diff options
author | Aleksey Lim <alsroot@sugarlabs.org> | 2012-04-16 17:25:03 (GMT) |
---|---|---|
committer | Aleksey Lim <alsroot@sugarlabs.org> | 2012-04-16 17:25:03 (GMT) |
commit | 8ffe8f9aaf658c45b3b865cb793dd22463c43bdc (patch) | |
tree | a20d29ed221dc8fe7a114fd497ba2c7abf3af6cc | |
parent | 92a67fddf177b33e630c66bb6934ad26e2461ef8 (diff) |
Move authorization to frontends
-rw-r--r-- | active_document/document.py | 10 | ||||
-rw-r--r-- | active_document/document_class.py | 21 | ||||
-rwxr-xr-x | tests/units/document.py | 47 |
3 files changed, 4 insertions, 74 deletions
diff --git a/active_document/document.py b/active_document/document.py index e79f588..13a4486 100644 --- a/active_document/document.py +++ b/active_document/document.py @@ -55,7 +55,6 @@ class Document(DocumentClass): indexed_props = self._index.get_cached(guid) for prop_name, value in (indexed_props or {}).items(): self._set(self.metadata[prop_name], value, None) - self.authorize_document(env.ACCESS_READ, self) else: self._is_new = True @@ -169,10 +168,7 @@ class Document(DocumentClass): if not changes: return - if self._is_new: - self.authorize_document(env.ACCESS_CREATE, self) - else: - self.authorize_document(env.ACCESS_WRITE, self) + if not self._is_new: self.on_modify(changes) self.on_post(changes) @@ -300,9 +296,9 @@ class Document(DocumentClass): pass def assert_access(self, mode, prop): - """Does caller have permissions to access to the specified property. + """Is access to the property permitted. - If caller does not have permissions, function should raise + If there are no permissions, function should raise `active_document.Forbidden` exception. :param mode: diff --git a/active_document/document_class.py b/active_document/document_class.py index b30e509..92313f6 100644 --- a/active_document/document_class.py +++ b/active_document/document_class.py @@ -69,23 +69,6 @@ class DocumentClass(object): raise NotImplementedError() @classmethod - def authorize_document(cls, mode, document=None): - """Does caller have permissions to access to the document. - - If caller does not have permissions, function should raise - `active_document.Forbidden` exception. - - :param mode: - one of `active_document.ACCESS_*` constants - to specify the access mode - :param document: - option document if `mode` needs it; - might be `Document` object or GUID value - - """ - pass - - @classmethod def create(cls, properties): """Create new document. @@ -120,8 +103,6 @@ class DocumentClass(object): document GUID to delete """ - cls.authorize_document(env.ACCESS_DELETE, guid) - if raw: cls._index.delete(guid, lambda guid: cls._storage.delete(guid)) else: @@ -145,8 +126,6 @@ class DocumentClass(object): i.e., not only documents that are included to the resulting list """ - cls.authorize_document(env.ACCESS_READ) - query = env.Query(*args, **kwargs) # TODO until implementing layers support query.request['layers'] = 'public' diff --git a/tests/units/document.py b/tests/units/document.py index b01f68f..a4ba85c 100755 --- a/tests/units/document.py +++ b/tests/units/document.py @@ -547,52 +547,7 @@ class DocumentTest(tests.Test): ['trigger!'], [i.prop for i in Document.find(0, 1024)[0]]) - def test_authorize_document(self): - - class Document(TestDocument): - - mode = 0 - - @classmethod - def authorize_document(cls, mode, document=None): - if not (mode & cls.mode): - raise env.Forbidden() - - @active_property(slot=1, default='') - def prop(self, value): - return value - - doc = Document() - self.assertRaises(env.Forbidden, doc.post) - Document.mode = env.ACCESS_WRITE - self.assertRaises(env.Forbidden, doc.post) - Document.mode = env.ACCESS_CREATE - doc.post() - - Document.mode = 0 - self.assertRaises(env.Forbidden, Document.find, 0, 100) - Document.mode = env.ACCESS_READ - Document.find(0, 100) - - Document.mode = 0 - self.assertRaises(env.Forbidden, Document, doc.guid) - Document.mode = env.ACCESS_READ - Document(doc.guid) - - Document.mode = env.ACCESS_READ - doc_2 = Document(doc.guid) - self.assertRaises(env.Forbidden, doc.post) - Document.mode = env.ACCESS_READ | env.ACCESS_CREATE - self.assertRaises(env.Forbidden, doc.post) - Document.mode = env.ACCESS_READ | env.ACCESS_WRITE - doc.post() - - Document.mode = 0 - self.assertRaises(env.Forbidden, Document.delete, doc.guid) - Document.mode = env.ACCESS_READ | env.ACCESS_DELETE | env.ACCESS_WRITE - Document.delete(doc.guid) - - def test_authorize_property(self): + def test_AssertPermissions(self): class Document(TestDocument): |