Commits

Thomas Waldmann committed 136a524

acl code/tests: meta ACL value is a unicode object, do not use bytestrings in tests, remove code that supports it being a list or tuple

Comments (0)

Files changed (2)

MoinMoin/storage/_tests/test_middleware_acl.py

 
     def test_noaccess(self):
         name = u"noaccess"
-        self.create_item_acl(name, "All:")
+        self.create_item_acl(name, u"All:")
         assert py.test.raises(AccessDeniedError, self.get_item, name)
 
     def test_create_item(self):
         backend = flaskg.storage
         assert py.test.raises(AccessDeniedError, backend.create_item, u"I will never exist")
 
-        item = self.create_item_acl(u"i will exist!", "All:read,write")
+        item = self.create_item_acl(u"i will exist!", u"All:read,write")
         rev = item.create_revision(1)
         data = "my very existent data"
         rev.write(data)
 
     def test_read_access_allowed(self):
         name = u"readaccessallowed"
-        self.create_item_acl(name, "All:read")
+        self.create_item_acl(name, u"All:read")
         # Should simply pass...
         item = self.get_item(name)
 
 
     def test_write_after_create(self):
         name = u"writeaftercreate"
-        item = self.create_item_acl(name, "All:")
+        item = self.create_item_acl(name, u"All:")
         assert py.test.raises(AccessDeniedError, item.create_revision, 1)
 
     def test_modify_without_acl_change(self):
         name = u"copy_without_acl_change"
-        acl = "All:read,write"
+        acl = u"All:read,write"
         self.create_item_acl(name, acl)
         item = self.get_item(name)
         rev = item.create_revision(1)
 
     def test_copy_with_acl_change(self):
         name = u"copy_with_acl_change"
-        acl = "All:read,write"
+        acl = u"All:read,write"
         self.create_item_acl(name, acl)
         item = self.get_item(name)
         rev = item.create_revision(1)
-        py.test.raises(AccessDeniedError, rev.__setitem__, ACL, acl + ",write")
+        # without admin rights it is disallowed to change ACL
+        py.test.raises(AccessDeniedError, rev.__setitem__, ACL, acl + u",destroy")
 
     def test_write_without_read(self):
         name = u"write_but_not_read"
-        acl = "All:write"
+        acl = u"All:write"
         item = flaskg.storage.create_item(name)
         rev = item.create_revision(0)
         rev[ACL] = acl

MoinMoin/storage/backends/acl.py

             item = self.backend.get_item(itemname)
             # we always use the ACLs set on the latest revision:
             current_rev = item.get_revision(-1)
-            acls = current_rev[ACL]
+            acl = current_rev[ACL]
+            if not isinstance(acl, unicode):
+                raise TypeError("%s metadata has unsupported type: %r" % (ACL, acl))
+            acls = [acl, ]
         except (NoSuchItemError, NoSuchRevisionError, KeyError):
             # do not use default acl here
             acls = []
-        if not isinstance(acls, (tuple, list)):
-            acls = (acls, )
         default = self.default.default
-        return ContentACL(self.cfg, acls, default=default, valid=self.valid)
+        return ContentACL(self.cfg, tuple(acls), default=default, valid=self.valid)
 
     def _may(self, itemname, right, username=None):
         """ Check if username may have <right> access on item <itemname>.
                 last_rev = self._item.get_revision(-1)
                 last_acl = last_rev[ACL]
             except (NoSuchRevisionError, KeyError):
-                last_acl = ''
+                last_acl = u''
 
             acl_changed = value != last_acl