[Zope-Checkins] CVS: Zope3/lib/python/Zope/Security/tests - testChecker.py:1.1.2.1 testRestrictedInterpreter.py:1.1.2.6 test_Proxy.py:1.1.2.12
Jim Fulton
jim@zope.com
Thu, 18 Apr 2002 18:02:24 -0400
Update of /cvs-repository/Zope3/lib/python/Zope/Security/tests
In directory cvs.zope.org:/tmp/cvs-serv30502/lib/python/Zope/Security/tests
Modified Files:
Tag: SecurityProxy-branch
testRestrictedInterpreter.py test_Proxy.py
Added Files:
Tag: SecurityProxy-branch
testChecker.py
Log Message:
Added SecurityProxy checker implementation and checker registry.
I'm going to refactor the way the checker permission database is
expressed and add some convenience factories.
=== Added File Zope3/lib/python/Zope/Security/tests/testChecker.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""
Revision information:
$Id: testChecker.py,v 1.1.2.1 2002/04/18 22:02:23 jim Exp $
"""
from unittest import TestCase, TestSuite, main, makeSuite
from Zope.Security.Checker import Checker
from Zope.Testing.CleanUp import cleanUp
from Zope.App.Security.ISecurityPolicy import ISecurityPolicy
from Zope.Exceptions import Forbidden, Unauthorized
from Zope.App.Security.SecurityManagement import setSecurityPolicy
from Zope.Security._Proxy import getChecker, getObject
from Zope.Security.Proxy import Proxy, defineChecker
class SecurityPolicy:
__implements__ = ISecurityPolicy
############################################################
# Implementation methods for interface
# Zope.App.Security.ISecurityPolicy.
def validate(self, name, value, context):
'See Zope.App.Security.ISecurityPolicy.ISecurityPolicy'
permission = getattr(value, '__permission__', None)
if permission is None:
raise Forbidden(name, value)
if not self.checkPermission(permission, object, context):
raise Unauthorized(name, value)
def checkPermission(self, permission, object, context):
'See Zope.App.Security.ISecurityPolicy.ISecurityPolicy'
return permission == 'test_allowed'
#
############################################################
class OldInst:
a=1
def b(self):
pass
c=2
def gete(self): return 3
e = property(gete)
def __getitem__(self, x): return 5, x
def __setitem__(self, x, v): pass
class NewInst(object, OldInst):
def gete(self): return 3
def sete(self, v): pass
e = property(gete, sete)
class Test(TestCase):
def setUp(self):
self.__oldpolicy = setSecurityPolicy(SecurityPolicy())
def tearDown(self):
setSecurityPolicy(self.__oldpolicy)
cleanUp()
# check_getattr cases:
#
# - no attribute there
# - method
# - allow and disallow by permission
def test_check_getattr(self):
oldinst = OldInst()
oldinst.d = OldInst()
newinst = NewInst()
newinst.d = NewInst()
for inst in oldinst, newinst:
checker = Checker([({'a': 1, 'b': 1, 'c': 1,
'__getitem__': 1}.has_key,
'perm')])
self.assertRaises(Unauthorized, checker.check_getattr, inst, 'a')
self.assertRaises(Unauthorized, checker.check_getattr, inst, 'b')
self.assertRaises(Unauthorized, checker.check_getattr, inst, 'c')
self.assertRaises(Unauthorized, checker.check, inst, '__getitem__')
self.assertRaises(Forbidden, checker.check, inst, '__setitem__')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'd')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'e')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'f')
checker = Checker([({'a': 1, 'b': 1, 'c': 1,
'__getitem__': 1}.has_key,
'test_allowed')])
checker.check_getattr(inst, 'a')
checker.check_getattr(inst, 'b')
checker.check_getattr(inst, 'c')
checker.check(inst, '__getitem__')
self.assertRaises(Forbidden, checker.check, inst, '__setitem__')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'd')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'e')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'f')
def test_proxy(self):
checker = Checker(())
for rock in (1, 1.0, 1l, 1j,
'1', u'1', None,
AttributeError, AttributeError(),
):
proxy = checker.proxy(rock)
self.failUnless(proxy is rock, proxy)
for class_ in OldInst, NewInst:
inst = class_()
for ob in inst, class_:
proxy = checker.proxy(ob)
self.failUnless(getObject(proxy) is ob)
database = getChecker(proxy)._Checker__database
if ob is inst:
self.failIf(database, database)
else:
self.failUnless(database)
special = Checker([({'a': 1, 'b': 1}.has_key, 'test_allowed')])
defineChecker(class_, special)
proxy = checker.proxy(inst)
self.failUnless(getObject(proxy) is inst)
checker = getChecker(proxy)
self.failUnless(checker is special, checker.__dict__)
proxy2 = checker.proxy(proxy)
self.failUnless(proxy2 is proxy, [proxy, proxy2])
def test_suite():
return TestSuite((
makeSuite(Test),
))
if __name__=='__main__':
main(defaultTest='test_suite')
=== Zope3/lib/python/Zope/Security/tests/testRestrictedInterpreter.py 1.1.2.5 => 1.1.2.6 ===
+import Zope.Security.Proxy
+
from Zope.Security.RestrictedInterpreter import RestrictedInterpreter
-from Zope.Security.Proxy import Proxy
+from Zope.Security.Proxy import Proxy, defineChecker
+
+from Zope.Testing.CleanUp import cleanUp
-class Checker:
+class TestChecker:
def check_getattr(self, object, name):
pass
def check(self, object, opname):
pass
def proxy(self, value):
- return Proxy(value, self)
+ return Proxy(value)
class RITests(unittest.TestCase):
def setUp(self):
- self.checker = Checker()
+ self.checker = TestChecker()
self.rinterp = RestrictedInterpreter(self.checker)
+ def tearDown(self):
+ cleanUp()
+
def testExec(self):
- self.rinterp.ri_exec("print type(1)\n")
+ self.rinterp.ri_exec("str(type(1))\n")
def testImport(self):
self.rinterp.ri_exec("import Zope.Security.Proxy")
def testWrapping(self):
# make sure we've really got proxies
+ import types
+ from Zope.Security.Checker import Checker
+ checker = Checker([({'Proxy':1, '_Proxy':1}.has_key, None)])
+ defineChecker(Zope.Security.Proxy, checker)
+ checker = Checker([({'BuiltinFunctionType':1}.has_key, None)])
+ defineChecker(types, checker)
code = ("from Zope.Security.Proxy import Proxy, _Proxy\n"
"import types\n"
"assert type(id) is not types.BuiltinFunctionType\n"
@@ -33,3 +46,8 @@
def test_suite():
return unittest.makeSuite(RITests)
+
+
+if __name__=='__main__':
+ from unittest import main
+ main(defaultTest='test_suite')
=== Zope3/lib/python/Zope/Security/tests/test_Proxy.py 1.1.2.11 => 1.1.2.12 ===
-
+from Zope.Exceptions import Forbidden
from Zope.Security._Proxy import getObject, getChecker
from Zope.Security.Proxy import Proxy
@@ -20,6 +20,8 @@
raise RuntimeError
def proxy(self, value):
+ if type(value) is str:
+ return value
return Proxy(value, self)
@@ -170,3 +172,7 @@
def test_suite():
return unittest.makeSuite(ProxyTests)
+
+if __name__=='__main__':
+ from unittest import main
+ main(defaultTest='test_suite')