[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security/tests - testZSP.py:1.1.2.5
Jim Fulton
jim@zope.com
Wed, 26 Dec 2001 15:35:40 -0500
Update of /cvs-repository/Zope3/lib/python/Zope/App/Security/tests
In directory cvs.zope.org:/tmp/cvs-serv32583/tests
Modified Files:
Tag: Zope-3x-branch
testZSP.py
Log Message:
Reworked basic access checks
=== Zope3/lib/python/Zope/App/Security/tests/testZSP.py 1.1.2.4 => 1.1.2.5 ===
-from Zope.App.Security.RoleRegistry import defineRole
-from Zope.App.Security.RolePermissionMap import grantPermissionToRole
import unittest
+from Zope.App.Security.PermissionRegistry import permissionRegistry
+from Zope.App.Security.PrincipalRegistry import principalRegistry
+from Zope.App.Security.RoleRegistry import roleRegistry
+from Zope.App.Security.PrincipalPermissionManager \
+ import principalPermissionManager
+from Zope.App.Security.RolePermissionManager import rolePermissionManager
+from Zope.App.Security.PrincipalRoleManager import principalRoleManager
+from Zope.Exceptions import Unauthorized, Forbidden
+
+def _clear():
+ permissionRegistry._clear()
+ principalRegistry._clear()
+ roleRegistry._clear()
+ principalPermissionManager._clear()
+ rolePermissionManager._clear()
+ principalRoleManager._clear()
+
+class Context:
+ def __init__(self, user, stack=[]):
+ self.user, self.stack = user, stack
+
class Unprotected:
pass
@@ -13,10 +31,36 @@
self.__permission__ = permission
-class WhiteboxTest( unittest.TestCase ):
- """
- Test helper functions.
- """
+class Test( unittest.TestCase ):
+
+ def setUp(self):
+ _clear()
+ principalRegistry.definePrincipal('jim', 'Jim', 'Jim Fulton',
+ 'jim', '123')
+ principalRegistry.definePrincipal('tim', 'Tim', 'Tim Peters',
+ 'tim', '456')
+ principalRegistry.defineDefaultPrincipal(
+ 'unknown', 'Unknown', 'Nothing is known about this principal')
+
+ permissionRegistry.definePermission('read', 'Read', 'Read something')
+ permissionRegistry.definePermission(
+ 'write', 'Write', 'Write something')
+
+
+ self.peon = roleRegistry.defineRole('Peon', 'Site Peon')
+ rolePermissionManager.grantPermissionToRole(
+ 'read', self.peon.getId())
+
+ self.manager = roleRegistry.defineRole('Manager', 'Site Manager')
+ rolePermissionManager.grantPermissionToRole(
+ 'read', self.manager.getId())
+ rolePermissionManager.grantPermissionToRole(
+ 'write', self.manager.getId())
+
+ principalRoleManager.assignRoleToPrincipal(self.peon.getId(), 'jim')
+ principalRoleManager.assignRoleToPrincipal(self.manager.getId(), 'tim')
+
+ self.policy = self._makePolicy()
def _makePolicy( self ):
@@ -27,43 +71,54 @@
from Zope.App.Security.ZopeSecurityPolicy import ZopeSecurityPolicy
- def testAllowName( self ):
-
- policy = self._makePolicy()
-
- self.failUnless( policy._allowName( 'a' ) )
- self.failUnless( policy._allowName( '_a' ) )
-
- self.failIf( policy._allowName( '' ) )
- self.failIf( policy._allowName( ' ' ) )
- self.failIf( policy._allowName( () ) )
- self.failIf( policy._allowName( ('a', 'b') ) )
- self.failIf( policy._allowName( [] ) )
- self.failIf( policy._allowName( ['a', 'b'] ) )
-
- def testFindPermission( self ):
- policy = self._makePolicy()
-
- fooperm = definePermission('foo', 'foo title')
-
- foo = Protected(fooperm)
- bar = Unprotected()
-
- self.assertEqual(policy._findPermission(foo), fooperm)
- self.assertEqual(policy._findPermission(bar), None)
- self.assertEqual(policy._findPermission(None), None)
-
- def testListRolesFor( self ):
- policy = self._makePolicy()
-
- fooperm = definePermission( 'foo', 'foo title' )
-
- foo = Protected(fooperm)
- bar = Unprotected()
-
- self.assertEqual(policy._listRolesFor(fooperm, foo), ())
-
- role = defineRole( 'Everyman' )
- grantPermissionToRole(fooperm, role)
+ def test_checkPermission(self):
+ self.failUnless(
+ self.policy.checkPermission('read', None, Context('jim')))
+ self.failUnless(
+ self.policy.checkPermission('read', None, Context('tim')))
+ self.failUnless(
+ self.policy.checkPermission('write', None, Context('tim')))
+
+ self.failIf(self.policy.checkPermission(
+ 'read', None, Context('unknown')))
+ self.failIf(self.policy.checkPermission(
+ 'write', None, Context('unknown')))
+
+ rolePermissionManager.grantPermissionToRole('read', 'Anonymous')
+
+ self.failUnless(
+ self.policy.checkPermission('read', None, Context('unknown')))
+
+ principalPermissionManager.grantPermissionToPrincipal('write', 'jim')
+ self.failUnless(
+ self.policy.checkPermission('write', None, Context('jim')))
+
+ def test_validate(self):
+ self.policy.validate('_', Protected('read'), Context('jim'))
+ self.policy.validate('_', Protected('read'), Context('tim'))
+ self.policy.validate('_', Protected('write'), Context('tim'))
+
+ self.assertRaises(Unauthorized,
+ self.policy.validate,
+ 'x', Protected('read'), Context('unknown'))
+ self.assertRaises(Unauthorized,
+ self.policy.validate,
+ 'x', Protected('write'), Context('unknown'))
+
+ rolePermissionManager.grantPermissionToRole('read', 'Anonymous')
+
+ self.policy.validate('_', Protected('read'), Context('unknown'))
+
+ principalPermissionManager.grantPermissionToPrincipal('write', 'jim')
+ self.policy.validate('_', Protected('write'), Context('jim'))
+
+ self.assertRaises(Forbidden,
+ self.policy.validate,
+ 'x', Unprotected(), Context('tim'))
+
+def test_suite():
+ loader=unittest.TestLoader()
+ return loader.loadTestsFromTestCase(Test)
- self.assertEqual(policy._listRolesFor(fooperm, foo), (role,))
+if __name__=='__main__':
+ unittest.TextTestRunner().run(test_suite())