photo1.may_be_read_by) |
364 self.failUnless(photo1.may_be_read_by) |
|
365 |
353 # test security with permissions |
366 # test security with permissions |
354 self.assertEquals(2, len(cnx.execute('File X'))) # now toto has access to photo2 |
367 self.assertEquals(2, len(cnx.execute('File X'))) # now toto has access to photo2 |
355 self.assertEquals(1, len(cnx.execute('Folder X'))) # and to restricted folder |
368 self.assertEquals(1, len(cnx.execute('Folder X'))) # and to restricted folder |
356 |
369 |
357 if __name__ == '__main__': |
370 if __name__ == '__main__': |