X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=test%2Ftest_security.py;h=c7d51286b4c35dcd5970f6a9821cf72936c4c2b4;hb=70ea44fb85c4f286e88d145705e1a4c5c1dde849;hp=825b582483058d9bafd534ed91493f2c015aefb9;hpb=ac6d696f4e811655f68b3a5e869da9c4c62251c5;p=roundup.git

diff --git a/test/test_security.py b/test/test_security.py
index 825b582..c7d5128 100644
--- a/test/test_security.py
+++ b/test/test_security.py
@@ -178,6 +178,61 @@ class PermissionTest(MyTestCase):
         self.assertEquals(has('Test', none, 'test', itemid='1'), 0)
         self.assertEquals(has('Test', none, 'test', itemid='2'), 0)
 
+    def testTransitiveSearchPermissions(self):
+        add = self.db.security.addPermission
+        has = self.db.security.hasSearchPermission
+        addRole = self.db.security.addRole
+        addToRole = self.db.security.addPermissionToRole
+        addRole(name='User')
+        addRole(name='Anonymous')
+        addRole(name='Issue')
+        addRole(name='Msg')
+        addRole(name='UV')
+        user = self.db.user.create(username='user1', roles='User')
+        anon = self.db.user.create(username='anonymous', roles='Anonymous')
+        ui = self.db.user.create(username='user2', roles='Issue')
+        uim = self.db.user.create(username='user3', roles='Issue,Msg')
+        uimu = self.db.user.create(username='user4', roles='Issue,Msg,UV')
+        iv = add(name="View", klass="issue")
+        addToRole('User', iv)
+        addToRole('Anonymous', iv)
+        addToRole('Issue', iv)
+        ms = add(name="Search", klass="msg")
+        addToRole('User', ms)
+        addToRole('Anonymous', ms)
+        addToRole('Msg', ms)
+        uv = add(name="View", klass="user")
+        addToRole('User', uv)
+        addToRole('UV', uv)
+        self.assertEquals(has(anon, 'issue', 'messages'), 1)
+        self.assertEquals(has(anon, 'issue', 'messages.author'), 0)
+        self.assertEquals(has(anon, 'issue', 'messages.author.username'), 0)
+        self.assertEquals(has(anon, 'issue', 'messages.recipients'), 0)
+        self.assertEquals(has(anon, 'issue', 'messages.recipients.username'), 0)
+        self.assertEquals(has(user, 'issue', 'messages'), 1)
+        self.assertEquals(has(user, 'issue', 'messages.author'), 1)
+        self.assertEquals(has(user, 'issue', 'messages.author.username'), 1)
+        self.assertEquals(has(user, 'issue', 'messages.recipients'), 1)
+        self.assertEquals(has(user, 'issue', 'messages.recipients.username'), 1)
+
+        self.assertEquals(has(ui, 'issue', 'messages'), 0)
+        self.assertEquals(has(ui, 'issue', 'messages.author'), 0)
+        self.assertEquals(has(ui, 'issue', 'messages.author.username'), 0)
+        self.assertEquals(has(ui, 'issue', 'messages.recipients'), 0)
+        self.assertEquals(has(ui, 'issue', 'messages.recipients.username'), 0)
+
+        self.assertEquals(has(uim, 'issue', 'messages'), 1)
+        self.assertEquals(has(uim, 'issue', 'messages.author'), 0)
+        self.assertEquals(has(uim, 'issue', 'messages.author.username'), 0)
+        self.assertEquals(has(uim, 'issue', 'messages.recipients'), 0)
+        self.assertEquals(has(uim, 'issue', 'messages.recipients.username'), 0)
+
+        self.assertEquals(has(uimu, 'issue', 'messages'), 1)
+        self.assertEquals(has(uimu, 'issue', 'messages.author'), 1)
+        self.assertEquals(has(uimu, 'issue', 'messages.author.username'), 1)
+        self.assertEquals(has(uimu, 'issue', 'messages.recipients'), 1)
+        self.assertEquals(has(uimu, 'issue', 'messages.recipients.username'), 1)
+
 def test_suite():
     suite = unittest.TestSuite()
     suite.addTest(unittest.makeSuite(PermissionTest))