[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security/tests - testZSP.py:1.1.2.5

Jim Fulton jim@zope.com
Wed, 26 Dec 2001 15:35:40 -0500


Update of /cvs-repository/Zope3/lib/python/Zope/App/Security/tests
In directory cvs.zope.org:/tmp/cvs-serv32583/tests

Modified Files:
      Tag: Zope-3x-branch
	testZSP.py 
Log Message:
Reworked basic access checks

=== Zope3/lib/python/Zope/App/Security/tests/testZSP.py 1.1.2.4 => 1.1.2.5 ===
-from Zope.App.Security.RoleRegistry import defineRole
-from Zope.App.Security.RolePermissionMap import grantPermissionToRole
 
 import unittest
 
+from Zope.App.Security.PermissionRegistry import permissionRegistry 
+from Zope.App.Security.PrincipalRegistry import principalRegistry 
+from Zope.App.Security.RoleRegistry import roleRegistry
+from Zope.App.Security.PrincipalPermissionManager \
+     import principalPermissionManager 
+from Zope.App.Security.RolePermissionManager import rolePermissionManager 
+from Zope.App.Security.PrincipalRoleManager import principalRoleManager 
+from Zope.Exceptions import Unauthorized, Forbidden
+
+def _clear():
+    permissionRegistry._clear()
+    principalRegistry._clear()
+    roleRegistry._clear()
+    principalPermissionManager._clear()
+    rolePermissionManager._clear()
+    principalRoleManager._clear()
+
+class Context:
+    def __init__(self, user, stack=[]):
+        self.user, self.stack = user, stack
+    
 class Unprotected:
     pass
 
@@ -13,10 +31,36 @@
         self.__permission__ = permission
 
 
-class WhiteboxTest( unittest.TestCase ):
-    """
-        Test helper functions.
-    """
+class Test( unittest.TestCase ):
+
+    def setUp(self):
+        _clear()
+        principalRegistry.definePrincipal('jim', 'Jim', 'Jim Fulton',
+                                          'jim', '123')
+        principalRegistry.definePrincipal('tim', 'Tim', 'Tim Peters',
+                                          'tim', '456')
+        principalRegistry.defineDefaultPrincipal(
+            'unknown', 'Unknown', 'Nothing is known about this principal')
+        
+        permissionRegistry.definePermission('read', 'Read', 'Read something')
+        permissionRegistry.definePermission(
+            'write', 'Write', 'Write something')
+
+
+        self.peon = roleRegistry.defineRole('Peon', 'Site Peon')
+        rolePermissionManager.grantPermissionToRole(
+            'read', self.peon.getId())
+
+        self.manager = roleRegistry.defineRole('Manager', 'Site Manager')
+        rolePermissionManager.grantPermissionToRole(
+            'read', self.manager.getId())
+        rolePermissionManager.grantPermissionToRole(
+            'write', self.manager.getId())
+
+        principalRoleManager.assignRoleToPrincipal(self.peon.getId(), 'jim')
+        principalRoleManager.assignRoleToPrincipal(self.manager.getId(), 'tim')
+
+        self.policy = self._makePolicy()
 
     def _makePolicy( self ):
 
@@ -27,43 +71,54 @@
 
         from Zope.App.Security.ZopeSecurityPolicy import ZopeSecurityPolicy
 
-    def testAllowName( self ):
-
-        policy = self._makePolicy()
-
-        self.failUnless( policy._allowName( 'a' ) )
-        self.failUnless( policy._allowName( '_a' ) )
-
-        self.failIf( policy._allowName( '' ) )
-        self.failIf( policy._allowName( ' ' ) )
-        self.failIf( policy._allowName( () ) )
-        self.failIf( policy._allowName( ('a', 'b') ) )
-        self.failIf( policy._allowName( [] ) )
-        self.failIf( policy._allowName( ['a', 'b'] ) )
-
-    def testFindPermission( self ):
-        policy = self._makePolicy()
-
-        fooperm = definePermission('foo', 'foo title')
-
-        foo = Protected(fooperm)
-        bar = Unprotected()
-
-        self.assertEqual(policy._findPermission(foo), fooperm)
-        self.assertEqual(policy._findPermission(bar), None)
-        self.assertEqual(policy._findPermission(None), None)
-
-    def testListRolesFor( self ):
-        policy  = self._makePolicy()
-
-        fooperm = definePermission( 'foo', 'foo title' )
-
-        foo = Protected(fooperm)
-        bar = Unprotected()
-
-        self.assertEqual(policy._listRolesFor(fooperm, foo), ())
-
-        role = defineRole( 'Everyman' )
-        grantPermissionToRole(fooperm, role)
+    def test_checkPermission(self):
+        self.failUnless(
+            self.policy.checkPermission('read', None, Context('jim')))
+        self.failUnless(
+            self.policy.checkPermission('read', None, Context('tim')))
+        self.failUnless(
+            self.policy.checkPermission('write', None, Context('tim')))
+
+        self.failIf(self.policy.checkPermission(
+                    'read', None, Context('unknown')))
+        self.failIf(self.policy.checkPermission(
+                    'write', None, Context('unknown')))
+        
+        rolePermissionManager.grantPermissionToRole('read', 'Anonymous')
+        
+        self.failUnless(
+            self.policy.checkPermission('read', None, Context('unknown')))
+
+        principalPermissionManager.grantPermissionToPrincipal('write', 'jim')
+        self.failUnless(
+            self.policy.checkPermission('write', None, Context('jim')))
+
+    def test_validate(self):
+        self.policy.validate('_', Protected('read'), Context('jim'))
+        self.policy.validate('_', Protected('read'), Context('tim'))
+        self.policy.validate('_', Protected('write'), Context('tim'))
+
+        self.assertRaises(Unauthorized,
+                          self.policy.validate,
+                          'x', Protected('read'), Context('unknown'))
+        self.assertRaises(Unauthorized,
+                          self.policy.validate,
+                          'x', Protected('write'), Context('unknown'))
+        
+        rolePermissionManager.grantPermissionToRole('read', 'Anonymous')
+        
+        self.policy.validate('_', Protected('read'), Context('unknown'))
+
+        principalPermissionManager.grantPermissionToPrincipal('write', 'jim')
+        self.policy.validate('_', Protected('write'), Context('jim'))
+        
+        self.assertRaises(Forbidden,
+                          self.policy.validate,
+                          'x', Unprotected(), Context('tim'))
+
+def test_suite():
+    loader=unittest.TestLoader()
+    return loader.loadTestsFromTestCase(Test)
 
-        self.assertEqual(policy._listRolesFor(fooperm, foo), (role,))
+if __name__=='__main__':
+    unittest.TextTestRunner().run(test_suite())