Mercurial > wikked

diff tests/test_auth.py @ 451:6cd51ea6dfcf

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: Rewrite permission system and improve support for it. - More proper ACL model for permissions. - Page-level ACL is only specified locally, not inherited anymore. - Protect more API and UI routes with permission checks. - Improve error handling and error pages.
author Ludovic Chabant <ludovic@chabant.com>
date Sun, 07 Jan 2018 11:11:04 -0800
parents
children 0bfd648aca6a
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/test_auth.py	Sun Jan 07 11:11:04 2018 -0800
@@ -0,0 +1,98 @@
+import pytest
+from configparser import SafeConfigParser
+from wikked.auth import (
+        UserManager, PERM_NAMES,
+        NoSuchGroupOrUserError, MultipleGroupMembershipError,
+        CyclicUserGroupError, InvalidPermissionError)
+
+
+def _user_manager_from_str(txt):
+    config = SafeConfigParser()
+    config.read_string(txt)
+    return UserManager(config)
+
+
+def _p(name):
+    return PERM_NAMES[name]
+
+
+def test_empty_auth():
+    m = _user_manager_from_str("")
+    assert list(m.getUserNames()) == ['anonymous']
+    assert list(m.getGroupNames()) == ['*']
+
+
+def test_missing_user1():
+    with pytest.raises(NoSuchGroupOrUserError):
+        m = _user_manager_from_str("""
+[permissions]
+dorothy = read
+""")
+
+
+def test_missing_user2():
+    with pytest.raises(NoSuchGroupOrUserError):
+        m = _user_manager_from_str("""
+[groups]
+mygroup = dorothy
+""")
+
+
+def test_multiple_group_membership1():
+    with pytest.raises(MultipleGroupMembershipError):
+        m = _user_manager_from_str("""
+[users]
+dorothy = pass
+[groups]
+one = dorothy
+two = dorothy
+""")
+
+
+def test_multiple_group_membership2():
+    with pytest.raises(MultipleGroupMembershipError):
+        m = _user_manager_from_str("""
+[users]
+dorothy = pass
+[groups]
+one = dorothy
+two = one
+three = one
+""")
+
+
+def test_auth1():
+    m = _user_manager_from_str("""
+[users]
+dorothy = pass
+[permissions]
+dorothy = read,edit
+""")
+    assert m.hasPermission('dorothy', _p('read'))
+    assert m.hasPermission('dorothy', _p('edit'))
+    assert not m.hasPermission('dorothy', _p('create'))
+
+
+def test_auth2():
+    m = _user_manager_from_str("""
+[users]
+dorothy = pass
+toto = pass
+tinman = pass
+[groups]
+humans = dorothy
+others = toto, tinman
+[permissions]
+humans = read,edit
+others = read
+tinman = create
+""")
+    assert m.hasPermission('dorothy', _p('read'))
+    assert m.hasPermission('dorothy', _p('edit'))
+    assert not m.hasPermission('dorothy', _p('create'))
+    assert m.hasPermission('toto', _p('read'))
+    assert not m.hasPermission('toto', _p('edit'))
+    assert not m.hasPermission('toto', _p('create'))
+    assert m.hasPermission('tinman', _p('read'))
+    assert not m.hasPermission('tinman', _p('edit'))
+    assert m.hasPermission('tinman', _p('create'))