mirror of https://gitlab.com/tildes/tildes.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
83 lines
3.2 KiB
83 lines
3.2 KiB
# Copyright (c) 2018 Tildes contributors <code@tildes.net>
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
from pyramid.security import Authenticated, Everyone, principals_allowed_by_permission
|
|
|
|
|
|
def test_topic_viewing_permission(text_topic):
|
|
"""Ensure that anyone can view a topic by default."""
|
|
principals = principals_allowed_by_permission(text_topic, "view")
|
|
assert Everyone in principals
|
|
|
|
|
|
def test_deleted_topic_permissions_removed(topic):
|
|
"""Ensure that deleted topics lose all permissions except "view"."""
|
|
topic.is_deleted = True
|
|
|
|
assert principals_allowed_by_permission(topic, "view") == {Everyone}
|
|
|
|
all_permissions = [perm for (_, _, perm) in topic.__acl__() if perm != "view"]
|
|
for permission in all_permissions:
|
|
assert not principals_allowed_by_permission(topic, permission)
|
|
|
|
|
|
def test_text_topic_editing_permission(text_topic):
|
|
"""Ensure a text topic's owner (and nobody else) is able to edit it."""
|
|
principals = principals_allowed_by_permission(text_topic, "edit")
|
|
assert principals == {text_topic.user.user_id}
|
|
|
|
|
|
def test_link_topic_editing_permission(link_topic):
|
|
"""Ensure that nobody has edit permission on a link topic."""
|
|
principals = principals_allowed_by_permission(link_topic, "edit")
|
|
assert not principals
|
|
|
|
|
|
def test_topic_deleting_permission(text_topic):
|
|
"""Ensure that the topic's owner (and nobody else) is able to delete it."""
|
|
principals = principals_allowed_by_permission(text_topic, "delete")
|
|
assert principals == {text_topic.user.user_id}
|
|
|
|
|
|
def test_topic_view_author_permission(text_topic):
|
|
"""Ensure anyone can view a topic's author normally."""
|
|
principals = principals_allowed_by_permission(text_topic, "view_author")
|
|
assert Everyone in principals
|
|
|
|
|
|
def test_removed_topic_view_author_permission(topic):
|
|
"""Ensure only admins and the author can view a removed topic's author."""
|
|
topic.is_removed = True
|
|
principals = principals_allowed_by_permission(topic, "view_author")
|
|
assert principals == {"admin", topic.user_id}
|
|
|
|
|
|
def test_topic_view_content_permission(text_topic):
|
|
"""Ensure anyone can view a topic's content normally."""
|
|
principals = principals_allowed_by_permission(text_topic, "view_content")
|
|
assert Everyone in principals
|
|
|
|
|
|
def test_removed_topic_view_content_permission(topic):
|
|
"""Ensure only admins and the author can view a removed topic's content."""
|
|
topic.is_removed = True
|
|
principals = principals_allowed_by_permission(topic, "view_content")
|
|
assert principals == {"admin", topic.user_id}
|
|
|
|
|
|
def test_topic_comment_permission(text_topic):
|
|
"""Ensure authed users have comment perms on a topic by default."""
|
|
principals = principals_allowed_by_permission(text_topic, "comment")
|
|
assert Authenticated in principals
|
|
|
|
|
|
def test_locked_topic_comment_permission(topic):
|
|
"""Ensure only admins can post (top-level) comments on locked topics."""
|
|
topic.is_locked = True
|
|
assert principals_allowed_by_permission(topic, "comment") == {"admin"}
|
|
|
|
|
|
def test_removed_topic_comment_permission(topic):
|
|
"""Ensure only admins can post (top-level) comments on removed topics."""
|
|
topic.is_removed = True
|
|
assert principals_allowed_by_permission(topic, "comment") == {"admin"}
|