Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_disambiguate_name(self):
from kotti.views.util import disambiguate_name
self.assertEqual(disambiguate_name(u'foo'), u'foo-1')
self.assertEqual(disambiguate_name(u'foo-3'), u'foo-4')
def test_ensure_view_selector(self):
from kotti.views.util import ensure_view_selector
wrapper = ensure_view_selector(None)
request = DummyRequest(path='/edit')
# Ignoring the result since it's not useful with DummyRequest.
# We check that path_info was set accordingly though:
wrapper(None, request)
self.assertEqual(request.path_info, u'/@@edit')
class TestRequestCache(UnitTestBase):
def setUp(self):
from kotti.util import request_cache
registry = Registry('testing')
request = DummyRequest()
request.registry = registry
super(TestRequestCache, self).setUp(registry=registry, request=request)
self.cache_decorator = request_cache
def test_it(self):
called = []
@self.cache_decorator(lambda a, b: (a, b))
def my_fun(a, b):
called.append((a, b))
add_renderer_globals(event)
self.assertTrue(event['api'] is template_api)
def test_add_renderer_globals(self):
from kotti.views.util import add_renderer_globals
request = DummyRequest()
event = {
'request': request,
'context': object(),
'renderer_name': 'foo',
}
add_renderer_globals(event)
self.assertTrue('api' in event)
class TestUtil(UnitTestBase):
def test_title_to_name(self):
from kotti.views.util import title_to_name
self.assertEqual(title_to_name(u'Foo Bar'), u'foo-bar')
def test_disambiguate_name(self):
from kotti.views.util import disambiguate_name
self.assertEqual(disambiguate_name(u'foo'), u'foo-1')
self.assertEqual(disambiguate_name(u'foo-3'), u'foo-4')
def test_ensure_view_selector(self):
from kotti.views.util import ensure_view_selector
wrapper = ensure_view_selector(None)
request = DummyRequest(path='/edit')
# Ignoring the result since it's not useful with DummyRequest.
# We check that path_info was set accordingly though:
wrapper(None, request)
response = move_node(root, request)
self.assertEqual(response.status, '302 Found')
def test_rename_to_empty_name(self):
from kotti.views.edit import move_node
root = DBSession().query(Node).get(1)
child = root['child'] = Document(title=u"Child")
request = DummyRequest()
request.params['rename'] = u'on'
request.params['name'] = u''
request.params['title'] = u'foo'
move_node(child, request)
self.assertEqual(request.session.pop_flash('error'),
[u'Name and title are required.'])
class TestNodeShare(UnitTestBase):
@staticmethod
def add_some_principals():
P = get_principals()
P[u'bob'] = {'name': u'bob', 'title': u"Bob"}
P[u'frank'] = {'name': u'frank', 'title': u"Frank"}
P[u'group:bobsgroup'] = {
'name': u'group:bobsgroup', 'title': u"Bob's Group"}
P[u'group:franksgroup'] = {
'name': u'group:franksgroup', 'title': u"Frank's Group"}
def test_roles(self):
# The 'share_node' view will return a list of available roles
# as defined in 'kotti.security.SHARING_ROLES'
from kotti.views.users import share_node
from kotti.security import SHARING_ROLES
root = get_root()
users_manage(root, request)
self.assertEqual(request.session.pop_flash('success'),
[u'Your changes have been saved.'])
self.assertEqual(
set(list_groups('bob')),
set(['role:owner', 'role:editor', 'role:special'])
)
def test_group_validator(self):
from kotti.views.users import group_validator
self.assertRaises(
colander.Invalid,
group_validator, None, u'this-group-never-exists')
class TestTemplateAPI(UnitTestBase):
def _make(self, context=None, request=None, id=1, **kwargs):
from kotti.views.util import TemplateAPI
if context is None:
session = DBSession()
context = session.query(Node).get(id)
if request is None:
request = DummyRequest()
return TemplateAPI(context, request, **kwargs)
def _create_contents(self, root):
# root -> a --> aa
# |
# \ --> ab
# |
# \ --> ac --> aca
# |
assert len(wrapper['children']), 1
assert isinstance(wrapper['children'][0], NestedMutationDict)
def test_listwrapper_wraps(self):
from kotti.util import NestedMutationDict
from kotti.util import NestedMutationList
wrapper = NestedMutationList(
[{'name': 'andy', 'age': 77, 'children': []}])
changed = wrapper.changed = MagicMock()
assert isinstance(wrapper[0], NestedMutationDict)
assert isinstance(wrapper[0]['children'], NestedMutationList)
assert changed.call_count == 0
class TestSecurity(UnitTestBase):
def test_root_default(self):
root = get_root()
self.assertEqual(list_groups('admin', root), ['role:admin'])
self.assertEqual(list_groups_raw(u'admin', root), set([]))
def test_empty(self):
root = get_root()
self.assertEqual(list_groups('bob', root), [])
def test_simple(self):
root = get_root()
set_groups('bob', root, ['role:editor'])
self.assertEqual(
list_groups('bob', root), ['role:editor'])
self.assertEqual(
list_groups_raw(u'bob', root), set(['role:editor']))
self.assertEqual(settings.data, {'kotti.db_version': get_version()})
self.assertEqual(get_settings()['kotti.db_version'], get_version())
settings.data['foo.bar'] = u'baz'
self.assertEqual(get_settings()['foo.bar'], u'baz')
def test_persistent_settings_add_new(self):
from kotti.resources import Settings
session = DBSession()
[settings] = session.query(Settings).all()
data = {'foo.bar': u'spam', 'kotti.db_version': u'next'}
new_settings = settings.copy(data)
session.add(new_settings)
self.assertEqual(get_settings()['foo.bar'], u'spam')
self.assertEqual(get_settings()['kotti.db_version'], u'next')
class TestNode(UnitTestBase):
def test_root_acl(self):
root = get_root()
# The root object has a persistent ACL set:
self.assertEquals(
root.__acl__[1:], [
('Allow', 'system.Everyone', ['view']),
('Allow', 'role:viewer', ['view']),
('Allow', 'role:editor', ['view', 'add', 'edit']),
('Allow', 'role:owner', ['view', 'add', 'edit', 'manage']),
])
