changeset 4771:d85a2b2f120b

Groups 2009: MoinMoin.security.AccessControlList was refactored to use Moin.groups.GroupManager. GroupManager ACL test.
author Dmitrijs Milajevs <dimazest@gmail.com>
date Wed, 27 May 2009 21:07:59 +0200
parents 193277fe231f
children 8dcf18d0ae41
files MoinMoin/_tests/wikiconfig.py MoinMoin/groups/_test/test_group_manager_acl.py MoinMoin/security/__init__.py docs/CHANGES.dmilajevs
diffstat 4 files changed, 85 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/_tests/wikiconfig.py	Wed May 27 09:26:59 2009 +0200
+++ b/MoinMoin/_tests/wikiconfig.py	Wed May 27 21:07:59 2009 +0200
@@ -14,6 +14,7 @@
 import os
 
 from MoinMoin.config.multiconfig import DefaultConfig
+from MoinMoin.groups import GroupManager
 
 
 class Config(DefaultConfig):
@@ -24,6 +25,8 @@
     data_dir = os.path.join(_base_dir, "data")
     data_underlay_dir = os.path.join(_base_dir, "underlay")
 
+    group_manager = GroupManager([])
+
     #show_hosts = 1
 
     #secrets = 'some not secret string just to make tests happy'
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/MoinMoin/groups/_test/test_group_manager_acl.py	Wed May 27 21:07:59 2009 +0200
@@ -0,0 +1,74 @@
+# -*- coding: iso-8859-1 -*-
+"""
+MoinMoin.groups.GroupManager ACL Tests
+
+@copyright: 2009 MoinMoin:DmitrijsMilajevs
+            2008 MoinMoin:MelitaMihaljevic
+@license: GPL, see COPYING for details
+"""
+
+from MoinMoin import security
+from MoinMoin.groups import BackendManager, GroupManager
+
+
+class TestGroupManagerACL:
+    """
+    Test how GroupManager works with acl code.
+    """
+
+    from MoinMoin._tests import wikiconfig
+    class Config(wikiconfig.Config):
+        pass
+
+    def setup_class(self):
+        groups = {u'FirstGroup': frozenset([u"ExampleUser", u"SecondUser", u"JoeDoe"]),
+                  u'SecondGroup': frozenset([u"ExampleUser", u"ThirdUser"])}
+        group_manager = GroupManager([BackendManager(groups)])
+
+        self.Config.group_manager = group_manager
+
+    def testConfigBackendAcl(self):
+        """
+        test if the group config backend works with acl code
+        """
+        # define acl rights for FirstGroup, members of group can read and write
+        acl_rights = ["FirstGroup:admin,read,write"]
+        acl = security.AccessControlList(self.request.cfg, acl_rights)
+
+        allow = acl.may(self.request, u"JoeDoe", "admin")
+        # JoeDoe has admin rights because he is a member of group FirstGroup     
+        assert allow
+
+        allow = acl.may(self.request, u"AnotherUser", "admin")
+        # AnotherUser has no read rights because he is not a member of group FirstGroup
+        assert not allow
+
+    def testConfigBackend(self):
+        """
+        tests getting a group from the group manager, does group
+        membership tests.
+        """
+        # define config groups
+        groups = {'A': set(['a1', 'a2']),
+                  'B': set(['b1', 'b2']),
+                 }
+
+        # create config group manager backend object
+        group_manager_backend = GroupManager(BackendManager([groups]))
+
+        # check that a group named 'A' is available via the config backend
+        assert 'A' in group_manager_backend
+
+        # check that a group named 'C' is not available via the config backend
+        assert 'C' not in group_manager_backend
+
+        # get group object for a group named 'A'
+        group_A = group_manager_backend['A']
+
+        # check that a1 is a member of group A
+        assert 'a1' in group_A
+
+        # check that b1 is not a member of group A
+        assert 'b1' not in group_A
+
+coverage_modules = ['MoinMoin.groups']
--- a/MoinMoin/security/__init__.py	Wed May 27 09:26:59 2009 +0200
+++ b/MoinMoin/security/__init__.py	Wed May 27 21:07:59 2009 +0200
@@ -307,19 +307,20 @@
             acl = request.cfg.cache.acl_rights_default.acl
         else: # we have a #acl on the page (self.acl can be [] if #acl is empty!)
             acl = self.acl
-        is_group_member = request.dicts.has_member
-        group_re = request.cfg.cache.page_group_regexact
+
+        group_manager = request.cfg.group_manager
+
         allowed = None
         for entry, rightsdict in acl:
             if entry in self.special_users:
                 handler = getattr(self, "_special_"+entry, None)
                 allowed = handler(request, name, dowhat, rightsdict)
-            elif group_re.search(entry):
-                if is_group_member(entry, name):
+            elif entry in group_manager:
+                if name in group_manager[entry]:
                     allowed = rightsdict.get(dowhat)
                 else:
                     for special in self.special_users:
-                        if is_group_member(entry, special):
+                        if special in entry:
                             handler = getattr(self, "_special_" + special, None)
                             allowed = handler(request, name, dowhat, rightsdict)
                             break # order of self.special_users is important
--- a/docs/CHANGES.dmilajevs	Wed May 27 09:26:59 2009 +0200
+++ b/docs/CHANGES.dmilajevs	Wed May 27 21:07:59 2009 +0200
@@ -1,4 +1,5 @@
 Version 1.9-groups-dmilajevs:
 
    New features:
-   * Group backends. Group definitions can be stored outside of MoinMoin.
\ No newline at end of file
+   * Group backends. Group definitions can be stored outside of MoinMoin.
+   * MoinMoin.security.AccessControlList works with the new GroupManager.
\ No newline at end of file