Merge pull request #62 from mozilla-services/bucket-permissions-from-…

…settings Bucket permissions from settings
Kinto · Jun 16, 2015 · ac5ccea · ac5ccea
2 parents 97ef4a4 + 3d1fc56
commit ac5ccea
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 23 deletions.
diff --git a/kinto/__init__.py b/kinto/__init__.py
@@ -13,7 +13,7 @@
 
 
 DEFAULT_SETTINGS = {
-    'kinto.buckets_creation_allowed_principals': 'system.Authenticated',
+    'cliquet.bucket_create_principals': 'system.Authenticated',
     'multiauth.authorization_policy': (
         'kinto.authorization.AuthorizationPolicy')
 }

diff --git a/kinto/authorization.py b/kinto/authorization.py
@@ -1,5 +1,5 @@
 from cliquet.authorization import AuthorizationPolicy as CliquetAuthorization
-from pyramid.security import IAuthorizationPolicy, Authenticated
+from pyramid.security import IAuthorizationPolicy
 from zope.interface import implementer
 
 
@@ -137,13 +137,3 @@ def build_permissions_set(object_uri, unbound_permission,
 class AuthorizationPolicy(CliquetAuthorization):
     def get_bound_permissions(self, *args, **kwargs):
         return build_permissions_set(*args, **kwargs)
-
-    def permits(self, context, principals, permission):
-        is_bucket = (context.resource_name == 'bucket')
-        if is_bucket and context.required_permission in ('create', 'read'):
-            # XXX: Read settings.
-            return Authenticated in principals
-
-        return super(AuthorizationPolicy, self).permits(context,
-                                                        principals,
-                                                        permission)
diff --git a/kinto/tests/support.py b/kinto/tests/support.py
@@ -9,6 +9,7 @@
 from zope.interface import implementer
 from cliquet.tests import support as cliquet_support
 from kinto import main as testapp
+from kinto import DEFAULT_SETTINGS
 
 
 MINIMALIST_BUCKET = {'data': dict()}
@@ -24,8 +25,8 @@ class BaseWebTest(object):
 
     def __init__(self, *args, **kwargs):
         super(BaseWebTest, self).__init__(*args, **kwargs)
-        self.app = self._get_test_app()
         self.principal = USER_PRINCIPAL
+        self.app = self._get_test_app()
         self.storage = self.app.app.registry.storage
         self.permission = self.app.app.registry.permission
         self.permission.initialize_schema()
@@ -42,6 +43,7 @@ def _get_test_app(self, settings=None):
 
     def get_app_settings(self, additional_settings=None):
         settings = cliquet_support.DEFAULT_SETTINGS.copy()
+        settings.update(**DEFAULT_SETTINGS)
         settings['cliquet.cache_backend'] = 'cliquet.cache.memory'
         settings['cliquet.storage_backend'] = 'cliquet.storage.memory'
         settings['cliquet.permission_backend'] = 'cliquet.permission.memory'

diff --git a/kinto/tests/test_views_buckets.py b/kinto/tests/test_views_buckets.py
@@ -18,6 +18,12 @@ def setUp(self):
                                  headers=self.headers)
         self.record = resp.json['data']
 
+    def get_app_settings(self, extra=None):
+        settings = super(BucketViewTest, self).get_app_settings(extra)
+        # Give the right to list buckets (for self.principal and alice).
+        settings['cliquet.bucket_read_principals'] = 'system.Authenticated'
+        return settings
+
     @authorize(True, 'kinto.tests.support.AllowAuthorizationPolicy')
     def test_buckets_are_global_to_every_users(self):
         self.app.get(self.record_url, headers=get_user_headers('alice'))
@@ -64,6 +70,12 @@ def setUp(self):
         # Delete the bucket.
         self.app.delete(self.bucket_url, headers=self.headers)
 
+    def get_app_settings(self, extra=None):
+        settings = super(BucketDeletionTest, self).get_app_settings(extra)
+        # Give the permission to read, to get an explicit 404 once deleted.
+        settings['cliquet.bucket_read_principals'] = self.principal
+        return settings
+
     def test_buckets_can_be_deleted(self):
         self.app.get(self.bucket_url, headers=self.headers,
                      status=404)

diff --git a/kinto/tests/test_views_permissions.py b/kinto/tests/test_views_permissions.py
@@ -16,15 +16,6 @@ def __init__(self, *args, **kwargs):
         self.bob_principal = ('basicauth_c031ced27503f788b102ca54269a062ec73'
                               '794bb075154c74a0d4311e74ca8b6')
 
-    def get_app_settings(self, additional_settings=None):
-        extra = {
-            'multiauth.authorization_policy':
-                'kinto.tests.support.AllowAuthorizationPolicy'
-        }
-        extra.update(additional_settings or {})
-        return super(PermissionsTest, self).get_app_settings(
-            additional_settings=extra)
-
 
 class BucketPermissionsTest(PermissionsTest):
 

diff --git a/setup.py b/setup.py
@@ -25,7 +25,7 @@
 
 DEPENDENCY_LINKS = [
     # Pre-release of Cliquet.
-    'https://github.com/mozilla-services/cliquet/tarball/2.0.dev3#egg=Cliquet-2.0dev3',
+    'https://github.com/mozilla-services/cliquet/tarball/2.0.dev4#egg=Cliquet-2.0dev4',
 ]
 
 setup(name='kinto',