[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Traversing/tests - testTraverser.py:1.1.2.10.6.1 testZopeWrapper.py:NONE
Jim Fulton
jim@zope.com
Fri, 26 Apr 2002 14:23:18 -0400
Update of /cvs-repository/Zope3/lib/python/Zope/App/Traversing/tests
In directory cvs.zope.org:/tmp/cvs-serv26237/lib/python/Zope/App/Traversing/tests
Modified Files:
Tag: SecurityProxy-branch
testTraverser.py
Removed Files:
Tag: SecurityProxy-branch
testZopeWrapper.py
Log Message:
Changed security code to use security proxies and name-based
security. This has pretty far-reaching implications:
- You now protect names/operations, *not* values. This means it's as
easy yo protect data attributes that have simple values as it is to
protect methods.
- There is no longer a __permissions__ attribute. :)
- There is no longer a validate method in either security managers or
policies.
- No more need to have a special compiler for restricted code.
In exchange, lots of objects are proxies and code sometimes needs to
be prepared to remove proxies.
In addition:
- Basic objects (None, strings, numbers, etc.) are not wrapped in
context wrappers.
- There is a test that fails unless Python 2.3 is used.
=== Zope3/lib/python/Zope/App/Traversing/tests/testTraverser.py 1.1.2.10 => 1.1.2.10.6.1 ===
from Zope.App.Traversing.Traverser import Traverser
from Zope.App.Traversing.DefaultTraversable import DefaultTraversable
-from Zope.ContextWrapper import wrapper, Wrapper
+from Zope.Proxy.ContextWrapper import ContextWrapper
from Zope.Exceptions import NotFoundError, Unauthorized
from Zope.ComponentArchitecture import provideAdapter
from Zope.App.Security.SecurityManagement import setSecurityPolicy, \
noSecurityManager
-from Zope.App.Security.SimpleSecurityPolicies import NameBasedSecurityPolicy
from Zope.Testing.CleanUp import CleanUp # Base class w registry cleanup
from Interface.Verify import verifyClass
from Interface.Implements import instancesOfObjectImplements
+from Zope.Security.Checker \
+ import ProxyFactory, defineChecker, NamesChecker, CheckerPublic, Checker
+from Zope.App.Security.SecurityManagement import newSecurityManager
class C:
def __init__(self, name):
@@ -39,9 +41,9 @@
class TraverserTests(CleanUp, unittest.TestCase):
def setUp(self):
# Build up a wrapper chain
- self.root = Wrapper(C('root'), None, name='')
- self.folder = Wrapper(C('folder'), self.root, name='folder')
- self.item = Wrapper(C('item'), self.folder, name='item')
+ self.root = ContextWrapper(C('root'), None, name='')
+ self.folder = ContextWrapper(C('folder'), self.root, name='folder')
+ self.item = ContextWrapper(C('item'), self.folder, name='item')
self.tr = Traverser(self.item)
def testImplementsITraverser(self):
@@ -76,7 +78,7 @@
self.tr = Traverser(root)
def testNoTraversable(self):
- self.assertRaises(NotFoundError, self.tr.unrestrictedTraverse,
+ self.assertRaises(NotFoundError, self.tr.traverse,
'folder')
class UnrestrictedTraverseTests(CleanUp, unittest.TestCase):
@@ -96,51 +98,57 @@
tr = self.tr
item = self.item
- self.assertEquals(tr.unrestrictedTraverse('/folder/item'), item)
- self.assertEquals(tr.unrestrictedTraverse('folder/item'), item)
- self.assertEquals(tr.unrestrictedTraverse('/folder/item/'), item)
+ self.assertEquals(tr.traverse('/folder/item'), item)
+ self.assertEquals(tr.traverse('folder/item'), item)
+ self.assertEquals(tr.traverse('/folder/item/'), item)
def testSimplePathUnicode(self):
tr = self.tr
item = self.item
- self.assertEquals(tr.unrestrictedTraverse(u'/folder/item'), item)
- self.assertEquals(tr.unrestrictedTraverse(u'folder/item'), item)
- self.assertEquals(tr.unrestrictedTraverse(u'/folder/item/'), item)
+ self.assertEquals(tr.traverse(u'/folder/item'), item)
+ self.assertEquals(tr.traverse(u'folder/item'), item)
