Mercurial > wikked
comparison tests/test_auth.py @ 451:6cd51ea6dfcf
auth: Rewrite permission system and improve support for it.
- More proper ACL model for permissions.
- Page-level ACL is only specified locally, not inherited anymore.
- Protect more API and UI routes with permission checks.
- Improve error handling and error pages.
| author | Ludovic Chabant <ludovic@chabant.com> |
|---|---|
| date | Sun, 07 Jan 2018 11:11:04 -0800 |
| parents | |
| children | 0bfd648aca6a |
comparison
equal
deleted
inserted
replaced
| 450:ab47d3cf5e1e | 451:6cd51ea6dfcf |
|---|---|
| 1 import pytest | |
| 2 from configparser import SafeConfigParser | |
| 3 from wikked.auth import ( | |
| 4 UserManager, PERM_NAMES, | |
| 5 NoSuchGroupOrUserError, MultipleGroupMembershipError, | |
| 6 CyclicUserGroupError, InvalidPermissionError) | |
| 7 | |
| 8 | |
| 9 def _user_manager_from_str(txt): | |
| 10 config = SafeConfigParser() | |
| 11 config.read_string(txt) | |
| 12 return UserManager(config) | |
| 13 | |
| 14 | |
| 15 def _p(name): | |
| 16 return PERM_NAMES[name] | |
| 17 | |
| 18 | |
| 19 def test_empty_auth(): | |
| 20 m = _user_manager_from_str("") | |
| 21 assert list(m.getUserNames()) == ['anonymous'] | |
| 22 assert list(m.getGroupNames()) == ['*'] | |
| 23 | |
| 24 | |
| 25 def test_missing_user1(): | |
| 26 with pytest.raises(NoSuchGroupOrUserError): | |
| 27 m = _user_manager_from_str(""" | |
| 28 [permissions] | |
| 29 dorothy = read | |
| 30 """) | |
| 31 | |
| 32 | |
| 33 def test_missing_user2(): | |
| 34 with pytest.raises(NoSuchGroupOrUserError): | |
| 35 m = _user_manager_from_str(""" | |
| 36 [groups] | |
| 37 mygroup = dorothy | |
| 38 """) | |
| 39 | |
| 40 | |
| 41 def test_multiple_group_membership1(): | |
| 42 with pytest.raises(MultipleGroupMembershipError): | |
| 43 m = _user_manager_from_str(""" | |
| 44 [users] | |
| 45 dorothy = pass | |
| 46 [groups] | |
| 47 one = dorothy | |
| 48 two = dorothy | |
| 49 """) | |
| 50 | |
| 51 | |
| 52 def test_multiple_group_membership2(): | |
| 53 with pytest.raises(MultipleGroupMembershipError): | |
| 54 m = _user_manager_from_str(""" | |
| 55 [users] | |
| 56 dorothy = pass | |
| 57 [groups] | |
| 58 one = dorothy | |
| 59 two = one | |
| 60 three = one | |
| 61 """) | |
| 62 | |
| 63 | |
| 64 def test_auth1(): | |
| 65 m = _user_manager_from_str(""" | |
| 66 [users] | |
| 67 dorothy = pass | |
| 68 [permissions] | |
| 69 dorothy = read,edit | |
| 70 """) | |
| 71 assert m.hasPermission('dorothy', _p('read')) | |
| 72 assert m.hasPermission('dorothy', _p('edit')) | |
| 73 assert not m.hasPermission('dorothy', _p('create')) | |
| 74 | |
| 75 | |
| 76 def test_auth2(): | |
| 77 m = _user_manager_from_str(""" | |
| 78 [users] | |
| 79 dorothy = pass | |
| 80 toto = pass | |
| 81 tinman = pass | |
| 82 [groups] | |
| 83 humans = dorothy | |
| 84 others = toto, tinman | |
| 85 [permissions] | |
| 86 humans = read,edit | |
| 87 others = read | |
| 88 tinman = create | |
| 89 """) | |
| 90 assert m.hasPermission('dorothy', _p('read')) | |
| 91 assert m.hasPermission('dorothy', _p('edit')) | |
| 92 assert not m.hasPermission('dorothy', _p('create')) | |
| 93 assert m.hasPermission('toto', _p('read')) | |
| 94 assert not m.hasPermission('toto', _p('edit')) | |
| 95 assert not m.hasPermission('toto', _p('create')) | |
| 96 assert m.hasPermission('tinman', _p('read')) | |
| 97 assert not m.hasPermission('tinman', _p('edit')) | |
| 98 assert m.hasPermission('tinman', _p('create')) |