# Note how the first ACE is class-defined. Users of the
# 'admin' role will always have all permissions. This is to
# prevent lock-out.
self.assertEquals(root.__acl__[:1], root._default_acl())
self.assertEqual(
set(list_groups('bob', root)),
set(['role:owner', 'role:editor', 'role:special'])
)
# We cannot set a role that's not displayed, even if we forged
# the request:
request.params['role::bob::role:admin'] = u'1'
request.params['orig-role::bob::role:admin'] = u''
self.assertRaises(Forbidden, share_node, root, request)
self.assertEqual(
set(list_groups('bob', root)),
set(['role:owner', 'role:editor', 'role:special'])
)
class TestUserManagement(UnitTestBase):
def test_roles(self):
from kotti.views.users import users_manage
from kotti.security import USER_MANAGEMENT_ROLES
root = get_root()
request = DummyRequest()
self.assertEqual(
[r.name for r in users_manage(root, request)['available_roles']],
USER_MANAGEMENT_ROLES)
def test_search(self):
from kotti.views.users import users_manage
root = get_root()
request = DummyRequest()
P = get_principals()
TestNodeShare.add_some_principals()
session = DBSession()
root = get_root()
child = root[u'child'] = Node()
session.flush()
# We set a local group on child and delete child. We then
# expect the LocalGroup entry to have been deleted from the
# database:
self.assertEqual(session.query(LocalGroup).count(), 0)
set_groups('group:bobsgroup', child, ['role:editor'])
self.assertEqual(session.query(LocalGroup).count(), 1)
del root[u'child']
session.flush()
self.assertEqual(session.query(LocalGroup).count(), 0)
class TestPrincipals(UnitTestBase):
def get_principals(self):
return get_principals()
def make_bob(self):
users = self.get_principals()
users[u'bob'] = dict(
name=u'bob',
password=u'secret',
email=u'bob@dabolina.com',
title=u'Bob Dabolina',
groups=[u'group:bobsgroup'],
)
return users[u'bob']
def _assert_is_bob(self, bob):
self.assertEqual(bob.name, u'bob')
return config
def tearDown():
_inject_mailer[:] = []
clear()
transaction.abort()
testing.tearDown()
class UnitTestBase(unittest.TestCase):
def setUp(self, **kwargs):
self.config = setUp(**kwargs)
def tearDown(self):
tearDown()
class TestMain(UnitTestBase):
def required_settings(self):
return {'sqlalchemy.url': 'sqlite://',
'kotti.secret': 'dude'}
def test_override_settings(self):
class MyType(object):
pass
def my_configurator(conf):
conf['kotti.base_includes'] = ''
conf['kotti.available_types'] = [MyType]
settings = self.required_settings()
settings['kotti.configurators'] = [my_configurator]
main({}, **settings)
# Deactive Bob, logging in is no longer possible:
bob.active = False
result = login(None, request)
self.assert_(isinstance(result, dict))
self.assertEqual(request.session.pop_flash('error'),
[u'Login failed.'])
# If Bob has a 'confirm_token' set, logging in is still possible:
bob.active = True
bob.confirm_token = u'token'
result = login(None, request)
self.assertEqual(result.status, '302 Found')
self.assertEqual(request.session.pop_flash('success'),
[u'Welcome, Bob Dabolina!'])
class TestEvents(UnitTestBase):
def setUp(self):
# We're jumping through some hoops to allow the event handlers
# to be able to do 'pyramid.threadlocal.get_current_request'
# and 'authenticated_userid'.
registry = Registry('testing')
request = DummyRequest()
request.registry = registry
super(TestEvents, self).setUp(registry=registry, request=request)
self.config.include('kotti.events')
def test_owner(self):
session = DBSession()
self.config.testing_securitypolicy(userid=u'bob')
root = get_root()
child = root[u'child'] = Content()
session.flush()