+ self.assertEquals(tr.traverse(u'/folder/item/'), item)
def testSimplePathTuple(self):
tr = self.tr
item = self.item
- self.assertEquals(tr.unrestrictedTraverse(('', 'folder', 'item')),
+ self.assertEquals(tr.traverse(('', 'folder', 'item')),
item)
- self.assertEquals(tr.unrestrictedTraverse(('folder', 'item')), item)
+ self.assertEquals(tr.traverse(('folder', 'item')), item)
def testComplexPathString(self):
tr = self.tr
item = self.item
- self.assertEquals(tr.unrestrictedTraverse('/folder/../folder/./item'),
+ self.assertEquals(tr.traverse('/folder/../folder/./item'),
item)
- self.assertEquals(tr.unrestrictedTraverse(
+ self.assertEquals(tr.traverse(
'/../folder/../../folder/item'), item)
- self.assertEquals(tr.unrestrictedTraverse('../../folder/item'), item)
+ self.assertEquals(tr.traverse('../../folder/item'), item)
def testNotFoundDefault(self):
- self.assertEquals(self.tr.unrestrictedTraverse('foo', 'notFound'),
+ self.assertEquals(self.tr.traverse('foo', 'notFound'),
'notFound')
def testNotFoundNoDefault(self):
- self.assertRaises(NotFoundError, self.tr.unrestrictedTraverse, 'foo')
+ self.assertRaises(NotFoundError, self.tr.traverse, 'foo')
+
+def Denied(*names):
+
+ def check(name):
+ if name in names:
+ return 'Waaaa'
+ return CheckerPublic
+
+ return Checker(check)
class RestrictedTraverseTests(CleanUp, unittest.TestCase):
_oldPolicy = None
_deniedNames = ()
def setUp(self):
- self._oldPolicy = setSecurityPolicy(
- NameBasedSecurityPolicy(self.denyNames))
-
provideAdapter(None, ITraversable, DefaultTraversable)
self.root = root = C('root')
@@ -150,52 +158,30 @@
root.folder = folder
folder.item = item
- self.tr = Traverser(root)
-
- def tearDown(self):
- noSecurityManager()
- setSecurityPolicy(self._oldPolicy)
- CleanUp.tearDown(self)
-
- def denyNames(self, name):
- if name in self._deniedNames:
- raise Unauthorized
+ self.tr = Traverser(ProxyFactory(root))
def testAllAllowed(self):
- tr = self.tr
+ defineChecker(C, Checker(lambda name: CheckerPublic))
+ tr = Traverser(ProxyFactory(self.root))
item = self.item
- self.assertEquals(tr.restrictedTraverse(('', 'folder', 'item')), item)
- self.assertEquals(tr.restrictedTraverse(('folder', 'item')), item)
+ self.assertEquals(tr.traverse(('', 'folder', 'item')), item)
+ self.assertEquals(tr.traverse(('folder', 'item')), item)
def testItemDenied(self):
- self._deniedNames = ('item',)
-
- tr = self.tr
+ newSecurityManager('no one')
+ defineChecker(C, Denied('item'))
+ tr = Traverser(ProxyFactory(self.root))
folder = self.folder
- self.assertRaises(Unauthorized, tr.restrictedTraverse,
+ self.assertRaises(Unauthorized, tr.traverse,
('', 'folder', 'item'))
- self.assertRaises(Unauthorized, tr.restrictedTraverse,
+ self.assertRaises(Unauthorized, tr.traverse,
('folder', 'item'))
- self.assertEquals(tr.restrictedTraverse(('', 'folder')), folder)
- self.assertEquals(tr.restrictedTraverse(('folder', '..', 'folder')),
+ self.assertEquals(tr.traverse(('', 'folder')), folder)
+ self.assertEquals(tr.traverse(('folder', '..', 'folder')),
folder)
- self.assertEquals(tr.restrictedTraverse(('folder',)), folder)
-
- def testNoneDenied(self):
- # If traversing up ('..') or to the root, None is passed as a name to
- # validate.
- self._deniedNames = (None,)
-
- tr = self.tr
- item = self.item
-
- self.assertRaises(Unauthorized, tr.restrictedTraverse,
- ('', 'folder'))
- self.assertRaises(Unauthorized, tr.restrictedTraverse,
- ('folder', '..', 'folder'))
- self.assertEquals(tr.restrictedTraverse(('folder', 'item')), item)
+ self.assertEquals(tr.traverse(('folder',)), folder)
class DefaultTraversableTests(CleanUp, unittest.TestCase):
def testImplementsITraversable(self):
=== Removed File Zope3/lib/python/Zope/App/Traversing/tests/testZopeWrapper.py ===