[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security/Grants/Views/Browser/tests - RolePermissionManager.py:1.2 testRolePermissionView.py:1.2
Florent Guillaume
fg@nuxeo.com
Mon, 24 Jun 2002 12:00:45 -0400
Update of /cvs-repository/Zope3/lib/python/Zope/App/Security/Grants/Views/Browser/tests
In directory cvs.zope.org:/tmp/cvs-serv11631/Views/Browser/tests
Modified Files:
RolePermissionManager.py testRolePermissionView.py
Log Message:
Update Role Permission UI to allow Unset/Allow/Deny.
Fix tests, including dummy RolePermissionManager.
Correct interface assertions.
=== Zope3/lib/python/Zope/App/Security/Grants/Views/Browser/tests/RolePermissionManager.py 1.1 => 1.2 ===
#
##############################################################################
-"""
-Test IRolePermissionManager class.
+"""Test IRolePermissionManager class that has no context.
$Id$
"""
+from Zope.ComponentArchitecture import getAdapter
from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
-from Zope.App.Security.Settings import Allow, Assign
+from Zope.App.Security.IRolePermissionMap import IRolePermissionMap
+from Zope.App.Security.Grants.LocalSecurityMap import LocalSecurityMap
+from Zope.App.Security.Settings import Allow, Deny, Unset
class RolePermissionManager:
+ """
+ provide adapter that manages role permission data in an object attribute
+ """
+
+ __implements__ = IRolePermissionManager, IRolePermissionMap
+
+ def __init__(self):
+ self._rp = LocalSecurityMap()
+
+ def grantPermissionToRole(self, permission_id, role_id):
+ ''' See the interface IRolePermissionManager '''
+ rp = self._getRolePermissions(create=1)
+ rp.addCell(permission_id, role_id, Allow)
+
+ def denyPermissionToRole(self, permission_id, role_id):
+ ''' See the interface IRolePermissionManager '''
+ rp = self._getRolePermissions(create=1)
+ rp.addCell(permission_id, role_id, Deny)
+
+ def unsetPermissionFromRole(self, permission_id, role_id):
+ ''' See the interface IRolePermissionManager '''
+ rp = self._getRolePermissions()
+ # Only unset if there is a security map, otherwise, we're done
+ if rp:
+ rp.delCell(permission_id, role_id)
- __implements__ = IRolePermissionManager
-
- def __init__(self, **rp):
- self._rp = rp
-
- # Implementation methods for interface
- # Zope.App.Security.IRolePermissionManager.
-
- def getRolesForPermission(self, permission):
+ def getRolesForPermission(self, permission_id):
'''See interface IRolePermissionMap'''
- r=[]
- for role, permissions in self._rp.items():
- if permission in permissions: r.append((role, Allow))
- return r
+ rp = self._getRolePermissions()
+ if rp:
+ return rp.getRow(permission_id)
+ else:
+ return []
- def getPermissionAcquired(self, permission):
+ def getPermissionsForRole(self, role_id):
'''See interface IRolePermissionMap'''
- return 1
+ rp = self._getRolePermissions()
+ if rp:
+ return rp.getCol(role_id)
+ else:
+ return []
- def getPermissionsForRole(self, role):
+ def getRolesAndPermissions(self):
'''See interface IRolePermissionMap'''
- return [(perm, Allow) for perm in self._rp[role]]
+ rp = self._getRolePermissions()
+ if rp:
+ return rp.getAllCells(role_id)
+ else:
+ return []
- def setPermissionAcquired(self, permission, flag):
- '''See interface IRolePermissionManager'''
- raise TypeError
-
- def unsetPermissionFromRole(self, permission, role):
- '''See interface IRolePermissionManager'''
- permissions = self._rp.get(role, ())
- if permission in permissions:
- permissions.remove(permission)
- if not permissions:
- # XXX: this del removed by Steve and Casey
- # in order to get the PermissionsForRole
- # view unit tests to work correctly.
