normalized db representation of "none" permissions; fixed debug output

geocamUsers/models.py

@@ -4,6 +4,8 @@
 # All Rights Reserved.
 # __END_LICENSE__
 
+from cStringIO import StringIO
+
 from django.db import models
 from django.contrib.auth.models import User, Group
 from django.core.cache import cache
@@ -139,11 +141,6 @@ def getAgentByName(agentString):
     else:
         return User.objects.get(username=agentString)
 
-def getActionListText(actions):
-    actions.sort()
-    return ''.join([ACTION_LOOKUP[action][0]
-                    for action in actions])
-
 class Folder(models.Model):
     name = models.CharField(max_length=32, db_index=True)
     parent = models.ForeignKey('self', null=True, db_index=True)
@@ -177,8 +174,10 @@ def _getAclDict(self):
     def getAclText(self):
         acl = self._getAclDict().items()
         acl.sort()
+        out = StringIO()
         for agentName, actions in acl:
-            print '  %s %s' % (agentName, getActionListText(actions))
+            print >>out, '  %s %s' % (agentName, actions)
+        return out.getvalue()
 
     def assertAllowed(self, user, action):
         if not self.isAllowed(user, action):
@@ -194,13 +193,19 @@ def setPermissionsNoCheck(self, agent, actions):
             agent = getAgentByName(agent)
 
         if isinstance(agent, User):
-            perm, created = UserPermission.objects.get_or_create(user=agent, folder=self)
-            perm.setActions(actions)
-            perm.save()
+            if actions == '':
+                UserPermission.objects.filter(user=agent, folder=self).delete()
+            else:
+                perm, created = UserPermission.objects.get_or_create(user=agent, folder=self)
+                perm.setActions(actions)
+                perm.save()
         elif isinstance(agent, Group):
-            perm, created = GroupPermission.objects.get_or_create(group=agent, folder=self)
-            perm.setActions(actions)
-            perm.save()
+            if actions == '':
+                GroupPermission.objects.filter(group=agent, folder=self).delete()
+            else:
+                perm, created = GroupPermission.objects.get_or_create(group=agent, folder=self)
+                perm.setActions(actions)
+                perm.save()
         else:
             raise TypeError('expected User, Group, or str')
 

geocamUsers/tests.py

@@ -39,7 +39,9 @@ def makeFolderWithPerms(self, agent, actionsName):
         actions = getattr(Actions, actionsName.upper())
         prefix = re.sub('^\w+:', '', agent)
         folder = root.mkdirNoCheck('%s_%s' % (prefix, actionsName))
+        folder.clearAclNoCheck()
         folder.setPermissionsNoCheck(agent, actions)
+        Member(name='foo', folder=folder).save() # to test reading
         return folder
 
     def setUp(self):
@@ -102,9 +104,21 @@ def doTestFor(self, dirDict, requestingUser):
         self.assert_(dirDict['all'].isAllowed(self.alice, Action.VIEW))
 
         def changeAclWrite():
-            self.anyuserDir['write'].setPermissions(requestingUser, self.alice, Actions.READ)
+            dirDict['write'].setPermissions(requestingUser, self.alice, Actions.READ)
         self.assertRaises(PermissionDenied, changeAclWrite)
 
+        # adding an object should work on 'write' but not on 'read'
+        Member(name='writeGood', folder=dirDict['write']).saveAssertAllowed(requestingUser)
+        self.assert_(Member.objects.filter(name='writeGood', folder=dirDict['write']).exists())
+
+        def addObjectRead():
+            Member(name='writeBad', folder=dirDict['read']).saveAssertAllowed(requestingUser)
+        self.assertRaises(PermissionDenied, addObjectRead)
+
+        # viewing an object should work on 'read' but not on 'none'
+        self.assert_(Member.allowed(requestingUser).filter(folder=dirDict['read']).exists())
+        self.assertFalse(Member.allowed(requestingUser).filter(folder=dirDict['none']).exists())
+
     def test_anyuser(self):
         self.doTestFor(self.anyuserDir, None)