[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Traversing/tests - testTraverser.py:1.1.2.4
Martijn Pieters
mj@zope.com
Tue, 4 Dec 2001 11:52:49 -0500
Update of /cvs-repository/Zope3/lib/python/Zope/App/Traversing/tests
In directory cvs.zope.org:/tmp/cvs-serv20303/lib/python/Zope/App/Traversing/tests
Modified Files:
Tag: Zope-3x-branch
testTraverser.py
Log Message:
- Remove the silly restriction on underscore; this is the responsibility of the
securty policy
- Implement restrictedTraverse
=== Zope3/lib/python/Zope/App/Traversing/tests/testTraverser.py 1.1.2.3 => 1.1.2.4 ===
from Zope.App.Traversing.DefaultTraversable import DefaultTraversable
from Zope.ContextWrapper import wrapper, Wrapper
-from Zope.Exceptions import NotFoundError
+from Zope.Exceptions import NotFoundError, Unauthorized
from Zope.ComponentArchitecture import provideFeature, _clear
+from Zope.App.Security.SecurityManagement import setSecurityPolicy, \
+ noSecurityManager
+from Zope.App.Security.SimpleSecurityPolicies import NameBasedSecurityPolicy
from Interface import verify, instancesOfObjectImplements
@@ -103,6 +106,70 @@
def testNotFoundNoDefault(self):
self.assertRaises(NotFoundError, self.tr.unrestrictedTraverse, 'foo')
+class RestrictedTraverseTests(unittest.TestCase):
+ _oldPolicy = None
+ _deniedNames = ()
+
+ def setUp(self):
+ self._oldPolicy = setSecurityPolicy(
+ NameBasedSecurityPolicy(self.denyNames))
+
+ provideFeature(None, ITraversable, DefaultTraversable)
+
+ self.root = root = C('root')
+ self.folder = folder = C('folder')
+ self.item = item = C('item')
+
+ root.folder = folder
+ folder.item = item
+
+ self.tr = Traverser(root)
+
+ def tearDown(self):
+ noSecurityManager()
+ setSecurityPolicy(self._oldPolicy)
+
+ _clear() # Clear out feature registration made
+
+ def denyNames(self, name):
+ if name in self._deniedNames:
+ raise Unauthorized
+
+ def testAllAllowed(self):
+ tr = self.tr
+ item = self.item
+
+ self.assertEquals(tr.restrictedTraverse(('', 'folder', 'item')), item)
+ self.assertEquals(tr.restrictedTraverse(('folder', 'item')), item)
+
+ def testItemDenied(self):
+ self._deniedNames = ('item',)
+
+ tr = self.tr
+ folder = self.folder
+
+ self.assertRaises(Unauthorized, tr.restrictedTraverse,
+ ('', 'folder', 'item'))
+ self.assertRaises(Unauthorized, tr.restrictedTraverse,
+ ('folder', 'item'))
+ self.assertEquals(tr.restrictedTraverse(('', 'folder')), folder)
+ self.assertEquals(tr.restrictedTraverse(('folder', '..', 'folder')), folder)
+ self.assertEquals(tr.restrictedTraverse(('folder',)), folder)
+
+ def testNoneDenied(self):
+ # If traversing up ('..') or to the root, None is passed as a name to
+ # validate.
+ self._deniedNames = (None,)
+
+ tr = self.tr
+ item = self.item
+
+ self.assertRaises(Unauthorized, tr.restrictedTraverse,
+ ('', 'folder'))
+ self.assertRaises(Unauthorized, tr.restrictedTraverse,
+ ('folder', '..', 'folder'))
+ self.assertEquals(tr.restrictedTraverse(('folder', 'item')), item)
+
class DefaultTraversableTests(unittest.TestCase):
def testImplementsITraversable(self):
self.failUnless(ITraversable.isImplementedBy(DefaultTraversable(None)))
@@ -133,11 +200,6 @@
self.failUnless(next is foo)
self.assertEquals(further, [])
- def testUnderscoreNotFound(self):
- df = DefaultTraversable(C('dummy'))
-
- self.assertRaises(NotFoundError, df.traverse, '_foo', [])
-
def testNotFound(self):
df = DefaultTraversable(C('dummy'))
@@ -148,6 +210,7 @@
suite = loader.loadTestsFromTestCase(TraverserTests)
suite.addTest(loader.loadTestsFromTestCase(DefaultTraversableTests))
suite.addTest(loader.loadTestsFromTestCase(UnrestrictedTraverseTests))
+ suite.addTest(loader.loadTestsFromTestCase(RestrictedTraverseTests))
return suite
if __name__=='__main__':