- #
- # Why is this del here?
- #
- # It doesn't seem to break anything to remove
- # it, like this!
- #del self._rp[role]
- pass
-
-
- def grantPermissionToRole(self, permission, role):
- '''See interface IRolePermissionManager'''
- if role in self._rp:
- if permission not in self._rp[role]:
- self._rp[role].append(permission)
+ def getSetting(self, permission_id, role_id):
+ '''See interface IRolePermissionMap'''
+ rp = self._getRolePermissions()
+ if rp:
+ return rp.getCell(permission_id, role_id)
else:
- self._rp[role] = [permission]
+ return Unset
+
+ def _getRolePermissions(self, create=0):
+ """Get the role permission map stored in the context, optionally
+ creating one if necessary"""
+ return self._rp
+
=== Zope3/lib/python/Zope/App/Security/Grants/Views/Browser/tests/testRolePermissionView.py 1.1 => 1.2 ===
del titles[i]
- def testGrant(self):
+ def testGrantDenyUnset(self):
roles = self.view.roles()
permissions = self.view.permissions()
+ # manager member
+ # read +
+ # write . -
self.view.action({
'p0': 'read', 'p1': 'write',
'r0': 'manager', 'r1': 'member',
- 'p0r0': '1', 'p0r1': '1', 'p1r0': '1',
+ 'p0r0': 'Allow',
+ 'p1r0': 'Unset', 'p1r1': 'Deny',
},
testing=1)
permissionRoles = self.view.permissionRoles()
for ip in range(len(permissionRoles)):
permissionRole = permissionRoles[ip]
- rset = permissionRole.roles()
+ rset = permissionRole.roleSettings()
for ir in range(len(rset)):
setting = rset[ir]
- if setting is None:
- self.failIf(
- roles[ir].getId() == 'manager'
- or
- permissions[ip].getId() == 'read'
- )
+ r = roles[ir].getId()
+ p = permissions[ip].getId()
+ if setting == 'Allow':
+ self.failUnless(r == 'manager' and p == 'read')
+ elif setting == 'Deny':
+ self.failUnless(r == 'member' and p == 'write')
else:
- self.failUnless(
- roles[ir].getId() == 'manager'
- or
- permissions[ip].getId() == 'read'
- )
+ self.failUnless(setting == 'Unset')
+ # manager member
+ # read -
+ # write +
self.view.action({
'p0': 'read', 'p1': 'write',
'r0': 'manager', 'r1': 'member',
- 'p0r0': '1',
+ 'p0r0': 'Deny',
+ 'p1r0': 'Allow', 'p1r1': 'Unset'
},
testing=1)
permissionRoles = self.view.permissionRoles()
for ip in range(len(permissionRoles)):
permissionRole = permissionRoles[ip]
- rset = permissionRole.roles()
+ rset = permissionRole.roleSettings()
for ir in range(len(rset)):
setting = rset[ir]
- if setting is None:
- self.failIf(
- roles[ir].getId() == 'manager'
- and
- permissions[ip].getId() == 'read'
- )
+ r = roles[ir].getId()
+ p = permissions[ip].getId()
+ if setting == 'Allow':
+ self.failUnless(r == 'manager' and p == 'write')
+ elif setting == 'Deny':
+ self.failUnless(r == 'manager' and p == 'read')
else:
- self.failUnless(
- roles[ir].getId() == 'manager'
- and
- permissions[ip].getId() == 'read'
- )
-
+ self.failUnless(setting == 'Unset')
+
self.view.update_permission(REQUEST=None,
permission_id='write',
@@ -125,7 +125,7 @@
for r in permission.rolesInfo()
if r['checked']],
['member'])
-
+
self.view.update_permission(REQUEST=None,
permission_id='write',
# roles=[], roles attr omitted
@@ -138,7 +138,6 @@
if r['checked']],
[])
-
self.view.update_permission(REQUEST=None,
permission_id='write',
roles=['manager','member'],