Move authorization to frontends

author: Aleksey Lim <alsroot@sugarlabs.org> 2012-04-16 17:25:03 (GMT)
committer: Aleksey Lim <alsroot@sugarlabs.org> 2012-04-16 17:25:03 (GMT)
commit: 8ffe8f9aaf658c45b3b865cb793dd22463c43bdc (patch)
tree: a20d29ed221dc8fe7a114fd497ba2c7abf3af6cc
parent: 92a67fddf177b33e630c66bb6934ad26e2461ef8 (diff)
3 files changed, 4 insertions, 74 deletions
diff --git a/active_document/document.py b/active_document/document.py
index e79f588..13a4486 100644
--- a/active_document/document.py
+++ b/active_document/document.py
@@ -55,7 +55,6 @@ class Document(DocumentClass):
                 indexed_props = self._index.get_cached(guid)
             for prop_name, value in (indexed_props or {}).items():
                 self._set(self.metadata[prop_name], value, None)
-            self.authorize_document(env.ACCESS_READ, self)
         else:
             self._is_new = True
 
@@ -169,10 +168,7 @@ class Document(DocumentClass):
         if not changes:
             return
 
-        if self._is_new:
-            self.authorize_document(env.ACCESS_CREATE, self)
-        else:
-            self.authorize_document(env.ACCESS_WRITE, self)
+        if not self._is_new:
             self.on_modify(changes)
         self.on_post(changes)
 
@@ -300,9 +296,9 @@ class Document(DocumentClass):
         pass
 
     def assert_access(self, mode, prop):
-        """Does caller have permissions to access to the specified property.
+        """Is access to the property permitted.
 
-        If caller does not have permissions, function should raise
+        If there are no permissions, function should raise
         `active_document.Forbidden` exception.
 
         :param mode:
diff --git a/active_document/document_class.py b/active_document/document_class.py
index b30e509..92313f6 100644
--- a/active_document/document_class.py
+++ b/active_document/document_class.py
@@ -69,23 +69,6 @@ class DocumentClass(object):
         raise NotImplementedError()
 
     @classmethod
-    def authorize_document(cls, mode, document=None):
-        """Does caller have permissions to access to the document.
-
-        If caller does not have permissions, function should raise
-        `active_document.Forbidden` exception.
-
-        :param mode:
-            one of `active_document.ACCESS_*` constants
-            to specify the access mode
-        :param document:
-            option document if `mode` needs it;
-            might be `Document` object or GUID value
-
-        """
-        pass
-
-    @classmethod
     def create(cls, properties):
         """Create new document.
 
@@ -120,8 +103,6 @@ class DocumentClass(object):
             document GUID to delete
 
         """
-        cls.authorize_document(env.ACCESS_DELETE, guid)
-
         if raw:
             cls._index.delete(guid, lambda guid: cls._storage.delete(guid))
         else:
@@ -145,8 +126,6 @@ class DocumentClass(object):
             i.e., not only documents that are included to the resulting list
 
         """
-        cls.authorize_document(env.ACCESS_READ)
-
         query = env.Query(*args, **kwargs)
         # TODO until implementing layers support
         query.request['layers'] = 'public'
diff --git a/tests/units/document.py b/tests/units/document.py
index b01f68f..a4ba85c 100755
--- a/tests/units/document.py
+++ b/tests/units/document.py
@@ -547,52 +547,7 @@ class DocumentTest(tests.Test):
                 ['trigger!'],
                 [i.prop for i in Document.find(0, 1024)[0]])
 
-    def test_authorize_document(self):
-
-        class Document(TestDocument):
-
-            mode = 0
-
-            @classmethod
-            def authorize_document(cls, mode, document=None):
-                if not (mode & cls.mode):
-                    raise env.Forbidden()
-
-            @active_property(slot=1, default='')
-            def prop(self, value):
-                return value
-
-        doc = Document()
-        self.assertRaises(env.Forbidden, doc.post)
-        Document.mode = env.ACCESS_WRITE
-        self.assertRaises(env.Forbidden, doc.post)
-        Document.mode = env.ACCESS_CREATE
-        doc.post()
-
-        Document.mode = 0
-        self.assertRaises(env.Forbidden, Document.find, 0, 100)
-        Document.mode = env.ACCESS_READ
-        Document.find(0, 100)
-
-        Document.mode = 0
-        self.assertRaises(env.Forbidden, Document, doc.guid)
-        Document.mode = env.ACCESS_READ
-        Document(doc.guid)
-
-        Document.mode = env.ACCESS_READ
-        doc_2 = Document(doc.guid)
-        self.assertRaises(env.Forbidden, doc.post)
-        Document.mode = env.ACCESS_READ | env.ACCESS_CREATE
-        self.assertRaises(env.Forbidden, doc.post)
-        Document.mode = env.ACCESS_READ | env.ACCESS_WRITE
-        doc.post()
-
-        Document.mode = 0
-        self.assertRaises(env.Forbidden, Document.delete, doc.guid)
-        Document.mode = env.ACCESS_READ | env.ACCESS_DELETE | env.ACCESS_WRITE
-        Document.delete(doc.guid)
-
-    def test_authorize_property(self):
+    def test_AssertPermissions(self):
 
         class Document(TestDocument):
author	Aleksey Lim <alsroot@sugarlabs.org>	2012-04-16 17:25:03 (GMT)
committer	Aleksey Lim <alsroot@sugarlabs.org>	2012-04-16 17:25:03 (GMT)
commit	8ffe8f9aaf658c45b3b865cb793dd22463c43bdc (patch)
tree	a20d29ed221dc8fe7a114fd497ba2c7abf3af6cc
parent	92a67fddf177b33e630c66bb6934ad26e2461ef8 (diff)