[Zope-Checkins] CVS: Zope/lib/python/AccessControl/securitySuite - framework.py:1.1 testSecurity.py:1.1
Andreas Jung
andreas@zope.com
Mon, 1 Oct 2001 08:46:29 -0400
Update of /cvs-repository/Zope/lib/python/AccessControl/securitySuite
In directory cvs.zope.org:/tmp/cvs-serv19190
Added Files:
framework.py testSecurity.py
Log Message:
securitySuite first version
=== Added File Zope/lib/python/AccessControl/securitySuite/framework.py ===
##############################################################################
#
# Zope Public License (ZPL) Version 1.0
# -------------------------------------
#
# Copyright (c) Digital Creations. All rights reserved.
#
# This license has been certified as Open Source(tm).
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# 1. Redistributions in source code must retain the above copyright
# notice, this list of conditions, and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions, and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# 3. Digital Creations requests that attribution be given to Zope
# in any manner possible. Zope includes a "Powered by Zope"
# button that is installed by default. While it is not a license
# violation to remove this button, it is requested that the
# attribution remain. A significant investment has been put
# into Zope, and this effort will continue if the Zope community
# continues to grow. This is one way to assure that growth.
#
# 4. All advertising materials and documentation mentioning
# features derived from or use of this software must display
# the following acknowledgement:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# In the event that the product being advertised includes an
# intact Zope distribution (with copyright and license included)
# then this clause is waived.
#
# 5. Names associated with Zope or Digital Creations must not be used to
# endorse or promote products derived from this software without
# prior written permission from Digital Creations.
#
# 6. Modified redistributions of any form whatsoever must retain
# the following acknowledgment:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# Intact (re-)distributions of any official Zope release do not
# require an external acknowledgement.
#
# 7. Modifications are encouraged but must be packaged separately as
# patches to official Zope releases. Distributions that do not
# clearly separate the patches from the original work must be clearly
# labeled as unofficial distributions. Modifications which do not
# carry the name Zope may be packaged in any form, as long as they
# conform to all of the clauses above.
#
#
# Disclaimer
#
# THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#
# This software consists of contributions made by Digital Creations and
# many individuals on behalf of Digital Creations. Specific
# attributions are listed in the accompanying credits file.
#
##############################################################################
######################################################################
# Set up unit testing framework
#
# The following code should be at the top of every test module:
#
# import os, sys
# execfile(os.path.join(sys.path[0], 'framework.py'))
#
# ...and the following at the bottom:
#
# framework()
# Find the Testing package
if not sys.modules.has_key('Testing'):
p0 = sys.path[0]
if p0 and __name__ == '__main__':
os.chdir(p0)
p0 = ''
p = d = os.path.abspath(os.curdir)
while d:
if os.path.isdir(os.path.join(p, 'Testing')):
sys.path[:1] = [p0, os.pardir, p]
break
p, d = os.path.split(p)
else:
print 'Unable to locate Testing package.'
sys.exit(1)
import Testing, unittest
execfile(os.path.join(os.path.split(Testing.__file__)[0], 'common.py'))
=== Added File Zope/lib/python/AccessControl/securitySuite/testSecurity.py ===
#!/usr/bin/env python2.1
import os, sys
execfile(os.path.join(sys.path[0],'framework.py'))
import unittest,re
import Zope,ZPublisher,cStringIO
from OFS.Folder import Folder
from OFS.SimpleItem import SimpleItem
from AccessControl import ClassSecurityInfo
from Acquisition import Implicit
import Globals
class TestObject(SimpleItem,Implicit):
""" test object """
security = ClassSecurityInfo()
def __init__(self,id,marker):
self.id = id
self.marker=marker
security.declarePrivate("private_func")
def private_func(self):
""" private func """
return "i am private"
security.declareProtected("Protect Permission","protected_func")
def protected_func(self):
""" proteced func """
return "i am protected "
security.declarePublic("public_func")
def public_func(self):
""" public func """
return "i am public"
Globals.InitializeClass(TestObject)
class TestFolder(Folder,Implicit):
""" test class """
security = ClassSecurityInfo()
security.declareObjectPrivate()
Globals.InitializeClass(TestFolder)
class User:
def __init__(self,username,password,roles):
self.username = username
self.password = password
self.roles = roles
def auth(self):
return "%s:%s" % (self.username,self.password)
def __str__(self):
return "User(%s:%s:%s)" % (self.username,self.password,self.roles)
__repr__ = __str__
USERS = (
User('user1','123',[]),
User('user2','123',[]),
User('owner','123',('Owner',)),
User('manager','123',('Manager',))
)
class SecurityTests(unittest.TestCase) :
def setUp(self):
""" my setup """
self.root = Zope.app()
acl = self.root.acl_users
for user in USERS:
try: acl._delUsers( user.username )
except: pass
for user in USERS:
acl._addUser(user.username,user.password,user.password,
user.roles, [])
get_transaction().commit()
if 'folder1' in self.root.objectIds():
self.root._delObject('folder1')
if 'object1' in self.root.objectIds():
self.root._delObject('object1')
f = TestFolder('folder1')
self.root._setObject('folder1',f)
f = TestFolder('folder2')
self.root.folder1._setObject('folder2',f)
obj = TestObject('object1','m1')
self.root.folder1._setObject('object1',obj)
obj = TestObject('looserObject','m1')
self.root.folder1._setObject('looserObject',obj)
obj = TestObject('object2','m2')
self.root.folder1.folder2._setObject('object2',obj)
print self.root.folder1.folder2.getOwner()
get_transaction().commit()
def testPublicFunc(self):
""" testing PublicFunc"""
path = "/folder1/object1/public_func"
for user in USERS:
code,txt= self._request(path,u=user.auth())
assert code==200, (path,user,code,txt)
def testPublicFuncWithWrongAuth(self):
""" testing PublicFunc"""
path = "/folder1/object1/public_func"
for user in USERS:
code,txt= self._request(path,u=user.auth()+'xx')
assert code==200, (path,user,code,txt)
def testPrivateFunc(self):
""" testing PrivateFunc"""
path = "/folder1/object1/private_func"
for user in USERS:
code,txt= self._request(path,u=user.auth())
assert code==401, (path,user,code,txt)
def testProtectedFunc(self):
""" testing PrivateFunc"""
path = "/folder1/object1/protected_func"
for user in USERS:
code,txt= self._request(path,u=user.auth())
if 'Manager' in user.roles:
assert code==200, (path,user,code,txt)
else:
assert code==401, (path,user,code,txt)
def testXX(self):
""" xxx """
for id,obj in self.root.objectItems():
print id,obj.getOwner()
def _request(self,*args,**kw):
reg = re.compile("Status: ([0-9]{1,4}) (.*)",re.I)\
io =cStringIO.StringIO()
kw['s']=io
ZPublisher.Zope(*args,**kw)
outp = io.getvalue()
mo = reg.search(outp)
code,txt = mo.groups()
# print "%-40s %-20s %3d %s" % (args[0],kw.get('u',''),int(code),txt)
return int(code),txt
framework()