Permalink
Browse files

- Fix the ``principals_allowed_by_permission`` method of

  ``ACLAuthorizationPolicy`` so it anticipates a callable ``__acl__``
  on resources.  Previously it did not try to call the ``__acl__``
  if it was callable.
  • Loading branch information...
1 parent 073e524 commit 678f49d2e08b128785e32ed6fc9e12df4713ad7c @mcdonc mcdonc committed Oct 2, 2013
Showing with 21 additions and 0 deletions.
  1. +5 −0 CHANGES.txt
  2. +3 −0 pyramid/authorization.py
  3. +13 −0 pyramid/tests/test_authorization.py
View
@@ -10,6 +10,11 @@ Bug Fixes
than saying ``pcreate -s starter /foo/bar``. The former did not work
properly.
+- Fix the ``principals_allowed_by_permission`` method of
+ ``ACLAuthorizationPolicy`` so it anticipates a callable ``__acl__``
+ on resources. Previously it did not try to call the ``__acl__``
+ if it was callable.
+
Documentation
-------------
@@ -122,6 +122,9 @@ def principals_allowed_by_permission(self, context, permission):
allowed_here = set()
denied_here = set()
+ if acl and callable(acl):
+ acl = acl()
+
for ace_action, ace_principal, ace_permissions in acl:
if not is_nonstr_iter(ace_permissions):
ace_permissions = [ace_permissions]
@@ -146,6 +146,19 @@ def test_principals_allowed_by_permission_direct(self):
policy.principals_allowed_by_permission(context, 'read'))
self.assertEqual(result, ['chrism'])
+ def test_principals_allowed_by_permission_callable_acl(self):
+ from pyramid.security import Allow
+ from pyramid.security import DENY_ALL
+ context = DummyContext()
+ acl = lambda: [ (Allow, 'chrism', ('read', 'write')),
+ DENY_ALL,
+ (Allow, 'other', 'read') ]
+ context.__acl__ = acl
+ policy = self._makeOne()
+ result = sorted(
+ policy.principals_allowed_by_permission(context, 'read'))
+ self.assertEqual(result, ['chrism'])
+
def test_principals_allowed_by_permission_string_permission(self):
from pyramid.security import Allow
context = DummyContext()

0 comments on commit 678f49d

Please sign in to comment.