Commit 3cca4688 authored by Romain Bignon's avatar Romain Bignon

add tests on perms for users and groups and recursive perms

parent 1d33343d
......@@ -19,7 +19,6 @@
import sys
from copy import copy
from ass2m.plugin import Plugin
from ass2m.cmd import Command, ConsolePart
......
from __future__ import with_statement
from ass2m.storage import Storage
from ass2m.users import User, Group
from ass2m.files import File
from ass2m.server import Server
from unittest import TestCase
......@@ -14,6 +16,16 @@ class WebPermsTest(TestCase):
def setUp(self):
self.root = mkdtemp(prefix='ass2m_test_root')
self.storage = Storage.create(self.root)
user = User(self.storage, 'penguin')
user.realname = 'Penguin'
user.password = 'monkey1'
user.key = 'fabf37d746da8a45df63489f642b3813'
user.save()
group = Group('admin')
group.users = ['penguin']
groupscfg = self.storage.get_groupscfg()
groupscfg['admin'] = group
groupscfg.save()
server = Server(self.root)
self.app = TestApp(server.process)
......@@ -50,9 +62,7 @@ class WebPermsTest(TestCase):
assert 'HELLO' == res.body
# files are hidden, but it is still possible do download them if we know the URL
f = self.storage.get_file('/penguins')
f.perms = {'all': f.PERM_READ}
f.save()
self._set_perms('/penguins', all=File.PERM_READ)
res = self.app.get('/', status=200)
assert 'penguins' not in res.body
res = self.app.get('/penguins/', status=200)
......@@ -61,19 +71,68 @@ class WebPermsTest(TestCase):
assert 'HELLO' == res.body
# force the display of one file in the directory
f = self.storage.get_file('/penguins/gentoo')
f.perms = {'all': f.PERM_READ|f.PERM_LIST}
f.save()
self._set_perms('/penguins/gentoo', all=File.PERM_READ|File.PERM_LIST)
res = self.app.get('/penguins/', status=200)
assert 'gentoo' in res.body
# deny listing completely, we can still get the file due to its perms
f = self.storage.get_file('/penguins')
f.perms = {'all': 0}
f.save()
self._set_perms('/penguins', all=0)
res = self.app.get('/', status=200)
assert 'penguins' not in res.body
res = self.app.get('/penguins/', status=403)
assert 'gentoo' not in res.body
res = self.app.get('/penguins/gentoo', status=200)
assert 'HELLO' == res.body
res = self.app.get('/?action=login', status=200)
assert 'Not logged in.' in res.body
# login
form = res.form
form['username'] = 'penguin'
form['password'] = 'monkey1'
res = form.submit(status=302)
# check user perms
self._set_perms('/penguins', all=0, u_penguin=File.PERM_READ|File.PERM_LIST)
res = self.app.get('/', status=200)
assert 'penguins' in res.body
res = self.app.get('/penguins/', status=200)
assert 'gentoo' in res.body
self._set_perms('/penguins', all=0, u_penguin=File.PERM_LIST)
res = self.app.get('/', status=200)
assert 'penguins' in res.body
self.app.get('/penguins/', status=403)
# check group perms
self._set_perms('/penguins', all=0, g_admin=File.PERM_READ|File.PERM_LIST)
res = self.app.get('/', status=200)
assert 'penguins' in res.body
res = self.app.get('/penguins/', status=200)
assert 'gentoo' in res.body
self._set_perms('/penguins', all=0, g_admin=File.PERM_LIST)
res = self.app.get('/', status=200)
assert 'penguins' in res.body
self.app.get('/penguins/', status=403)
# check recursive perms
self._set_perms('/', all=0, g_admin=File.PERM_LIST|File.PERM_READ)
self._set_perms('/penguins')
res = self.app.get('/penguins/', status=200)
assert 'gentoo' in res.body
self._set_perms('/', all=File.PERM_LIST|File.PERM_READ, g_admin=0)
self.app.get('/penguins/', status=403)
self._set_perms('/', all=File.PERM_LIST|File.PERM_READ, u_penguins=0)
self._set_perms('/penguins', g_admin=File.PERM_LIST|File.PERM_READ)
self.app.get('/penguins/', status=200)
def _set_perms(self, path, **perms):
f = self.storage.get_file(path)
f.perms = {}
for name, perm in perms.iteritems():
f.perms[name.replace('_', '.')] = perm
f.save()
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment