wuttaweb/tests/test_subscribers.py

# -*- coding: utf-8; -*-

import json
from unittest import TestCase
from unittest.mock import MagicMock, patch

from wuttjamaican.conf import WuttaConfig

from pyramid import testing
from pyramid.security import remember

from wuttaweb import subscribers
from wuttaweb import helpers
from wuttaweb.auth import WuttaSecurityPolicy


class TestNewRequest(TestCase):

    def setUp(self):
        self.config = WuttaConfig()
        self.request = self.make_request()
        self.pyramid_config = testing.setUp(request=self.request, settings={
            'wutta_config': self.config,
        })

    def tearDown(self):
        testing.tearDown()

    def make_request(self):
        request = testing.DummyRequest()
        # request.registry.settings = {'wutta_config': self.config}
        return request

    def test_wutta_config(self):
        event = MagicMock(request=self.request)

        # request gets a new attr
        self.assertFalse(hasattr(self.request, 'wutta_config'))
        subscribers.new_request(event)
        self.assertTrue(hasattr(self.request, 'wutta_config'))
        self.assertIs(self.request.wutta_config, self.config)

    def test_use_oruga_default(self):
        event = MagicMock(request=self.request)

        # request gets a new attr, false by default
        self.assertFalse(hasattr(self.request, 'use_oruga'))
        subscribers.new_request(event)
        self.assertFalse(self.request.use_oruga)

    def test_use_oruga_custom(self):
        self.config.setdefault('wuttaweb.oruga_detector.spec', 'tests.test_subscribers:custom_oruga_detector')
        event = MagicMock(request=self.request)

        # request gets a new attr, which should be true
        self.assertFalse(hasattr(self.request, 'use_oruga'))
        subscribers.new_request(event)
        self.assertTrue(self.request.use_oruga)

    def test_get_referrer(self):
        event = MagicMock(request=self.request)

        def home(request):
            pass

        self.pyramid_config.add_route('home', '/')
        self.pyramid_config.add_view(home, route_name='home')

        self.assertFalse(hasattr(self.request, 'get_referrer'))
        subscribers.new_request(event)
        self.assertTrue(hasattr(self.request, 'get_referrer'))

        # default if no referrer, is home route
        url = self.request.get_referrer()
        self.assertEqual(url, self.request.route_url('home'))

        # can specify another default
        url = self.request.get_referrer(default='https://wuttaproject.org')
        self.assertEqual(url, 'https://wuttaproject.org')

        # or referrer can come from user session
        self.request.session['referrer'] = 'https://rattailproject.org'
        self.assertIn('referrer', self.request.session)
        url = self.request.get_referrer()
        self.assertEqual(url, 'https://rattailproject.org')
        # nb. referrer should also have been removed from user session
        self.assertNotIn('referrer', self.request.session)

        # or referrer can come from request params
        self.request.params['referrer'] = 'https://kernel.org'
        url = self.request.get_referrer()
        self.assertEqual(url, 'https://kernel.org')


def custom_oruga_detector(request):
    return True


class TestNewRequestSetUser(TestCase):

    def setUp(self):
        self.config = WuttaConfig(defaults={
            'wutta.db.default.url': 'sqlite://',
        })

        self.request = testing.DummyRequest(wutta_config=self.config)
        self.pyramid_config = testing.setUp(request=self.request, settings={
            'wutta_config': self.config,
        })

        self.app = self.config.get_app()
        model = self.app.model
        model.Base.metadata.create_all(bind=self.config.appdb_engine)
        self.session = self.app.make_session()
        self.user = model.User(username='barney')
        self.session.add(self.user)
        self.session.commit()

        self.pyramid_config.set_security_policy(WuttaSecurityPolicy(db_session=self.session))

    def tearDown(self):
        testing.tearDown()

    def test_anonymous(self):
        self.assertFalse(hasattr(self.request, 'user'))
        event = MagicMock(request=self.request)
        subscribers.new_request_set_user(event)
        self.assertIsNone(self.request.user)

    def test_authenticated(self):
        uuid = self.user.uuid
        self.assertIsNotNone(uuid)
        remember(self.request, uuid)
        event = MagicMock(request=self.request)
        subscribers.new_request_set_user(event, db_session=self.session)
        self.assertIs(self.request.user, self.user)

    def test_is_admin(self):
        event = MagicMock(request=self.request)

        # anonymous user
        self.assertFalse(hasattr(self.request, 'user'))
        self.assertFalse(hasattr(self.request, 'is_admin'))
        subscribers.new_request_set_user(event, db_session=self.session)
        self.assertIsNone(self.request.user)
        self.assertFalse(self.request.is_admin)

        # reset
        del self.request.is_admin

        # authenticated user, but still not an admin
        self.request.user = self.user
        subscribers.new_request_set_user(event, db_session=self.session)
        self.assertIs(self.request.user, self.user)
        self.assertFalse(self.request.is_admin)

        # reset
        del self.request.is_admin

        # but if we make them an admin, it changes
        auth = self.app.get_auth_handler()
        admin = auth.get_role_administrator(self.session)
        self.user.roles.append(admin)
        self.session.commit()
        subscribers.new_request_set_user(event, db_session=self.session)
        self.assertIs(self.request.user, self.user)
        self.assertTrue(self.request.is_admin)

    def test_is_root(self):
        event = MagicMock(request=self.request)

        # anonymous user
        self.assertFalse(hasattr(self.request, 'user'))
        self.assertFalse(hasattr(self.request, 'is_root'))
        subscribers.new_request_set_user(event, db_session=self.session)
        self.assertIsNone(self.request.user)
        self.assertFalse(self.request.is_root)

        # reset
        del self.request.is_admin
        del self.request.is_root

        # authenticated user, but still not an admin
        self.request.user = self.user
        subscribers.new_request_set_user(event, db_session=self.session)
        self.assertIs(self.request.user, self.user)
        self.assertFalse(self.request.is_root)

        # reset
        del self.request.is_admin
        del self.request.is_root

        # even if we make them an admin, still not yet root
        auth = self.app.get_auth_handler()
        admin = auth.get_role_administrator(self.session)
        self.user.roles.append(admin)
        self.session.commit()
        subscribers.new_request_set_user(event, db_session=self.session)
        self.assertIs(self.request.user, self.user)
        self.assertTrue(self.request.is_admin)
        self.assertFalse(self.request.is_root)

        # reset
        del self.request.is_admin
        del self.request.is_root

        # root status flag lives in user session
        self.request.session['is_root'] = True
        subscribers.new_request_set_user(event, db_session=self.session)
        self.assertTrue(self.request.is_admin)
        self.assertTrue(self.request.is_root)

    def test_user_permissions(self):
        model = self.app.model
        auth = self.app.get_auth_handler()
        event = MagicMock(request=self.request)

        # anonymous user
        self.assertFalse(hasattr(self.request, 'user_permissions'))
        subscribers.new_request_set_user(event, db_session=self.session)
        self.assertEqual(self.request.user_permissions, set())

        # reset
        del self.request.user_permissions

        # add user to role with perms
        blokes = model.Role(name="Blokes")
        self.session.add(blokes)
        auth.grant_permission(blokes, 'appinfo.list')
        self.user.roles.append(blokes)
        self.session.commit()

        # authenticated user, with perms
        self.request.user = self.user
        subscribers.new_request_set_user(event, db_session=self.session)
        self.assertEqual(self.request.user_permissions, {'appinfo.list'})

    def test_has_perm(self):
        model = self.app.model
        auth = self.app.get_auth_handler()
        event = MagicMock(request=self.request)

        # anonymous user
        self.assertFalse(hasattr(self.request, 'has_perm'))
        subscribers.new_request_set_user(event, db_session=self.session)
        self.assertFalse(self.request.has_perm('appinfo.list'))

        # reset
        del self.request.user_permissions
        del self.request.has_perm
        del self.request.has_any_perm

        # add user to role with perms
        blokes = model.Role(name="Blokes")
        self.session.add(blokes)
        auth.grant_permission(blokes, 'appinfo.list')
        self.user.roles.append(blokes)
        self.session.commit()

        # authenticated user, with perms
        self.request.user = self.user
        subscribers.new_request_set_user(event, db_session=self.session)
        self.assertTrue(self.request.has_perm('appinfo.list'))

        # reset
        del self.request.user_permissions
        del self.request.has_perm
        del self.request.has_any_perm

        # drop user from role, no more perms
        self.user.roles.remove(blokes)
        self.session.commit()
        subscribers.new_request_set_user(event, db_session=self.session)
        self.assertFalse(self.request.has_perm('appinfo.list'))

        # reset
        del self.request.user_permissions
        del self.request.has_perm
        del self.request.has_any_perm
        del self.request.is_admin
        del self.request.is_root

        # root user always has perms
        admin = auth.get_role_administrator(self.session)
        self.user.roles.append(admin)
        self.session.commit()
        self.request.session['is_root'] = True
        subscribers.new_request_set_user(event, db_session=self.session)
        self.assertTrue(self.request.has_perm('appinfo.list'))

    def test_has_any_perm(self):
        model = self.app.model
        auth = self.app.get_auth_handler()
        event = MagicMock(request=self.request)

        # anonymous user
        self.assertFalse(hasattr(self.request, 'has_any_perm'))
        subscribers.new_request_set_user(event, db_session=self.session)
        self.assertFalse(self.request.has_any_perm('appinfo.list'))

        # reset
        del self.request.user_permissions
        del self.request.has_perm
        del self.request.has_any_perm

        # add user to role with perms
        blokes = model.Role(name="Blokes")
        self.session.add(blokes)
        auth.grant_permission(blokes, 'appinfo.list')
        self.user.roles.append(blokes)
        self.session.commit()

        # authenticated user, with perms
        self.request.user = self.user
        subscribers.new_request_set_user(event, db_session=self.session)
        self.assertTrue(self.request.has_any_perm('appinfo.list', 'appinfo.view'))

        # reset
        del self.request.user_permissions
        del self.request.has_perm
        del self.request.has_any_perm

        # drop user from role, no more perms
        self.user.roles.remove(blokes)
        self.session.commit()
        subscribers.new_request_set_user(event, db_session=self.session)
        self.assertFalse(self.request.has_any_perm('appinfo.list'))

        # reset
        del self.request.user_permissions
        del self.request.has_perm
        del self.request.has_any_perm
        del self.request.is_admin
        del self.request.is_root

        # root user always has perms
        admin = auth.get_role_administrator(self.session)
        self.user.roles.append(admin)
        self.session.commit()
        self.request.session['is_root'] = True
        subscribers.new_request_set_user(event, db_session=self.session)
        self.assertTrue(self.request.has_any_perm('appinfo.list'))


class TestBeforeRender(TestCase):

    def setUp(self):
        self.config = WuttaConfig(defaults={
            'wutta.web.menus.handler_spec': 'tests.util:NullMenuHandler',
        })

    def make_request(self):
        request = testing.DummyRequest(use_oruga=False)
        request.registry.settings = {'wutta_config': self.config}
        request.wutta_config = self.config
        return request

    def test_basic(self):
        request = self.make_request()
        event = {'request': request}

        # event dict will get populated with more context
        subscribers.before_render(event)

        self.assertIn('config', event)
        self.assertIs(event['config'], self.config)

        self.assertIn('app', event)
        self.assertIs(event['app'], self.config.get_app())

        self.assertIn('h', event)
        self.assertIs(event['h'], helpers)

        self.assertIn('url', event)
        # TODO: not sure how to test this?
        # self.assertIs(event['url'], request.route_url)

        self.assertIn('json', event)
        self.assertIs(event['json'], json)


class TestIncludeMe(TestCase):

    def test_basic(self):
        with testing.testConfig() as pyramid_config:

            # just ensure no error happens when included..
            pyramid_config.include('wuttaweb.subscribers')
feat: basic support for WSGI app, views, templates also docs + tests for what we have so far 2024-07-12 00:17:15 -05:00			`# -- coding: utf-8; --`

			`import json`
			`from unittest import TestCase`
feat: add permission checks for menus, view routes 2024-08-14 21:20:00 -05:00			`from unittest.mock import MagicMock, patch`
feat: basic support for WSGI app, views, templates also docs + tests for what we have so far 2024-07-12 00:17:15 -05:00
			`from wuttjamaican.conf import WuttaConfig`

			`from pyramid import testing`
feat: add auth views, for login/logout 2024-08-04 23:09:29 -05:00			`from pyramid.security import remember`
feat: basic support for WSGI app, views, templates also docs + tests for what we have so far 2024-07-12 00:17:15 -05:00
			`from wuttaweb import subscribers`
			`from wuttaweb import helpers`
feat: add auth views, for login/logout 2024-08-04 23:09:29 -05:00			`from wuttaweb.auth import WuttaSecurityPolicy`
feat: basic support for WSGI app, views, templates also docs + tests for what we have so far 2024-07-12 00:17:15 -05:00

			`class TestNewRequest(TestCase):`

			`def setUp(self):`
			`self.config = WuttaConfig()`
feat: add support for admin user to become / stop being root 2024-08-05 14:21:54 -05:00			`self.request = self.make_request()`
			`self.pyramid_config = testing.setUp(request=self.request, settings={`
			`'wutta_config': self.config,`
			`})`

			`def tearDown(self):`
			`testing.tearDown()`
feat: basic support for WSGI app, views, templates also docs + tests for what we have so far 2024-07-12 00:17:15 -05:00
			`def make_request(self):`
			`request = testing.DummyRequest()`
feat: add support for admin user to become / stop being root 2024-08-05 14:21:54 -05:00			`# request.registry.settings = {'wutta_config': self.config}`
feat: basic support for WSGI app, views, templates also docs + tests for what we have so far 2024-07-12 00:17:15 -05:00			`return request`

			`def test_wutta_config(self):`
feat: add support for admin user to become / stop being root 2024-08-05 14:21:54 -05:00			`event = MagicMock(request=self.request)`
feat: basic support for WSGI app, views, templates also docs + tests for what we have so far 2024-07-12 00:17:15 -05:00
			`# request gets a new attr`
feat: add support for admin user to become / stop being root 2024-08-05 14:21:54 -05:00			`self.assertFalse(hasattr(self.request, 'wutta_config'))`
feat: basic support for WSGI app, views, templates also docs + tests for what we have so far 2024-07-12 00:17:15 -05:00			`subscribers.new_request(event)`
feat: add support for admin user to become / stop being root 2024-08-05 14:21:54 -05:00			`self.assertTrue(hasattr(self.request, 'wutta_config'))`
			`self.assertIs(self.request.wutta_config, self.config)`
feat: basic support for WSGI app, views, templates also docs + tests for what we have so far 2024-07-12 00:17:15 -05:00
			`def test_use_oruga_default(self):`
feat: add support for admin user to become / stop being root 2024-08-05 14:21:54 -05:00			`event = MagicMock(request=self.request)`
feat: basic support for WSGI app, views, templates also docs + tests for what we have so far 2024-07-12 00:17:15 -05:00
			`# request gets a new attr, false by default`
feat: add support for admin user to become / stop being root 2024-08-05 14:21:54 -05:00			`self.assertFalse(hasattr(self.request, 'use_oruga'))`
feat: basic support for WSGI app, views, templates also docs + tests for what we have so far 2024-07-12 00:17:15 -05:00			`subscribers.new_request(event)`
feat: add support for admin user to become / stop being root 2024-08-05 14:21:54 -05:00			`self.assertFalse(self.request.use_oruga)`
feat: basic support for WSGI app, views, templates also docs + tests for what we have so far 2024-07-12 00:17:15 -05:00
			`def test_use_oruga_custom(self):`
			`self.config.setdefault('wuttaweb.oruga_detector.spec', 'tests.test_subscribers:custom_oruga_detector')`
feat: add support for admin user to become / stop being root 2024-08-05 14:21:54 -05:00			`event = MagicMock(request=self.request)`
feat: basic support for WSGI app, views, templates also docs + tests for what we have so far 2024-07-12 00:17:15 -05:00
			`# request gets a new attr, which should be true`
feat: add support for admin user to become / stop being root 2024-08-05 14:21:54 -05:00			`self.assertFalse(hasattr(self.request, 'use_oruga'))`
feat: basic support for WSGI app, views, templates also docs + tests for what we have so far 2024-07-12 00:17:15 -05:00			`subscribers.new_request(event)`
feat: add support for admin user to become / stop being root 2024-08-05 14:21:54 -05:00			`self.assertTrue(self.request.use_oruga)`

			`def test_get_referrer(self):`
			`event = MagicMock(request=self.request)`

			`def home(request):`
			`pass`

			`self.pyramid_config.add_route('home', '/')`
			`self.pyramid_config.add_view(home, route_name='home')`

			`self.assertFalse(hasattr(self.request, 'get_referrer'))`
			`subscribers.new_request(event)`
			`self.assertTrue(hasattr(self.request, 'get_referrer'))`

			`# default if no referrer, is home route`
			`url = self.request.get_referrer()`
			`self.assertEqual(url, self.request.route_url('home'))`

			`# can specify another default`
			`url = self.request.get_referrer(default='https://wuttaproject.org')`
			`self.assertEqual(url, 'https://wuttaproject.org')`

			`# or referrer can come from user session`
			`self.request.session['referrer'] = 'https://rattailproject.org'`
			`self.assertIn('referrer', self.request.session)`
			`url = self.request.get_referrer()`
			`self.assertEqual(url, 'https://rattailproject.org')`
			`# nb. referrer should also have been removed from user session`
			`self.assertNotIn('referrer', self.request.session)`

			`# or referrer can come from request params`
			`self.request.params['referrer'] = 'https://kernel.org'`
			`url = self.request.get_referrer()`
			`self.assertEqual(url, 'https://kernel.org')`
feat: basic support for WSGI app, views, templates also docs + tests for what we have so far 2024-07-12 00:17:15 -05:00

			`def custom_oruga_detector(request):`
			`return True`


feat: add auth views, for login/logout 2024-08-04 23:09:29 -05:00			`class TestNewRequestSetUser(TestCase):`

			`def setUp(self):`
			`self.config = WuttaConfig(defaults={`
			`'wutta.db.default.url': 'sqlite://',`
			`})`

fix: allow custom user getter for `new_request_set_user()` hook 2024-08-05 15:06:55 -05:00			`self.request = testing.DummyRequest(wutta_config=self.config)`
feat: add auth views, for login/logout 2024-08-04 23:09:29 -05:00			`self.pyramid_config = testing.setUp(request=self.request, settings={`
			`'wutta_config': self.config,`
			`})`

			`self.app = self.config.get_app()`
			`model = self.app.model`
			`model.Base.metadata.create_all(bind=self.config.appdb_engine)`
			`self.session = self.app.make_session()`
			`self.user = model.User(username='barney')`
			`self.session.add(self.user)`
			`self.session.commit()`

			`self.pyramid_config.set_security_policy(WuttaSecurityPolicy(db_session=self.session))`

			`def tearDown(self):`
			`testing.tearDown()`

			`def test_anonymous(self):`
			`self.assertFalse(hasattr(self.request, 'user'))`
			`event = MagicMock(request=self.request)`
			`subscribers.new_request_set_user(event)`
			`self.assertIsNone(self.request.user)`

			`def test_authenticated(self):`
			`uuid = self.user.uuid`
			`self.assertIsNotNone(uuid)`
			`remember(self.request, uuid)`
			`event = MagicMock(request=self.request)`
			`subscribers.new_request_set_user(event, db_session=self.session)`
			`self.assertIs(self.request.user, self.user)`

feat: add support for admin user to become / stop being root 2024-08-05 14:21:54 -05:00			`def test_is_admin(self):`
			`event = MagicMock(request=self.request)`

			`# anonymous user`
			`self.assertFalse(hasattr(self.request, 'user'))`
			`self.assertFalse(hasattr(self.request, 'is_admin'))`
			`subscribers.new_request_set_user(event, db_session=self.session)`
			`self.assertIsNone(self.request.user)`
			`self.assertFalse(self.request.is_admin)`

			`# reset`
			`del self.request.is_admin`

			`# authenticated user, but still not an admin`
			`self.request.user = self.user`
			`subscribers.new_request_set_user(event, db_session=self.session)`
			`self.assertIs(self.request.user, self.user)`
			`self.assertFalse(self.request.is_admin)`

			`# reset`
			`del self.request.is_admin`

			`# but if we make them an admin, it changes`
			`auth = self.app.get_auth_handler()`
			`admin = auth.get_role_administrator(self.session)`
			`self.user.roles.append(admin)`
			`self.session.commit()`
			`subscribers.new_request_set_user(event, db_session=self.session)`
			`self.assertIs(self.request.user, self.user)`
			`self.assertTrue(self.request.is_admin)`

			`def test_is_root(self):`
			`event = MagicMock(request=self.request)`

			`# anonymous user`
			`self.assertFalse(hasattr(self.request, 'user'))`
			`self.assertFalse(hasattr(self.request, 'is_root'))`
			`subscribers.new_request_set_user(event, db_session=self.session)`
			`self.assertIsNone(self.request.user)`
			`self.assertFalse(self.request.is_root)`

			`# reset`
			`del self.request.is_admin`
			`del self.request.is_root`

			`# authenticated user, but still not an admin`
			`self.request.user = self.user`
			`subscribers.new_request_set_user(event, db_session=self.session)`
			`self.assertIs(self.request.user, self.user)`
			`self.assertFalse(self.request.is_root)`

			`# reset`
			`del self.request.is_admin`
			`del self.request.is_root`

			`# even if we make them an admin, still not yet root`
			`auth = self.app.get_auth_handler()`
			`admin = auth.get_role_administrator(self.session)`
			`self.user.roles.append(admin)`
			`self.session.commit()`
			`subscribers.new_request_set_user(event, db_session=self.session)`
			`self.assertIs(self.request.user, self.user)`
			`self.assertTrue(self.request.is_admin)`
			`self.assertFalse(self.request.is_root)`

			`# reset`
			`del self.request.is_admin`
			`del self.request.is_root`

			`# root status flag lives in user session`
			`self.request.session['is_root'] = True`
			`subscribers.new_request_set_user(event, db_session=self.session)`
			`self.assertTrue(self.request.is_admin)`
			`self.assertTrue(self.request.is_root)`

feat: add permission checks for menus, view routes 2024-08-14 21:20:00 -05:00			`def test_user_permissions(self):`
			`model = self.app.model`
			`auth = self.app.get_auth_handler()`
			`event = MagicMock(request=self.request)`

			`# anonymous user`
			`self.assertFalse(hasattr(self.request, 'user_permissions'))`
			`subscribers.new_request_set_user(event, db_session=self.session)`
			`self.assertEqual(self.request.user_permissions, set())`

			`# reset`
			`del self.request.user_permissions`

			`# add user to role with perms`
			`blokes = model.Role(name="Blokes")`
			`self.session.add(blokes)`
			`auth.grant_permission(blokes, 'appinfo.list')`
			`self.user.roles.append(blokes)`
			`self.session.commit()`

			`# authenticated user, with perms`
			`self.request.user = self.user`
			`subscribers.new_request_set_user(event, db_session=self.session)`
			`self.assertEqual(self.request.user_permissions, {'appinfo.list'})`

			`def test_has_perm(self):`
			`model = self.app.model`
			`auth = self.app.get_auth_handler()`
			`event = MagicMock(request=self.request)`

			`# anonymous user`
			`self.assertFalse(hasattr(self.request, 'has_perm'))`
			`subscribers.new_request_set_user(event, db_session=self.session)`
			`self.assertFalse(self.request.has_perm('appinfo.list'))`

			`# reset`
			`del self.request.user_permissions`
			`del self.request.has_perm`
			`del self.request.has_any_perm`

			`# add user to role with perms`
			`blokes = model.Role(name="Blokes")`
			`self.session.add(blokes)`
			`auth.grant_permission(blokes, 'appinfo.list')`
			`self.user.roles.append(blokes)`
			`self.session.commit()`

			`# authenticated user, with perms`
			`self.request.user = self.user`
			`subscribers.new_request_set_user(event, db_session=self.session)`
			`self.assertTrue(self.request.has_perm('appinfo.list'))`

			`# reset`
			`del self.request.user_permissions`
			`del self.request.has_perm`
			`del self.request.has_any_perm`

			`# drop user from role, no more perms`
			`self.user.roles.remove(blokes)`
			`self.session.commit()`
			`subscribers.new_request_set_user(event, db_session=self.session)`
			`self.assertFalse(self.request.has_perm('appinfo.list'))`

			`# reset`
			`del self.request.user_permissions`
			`del self.request.has_perm`
			`del self.request.has_any_perm`
			`del self.request.is_admin`
			`del self.request.is_root`

			`# root user always has perms`
			`admin = auth.get_role_administrator(self.session)`
			`self.user.roles.append(admin)`
			`self.session.commit()`
			`self.request.session['is_root'] = True`
			`subscribers.new_request_set_user(event, db_session=self.session)`
			`self.assertTrue(self.request.has_perm('appinfo.list'))`

			`def test_has_any_perm(self):`
			`model = self.app.model`
			`auth = self.app.get_auth_handler()`
			`event = MagicMock(request=self.request)`

			`# anonymous user`
			`self.assertFalse(hasattr(self.request, 'has_any_perm'))`
			`subscribers.new_request_set_user(event, db_session=self.session)`
			`self.assertFalse(self.request.has_any_perm('appinfo.list'))`

			`# reset`
			`del self.request.user_permissions`
			`del self.request.has_perm`
			`del self.request.has_any_perm`

			`# add user to role with perms`
			`blokes = model.Role(name="Blokes")`
			`self.session.add(blokes)`
			`auth.grant_permission(blokes, 'appinfo.list')`
			`self.user.roles.append(blokes)`
			`self.session.commit()`

			`# authenticated user, with perms`
			`self.request.user = self.user`
			`subscribers.new_request_set_user(event, db_session=self.session)`
			`self.assertTrue(self.request.has_any_perm('appinfo.list', 'appinfo.view'))`

			`# reset`
			`del self.request.user_permissions`
			`del self.request.has_perm`
			`del self.request.has_any_perm`

			`# drop user from role, no more perms`
			`self.user.roles.remove(blokes)`
			`self.session.commit()`
			`subscribers.new_request_set_user(event, db_session=self.session)`
			`self.assertFalse(self.request.has_any_perm('appinfo.list'))`

			`# reset`
			`del self.request.user_permissions`
			`del self.request.has_perm`
			`del self.request.has_any_perm`
			`del self.request.is_admin`
			`del self.request.is_root`

			`# root user always has perms`
			`admin = auth.get_role_administrator(self.session)`
			`self.user.roles.append(admin)`
			`self.session.commit()`
			`self.request.session['is_root'] = True`
			`subscribers.new_request_set_user(event, db_session=self.session)`
			`self.assertTrue(self.request.has_any_perm('appinfo.list'))`

feat: add auth views, for login/logout 2024-08-04 23:09:29 -05:00
feat: basic support for WSGI app, views, templates also docs + tests for what we have so far 2024-07-12 00:17:15 -05:00			`class TestBeforeRender(TestCase):`

			`def setUp(self):`
feat: add initial `MasterView` support very minimal, index view only with empty page content 2024-08-05 19:21:58 -05:00			`self.config = WuttaConfig(defaults={`
feat: add Users view; improve CRUD master for SQLAlchemy models 2024-08-12 21:17:08 -05:00			`'wutta.web.menus.handler_spec': 'tests.util:NullMenuHandler',`
feat: add initial `MasterView` support very minimal, index view only with empty page content 2024-08-05 19:21:58 -05:00			`})`
feat: basic support for WSGI app, views, templates also docs + tests for what we have so far 2024-07-12 00:17:15 -05:00
			`def make_request(self):`
feat: add basic App Info view (index only) more to come! 2024-08-05 21:49:18 -05:00			`request = testing.DummyRequest(use_oruga=False)`
feat: basic support for WSGI app, views, templates also docs + tests for what we have so far 2024-07-12 00:17:15 -05:00			`request.registry.settings = {'wutta_config': self.config}`
			`request.wutta_config = self.config`
			`return request`

			`def test_basic(self):`
			`request = self.make_request()`
			`event = {'request': request}`

			`# event dict will get populated with more context`
			`subscribers.before_render(event)`

			`self.assertIn('config', event)`
			`self.assertIs(event['config'], self.config)`

			`self.assertIn('app', event)`
			`self.assertIs(event['app'], self.config.get_app())`

			`self.assertIn('h', event)`
			`self.assertIs(event['h'], helpers)`

			`self.assertIn('url', event)`
			`# TODO: not sure how to test this?`
			`# self.assertIs(event['url'], request.route_url)`

			`self.assertIn('json', event)`
			`self.assertIs(event['json'], json)`


			`class TestIncludeMe(TestCase):`

			`def test_basic(self):`
			`with testing.testConfig() as pyramid_config:`

			`# just ensure no error happens when included..`
			`pyramid_config.include('wuttaweb.subscribers')`